Upgrade AWS SDK to the latest version

2026-05-30 04:20:53 +00:00 · 2017-09-28 17:57:05 +03:00
parent 9a767b7631
commit 182c21e38c
1096 changed files with 309697 additions and 132612 deletions
@@ -1,6 +1,5 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.

-// Package sts provides a client for AWS Security Token Service.
 package sts

 import (
@@ -15,19 +14,18 @@ const opAssumeRole = "AssumeRole"

 // AssumeRoleRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRole operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
-// is called.
+// value will be populated with the request's response once the request complets
+// successfuly.
 //
-// See AssumeRole for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
-// custom logic into the request's lifecycle using a custom handler, or if you want to
-// access properties on the request object before or after sending the request. If
-// you just want the service response, call the AssumeRole method directly
-// instead.
+// See AssumeRole for more information on using the AssumeRole
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the AssumeRoleRequest method.
 //    req, resp := client.AssumeRoleRequest(params)
@@ -196,19 +194,18 @@ const opAssumeRoleWithSAML = "AssumeRoleWithSAML"

 // AssumeRoleWithSAMLRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithSAML operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
-// is called.
+// value will be populated with the request's response once the request complets
+// successfuly.
 //
-// See AssumeRoleWithSAML for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
-// custom logic into the request's lifecycle using a custom handler, or if you want to
-// access properties on the request object before or after sending the request. If
-// you just want the service response, call the AssumeRoleWithSAML method directly
-// instead.
+// See AssumeRoleWithSAML for more information on using the AssumeRoleWithSAML
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the AssumeRoleWithSAMLRequest method.
 //    req, resp := client.AssumeRoleWithSAMLRequest(params)
@@ -370,19 +367,18 @@ const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"

 // AssumeRoleWithWebIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the AssumeRoleWithWebIdentity operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
-// is called.
+// value will be populated with the request's response once the request complets
+// successfuly.
 //
-// See AssumeRoleWithWebIdentity for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
-// custom logic into the request's lifecycle using a custom handler, or if you want to
-// access properties on the request object before or after sending the request. If
-// you just want the service response, call the AssumeRoleWithWebIdentity method directly
-// instead.
+// See AssumeRoleWithWebIdentity for more information on using the AssumeRoleWithWebIdentity
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the AssumeRoleWithWebIdentityRequest method.
 //    req, resp := client.AssumeRoleWithWebIdentityRequest(params)
@@ -573,19 +569,18 @@ const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"

 // DecodeAuthorizationMessageRequest generates a "aws/request.Request" representing the
 // client's request for the DecodeAuthorizationMessage operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
-// is called.
+// value will be populated with the request's response once the request complets
+// successfuly.
 //
-// See DecodeAuthorizationMessage for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
-// custom logic into the request's lifecycle using a custom handler, or if you want to
-// access properties on the request object before or after sending the request. If
-// you just want the service response, call the DecodeAuthorizationMessage method directly
-// instead.
+// See DecodeAuthorizationMessage for more information on using the DecodeAuthorizationMessage
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the DecodeAuthorizationMessageRequest method.
 //    req, resp := client.DecodeAuthorizationMessageRequest(params)
@@ -686,19 +681,18 @@ const opGetCallerIdentity = "GetCallerIdentity"

 // GetCallerIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the GetCallerIdentity operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
-// is called.
+// value will be populated with the request's response once the request complets
+// successfuly.
 //
-// See GetCallerIdentity for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
-// custom logic into the request's lifecycle using a custom handler, or if you want to
-// access properties on the request object before or after sending the request. If
-// you just want the service response, call the GetCallerIdentity method directly
-// instead.
+// See GetCallerIdentity for more information on using the GetCallerIdentity
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the GetCallerIdentityRequest method.
 //    req, resp := client.GetCallerIdentityRequest(params)
@@ -762,19 +756,18 @@ const opGetFederationToken = "GetFederationToken"

 // GetFederationTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetFederationToken operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
-// is called.
+// value will be populated with the request's response once the request complets
+// successfuly.
 //
-// See GetFederationToken for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
-// custom logic into the request's lifecycle using a custom handler, or if you want to
-// access properties on the request object before or after sending the request. If
-// you just want the service response, call the GetFederationToken method directly
-// instead.
+// See GetFederationToken for more information on using the GetFederationToken
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the GetFederationTokenRequest method.
 //    req, resp := client.GetFederationTokenRequest(params)
@@ -932,19 +925,18 @@ const opGetSessionToken = "GetSessionToken"

 // GetSessionTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetSessionToken operation. The "output" return
-// value can be used to capture response data after the request's "Send" method
-// is called.
+// value will be populated with the request's response once the request complets
+// successfuly.
 //
-// See GetSessionToken for usage and error information.
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
 //
-// Creating a request object using this method should be used when you want to inject
-// custom logic into the request's lifecycle using a custom handler, or if you want to
-// access properties on the request object before or after sending the request. If
-// you just want the service response, call the GetSessionToken method directly
-// instead.
+// See GetSessionToken for more information on using the GetSessionToken
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
-// Note: You must call the "Send" method on the returned request object in order
-// to execute the request.
 //
 //    // Example sending a request using the GetSessionTokenRequest method.
 //    req, resp := client.GetSessionTokenRequest(params)
@@ -1086,7 +1078,7 @@ type AssumeRoleInput struct {
 	//
 	// The regex used to validated this parameter is a string of characters consisting
 	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@:\/-
+	// also include underscores or any of the following characters: =,.@:/-
 	ExternalId *string `min:"2" type:"string"`

 	// An IAM policy in JSON format.
@@ -2270,9 +2262,9 @@ type GetSessionTokenInput struct {
 	// You can find the device for an IAM user by going to the AWS Management Console
 	// and viewing the user's security credentials.
 	//
-	// The regex used to validate this parameter is a string of characters consisting
+	// The regex used to validated this parameter is a string of characters consisting
 	// of upper- and lower-case alphanumeric characters with no spaces. You can
-	// also include underscores or any of the following characters: =,.@-
+	// also include underscores or any of the following characters: =,.@:/-
 	SerialNumber *string `min:"9" type:"string"`

 	// The value provided by the MFA device, if MFA is required. If any policy requires
@@ -0,0 +1,72 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package sts provides the client and types for making API
+// requests to AWS Security Token Service.
+//
+// The AWS Security Token Service (STS) is a web service that enables you to
+// request temporary, limited-privilege credentials for AWS Identity and Access
+// Management (IAM) users or for users that you authenticate (federated users).
+// This guide provides descriptions of the STS API. For more detailed information
+// about using this service, go to Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
+//
+// As an alternative to using the API, you can use one of the AWS SDKs, which
+// consist of libraries and sample code for various programming languages and
+// platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient
+// way to create programmatic access to STS. For example, the SDKs take care
+// of cryptographically signing requests, managing errors, and retrying requests
+// automatically. For information about the AWS SDKs, including how to download
+// and install them, see the Tools for Amazon Web Services page (http://aws.amazon.com/tools/).
+//
+// For information about setting up signatures and authorization through the
+// API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
+// in the AWS General Reference. For general information about the Query API,
+// go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
+// in Using IAM. For information about using security tokens with other AWS
+// products, go to AWS Services That Work with IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
+// in the IAM User Guide.
+//
+// If you're new to AWS and need additional technical information about a specific
+// AWS product, you can find the product's technical documentation at http://aws.amazon.com/documentation/
+// (http://aws.amazon.com/documentation/).
+//
+// Endpoints
+//
+// The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com
+// that maps to the US East (N. Virginia) region. Additional regions are available
+// and are activated by default. For more information, see Activating and Deactivating
+// AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
+//
+// For information about STS endpoints, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region)
+// in the AWS General Reference.
+//
+// Recording API requests
+//
+// STS supports AWS CloudTrail, which is a service that records AWS calls for
+// your AWS account and delivers log files to an Amazon S3 bucket. By using
+// information collected by CloudTrail, you can determine what requests were
+// successfully made to STS, who made the request, when it was made, and so
+// on. To learn more about CloudTrail, including how to turn it on and find
+// your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
+//
+// See sts package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/
+//
+// Using the Client
+//
+// To AWS Security Token Service with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the AWS Security Token Service client STS for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#New
+package sts
@@ -1,4 +1,4 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.

 package sts

@@ -1,180 +1,282 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.

 package sts_test

 import (
-	"bytes"
 	"fmt"
+	"strings"
 	"time"

 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/sts"
 )

 var _ time.Duration
-var _ bytes.Buffer
-
-func ExampleSTS_AssumeRole() {
-	sess := session.Must(session.NewSession())
-
-	svc := sts.New(sess)
-
-	params := &sts.AssumeRoleInput{
-		RoleArn:         aws.String("arnType"),             // Required
-		RoleSessionName: aws.String("roleSessionNameType"), // Required
-		DurationSeconds: aws.Int64(1),
-		ExternalId:      aws.String("externalIdType"),
-		Policy:          aws.String("sessionPolicyDocumentType"),
-		SerialNumber:    aws.String("serialNumberType"),
-		TokenCode:       aws.String("tokenCodeType"),
-	}
-	resp, err := svc.AssumeRole(params)
+var _ strings.Reader
+var _ aws.Config

+func parseTime(layout, value string) *time.Time {
+	t, err := time.Parse(layout, value)
 	if err != nil {
-		// Print the error, cast err to awserr.Error to get the Code and
-		// Message from an error.
-		fmt.Println(err.Error())
+		panic(err)
+	}
+	return &t
+}
+
+// To assume a role
+//
+
+func ExampleSTS_AssumeRole_shared00() {
+	svc := sts.New(session.New())
+	input := &sts.AssumeRoleInput{
+		DurationSeconds: aws.Int64(3600),
+		ExternalId:      aws.String("123ABC"),
+		Policy:          aws.String("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}"),
+		RoleArn:         aws.String("arn:aws:iam::123456789012:role/demo"),
+		RoleSessionName: aws.String("Bob"),
+	}
+
+	result, err := svc.AssumeRole(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case sts.ErrCodeMalformedPolicyDocumentException:
+				fmt.Println(sts.ErrCodeMalformedPolicyDocumentException, aerr.Error())
+			case sts.ErrCodePackedPolicyTooLargeException:
+				fmt.Println(sts.ErrCodePackedPolicyTooLargeException, aerr.Error())
+			case sts.ErrCodeRegionDisabledException:
+				fmt.Println(sts.ErrCodeRegionDisabledException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
 		return
 	}

-	// Pretty-print the response data.
-	fmt.Println(resp)
+	fmt.Println(result)
 }

-func ExampleSTS_AssumeRoleWithSAML() {
-	sess := session.Must(session.NewSession())
+// To assume a role as an OpenID Connect-federated user
+//

-	svc := sts.New(sess)
-
-	params := &sts.AssumeRoleWithSAMLInput{
-		PrincipalArn:    aws.String("arnType"),           // Required
-		RoleArn:         aws.String("arnType"),           // Required
-		SAMLAssertion:   aws.String("SAMLAssertionType"), // Required
-		DurationSeconds: aws.Int64(1),
-		Policy:          aws.String("sessionPolicyDocumentType"),
+func ExampleSTS_AssumeRoleWithWebIdentity_shared00() {
+	svc := sts.New(session.New())
+	input := &sts.AssumeRoleWithWebIdentityInput{
+		DurationSeconds:  aws.Int64(3600),
+		ProviderId:       aws.String("www.amazon.com"),
+		RoleArn:          aws.String("arn:aws:iam::123456789012:role/FederatedWebIdentityRole"),
+		RoleSessionName:  aws.String("app1"),
+		WebIdentityToken: aws.String("Atza%7CIQEBLjAsAhRFiXuWpUXuRvQ9PZL3GMFcYevydwIUFAHZwXZXXXXXXXXJnrulxKDHwy87oGKPznh0D6bEQZTSCzyoCtL_8S07pLpr0zMbn6w1lfVZKNTBdDansFBmtGnIsIapjI6xKR02Yc_2bQ8LZbUXSGm6Ry6_BG7PrtLZtj_dfCTj92xNGed-CrKqjG7nPBjNIL016GGvuS5gSvPRUxWES3VYfm1wl7WTI7jn-Pcb6M-buCgHhFOzTQxod27L9CqnOLio7N3gZAGpsp6n1-AJBOCJckcyXe2c6uD0srOJeZlKUm2eTDVMf8IehDVI0r1QOnTV6KzzAI3OY87Vd_cVMQ"),
 	}
-	resp, err := svc.AssumeRoleWithSAML(params)

+	result, err := svc.AssumeRoleWithWebIdentity(input)
 	if err != nil {
-		// Print the error, cast err to awserr.Error to get the Code and
-		// Message from an error.
-		fmt.Println(err.Error())
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case sts.ErrCodeMalformedPolicyDocumentException:
+				fmt.Println(sts.ErrCodeMalformedPolicyDocumentException, aerr.Error())
+			case sts.ErrCodePackedPolicyTooLargeException:
+				fmt.Println(sts.ErrCodePackedPolicyTooLargeException, aerr.Error())
+			case sts.ErrCodeIDPRejectedClaimException:
+				fmt.Println(sts.ErrCodeIDPRejectedClaimException, aerr.Error())
+			case sts.ErrCodeIDPCommunicationErrorException:
+				fmt.Println(sts.ErrCodeIDPCommunicationErrorException, aerr.Error())
+			case sts.ErrCodeInvalidIdentityTokenException:
+				fmt.Println(sts.ErrCodeInvalidIdentityTokenException, aerr.Error())
+			case sts.ErrCodeExpiredTokenException:
+				fmt.Println(sts.ErrCodeExpiredTokenException, aerr.Error())
+			case sts.ErrCodeRegionDisabledException:
+				fmt.Println(sts.ErrCodeRegionDisabledException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
 		return
 	}

-	// Pretty-print the response data.
-	fmt.Println(resp)
+	fmt.Println(result)
 }

-func ExampleSTS_AssumeRoleWithWebIdentity() {
-	sess := session.Must(session.NewSession())
+// To decode information about an authorization status of a request
+//

-	svc := sts.New(sess)
-
-	params := &sts.AssumeRoleWithWebIdentityInput{
-		RoleArn:          aws.String("arnType"),             // Required
-		RoleSessionName:  aws.String("roleSessionNameType"), // Required
-		WebIdentityToken: aws.String("clientTokenType"),     // Required
-		DurationSeconds:  aws.Int64(1),
-		Policy:           aws.String("sessionPolicyDocumentType"),
-		ProviderId:       aws.String("urlType"),
+func ExampleSTS_DecodeAuthorizationMessage_shared00() {
+	svc := sts.New(session.New())
+	input := &sts.DecodeAuthorizationMessageInput{
+		EncodedMessage: aws.String("<encoded-message>"),
 	}
-	resp, err := svc.AssumeRoleWithWebIdentity(params)

+	result, err := svc.DecodeAuthorizationMessage(input)
 	if err != nil {
-		// Print the error, cast err to awserr.Error to get the Code and
-		// Message from an error.
-		fmt.Println(err.Error())
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case sts.ErrCodeInvalidAuthorizationMessageException:
+				fmt.Println(sts.ErrCodeInvalidAuthorizationMessageException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
 		return
 	}

-	// Pretty-print the response data.
-	fmt.Println(resp)
+	fmt.Println(result)
 }

-func ExampleSTS_DecodeAuthorizationMessage() {
-	sess := session.Must(session.NewSession())
-
-	svc := sts.New(sess)
-
-	params := &sts.DecodeAuthorizationMessageInput{
-		EncodedMessage: aws.String("encodedMessageType"), // Required
-	}
-	resp, err := svc.DecodeAuthorizationMessage(params)
+// To get details about a calling IAM user
+//
+// This example shows a request and response made with the credentials for a user named
+// Alice in the AWS account 123456789012.
+func ExampleSTS_GetCallerIdentity_shared00() {
+	svc := sts.New(session.New())
+	input := &sts.GetCallerIdentityInput{}

+	result, err := svc.GetCallerIdentity(input)
 	if err != nil {
-		// Print the error, cast err to awserr.Error to get the Code and
-		// Message from an error.
-		fmt.Println(err.Error())
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
 		return
 	}

-	// Pretty-print the response data.
-	fmt.Println(resp)
+	fmt.Println(result)
 }

-func ExampleSTS_GetCallerIdentity() {
-	sess := session.Must(session.NewSession())
-
-	svc := sts.New(sess)
-
-	var params *sts.GetCallerIdentityInput
-	resp, err := svc.GetCallerIdentity(params)
+// To get details about a calling user federated with AssumeRole
+//
+// This example shows a request and response made with temporary credentials created
+// by AssumeRole. The name of the assumed role is my-role-name, and the RoleSessionName
+// is set to my-role-session-name.
+func ExampleSTS_GetCallerIdentity_shared01() {
+	svc := sts.New(session.New())
+	input := &sts.GetCallerIdentityInput{}

+	result, err := svc.GetCallerIdentity(input)
 	if err != nil {
-		// Print the error, cast err to awserr.Error to get the Code and
-		// Message from an error.
-		fmt.Println(err.Error())
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
 		return
 	}

-	// Pretty-print the response data.
-	fmt.Println(resp)
+	fmt.Println(result)
 }

-func ExampleSTS_GetFederationToken() {
-	sess := session.Must(session.NewSession())
-
-	svc := sts.New(sess)
-
-	params := &sts.GetFederationTokenInput{
-		Name:            aws.String("userNameType"), // Required
-		DurationSeconds: aws.Int64(1),
-		Policy:          aws.String("sessionPolicyDocumentType"),
-	}
-	resp, err := svc.GetFederationToken(params)
+// To get details about a calling user federated with GetFederationToken
+//
+// This example shows a request and response made with temporary credentials created
+// by using GetFederationToken. The Name parameter is set to my-federated-user-name.
+func ExampleSTS_GetCallerIdentity_shared02() {
+	svc := sts.New(session.New())
+	input := &sts.GetCallerIdentityInput{}

+	result, err := svc.GetCallerIdentity(input)
 	if err != nil {
-		// Print the error, cast err to awserr.Error to get the Code and
-		// Message from an error.
-		fmt.Println(err.Error())
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
 		return
 	}

-	// Pretty-print the response data.
-	fmt.Println(resp)
+	fmt.Println(result)
 }

-func ExampleSTS_GetSessionToken() {
-	sess := session.Must(session.NewSession())
+// To get temporary credentials for a role by using GetFederationToken
+//

-	svc := sts.New(sess)
-
-	params := &sts.GetSessionTokenInput{
-		DurationSeconds: aws.Int64(1),
-		SerialNumber:    aws.String("serialNumberType"),
-		TokenCode:       aws.String("tokenCodeType"),
+func ExampleSTS_GetFederationToken_shared00() {
+	svc := sts.New(session.New())
+	input := &sts.GetFederationTokenInput{
+		DurationSeconds: aws.Int64(3600),
+		Name:            aws.String("Bob"),
+		Policy:          aws.String("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}"),
 	}
-	resp, err := svc.GetSessionToken(params)

+	result, err := svc.GetFederationToken(input)
 	if err != nil {
-		// Print the error, cast err to awserr.Error to get the Code and
-		// Message from an error.
-		fmt.Println(err.Error())
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case sts.ErrCodeMalformedPolicyDocumentException:
+				fmt.Println(sts.ErrCodeMalformedPolicyDocumentException, aerr.Error())
+			case sts.ErrCodePackedPolicyTooLargeException:
+				fmt.Println(sts.ErrCodePackedPolicyTooLargeException, aerr.Error())
+			case sts.ErrCodeRegionDisabledException:
+				fmt.Println(sts.ErrCodeRegionDisabledException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
 		return
 	}

-	// Pretty-print the response data.
-	fmt.Println(resp)
+	fmt.Println(result)
+}
+
+// To get temporary credentials for an IAM user or an AWS account
+//
+
+func ExampleSTS_GetSessionToken_shared00() {
+	svc := sts.New(session.New())
+	input := &sts.GetSessionTokenInput{
+		DurationSeconds: aws.Int64(3600),
+		SerialNumber:    aws.String("YourMFASerialNumber"),
+		TokenCode:       aws.String("123456"),
+	}
+
+	result, err := svc.GetSessionToken(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case sts.ErrCodeRegionDisabledException:
+				fmt.Println(sts.ErrCodeRegionDisabledException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
 }
@@ -1,4 +1,4 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.

 package sts

@@ -11,54 +11,12 @@ import (
 	"github.com/aws/aws-sdk-go/private/protocol/query"
 )

-// The AWS Security Token Service (STS) is a web service that enables you to
-// request temporary, limited-privilege credentials for AWS Identity and Access
-// Management (IAM) users or for users that you authenticate (federated users).
-// This guide provides descriptions of the STS API. For more detailed information
-// about using this service, go to Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
+// STS provides the API operation methods for making requests to
+// AWS Security Token Service. See this package's package overview docs
+// for details on the service.
 //
-// As an alternative to using the API, you can use one of the AWS SDKs, which
-// consist of libraries and sample code for various programming languages and
-// platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient
-// way to create programmatic access to STS. For example, the SDKs take care
-// of cryptographically signing requests, managing errors, and retrying requests
-// automatically. For information about the AWS SDKs, including how to download
-// and install them, see the Tools for Amazon Web Services page (http://aws.amazon.com/tools/).
-//
-// For information about setting up signatures and authorization through the
-// API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
-// in the AWS General Reference. For general information about the Query API,
-// go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
-// in Using IAM. For information about using security tokens with other AWS
-// products, go to AWS Services That Work with IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
-// in the IAM User Guide.
-//
-// If you're new to AWS and need additional technical information about a specific
-// AWS product, you can find the product's technical documentation at http://aws.amazon.com/documentation/
-// (http://aws.amazon.com/documentation/).
-//
-// Endpoints
-//
-// The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com
-// that maps to the US East (N. Virginia) region. Additional regions are available
-// and are activated by default. For more information, see Activating and Deactivating
-// AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
-// in the IAM User Guide.
-//
-// For information about STS endpoints, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region)
-// in the AWS General Reference.
-//
-// Recording API requests
-//
-// STS supports AWS CloudTrail, which is a service that records AWS calls for
-// your AWS account and delivers log files to an Amazon S3 bucket. By using
-// information collected by CloudTrail, you can determine what requests were
-// successfully made to STS, who made the request, when it was made, and so
-// on. To learn more about CloudTrail, including how to turn it on and find
-// your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
-// The service client's operations are safe to be used concurrently.
-// It is not safe to mutate any of the client's properties though.
-// Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15
+// STS methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
 type STS struct {
 	*client.Client
 }
@@ -1,4 +1,4 @@
-// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.

 // Package stsiface provides an interface to enable mocking the AWS Security Token Service service client
 // for testing your code.
@@ -21,7 +21,7 @@ import (
 //
 // The best way to use this interface is so the SDK's service client's calls
 // can be stubbed out for unit testing your code with the SDK without needing
-// to inject custom request handlers into the the SDK's request pipeline.
+// to inject custom request handlers into the SDK's request pipeline.
 //
 //    // myFunc uses an SDK service client to make a request to
 //    // AWS Security Token Service.