Updates AWS Go SDK.

Needed as part of Go 1.8 transition; see https://aws.amazon.com/blogs/developer/aws-sdk-for-go-update-needed-for-go-1-8/.

vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go

@@ -61,6 +61,12 @@ func prettify(v reflect.Value, indent int, buf *bytes.Buffer) {
 
 		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")
 	case reflect.Slice:
+		strtype := v.Type().String()
+		if strtype == "[]uint8" {
+			fmt.Fprintf(buf, "<binary> len %d", v.Len())
+			break
+		}
+
 		nl, id, id2 := "", "", ""
 		if v.Len() > 3 {
 			nl, id, id2 = "\n", strings.Repeat(" ", indent), strings.Repeat(" ", indent+2)

vendor/github.com/aws/aws-sdk-go/aws/client/client.go

@@ -11,9 +11,11 @@ import (
 
 // A Config provides configuration to a service client instance.
 type Config struct {
-	Config                  *aws.Config
+	Config        *aws.Config
-	Handlers                request.Handlers
+	Handlers      request.Handlers
-	Endpoint, SigningRegion string
+	Endpoint      string
+	SigningRegion string
+	SigningName   string
 }
 
 // ConfigProvider provides a generic way for a service client to receive
@@ -22,6 +24,13 @@ type ConfigProvider interface {
 	ClientConfig(serviceName string, cfgs ...*aws.Config) Config
 }
 
+// ConfigNoResolveEndpointProvider same as ConfigProvider except it will not
+// resolve the endpoint automatically. The service client's endpoint must be
+// provided via the aws.Config.Endpoint field.
+type ConfigNoResolveEndpointProvider interface {
+	ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) Config
+}
+
 // A Client implements the base client request and response handling
 // used by all service clients.
 type Client struct {

vendor/github.com/aws/aws-sdk-go/aws/config.go

@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
 )
 
 // UseServiceDefaultRetries instructs the config to use the service's own
@@ -48,6 +49,10 @@ type Config struct {
 	//   endpoint for a client.
 	Endpoint *string
 
+	// The resolver to use for looking up endpoints for AWS service clients
+	// to use based on region.
+	EndpointResolver endpoints.Resolver
+
 	// The region to send requests to. This parameter is required and must
 	// be configured globally or on a per-client basis unless otherwise
 	// noted. A full list of regions is found in the "Regions and Endpoints"
@@ -182,6 +187,19 @@ type Config struct {
 	// the delay of a request see the aws/client.DefaultRetryer and
 	// aws/request.Retryer.
 	SleepDelay func(time.Duration)
+
+	// DisableRestProtocolURICleaning will not clean the URL path when making rest protocol requests.
+	// Will default to false. This would only be used for empty directory names in s3 requests.
+	//
+	// Example:
+	//    sess, err := session.NewSession(&aws.Config{DisableRestProtocolURICleaning: aws.Bool(true))
+	//
+	//    svc := s3.New(sess)
+	//    out, err := svc.GetObject(&s3.GetObjectInput {
+	//    	Bucket: aws.String("bucketname"),
+	//    	Key: aws.String("//foo//bar//moo"),
+	//    })
+	DisableRestProtocolURICleaning *bool
 }
 
 // NewConfig returns a new Config pointer that can be chained with builder
@@ -222,6 +240,13 @@ func (c *Config) WithEndpoint(endpoint string) *Config {
 	return c
 }
 
+// WithEndpointResolver sets a config EndpointResolver value returning a
+// Config pointer for chaining.
+func (c *Config) WithEndpointResolver(resolver endpoints.Resolver) *Config {
+	c.EndpointResolver = resolver
+	return c
+}
+
 // WithRegion sets a config Region value returning a Config pointer for
 // chaining.
 func (c *Config) WithRegion(region string) *Config {
@@ -344,6 +369,10 @@ func mergeInConfig(dst *Config, other *Config) {
 		dst.Endpoint = other.Endpoint
 	}
 
+	if other.EndpointResolver != nil {
+		dst.EndpointResolver = other.EndpointResolver
+	}
+
 	if other.Region != nil {
 		dst.Region = other.Region
 	}
@@ -403,6 +432,10 @@ func mergeInConfig(dst *Config, other *Config) {
 	if other.SleepDelay != nil {
 		dst.SleepDelay = other.SleepDelay
 	}
+
+	if other.DisableRestProtocolURICleaning != nil {
+		dst.DisableRestProtocolURICleaning = other.DisableRestProtocolURICleaning
+	}
 }
 
 // Copy will return a shallow copy of the Config object. If any additional

vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go

@@ -71,7 +71,7 @@ var reStatusCode = regexp.MustCompile(`^(\d{3})`)
 
 // ValidateReqSigHandler is a request handler to ensure that the request's
 // signature doesn't expire before it is sent. This can happen when a request
-// is built and signed signficantly before it is sent. Or signficant delays
+// is built and signed signficantly before it is sent. Or significant delays
 // occur whne retrying requests that would cause the signature to expire.
 var ValidateReqSigHandler = request.NamedHandler{
 	Name: "core.ValidateReqSigHandler",

vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go

@@ -111,7 +111,7 @@ func (m *EC2RoleProvider) Retrieve() (credentials.Value, error) {
 	}, nil
 }
 
-// A ec2RoleCredRespBody provides the shape for unmarshalling credential
+// A ec2RoleCredRespBody provides the shape for unmarshaling credential
 // request responses.
 type ec2RoleCredRespBody struct {
 	// Success State

vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go

@@ -19,8 +19,8 @@ import (
 	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
 	"github.com/aws/aws-sdk-go/aws/credentials/endpointcreds"
 	"github.com/aws/aws-sdk-go/aws/ec2metadata"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/endpoints"
 )
 
 // A Defaults provides a collection of default values for SDK clients.
@@ -56,7 +56,8 @@ func Config() *aws.Config {
 		WithMaxRetries(aws.UseServiceDefaultRetries).
 		WithLogger(aws.NewDefaultLogger()).
 		WithLogLevel(aws.LogOff).
-		WithSleepDelay(time.Sleep)
+		WithSleepDelay(time.Sleep).
+		WithEndpointResolver(endpoints.DefaultResolver())
 }
 
 // Handlers returns the default request handlers.
@@ -120,11 +121,14 @@ func ecsCredProvider(cfg aws.Config, handlers request.Handlers, uri string) cred
 }
 
 func ec2RoleProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
-	endpoint, signingRegion := endpoints.EndpointForRegion(ec2metadata.ServiceName,
+	resolver := cfg.EndpointResolver
-		aws.StringValue(cfg.Region), true, false)
+	if resolver == nil {
+		resolver = endpoints.DefaultResolver()
+	}
 
+	e, _ := resolver.EndpointFor(endpoints.Ec2metadataServiceID, "")
 	return &ec2rolecreds.EC2RoleProvider{
-		Client:       ec2metadata.NewClient(cfg, handlers, endpoint, signingRegion),
+		Client:       ec2metadata.NewClient(cfg, handlers, e.URL, e.SigningRegion),
 		ExpiryWindow: 5 * time.Minute,
 	}
 }

vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go

@@ -133,7 +133,7 @@ func (c *EC2Metadata) Available() bool {
 	return true
 }
 
-// An EC2IAMInfo provides the shape for unmarshalling
+// An EC2IAMInfo provides the shape for unmarshaling
 // an IAM info from the metadata API
 type EC2IAMInfo struct {
 	Code               string
@@ -142,7 +142,7 @@ type EC2IAMInfo struct {
 	InstanceProfileID  string
 }
 
-// An EC2InstanceIdentityDocument provides the shape for unmarshalling
+// An EC2InstanceIdentityDocument provides the shape for unmarshaling
 // an instance identity document
 type EC2InstanceIdentityDocument struct {
 	DevpayProductCodes []string  `json:"devpayProductCodes"`

vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go

@@ -0,0 +1,133 @@
+package endpoints
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+type modelDefinition map[string]json.RawMessage
+
+// A DecodeModelOptions are the options for how the endpoints model definition
+// are decoded.
+type DecodeModelOptions struct {
+	SkipCustomizations bool
+}
+
+// Set combines all of the option functions together.
+func (d *DecodeModelOptions) Set(optFns ...func(*DecodeModelOptions)) {
+	for _, fn := range optFns {
+		fn(d)
+	}
+}
+
+// DecodeModel unmarshals a Regions and Endpoint model definition file into
+// a endpoint Resolver. If the file format is not supported, or an error occurs
+// when unmarshaling the model an error will be returned.
+//
+// Casting the return value of this func to a EnumPartitions will
+// allow you to get a list of the partitions in the order the endpoints
+// will be resolved in.
+//
+//    resolver, err := endpoints.DecodeModel(reader)
+//
+//    partitions := resolver.(endpoints.EnumPartitions).Partitions()
+//    for _, p := range partitions {
+//        // ... inspect partitions
+//    }
+func DecodeModel(r io.Reader, optFns ...func(*DecodeModelOptions)) (Resolver, error) {
+	var opts DecodeModelOptions
+	opts.Set(optFns...)
+
+	// Get the version of the partition file to determine what
+	// unmarshaling model to use.
+	modelDef := modelDefinition{}
+	if err := json.NewDecoder(r).Decode(&modelDef); err != nil {
+		return nil, newDecodeModelError("failed to decode endpoints model", err)
+	}
+
+	var version string
+	if b, ok := modelDef["version"]; ok {
+		version = string(b)
+	} else {
+		return nil, newDecodeModelError("endpoints version not found in model", nil)
+	}
+
+	if version == "3" {
+		return decodeV3Endpoints(modelDef, opts)
+	}
+
+	return nil, newDecodeModelError(
+		fmt.Sprintf("endpoints version %s, not supported", version), nil)
+}
+
+func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resolver, error) {
+	b, ok := modelDef["partitions"]
+	if !ok {
+		return nil, newDecodeModelError("endpoints model missing partitions", nil)
+	}
+
+	ps := partitions{}
+	if err := json.Unmarshal(b, &ps); err != nil {
+		return nil, newDecodeModelError("failed to decode endpoints model", err)
+	}
+
+	if opts.SkipCustomizations {
+		return ps, nil
+	}
+
+	// Customization
+	for i := 0; i < len(ps); i++ {
+		p := &ps[i]
+		custAddEC2Metadata(p)
+		custAddS3DualStack(p)
+		custRmIotDataService(p)
+	}
+
+	return ps, nil
+}
+
+func custAddS3DualStack(p *partition) {
+	if p.ID != "aws" {
+		return
+	}
+
+	s, ok := p.Services["s3"]
+	if !ok {
+		return
+	}
+
+	s.Defaults.HasDualStack = boxedTrue
+	s.Defaults.DualStackHostname = "{service}.dualstack.{region}.{dnsSuffix}"
+
+	p.Services["s3"] = s
+}
+
+func custAddEC2Metadata(p *partition) {
+	p.Services["ec2metadata"] = service{
+		IsRegionalized:    boxedFalse,
+		PartitionEndpoint: "aws-global",
+		Endpoints: endpoints{
+			"aws-global": endpoint{
+				Hostname:  "169.254.169.254/latest",
+				Protocols: []string{"http"},
+			},
+		},
+	}
+}
+
+func custRmIotDataService(p *partition) {
+	delete(p.Services, "data.iot")
+}
+
+type decodeModelError struct {
+	awsError
+}
+
+func newDecodeModelError(msg string, err error) decodeModelError {
+	return decodeModelError{
+		awsError: awserr.New("DecodeEndpointsModelError", msg, err),
+	}
+}

vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go

@@ -0,0 +1,66 @@
+// Package endpoints provides the types and functionality for defining regions
+// and endpoints, as well as querying those definitions.
+//
+// The SDK's Regions and Endpoints metadata is code generated into the endpoints
+// package, and is accessible via the DefaultResolver function. This function
+// returns a endpoint Resolver will search the metadata and build an associated
+// endpoint if one is found. The default resolver will search all partitions
+// known by the SDK. e.g AWS Standard (aws), AWS China (aws-cn), and
+// AWS GovCloud (US) (aws-us-gov).
+// .
+//
+// Enumerating Regions and Endpoint Metadata
+//
+// Casting the Resolver returned by DefaultResolver to a EnumPartitions interface
+// will allow you to get access to the list of underlying Partitions with the
+// Partitions method. This is helpful if you want to limit the SDK's endpoint
+// resolving to a single partition, or enumerate regions, services, and endpoints
+// in the partition.
+//
+//     resolver := endpoints.DefaultResolver()
+//     partitions := resolver.(endpoints.EnumPartitions).Partitions()
+//
+//     for _, p := range partitions {
+//         fmt.Println("Regions for", p.Name)
+//         for id, _ := range p.Regions() {
+//             fmt.Println("*", id)
+//         }
+//
+//         fmt.Println("Services for", p.Name)
+//         for id, _ := range p.Services() {
+//             fmt.Println("*", id)
+//         }
+//     }
+//
+// Using Custom Endpoints
+//
+// The endpoints package also gives you the ability to use your own logic how
+// endpoints are resolved. This is a great way to define a custom endpoint
+// for select services, without passing that logic down through your code.
+//
+// If a type implements the Resolver interface it can be used to resolve
+// endpoints. To use this with the SDK's Session and Config set the value
+// of the type to the EndpointsResolver field of aws.Config when initializing
+// the session, or service client.
+//
+// In addition the ResolverFunc is a wrapper for a func matching the signature
+// of Resolver.EndpointFor, converting it to a type that satisfies the
+// Resolver interface.
+//
+//
+//     myCustomResolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) {
+//         if service == endpoints.S3ServiceID {
+//             return endpoints.ResolvedEndpoint{
+//                 URL:           "s3.custom.endpoint.com",
+//                 SigningRegion: "custom-signing-region",
+//             }, nil
+//         }
+//
+//         return endpoints.DefaultResolver().EndpointFor(service, region, optFns...)
+//     }
+//
+//     sess := session.Must(session.NewSession(&aws.Config{
+//         Region:           aws.String("us-west-2"),
+//         EndpointResolver: endpoints.ResolverFunc(myCustomResolver),
+//     }))
+package endpoints

vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go

@@ -0,0 +1,397 @@
+package endpoints
+
+import (
+	"fmt"
+	"regexp"
+
+	"github.com/aws/aws-sdk-go/aws/awserr"
+)
+
+// Options provide the configuration needed to direct how the
+// endpoints will be resolved.
+type Options struct {
+	// DisableSSL forces the endpoint to be resolved as HTTP.
+	// instead of HTTPS if the service supports it.
+	DisableSSL bool
+
+	// Sets the resolver to resolve the endpoint as a dualstack endpoint
+	// for the service. If dualstack support for a service is not known and
+	// StrictMatching is not enabled a dualstack endpoint for the service will
+	// be returned. This endpoint may not be valid. If StrictMatching is
+	// enabled only services that are known to support dualstack will return
+	// dualstack endpoints.
+	UseDualStack bool
+
+	// Enables strict matching of services and regions resolved endpoints.
+	// If the partition doesn't enumerate the exact service and region an
+	// error will be returned. This option will prevent returning endpoints
+	// that look valid, but may not resolve to any real endpoint.
+	StrictMatching bool
+
+	// Enables resolving a service endpoint based on the region provided if the
+	// service does not exist. The service endpoint ID will be used as the service
+	// domain name prefix. By default the endpoint resolver requires the service
+	// to be known when resolving endpoints.
+	//
+	// If resolving an endpoint on the partition list the provided region will
+	// be used to determine which partition's domain name pattern to the service
+	// endpoint ID with. If both the service and region are unkonwn and resolving
+	// the endpoint on partition list an UnknownEndpointError error will be returned.
+	//
+	// If resolving and endpoint on a partition specific resolver that partition's
+	// domain name pattern will be used with the service endpoint ID. If both
+	// region and service do not exist when resolving an endpoint on a specific
+	// partition the partition's domain pattern will be used to combine the
+	// endpoint and region together.
+	//
+	// This option is ignored if StrictMatching is enabled.
+	ResolveUnknownService bool
+}
+
+// Set combines all of the option functions together.
+func (o *Options) Set(optFns ...func(*Options)) {
+	for _, fn := range optFns {
+		fn(o)
+	}
+}
+
+// DisableSSLOption sets the DisableSSL options. Can be used as a functional
+// option when resolving endpoints.
+func DisableSSLOption(o *Options) {
+	o.DisableSSL = true
+}
+
+// UseDualStackOption sets the UseDualStack option. Can be used as a functional
+// option when resolving endpoints.
+func UseDualStackOption(o *Options) {
+	o.UseDualStack = true
+}
+
+// StrictMatchingOption sets the StrictMatching option. Can be used as a functional
+// option when resolving endpoints.
+func StrictMatchingOption(o *Options) {
+	o.StrictMatching = true
+}
+
+// ResolveUnknownServiceOption sets the ResolveUnknownService option. Can be used
+// as a functional option when resolving endpoints.
+func ResolveUnknownServiceOption(o *Options) {
+	o.ResolveUnknownService = true
+}
+
+// A Resolver provides the interface for functionality to resolve endpoints.
+// The build in Partition and DefaultResolver return value satisfy this interface.
+type Resolver interface {
+	EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error)
+}
+
+// ResolverFunc is a helper utility that wraps a function so it satisfies the
+// Resolver interface. This is useful when you want to add additional endpoint
+// resolving logic, or stub out specific endpoints with custom values.
+type ResolverFunc func(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error)
+
+// EndpointFor wraps the ResolverFunc function to satisfy the Resolver interface.
+func (fn ResolverFunc) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+	return fn(service, region, opts...)
+}
+
+var schemeRE = regexp.MustCompile("^([^:]+)://")
+
+// AddScheme adds the HTTP or HTTPS schemes to a endpoint URL if there is no
+// scheme. If disableSSL is true HTTP will set HTTP instead of the default HTTPS.
+//
+// If disableSSL is set, it will only set the URL's scheme if the URL does not
+// contain a scheme.
+func AddScheme(endpoint string, disableSSL bool) string {
+	if !schemeRE.MatchString(endpoint) {
+		scheme := "https"
+		if disableSSL {
+			scheme = "http"
+		}
+		endpoint = fmt.Sprintf("%s://%s", scheme, endpoint)
+	}
+
+	return endpoint
+}
+
+// EnumPartitions a provides a way to retrieve the underlying partitions that
+// make up the SDK's default Resolver, or any resolver decoded from a model
+// file.
+//
+// Use this interface with DefaultResolver and DecodeModels to get the list of
+// Partitions.
+type EnumPartitions interface {
+	Partitions() []Partition
+}
+
+// A Partition provides the ability to enumerate the partition's regions
+// and services.
+type Partition struct {
+	id string
+	p  *partition
+}
+
+// ID returns the identifier of the partition.
+func (p *Partition) ID() string { return p.id }
+
+// EndpointFor attempts to resolve the endpoint based on service and region.
+// See Options for information on configuring how the endpoint is resolved.
+//
+// If the service cannot be found in the metadata the UnknownServiceError
+// error will be returned. This validation will occur regardless if
+// StrictMatching is enabled. To enable resolving unknown services set the
+// "ResolveUnknownService" option to true. When StrictMatching is disabled
+// this option allows the partition resolver to resolve a endpoint based on
+// the service endpoint ID provided.
+//
+// When resolving endpoints you can choose to enable StrictMatching. This will
+// require the provided service and region to be known by the partition.
+// If the endpoint cannot be strictly resolved an error will be returned. This
+// mode is useful to ensure the endpoint resolved is valid. Without
+// StrictMatching enabled the endpoint returned my look valid but may not work.
+// StrictMatching requires the SDK to be updated if you want to take advantage
+// of new regions and services expansions.
+//
+// Errors that can be returned.
+//   * UnknownServiceError
+//   * UnknownEndpointError
+func (p *Partition) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+	return p.p.EndpointFor(service, region, opts...)
+}
+
+// Regions returns a map of Regions indexed by their ID. This is useful for
+// enumerating over the regions in a partition.
+func (p *Partition) Regions() map[string]Region {
+	rs := map[string]Region{}
+	for id := range p.p.Regions {
+		rs[id] = Region{
+			id: id,
+			p:  p.p,
+		}
+	}
+
+	return rs
+}
+
+// Services returns a map of Service indexed by their ID. This is useful for
+// enumerating over the services in a partition.
+func (p *Partition) Services() map[string]Service {
+	ss := map[string]Service{}
+	for id := range p.p.Services {
+		ss[id] = Service{
+			id: id,
+			p:  p.p,
+		}
+	}
+
+	return ss
+}
+
+// A Region provides information about a region, and ability to resolve an
+// endpoint from the context of a region, given a service.
+type Region struct {
+	id, desc string
+	p        *partition
+}
+
+// ID returns the region's identifier.
+func (r *Region) ID() string { return r.id }
+
+// ResolveEndpoint resolves an endpoint from the context of the region given
+// a service. See Partition.EndpointFor for usage and errors that can be returned.
+func (r *Region) ResolveEndpoint(service string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+	return r.p.EndpointFor(service, r.id, opts...)
+}
+
+// Services returns a list of all services that are known to be in this region.
+func (r *Region) Services() map[string]Service {
+	ss := map[string]Service{}
+	for id, s := range r.p.Services {
+		if _, ok := s.Endpoints[r.id]; ok {
+			ss[id] = Service{
+				id: id,
+				p:  r.p,
+			}
+		}
+	}
+
+	return ss
+}
+
+// A Service provides information about a service, and ability to resolve an
+// endpoint from the context of a service, given a region.
+type Service struct {
+	id string
+	p  *partition
+}
+
+// ID returns the identifier for the service.
+func (s *Service) ID() string { return s.id }
+
+// ResolveEndpoint resolves an endpoint from the context of a service given
+// a region. See Partition.EndpointFor for usage and errors that can be returned.
+func (s *Service) ResolveEndpoint(region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+	return s.p.EndpointFor(s.id, region, opts...)
+}
+
+// Endpoints returns a map of Endpoints indexed by their ID for all known
+// endpoints for a service.
+func (s *Service) Endpoints() map[string]Endpoint {
+	es := map[string]Endpoint{}
+	for id := range s.p.Services[s.id].Endpoints {
+		es[id] = Endpoint{
+			id:        id,
+			serviceID: s.id,
+			p:         s.p,
+		}
+	}
+
+	return es
+}
+
+// A Endpoint provides information about endpoints, and provides the ability
+// to resolve that endpoint for the service, and the region the endpoint
+// represents.
+type Endpoint struct {
+	id        string
+	serviceID string
+	p         *partition
+}
+
+// ID returns the identifier for an endpoint.
+func (e *Endpoint) ID() string { return e.id }
+
+// ServiceID returns the identifier the endpoint belongs to.
+func (e *Endpoint) ServiceID() string { return e.serviceID }
+
+// ResolveEndpoint resolves an endpoint from the context of a service and
+// region the endpoint represents. See Partition.EndpointFor for usage and
+// errors that can be returned.
+func (e *Endpoint) ResolveEndpoint(opts ...func(*Options)) (ResolvedEndpoint, error) {
+	return e.p.EndpointFor(e.serviceID, e.id, opts...)
+}
+
+// A ResolvedEndpoint is an endpoint that has been resolved based on a partition
+// service, and region.
+type ResolvedEndpoint struct {
+	// The endpoint URL
+	URL string
+
+	// The region that should be used for signing requests.
+	SigningRegion string
+
+	// The service name that should be used for signing requests.
+	SigningName string
+
+	// The signing method that should be used for signing requests.
+	SigningMethod string
+}
+
+// So that the Error interface type can be included as an anonymous field
+// in the requestError struct and not conflict with the error.Error() method.
+type awsError awserr.Error
+
+// A EndpointNotFoundError is returned when in StrictMatching mode, and the
+// endpoint for the service and region cannot be found in any of the partitions.
+type EndpointNotFoundError struct {
+	awsError
+	Partition string
+	Service   string
+	Region    string
+}
+
+//// NewEndpointNotFoundError builds and returns NewEndpointNotFoundError.
+//func NewEndpointNotFoundError(p, s, r string) EndpointNotFoundError {
+//	return EndpointNotFoundError{
+//		awsError:  awserr.New("EndpointNotFoundError", "unable to find endpoint", nil),
+//		Partition: p,
+//		Service:   s,
+//		Region:    r,
+//	}
+//}
+//
+//// Error returns string representation of the error.
+//func (e EndpointNotFoundError) Error() string {
+//	extra := fmt.Sprintf("partition: %q, service: %q, region: %q",
+//		e.Partition, e.Service, e.Region)
+//	return awserr.SprintError(e.Code(), e.Message(), extra, e.OrigErr())
+//}
+//
+//// String returns the string representation of the error.
+//func (e EndpointNotFoundError) String() string {
+//	return e.Error()
+//}
+
+// A UnknownServiceError is returned when the service does not resolve to an
+// endpoint. Includes a list of all known services for the partition. Returned
+// when a partition does not support the service.
+type UnknownServiceError struct {
+	awsError
+	Partition string
+	Service   string
+	Known     []string
+}
+
+// NewUnknownServiceError builds and returns UnknownServiceError.
+func NewUnknownServiceError(p, s string, known []string) UnknownServiceError {
+	return UnknownServiceError{
+		awsError: awserr.New("UnknownServiceError",
+			"could not resolve endpoint for unknown service", nil),
+		Partition: p,
+		Service:   s,
+		Known:     known,
+	}
+}
+
+// String returns the string representation of the error.
+func (e UnknownServiceError) Error() string {
+	extra := fmt.Sprintf("partition: %q, service: %q",
+		e.Partition, e.Service)
+	if len(e.Known) > 0 {
+		extra += fmt.Sprintf(", known: %v", e.Known)
+	}
+	return awserr.SprintError(e.Code(), e.Message(), extra, e.OrigErr())
+}
+
+// String returns the string representation of the error.
+func (e UnknownServiceError) String() string {
+	return e.Error()
+}
+
+// A UnknownEndpointError is returned when in StrictMatching mode and the
+// service is valid, but the region does not resolve to an endpoint. Includes
+// a list of all known endpoints for the service.
+type UnknownEndpointError struct {
+	awsError
+	Partition string
+	Service   string
+	Region    string
+	Known     []string
+}
+
+// NewUnknownEndpointError builds and returns UnknownEndpointError.
+func NewUnknownEndpointError(p, s, r string, known []string) UnknownEndpointError {
+	return UnknownEndpointError{
+		awsError: awserr.New("UnknownEndpointError",
+			"could not resolve endpoint", nil),
+		Partition: p,
+		Service:   s,
+		Region:    r,
+		Known:     known,
+	}
+}
+
+// String returns the string representation of the error.
+func (e UnknownEndpointError) Error() string {
+	extra := fmt.Sprintf("partition: %q, service: %q, region: %q",
+		e.Partition, e.Service, e.Region)
+	if len(e.Known) > 0 {
+		extra += fmt.Sprintf(", known: %v", e.Known)
+	}
+	return awserr.SprintError(e.Code(), e.Message(), extra, e.OrigErr())
+}
+
+// String returns the string representation of the error.
+func (e UnknownEndpointError) String() string {
+	return e.Error()
+}

vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go

@@ -0,0 +1,303 @@
+package endpoints
+
+import (
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
+type partitions []partition
+
+func (ps partitions) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
+	var opt Options
+	opt.Set(opts...)
+
+	for i := 0; i < len(ps); i++ {
+		if !ps[i].canResolveEndpoint(service, region, opt.StrictMatching) {
+			continue
+		}
+
+		return ps[i].EndpointFor(service, region, opts...)
+	}
+
+	// If loose matching fallback to first partition format to use
+	// when resolving the endpoint.
+	if !opt.StrictMatching && len(ps) > 0 {
+		return ps[0].EndpointFor(service, region, opts...)
+	}
+
+	return ResolvedEndpoint{}, NewUnknownEndpointError("all partitions", service, region, []string{})
+}
+
+// Partitions satisfies the EnumPartitions interface and returns a list
+// of Partitions representing each partition represented in the SDK's
+// endpoints model.
+func (ps partitions) Partitions() []Partition {
+	parts := make([]Partition, 0, len(ps))
+	for i := 0; i < len(ps); i++ {
+		parts = append(parts, ps[i].Partition())
+	}
+
+	return parts
+}
+
+type partition struct {
+	ID          string      `json:"partition"`
+	Name        string      `json:"partitionName"`
+	DNSSuffix   string      `json:"dnsSuffix"`
+	RegionRegex regionRegex `json:"regionRegex"`
+	Defaults    endpoint    `json:"defaults"`
+	Regions     regions     `json:"regions"`
+	Services    services    `json:"services"`
+}
+
+func (p partition) Partition() Partition {
+	return Partition{
+		id: p.ID,
+		p:  &p,
+	}
+}
+
+func (p partition) canResolveEndpoint(service, region string, strictMatch bool) bool {
+	s, hasService := p.Services[service]
+	_, hasEndpoint := s.Endpoints[region]
+
+	if hasEndpoint && hasService {
+		return true
+	}
+
+	if strictMatch {
+		return false
+	}
+
+	return p.RegionRegex.MatchString(region)
+}
+
+func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (resolved ResolvedEndpoint, err error) {
+	var opt Options
+	opt.Set(opts...)
+
+	s, hasService := p.Services[service]
+	if !(hasService || opt.ResolveUnknownService) {
+		// Only return error if the resolver will not fallback to creating
+		// endpoint based on service endpoint ID passed in.
+		return resolved, NewUnknownServiceError(p.ID, service, serviceList(p.Services))
+	}
+
+	e, hasEndpoint := s.endpointForRegion(region)
+	if !hasEndpoint && opt.StrictMatching {
+		return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(s.Endpoints))
+	}
+
+	defs := []endpoint{p.Defaults, s.Defaults}
+	return e.resolve(service, region, p.DNSSuffix, defs, opt), nil
+}
+
+func serviceList(ss services) []string {
+	list := make([]string, 0, len(ss))
+	for k := range ss {
+		list = append(list, k)
+	}
+	return list
+}
+func endpointList(es endpoints) []string {
+	list := make([]string, 0, len(es))
+	for k := range es {
+		list = append(list, k)
+	}
+	return list
+}
+
+type regionRegex struct {
+	*regexp.Regexp
+}
+
+func (rr *regionRegex) UnmarshalJSON(b []byte) (err error) {
+	// Strip leading and trailing quotes
+	regex, err := strconv.Unquote(string(b))
+	if err != nil {
+		return fmt.Errorf("unable to strip quotes from regex, %v", err)
+	}
+
+	rr.Regexp, err = regexp.Compile(regex)
+	if err != nil {
+		return fmt.Errorf("unable to unmarshal region regex, %v", err)
+	}
+	return nil
+}
+
+type regions map[string]region
+
+type region struct {
+	Description string `json:"description"`
+}
+
+type services map[string]service
+
+type service struct {
+	PartitionEndpoint string    `json:"partitionEndpoint"`
+	IsRegionalized    boxedBool `json:"isRegionalized,omitempty"`
+	Defaults          endpoint  `json:"defaults"`
+	Endpoints         endpoints `json:"endpoints"`
+}
+
+func (s *service) endpointForRegion(region string) (endpoint, bool) {
+	if s.IsRegionalized == boxedFalse {
+		return s.Endpoints[s.PartitionEndpoint], region == s.PartitionEndpoint
+	}
+
+	if e, ok := s.Endpoints[region]; ok {
+		return e, true
+	}
+
+	// Unable to find any matching endpoint, return
+	// blank that will be used for generic endpoint creation.
+	return endpoint{}, false
+}
+
+type endpoints map[string]endpoint
+
+type endpoint struct {
+	Hostname        string          `json:"hostname"`
+	Protocols       []string        `json:"protocols"`
+	CredentialScope credentialScope `json:"credentialScope"`
+
+	// Custom fields not modeled
+	HasDualStack      boxedBool `json:"-"`
+	DualStackHostname string    `json:"-"`
+
+	// Signature Version not used
+	SignatureVersions []string `json:"signatureVersions"`
+
+	// SSLCommonName not used.
+	SSLCommonName string `json:"sslCommonName"`
+}
+
+const (
+	defaultProtocol = "https"
+	defaultSigner   = "v4"
+)
+
+var (
+	protocolPriority = []string{"https", "http"}
+	signerPriority   = []string{"v4", "v2"}
+)
+
+func getByPriority(s []string, p []string, def string) string {
+	if len(s) == 0 {
+		return def
+	}
+
+	for i := 0; i < len(p); i++ {
+		for j := 0; j < len(s); j++ {
+			if s[j] == p[i] {
+				return s[j]
+			}
+		}
+	}
+
+	return s[0]
+}
+
+func (e endpoint) resolve(service, region, dnsSuffix string, defs []endpoint, opts Options) ResolvedEndpoint {
+	var merged endpoint
+	for _, def := range defs {
+		merged.mergeIn(def)
+	}
+	merged.mergeIn(e)
+	e = merged
+
+	hostname := e.Hostname
+
+	// Offset the hostname for dualstack if enabled
+	if opts.UseDualStack && e.HasDualStack == boxedTrue {
+		hostname = e.DualStackHostname
+	}
+
+	u := strings.Replace(hostname, "{service}", service, 1)
+	u = strings.Replace(u, "{region}", region, 1)
+	u = strings.Replace(u, "{dnsSuffix}", dnsSuffix, 1)
+
+	scheme := getEndpointScheme(e.Protocols, opts.DisableSSL)
+	u = fmt.Sprintf("%s://%s", scheme, u)
+
+	signingRegion := e.CredentialScope.Region
+	if len(signingRegion) == 0 {
+		signingRegion = region
+	}
+	signingName := e.CredentialScope.Service
+	if len(signingName) == 0 {
+		signingName = service
+	}
+
+	return ResolvedEndpoint{
+		URL:           u,
+		SigningRegion: signingRegion,
+		SigningName:   signingName,
+		SigningMethod: getByPriority(e.SignatureVersions, signerPriority, defaultSigner),
+	}
+}
+
+func getEndpointScheme(protocols []string, disableSSL bool) string {
+	if disableSSL {
+		return "http"
+	}
+
+	return getByPriority(protocols, protocolPriority, defaultProtocol)
+}
+
+func (e *endpoint) mergeIn(other endpoint) {
+	if len(other.Hostname) > 0 {
+		e.Hostname = other.Hostname
+	}
+	if len(other.Protocols) > 0 {
+		e.Protocols = other.Protocols
+	}
+	if len(other.SignatureVersions) > 0 {
+		e.SignatureVersions = other.SignatureVersions
+	}
+	if len(other.CredentialScope.Region) > 0 {
+		e.CredentialScope.Region = other.CredentialScope.Region
+	}
+	if len(other.CredentialScope.Service) > 0 {
+		e.CredentialScope.Service = other.CredentialScope.Service
+	}
+	if len(other.SSLCommonName) > 0 {
+		e.SSLCommonName = other.SSLCommonName
+	}
+	if other.HasDualStack != boxedBoolUnset {
+		e.HasDualStack = other.HasDualStack
+	}
+	if len(other.DualStackHostname) > 0 {
+		e.DualStackHostname = other.DualStackHostname
+	}
+}
+
+type credentialScope struct {
+	Region  string `json:"region"`
+	Service string `json:"service"`
+}
+
+type boxedBool int
+
+func (b *boxedBool) UnmarshalJSON(buf []byte) error {
+	v, err := strconv.ParseBool(string(buf))
+	if err != nil {
+		return err
+	}
+
+	if v {
+		*b = boxedTrue
+	} else {
+		*b = boxedFalse
+	}
+
+	return nil
+}
+
+const (
+	boxedBoolUnset boxedBool = iota
+	boxedFalse
+	boxedTrue
+)

vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go

@@ -0,0 +1,334 @@
+// +build codegen
+
+package endpoints
+
+import (
+	"fmt"
+	"io"
+	"reflect"
+	"strings"
+	"text/template"
+	"unicode"
+)
+
+// A CodeGenOptions are the options for code generating the endpoints into
+// Go code from the endpoints model definition.
+type CodeGenOptions struct {
+	// Options for how the model will be decoded.
+	DecodeModelOptions DecodeModelOptions
+}
+
+// Set combines all of the option functions together
+func (d *CodeGenOptions) Set(optFns ...func(*CodeGenOptions)) {
+	for _, fn := range optFns {
+		fn(d)
+	}
+}
+
+// CodeGenModel given a endpoints model file will decode it and attempt to
+// generate Go code from the model definition. Error will be returned if
+// the code is unable to be generated, or decoded.
+func CodeGenModel(modelFile io.Reader, outFile io.Writer, optFns ...func(*CodeGenOptions)) error {
+	var opts CodeGenOptions
+	opts.Set(optFns...)
+
+	resolver, err := DecodeModel(modelFile, func(d *DecodeModelOptions) {
+		*d = opts.DecodeModelOptions
+	})
+	if err != nil {
+		return err
+	}
+
+	tmpl := template.Must(template.New("tmpl").Funcs(funcMap).Parse(v3Tmpl))
+	if err := tmpl.ExecuteTemplate(outFile, "defaults", resolver); err != nil {
+		return fmt.Errorf("failed to execute template, %v", err)
+	}
+
+	return nil
+}
+
+func toSymbol(v string) string {
+	out := []rune{}
+	for _, c := range strings.Title(v) {
+		if !(unicode.IsNumber(c) || unicode.IsLetter(c)) {
+			continue
+		}
+
+		out = append(out, c)
+	}
+
+	return string(out)
+}
+
+func quoteString(v string) string {
+	return fmt.Sprintf("%q", v)
+}
+
+func regionConstName(p, r string) string {
+	return toSymbol(p) + toSymbol(r)
+}
+
+func partitionGetter(id string) string {
+	return fmt.Sprintf("%sPartition", toSymbol(id))
+}
+
+func partitionVarName(id string) string {
+	return fmt.Sprintf("%sPartition", strings.ToLower(toSymbol(id)))
+}
+
+func listPartitionNames(ps partitions) string {
+	names := []string{}
+	switch len(ps) {
+	case 1:
+		return ps[0].Name
+	case 2:
+		return fmt.Sprintf("%s and %s", ps[0].Name, ps[1].Name)
+	default:
+		for i, p := range ps {
+			if i == len(ps)-1 {
+				names = append(names, "and "+p.Name)
+			} else {
+				names = append(names, p.Name)
+			}
+		}
+		return strings.Join(names, ", ")
+	}
+}
+
+func boxedBoolIfSet(msg string, v boxedBool) string {
+	switch v {
+	case boxedTrue:
+		return fmt.Sprintf(msg, "boxedTrue")
+	case boxedFalse:
+		return fmt.Sprintf(msg, "boxedFalse")
+	default:
+		return ""
+	}
+}
+
+func stringIfSet(msg, v string) string {
+	if len(v) == 0 {
+		return ""
+	}
+
+	return fmt.Sprintf(msg, v)
+}
+
+func stringSliceIfSet(msg string, vs []string) string {
+	if len(vs) == 0 {
+		return ""
+	}
+
+	names := []string{}
+	for _, v := range vs {
+		names = append(names, `"`+v+`"`)
+	}
+
+	return fmt.Sprintf(msg, strings.Join(names, ","))
+}
+
+func endpointIsSet(v endpoint) bool {
+	return !reflect.DeepEqual(v, endpoint{})
+}
+
+func serviceSet(ps partitions) map[string]struct{} {
+	set := map[string]struct{}{}
+	for _, p := range ps {
+		for id := range p.Services {
+			set[id] = struct{}{}
+		}
+	}
+
+	return set
+}
+
+var funcMap = template.FuncMap{
+	"ToSymbol":           toSymbol,
+	"QuoteString":        quoteString,
+	"RegionConst":        regionConstName,
+	"PartitionGetter":    partitionGetter,
+	"PartitionVarName":   partitionVarName,
+	"ListPartitionNames": listPartitionNames,
+	"BoxedBoolIfSet":     boxedBoolIfSet,
+	"StringIfSet":        stringIfSet,
+	"StringSliceIfSet":   stringSliceIfSet,
+	"EndpointIsSet":      endpointIsSet,
+	"ServicesSet":        serviceSet,
+}
+
+const v3Tmpl = `
+{{ define "defaults" -}}
+// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+
+package endpoints
+
+import (
+	"regexp"
+)
+
+	{{ template "partition consts" . }}
+
+	{{ range $_, $partition := . }}
+		{{ template "partition region consts" $partition }}
+	{{ end }}
+
+	{{ template "service consts" . }}
+	
+	{{ template "endpoint resolvers" . }}
+{{- end }}
+
+{{ define "partition consts" }}
+	// Partition identifiers
+	const (
+		{{ range $_, $p := . -}}
+			{{ ToSymbol $p.ID }}PartitionID = {{ QuoteString $p.ID }} // {{ $p.Name }} partition.
+		{{ end -}}
+	)
+{{- end }}
+
+{{ define "partition region consts" }}
+	// {{ .Name }} partition's regions.
+	const (
+		{{ range $id, $region := .Regions -}}
+			{{ ToSymbol $id }}RegionID = {{ QuoteString $id }} // {{ $region.Description }}.
+		{{ end -}}
+	)
+{{- end }}
+
+{{ define "service consts" }}
+	// Service identifiers
+	const (
+		{{ $serviceSet := ServicesSet . -}}
+		{{ range $id, $_ := $serviceSet -}}
+			{{ ToSymbol $id }}ServiceID = {{ QuoteString $id }} // {{ ToSymbol $id }}.
+		{{ end -}}
+	)
+{{- end }}
+
+{{ define "endpoint resolvers" }}
+	// DefaultResolver returns an Endpoint resolver that will be able
+	// to resolve endpoints for: {{ ListPartitionNames . }}.
+	//
+	// Casting the return value of this func to a EnumPartitions will
+	// allow you to get a list of the partitions in the order the endpoints
+	// will be resolved in.
+	//
+	//    resolver := endpoints.DefaultResolver()
+	//    partitions := resolver.(endpoints.EnumPartitions).Partitions()
+	//    for _, p := range partitions {
+	//        // ... inspect partitions
+	//    }
+	func DefaultResolver() Resolver {
+		return defaultPartitions
+	}
+
+	var defaultPartitions = partitions{
+		{{ range $_, $partition := . -}}
+			{{ PartitionVarName $partition.ID }},
+		{{ end }}
+	}
+	
+	{{ range $_, $partition := . -}}
+		{{ $name := PartitionGetter $partition.ID -}}
+		// {{ $name }} returns the Resolver for {{ $partition.Name }}.
+		func {{ $name }}() Partition {
+			return  {{ PartitionVarName $partition.ID }}.Partition()
+		}
+		var {{ PartitionVarName $partition.ID }} = {{ template "gocode Partition" $partition }}
+	{{ end }}
+{{ end }}
+
+{{ define "default partitions" }}
+	func DefaultPartitions() []Partition {
+		return []partition{
+			{{ range $_, $partition := . -}}
+			// {{ ToSymbol $partition.ID}}Partition(),
+			{{ end }}
+		}
+	}
+{{ end }}
+
+{{ define "gocode Partition" -}}
+partition{
+	{{ StringIfSet "ID: %q,\n" .ID -}}
+	{{ StringIfSet "Name: %q,\n" .Name -}}
+	{{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}}
+	RegionRegex: {{ template "gocode RegionRegex" .RegionRegex }},
+	{{ if EndpointIsSet .Defaults -}}
+		Defaults: {{ template "gocode Endpoint" .Defaults }},
+	{{- end }}
+	Regions:  {{ template "gocode Regions" .Regions }},
+	Services: {{ template "gocode Services" .Services }},
+}
+{{- end }}
+
+{{ define "gocode RegionRegex" -}}
+regionRegex{
+	Regexp: func() *regexp.Regexp{
+		reg, _ := regexp.Compile({{ QuoteString .Regexp.String }})
+		return reg
+	}(),
+}
+{{- end }}
+
+{{ define "gocode Regions" -}}
+regions{
+	{{ range $id, $region := . -}}
+		"{{ $id }}": {{ template "gocode Region" $region }},
+	{{ end -}}
+}
+{{- end }}
+
+{{ define "gocode Region" -}}
+region{
+	{{ StringIfSet "Description: %q,\n" .Description -}}
+}
+{{- end }}
+
+{{ define "gocode Services" -}}
+services{
+	{{ range $id, $service := . -}}
+	"{{ $id }}": {{ template "gocode Service" $service }},
+	{{ end }}
+}
+{{- end }}
+
+{{ define "gocode Service" -}}
+service{
+	{{ StringIfSet "PartitionEndpoint: %q,\n" .PartitionEndpoint -}}
+	{{ BoxedBoolIfSet "IsRegionalized: %s,\n" .IsRegionalized -}}
+	{{ if EndpointIsSet .Defaults -}}
+		Defaults: {{ template "gocode Endpoint" .Defaults -}},
+	{{- end }}
+	{{ if .Endpoints -}}
+		Endpoints: {{ template "gocode Endpoints" .Endpoints }},
+	{{- end }}
+}
+{{- end }}
+
+{{ define "gocode Endpoints" -}}
+endpoints{
+	{{ range $id, $endpoint := . -}}
+	"{{ $id }}": {{ template "gocode Endpoint" $endpoint }},
+	{{ end }}
+}
+{{- end }}
+
+{{ define "gocode Endpoint" -}}
+endpoint{
+	{{ StringIfSet "Hostname: %q,\n" .Hostname -}}
+	{{ StringIfSet "SSLCommonName: %q,\n" .SSLCommonName -}}
+	{{ StringSliceIfSet "Protocols: []string{%s},\n" .Protocols -}}
+	{{ StringSliceIfSet "SignatureVersions: []string{%s},\n" .SignatureVersions -}}
+	{{ if or .CredentialScope.Region .CredentialScope.Service -}}
+	CredentialScope: credentialScope{
+		{{ StringIfSet "Region: %q,\n" .CredentialScope.Region -}}
+		{{ StringIfSet "Service: %q,\n" .CredentialScope.Service -}}
+	},
+	{{- end }}
+	{{ BoxedBoolIfSet "HasDualStack: %s,\n" .HasDualStack -}}
+	{{ StringIfSet "DualStackHostname: %q,\n" .DualStackHostname -}}
+
+}
+{{- end }}
+`

vendor/github.com/aws/aws-sdk-go/aws/request/request.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
 	"net/url"
 	"reflect"
@@ -55,6 +56,8 @@ type Operation struct {
 	HTTPMethod string
 	HTTPPath   string
 	*Paginator
+
+	BeforePresignFn func(r *Request) error
 }
 
 // Paginator keeps track of pagination configuration for an API operation.
@@ -149,6 +152,15 @@ func (r *Request) SetReaderBody(reader io.ReadSeeker) {
 func (r *Request) Presign(expireTime time.Duration) (string, error) {
 	r.ExpireTime = expireTime
 	r.NotHoist = false
+
+	if r.Operation.BeforePresignFn != nil {
+		r = r.copy()
+		err := r.Operation.BeforePresignFn(r)
+		if err != nil {
+			return "", err
+		}
+	}
+
 	r.Sign()
 	if r.Error != nil {
 		return "", r.Error
@@ -234,7 +246,82 @@ func (r *Request) ResetBody() {
 	}
 
 	r.safeBody = newOffsetReader(r.Body, r.BodyStart)
-	r.HTTPRequest.Body = r.safeBody
+
+	// Go 1.8 tightened and clarified the rules code needs to use when building
+	// requests with the http package. Go 1.8 removed the automatic detection
+	// of if the Request.Body was empty, or actually had bytes in it. The SDK
+	// always sets the Request.Body even if it is empty and should not actually
+	// be sent. This is incorrect.
+	//
+	// Go 1.8 did add a http.NoBody value that the SDK can use to tell the http
+	// client that the request really should be sent without a body. The
+	// Request.Body cannot be set to nil, which is preferable, because the
+	// field is exported and could introduce nil pointer dereferences for users
+	// of the SDK if they used that field.
+	//
+	// Related golang/go#18257
+	l, err := computeBodyLength(r.Body)
+	if err != nil {
+		r.Error = awserr.New("SerializationError", "failed to compute request body size", err)
+		return
+	}
+
+	if l == 0 {
+		r.HTTPRequest.Body = noBodyReader
+	} else if l > 0 {
+		r.HTTPRequest.Body = r.safeBody
+	} else {
+		// Hack to prevent sending bodies for methods where the body
+		// should be ignored by the server. Sending bodies on these
+		// methods without an associated ContentLength will cause the
+		// request to socket timeout because the server does not handle
+		// Transfer-Encoding: chunked bodies for these methods.
+		//
+		// This would only happen if a aws.ReaderSeekerCloser was used with
+		// a io.Reader that was not also an io.Seeker.
+		switch r.Operation.HTTPMethod {
+		case "GET", "HEAD", "DELETE":
+			r.HTTPRequest.Body = noBodyReader
+		default:
+			r.HTTPRequest.Body = r.safeBody
+		}
+	}
+}
+
+// Attempts to compute the length of the body of the reader using the
+// io.Seeker interface. If the value is not seekable because of being
+// a ReaderSeekerCloser without an unerlying Seeker -1 will be returned.
+// If no error occurs the length of the body will be returned.
+func computeBodyLength(r io.ReadSeeker) (int64, error) {
+	seekable := true
+	// Determine if the seeker is actually seekable. ReaderSeekerCloser
+	// hides the fact that a io.Readers might not actually be seekable.
+	switch v := r.(type) {
+	case aws.ReaderSeekerCloser:
+		seekable = v.IsSeeker()
+	case *aws.ReaderSeekerCloser:
+		seekable = v.IsSeeker()
+	}
+	if !seekable {
+		return -1, nil
+	}
+
+	curOffset, err := r.Seek(0, 1)
+	if err != nil {
+		return 0, err
+	}
+
+	endOffset, err := r.Seek(0, 2)
+	if err != nil {
+		return 0, err
+	}
+
+	_, err = r.Seek(curOffset, 0)
+	if err != nil {
+		return 0, err
+	}
+
+	return endOffset - curOffset, nil
 }
 
 // GetBody will return an io.ReadSeeker of the Request's underlying
@@ -286,7 +373,7 @@ func (r *Request) Send() error {
 
 		r.Handlers.Send.Run(r)
 		if r.Error != nil {
-			if strings.Contains(r.Error.Error(), "net/http: request canceled") {
+			if !shouldRetryCancel(r) {
 				return r.Error
 			}
 
@@ -334,6 +421,17 @@ func (r *Request) Send() error {
 	return nil
 }
 
+// copy will copy a request which will allow for local manipulation of the
+// request.
+func (r *Request) copy() *Request {
+	req := &Request{}
+	*req = *r
+	req.Handlers = r.Handlers.Copy()
+	op := *r.Operation
+	req.Operation = &op
+	return req
+}
+
 // AddToUserAgent adds the string to the end of the request's current user agent.
 func AddToUserAgent(r *Request, s string) {
 	curUA := r.HTTPRequest.Header.Get("User-Agent")
@@ -342,3 +440,26 @@ func AddToUserAgent(r *Request, s string) {
 	}
 	r.HTTPRequest.Header.Set("User-Agent", s)
 }
+
+func shouldRetryCancel(r *Request) bool {
+	awsErr, ok := r.Error.(awserr.Error)
+	timeoutErr := false
+	errStr := r.Error.Error()
+	if ok {
+		err := awsErr.OrigErr()
+		netErr, netOK := err.(net.Error)
+		timeoutErr = netOK && netErr.Temporary()
+		if urlErr, ok := err.(*url.Error); !timeoutErr && ok {
+			errStr = urlErr.Err.Error()
+		}
+	}
+
+	// There can be two types of canceled errors here.
+	// The first being a net.Error and the other being an error.
+	// If the request was timed out, we want to continue the retry
+	// process. Otherwise, return the canceled error.
+	return timeoutErr ||
+		(errStr != "net/http: request canceled" &&
+			errStr != "net/http: request canceled while waiting for connection")
+
+}

vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go

@@ -0,0 +1,21 @@
+// +build !go1.8
+
+package request
+
+import "io"
+
+// NoBody is an io.ReadCloser with no bytes. Read always returns EOF
+// and Close always returns nil. It can be used in an outgoing client
+// request to explicitly signal that a request has zero bytes.
+// An alternative, however, is to simply set Request.Body to nil.
+//
+// Copy of Go 1.8 NoBody type from net/http/http.go
+type noBody struct{}
+
+func (noBody) Read([]byte) (int, error)         { return 0, io.EOF }
+func (noBody) Close() error                     { return nil }
+func (noBody) WriteTo(io.Writer) (int64, error) { return 0, nil }
+
+// Is an empty reader that will trigger the Go HTTP client to not include
+// and body in the HTTP request.
+var noBodyReader = noBody{}

vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go

@@ -0,0 +1,9 @@
+// +build go1.8
+
+package request
+
+import "net/http"
+
+// Is a http.NoBody reader instructing Go HTTP client to not include
+// and body in the HTTP request.
+var noBodyReader = http.NoBody

vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go

@@ -38,6 +38,7 @@ var throttleCodes = map[string]struct{}{
 	"RequestThrottled":                       {},
 	"LimitExceededException":                 {}, // Deleting 10+ DynamoDb tables at once
 	"TooManyRequestsException":               {}, // Lambda functions
+	"PriorRequestNotComplete":                {}, // Route53
 }
 
 // credsExpiredCodes is a collection of error codes which signify the credentials

vendor/github.com/aws/aws-sdk-go/aws/session/session.go

@@ -10,8 +10,8 @@ import (
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/defaults"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/endpoints"
 )
 
 // A Session provides a central location to create service clients from and
@@ -34,17 +34,17 @@ type Session struct {
 // If the AWS_SDK_LOAD_CONFIG environment is set to a truthy value, the New
 // method could now encounter an error when loading the configuration. When
 // The environment variable is set, and an error occurs, New will return a
-// session that will fail all requests reporting the error that occured while
+// session that will fail all requests reporting the error that occurred while
 // loading the session. Use NewSession to get the error when creating the
 // session.
 //
 // If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
 // the shared config file (~/.aws/config) will also be loaded, in addition to
-// the shared credentials file (~/.aws/config). Values set in both the
+// the shared credentials file (~/.aws/credentials). Values set in both the
 // shared config, and shared credentials will be taken from the shared
 // credentials file.
 //
-// Deprecated: Use NewSession functiions to create sessions instead. NewSession
+// Deprecated: Use NewSession functions to create sessions instead. NewSession
 // has the same functionality as New except an error can be returned when the
 // func is called instead of waiting to receive an error until a request is made.
 func New(cfgs ...*aws.Config) *Session {
@@ -59,7 +59,7 @@ func New(cfgs ...*aws.Config) *Session {
 			// needs to be replicated if an error occurs while creating
 			// the session.
 			msg := "failed to create session with AWS_SDK_LOAD_CONFIG enabled. " +
-				"Use session.NewSession to handle errors occuring during session creation."
+				"Use session.NewSession to handle errors occurring during session creation."
 
 			// Session creation failed, need to report the error and prevent
 			// any requests from succeeding.
@@ -83,13 +83,13 @@ func New(cfgs ...*aws.Config) *Session {
 //
 // If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
 // the shared config file (~/.aws/config) will also be loaded in addition to
-// the shared credentials file (~/.aws/config). Values set in both the
+// the shared credentials file (~/.aws/credentials). Values set in both the
 // shared config, and shared credentials will be taken from the shared
 // credentials file. Enabling the Shared Config will also allow the Session
 // to be built with retrieving credentials with AssumeRole set in the config.
 //
 // See the NewSessionWithOptions func for information on how to override or
-// control through code how the Session will be created. Such as specifing the
+// control through code how the Session will be created. Such as specifying the
 // config profile, and controlling if shared config is enabled or not.
 func NewSession(cfgs ...*aws.Config) (*Session, error) {
 	envCfg := loadEnvConfig()
@@ -124,7 +124,7 @@ type Options struct {
 	// Provides config values for the SDK to use when creating service clients
 	// and making API requests to services. Any value set in with this field
 	// will override the associated value provided by the SDK defaults,
-	// environment or config files where relevent.
+	// environment or config files where relevant.
 	//
 	// If not set, configuration values from from SDK defaults, environment,
 	// config will be used.
@@ -155,7 +155,7 @@ type Options struct {
 //
 // If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value
 // the shared config file (~/.aws/config) will also be loaded in addition to
-// the shared credentials file (~/.aws/config). Values set in both the
+// the shared credentials file (~/.aws/credentials). Values set in both the
 // shared config, and shared credentials will be taken from the shared
 // credentials file. Enabling the Shared Config will also allow the Session
 // to be built with retrieving credentials with AssumeRole set in the config.
@@ -222,6 +222,11 @@ func oldNewSession(cfgs ...*aws.Config) *Session {
 	// Apply the passed in configs so the configuration can be applied to the
 	// default credential chain
 	cfg.MergeIn(cfgs...)
+	if cfg.EndpointResolver == nil {
+		// An endpoint resolver is required for a session to be able to provide
+		// endpoints for service client configurations.
+		cfg.EndpointResolver = endpoints.DefaultResolver()
+	}
 	cfg.Credentials = defaults.CredChain(cfg, handlers)
 
 	// Reapply any passed in configs to override credentials if set
@@ -375,19 +380,67 @@ func (s *Session) Copy(cfgs ...*aws.Config) *Session {
 // configure the service client instances. Passing the Session to the service
 // client's constructor (New) will use this method to configure the client.
 func (s *Session) ClientConfig(serviceName string, cfgs ...*aws.Config) client.Config {
+	// Backwards compatibility, the error will be eaten if user calls ClientConfig
+	// directly. All SDK services will use ClientconfigWithError.
+	cfg, _ := s.clientConfigWithErr(serviceName, cfgs...)
+
+	return cfg
+}
+
+func (s *Session) clientConfigWithErr(serviceName string, cfgs ...*aws.Config) (client.Config, error) {
 	s = s.Copy(cfgs...)
-	endpoint, signingRegion := endpoints.NormalizeEndpoint(
+
-		aws.StringValue(s.Config.Endpoint),
+	var resolved endpoints.ResolvedEndpoint
-		serviceName,
+	var err error
-		aws.StringValue(s.Config.Region),
+
-		aws.BoolValue(s.Config.DisableSSL),
+	region := aws.StringValue(s.Config.Region)
-		aws.BoolValue(s.Config.UseDualStack),
+
-	)
+	if endpoint := aws.StringValue(s.Config.Endpoint); len(endpoint) != 0 {
+		resolved.URL = endpoints.AddScheme(endpoint, aws.BoolValue(s.Config.DisableSSL))
+		resolved.SigningRegion = region
+	} else {
+		resolved, err = s.Config.EndpointResolver.EndpointFor(
+			serviceName, region,
+			func(opt *endpoints.Options) {
+				opt.DisableSSL = aws.BoolValue(s.Config.DisableSSL)
+				opt.UseDualStack = aws.BoolValue(s.Config.UseDualStack)
+
+				// Support the condition where the service is modeled but its
+				// endpoint metadata is not available.
+				opt.ResolveUnknownService = true
+			},
+		)
+	}
 
 	return client.Config{
 		Config:        s.Config,
 		Handlers:      s.Handlers,
-		Endpoint:      endpoint,
+		Endpoint:      resolved.URL,
-		SigningRegion: signingRegion,
+		SigningRegion: resolved.SigningRegion,
+		SigningName:   resolved.SigningName,
+	}, err
+}
+
+// ClientConfigNoResolveEndpoint is the same as ClientConfig with the exception
+// that the EndpointResolver will not be used to resolve the endpoint. The only
+// endpoint set must come from the aws.Config.Endpoint field.
+func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Config {
+	s = s.Copy(cfgs...)
+
+	var resolved endpoints.ResolvedEndpoint
+
+	region := aws.StringValue(s.Config.Region)
+
+	if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 {
+		resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL))
+		resolved.SigningRegion = region
+	}
+
+	return client.Config{
+		Config:        s.Config,
+		Handlers:      s.Handlers,
+		Endpoint:      resolved.URL,
+		SigningRegion: resolved.SigningRegion,
+		SigningName:   resolved.SigningName,
 	}
 }

vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path_1_4.go

@@ -1,24 +0,0 @@
-// +build !go1.5
-
-package v4
-
-import (
-	"net/url"
-	"strings"
-)
-
-func getURIPath(u *url.URL) string {
-	var uri string
-
-	if len(u.Opaque) > 0 {
-		uri = "/" + strings.Join(strings.Split(u.Opaque, "/")[3:], "/")
-	} else {
-		uri = u.Path
-	}
-
-	if len(uri) == 0 {
-		uri = "/"
-	}
-
-	return uri
-}

vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go

@@ -42,6 +42,14 @@
 // the URL.Opaque or URL.RawPath. The SDK will use URL.Opaque first and then
 // call URL.EscapedPath() if Opaque is not set.
 //
+// If signing a request intended for HTTP2 server, and you're using Go 1.6.2
+// through 1.7.4 you should use the URL.RawPath as the pre-escaped form of the
+// request URL. https://github.com/golang/go/issues/16847 points to a bug in
+// Go pre 1.8 that failes to make HTTP2 requests using absolute URL in the HTTP
+// message. URL.Opaque generally will force Go to make requests with absolute URL.
+// URL.RawPath does not do this, but RawPath must be a valid escaping of Path
+// or url.EscapedPath will ignore the RawPath escaping.
+//
 // Test `TestStandaloneSign` provides a complete example of using the signer
 // outside of the SDK and pre-escaping the URI path.
 package v4
@@ -79,8 +87,9 @@ const (
 var ignoredHeaders = rules{
 	blacklist{
 		mapRule{
-			"Authorization": struct{}{},
+			"Authorization":   struct{}{},
-			"User-Agent":    struct{}{},
+			"User-Agent":      struct{}{},
+			"X-Amzn-Trace-Id": struct{}{},
 		},
 	},
 }
@@ -171,6 +180,16 @@ type Signer struct {
 	// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
 	DisableURIPathEscaping bool
 
+	// Disales the automatical setting of the HTTP request's Body field with the
+	// io.ReadSeeker passed in to the signer. This is useful if you're using a
+	// custom wrapper around the body for the io.ReadSeeker and want to preserve
+	// the Body value on the Request.Body.
+	//
+	// This does run the risk of signing a request with a body that will not be
+	// sent in the request. Need to ensure that the underlying data of the Body
+	// values are the same.
+	DisableRequestBodyOverwrite bool
+
 	// currentTimeFn returns the time value which represents the current time.
 	// This value should only be used for testing. If it is nil the default
 	// time.Now will be used.
@@ -300,6 +319,10 @@ func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, regi
 		DisableURIPathEscaping: v4.DisableURIPathEscaping,
 	}
 
+	for key := range ctx.Query {
+		sort.Strings(ctx.Query[key])
+	}
+
 	if ctx.isRequestSigned() {
 		ctx.Time = currentTimeFn()
 		ctx.handlePresignRemoval()
@@ -317,7 +340,7 @@ func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, regi
 	// If the request is not presigned the body should be attached to it. This
 	// prevents the confusion of wanting to send a signed request without
 	// the body the request was signed for attached.
-	if !ctx.isPresign {
+	if !(v4.DisableRequestBodyOverwrite || ctx.isPresign) {
 		var reader io.ReadCloser
 		if body != nil {
 			var ok bool
@@ -412,6 +435,10 @@ func signSDKRequestWithCurrTime(req *request.Request, curTimeFn func() time.Time
 			// S3 service should not have any escaping applied
 			v4.DisableURIPathEscaping = true
 		}
+		// Prevents setting the HTTPRequest's Body. Since the Body could be
+		// wrapped in a custom io.Closer that we do not want to be stompped
+		// on top of by the signer.
+		v4.DisableRequestBodyOverwrite = true
 	})
 
 	signingTime := req.Time

vendor/github.com/aws/aws-sdk-go/aws/types.go

@@ -5,7 +5,13 @@ import (
 	"sync"
 )
 
-// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser
+// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Should
+// only be used with an io.Reader that is also an io.Seeker. Doing so may
+// cause request signature errors, or request body's not sent for GET, HEAD
+// and DELETE HTTP methods.
+//
+// Deprecated: Should only be used with io.ReadSeeker. If using for
+// S3 PutObject to stream content use s3manager.Uploader instead.
 func ReadSeekCloser(r io.Reader) ReaderSeekerCloser {
 	return ReaderSeekerCloser{r}
 }
@@ -44,6 +50,12 @@ func (r ReaderSeekerCloser) Seek(offset int64, whence int) (int64, error) {
 	return int64(0), nil
 }
 
+// IsSeeker returns if the underlying reader is also a seeker.
+func (r ReaderSeekerCloser) IsSeeker() bool {
+	_, ok := r.r.(io.Seeker)
+	return ok
+}
+
 // Close closes the ReaderSeekerCloser.
 //
 // If the ReaderSeekerCloser is not an io.Closer nothing will be done.
@@ -102,5 +114,5 @@ func (b *WriteAtBuffer) WriteAt(p []byte, pos int64) (n int, err error) {
 func (b *WriteAtBuffer) Bytes() []byte {
 	b.m.Lock()
 	defer b.m.Unlock()
-	return b.buf[:len(b.buf):len(b.buf)]
+	return b.buf
 }

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.4.22"
+const SDKVersion = "1.6.24"

vendor/github.com/aws/aws-sdk-go/private/endpoints/endpoints.go

@@ -1,70 +0,0 @@
-// Package endpoints validates regional endpoints for services.
-package endpoints
-
-//go:generate go run -tags codegen ../model/cli/gen-endpoints/main.go endpoints.json endpoints_map.go
-//go:generate gofmt -s -w endpoints_map.go
-
-import (
-	"fmt"
-	"regexp"
-	"strings"
-)
-
-// NormalizeEndpoint takes and endpoint and service API information to return a
-// normalized endpoint and signing region.  If the endpoint is not an empty string
-// the service name and region will be used to look up the service's API endpoint.
-// If the endpoint is provided the scheme will be added if it is not present.
-func NormalizeEndpoint(endpoint, serviceName, region string, disableSSL, useDualStack bool) (normEndpoint, signingRegion string) {
-	if endpoint == "" {
-		return EndpointForRegion(serviceName, region, disableSSL, useDualStack)
-	}
-
-	return AddScheme(endpoint, disableSSL), ""
-}
-
-// EndpointForRegion returns an endpoint and its signing region for a service and region.
-// if the service and region pair are not found endpoint and signingRegion will be empty.
-func EndpointForRegion(svcName, region string, disableSSL, useDualStack bool) (endpoint, signingRegion string) {
-	dualStackField := ""
-	if useDualStack {
-		dualStackField = "/dualstack"
-	}
-
-	derivedKeys := []string{
-		region + "/" + svcName + dualStackField,
-		region + "/*" + dualStackField,
-		"*/" + svcName + dualStackField,
-		"*/*" + dualStackField,
-	}
-
-	for _, key := range derivedKeys {
-		if val, ok := endpointsMap.Endpoints[key]; ok {
-			ep := val.Endpoint
-			ep = strings.Replace(ep, "{region}", region, -1)
-			ep = strings.Replace(ep, "{service}", svcName, -1)
-
-			endpoint = ep
-			signingRegion = val.SigningRegion
-			break
-		}
-	}
-
-	return AddScheme(endpoint, disableSSL), signingRegion
-}
-
-// Regular expression to determine if the endpoint string is prefixed with a scheme.
-var schemeRE = regexp.MustCompile("^([^:]+)://")
-
-// AddScheme adds the HTTP or HTTPS schemes to a endpoint URL if there is no
-// scheme. If disableSSL is true HTTP will be added instead of the default HTTPS.
-func AddScheme(endpoint string, disableSSL bool) string {
-	if endpoint != "" && !schemeRE.MatchString(endpoint) {
-		scheme := "https"
-		if disableSSL {
-			scheme = "http"
-		}
-		endpoint = fmt.Sprintf("%s://%s", scheme, endpoint)
-	}
-
-	return endpoint
-}

vendor/github.com/aws/aws-sdk-go/private/endpoints/endpoints.json

@@ -1,82 +0,0 @@
-{
-  "version": 2,
-  "endpoints": {
-    "*/*": {
-      "endpoint": "{service}.{region}.amazonaws.com"
-    },
-    "cn-north-1/*": {
-      "endpoint": "{service}.{region}.amazonaws.com.cn",
-      "signatureVersion": "v4"
-    },
-    "cn-north-1/ec2metadata": {
-      "endpoint": "http://169.254.169.254/latest"
-    },
-    "us-gov-west-1/iam": {
-      "endpoint": "iam.us-gov.amazonaws.com"
-    },
-    "us-gov-west-1/sts": {
-      "endpoint": "sts.us-gov-west-1.amazonaws.com"
-    },
-    "us-gov-west-1/s3": {
-      "endpoint": "s3-{region}.amazonaws.com"
-    },
-    "us-gov-west-1/ec2metadata": {
-      "endpoint": "http://169.254.169.254/latest"
-    },
-    "*/budgets": {
-      "endpoint": "budgets.amazonaws.com",
-      "signingRegion": "us-east-1"
-    },
-    "*/cloudfront": {
-      "endpoint": "cloudfront.amazonaws.com",
-      "signingRegion": "us-east-1"
-    },
-    "*/cloudsearchdomain": {
-      "endpoint": "",
-      "signingRegion": "us-east-1"
-    },
-    "*/data.iot": {
-      "endpoint": "",
-      "signingRegion": "us-east-1"
-    },
-    "*/ec2metadata": {
-      "endpoint": "http://169.254.169.254/latest"
-    },
-    "*/iam": {
-      "endpoint": "iam.amazonaws.com",
-      "signingRegion": "us-east-1"
-    },
-    "*/importexport": {
-      "endpoint": "importexport.amazonaws.com",
-      "signingRegion": "us-east-1"
-    },
-    "*/route53": {
-      "endpoint": "route53.amazonaws.com",
-      "signingRegion": "us-east-1"
-    },
-    "*/sts": {
-      "endpoint": "sts.amazonaws.com",
-      "signingRegion": "us-east-1"
-    },
-    "*/waf": {
-      "endpoint": "waf.amazonaws.com",
-      "signingRegion": "us-east-1"
-    },
-    "us-east-1/sdb": {
-      "endpoint": "sdb.amazonaws.com",
-      "signingRegion": "us-east-1"
-    },
-    "*/s3": {
-      "endpoint": "s3-{region}.amazonaws.com"
-    },
-    "*/s3/dualstack": {
-      "endpoint": "s3.dualstack.{region}.amazonaws.com"
-    },
-    "us-east-1/s3": {
-      "endpoint": "s3.amazonaws.com"
-    },
-    "eu-central-1/s3": {
-      "endpoint": "{service}.{region}.amazonaws.com"
-    }
-  }
-}

vendor/github.com/aws/aws-sdk-go/private/endpoints/endpoints_map.go

@@ -1,95 +0,0 @@
-package endpoints
-
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
-
-type endpointStruct struct {
-	Version   int
-	Endpoints map[string]endpointEntry
-}
-
-type endpointEntry struct {
-	Endpoint      string
-	SigningRegion string
-}
-
-var endpointsMap = endpointStruct{
-	Version: 2,
-	Endpoints: map[string]endpointEntry{
-		"*/*": {
-			Endpoint: "{service}.{region}.amazonaws.com",
-		},
-		"*/budgets": {
-			Endpoint:      "budgets.amazonaws.com",
-			SigningRegion: "us-east-1",
-		},
-		"*/cloudfront": {
-			Endpoint:      "cloudfront.amazonaws.com",
-			SigningRegion: "us-east-1",
-		},
-		"*/cloudsearchdomain": {
-			Endpoint:      "",
-			SigningRegion: "us-east-1",
-		},
-		"*/data.iot": {
-			Endpoint:      "",
-			SigningRegion: "us-east-1",
-		},
-		"*/ec2metadata": {
-			Endpoint: "http://169.254.169.254/latest",
-		},
-		"*/iam": {
-			Endpoint:      "iam.amazonaws.com",
-			SigningRegion: "us-east-1",
-		},
-		"*/importexport": {
-			Endpoint:      "importexport.amazonaws.com",
-			SigningRegion: "us-east-1",
-		},
-		"*/route53": {
-			Endpoint:      "route53.amazonaws.com",
-			SigningRegion: "us-east-1",
-		},
-		"*/s3": {
-			Endpoint: "s3-{region}.amazonaws.com",
-		},
-		"*/s3/dualstack": {
-			Endpoint: "s3.dualstack.{region}.amazonaws.com",
-		},
-		"*/sts": {
-			Endpoint:      "sts.amazonaws.com",
-			SigningRegion: "us-east-1",
-		},
-		"*/waf": {
-			Endpoint:      "waf.amazonaws.com",
-			SigningRegion: "us-east-1",
-		},
-		"cn-north-1/*": {
-			Endpoint: "{service}.{region}.amazonaws.com.cn",
-		},
-		"cn-north-1/ec2metadata": {
-			Endpoint: "http://169.254.169.254/latest",
-		},
-		"eu-central-1/s3": {
-			Endpoint: "{service}.{region}.amazonaws.com",
-		},
-		"us-east-1/s3": {
-			Endpoint: "s3.amazonaws.com",
-		},
-		"us-east-1/sdb": {
-			Endpoint:      "sdb.amazonaws.com",
-			SigningRegion: "us-east-1",
-		},
-		"us-gov-west-1/ec2metadata": {
-			Endpoint: "http://169.254.169.254/latest",
-		},
-		"us-gov-west-1/iam": {
-			Endpoint: "iam.us-gov.amazonaws.com",
-		},
-		"us-gov-west-1/s3": {
-			Endpoint: "s3-{region}.amazonaws.com",
-		},
-		"us-gov-west-1/sts": {
-			Endpoint: "sts.us-gov-west-1.amazonaws.com",
-		},
-	},
-}

vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go

@@ -76,6 +76,10 @@ func (q *queryParser) parseStruct(v url.Values, value reflect.Value, prefix stri
 		if field.PkgPath != "" {
 			continue // ignore unexported fields
 		}
+		if field.Tag.Get("ignore") != "" {
+			continue
+		}
+
 
 		if protocol.CanSetIdempotencyToken(value.Field(i), field) {
 			token := protocol.GetIdempotencyToken()

vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go

@@ -14,6 +14,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
 )
@@ -46,14 +47,29 @@ var BuildHandler = request.NamedHandler{Name: "awssdk.rest.Build", Fn: Build}
 func Build(r *request.Request) {
 	if r.ParamsFilled() {
 		v := reflect.ValueOf(r.Params).Elem()
-		buildLocationElements(r, v)
+		buildLocationElements(r, v, false)
 		buildBody(r, v)
 	}
 }
 
-func buildLocationElements(r *request.Request, v reflect.Value) {
+// BuildAsGET builds the REST component of a service request with the ability to hoist
+// data from the body.
+func BuildAsGET(r *request.Request) {
+	if r.ParamsFilled() {
+		v := reflect.ValueOf(r.Params).Elem()
+		buildLocationElements(r, v, true)
+		buildBody(r, v)
+	}
+}
+
+func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bool) {
 	query := r.HTTPRequest.URL.Query()
 
+	// Setup the raw path to match the base path pattern. This is needed
+	// so that when the path is mutated a custom escaped version can be
+	// stored in RawPath that will be used by the Go client.
+	r.HTTPRequest.URL.RawPath = r.HTTPRequest.URL.Path
+
 	for i := 0; i < v.NumField(); i++ {
 		m := v.Field(i)
 		if n := v.Type().Field(i).Name; n[0:1] == strings.ToLower(n[0:1]) {
@@ -72,6 +88,9 @@ func buildLocationElements(r *request.Request, v reflect.Value) {
 			if !m.IsValid() {
 				continue
 			}
+			if field.Tag.Get("ignore") != "" {
+				continue
+			}
 
 			var err error
 			switch field.Tag.Get("location") {
@@ -83,6 +102,10 @@ func buildLocationElements(r *request.Request, v reflect.Value) {
 				err = buildURI(r.HTTPRequest.URL, m, name)
 			case "querystring":
 				err = buildQueryString(query, m, name)
+			default:
+				if buildGETQuery {
+					err = buildQueryString(query, m, name)
+				}
 			}
 			r.Error = err
 		}
@@ -92,7 +115,9 @@ func buildLocationElements(r *request.Request, v reflect.Value) {
 	}
 
 	r.HTTPRequest.URL.RawQuery = query.Encode()
-	updatePath(r.HTTPRequest.URL, r.HTTPRequest.URL.Path)
+	if !aws.BoolValue(r.Config.DisableRestProtocolURICleaning) {
+		cleanPath(r.HTTPRequest.URL)
+	}
 }
 
 func buildBody(r *request.Request, v reflect.Value) {
@@ -156,10 +181,11 @@ func buildURI(u *url.URL, v reflect.Value, name string) error {
 		return awserr.New("SerializationError", "failed to encode REST request", err)
 	}
 
-	uri := u.Path
+	u.Path = strings.Replace(u.Path, "{"+name+"}", value, -1)
-	uri = strings.Replace(uri, "{"+name+"}", EscapePath(value, true), -1)
+	u.Path = strings.Replace(u.Path, "{"+name+"+}", value, -1)
-	uri = strings.Replace(uri, "{"+name+"+}", EscapePath(value, false), -1)
+
-	u.Path = uri
+	u.RawPath = strings.Replace(u.RawPath, "{"+name+"}", EscapePath(value, true), -1)
+	u.RawPath = strings.Replace(u.RawPath, "{"+name+"+}", EscapePath(value, false), -1)
 
 	return nil
 }
@@ -193,25 +219,17 @@ func buildQueryString(query url.Values, v reflect.Value, name string) error {
 	return nil
 }
 
-func updatePath(url *url.URL, urlPath string) {
+func cleanPath(u *url.URL) {
-	scheme, query := url.Scheme, url.RawQuery
+	hasSlash := strings.HasSuffix(u.Path, "/")
 
-	hasSlash := strings.HasSuffix(urlPath, "/")
+	// clean up path, removing duplicate `/`
+	u.Path = path.Clean(u.Path)
+	u.RawPath = path.Clean(u.RawPath)
 
-	// clean up path
+	if hasSlash && !strings.HasSuffix(u.Path, "/") {
-	urlPath = path.Clean(urlPath)
+		u.Path += "/"
-	if hasSlash && !strings.HasSuffix(urlPath, "/") {
+		u.RawPath += "/"
-		urlPath += "/"
 	}
-
-	// get formatted URL minus scheme so we can build this into Opaque
-	url.Scheme, url.Path, url.RawQuery = "", "", ""
-	s := url.String()
-	url.Scheme = scheme
-	url.RawQuery = query
-
-	// build opaque URI
-	url.Opaque = s + urlPath
 }
 
 // EscapePath escapes part of a URL path in Amazon style

vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go

@@ -1,6 +1,7 @@
 package rest
 
 import (
+	"bytes"
 	"encoding/base64"
 	"fmt"
 	"io"
@@ -11,7 +12,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
 )
@@ -70,10 +70,16 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
 						}
 					default:
 						switch payload.Type().String() {
-						case "io.ReadSeeker":
+						case "io.ReadCloser":
-							payload.Set(reflect.ValueOf(aws.ReadSeekCloser(r.HTTPResponse.Body)))
-						case "aws.ReadSeekCloser", "io.ReadCloser":
 							payload.Set(reflect.ValueOf(r.HTTPResponse.Body))
+						case "io.ReadSeeker":
+							b, err := ioutil.ReadAll(r.HTTPResponse.Body)
+							if err != nil {
+								r.Error = awserr.New("SerializationError",
+									"failed to read response body", err)
+								return
+							}
+							payload.Set(reflect.ValueOf(ioutil.NopCloser(bytes.NewReader(b))))
 						default:
 							io.Copy(ioutil.Discard, r.HTTPResponse.Body)
 							defer r.HTTPResponse.Body.Close()

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go

@@ -127,6 +127,10 @@ func (b *xmlBuilder) buildStruct(value reflect.Value, current *XMLNode, tag refl
 		if field.PkgPath != "" {
 			continue // ignore unexported fields
 		}
+		if field.Tag.Get("ignore") != "" {
+			continue
+		}
+
 
 		mTag := field.Tag
 		if mTag.Get("location") != "" { // skip non-body members

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go

@@ -111,11 +111,8 @@ func parseStruct(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
 		elems := node.Children[name]
 
 		if elems == nil { // try to find the field in attributes
-			for _, a := range node.Attr {
+			if val, ok := node.findElem(name); ok {
-				if name == a.Name.Local {
+				elems = []*XMLNode{{Text: val}}
-					// turn this into a text node for de-serializing
-					elems = []*XMLNode{{Text: a.Value}}
-				}
 			}
 		}
 

vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go

@@ -2,6 +2,7 @@ package xmlutil
 
 import (
 	"encoding/xml"
+	"fmt"
 	"io"
 	"sort"
 )
@@ -12,6 +13,9 @@ type XMLNode struct {
 	Children map[string][]*XMLNode `json:",omitempty"`
 	Text     string                `json:",omitempty"`
 	Attr     []xml.Attr            `json:",omitempty"`
+
+	namespaces map[string]string
+	parent     *XMLNode
 }
 
 // NewXMLElement returns a pointer to a new XMLNode initialized to default values.
@@ -59,21 +63,54 @@ func XMLToStruct(d *xml.Decoder, s *xml.StartElement) (*XMLNode, error) {
 				slice = []*XMLNode{}
 			}
 			node, e := XMLToStruct(d, &el)
+			out.findNamespaces()
 			if e != nil {
 				return out, e
 			}
 			node.Name = typed.Name
+			node.findNamespaces()
+			tempOut := *out
+			// Save into a temp variable, simply because out gets squashed during
+			// loop iterations
+			node.parent = &tempOut
 			slice = append(slice, node)
 			out.Children[name] = slice
 		case xml.EndElement:
 			if s != nil && s.Name.Local == typed.Name.Local { // matching end token
 				return out, nil
 			}
+			out = &XMLNode{}
 		}
 	}
 	return out, nil
 }
 
+func (n *XMLNode) findNamespaces() {
+	ns := map[string]string{}
+	for _, a := range n.Attr {
+		if a.Name.Space == "xmlns" {
+			ns[a.Value] = a.Name.Local
+		}
+	}
+
+	n.namespaces = ns
+}
+
+func (n *XMLNode) findElem(name string) (string, bool) {
+	for node := n; node != nil; node = node.parent {
+		for _, a := range node.Attr {
+			namespace := a.Name.Space
+			if v, ok := node.namespaces[namespace]; ok {
+				namespace = v
+			}
+			if name == fmt.Sprintf("%s:%s", namespace, a.Name.Local) {
+				return a.Value, true
+			}
+		}
+	}
+	return "", false
+}
+
 // StructToXML writes an XMLNode to a xml.Encoder as tokens.
 func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error {
 	e.EncodeToken(xml.StartElement{Name: node.Name, Attr: node.Attr})

vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go

@@ -5,8 +5,8 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awsutil"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/private/endpoints"
 )
 
 func init() {
@@ -39,12 +39,20 @@ func fillPresignedURL(r *request.Request) {
 		WithRegion(aws.StringValue(origParams.SourceRegion)))
 
 	clientInfo := r.ClientInfo
-	clientInfo.Endpoint, clientInfo.SigningRegion = endpoints.EndpointForRegion(
+	resolved, err := r.Config.EndpointResolver.EndpointFor(
-		clientInfo.ServiceName,
+		clientInfo.ServiceName, aws.StringValue(cfg.Region),
-		aws.StringValue(cfg.Region),
+		func(opt *endpoints.Options) {
-		aws.BoolValue(cfg.DisableSSL),
+			opt.DisableSSL = aws.BoolValue(cfg.DisableSSL)
-		aws.BoolValue(cfg.UseDualStack),
+			opt.UseDualStack = aws.BoolValue(cfg.UseDualStack)
+		},
 	)
+	if err != nil {
+		r.Error = err
+		return
+	}
+
+	clientInfo.Endpoint = resolved.URL
+	clientInfo.SigningRegion = resolved.SigningRegion
 
 	// Presign a CopySnapshot request with modified params
 	req := request.New(*cfg, clientInfo, r.Handlers, r.Retryer, r.Operation, newParams, r.Data)

vendor/github.com/aws/aws-sdk-go/service/ec2/errors.go

@@ -0,0 +1,3 @@
+// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+
+package ec2

vendor/github.com/aws/aws-sdk-go/service/ec2/service.go

@@ -15,8 +15,9 @@ import (
 // in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your
 // need to invest in hardware up front, so you can develop and deploy applications
 // faster.
-//The service client's operations are safe to be used concurrently.
+// The service client's operations are safe to be used concurrently.
 // It is not safe to mutate any of the client's properties though.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15
 type EC2 struct {
 	*client.Client
 }
@@ -27,8 +28,11 @@ var initClient func(*client.Client)
 // Used for custom request initialization logic
 var initRequest func(*request.Request)
 
-// A ServiceName is the name of the service the client will make API calls to.
+// Service information constants
-const ServiceName = "ec2"
+const (
+	ServiceName = "ec2"       // Service endpoint prefix API calls made to.
+	EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata.
+)
 
 // New creates a new instance of the EC2 client with a session.
 // If additional configuration is needed for the client instance use the optional
@@ -41,20 +45,21 @@ const ServiceName = "ec2"
 //     // Create a EC2 client with additional configuration
 //     svc := ec2.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2 {
-	c := p.ClientConfig(ServiceName, cfgs...)
+	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion)
+	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string) *EC2 {
+func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *EC2 {
 	svc := &EC2{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
 				ServiceName:   ServiceName,
+				SigningName:   signingName,
 				SigningRegion: signingRegion,
 				Endpoint:      endpoint,
-				APIVersion:    "2016-09-15",
+				APIVersion:    "2016-11-15",
 			},
 			handlers,
 		),

vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go

@@ -498,7 +498,7 @@ func (c *EC2) WaitUntilKeyPairExists(input *DescribeKeyPairsInput) error {
 		Acceptors: []waiter.WaitAcceptor{
 			{
 				State:    "success",
-				Matcher:  "pathAll",
+				Matcher:  "path",
 				Argument: "length(KeyPairs[].KeyName) > `0`",
 				Expected: true,
 			},
@@ -921,6 +921,39 @@ func (c *EC2) WaitUntilVpcExists(input *DescribeVpcsInput) error {
 	return w.Wait()
 }
 
+// WaitUntilVpcPeeringConnectionDeleted uses the Amazon EC2 API operation
+// DescribeVpcPeeringConnections to wait for a condition to be met before returning.
+// If the condition is not meet within the max attempt window an error will
+// be returned.
+func (c *EC2) WaitUntilVpcPeeringConnectionDeleted(input *DescribeVpcPeeringConnectionsInput) error {
+	waiterCfg := waiter.Config{
+		Operation:   "DescribeVpcPeeringConnections",
+		Delay:       15,
+		MaxAttempts: 40,
+		Acceptors: []waiter.WaitAcceptor{
+			{
+				State:    "success",
+				Matcher:  "pathAll",
+				Argument: "VpcPeeringConnections[].Status.Code",
+				Expected: "deleted",
+			},
+			{
+				State:    "success",
+				Matcher:  "error",
+				Argument: "",
+				Expected: "InvalidVpcPeeringConnectionID.NotFound",
+			},
+		},
+	}
+
+	w := waiter.Waiter{
+		Client: c,
+		Input:  input,
+		Config: waiterCfg,
+	}
+	return w.Wait()
+}
+
 // WaitUntilVpcPeeringConnectionExists uses the Amazon EC2 API operation
 // DescribeVpcPeeringConnections to wait for a condition to be met before returning.
 // If the condition is not meet within the max attempt window an error will

vendor/github.com/aws/aws-sdk-go/service/s3/errors.go

@@ -0,0 +1,48 @@
+// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+
+package s3
+
+const (
+
+	// ErrCodeBucketAlreadyExists for service response error code
+	// "BucketAlreadyExists".
+	//
+	// The requested bucket name is not available. The bucket namespace is shared
+	// by all users of the system. Please select a different name and try again.
+	ErrCodeBucketAlreadyExists = "BucketAlreadyExists"
+
+	// ErrCodeBucketAlreadyOwnedByYou for service response error code
+	// "BucketAlreadyOwnedByYou".
+	ErrCodeBucketAlreadyOwnedByYou = "BucketAlreadyOwnedByYou"
+
+	// ErrCodeNoSuchBucket for service response error code
+	// "NoSuchBucket".
+	//
+	// The specified bucket does not exist.
+	ErrCodeNoSuchBucket = "NoSuchBucket"
+
+	// ErrCodeNoSuchKey for service response error code
+	// "NoSuchKey".
+	//
+	// The specified key does not exist.
+	ErrCodeNoSuchKey = "NoSuchKey"
+
+	// ErrCodeNoSuchUpload for service response error code
+	// "NoSuchUpload".
+	//
+	// The specified multipart upload does not exist.
+	ErrCodeNoSuchUpload = "NoSuchUpload"
+
+	// ErrCodeObjectAlreadyInActiveTierError for service response error code
+	// "ObjectAlreadyInActiveTierError".
+	//
+	// This operation is not allowed against this storage tier
+	ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError"
+
+	// ErrCodeObjectNotInActiveTierError for service response error code
+	// "ObjectNotInActiveTierError".
+	//
+	// The source object of the COPY operation is not in the active tier and is
+	// only stored in Amazon Glacier.
+	ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError"
+)

vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go

@@ -1,7 +1,6 @@
 package s3
 
 import (
-	"bytes"
 	"fmt"
 	"net/url"
 	"regexp"
@@ -83,29 +82,31 @@ func updateEndpointForAccelerate(r *request.Request) {
 
 	if !hostCompatibleBucketName(r.HTTPRequest.URL, bucket) {
 		r.Error = awserr.New("InvalidParameterException",
-			fmt.Sprintf("bucket name %s is not compatibile with S3 Accelerate", bucket),
+			fmt.Sprintf("bucket name %s is not compatible with S3 Accelerate", bucket),
 			nil)
 		return
 	}
 
-	// Change endpoint from s3(-[a-z0-1-])?.amazonaws.com to s3-accelerate.amazonaws.com
+	parts := strings.Split(r.HTTPRequest.URL.Host, ".")
-	r.HTTPRequest.URL.Host = replaceHostRegion(r.HTTPRequest.URL.Host, "accelerate")
+	if len(parts) < 3 {
+		r.Error = awserr.New("InvalidParameterExecption",
+			fmt.Sprintf("unable to update endpoint host for S3 accelerate, hostname invalid, %s",
+				r.HTTPRequest.URL.Host), nil)
+		return
+	}
 
-	if aws.BoolValue(r.Config.UseDualStack) {
+	if parts[0] == "s3" || strings.HasPrefix(parts[0], "s3-") {
-		host := []byte(r.HTTPRequest.URL.Host)
+		parts[0] = "s3-accelerate"
-
+	}
-		// Strip region from hostname
+	for i := 1; i+1 < len(parts); i++ {
-		if idx := bytes.Index(host, accelElem); idx >= 0 {
+		if parts[i] == aws.StringValue(r.Config.Region) {
-			start := idx + len(accelElem)
+			parts = append(parts[:i], parts[i+1:]...)
-			if end := bytes.IndexByte(host[start:], '.'); end >= 0 {
+			break
-				end += start + 1
-				copy(host[start:], host[end:])
-				host = host[:len(host)-(end-start)]
-				r.HTTPRequest.URL.Host = string(host)
-			}
 		}
 	}
 
+	r.HTTPRequest.URL.Host = strings.Join(parts, ".")
+
 	moveBucketToHost(r.HTTPRequest.URL, bucket)
 }
 
@@ -159,28 +160,3 @@ func moveBucketToHost(u *url.URL, bucket string) {
 		u.Path = "/"
 	}
 }
-
-const s3HostPrefix = "s3"
-
-// replaceHostRegion replaces the S3 region string in the host with the
-// value provided. If v is empty the host prefix returned will be s3.
-func replaceHostRegion(host, v string) string {
-	if !strings.HasPrefix(host, s3HostPrefix) {
-		return host
-	}
-
-	suffix := host[len(s3HostPrefix):]
-	for i := len(s3HostPrefix); i < len(host); i++ {
-		if host[i] == '.' {
-			// Trim until '.' leave the it in place.
-			suffix = host[i:]
-			break
-		}
-	}
-
-	if len(v) == 0 {
-		return fmt.Sprintf("s3%s", suffix)
-	}
-
-	return fmt.Sprintf("s3-%s%s", v, suffix)
-}

vendor/github.com/aws/aws-sdk-go/service/s3/s3iface/interface.go

@@ -83,14 +83,26 @@ type S3API interface {
 
 	DeleteBucket(*s3.DeleteBucketInput) (*s3.DeleteBucketOutput, error)
 
+	DeleteBucketAnalyticsConfigurationRequest(*s3.DeleteBucketAnalyticsConfigurationInput) (*request.Request, *s3.DeleteBucketAnalyticsConfigurationOutput)
+
+	DeleteBucketAnalyticsConfiguration(*s3.DeleteBucketAnalyticsConfigurationInput) (*s3.DeleteBucketAnalyticsConfigurationOutput, error)
+
 	DeleteBucketCorsRequest(*s3.DeleteBucketCorsInput) (*request.Request, *s3.DeleteBucketCorsOutput)
 
 	DeleteBucketCors(*s3.DeleteBucketCorsInput) (*s3.DeleteBucketCorsOutput, error)
 
+	DeleteBucketInventoryConfigurationRequest(*s3.DeleteBucketInventoryConfigurationInput) (*request.Request, *s3.DeleteBucketInventoryConfigurationOutput)
+
+	DeleteBucketInventoryConfiguration(*s3.DeleteBucketInventoryConfigurationInput) (*s3.DeleteBucketInventoryConfigurationOutput, error)
+
 	DeleteBucketLifecycleRequest(*s3.DeleteBucketLifecycleInput) (*request.Request, *s3.DeleteBucketLifecycleOutput)
 
 	DeleteBucketLifecycle(*s3.DeleteBucketLifecycleInput) (*s3.DeleteBucketLifecycleOutput, error)
 
+	DeleteBucketMetricsConfigurationRequest(*s3.DeleteBucketMetricsConfigurationInput) (*request.Request, *s3.DeleteBucketMetricsConfigurationOutput)
+
+	DeleteBucketMetricsConfiguration(*s3.DeleteBucketMetricsConfigurationInput) (*s3.DeleteBucketMetricsConfigurationOutput, error)
+
 	DeleteBucketPolicyRequest(*s3.DeleteBucketPolicyInput) (*request.Request, *s3.DeleteBucketPolicyOutput)
 
 	DeleteBucketPolicy(*s3.DeleteBucketPolicyInput) (*s3.DeleteBucketPolicyOutput, error)
@@ -111,6 +123,10 @@ type S3API interface {
 
 	DeleteObject(*s3.DeleteObjectInput) (*s3.DeleteObjectOutput, error)
 
+	DeleteObjectTaggingRequest(*s3.DeleteObjectTaggingInput) (*request.Request, *s3.DeleteObjectTaggingOutput)
+
+	DeleteObjectTagging(*s3.DeleteObjectTaggingInput) (*s3.DeleteObjectTaggingOutput, error)
+
 	DeleteObjectsRequest(*s3.DeleteObjectsInput) (*request.Request, *s3.DeleteObjectsOutput)
 
 	DeleteObjects(*s3.DeleteObjectsInput) (*s3.DeleteObjectsOutput, error)
@@ -123,10 +139,18 @@ type S3API interface {
 
 	GetBucketAcl(*s3.GetBucketAclInput) (*s3.GetBucketAclOutput, error)
 
+	GetBucketAnalyticsConfigurationRequest(*s3.GetBucketAnalyticsConfigurationInput) (*request.Request, *s3.GetBucketAnalyticsConfigurationOutput)
+
+	GetBucketAnalyticsConfiguration(*s3.GetBucketAnalyticsConfigurationInput) (*s3.GetBucketAnalyticsConfigurationOutput, error)
+
 	GetBucketCorsRequest(*s3.GetBucketCorsInput) (*request.Request, *s3.GetBucketCorsOutput)
 
 	GetBucketCors(*s3.GetBucketCorsInput) (*s3.GetBucketCorsOutput, error)
 
+	GetBucketInventoryConfigurationRequest(*s3.GetBucketInventoryConfigurationInput) (*request.Request, *s3.GetBucketInventoryConfigurationOutput)
+
+	GetBucketInventoryConfiguration(*s3.GetBucketInventoryConfigurationInput) (*s3.GetBucketInventoryConfigurationOutput, error)
+
 	GetBucketLifecycleRequest(*s3.GetBucketLifecycleInput) (*request.Request, *s3.GetBucketLifecycleOutput)
 
 	GetBucketLifecycle(*s3.GetBucketLifecycleInput) (*s3.GetBucketLifecycleOutput, error)
@@ -143,6 +167,10 @@ type S3API interface {
 
 	GetBucketLogging(*s3.GetBucketLoggingInput) (*s3.GetBucketLoggingOutput, error)
 
+	GetBucketMetricsConfigurationRequest(*s3.GetBucketMetricsConfigurationInput) (*request.Request, *s3.GetBucketMetricsConfigurationOutput)
+
+	GetBucketMetricsConfiguration(*s3.GetBucketMetricsConfigurationInput) (*s3.GetBucketMetricsConfigurationOutput, error)
+
 	GetBucketNotificationRequest(*s3.GetBucketNotificationConfigurationRequest) (*request.Request, *s3.NotificationConfigurationDeprecated)
 
 	GetBucketNotification(*s3.GetBucketNotificationConfigurationRequest) (*s3.NotificationConfigurationDeprecated, error)
@@ -183,6 +211,10 @@ type S3API interface {
 
 	GetObjectAcl(*s3.GetObjectAclInput) (*s3.GetObjectAclOutput, error)
 
+	GetObjectTaggingRequest(*s3.GetObjectTaggingInput) (*request.Request, *s3.GetObjectTaggingOutput)
+
+	GetObjectTagging(*s3.GetObjectTaggingInput) (*s3.GetObjectTaggingOutput, error)
+
 	GetObjectTorrentRequest(*s3.GetObjectTorrentInput) (*request.Request, *s3.GetObjectTorrentOutput)
 
 	GetObjectTorrent(*s3.GetObjectTorrentInput) (*s3.GetObjectTorrentOutput, error)
@@ -195,6 +227,18 @@ type S3API interface {
 
 	HeadObject(*s3.HeadObjectInput) (*s3.HeadObjectOutput, error)
 
+	ListBucketAnalyticsConfigurationsRequest(*s3.ListBucketAnalyticsConfigurationsInput) (*request.Request, *s3.ListBucketAnalyticsConfigurationsOutput)
+
+	ListBucketAnalyticsConfigurations(*s3.ListBucketAnalyticsConfigurationsInput) (*s3.ListBucketAnalyticsConfigurationsOutput, error)
+
+	ListBucketInventoryConfigurationsRequest(*s3.ListBucketInventoryConfigurationsInput) (*request.Request, *s3.ListBucketInventoryConfigurationsOutput)
+
+	ListBucketInventoryConfigurations(*s3.ListBucketInventoryConfigurationsInput) (*s3.ListBucketInventoryConfigurationsOutput, error)
+
+	ListBucketMetricsConfigurationsRequest(*s3.ListBucketMetricsConfigurationsInput) (*request.Request, *s3.ListBucketMetricsConfigurationsOutput)
+
+	ListBucketMetricsConfigurations(*s3.ListBucketMetricsConfigurationsInput) (*s3.ListBucketMetricsConfigurationsOutput, error)
+
 	ListBucketsRequest(*s3.ListBucketsInput) (*request.Request, *s3.ListBucketsOutput)
 
 	ListBuckets(*s3.ListBucketsInput) (*s3.ListBucketsOutput, error)
@@ -237,10 +281,18 @@ type S3API interface {
 
 	PutBucketAcl(*s3.PutBucketAclInput) (*s3.PutBucketAclOutput, error)
 
+	PutBucketAnalyticsConfigurationRequest(*s3.PutBucketAnalyticsConfigurationInput) (*request.Request, *s3.PutBucketAnalyticsConfigurationOutput)
+
+	PutBucketAnalyticsConfiguration(*s3.PutBucketAnalyticsConfigurationInput) (*s3.PutBucketAnalyticsConfigurationOutput, error)
+
 	PutBucketCorsRequest(*s3.PutBucketCorsInput) (*request.Request, *s3.PutBucketCorsOutput)
 
 	PutBucketCors(*s3.PutBucketCorsInput) (*s3.PutBucketCorsOutput, error)
 
+	PutBucketInventoryConfigurationRequest(*s3.PutBucketInventoryConfigurationInput) (*request.Request, *s3.PutBucketInventoryConfigurationOutput)
+
+	PutBucketInventoryConfiguration(*s3.PutBucketInventoryConfigurationInput) (*s3.PutBucketInventoryConfigurationOutput, error)
+
 	PutBucketLifecycleRequest(*s3.PutBucketLifecycleInput) (*request.Request, *s3.PutBucketLifecycleOutput)
 
 	PutBucketLifecycle(*s3.PutBucketLifecycleInput) (*s3.PutBucketLifecycleOutput, error)
@@ -253,6 +305,10 @@ type S3API interface {
 
 	PutBucketLogging(*s3.PutBucketLoggingInput) (*s3.PutBucketLoggingOutput, error)
 
+	PutBucketMetricsConfigurationRequest(*s3.PutBucketMetricsConfigurationInput) (*request.Request, *s3.PutBucketMetricsConfigurationOutput)
+
+	PutBucketMetricsConfiguration(*s3.PutBucketMetricsConfigurationInput) (*s3.PutBucketMetricsConfigurationOutput, error)
+
 	PutBucketNotificationRequest(*s3.PutBucketNotificationInput) (*request.Request, *s3.PutBucketNotificationOutput)
 
 	PutBucketNotification(*s3.PutBucketNotificationInput) (*s3.PutBucketNotificationOutput, error)
@@ -293,6 +349,10 @@ type S3API interface {
 
 	PutObjectAcl(*s3.PutObjectAclInput) (*s3.PutObjectAclOutput, error)
 
+	PutObjectTaggingRequest(*s3.PutObjectTaggingInput) (*request.Request, *s3.PutObjectTaggingOutput)
+
+	PutObjectTagging(*s3.PutObjectTaggingInput) (*s3.PutObjectTaggingOutput, error)
+
 	RestoreObjectRequest(*s3.RestoreObjectInput) (*request.Request, *s3.RestoreObjectOutput)
 
 	RestoreObject(*s3.RestoreObjectInput) (*s3.RestoreObjectOutput, error)

vendor/github.com/aws/aws-sdk-go/service/s3/s3manager/upload.go

@@ -175,6 +175,9 @@ type UploadInput struct {
 	// The type of storage to use for the object. Defaults to 'STANDARD'.
 	StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string"`
 
+	// The tag-set for the object. The tag-set must be encoded as URL Query parameters
+	Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"`
+
 	// If the bucket is configured as a website, redirects requests for this object
 	// to another object in the same bucket or to an external URL. Amazon S3 stores
 	// the value of this header in the object metadata.

vendor/github.com/aws/aws-sdk-go/service/s3/service.go

@@ -12,8 +12,9 @@ import (
 )
 
 // S3 is a client for Amazon S3.
-//The service client's operations are safe to be used concurrently.
+// The service client's operations are safe to be used concurrently.
 // It is not safe to mutate any of the client's properties though.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01
 type S3 struct {
 	*client.Client
 }
@@ -24,8 +25,11 @@ var initClient func(*client.Client)
 // Used for custom request initialization logic
 var initRequest func(*request.Request)
 
-// A ServiceName is the name of the service the client will make API calls to.
+// Service information constants
-const ServiceName = "s3"
+const (
+	ServiceName = "s3"        // Service endpoint prefix API calls made to.
+	EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata.
+)
 
 // New creates a new instance of the S3 client with a session.
 // If additional configuration is needed for the client instance use the optional
@@ -38,17 +42,18 @@ const ServiceName = "s3"
 //     // Create a S3 client with additional configuration
 //     svc := s3.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *S3 {
-	c := p.ClientConfig(ServiceName, cfgs...)
+	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion)
+	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string) *S3 {
+func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *S3 {
 	svc := &S3{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
 				ServiceName:   ServiceName,
+				SigningName:   signingName,
 				SigningRegion: signingRegion,
 				Endpoint:      endpoint,
 				APIVersion:    "2006-03-01",

vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go

@@ -5,7 +5,6 @@ import (
 	"io/ioutil"
 	"net/http"
 
-	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
 )
@@ -17,8 +16,8 @@ func copyMultipartStatusOKUnmarhsalError(r *request.Request) {
 		return
 	}
 	body := bytes.NewReader(b)
-	r.HTTPResponse.Body = aws.ReadSeekCloser(body)
+	r.HTTPResponse.Body = ioutil.NopCloser(body)
-	defer r.HTTPResponse.Body.(aws.ReaderSeekerCloser).Seek(0, 0)
+	defer body.Seek(0, 0)
 
 	if body.Len() == 0 {
 		// If there is no body don't attempt to parse the body.

vendor/github.com/aws/aws-sdk-go/service/sts/api.go

@@ -36,6 +36,7 @@ const opAssumeRole = "AssumeRole"
 //        fmt.Println(resp)
 //    }
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
 func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, output *AssumeRoleOutput) {
 	op := &request.Operation{
 		Name:       opAssumeRole,
@@ -47,9 +48,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 		input = &AssumeRoleInput{}
 	}
 
-	req = c.newRequest(op, input, output)
 	output = &AssumeRoleOutput{}
-	req.Data = output
+	req = c.newRequest(op, input, output)
 	return
 }
 
@@ -153,22 +153,23 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // API operation AssumeRole for usage and error information.
 //
 // Returned Error Codes:
-//   * MalformedPolicyDocument
+//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //   The request was rejected because the policy document was malformed. The error
 //   message describes the specific error.
 //
-//   * PackedPolicyTooLarge
+//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //   The request was rejected because the policy document was too large. The error
 //   message describes how big the policy document is, in packed form, as a percentage
 //   of what the API allows.
 //
-//   * RegionDisabledException
+//   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
 //   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
 func (c *STS) AssumeRole(input *AssumeRoleInput) (*AssumeRoleOutput, error) {
 	req, out := c.AssumeRoleRequest(input)
 	err := req.Send()
@@ -201,6 +202,7 @@ const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
 //        fmt.Println(resp)
 //    }
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
 func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *request.Request, output *AssumeRoleWithSAMLOutput) {
 	op := &request.Operation{
 		Name:       opAssumeRoleWithSAML,
@@ -212,9 +214,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 		input = &AssumeRoleWithSAMLInput{}
 	}
 
-	req = c.newRequest(op, input, output)
 	output = &AssumeRoleWithSAMLOutput{}
-	req.Data = output
+	req = c.newRequest(op, input, output)
 	return
 }
 
@@ -296,37 +297,38 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // API operation AssumeRoleWithSAML for usage and error information.
 //
 // Returned Error Codes:
-//   * MalformedPolicyDocument
+//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //   The request was rejected because the policy document was malformed. The error
 //   message describes the specific error.
 //
-//   * PackedPolicyTooLarge
+//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //   The request was rejected because the policy document was too large. The error
 //   message describes how big the policy document is, in packed form, as a percentage
 //   of what the API allows.
 //
-//   * IDPRejectedClaim
+//   * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
 //   The identity provider (IdP) reported that authentication failed. This might
 //   be because the claim is invalid.
 //
 //   If this error is returned for the AssumeRoleWithWebIdentity operation, it
 //   can also mean that the claim has expired or has been explicitly revoked.
 //
-//   * InvalidIdentityToken
+//   * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
 //   The web identity token that was passed could not be validated by AWS. Get
 //   a new identity token from the identity provider and then retry the request.
 //
-//   * ExpiredTokenException
+//   * ErrCodeExpiredTokenException "ExpiredTokenException"
 //   The web identity token that was passed is expired or is not valid. Get a
 //   new identity token from the identity provider and then retry the request.
 //
-//   * RegionDisabledException
+//   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
 //   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
 func (c *STS) AssumeRoleWithSAML(input *AssumeRoleWithSAMLInput) (*AssumeRoleWithSAMLOutput, error) {
 	req, out := c.AssumeRoleWithSAMLRequest(input)
 	err := req.Send()
@@ -359,6 +361,7 @@ const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
 //        fmt.Println(resp)
 //    }
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
 func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityInput) (req *request.Request, output *AssumeRoleWithWebIdentityOutput) {
 	op := &request.Operation{
 		Name:       opAssumeRoleWithWebIdentity,
@@ -370,9 +373,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 		input = &AssumeRoleWithWebIdentityInput{}
 	}
 
-	req = c.newRequest(op, input, output)
 	output = &AssumeRoleWithWebIdentityOutput{}
-	req.Data = output
+	req = c.newRequest(op, input, output)
 	return
 }
 
@@ -447,7 +449,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // For more information about how to use web identity federation and the AssumeRoleWithWebIdentity
 // API, see the following resources:
 //
-//    * Using Web Identity Federation APIs for Mobile Apps (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual)
+//    * Using Web Identity Federation APIs for Mobile Apps (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
 //    and Federation Through a Web-based Identity Provider (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
 //
 //
@@ -476,44 +478,45 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // API operation AssumeRoleWithWebIdentity for usage and error information.
 //
 // Returned Error Codes:
-//   * MalformedPolicyDocument
+//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //   The request was rejected because the policy document was malformed. The error
 //   message describes the specific error.
 //
-//   * PackedPolicyTooLarge
+//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //   The request was rejected because the policy document was too large. The error
 //   message describes how big the policy document is, in packed form, as a percentage
 //   of what the API allows.
 //
-//   * IDPRejectedClaim
+//   * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
 //   The identity provider (IdP) reported that authentication failed. This might
 //   be because the claim is invalid.
 //
 //   If this error is returned for the AssumeRoleWithWebIdentity operation, it
 //   can also mean that the claim has expired or has been explicitly revoked.
 //
-//   * IDPCommunicationError
+//   * ErrCodeIDPCommunicationErrorException "IDPCommunicationError"
 //   The request could not be fulfilled because the non-AWS identity provider
 //   (IDP) that was asked to verify the incoming identity token could not be reached.
 //   This is often a transient error caused by network conditions. Retry the request
 //   a limited number of times so that you don't exceed the request rate. If the
 //   error persists, the non-AWS identity provider might be down or not responding.
 //
-//   * InvalidIdentityToken
+//   * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
 //   The web identity token that was passed could not be validated by AWS. Get
 //   a new identity token from the identity provider and then retry the request.
 //
-//   * ExpiredTokenException
+//   * ErrCodeExpiredTokenException "ExpiredTokenException"
 //   The web identity token that was passed is expired or is not valid. Get a
 //   new identity token from the identity provider and then retry the request.
 //
-//   * RegionDisabledException
+//   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
 //   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
 func (c *STS) AssumeRoleWithWebIdentity(input *AssumeRoleWithWebIdentityInput) (*AssumeRoleWithWebIdentityOutput, error) {
 	req, out := c.AssumeRoleWithWebIdentityRequest(input)
 	err := req.Send()
@@ -546,6 +549,7 @@ const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
 //        fmt.Println(resp)
 //    }
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
 func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessageInput) (req *request.Request, output *DecodeAuthorizationMessageOutput) {
 	op := &request.Operation{
 		Name:       opDecodeAuthorizationMessage,
@@ -557,9 +561,8 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
 		input = &DecodeAuthorizationMessageInput{}
 	}
 
-	req = c.newRequest(op, input, output)
 	output = &DecodeAuthorizationMessageOutput{}
-	req.Data = output
+	req = c.newRequest(op, input, output)
 	return
 }
 
@@ -606,11 +609,12 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
 // API operation DecodeAuthorizationMessage for usage and error information.
 //
 // Returned Error Codes:
-//   * InvalidAuthorizationMessageException
+//   * ErrCodeInvalidAuthorizationMessageException "InvalidAuthorizationMessageException"
 //   The error returned if the message passed to DecodeAuthorizationMessage was
 //   invalid. This can happen if the token contains invalid characters, such as
 //   linebreaks.
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
 func (c *STS) DecodeAuthorizationMessage(input *DecodeAuthorizationMessageInput) (*DecodeAuthorizationMessageOutput, error) {
 	req, out := c.DecodeAuthorizationMessageRequest(input)
 	err := req.Send()
@@ -643,6 +647,7 @@ const opGetCallerIdentity = "GetCallerIdentity"
 //        fmt.Println(resp)
 //    }
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
 func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *request.Request, output *GetCallerIdentityOutput) {
 	op := &request.Operation{
 		Name:       opGetCallerIdentity,
@@ -654,9 +659,8 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
 		input = &GetCallerIdentityInput{}
 	}
 
-	req = c.newRequest(op, input, output)
 	output = &GetCallerIdentityOutput{}
-	req.Data = output
+	req = c.newRequest(op, input, output)
 	return
 }
 
@@ -671,6 +675,7 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
 //
 // See the AWS API reference guide for AWS Security Token Service's
 // API operation GetCallerIdentity for usage and error information.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
 func (c *STS) GetCallerIdentity(input *GetCallerIdentityInput) (*GetCallerIdentityOutput, error) {
 	req, out := c.GetCallerIdentityRequest(input)
 	err := req.Send()
@@ -703,6 +708,7 @@ const opGetFederationToken = "GetFederationToken"
 //        fmt.Println(resp)
 //    }
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
 func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *request.Request, output *GetFederationTokenOutput) {
 	op := &request.Operation{
 		Name:       opGetFederationToken,
@@ -714,9 +720,8 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 		input = &GetFederationTokenInput{}
 	}
 
-	req = c.newRequest(op, input, output)
 	output = &GetFederationTokenOutput{}
-	req.Data = output
+	req = c.newRequest(op, input, output)
 	return
 }
 
@@ -761,7 +766,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 //
 //    * You cannot use these credentials to call any IAM APIs.
 //
-//    * You cannot call any STS APIs.
+//    * You cannot call any STS APIs except GetCallerIdentity.
 //
 // Permissions
 //
@@ -809,22 +814,23 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // API operation GetFederationToken for usage and error information.
 //
 // Returned Error Codes:
-//   * MalformedPolicyDocument
+//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //   The request was rejected because the policy document was malformed. The error
 //   message describes the specific error.
 //
-//   * PackedPolicyTooLarge
+//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //   The request was rejected because the policy document was too large. The error
 //   message describes how big the policy document is, in packed form, as a percentage
 //   of what the API allows.
 //
-//   * RegionDisabledException
+//   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
 //   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
 func (c *STS) GetFederationToken(input *GetFederationTokenInput) (*GetFederationTokenOutput, error) {
 	req, out := c.GetFederationTokenRequest(input)
 	err := req.Send()
@@ -857,6 +863,7 @@ const opGetSessionToken = "GetSessionToken"
 //        fmt.Println(resp)
 //    }
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
 func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.Request, output *GetSessionTokenOutput) {
 	op := &request.Operation{
 		Name:       opGetSessionToken,
@@ -868,9 +875,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 		input = &GetSessionTokenInput{}
 	}
 
-	req = c.newRequest(op, input, output)
 	output = &GetSessionTokenOutput{}
-	req.Data = output
+	req = c.newRequest(op, input, output)
 	return
 }
 
@@ -904,7 +910,7 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 //    * You cannot call any IAM APIs unless MFA authentication information is
 //    included in the request.
 //
-//    * You cannot call any STS API exceptAssumeRole.
+//    * You cannot call any STS API exceptAssumeRole or GetCallerIdentity.
 //
 // We recommend that you do not call GetSessionToken with root account credentials.
 // Instead, follow our best practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
@@ -931,19 +937,21 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // API operation GetSessionToken for usage and error information.
 //
 // Returned Error Codes:
-//   * RegionDisabledException
+//   * ErrCodeRegionDisabledException "RegionDisabledException"
 //   STS is not activated in the requested region for the account that is being
 //   asked to generate credentials. The account administrator must use the IAM
 //   console to activate STS in that region. For more information, see Activating
 //   and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //   in the IAM User Guide.
 //
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
 func (c *STS) GetSessionToken(input *GetSessionTokenInput) (*GetSessionTokenOutput, error) {
 	req, out := c.GetSessionTokenRequest(input)
 	err := req.Send()
 	return out, err
 }
 
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest
 type AssumeRoleInput struct {
 	_ struct{} `type:"structure"`
 
@@ -970,10 +978,9 @@ type AssumeRoleInput struct {
 	// External ID When Granting Access to Your AWS Resources to a Third Party (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
 	// in the IAM User Guide.
 	//
-	// The format for this parameter, as described by its regex pattern, is a string
+	// The regex used to validated this parameter is a string of characters consisting
-	// of characters consisting of upper- and lower-case alphanumeric characters
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// with no spaces. You can also include underscores or any of the following
+	// also include underscores or any of the following characters: =,.@:\/-
-	// characters: =,.@:\/-
 	ExternalId *string `min:"2" type:"string"`
 
 	// An IAM policy in JSON format.
@@ -1017,10 +1024,9 @@ type AssumeRoleInput struct {
 	// requests using the temporary security credentials will expose the role session
 	// name to the external account in their CloudTrail logs.
 	//
-	// The format for this parameter, as described by its regex pattern, is a string
+	// The regex used to validate this parameter is a string of characters consisting
-	// of characters consisting of upper- and lower-case alphanumeric characters
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// with no spaces. You can also include underscores or any of the following
+	// also include underscores or any of the following characters: =,.@-
-	// characters: =,.@-
 	//
 	// RoleSessionName is a required field
 	RoleSessionName *string `min:"2" type:"string" required:"true"`
@@ -1031,10 +1037,9 @@ type AssumeRoleInput struct {
 	// The value is either the serial number for a hardware device (such as GAHT12345678)
 	// or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
 	//
-	// The format for this parameter, as described by its regex pattern, is a string
+	// The regex used to validate this parameter is a string of characters consisting
-	// of characters consisting of upper- and lower-case alphanumeric characters
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// with no spaces. You can also include underscores or any of the following
+	// also include underscores or any of the following characters: =,.@-
-	// characters: =,.@-
 	SerialNumber *string `min:"9" type:"string"`
 
 	// The value provided by the MFA device, if the trust policy of the role being
@@ -1138,6 +1143,7 @@ func (s *AssumeRoleInput) SetTokenCode(v string) *AssumeRoleInput {
 
 // Contains the response to a successful AssumeRole request, including temporary
 // AWS credentials that can be used to make AWS requests.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleResponse
 type AssumeRoleOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -1191,6 +1197,7 @@ func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput {
 	return s
 }
 
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLRequest
 type AssumeRoleWithSAMLInput struct {
 	_ struct{} `type:"structure"`
 
@@ -1331,6 +1338,7 @@ func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAML
 
 // Contains the response to a successful AssumeRoleWithSAML request, including
 // temporary AWS credentials that can be used to make AWS requests.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLResponse
 type AssumeRoleWithSAMLOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -1442,6 +1450,7 @@ func (s *AssumeRoleWithSAMLOutput) SetSubjectType(v string) *AssumeRoleWithSAMLO
 	return s
 }
 
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityRequest
 type AssumeRoleWithWebIdentityInput struct {
 	_ struct{} `type:"structure"`
 
@@ -1503,10 +1512,9 @@ type AssumeRoleWithWebIdentityInput struct {
 	// are associated with that user. This session name is included as part of the
 	// ARN and assumed role ID in the AssumedRoleUser response element.
 	//
-	// The format for this parameter, as described by its regex pattern, is a string
+	// The regex used to validate this parameter is a string of characters consisting
-	// of characters consisting of upper- and lower-case alphanumeric characters
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// with no spaces. You can also include underscores or any of the following
+	// also include underscores or any of the following characters: =,.@-
-	// characters: =,.@-
 	//
 	// RoleSessionName is a required field
 	RoleSessionName *string `min:"2" type:"string" required:"true"`
@@ -1605,6 +1613,7 @@ func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRo
 
 // Contains the response to a successful AssumeRoleWithWebIdentity request,
 // including temporary AWS credentials that can be used to make AWS requests.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityResponse
 type AssumeRoleWithWebIdentityOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -1697,6 +1706,7 @@ func (s *AssumeRoleWithWebIdentityOutput) SetSubjectFromWebIdentityToken(v strin
 
 // The identifiers for the temporary security credentials that the operation
 // returns.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumedRoleUser
 type AssumedRoleUser struct {
 	_ struct{} `type:"structure"`
 
@@ -1739,6 +1749,7 @@ func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser {
 }
 
 // AWS credentials for API authentication.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/Credentials
 type Credentials struct {
 	_ struct{} `type:"structure"`
 
@@ -1797,6 +1808,7 @@ func (s *Credentials) SetSessionToken(v string) *Credentials {
 	return s
 }
 
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageRequest
 type DecodeAuthorizationMessageInput struct {
 	_ struct{} `type:"structure"`
 
@@ -1841,6 +1853,7 @@ func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAut
 // A document that contains additional information about the authorization status
 // of a request from an encoded message that is returned in response to an AWS
 // request.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse
 type DecodeAuthorizationMessageOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -1865,6 +1878,7 @@ func (s *DecodeAuthorizationMessageOutput) SetDecodedMessage(v string) *DecodeAu
 }
 
 // Identifiers for the federated user that is associated with the credentials.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/FederatedUser
 type FederatedUser struct {
 	_ struct{} `type:"structure"`
 
@@ -1905,6 +1919,7 @@ func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser {
 	return s
 }
 
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityRequest
 type GetCallerIdentityInput struct {
 	_ struct{} `type:"structure"`
 }
@@ -1921,6 +1936,7 @@ func (s GetCallerIdentityInput) GoString() string {
 
 // Contains the response to a successful GetCallerIdentity request, including
 // information about the entity making the request.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityResponse
 type GetCallerIdentityOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -1966,6 +1982,7 @@ func (s *GetCallerIdentityOutput) SetUserId(v string) *GetCallerIdentityOutput {
 	return s
 }
 
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenRequest
 type GetFederationTokenInput struct {
 	_ struct{} `type:"structure"`
 
@@ -1983,10 +2000,9 @@ type GetFederationTokenInput struct {
 	// the federated user name in a resource-based policy, such as in an Amazon
 	// S3 bucket policy.
 	//
-	// The format for this parameter, as described by its regex pattern, is a string
+	// The regex used to validate this parameter is a string of characters consisting
-	// of characters consisting of upper- and lower-case alphanumeric characters
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// with no spaces. You can also include underscores or any of the following
+	// also include underscores or any of the following characters: =,.@-
-	// characters: =,.@-
 	//
 	// Name is a required field
 	Name *string `min:"2" type:"string" required:"true"`
@@ -2075,6 +2091,7 @@ func (s *GetFederationTokenInput) SetPolicy(v string) *GetFederationTokenInput {
 
 // Contains the response to a successful GetFederationToken request, including
 // temporary AWS credentials that can be used to make AWS requests.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenResponse
 type GetFederationTokenOutput struct {
 	_ struct{} `type:"structure"`
 
@@ -2127,6 +2144,7 @@ func (s *GetFederationTokenOutput) SetPackedPolicySize(v int64) *GetFederationTo
 	return s
 }
 
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenRequest
 type GetSessionTokenInput struct {
 	_ struct{} `type:"structure"`
 
@@ -2146,10 +2164,9 @@ type GetSessionTokenInput struct {
 	// You can find the device for an IAM user by going to the AWS Management Console
 	// and viewing the user's security credentials.
 	//
-	// The format for this parameter, as described by its regex pattern, is a string
+	// The regex used to validate this parameter is a string of characters consisting
-	// of characters consisting of upper- and lower-case alphanumeric characters
+	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// with no spaces. You can also include underscores or any of the following
+	// also include underscores or any of the following characters: =,.@-
-	// characters: =,.@-
 	SerialNumber *string `min:"9" type:"string"`
 
 	// The value provided by the MFA device, if MFA is required. If any policy requires
@@ -2212,6 +2229,7 @@ func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput {
 
 // Contains the response to a successful GetSessionToken request, including
 // temporary AWS credentials that can be used to make AWS requests.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenResponse
 type GetSessionTokenOutput struct {
 	_ struct{} `type:"structure"`
 

vendor/github.com/aws/aws-sdk-go/service/sts/errors.go

@@ -0,0 +1,73 @@
+// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+
+package sts
+
+const (
+
+	// ErrCodeExpiredTokenException for service response error code
+	// "ExpiredTokenException".
+	//
+	// The web identity token that was passed is expired or is not valid. Get a
+	// new identity token from the identity provider and then retry the request.
+	ErrCodeExpiredTokenException = "ExpiredTokenException"
+
+	// ErrCodeIDPCommunicationErrorException for service response error code
+	// "IDPCommunicationError".
+	//
+	// The request could not be fulfilled because the non-AWS identity provider
+	// (IDP) that was asked to verify the incoming identity token could not be reached.
+	// This is often a transient error caused by network conditions. Retry the request
+	// a limited number of times so that you don't exceed the request rate. If the
+	// error persists, the non-AWS identity provider might be down or not responding.
+	ErrCodeIDPCommunicationErrorException = "IDPCommunicationError"
+
+	// ErrCodeIDPRejectedClaimException for service response error code
+	// "IDPRejectedClaim".
+	//
+	// The identity provider (IdP) reported that authentication failed. This might
+	// be because the claim is invalid.
+	//
+	// If this error is returned for the AssumeRoleWithWebIdentity operation, it
+	// can also mean that the claim has expired or has been explicitly revoked.
+	ErrCodeIDPRejectedClaimException = "IDPRejectedClaim"
+
+	// ErrCodeInvalidAuthorizationMessageException for service response error code
+	// "InvalidAuthorizationMessageException".
+	//
+	// The error returned if the message passed to DecodeAuthorizationMessage was
+	// invalid. This can happen if the token contains invalid characters, such as
+	// linebreaks.
+	ErrCodeInvalidAuthorizationMessageException = "InvalidAuthorizationMessageException"
+
+	// ErrCodeInvalidIdentityTokenException for service response error code
+	// "InvalidIdentityToken".
+	//
+	// The web identity token that was passed could not be validated by AWS. Get
+	// a new identity token from the identity provider and then retry the request.
+	ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken"
+
+	// ErrCodeMalformedPolicyDocumentException for service response error code
+	// "MalformedPolicyDocument".
+	//
+	// The request was rejected because the policy document was malformed. The error
+	// message describes the specific error.
+	ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocument"
+
+	// ErrCodePackedPolicyTooLargeException for service response error code
+	// "PackedPolicyTooLarge".
+	//
+	// The request was rejected because the policy document was too large. The error
+	// message describes how big the policy document is, in packed form, as a percentage
+	// of what the API allows.
+	ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"
+
+	// ErrCodeRegionDisabledException for service response error code
+	// "RegionDisabledException".
+	//
+	// STS is not activated in the requested region for the account that is being
+	// asked to generate credentials. The account administrator must use the IAM
+	// console to activate STS in that region. For more information, see Activating
+	// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+	// in the IAM User Guide.
+	ErrCodeRegionDisabledException = "RegionDisabledException"
+)

vendor/github.com/aws/aws-sdk-go/service/sts/service.go

@@ -56,8 +56,9 @@ import (
 // successfully made to STS, who made the request, when it was made, and so
 // on. To learn more about CloudTrail, including how to turn it on and find
 // your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
-//The service client's operations are safe to be used concurrently.
+// The service client's operations are safe to be used concurrently.
 // It is not safe to mutate any of the client's properties though.
+// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15
 type STS struct {
 	*client.Client
 }
@@ -68,8 +69,11 @@ var initClient func(*client.Client)
 // Used for custom request initialization logic
 var initRequest func(*request.Request)
 
-// A ServiceName is the name of the service the client will make API calls to.
+// Service information constants
-const ServiceName = "sts"
+const (
+	ServiceName = "sts"       // Service endpoint prefix API calls made to.
+	EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata.
+)
 
 // New creates a new instance of the STS client with a session.
 // If additional configuration is needed for the client instance use the optional
@@ -82,17 +86,18 @@ const ServiceName = "sts"
 //     // Create a STS client with additional configuration
 //     svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
-	c := p.ClientConfig(ServiceName, cfgs...)
+	c := p.ClientConfig(EndpointsID, cfgs...)
-	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion)
+	return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
 }
 
 // newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string) *STS {
+func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *STS {
 	svc := &STS{
 		Client: client.New(
 			cfg,
 			metadata.ClientInfo{
 				ServiceName:   ServiceName,
+				SigningName:   signingName,
 				SigningRegion: signingRegion,
 				Endpoint:      endpoint,
 				APIVersion:    "2011-06-15",

vendor/vendor.json

@@ -75,94 +75,100 @@
 			"revisionTime": "2016-01-15T23:47:25Z"
 		},
 		{
-			"checksumSHA1": "NeKH+twA+3z7EzaKQQdN5FIhJP4=",
+			"checksumSHA1": "aJVyZtSrQjYG/HuVHOlthf7Ep7A=",
 			"path": "github.com/aws/aws-sdk-go/aws",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "Y9W+4GimK4Fuxq+vyIskVYFRnX4=",
 			"path": "github.com/aws/aws-sdk-go/aws/awserr",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "+q4vdl3l1Wom8K1wfIpJ4jlFsbY=",
+			"checksumSHA1": "yyYr41HZ1Aq0hWc3J5ijXwYEcac=",
 			"path": "github.com/aws/aws-sdk-go/aws/awsutil",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "/232RBWA3KnT7U+wciPS2+wmvR0=",
+			"checksumSHA1": "iThCyNRL/oQFD9CF2SYgBGl+aww=",
 			"path": "github.com/aws/aws-sdk-go/aws/client",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "ieAJ+Cvp/PKv1LpUEnUXpc3OI6E=",
 			"path": "github.com/aws/aws-sdk-go/aws/client/metadata",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "c1N3Loy3AS9zD+m5CzpPNAED39U=",
+			"checksumSHA1": "Fl8vRSCY0MbM04cmiz/0MID+goA=",
 			"path": "github.com/aws/aws-sdk-go/aws/corehandlers",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "zu5C95rmCZff6NYZb62lEaT5ibE=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "KQiUK/zr3mqnAXD7x/X55/iNme0=",
+			"checksumSHA1": "u3GOAJLmdvbuNUeUEcZSEAOeL/0=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "NUJUTWlc1sV8b7WjfiYc4JZbXl0=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials/endpointcreds",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "4Ipx+5xN0gso+cENC2MHMWmQlR4=",
 			"path": "github.com/aws/aws-sdk-go/aws/credentials/stscreds",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "DwhFsNluCFEwqzyp3hbJR3q2Wqs=",
+			"checksumSHA1": "lqh3fG7wCochvB4iHAZJuhhEJW0=",
 			"path": "github.com/aws/aws-sdk-go/aws/defaults",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "8E0fEBUJY/1lJOyVxzTxMGQGInk=",
+			"checksumSHA1": "/EXbk/z2TWjWc1Hvb4QYs3Wmhb8=",
 			"path": "github.com/aws/aws-sdk-go/aws/ec2metadata",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "5Ac22YMTBmrX/CXaEIXzWljr8UY=",
+			"checksumSHA1": "JTrzEDPXL3pUUH+dMCixz9T9rLY=",
+			"path": "github.com/aws/aws-sdk-go/aws/endpoints",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
+			"revisionTime": "2017-02-16T22:28:40Z"
+		},
+		{
+			"checksumSHA1": "M78rTxU55Qagqr3MYj91im2031E=",
 			"path": "github.com/aws/aws-sdk-go/aws/request",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "eOo6evLMAxQfo7Qkc5/h5euN1Sw=",
+			"checksumSHA1": "bYywgCKzqJQtFsL+XpuVRELYsgw=",
 			"path": "github.com/aws/aws-sdk-go/aws/session",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "diXvBs1LRC0RJ9WK6sllWKdzC04=",
+			"checksumSHA1": "0FvPLvkBUpTElfUc/FZtPsJfuV0=",
 			"path": "github.com/aws/aws-sdk-go/aws/signer/v4",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "Esab5F8KswqkTdB4TtjSvZgs56k=",
@@ -173,80 +179,80 @@
 		{
 			"checksumSHA1": "wk7EyvDaHwb5qqoOP/4d3cV0708=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "1QmQ3FqV37w0Zi44qv8pA1GeR0A=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/ec2query",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "ZqY5RWavBLWTo6j9xqdyBEaNFRk=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/query",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "5xzix1R8prUyWxgLnzUQoxTsfik=",
+			"checksumSHA1": "hqTEmgtchF9SwVTW0IQId2eLUKM=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/query/queryutil",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "TW/7U+/8ormL7acf6z2rv2hDD+s=",
+			"checksumSHA1": "szZSLm3BlYkL3vqlZhNAlYk8iwM=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/rest",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "ODo+ko8D6unAxZuN1jGzMcN4QCc=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/restxml",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "eUEkjyMPAuekKBE4ou+nM9tXEas=",
+			"checksumSHA1": "lZ1z4xAbT8euCzKoAsnEYic60VE=",
 			"path": "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "Eo9yODN5U99BK0pMzoqnBm7PCrY=",
 			"path": "github.com/aws/aws-sdk-go/private/waiter",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "6h4tJ9wVtbYb9wG4srtUxyPoAYM=",
+			"checksumSHA1": "MCyzbsgz1wWscxzKT9rOLxgTFJQ=",
 			"path": "github.com/aws/aws-sdk-go/service/ec2",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "HtKiIAPKsBg2s1c5ytRkdZ/lqO8=",
+			"checksumSHA1": "eEWM4wKzVbRqAwIy3MdMCDUGs2s=",
 			"path": "github.com/aws/aws-sdk-go/service/s3",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "ktJRP1a52UPPS37vGAZ35U4yYSY=",
+			"checksumSHA1": "DxYdsl28d+xvrM1Pf3z2bdwrnFg=",
 			"path": "github.com/aws/aws-sdk-go/service/s3/s3iface",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "bbIJnY2OhOT5GcyW8aySsRBNPlQ=",
+			"checksumSHA1": "hrF2w4LnxqLhi1N1iXsRO6JsANc=",
 			"path": "github.com/aws/aws-sdk-go/service/s3/s3manager",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
-			"checksumSHA1": "ouwhxcAsIYQ6oJbMRdLW/Ys/iyg=",
+			"checksumSHA1": "Knj17ZMPWkGYTm2hZxEgnuboMM4=",
 			"path": "github.com/aws/aws-sdk-go/service/sts",
-			"revision": "ed981a1d5ee78d20547091d0697a711e5185d07f",
+			"revision": "2d3b3bc3aae6a09a9b194aa6eb71326fcbe2e918",
-			"revisionTime": "2016-10-31T21:52:18Z"
+			"revisionTime": "2017-02-16T22:28:40Z"
 		},
 		{
 			"checksumSHA1": "dvd7Su+WNmHRP1+w1HezrPUCDsc=",