Update Go AWS SDK to the latest version

2026-06-01 04:40:38 +00:00 · 2019-07-13 00:03:55 +03:00
parent d08be990ef
commit 94a72b23ff
2183 changed files with 885887 additions and 228114 deletions
@@ -8,6 +8,7 @@ import (

 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awsutil"
+	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/private/protocol"
 	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
@@ -18,7 +19,7 @@ const opCreateIdentityPool = "CreateIdentityPool"
 // CreateIdentityPoolRequest generates a "aws/request.Request" representing the
 // client's request for the CreateIdentityPool operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -127,7 +128,7 @@ const opDeleteIdentities = "DeleteIdentities"
 // DeleteIdentitiesRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteIdentities operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -215,7 +216,7 @@ const opDeleteIdentityPool = "DeleteIdentityPool"
 // DeleteIdentityPoolRequest generates a "aws/request.Request" representing the
 // client's request for the DeleteIdentityPool operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -249,15 +250,14 @@ func (c *CognitoIdentity) DeleteIdentityPoolRequest(input *DeleteIdentityPoolInp

 	output = &DeleteIdentityPoolOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }

 // DeleteIdentityPool API operation for Amazon Cognito Identity.
 //
-// Deletes a user pool. Once a pool is deleted, users will not be able to authenticate
-// with the pool.
+// Deletes an identity pool. Once a pool is deleted, users will not be able
+// to authenticate with the pool.
 //
 // You must use AWS Developer credentials to call this API.
 //
@@ -312,7 +312,7 @@ const opDescribeIdentity = "DescribeIdentity"
 // DescribeIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the DescribeIdentity operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -407,7 +407,7 @@ const opDescribeIdentityPool = "DescribeIdentityPool"
 // DescribeIdentityPoolRequest generates a "aws/request.Request" representing the
 // client's request for the DescribeIdentityPool operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -502,7 +502,7 @@ const opGetCredentialsForIdentity = "GetCredentialsForIdentity"
 // GetCredentialsForIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the GetCredentialsForIdentity operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -536,6 +536,7 @@ func (c *CognitoIdentity) GetCredentialsForIdentityRequest(input *GetCredentials

 	output = &GetCredentialsForIdentityOutput{}
 	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
 	return
 }

@@ -611,7 +612,7 @@ const opGetId = "GetId"
 // GetIdRequest generates a "aws/request.Request" representing the
 // client's request for the GetId operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -645,6 +646,7 @@ func (c *CognitoIdentity) GetIdRequest(input *GetIdInput) (req *request.Request,

 	output = &GetIdOutput{}
 	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
 	return
 }

@@ -717,7 +719,7 @@ const opGetIdentityPoolRoles = "GetIdentityPoolRoles"
 // GetIdentityPoolRolesRequest generates a "aws/request.Request" representing the
 // client's request for the GetIdentityPoolRoles operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -815,7 +817,7 @@ const opGetOpenIdToken = "GetOpenIdToken"
 // GetOpenIdTokenRequest generates a "aws/request.Request" representing the
 // client's request for the GetOpenIdToken operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -849,6 +851,7 @@ func (c *CognitoIdentity) GetOpenIdTokenRequest(input *GetOpenIdTokenInput) (req

 	output = &GetOpenIdTokenOutput{}
 	req = c.newRequest(op, input, output)
+	req.Config.Credentials = credentials.AnonymousCredentials
 	return
 }

@@ -858,7 +861,7 @@ func (c *CognitoIdentity) GetOpenIdTokenRequest(input *GetOpenIdTokenInput) (req
 // returned by GetId. You can optionally add additional logins for the identity.
 // Supplying multiple logins creates an implicit link.
 //
-// The OpenId token is valid for 15 minutes.
+// The OpenId token is valid for 10 minutes.
 //
 // This is a public API. You do not need any credentials to call this API.
 //
@@ -921,7 +924,7 @@ const opGetOpenIdTokenForDeveloperIdentity = "GetOpenIdTokenForDeveloperIdentity
 // GetOpenIdTokenForDeveloperIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the GetOpenIdTokenForDeveloperIdentity operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1036,7 +1039,7 @@ const opListIdentities = "ListIdentities"
 // ListIdentitiesRequest generates a "aws/request.Request" representing the
 // client's request for the ListIdentities operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1075,7 +1078,7 @@ func (c *CognitoIdentity) ListIdentitiesRequest(input *ListIdentitiesInput) (req

 // ListIdentities API operation for Amazon Cognito Identity.
 //
-// Lists the identities in a pool.
+// Lists the identities in an identity pool.
 //
 // You must use AWS Developer credentials to call this API.
 //
@@ -1130,7 +1133,7 @@ const opListIdentityPools = "ListIdentityPools"
 // ListIdentityPoolsRequest generates a "aws/request.Request" representing the
 // client's request for the ListIdentityPools operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1190,6 +1193,10 @@ func (c *CognitoIdentity) ListIdentityPoolsRequest(input *ListIdentityPoolsInput
 //   * ErrCodeTooManyRequestsException "TooManyRequestsException"
 //   Thrown when a request is throttled.
 //
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   Thrown when the requested resource (for example, a dataset or record) does
+//   not exist.
+//
 //   * ErrCodeInternalErrorException "InternalErrorException"
 //   Thrown when the service encounters an error during processing the request.
 //
@@ -1215,12 +1222,110 @@ func (c *CognitoIdentity) ListIdentityPoolsWithContext(ctx aws.Context, input *L
 	return out, req.Send()
 }

+const opListTagsForResource = "ListTagsForResource"
+
+// ListTagsForResourceRequest generates a "aws/request.Request" representing the
+// client's request for the ListTagsForResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListTagsForResource for more information on using the ListTagsForResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the ListTagsForResourceRequest method.
+//    req, resp := client.ListTagsForResourceRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/ListTagsForResource
+func (c *CognitoIdentity) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
+	op := &request.Operation{
+		Name:       opListTagsForResource,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &ListTagsForResourceInput{}
+	}
+
+	output = &ListTagsForResourceOutput{}
+	req = c.newRequest(op, input, output)
+	return
+}
+
+// ListTagsForResource API operation for Amazon Cognito Identity.
+//
+// Lists the tags that are assigned to an Amazon Cognito identity pool.
+//
+// A tag is a label that you can apply to identity pools to categorize and manage
+// them in different ways, such as by purpose, owner, environment, or other
+// criteria.
+//
+// You can use this action up to 10 times per second, per account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Cognito Identity's
+// API operation ListTagsForResource for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterException "InvalidParameterException"
+//   Thrown for missing or bad input parameter(s).
+//
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   Thrown when the requested resource (for example, a dataset or record) does
+//   not exist.
+//
+//   * ErrCodeNotAuthorizedException "NotAuthorizedException"
+//   Thrown when a user is not authorized to access the requested resource.
+//
+//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
+//   Thrown when a request is throttled.
+//
+//   * ErrCodeInternalErrorException "InternalErrorException"
+//   Thrown when the service encounters an error during processing the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/ListTagsForResource
+func (c *CognitoIdentity) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
+	req, out := c.ListTagsForResourceRequest(input)
+	return out, req.Send()
+}
+
+// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListTagsForResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CognitoIdentity) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
+	req, out := c.ListTagsForResourceRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opLookupDeveloperIdentity = "LookupDeveloperIdentity"

 // LookupDeveloperIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the LookupDeveloperIdentity operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1260,13 +1365,20 @@ func (c *CognitoIdentity) LookupDeveloperIdentityRequest(input *LookupDeveloperI
 // LookupDeveloperIdentity API operation for Amazon Cognito Identity.
 //
 // Retrieves the IdentityID associated with a DeveloperUserIdentifier or the
-// list of DeveloperUserIdentifiers associated with an IdentityId for an existing
-// identity. Either IdentityID or DeveloperUserIdentifier must not be null.
-// If you supply only one of these values, the other value will be searched
-// in the database and returned as a part of the response. If you supply both,
-// DeveloperUserIdentifier will be matched against IdentityID. If the values
-// are verified against the database, the response returns both values and is
-// the same as the request. Otherwise a ResourceConflictException is thrown.
+// list of DeveloperUserIdentifier values associated with an IdentityId for
+// an existing identity. Either IdentityID or DeveloperUserIdentifier must not
+// be null. If you supply only one of these values, the other value will be
+// searched in the database and returned as a part of the response. If you supply
+// both, DeveloperUserIdentifier will be matched against IdentityID. If the
+// values are verified against the database, the response returns both values
+// and is the same as the request. Otherwise a ResourceConflictException is
+// thrown.
+//
+// LookupDeveloperIdentity is intended for low-throughput control plane operations:
+// for example, to enable customer service to locate an identity ID by username.
+// If you are using it for higher-volume operations such as user authentication,
+// your requests are likely to be throttled. GetOpenIdTokenForDeveloperIdentity
+// is a better option for higher-volume operations for user authentication.
 //
 // You must use AWS Developer credentials to call this API.
 //
@@ -1325,7 +1437,7 @@ const opMergeDeveloperIdentities = "MergeDeveloperIdentities"
 // MergeDeveloperIdentitiesRequest generates a "aws/request.Request" representing the
 // client's request for the MergeDeveloperIdentities operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1372,6 +1484,10 @@ func (c *CognitoIdentity) MergeDeveloperIdentitiesRequest(input *MergeDeveloperI
 // users can be merged. If the users to be merged are associated with the same
 // public provider, but as two different users, an exception will be thrown.
 //
+// The number of linked logins is limited to 20. So, the number of linked logins
+// for the source user, SourceUserIdentifier, and the destination user, DestinationUserIdentifier,
+// together should not be larger than 20. Otherwise, an exception will be thrown.
+//
 // You must use AWS Developer credentials to call this API.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -1429,7 +1545,7 @@ const opSetIdentityPoolRoles = "SetIdentityPoolRoles"
 // SetIdentityPoolRolesRequest generates a "aws/request.Request" representing the
 // client's request for the SetIdentityPoolRoles operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1463,8 +1579,7 @@ func (c *CognitoIdentity) SetIdentityPoolRolesRequest(input *SetIdentityPoolRole

 	output = &SetIdentityPoolRolesOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }

@@ -1528,12 +1643,122 @@ func (c *CognitoIdentity) SetIdentityPoolRolesWithContext(ctx aws.Context, input
 	return out, req.Send()
 }

+const opTagResource = "TagResource"
+
+// TagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the TagResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See TagResource for more information on using the TagResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the TagResourceRequest method.
+//    req, resp := client.TagResourceRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/TagResource
+func (c *CognitoIdentity) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
+	op := &request.Operation{
+		Name:       opTagResource,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &TagResourceInput{}
+	}
+
+	output = &TagResourceOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// TagResource API operation for Amazon Cognito Identity.
+//
+// Assigns a set of tags to an Amazon Cognito identity pool. A tag is a label
+// that you can use to categorize and manage identity pools in different ways,
+// such as by purpose, owner, environment, or other criteria.
+//
+// Each tag consists of a key and value, both of which you define. A key is
+// a general category for more specific values. For example, if you have two
+// versions of an identity pool, one for testing and another for production,
+// you might assign an Environment tag key to both identity pools. The value
+// of this key might be Test for one identity pool and Production for the other.
+//
+// Tags are useful for cost tracking and access control. You can activate your
+// tags so that they appear on the Billing and Cost Management console, where
+// you can track the costs associated with your identity pools. In an IAM policy,
+// you can constrain permissions for identity pools based on specific tags or
+// tag values.
+//
+// You can use this action up to 5 times per second, per account. An identity
+// pool can have as many as 50 tags.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Cognito Identity's
+// API operation TagResource for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterException "InvalidParameterException"
+//   Thrown for missing or bad input parameter(s).
+//
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   Thrown when the requested resource (for example, a dataset or record) does
+//   not exist.
+//
+//   * ErrCodeNotAuthorizedException "NotAuthorizedException"
+//   Thrown when a user is not authorized to access the requested resource.
+//
+//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
+//   Thrown when a request is throttled.
+//
+//   * ErrCodeInternalErrorException "InternalErrorException"
+//   Thrown when the service encounters an error during processing the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/TagResource
+func (c *CognitoIdentity) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
+	req, out := c.TagResourceRequest(input)
+	return out, req.Send()
+}
+
+// TagResourceWithContext is the same as TagResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See TagResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CognitoIdentity) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
+	req, out := c.TagResourceRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opUnlinkDeveloperIdentity = "UnlinkDeveloperIdentity"

 // UnlinkDeveloperIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the UnlinkDeveloperIdentity operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1567,8 +1792,7 @@ func (c *CognitoIdentity) UnlinkDeveloperIdentityRequest(input *UnlinkDeveloperI

 	output = &UnlinkDeveloperIdentityOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }

@@ -1636,7 +1860,7 @@ const opUnlinkIdentity = "UnlinkIdentity"
 // UnlinkIdentityRequest generates a "aws/request.Request" representing the
 // client's request for the UnlinkIdentity operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1670,8 +1894,8 @@ func (c *CognitoIdentity) UnlinkIdentityRequest(input *UnlinkIdentityInput) (req

 	output = &UnlinkIdentityOutput{}
 	req = c.newRequest(op, input, output)
-	req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
-	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
+	req.Config.Credentials = credentials.AnonymousCredentials
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 	return
 }

@@ -1737,12 +1961,106 @@ func (c *CognitoIdentity) UnlinkIdentityWithContext(ctx aws.Context, input *Unli
 	return out, req.Send()
 }

+const opUntagResource = "UntagResource"
+
+// UntagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the UntagResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UntagResource for more information on using the UntagResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+//
+//    // Example sending a request using the UntagResourceRequest method.
+//    req, resp := client.UntagResourceRequest(params)
+//
+//    err := req.Send()
+//    if err == nil { // resp is now filled
+//        fmt.Println(resp)
+//    }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/UntagResource
+func (c *CognitoIdentity) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
+	op := &request.Operation{
+		Name:       opUntagResource,
+		HTTPMethod: "POST",
+		HTTPPath:   "/",
+	}
+
+	if input == nil {
+		input = &UntagResourceInput{}
+	}
+
+	output = &UntagResourceOutput{}
+	req = c.newRequest(op, input, output)
+	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+	return
+}
+
+// UntagResource API operation for Amazon Cognito Identity.
+//
+// Removes the specified tags from an Amazon Cognito identity pool. You can
+// use this action up to 5 times per second, per account
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Cognito Identity's
+// API operation UntagResource for usage and error information.
+//
+// Returned Error Codes:
+//   * ErrCodeInvalidParameterException "InvalidParameterException"
+//   Thrown for missing or bad input parameter(s).
+//
+//   * ErrCodeResourceNotFoundException "ResourceNotFoundException"
+//   Thrown when the requested resource (for example, a dataset or record) does
+//   not exist.
+//
+//   * ErrCodeNotAuthorizedException "NotAuthorizedException"
+//   Thrown when a user is not authorized to access the requested resource.
+//
+//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
+//   Thrown when a request is throttled.
+//
+//   * ErrCodeInternalErrorException "InternalErrorException"
+//   Thrown when the service encounters an error during processing the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/UntagResource
+func (c *CognitoIdentity) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
+	req, out := c.UntagResourceRequest(input)
+	return out, req.Send()
+}
+
+// UntagResourceWithContext is the same as UntagResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UntagResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *CognitoIdentity) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
+	req, out := c.UntagResourceRequest(input)
+	req.SetContext(ctx)
+	req.ApplyOptions(opts...)
+	return out, req.Send()
+}
+
 const opUpdateIdentityPool = "UpdateIdentityPool"

 // UpdateIdentityPoolRequest generates a "aws/request.Request" representing the
 // client's request for the UpdateIdentityPool operation. The "output" return
 // value will be populated with the request's response once the request completes
-// successfuly.
+// successfully.
 //
 // Use "Send" method on the returned Request to send the API call to the service.
 // the "output" return value is not valid until after Send returns without error.
@@ -1781,7 +2099,7 @@ func (c *CognitoIdentity) UpdateIdentityPoolRequest(input *IdentityPool) (req *r

 // UpdateIdentityPool API operation for Amazon Cognito Identity.
 //
-// Updates a user pool.
+// Updates an identity pool.
 //
 // You must use AWS Developer credentials to call this API.
 //
@@ -1850,7 +2168,7 @@ type CreateIdentityPoolInput struct {
 	// AllowUnauthenticatedIdentities is a required field
 	AllowUnauthenticatedIdentities *bool `type:"boolean" required:"true"`

-	// An array of Amazon Cognito Identity user pools and their client IDs.
+	// An array of Amazon Cognito user pools and their client IDs.
 	CognitoIdentityProviders []*Provider `type:"list"`

 	// The "domain" by which Cognito will refer to your users. This name acts as
@@ -1867,6 +2185,11 @@ type CreateIdentityPoolInput struct {
 	// IdentityPoolName is a required field
 	IdentityPoolName *string `min:"1" type:"string" required:"true"`

+	// Tags to assign to the identity pool. A tag is a label that you can apply
+	// to identity pools to categorize and manage them in different ways, such as
+	// by purpose, owner, environment, or other criteria.
+	IdentityPoolTags map[string]*string `type:"map"`
+
 	// A list of OpendID Connect provider ARNs.
 	OpenIdConnectProviderARNs []*string `type:"list"`

@@ -1944,6 +2267,12 @@ func (s *CreateIdentityPoolInput) SetIdentityPoolName(v string) *CreateIdentityP
 	return s
 }

+// SetIdentityPoolTags sets the IdentityPoolTags field's value.
+func (s *CreateIdentityPoolInput) SetIdentityPoolTags(v map[string]*string) *CreateIdentityPoolInput {
+	s.IdentityPoolTags = v
+	return s
+}
+
 // SetOpenIdConnectProviderARNs sets the OpenIdConnectProviderARNs field's value.
 func (s *CreateIdentityPoolInput) SetOpenIdConnectProviderARNs(v []*string) *CreateIdentityPoolInput {
 	s.OpenIdConnectProviderARNs = v
@@ -1970,7 +2299,7 @@ type Credentials struct {
 	AccessKeyId *string `type:"string"`

 	// The date at which these credentials will expire.
-	Expiration *time.Time `type:"timestamp" timestampFormat:"unix"`
+	Expiration *time.Time `type:"timestamp"`

 	// The Secret Access Key portion of the credentials
 	SecretKey *string `type:"string"`
@@ -2236,6 +2565,15 @@ type GetCredentialsForIdentityInput struct {
 	IdentityId *string `min:"1" type:"string" required:"true"`

 	// A set of optional name-value pairs that map provider names to provider tokens.
+	// The name-value pair will follow the syntax "provider_name": "provider_user_identifier".
+	//
+	// Logins should not be specified when trying to get credentials for an unauthenticated
+	// identity.
+	//
+	// The Logins parameter is required when using identities associated with external
+	// identity providers such as FaceBook. For examples of Logins maps, see the
+	// code examples in the External Identity Providers (http://docs.aws.amazon.com/cognito/latest/developerguide/external-identity-providers.html)
+	// section of the Amazon Cognito Developer Guide.
 	Logins map[string]*string `type:"map"`
 }

@@ -2336,7 +2674,8 @@ type GetIdInput struct {
 	//
 	//    * Facebook: graph.facebook.com
 	//
-	//    * Amazon Cognito Identity Provider: cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789
+	//    * Amazon Cognito user pool: cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>,
+	//    for example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789.
 	//
 	//    * Google: accounts.google.com
 	//
@@ -2470,7 +2809,7 @@ type GetIdentityPoolRolesOutput struct {

 	// How users for a specific identity provider are to mapped to roles. This is
 	// a String-to-RoleMapping object map. The string identifies the identity provider,
-	// for example, "graph.facebook.com" or "cognito-idp-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id".
+	// for example, "graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id".
 	RoleMappings map[string]*RoleMapping `type:"map"`

 	// The map of roles associated with this pool. Currently only authenticated
@@ -2646,8 +2985,8 @@ type GetOpenIdTokenInput struct {
 	// A set of optional name-value pairs that map provider names to provider tokens.
 	// When using graph.facebook.com and www.amazon.com, supply the access_token
 	// returned from the provider's authflow. For accounts.google.com, an Amazon
-	// Cognito Identity Provider, or any other OpenId Connect provider, always include
-	// the id_token.
+	// Cognito user pool provider, or any other OpenId Connect provider, always
+	// include the id_token.
 	Logins map[string]*string `type:"map"`
 }

@@ -2697,7 +3036,7 @@ type GetOpenIdTokenOutput struct {
 	// may not match the one passed on input.
 	IdentityId *string `min:"1" type:"string"`

-	// An OpenID token, valid for 15 minutes.
+	// An OpenID token, valid for 10 minutes.
 	Token *string `type:"string"`
 }

@@ -2728,15 +3067,15 @@ type IdentityDescription struct {
 	_ struct{} `type:"structure"`

 	// Date on which the identity was created.
-	CreationDate *time.Time `type:"timestamp" timestampFormat:"unix"`
+	CreationDate *time.Time `type:"timestamp"`

 	// A unique identifier in the format REGION:GUID.
 	IdentityId *string `min:"1" type:"string"`

 	// Date on which the identity was last modified.
-	LastModifiedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
+	LastModifiedDate *time.Time `type:"timestamp"`

-	// A set of optional name-value pairs that map provider names to provider tokens.
+	// The provider names.
 	Logins []*string `type:"list"`
 }

@@ -2783,7 +3122,7 @@ type IdentityPool struct {
 	// AllowUnauthenticatedIdentities is a required field
 	AllowUnauthenticatedIdentities *bool `type:"boolean" required:"true"`

-	// A list representing an Amazon Cognito Identity User Pool and its client ID.
+	// A list representing an Amazon Cognito user pool and its client ID.
 	CognitoIdentityProviders []*Provider `type:"list"`

 	// The "domain" by which Cognito will refer to your users.
@@ -2799,6 +3138,11 @@ type IdentityPool struct {
 	// IdentityPoolName is a required field
 	IdentityPoolName *string `min:"1" type:"string" required:"true"`

+	// The tags that are assigned to the identity pool. A tag is a label that you
+	// can apply to identity pools to categorize and manage them in different ways,
+	// such as by purpose, owner, environment, or other criteria.
+	IdentityPoolTags map[string]*string `type:"map"`
+
 	// A list of OpendID Connect provider ARNs.
 	OpenIdConnectProviderARNs []*string `type:"list"`

@@ -2888,6 +3232,12 @@ func (s *IdentityPool) SetIdentityPoolName(v string) *IdentityPool {
 	return s
 }

+// SetIdentityPoolTags sets the IdentityPoolTags field's value.
+func (s *IdentityPool) SetIdentityPoolTags(v map[string]*string) *IdentityPool {
+	s.IdentityPoolTags = v
+	return s
+}
+
 // SetOpenIdConnectProviderARNs sets the OpenIdConnectProviderARNs field's value.
 func (s *IdentityPool) SetOpenIdConnectProviderARNs(v []*string) *IdentityPool {
 	s.OpenIdConnectProviderARNs = v
@@ -3150,6 +3500,71 @@ func (s *ListIdentityPoolsOutput) SetNextToken(v string) *ListIdentityPoolsOutpu
 	return s
 }

+type ListTagsForResourceInput struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the identity pool that the tags are assigned
+	// to.
+	//
+	// ResourceArn is a required field
+	ResourceArn *string `min:"20" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s ListTagsForResourceInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListTagsForResourceInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListTagsForResourceInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
+	if s.ResourceArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+	}
+	if s.ResourceArn != nil && len(*s.ResourceArn) < 20 {
+		invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 20))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput {
+	s.ResourceArn = &v
+	return s
+}
+
+type ListTagsForResourceOutput struct {
+	_ struct{} `type:"structure"`
+
+	// The tags that are assigned to the identity pool.
+	Tags map[string]*string `type:"map"`
+}
+
+// String returns the string representation
+func (s ListTagsForResourceOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ListTagsForResourceOutput) GoString() string {
+	return s.String()
+}
+
+// SetTags sets the Tags field's value.
+func (s *ListTagsForResourceOutput) SetTags(v map[string]*string) *ListTagsForResourceOutput {
+	s.Tags = v
+	return s
+}
+
 // Input to the LookupDeveloperIdentityInput action.
 type LookupDeveloperIdentityInput struct {
 	_ struct{} `type:"structure"`
@@ -3510,20 +3925,26 @@ func (s *MergeDeveloperIdentitiesOutput) SetIdentityId(v string) *MergeDeveloper
 	return s
 }

-// A provider representing an Amazon Cognito Identity User Pool and its client
-// ID.
+// A provider representing an Amazon Cognito user pool and its client ID.
 type Provider struct {
 	_ struct{} `type:"structure"`

-	// The client ID for the Amazon Cognito Identity User Pool.
+	// The client ID for the Amazon Cognito user pool.
 	ClientId *string `min:"1" type:"string"`

-	// The provider name for an Amazon Cognito Identity User Pool. For example,
-	// cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789.
+	// The provider name for an Amazon Cognito user pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789.
 	ProviderName *string `min:"1" type:"string"`

 	// TRUE if server-side token validation is enabled for the identity provider’s
 	// token.
+	//
+	// Once you set ServerSideTokenCheck to TRUE for an identity pool, that identity
+	// pool will check with the integrated user pools to make sure that the user
+	// has not been globally signed out or deleted before the identity pool provides
+	// an OIDC token or AWS credentials for the user.
+	//
+	// If the user is signed out or deleted, the identity pool will return a 400
+	// Not Authorized error.
 	ServerSideTokenCheck *bool `type:"boolean"`
 }

@@ -3790,6 +4211,70 @@ func (s SetIdentityPoolRolesOutput) GoString() string {
 	return s.String()
 }

+type TagResourceInput struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the identity pool to assign the tags to.
+	//
+	// ResourceArn is a required field
+	ResourceArn *string `min:"20" type:"string" required:"true"`
+
+	// The tags to assign to the identity pool.
+	Tags map[string]*string `type:"map"`
+}
+
+// String returns the string representation
+func (s TagResourceInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s TagResourceInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *TagResourceInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
+	if s.ResourceArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+	}
+	if s.ResourceArn != nil && len(*s.ResourceArn) < 20 {
+		invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 20))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput {
+	s.ResourceArn = &v
+	return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *TagResourceInput) SetTags(v map[string]*string) *TagResourceInput {
+	s.Tags = v
+	return s
+}
+
+type TagResourceOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s TagResourceOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s TagResourceOutput) GoString() string {
+	return s.String()
+}
+
 // Input to the UnlinkDeveloperIdentity action.
 type UnlinkDeveloperIdentityInput struct {
 	_ struct{} `type:"structure"`
@@ -4015,6 +4500,71 @@ func (s *UnprocessedIdentityId) SetIdentityId(v string) *UnprocessedIdentityId {
 	return s
 }

+type UntagResourceInput struct {
+	_ struct{} `type:"structure"`
+
+	// The Amazon Resource Name (ARN) of the identity pool that the tags are assigned
+	// to.
+	//
+	// ResourceArn is a required field
+	ResourceArn *string `min:"20" type:"string" required:"true"`
+
+	// The keys of the tags to remove from the user pool.
+	TagKeys []*string `type:"list"`
+}
+
+// String returns the string representation
+func (s UntagResourceInput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UntagResourceInput) GoString() string {
+	return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UntagResourceInput) Validate() error {
+	invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
+	if s.ResourceArn == nil {
+		invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+	}
+	if s.ResourceArn != nil && len(*s.ResourceArn) < 20 {
+		invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 20))
+	}
+
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	}
+	return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput {
+	s.ResourceArn = &v
+	return s
+}
+
+// SetTagKeys sets the TagKeys field's value.
+func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
+	s.TagKeys = v
+	return s
+}
+
+type UntagResourceOutput struct {
+	_ struct{} `type:"structure"`
+}
+
+// String returns the string representation
+func (s UntagResourceOutput) String() string {
+	return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s UntagResourceOutput) GoString() string {
+	return s.String()
+}
+
 const (
 	// AmbiguousRoleResolutionTypeAuthenticatedRole is a AmbiguousRoleResolutionType enum value
 	AmbiguousRoleResolutionTypeAuthenticatedRole = "AuthenticatedRole"
@@ -108,6 +108,10 @@ type CognitoIdentityAPI interface {
 	ListIdentityPoolsWithContext(aws.Context, *cognitoidentity.ListIdentityPoolsInput, ...request.Option) (*cognitoidentity.ListIdentityPoolsOutput, error)
 	ListIdentityPoolsRequest(*cognitoidentity.ListIdentityPoolsInput) (*request.Request, *cognitoidentity.ListIdentityPoolsOutput)

+	ListTagsForResource(*cognitoidentity.ListTagsForResourceInput) (*cognitoidentity.ListTagsForResourceOutput, error)
+	ListTagsForResourceWithContext(aws.Context, *cognitoidentity.ListTagsForResourceInput, ...request.Option) (*cognitoidentity.ListTagsForResourceOutput, error)
+	ListTagsForResourceRequest(*cognitoidentity.ListTagsForResourceInput) (*request.Request, *cognitoidentity.ListTagsForResourceOutput)
+
 	LookupDeveloperIdentity(*cognitoidentity.LookupDeveloperIdentityInput) (*cognitoidentity.LookupDeveloperIdentityOutput, error)
 	LookupDeveloperIdentityWithContext(aws.Context, *cognitoidentity.LookupDeveloperIdentityInput, ...request.Option) (*cognitoidentity.LookupDeveloperIdentityOutput, error)
 	LookupDeveloperIdentityRequest(*cognitoidentity.LookupDeveloperIdentityInput) (*request.Request, *cognitoidentity.LookupDeveloperIdentityOutput)
@@ -120,6 +124,10 @@ type CognitoIdentityAPI interface {
 	SetIdentityPoolRolesWithContext(aws.Context, *cognitoidentity.SetIdentityPoolRolesInput, ...request.Option) (*cognitoidentity.SetIdentityPoolRolesOutput, error)
 	SetIdentityPoolRolesRequest(*cognitoidentity.SetIdentityPoolRolesInput) (*request.Request, *cognitoidentity.SetIdentityPoolRolesOutput)

+	TagResource(*cognitoidentity.TagResourceInput) (*cognitoidentity.TagResourceOutput, error)
+	TagResourceWithContext(aws.Context, *cognitoidentity.TagResourceInput, ...request.Option) (*cognitoidentity.TagResourceOutput, error)
+	TagResourceRequest(*cognitoidentity.TagResourceInput) (*request.Request, *cognitoidentity.TagResourceOutput)
+
 	UnlinkDeveloperIdentity(*cognitoidentity.UnlinkDeveloperIdentityInput) (*cognitoidentity.UnlinkDeveloperIdentityOutput, error)
 	UnlinkDeveloperIdentityWithContext(aws.Context, *cognitoidentity.UnlinkDeveloperIdentityInput, ...request.Option) (*cognitoidentity.UnlinkDeveloperIdentityOutput, error)
 	UnlinkDeveloperIdentityRequest(*cognitoidentity.UnlinkDeveloperIdentityInput) (*request.Request, *cognitoidentity.UnlinkDeveloperIdentityOutput)
@@ -128,6 +136,10 @@ type CognitoIdentityAPI interface {
 	UnlinkIdentityWithContext(aws.Context, *cognitoidentity.UnlinkIdentityInput, ...request.Option) (*cognitoidentity.UnlinkIdentityOutput, error)
 	UnlinkIdentityRequest(*cognitoidentity.UnlinkIdentityInput) (*request.Request, *cognitoidentity.UnlinkIdentityOutput)

+	UntagResource(*cognitoidentity.UntagResourceInput) (*cognitoidentity.UntagResourceOutput, error)
+	UntagResourceWithContext(aws.Context, *cognitoidentity.UntagResourceInput, ...request.Option) (*cognitoidentity.UntagResourceOutput, error)
+	UntagResourceRequest(*cognitoidentity.UntagResourceInput) (*request.Request, *cognitoidentity.UntagResourceOutput)
+
 	UpdateIdentityPool(*cognitoidentity.IdentityPool) (*cognitoidentity.IdentityPool, error)
 	UpdateIdentityPoolWithContext(aws.Context, *cognitoidentity.IdentityPool, ...request.Option) (*cognitoidentity.IdentityPool, error)
 	UpdateIdentityPoolRequest(*cognitoidentity.IdentityPool) (*request.Request, *cognitoidentity.IdentityPool)
@@ -1,12 +0,0 @@
-package cognitoidentity
-
-import "github.com/aws/aws-sdk-go/aws/request"
-
-func init() {
-	initRequest = func(r *request.Request) {
-		switch r.Operation.Name {
-		case opGetOpenIdToken, opGetId, opGetCredentialsForIdentity:
-			r.Handlers.Sign.Clear() // these operations are unsigned
-		}
-	}
-}
@@ -1,56 +1,74 @@
+// +build go1.8
+
 package cognitoidentity_test

 import (
 	"testing"

 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/awstesting/unit"
 	"github.com/aws/aws-sdk-go/service/cognitoidentity"
 )

 var svc = cognitoidentity.New(unit.Session)

-func TestUnsignedRequest_GetID(t *testing.T) {
-	req, _ := svc.GetIdRequest(&cognitoidentity.GetIdInput{
-		IdentityPoolId: aws.String("IdentityPoolId"),
-	})
-
-	err := req.Sign()
-	if err != nil {
-		t.Errorf("expected no error, but received %v", err)
+func TestUnsignedRequests(t *testing.T) {
+	cases := map[string]struct {
+		ReqFn func() *request.Request
+	}{
+		"GetId": {
+			ReqFn: func() *request.Request {
+				req, _ := svc.GetIdRequest(&cognitoidentity.GetIdInput{
+					IdentityPoolId: aws.String("IdentityPoolId"),
+				})
+				return req
+			},
+		},
+		"GetOpenIdToken": {
+			ReqFn: func() *request.Request {
+				req, _ := svc.GetOpenIdTokenRequest(&cognitoidentity.GetOpenIdTokenInput{
+					IdentityId: aws.String("IdentityId"),
+				})
+				return req
+			},
+		},
+		"UnlinkIdentity": {
+			ReqFn: func() *request.Request {
+				req, _ := svc.UnlinkIdentityRequest(&cognitoidentity.UnlinkIdentityInput{
+					IdentityId:     aws.String("IdentityId"),
+					Logins:         map[string]*string{},
+					LoginsToRemove: []*string{},
+				})
+				return req
+			},
+		},
+		"GetCredentialsForIdentity": {
+			ReqFn: func() *request.Request {
+				req, _ := svc.GetCredentialsForIdentityRequest(&cognitoidentity.GetCredentialsForIdentityInput{
+					IdentityId: aws.String("IdentityId"),
+				})
+				return req
+			},
+		},
 	}

-	if e, a := "", req.HTTPRequest.Header.Get("Authorization"); e != a {
-		t.Errorf("expected empty value '%v', but received, %v", e, a)
-	}
-}
-
-func TestUnsignedRequest_GetOpenIDToken(t *testing.T) {
-	req, _ := svc.GetOpenIdTokenRequest(&cognitoidentity.GetOpenIdTokenInput{
-		IdentityId: aws.String("IdentityId"),
-	})
-
-	err := req.Sign()
-	if err != nil {
-		t.Errorf("expected no error, but received %v", err)
-	}
-
-	if e, a := "", req.HTTPRequest.Header.Get("Authorization"); e != a {
-		t.Errorf("expected empty value '%v', but received, %v", e, a)
-	}
-}
-
-func TestUnsignedRequest_GetCredentialsForIdentity(t *testing.T) {
-	req, _ := svc.GetCredentialsForIdentityRequest(&cognitoidentity.GetCredentialsForIdentityInput{
-		IdentityId: aws.String("IdentityId"),
-	})
-
-	err := req.Sign()
-	if err != nil {
-		t.Errorf("expected no error, but received %v", err)
-	}
-
-	if e, a := "", req.HTTPRequest.Header.Get("Authorization"); e != a {
-		t.Errorf("expected empty value '%v', but received, %v", e, a)
+	for cn, c := range cases {
+		t.Run(cn, func(t *testing.T) {
+			req := c.ReqFn()
+			err := req.Sign()
+			if err != nil {
+				t.Errorf("expected no error, but received %v", err)
+			}
+
+			if e, a := credentials.AnonymousCredentials, req.Config.Credentials; e != a {
+				t.Errorf("expect request to use anonymous credentias, %v", a)
+			}
+
+			if e, a := "", req.HTTPRequest.Header.Get("Authorization"); e != a {
+				t.Errorf("expected empty value '%v', but received, %v", e, a)
+			}
+		})
 	}
 }
@@ -3,38 +3,22 @@
 // Package cognitoidentity provides the client and types for making API
 // requests to Amazon Cognito Identity.
 //
-// Amazon Cognito is a web service that delivers scoped temporary credentials
-// to mobile devices and other untrusted environments. Amazon Cognito uniquely
-// identifies a device and supplies the user with a consistent identity over
-// the lifetime of an application.
+// Amazon Cognito Federated Identities is a web service that delivers scoped
+// temporary credentials to mobile devices and other untrusted environments.
+// It uniquely identifies a device and supplies the user with a consistent identity
+// over the lifetime of an application.
 //
-// Using Amazon Cognito, you can enable authentication with one or more third-party
-// identity providers (Facebook, Google, or Login with Amazon), and you can
-// also choose to support unauthenticated access from your app. Cognito delivers
-// a unique identifier for each user and acts as an OpenID token provider trusted
-// by AWS Security Token Service (STS) to access temporary, limited-privilege
-// AWS credentials.
+// Using Amazon Cognito Federated Identities, you can enable authentication
+// with one or more third-party identity providers (Facebook, Google, or Login
+// with Amazon) or an Amazon Cognito user pool, and you can also choose to support
+// unauthenticated access from your app. Cognito delivers a unique identifier
+// for each user and acts as an OpenID token provider trusted by AWS Security
+// Token Service (STS) to access temporary, limited-privilege AWS credentials.
 //
-// To provide end-user credentials, first make an unsigned call to GetId. If
-// the end user is authenticated with one of the supported identity providers,
-// set the Logins map with the identity provider token. GetId returns a unique
-// identifier for the user.
+// For a description of the authentication flow from the Amazon Cognito Developer
+// Guide see Authentication Flow (https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html).
 //
-// Next, make an unsigned call to GetCredentialsForIdentity. This call expects
-// the same Logins map as the GetId call, as well as the IdentityID originally
-// returned by GetId. Assuming your identity pool has been configured via the
-// SetIdentityPoolRoles operation, GetCredentialsForIdentity will return AWS
-// credentials for your use. If your pool has not been configured with SetIdentityPoolRoles,
-// or if you want to follow legacy flow, make an unsigned call to GetOpenIdToken,
-// which returns the OpenID token necessary to call STS and retrieve AWS credentials.
-// This call expects the same Logins map as the GetId call, as well as the IdentityID
-// originally returned by GetId. The token returned by GetOpenIdToken can be
-// passed to the STS operation AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html)
-// to retrieve AWS credentials.
-//
-// If you want to use Amazon Cognito in an Android, iOS, or Unity application,
-// you will probably want to make API calls via the AWS Mobile SDK. To learn
-// more, see the AWS Mobile SDK Developer Guide (http://docs.aws.amazon.com/mobile/index.html).
+// For more information see Amazon Cognito Federated Identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30 for more information on this service.
 //
@@ -29,8 +29,9 @@ var initRequest func(*request.Request)

 // Service information constants
 const (
-	ServiceName = "cognito-identity" // Service endpoint prefix API calls made to.
-	EndpointsID = ServiceName        // Service ID for Regions and Endpoints metadata.
+	ServiceName = "cognito-identity" // Name of service.
+	EndpointsID = ServiceName        // ID to lookup a service endpoint with.
+	ServiceID   = "Cognito Identity" // ServiceID is a unique identifer of a specific service.
 )

 // New creates a new instance of the CognitoIdentity client with a session.
@@ -55,6 +56,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 			cfg,
 			metadata.ClientInfo{
 				ServiceName:   ServiceName,
+				ServiceID:     ServiceID,
 				SigningName:   signingName,
 				SigningRegion: signingRegion,
 				Endpoint:      endpoint,