-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | Comprehensive Amazon Web Services SDK.
--
-- This client library contains request and response logic to communicate
-- with Amazon Web Service compatible APIs using the types supplied by
-- the various amazonka-* service libraries. See the AWS
-- category on Hackage for supported services.
--
-- To get started, import Amazonka and the desired
-- amazonka-* library (such as Amazonka.MachineLearning)
--
-- GHC 8.10.7 and higher is officially supported.
@package amazonka
@version 2.0
-- | Exception for errors involving AWS authentication.
module Amazonka.Auth.Exception
-- | An error thrown when attempting to read AuthN/AuthZ information.
data AuthError
RetrievalError :: HttpException -> AuthError
MissingEnvError :: Text -> AuthError
MissingFileError :: FilePath -> AuthError
InvalidFileError :: Text -> AuthError
InvalidIAMError :: Text -> AuthError
CredentialChainExhausted :: AuthError
class AsAuthError a
-- | A general authentication error.
_AuthError :: AsAuthError a => Prism' a AuthError
-- | An error occured while communicating over HTTP with the local metadata
-- endpoint.
_RetrievalError :: AsAuthError a => Prism' a HttpException
-- | The named environment variable was not found.
_MissingEnvError :: AsAuthError a => Prism' a Text
-- | The specified credentials file could not be found.
_MissingFileError :: AsAuthError a => Prism' a FilePath
-- | An error occured parsing the credentials file.
_InvalidFileError :: AsAuthError a => Prism' a Text
-- | The specified IAM profile could not be found or deserialised.
_InvalidIAMError :: AsAuthError a => Prism' a Text
instance GHC.Generics.Generic Amazonka.Auth.Exception.AuthError
instance GHC.Show.Show Amazonka.Auth.Exception.AuthError
instance Amazonka.Auth.Exception.AsAuthError GHC.Exception.Type.SomeException
instance Amazonka.Auth.Exception.AsAuthError Amazonka.Auth.Exception.AuthError
instance GHC.Exception.Type.Exception Amazonka.Auth.Exception.AuthError
instance Amazonka.Data.Log.ToLog Amazonka.Auth.Exception.AuthError
-- | Helpers for authentication schemes which refresh themselves in the
-- background.
module Amazonka.Auth.Background
-- | Implements the background fetching behavior used by (among others)
-- fromProfileName and fromContainer. Given an
-- IO action that produces an AuthEnv, this spawns a thread
-- that mutates the IORef returned in the resulting Auth to
-- keep the temporary credentials up to date.
fetchAuthInBackground :: IO AuthEnv -> IO Auth
-- | This module contains functions for retrieving various EC2 metadata
-- from an instance's local metadata endpoint. It assumes that you're
-- running the code on an EC2 instance or have a compatible
-- instance-data endpoint available.
--
-- It is intended to be usable when you need to make metadata calls prior
-- to initialisation of the Env.
module Amazonka.EC2.Metadata
-- | Test whether the underlying host is running on EC2 by making an HTTP
-- request to http://instance-data/latest.
isEC2 :: MonadIO m => Manager -> m Bool
-- | Retrieve the specified Dynamic data.
--
-- Throws HttpException if HTTP communication fails.
dynamic :: MonadIO m => Manager -> Dynamic -> m ByteString
-- | Retrieve the specified Metadata.
--
-- Throws HttpException if HTTP communication fails.
metadata :: MonadIO m => Manager -> Metadata -> m ByteString
-- | Retrieve the user data. Returns Nothing if no user data is
-- assigned to the instance.
--
-- Throws HttpException if HTTP communication fails.
userdata :: MonadIO m => Manager -> m (Maybe ByteString)
-- | Retrieve the instance's identity document, detailing various EC2
-- metadata.
--
-- You can alternatively retrieve the raw unparsed identity document by
-- using dynamic and the Document path.
--
-- See: AWS Instance Identity Documents.
identity :: MonadIO m => Manager -> m (Either String IdentityDocument)
data Dynamic
-- | Value showing whether the customer has enabled detailed one-minute
-- monitoring in CloudWatch.
--
-- Valid values: enabled | disabled.
FWS :: Dynamic
-- | JSON containing instance attributes, such as instance-id, private IP
-- address, etc. See: identity, InstanceDocument.
Document :: Dynamic
-- | Used to verify the document's authenticity and content against the
-- signature.
PKCS7 :: Dynamic
-- | Data that can be used by other parties to verify its origin and
-- authenticity.
Signature :: Dynamic
-- | Instance metadata categories. The list of supported categories are
-- listed in the EC2 Documentation.
data Metadata
-- | The AMI ID used to launch the instance.
AMIId :: Metadata
-- | If you started more than one instance at the same time, this value
-- indicates the order in which the instance was launched. The value of
-- the first instance launched is 0.
AMILaunchIndex :: Metadata
-- | The path to the AMI's manifest file in Amazon S3. If you used an
-- Amazon EBS-backed AMI to launch the instance, the returned result is
-- unknown.
AMIManifestPath :: Metadata
-- | The AMI IDs of any instances that were rebundled to create this AMI.
-- This value will only exist if the AMI manifest file contained an
-- ancestor-amis key.
AncestorAMIIds :: Metadata
-- | See: Metadata
Autoscaling :: !Autoscaling -> Metadata
-- | See: Mapping
BlockDevice :: !Mapping -> Metadata
-- | See: Metadata
ElasticGpus :: !ElasticGpus -> Metadata
-- | See Metadata
ElasticInference :: !ElasticInference -> Metadata
-- | See Metadata
Events :: !Events -> Metadata
-- | If the EC2 instance is using IP-based naming (IPBN), this is the
-- private IPv4 DNS hostname of the instance. If the EC2 instance is
-- using Resource-based naming (RBN), this is the RBN. In cases where
-- multiple network interfaces are present, this refers to the eth0
-- device (the device for which the device number is 0). For more
-- information about IPBN and RBN, see Amazon EC2 instance hostname
-- types.
Hostname :: Metadata
-- | See: Metadata
IAM :: !IAM -> Metadata
-- | See: Metadata
IdentityCredentialsEC2 :: !IdentityCredentialsEC2 -> Metadata
-- | Notifies the instance that it should reboot in preparation for
-- bundling. Valid values: none | shutdown |
-- bundle-pending.
InstanceAction :: Metadata
-- | The ID of this instance.
InstanceId :: Metadata
-- | The purchasing option of this instance. For more information, see
-- Instance purchasing options.
InstanceLifeCycle :: Metadata
-- | The type of instance. For more information, see Instance types.
InstanceType :: Metadata
-- | The IPv6 address of the instance. In cases where multiple network
-- interfaces are present, this refers to the eth0 device (the device for
-- which the device number is 0) network interface and the first IPv6
-- address assigned. If no IPv6 address exists on network interface[0],
-- this item is not set and results in an HTTP 404 response.
IPV6 :: Metadata
-- | The ID of the kernel launched with this instance, if applicable.
KernelId :: Metadata
-- | In cases where multiple network interfaces are present, this refers to
-- the eth0 device (the device for which the device number is 0). If the
-- EC2 instance is using IP-based naming (IPBN), this is the private IPv4
-- DNS hostname of the instance. If the EC2 instance is using
-- Resource-based naming (RBN), this is the RBN. For more information
-- about IPBN, RBN, and EC2 instance naming, see Amazon EC2 instance
-- hostname types.
LocalHostname :: Metadata
-- | The private IPv4 address of the instance. In cases where multiple
-- network interfaces are present, this refers to the eth0 device (the
-- device for which the device number is 0). If this is an IPv6-only
-- instance, this item is not set and results in an HTTP 404 response.
LocalIPV4 :: Metadata
-- | The instance's media access control (MAC) address. In cases where
-- multiple network interfaces are present, this refers to the eth0
-- device (the device for which the device number is 0).
MAC :: Metadata
-- | See: Interface
Network :: !Text -> !Interface -> Metadata
-- | See: Metadata
Placement :: !Placement -> Metadata
-- | AWS Marketplace product codes associated with the instance, if any.
ProductCodes :: Metadata
-- | The instance's public DNS (IPv4). This category is only returned if
-- the enableDnsHostnames attribute is set to true. For
-- more information, see Using DNS with Your VPC in the Amazon
-- VPC User Guide. If the instance only has a public-IPv6 address and
-- no public-IPv4 address, this item is not set and results in an HTTP
-- 404 response.
PublicHostname :: Metadata
-- | The public IP address. If an Elastic IP address is associated with the
-- instance, the value returned is the Elastic IP address.
PublicIPV4 :: Metadata
-- | Public key. Only available if supplied at instance launch time.
OpenSSHKey :: Metadata
-- | The ID of the RAM disk specified at launch time, if applicable.
RAMDiskId :: Metadata
-- | ID of the reservation.
ReservationId :: Metadata
-- | The names of the security groups applied to the instance.
--
-- After launch, you can change the security groups of the instances.
-- Such changes are reflected here and in
-- network/interfaces/macs/${mac}/security-groups.
SecurityGroups :: Metadata
-- | See: Metadata
Services :: !Services -> Metadata
-- | See: Metadata
Spot :: !Spot -> Metadata
-- | See: Metadata
Tags :: !Tags -> Metadata
-- | Metadata keys for autoscaling/*.
data Autoscaling
-- | Value showing the target Auto Scaling lifecycle state that an Auto
-- Scaling instance is transitioning to. Present when the instance
-- transitions to one of the target lifecycle states after March 10,
-- 2022. Possible values: Detached | InService |
-- Standby | Terminated | Warmed:Hibernated |
-- Warmed:Running | Warmed:Stopped |
-- Warmed:Terminated. See Retrieve the target lifecycle state
-- through instance metadata in the Amazon EC2 Auto Scaling User
-- Guide.
TargetLifecycleState :: Autoscaling
-- | Metadata keys for block-device-mapping/*.
data Mapping
-- | The virtual device that contains the root/boot file system.
AMI :: Mapping
-- | The virtual devices associated with Amazon EBS volumes, if present.
-- This value is only available in metadata if it is present at launch
-- time. The N indicates the index of the Amazon EBS volume (such as ebs1
-- or ebs2).
EBS :: !Int -> Mapping
-- | The virtual devices associated with ephemeral devices, if present. The
-- N indicates the index of the ephemeral volume.
Ephemeral :: !Int -> Mapping
-- | The virtual devices or partitions associated with the root devices, or
-- partitions on the virtual device, where the root (/ or C:) file system
-- is associated with the given instance.
Root :: Mapping
-- | The virtual devices associated with swap. Not always present.
Swap :: Mapping
-- | Metadata keys for elastic-gpus/*.
newtype ElasticGpus
-- | If there is an Elastic GPU attached to the instance, contains a JSON
-- string with information about the Elastic GPU, including its ID and
-- connection information.
EGAssociations :: Text -> ElasticGpus
-- | Metadata keys for elastic-inference/*.
newtype ElasticInference
-- | If there is an Elastic Inference accelerator attached to the instance,
-- contains a JSON string with information about the Elastic Inference
-- accelerator, including its ID and type.
EIAssociations :: Text -> ElasticInference
-- | Metadata keys for events/*.
data Events
Maintenance :: !Maintenance -> Events
Recommendations :: !Recommendations -> Events
-- | Metadata keys for eventsmaintenance*.
data Maintenance
-- | If there are completed or canceled maintenance events for the
-- instance, contains a JSON string with information about the events.
-- For more information, see To view event history about completed or
-- canceled events.
History :: Maintenance
-- | If there are active maintenance events for the instance, contains a
-- JSON string with information about the events. For more information,
-- see View scheduled events.
Scheduled :: Maintenance
-- | Metadata keys for events/recommendations/*.
data Recommendations
-- | The approximate time, in UTC, when the EC2 instance rebalance
-- recommendation notification is emitted for the instance. The following
-- is an example of the metadata for this category: {"noticeTime":
-- "2020-11-05T08:22:00Z"}. This category is available only after
-- the notification is emitted. For more information, see EC2 instance
-- rebalance recommendations.
Rebalance :: Recommendations
-- | Metadata keys for iam/*.
data IAM
-- | If there is an IAM role associated with the instance, contains
-- information about the last time the instance profile was updated,
-- including the instance's LastUpdated date, InstanceProfileArn, and
-- InstanceProfileId. Otherwise, not present.
Info :: IAM
-- | If there is an IAM role associated with the instance,
-- role-name is the name of the role, and role-name
-- contains the temporary security credentials associated with the role
-- (for more information, see Retrieve security credentials from
-- instance metadata). Otherwise, not present.
--
-- See: Auth for JSON deserialisation.
SecurityCredentials :: Maybe Text -> IAM
-- | Metadata keys for identity-credentials/ec2/*.
data IdentityCredentialsEC2
-- | Information about the credentials in
-- identity-credentialsec2security-credentials/ec2-instance.
ICEInfo :: IdentityCredentialsEC2
-- | Credentials for the instance identity role that allow on-instance
-- software to identify itself to AWS to support features such as EC2
-- Instance Connect and AWS Systems Manager Default Host Management
-- Configuration. These credentials have no policies attached, so they
-- have no additional AWS API permissions beyond identifying the instance
-- to the AWS feature. For more information, see Instance identity
-- roles.
ICESecurityCredentials :: IdentityCredentialsEC2
-- | Metadata keys for network/interfaces/macs/${mac}/*.
data Interface
-- | The unique device number associated with that interface. The device
-- number corresponds to the device name; for example, a
-- device-number of 2 is for the eth2 device. This category
-- corresponds to the DeviceIndex and device-index
-- fields that are used by the Amazon EC2 API and the EC2 commands for
-- the AWS CLI.
IDeviceNumber :: Interface
-- | The ID of the network interface.
IInterfaceId :: Interface
-- | The private IPv4 addresses that are associated with each public-ip
-- address and assigned to that interface.
IIPV4Associations :: !Text -> Interface
-- | The IPv6 addresses associated with the interface. Returned only for
-- instances launched into a VPC.
IIPV6s :: Interface
-- | The private IPv4 DNS hostname of the instance. In cases where multiple
-- network interfaces are present, this refers to the eth0 device (the
-- device for which the device number is 0). If this is a IPv6-only
-- instance, this is the resource-based name. For more information about
-- IPBN and RBN, see Amazon EC2 instance hostname types.
ILocalHostname :: Interface
-- | The private IPv4 addresses associated with the interface. If this is
-- an IPv6-only network interface, this item is not set and results in an
-- HTTP 404 response.
ILocalIPV4s :: Interface
-- | The instance's MAC address.
IMAC :: Interface
-- | The index of the network card. Some instance types support multiple
-- network cards.
INetworkCardIndex :: Interface
-- | The ID of the owner of the network interface. In multiple-interface
-- environments, an interface can be attached by a third party, such as
-- Elastic Load Balancing. Traffic on an interface is always billed to
-- the interface owner.
IOwnerId :: Interface
-- | The interface's public DNS (IPv4). This category is only returned if
-- the enableDnsHostnames attribute is set to true. For
-- more information, see Using DNS with Your VPC in the Amazon
-- VPC User Guide. If the instance only has a public-IPv6 address and
-- no public-IPv4 address, this item is not set and results in an HTTP
-- 404 response.
IPublicHostname :: Interface
-- | The Elastic IP addresses associated with the interface. There may be
-- multiple IP addresses on an instance.
IPublicIPV4s :: Interface
-- | Security groups to which the network interface belongs.
ISecurityGroups :: Interface
-- | The IDs of the security groups to which the network interface belongs.
ISecurityGroupIds :: Interface
-- | The ID of the subnet in which the interface resides.
ISubnetId :: Interface
-- | The IPv4 CIDR block of the subnet in which the interface resides.
ISubnetIPV4_CIDRBlock :: Interface
-- | The IPv6 CIDR block of the subnet in which the interface resides.
ISubnetIPV6_CIDRBlock :: Interface
-- | The ID of the VPC in which the interface resides.
IVPCId :: Interface
-- | The primary IPv4 CIDR block of the VPC.
IVPCIPV4_CIDRBlock :: Interface
-- | The IPv4 CIDR blocks for the VPC.
IVPCIPV4_CIDRBlocks :: Interface
-- | The IPv6 CIDR block of the VPC in which the interface resides.
IVPCIPV6_CIDRBlocks :: Interface
-- | Metadata keys for placement/*.
data Placement
-- | The Availability Zone in which the instance launched.
AvailabilityZone :: Placement
-- | The static Availability Zone ID in which the instance is launched. The
-- Availability Zone ID is consistent across accounts. However, it might
-- be different from the Availability Zone, which can vary by account.
AvailabilityZoneId :: Placement
-- | The name of the placement group in which the instance is launched.
GroupName :: Placement
-- | The ID of the host on which the instance is launched. Applicable only
-- to Dedicated Hosts.
HostId :: Placement
-- | The number of the partition in which the instance is launched.
PartitionNumber :: Placement
-- | The AWS Region in which the instance is launched.
Region :: Placement
-- | Metadata keys for services/*.
data Services
-- | The domain for AWS resources for the Region.
Domain :: Services
-- | The partition that the resource is in. For standard AWS Regions, the
-- partition is aws. If you have resources in other partitions,
-- the partition is aws-${partitionname}. For example, the
-- partition for resources in the China (Beijing) Region is
-- aws-cn.
Partition :: Services
-- | Metadata keys for spot/*.
data Spot
-- | The action (hibernate, stop, or terminate) and the approximate time,
-- in UTC, when the action will occur. This item is present only if the
-- Spot Instance has been marked for hibernate, stop, or terminate. For
-- more information, see instance-action.
SInstanceAction :: Spot
-- | The approximate time, in UTC, that the operating system for your Spot
-- Instance will receive the shutdown signal. This item is present and
-- contains a time value (for example, 2015-01-05T18:02:00Z) only if the
-- Spot Instance has been marked for termination by Amazon EC2. The
-- termination-time item is not set to a time if you terminated the Spot
-- Instance yourself. For more information, see termination-time.
STerminationTime :: Spot
-- | Metadata keys for tags/*.
data Tags
-- | The instance tags associated with the instance. Only available if you
-- explicitly allow access to tags in instance metadata. For more
-- information, see Allow access to tags in instance metadata.
Instance :: Tags
-- | Represents an instance's identity document.
--
-- Note: Fields such as _instanceType are represented as
-- unparsed Text and will need to be manually parsed using
-- fromText when the relevant types from a library such as
-- Amazonka.EC2 are brought into scope.
data IdentityDocument
IdentityDocument :: Maybe [Text] -> Maybe [Text] -> Maybe Text -> Maybe Text -> Text -> Region -> Text -> Text -> Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe ISO8601 -> IdentityDocument
[$sel:devpayProductCodes:IdentityDocument] :: IdentityDocument -> Maybe [Text]
[$sel:billingProducts:IdentityDocument] :: IdentityDocument -> Maybe [Text]
[$sel:version:IdentityDocument] :: IdentityDocument -> Maybe Text
[$sel:privateIp:IdentityDocument] :: IdentityDocument -> Maybe Text
[$sel:availabilityZone:IdentityDocument] :: IdentityDocument -> Text
[$sel:region:IdentityDocument] :: IdentityDocument -> Region
[$sel:instanceId:IdentityDocument] :: IdentityDocument -> Text
[$sel:instanceType:IdentityDocument] :: IdentityDocument -> Text
[$sel:accountId:IdentityDocument] :: IdentityDocument -> Text
[$sel:imageId:IdentityDocument] :: IdentityDocument -> Maybe Text
[$sel:kernelId:IdentityDocument] :: IdentityDocument -> Maybe Text
[$sel:ramdiskId:IdentityDocument] :: IdentityDocument -> Maybe Text
[$sel:architecture:IdentityDocument] :: IdentityDocument -> Maybe Text
[$sel:pendingTime:IdentityDocument] :: IdentityDocument -> Maybe ISO8601
identityDocument_devpayProductCodes :: Lens' IdentityDocument (Maybe [Text])
identityDocument_billingProducts :: Lens' IdentityDocument (Maybe [Text])
identityDocument_version :: Lens' IdentityDocument (Maybe Text)
identityDocument_privateIp :: Lens' IdentityDocument (Maybe Text)
identityDocument_availabilityZone :: Lens' IdentityDocument Text
identityDocument_region :: Lens' IdentityDocument Region
identityDocument_instanceId :: Lens' IdentityDocument Text
identityDocument_instanceType :: Lens' IdentityDocument Text
identityDocument_accountId :: Lens' IdentityDocument Text
identityDocument_imageId :: Lens' IdentityDocument (Maybe Text)
identityDocument_kernelId :: Lens' IdentityDocument (Maybe Text)
identityDocument_ramdiskId :: Lens' IdentityDocument (Maybe Text)
identityDocument_architecture :: Lens' IdentityDocument (Maybe Text)
identityDocument_pendingTime :: Lens' IdentityDocument (Maybe ISO8601)
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Dynamic
instance GHC.Show.Show Amazonka.EC2.Metadata.Dynamic
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Dynamic
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Dynamic
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Autoscaling
instance GHC.Show.Show Amazonka.EC2.Metadata.Autoscaling
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Autoscaling
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Autoscaling
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Mapping
instance GHC.Show.Show Amazonka.EC2.Metadata.Mapping
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Mapping
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Mapping
instance GHC.Generics.Generic Amazonka.EC2.Metadata.ElasticGpus
instance GHC.Show.Show Amazonka.EC2.Metadata.ElasticGpus
instance GHC.Classes.Ord Amazonka.EC2.Metadata.ElasticGpus
instance GHC.Classes.Eq Amazonka.EC2.Metadata.ElasticGpus
instance GHC.Generics.Generic Amazonka.EC2.Metadata.ElasticInference
instance GHC.Show.Show Amazonka.EC2.Metadata.ElasticInference
instance GHC.Classes.Ord Amazonka.EC2.Metadata.ElasticInference
instance GHC.Classes.Eq Amazonka.EC2.Metadata.ElasticInference
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Maintenance
instance GHC.Show.Show Amazonka.EC2.Metadata.Maintenance
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Maintenance
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Maintenance
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Recommendations
instance GHC.Show.Show Amazonka.EC2.Metadata.Recommendations
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Recommendations
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Recommendations
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Events
instance GHC.Show.Show Amazonka.EC2.Metadata.Events
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Events
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Events
instance GHC.Generics.Generic Amazonka.EC2.Metadata.IAM
instance GHC.Show.Show Amazonka.EC2.Metadata.IAM
instance GHC.Classes.Ord Amazonka.EC2.Metadata.IAM
instance GHC.Classes.Eq Amazonka.EC2.Metadata.IAM
instance GHC.Generics.Generic Amazonka.EC2.Metadata.IdentityCredentialsEC2
instance GHC.Show.Show Amazonka.EC2.Metadata.IdentityCredentialsEC2
instance GHC.Classes.Ord Amazonka.EC2.Metadata.IdentityCredentialsEC2
instance GHC.Classes.Eq Amazonka.EC2.Metadata.IdentityCredentialsEC2
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Interface
instance GHC.Show.Show Amazonka.EC2.Metadata.Interface
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Interface
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Interface
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Placement
instance GHC.Show.Show Amazonka.EC2.Metadata.Placement
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Placement
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Placement
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Services
instance GHC.Show.Show Amazonka.EC2.Metadata.Services
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Services
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Services
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Spot
instance GHC.Show.Show Amazonka.EC2.Metadata.Spot
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Spot
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Spot
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Tags
instance GHC.Show.Show Amazonka.EC2.Metadata.Tags
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Tags
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Tags
instance GHC.Generics.Generic Amazonka.EC2.Metadata.Metadata
instance GHC.Show.Show Amazonka.EC2.Metadata.Metadata
instance GHC.Classes.Ord Amazonka.EC2.Metadata.Metadata
instance GHC.Classes.Eq Amazonka.EC2.Metadata.Metadata
instance GHC.Generics.Generic Amazonka.EC2.Metadata.IdentityDocument
instance GHC.Show.Show Amazonka.EC2.Metadata.IdentityDocument
instance GHC.Classes.Eq Amazonka.EC2.Metadata.IdentityDocument
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.EC2.Metadata.IdentityDocument
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.EC2.Metadata.IdentityDocument
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Metadata
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Tags
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Spot
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Services
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Placement
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Interface
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.IdentityCredentialsEC2
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.IAM
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Events
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Recommendations
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Maintenance
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.ElasticInference
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.ElasticGpus
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Mapping
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Autoscaling
instance Amazonka.Data.Text.ToText Amazonka.EC2.Metadata.Dynamic
-- | Types and functions for constructing loggers and emitting log
-- messages.
module Amazonka.Logger
-- | A logging function called by various default hooks to log
-- informational and debug messages.
type Logger = LogLevel -> ByteStringBuilder -> IO ()
-- | This is a primitive logger which can be used to log builds to a
-- Handle.
--
-- Note: A more sophisticated logging library such as
-- tinylog or fast-logger should be used in production
-- code.
newLogger :: MonadIO m => LogLevel -> Handle -> m Logger
data LogLevel
-- | Info messages supplied by the user - this level is not emitted by the
-- library.
Info :: LogLevel
-- | Error messages only.
Error :: LogLevel
-- | Useful debug information + info + error levels.
Debug :: LogLevel
-- | Includes potentially sensitive signing metadata, and non-streaming
-- response bodies.
Trace :: LogLevel
logError :: (MonadIO m, ToLog a) => Logger -> a -> m ()
logInfo :: (MonadIO m, ToLog a) => Logger -> a -> m ()
logDebug :: (MonadIO m, ToLog a) => Logger -> a -> m ()
logTrace :: (MonadIO m, ToLog a) => Logger -> a -> m ()
class ToLog a
-- | Convert a value to a loggable builder.
build :: ToLog a => a -> ByteStringBuilder
-- | Intercalate a list of ByteStringBuilders with newlines.
buildLines :: [ByteStringBuilder] -> ByteStringBuilder
instance GHC.Generics.Generic Amazonka.Logger.LogLevel
instance GHC.Show.Show Amazonka.Logger.LogLevel
instance GHC.Enum.Enum Amazonka.Logger.LogLevel
instance GHC.Classes.Ord Amazonka.Logger.LogLevel
instance GHC.Classes.Eq Amazonka.Logger.LogLevel
instance Amazonka.Data.Text.FromText Amazonka.Logger.LogLevel
instance Amazonka.Data.Text.ToText Amazonka.Logger.LogLevel
instance Amazonka.Data.ByteString.ToByteString Amazonka.Logger.LogLevel
-- | Environment and AWS specific configuration needed to perform AWS
-- requests.
module Amazonka.Env
-- | Creates a new environment with a new Manager without debug
-- logging and uses the provided function to expand/discover credentials.
-- Record updates or lenses can be used to further configure the
-- resulting Env.
--
-- Since: 1.5.0 - The region is now retrieved from the
-- AWS_REGION environment variable (identical to official SDKs),
-- or defaults to us-east-1. You can override the Env
-- region by updating its $sel:region:Env field.
--
-- Since: 1.3.6 - The default logic for retrying
-- HttpExceptions now uses retryConnectionFailure to retry
-- specific connection failure conditions up to 3 times. Previously only
-- service specific errors were automatically retried. This can be
-- reverted to the old behaviour by resetting the Env's
-- $sel:retryCheck:Env field to (\_ _ -> False).
--
-- Throws AuthError when environment variables or IAM profiles
-- cannot be read.
--
-- See: newEnvFromManager.
newEnv :: MonadIO m => (EnvNoAuth -> m Env) -> m Env
-- | Creates a new environment, but with an existing Manager.
newEnvFromManager :: MonadIO m => Manager -> (EnvNoAuth -> m Env) -> m Env
-- | Generate an environment without credentials, which may only make
-- unsigned requests. Sets the region based on the AWS_REGION
-- environment variable, or NorthVirginia if unset.
--
-- This lets us support calls like the
-- sts:AssumeRoleWithWebIdentity operation, which needs to make an
-- unsigned request to pass the token from an identity provider.
newEnvNoAuth :: MonadIO m => m EnvNoAuth
-- | Generate an environment without credentials, passing in an explicit
-- Manager.
newEnvNoAuthFromManager :: MonadIO m => Manager -> m EnvNoAuth
-- | The environment containing the parameters required to make AWS
-- requests.
--
-- This type tracks whether or not we have credentials at the type level,
-- to avoid "presigning" requests when we lack auth information.
data Env' withAuth
Env :: Region -> Logger -> ~Hooks -> (Int -> HttpException -> Bool) -> (Service -> Service) -> Manager -> withAuth Auth -> Env' withAuth
[$sel:region:Env] :: Env' withAuth -> Region
[$sel:logger:Env] :: Env' withAuth -> Logger
[$sel:hooks:Env] :: Env' withAuth -> ~Hooks
[$sel:retryCheck:Env] :: Env' withAuth -> Int -> HttpException -> Bool
[$sel:overrides:Env] :: Env' withAuth -> Service -> Service
[$sel:manager:Env] :: Env' withAuth -> Manager
[$sel:auth:Env] :: Env' withAuth -> withAuth Auth
-- | An environment with auth credentials. Most AWS requests need one of
-- these, and you can create one with newEnv.
type Env = Env' Identity
-- | An environment with no auth credentials. Used for certain requests
-- which need to be unsigned, like
-- sts:AssumeRoleWithWebIdentity, and you can create one with
-- newEnvNoAuth if you need it.
type EnvNoAuth = Env' Proxy
-- | Get "the" Auth from an Env', if we can.
authMaybe :: Foldable withAuth => Env' withAuth -> Maybe Auth
-- | Look up the region in the AWS_REGION environment variable.
lookupRegion :: MonadIO m => m (Maybe Region)
env_region :: Lens' (Env' withAuth) Region
env_logger :: Lens' (Env' withAuth) Logger
env_hooks :: Lens' (Env' withAuth) Hooks
env_retryCheck :: Lens' (Env' withAuth) (Int -> HttpException -> Bool)
env_overrides :: Lens' (Env' withAuth) (Service -> Service)
env_manager :: Lens' (Env' withAuth) Manager
env_auth :: Lens (Env' withAuth) (Env' withAuth') (withAuth Auth) (withAuth' Auth)
-- | Provide a function which will be added to the existing stack of
-- overrides applied to all service configurations.
overrideService :: (Service -> Service) -> Env' withAuth -> Env' withAuth
-- | Configure a specific service. All requests belonging to the supplied
-- service will use this configuration instead of the default.
--
-- It's suggested you modify the default service configuration, such as
-- Amazonka.DynamoDB.defaultService.
configureService :: Service -> Env' withAuth -> Env' withAuth
-- | Override the timeout value for this Env.
--
-- Default timeouts are chosen by considering:
--
--
-- - This timeout, if set.
-- - The related Service timeout for the sent request if set.
-- (Usually 70s)
-- - The $sel:manager:Env timeout if set.
-- - The default ClientRequest timeout. (Approximately 30s)
--
globalTimeout :: Seconds -> Env' withAuth -> Env' withAuth
-- | Disable any retry logic for an Env, so that any requests will
-- at most be sent once.
once :: Env' withAuth -> Env' withAuth
-- | Retry the subset of transport specific errors encompassing connection
-- failure up to the specific number of times.
retryConnectionFailure :: Int -> Int -> HttpException -> Bool
instance GHC.Generics.Generic (Amazonka.Env.Env' withAuth)
-- | Hooks carried within an Env, allowing ad-hoc injection of
-- different behaviour during Amazonka's request/response cycle. Hooks
-- are currently experimental, but Amazonka uses the Hooks API to
-- implement its default logging, and you can add your own behaviour here
-- as well. Some examples of things hooks can do:
--
--
-- - Log all requests Amazonka makes to a separate log, in order to
-- audit which IAM permissions your program actually needs (see
-- requestHook);
--
--
--
-- {-# LANGAUGE OverloadedLabels #-}
-- import Amazonka
-- import Amazonka.Env.Hooks
-- import Data.Generics.Labels ()
--
-- main :: IO ()
-- main = do
-- env <- newEnv discover
-- <&> #hooks %~ requestHook (addAWSRequestHook $ \_env req -> req <$ logRequest req)
-- ...
--
-- logRequest :: AWSRequest a => a -> IO ()
-- logRequest = ...
--
--
--
--
--
--
-- {-# LANGAUGE OverloadedLabels #-}
-- import Amazonka
-- import Amazonka.Env.Hooks
-- import Data.Generics.Labels ()
--
-- main :: IO ()
-- main = do
-- env <- newEnv discover
-- <&> #hooks %~ configuredRequestHook (addHook $ \_env req -> req & #headers %~ addXRayIdHeader)
-- ...
--
-- -- The actual header would normally come from whatever calls into your program,
-- -- or you would randomly generate one yourself (hooks run in IO).
-- addXRayIdHeader :: [Header] -> [Header]
-- addXRayIdHeader = ...
--
--
--
--
-- - Selectively silence certain expected errors, such as DynamoDB's
-- ConditionalCheckFailedException (errorHook and
-- silenceError)
--
--
--
-- {-# LANGAUGE OverloadedLabels #-}
-- import Amazonka
-- import Amazonka.Env.Hooks
-- import qualified Amazonka.DynamoDB as DynamoDB
-- import Data.Generics.Labels ()
--
-- main :: IO ()
-- main = do
-- env <- newEnv discover
-- putItemResponse <- runResourceT $
-- send
-- (env & #hooks %~ errorHook (silenceError DynamoDB._ConditionalCheckFailedException))
-- (DynamoDB.newPutItem ...)
-- ...
--
--
--
-- Most functions with names ending in Hook (requestHook,
-- etc.) are intended for use with lenses: partially apply them to get a
-- function Hook a -> Hook a that can go on the
-- RHS of (%~) (the lens modify function). You then use
-- functions like addHookFor to selectively extend the hooks used
-- at any particular time.
--
-- Names ending in _ (Hook_, addHookFor_, etc.)
-- concern hooks that return () instead of the hook's input
-- type. These hooks respond to some event but lack the ability to change
-- Amazonka's behaviour; either because it is unsafe to do so, or because
-- it is difficult to do anything meaningful with the updated value.
--
-- The request/response flow for a standard send looks like this:
--
--
-- send (req :: AWSRequest a => a)
-- |
-- V
-- Run Hook: request
-- |
-- V
-- Amazonka: configure req into "Request a"
-- (Amazonka-specific HTTP request type)
-- |
-- V
-- Run Hook: configuredRequest
-- |
-- V
-- Amazonka: sign request, turn into standard
-- Network.HTTP.Client.Request
-- |
-- +-<---------------------------------.
-- V |
-- Run Hook: signedRequest |
-- | |
-- V |
-- Run Hook: clientRequest |
-- | |
-- V |
-- Amazonka: send request to AWS Run Hook: requestRetry
-- | ^
-- V |
-- Run Hook: clientResponse |
-- | |
-- V |
-- Run Hook: rawResponseBody |
-- | |
-- V |
-- Amazonka: was error? ------------------. |
-- | Yes | |
-- | V |
-- | No Run Hook: error |
-- | (NotFinal) |
-- | | |
-- +-<-----------------------' |
-- V |
-- Amazonka: should retry? -------------------------'
-- | Yes
-- | No
-- V
-- Amazonka: was error? ------------------.
-- | Yes |
-- | V
-- | No |
-- | |
-- Run Hook: response Run Hook: error
-- | (Final)
-- | |
-- V |
-- Amazonka: parse response |
-- | |
-- +-<-----------------------'
-- V
-- Amazonka: return result
--
module Amazonka.Env.Hooks
-- | A hook that returns an updated version of its arguments.
type Hook a = forall withAuth. Env' withAuth -> a -> IO a
-- | A hook that cannot return an updated version of its argument.
type Hook_ a = forall withAuth. Env' withAuth -> a -> IO ()
data Hooks
Hooks :: (forall a. (AWSRequest a, Typeable a) => Hook a) -> (forall a. (AWSRequest a, Typeable a) => Hook (Request a)) -> (forall a. (AWSRequest a, Typeable a) => Hook (Wait a)) -> (forall a. (AWSRequest a, Typeable a) => Hook_ (Signed a)) -> Hook ClientRequest -> (forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, ClientResponse ())) -> Hook ByteStringLazy -> (forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, Text, RetryStatus)) -> (forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, Wait a, Accept, RetryStatus)) -> (forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, ClientResponse (AWSResponse a))) -> (forall a. (AWSRequest a, Typeable a) => Hook_ (Finality, Request a, Error)) -> Hooks
-- | Called at the start of request processing, before the request is
-- configured. This is always the first hook that runs, and argument is
-- usually a request record type like amazonka-s3's
-- GetObjectRequest.
[$sel:request:Hooks] :: Hooks -> forall a. (AWSRequest a, Typeable a) => Hook a
-- | Called after the request has been configured into an abstract HTTP
-- request, but before it is converted to a signed
-- Network.HTTP.Client.Request.
--
-- If you want to add additional headers (e.g., a Trace ID for AWS
-- X-Ray), do it with this hook.
[$sel:configuredRequest:Hooks] :: Hooks -> forall a. (AWSRequest a, Typeable a) => Hook (Request a)
-- | Called at the start of waiter processing, just after the request is
-- configured.
[$sel:wait:Hooks] :: Hooks -> forall a. (AWSRequest a, Typeable a) => Hook (Wait a)
-- | Called just after a request is signed, containing signature metadata
-- and a Network.HTTP.Client.Request.
[$sel:signedRequest:Hooks] :: Hooks -> forall a. (AWSRequest a, Typeable a) => Hook_ (Signed a)
-- | Called on a Network.HTTP.Client.Request, just before
-- it is sent. While you can retrieve a ClientRequest from the
-- Hooks hook, this hook captures unsigned requests too.
--
-- Changing the contents of a signed request is highly likely to break
-- its signature.
[$sel:clientRequest:Hooks] :: Hooks -> Hook ClientRequest
-- | Called on the raw Network.HTTP.Client.Response, as
-- soon as it comes back from the HTTP client. The body is replaced with
-- () to prevent its accidental consumption by hooks.
[$sel:clientResponse:Hooks] :: Hooks -> forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, ClientResponse ())
-- | Called on the raw response body, after it has been sunk from the
-- Network.HTTP.Client.Response.
[$sel:rawResponseBody:Hooks] :: Hooks -> Hook ByteStringLazy
-- | Called when Amazonka decides to retry a failed request. The
-- Text argument is an error code like "http_error",
-- "request_throttled_exception". Check the retry check function
-- for your particular Service, usually found somewhere like
-- Amazonka.S3.Types.defaultService.
[$sel:requestRetry:Hooks] :: Hooks -> forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, Text, RetryStatus)
-- | Called when Amazonka decides to retry a request while resolving an
-- await operation.
[$sel:awaitRetry:Hooks] :: Hooks -> forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, Wait a, Accept, RetryStatus)
-- | Called when a response from AWS is successfully deserialised. Because
-- the AWSResponse type family is not injective, we include the
-- original request.
[$sel:response:Hooks] :: Hooks -> forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, ClientResponse (AWSResponse a))
-- | Called whenever an AWS request returns an Error, even when the
-- corresponding request is retried.
--
-- On the final error after all retries, this hook will be called twice:
-- once with NotFinal and once with Final. This
-- behavior may change in a future version.
[$sel:error:Hooks] :: Hooks -> forall a. (AWSRequest a, Typeable a) => Hook_ (Finality, Request a, Error)
-- | Indicates whether an error hook is potentially going to be retried.
--
-- See: $sel:error:Hooks
data Finality
NotFinal :: Finality
Final :: Finality
requestHook :: (forall a. (AWSRequest a, Typeable a) => Hook a -> Hook a) -> Hooks -> Hooks
waitHook :: (forall a. (AWSRequest a, Typeable a) => Hook (Wait a) -> Hook (Wait a)) -> Hooks -> Hooks
configuredRequestHook :: (forall a. (AWSRequest a, Typeable a) => Hook (Request a) -> Hook (Request a)) -> Hooks -> Hooks
signedRequestHook :: (forall a. (AWSRequest a, Typeable a) => Hook_ (Signed a) -> Hook_ (Signed a)) -> Hooks -> Hooks
clientRequestHook :: (Hook ClientRequest -> Hook ClientRequest) -> Hooks -> Hooks
clientResponseHook :: (forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, ClientResponse ()) -> Hook_ (Request a, ClientResponse ())) -> Hooks -> Hooks
rawResponseBodyHook :: (Hook ByteStringLazy -> Hook ByteStringLazy) -> Hooks -> Hooks
requestRetryHook :: (forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, Text, RetryStatus) -> Hook_ (Request a, Text, RetryStatus)) -> Hooks -> Hooks
awaitRetryHook :: (forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, Wait a, Accept, RetryStatus) -> Hook_ (Request a, Wait a, Accept, RetryStatus)) -> Hooks -> Hooks
responseHook :: (forall a. (AWSRequest a, Typeable a) => Hook_ (Request a, ClientResponse (AWSResponse a)) -> Hook_ (Request a, ClientResponse (AWSResponse a))) -> Hooks -> Hooks
errorHook :: (forall a. (AWSRequest a, Typeable a) => Hook_ (Finality, Request a, Error) -> Hook_ (Finality, Request a, Error)) -> Hooks -> Hooks
-- | Turn a Hook a into another Hook a that
-- does nothing.
--
--
-- - - Example: remove all request hooks: requestHook noHook ::
-- Hooks -> Hooks
--
noHook :: Hook a -> Hook a
-- | Turn a Hook_ a into another Hook_ a
-- that does nothing.
--
--
-- -- Example: Remove all response hooks:
-- responseHook noHook_ :: Hooks -> Hooks
--
noHook_ :: Hook_ a -> Hook_ a
-- | Unconditionally add a Hook a to the chain of hooks. If
-- you need to do something with specific request types, you want
-- addHookFor, instead.
addHook :: Typeable a => Hook a -> Hook a -> Hook a
-- | Unconditionally add a Hook_ a to the chain of hooks.
-- If you need to do something with specific request types, you want
-- addHookFor_, instead.
addHook_ :: Typeable a => Hook_ a -> Hook_ a -> Hook_ a
-- | Like addHook, adds an unconditional hook, but it also captures
-- the AWSRequest a constraint. Useful for handling every
-- AWS request type in a generic way.
addAWSRequestHook :: (AWSRequest a, Typeable a) => Hook a -> Hook a -> Hook a
-- | addAWSRequestHook_ is addAWSRequestHook but for
-- Hook_s.
addAWSRequestHook_ :: (AWSRequest a, Typeable a) => Hook_ a -> Hook_ a -> Hook_ a
-- | addHookFor @a newHook oldHook When a and b
-- are the same type, run the given 'Hook a' after all others, otherwise
-- only run the existing hooks.
--
--
-- -- Example: Run getObjectRequestHook on anything that is a GetObjectRequest:
-- requestHook (addHookFor @GetObjectRequest getObjectRequestHook) :: Hooks -> Hooks
--
addHookFor :: forall a b. (Typeable a, Typeable b) => Hook a -> Hook b -> Hook b
-- | When a and b are the same type, run the given 'Hook_
-- a' after all other hooks have run.
--
--
-- -- Example: Run aSignedRequestHook on anything that is a Signed GetObjectRequest:
-- requestHook (addHookFor_ @(Signed GetObjectRequest) aSignedRequestHook) :: Hooks -> Hooks
--
addHookFor_ :: forall a b. (Typeable a, Typeable b) => Hook_ a -> Hook_ b -> Hook_ b
-- | When a and b are the same type, do not call any more
-- hooks.
--
--
-- -- Example: Prevent any request hooks from running against a PutObjectRequest:
-- requestHook (removeHooksFor @PutObjectRequest) :: Hooks -> Hooks
--
removeHooksFor :: forall a b. (Typeable a, Typeable b) => Hook b -> Hook b
-- | When a and b are the same type, do not call any more
-- hooks.
--
--
-- -- Example: Prevent any error hooks from running against errors caused by a PutObjectRequest:
-- errorHook (removeHooksFor @(Finality, Request PutObjectRequest, Error)) :: Hooks -> Hooks
--
removeHooksFor_ :: forall a b. (Typeable a, Typeable b) => Hook_ b -> Hook_ b
-- | Run the wrapped hook unless the given Fold or
-- Traversal matches the error. You will probably want to use
-- this with the error matchers defined by each service binding, allowing
-- you to selectively silence specific errors:
--
--
-- -- Assuming `env :: Amazonka.Env` and `putRequest :: DynamoDB.PutRequest`,
-- -- this silences a single type of error for a single call:
-- send (env & #hooks %~ errorHook (silenceError DynamoDB._ConditionalCheckFailedException))
--
--
--
-- silenceError :: Getter Error e -> Hook_ (Finality, Request a, Error) -> Hook_ (Finality, Request a, Error)
-- silenceError :: Fold Error e -> Hook_ (Finality, Request a, Error) -> Hook_ (Finality, Request a, Error)
-- silenceError :: Iso' Error e -> Hook_ (Finality, Request a, Error) -> Hook_ (Finality, Request a, Error)
-- silenceError :: Lens' Error e -> Hook_ (Finality, Request a, Error) -> Hook_ (Finality, Request a, Error)
-- silenceError :: Traversal' Error e -> Hook_ (Finality, Request a, Error) -> Hook_ (Finality, Request a, Error)
--
silenceError :: Getting Any Error e -> Hook_ (Finality, Request a, Error) -> Hook_ (Finality, Request a, Error)
-- | Add default logging hooks. The default Env' from newEnv
-- already has logging hooks installed, so you probably only want this if
-- you are building your own Hooks from scratch.
addLoggingHooks :: Hooks -> Hooks
-- | Empty Hooks structure which returns everything unmodified.
noHooks :: Hooks
instance GHC.Generics.Generic Amazonka.Env.Hooks.Finality
instance GHC.Show.Show Amazonka.Env.Hooks.Finality
instance GHC.Classes.Ord Amazonka.Env.Hooks.Finality
instance GHC.Classes.Eq Amazonka.Env.Hooks.Finality
instance GHC.Enum.Enum Amazonka.Env.Hooks.Finality
instance GHC.Enum.Bounded Amazonka.Env.Hooks.Finality
module Amazonka.HTTP
retryRequest :: forall m a withAuth. (MonadResource m, AWSRequest a, Typeable a, Typeable (AWSResponse a), Foldable withAuth) => Env' withAuth -> a -> m (Either Error (ClientResponse (AWSResponse a)))
awaitRequest :: (MonadResource m, AWSRequest a, Typeable a, Foldable withAuth) => Env' withAuth -> Wait a -> a -> m (Either Error Accept)
-- | Make a one-shot request to AWS, using a configured Request
-- (which contains the Service, plus any overrides).
httpRequest :: (MonadResource m, AWSRequest a, Typeable a, Foldable withAuth) => Env' withAuth -> Request a -> m (Either Error (ClientResponse (AWSResponse a)))
configureRequest :: (AWSRequest a, Typeable a, MonadIO m) => Env' withAuth -> a -> m (Request a)
retryService :: Service -> RetryPolicy
retryStream :: Request a -> RetryPolicy
-- | Authentication via directly-provided access keys, including optional
-- session token and environment variable lookup.
module Amazonka.Auth.Keys
-- | Explicit access and secret keys.
fromKeys :: AccessKey -> SecretKey -> Env' withAuth -> Env
-- | Temporary credentials from a STS session consisting of the access key,
-- secret key, and session token.
--
-- See: fromTemporarySession
fromSession :: AccessKey -> SecretKey -> SessionToken -> Env' withAuth -> Env
-- | Temporary credentials from a STS session consisting of the access key,
-- secret key, session token, and expiration time.
--
-- See: fromSession
fromTemporarySession :: AccessKey -> SecretKey -> SessionToken -> UTCTime -> Env' withAuth -> Env
-- | Retrieve access key, secret key and a session token from environment
-- variables. We copy the behaviour of the SDKs and respect the following
-- variables:
--
--
-- - AWS_ACCESS_KEY_ID (and its alternate name,
-- AWS_ACCESS_KEY)
-- - AWS_SECRET_ACCESS_KEY (and its alternate name,
-- AWS_SECRET_KEY)
-- - AWS_SESSION_TOKEN (if present)
--
--
-- Throws MissingEnvError if a required environment variable is
-- empty or unset.
fromKeysEnv :: MonadIO m => Env' withAuth -> m Env
-- | Retrieve authentication credentials from EC2 instance profiles.
module Amazonka.Auth.InstanceProfile
-- | Retrieve the default IAM Profile from the local EC2 instance-data.
--
-- The default IAM profile is determined by Amazon as the first profile
-- found in the response from:
-- http://169.254.169.254/latest/meta-data/iam/security-credentials/
--
-- Throws RetrievalError if the HTTP call fails, or
-- InvalidIAMError if the default IAM profile cannot be read.
fromDefaultInstanceProfile :: MonadIO m => Env' withAuth -> m Env
-- | Lookup a specific IAM Profile by name from the local EC2
-- instance-data.
--
-- Additionally starts a refresh thread for the given authentication
-- environment.
--
-- The resulting IORef wrapper + timer is designed so that
-- multiple concurrent accesses of AuthEnv from the AWS
-- environment are not required to calculate expiry and sequentially
-- queue to update it.
--
-- The forked timer ensures a singular owner and pre-emptive refresh of
-- the temporary session credentials before expiration.
--
-- A weak reference is used to ensure that the forked thread will
-- eventually terminate when Auth is no longer referenced.
--
-- If no session token or expiration time is present the credentials will
-- be returned verbatim.
fromNamedInstanceProfile :: MonadIO m => Text -> Env' withAuth -> m Env
-- | Fetch credentials from a metadata service when running in an ECS
-- Container.
module Amazonka.Auth.Container
-- | Obtain credentials exposed to a task via the ECS container agent, as
-- described in the IAM Roles for Tasks section of the AWS ECS
-- documentation. The credentials are obtained by making a request to the
-- given URL.
--
-- The ECS container agent provides an access key, secret key, session
-- token, and expiration time. As these are temporary credentials, this
-- function also starts a refresh thread that will periodically fetch
-- fresh credentials before the current ones expire.
fromContainer :: MonadIO m => Text -> Env' withAuth -> m Env
-- | Obtain credentials from the ECS container agent, by querying
-- http://169.254.170.2 at the path contained by the
-- AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.
--
-- Throws MissingEnvError if the
-- AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable
-- is not set or InvalidIAMError if the payload returned by the
-- ECS container agent is not of the expected format.
--
-- NOTE: We do not currently respect the
-- AWS_CONTAINER_CREDENTIALS_FULL_URI or
-- AWS_CONTAINTER_AUTHORIZATION_TOKEN environment variable. If
-- you need support for these, please file a PR.
fromContainerEnv :: MonadIO m => Env' withAuth -> m Env
-- | It is intended for use directly with Auth when only presigning
-- and no other AWS actions are required. See withAuth to extract
-- an AuthEnv from an Auth.
module Amazonka.Presign
-- | Presign an URL that is valid from the specified time until the number
-- of seconds expiry has elapsed.
--
-- See: presign, presignWith
presignURL :: AWSRequest a => AuthEnv -> Region -> UTCTime -> Seconds -> a -> ByteString
-- | Presign an HTTP request that is valid from the specified time until
-- the number of seconds expiry has elapsed.
--
-- See: presignWith, presignWithHeaders
presign :: AWSRequest a => AuthEnv -> Region -> UTCTime -> Seconds -> a -> ClientRequest
-- | A variant of presign that allows modifying the default
-- Service definition used to configure the request.
--
-- See: presignWithHeaders
presignWith :: AWSRequest a => (Service -> Service) -> AuthEnv -> Region -> UTCTime -> Seconds -> a -> ClientRequest
-- | Modification to the headers that is applied by default (in
-- presignWith); removes the Expect header which is added
-- to every PutObject.
defaultHeaders :: [Header] -> [Header]
-- | A variant of presign that allows modifying the default
-- Headers and the default Service definition used to
-- configure the request.
presignWithHeaders :: forall a. AWSRequest a => ([Header] -> [Header]) -> (Service -> Service) -> AuthEnv -> Region -> UTCTime -> Seconds -> a -> ClientRequest
module Amazonka.Send
-- | Send a request, returning the associated response if successful.
--
-- Errors are thrown in IO.
--
-- See sendEither.
send :: (MonadResource m, AWSRequest a, Typeable a, Typeable (AWSResponse a)) => Env -> a -> m (AWSResponse a)
-- | Send a request, returning the associated response if successful.
--
-- See send.
sendEither :: (MonadResource m, AWSRequest a, Typeable a, Typeable (AWSResponse a)) => Env -> a -> m (Either Error (AWSResponse a))
-- | Repeatedly send a request, automatically setting markers and
-- performing pagination. Exits on the first encountered error.
--
-- Errors are thrown in IO.
--
-- See paginateEither.
paginate :: (MonadResource m, AWSPager a, Typeable a, Typeable (AWSResponse a)) => Env -> a -> ConduitM () (AWSResponse a) m ()
-- | Repeatedly send a request, automatically setting markers and
-- performing pagination.
--
-- Exits on the first encountered error.
--
-- See paginate.
paginateEither :: (MonadResource m, AWSPager a, Typeable a, Typeable (AWSResponse a)) => Env -> a -> ConduitM () (AWSResponse a) m (Either Error ())
-- | Poll the API with the supplied request until a specific Wait
-- condition is fulfilled.
--
-- Errors are thrown in IO.
--
-- See awaitEither.
await :: (MonadResource m, AWSRequest a, Typeable a) => Env -> Wait a -> a -> m Accept
-- | Poll the API with the supplied request until a specific Wait
-- condition is fulfilled.
--
-- See await.
awaitEither :: (MonadResource m, AWSRequest a, Typeable a) => Env -> Wait a -> a -> m (Either Error Accept)
-- | Make an unsigned request, returning the associated response if
-- successful.
--
-- Errors are thrown in IO.
--
-- See sendUnsignedEither.
sendUnsigned :: (MonadResource m, AWSRequest a, Typeable a, Typeable (AWSResponse a)) => Env' withAuth -> a -> m (AWSResponse a)
-- | Make a request without signing it. You will almost never need to do
-- this, but some authentication methods (e.g.
-- sts:AssumeRoleWithWebIdentity and
-- sso:GetRoleCredentials) require you to exchange a token using
-- an unsigned request. Amazonka's support for these authentication
-- methods calls sendUnsigned, and we re-export these functions in
-- case you need to support similar authentication methods in your code.
--
-- See sendUnsigned.
sendUnsignedEither :: (MonadResource m, AWSRequest a, Typeable a, Typeable (AWSResponse a)) => Env' withAuth -> a -> m (Either Error (AWSResponse a))
-- | Retrieve authentication credentials from Secure Token Service
module Amazonka.Auth.STS
-- | Assume a role using the sts:AssumeRole API.
--
-- This is a simplified interface suitable for most purposes, but if you
-- need the full functionality of the sts:AssumeRole API, you
-- will need to craft your own requests using amazonka-sts. If
-- you do this, remember to use fetchAuthInBackground so that your
-- application does not get stuck holding temporary credentials which
-- have expired.
fromAssumedRole :: MonadIO m => Text -> Text -> Env -> m Env
-- |
-- https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
-- Obtain temporary credentials from
-- sts:AssumeRoleWithWebIdentity.
--
-- The STS service provides an access key, secret key, session token, and
-- expiration time. Also spawns a refresh thread that will periodically
-- fetch fresh credentials before the current ones expire.
--
-- The implementation is modelled on the C++ SDK:
-- https://github.com/aws/aws-sdk-cpp/blob/6d6dcdbfa377393306bf79585f61baea524ac124/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp#L33
fromWebIdentity :: MonadIO m => FilePath -> Text -> Maybe Text -> Env' withAuth -> m Env
-- | Obtain temporary credentials from
-- sts:AssumeRoleWithWebIdentity, sourcing arguments from
-- standard environment variables:
--
--
--
-- Throws MissingEnvError if a required environment variable is
-- empty or unset.
fromWebIdentityEnv :: MonadIO m => Env' withAuth -> m Env
module Amazonka.Auth.SSO
data CachedAccessToken
CachedAccessToken :: Text -> Region -> Sensitive Text -> UTCTime -> CachedAccessToken
[$sel:startUrl:CachedAccessToken] :: CachedAccessToken -> Text
[$sel:region:CachedAccessToken] :: CachedAccessToken -> Region
[$sel:accessToken:CachedAccessToken] :: CachedAccessToken -> Sensitive Text
[$sel:expiresAt:CachedAccessToken] :: CachedAccessToken -> UTCTime
cachedAccessToken_startUrl :: Lens' CachedAccessToken Text
cachedAccessToken_region :: Lens' CachedAccessToken Region
cachedAccessToken_accessToken :: Lens' CachedAccessToken (Sensitive Text)
cachedAccessToken_expiresAt :: Lens' CachedAccessToken UTCTime
-- | Assume a role using an SSO Token.
--
-- The user must have previously called aws sso login, and pass
-- in the path to the cached token file, along with SSO region, account
-- ID and role name. (fromFilePath understands the sso_
-- variables used by the official AWS CLI and will call fromSSO
-- for you.) This function uses fetchAuthInBackground to refresh
-- the credentials as long as the token in the sso/cache file is
-- not expired. When it has, the user will need to aws sso login
-- again.
--
--
-- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
fromSSO :: forall m withAuth. MonadIO m => FilePath -> Region -> Text -> Text -> Env' withAuth -> m Env
-- | Return the cached token file for a given sso_start_url
--
-- Matches botocore, so that we find tokens produced by aws
-- sso login.
relativeCachedTokenFile :: MonadIO m => Text -> m FilePath
readCachedAccessToken :: MonadIO m => FilePath -> m CachedAccessToken
roleCredentialsToAuthEnv :: RoleCredentials -> AuthEnv
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.Auth.SSO.CachedAccessToken
instance GHC.Generics.Generic Amazonka.Auth.SSO.CachedAccessToken
instance GHC.Classes.Eq Amazonka.Auth.SSO.CachedAccessToken
instance GHC.Show.Show Amazonka.Auth.SSO.CachedAccessToken
-- | Re-export lenses and other optics for types in amazonka and
-- amazonka-core. You will probably find record updates,
-- generic-lens, generic-optics, or (GHC >=9.2)
-- -XOverloadedRecordDot more ergonomic than these.
module Amazonka.Lens
cachedAccessToken_startUrl :: Lens' CachedAccessToken Text
cachedAccessToken_region :: Lens' CachedAccessToken Region
cachedAccessToken_accessToken :: Lens' CachedAccessToken (Sensitive Text)
cachedAccessToken_expiresAt :: Lens' CachedAccessToken UTCTime
identityDocument_devpayProductCodes :: Lens' IdentityDocument (Maybe [Text])
identityDocument_billingProducts :: Lens' IdentityDocument (Maybe [Text])
identityDocument_version :: Lens' IdentityDocument (Maybe Text)
identityDocument_privateIp :: Lens' IdentityDocument (Maybe Text)
identityDocument_availabilityZone :: Lens' IdentityDocument Text
identityDocument_region :: Lens' IdentityDocument Region
identityDocument_instanceId :: Lens' IdentityDocument Text
identityDocument_instanceType :: Lens' IdentityDocument Text
identityDocument_accountId :: Lens' IdentityDocument Text
identityDocument_imageId :: Lens' IdentityDocument (Maybe Text)
identityDocument_kernelId :: Lens' IdentityDocument (Maybe Text)
identityDocument_ramdiskId :: Lens' IdentityDocument (Maybe Text)
identityDocument_architecture :: Lens' IdentityDocument (Maybe Text)
identityDocument_pendingTime :: Lens' IdentityDocument (Maybe ISO8601)
env_region :: Lens' (Env' withAuth) Region
env_logger :: Lens' (Env' withAuth) Logger
env_hooks :: Lens' (Env' withAuth) Hooks
env_retryCheck :: Lens' (Env' withAuth) (Int -> HttpException -> Bool)
env_overrides :: Lens' (Env' withAuth) (Service -> Service)
env_manager :: Lens' (Env' withAuth) Manager
env_auth :: Lens (Env' withAuth) (Env' withAuth') (withAuth Auth) (withAuth' Auth)
-- | Retrieve authentication credentials from AWS config/credentials files.
module Amazonka.Auth.ConfigFile
-- | Retrieve credentials from the AWS config/credentials files, as
-- Amazonka currently understands them:
--
--
-- - AWS recommends credentials do not live in the config file, but
-- allows it.
-- - Sections in the config file start should either be named
-- [default] or [profile foo]. Unprefixed
-- [foo] currently "happens to work" but is not officially
-- supported, to match the observed behaviour of the AWS SDK/CLI.
-- - Sections in the credentials file are always unprefixed -
-- [default] or [foo].
--
--
-- See: the ConfigProfile type, to understand the methods
-- Amazonka currently supports.
fromFilePath :: forall m withAuth. (MonadIO m, Foldable withAuth) => Text -> FilePath -> FilePath -> Env' withAuth -> m Env
mergeConfigs :: HashMap Text [(Text, Text)] -> HashMap Text [(Text, Text)] -> HashMap Text (HashMap Text Text)
parseConfigProfile :: HashMap Text Text -> Maybe (ConfigProfile, Maybe Region)
data ConfigProfile
-- | Recognizes aws_access_key_id, aws_secret_access_key,
-- and optionally aws_session_token.
ExplicitKeys :: AuthEnv -> ConfigProfile
-- | Recognizes role_arn and source_profile.
AssumeRoleFromProfile :: Text -> Text -> ConfigProfile
-- | Recognizes role_arn and credential_source.
AssumeRoleFromCredentialSource :: Text -> CredentialSource -> ConfigProfile
-- | Recognizes role_arn, role_session_name, and
-- web_identity_token_file.
AssumeRoleWithWebIdentity :: Text -> Maybe Text -> FilePath -> ConfigProfile
-- | Recognizes sso_start_url, sso_region,
-- sso_account_id, and sso_role_name.
AssumeRoleViaSSO :: Text -> Region -> Text -> Text -> ConfigProfile
data CredentialSource
Environment :: CredentialSource
Ec2InstanceMetadata :: CredentialSource
EcsContainer :: CredentialSource
-- | Loads the default config/credentials INI files and selects a profile
-- by environment variable (AWS_PROFILE).
--
-- Throws MissingFileError if credFile is missing, or
-- InvalidFileError if an error occurs during parsing.
--
-- This looks in in the HOME directory as determined by the
-- directory library.
--
--
-- - Not Windows: $HOME/.aws/credentials
-- - Windows: %USERPROFILE%\.aws\credentials
--
fromFileEnv :: (MonadIO m, Foldable withAuth) => Env' withAuth -> m Env
configPathRelative :: String -> IO String
instance GHC.Generics.Generic Amazonka.Auth.ConfigFile.CredentialSource
instance GHC.Show.Show Amazonka.Auth.ConfigFile.CredentialSource
instance GHC.Classes.Eq Amazonka.Auth.ConfigFile.CredentialSource
instance GHC.Generics.Generic Amazonka.Auth.ConfigFile.ConfigProfile
instance GHC.Show.Show Amazonka.Auth.ConfigFile.ConfigProfile
instance GHC.Classes.Eq Amazonka.Auth.ConfigFile.ConfigProfile
-- | Explicitly specify your Amazon AWS security credentials, or retrieve
-- them from the underlying OS.
--
-- The format of environment variables and the credentials file follows
-- the official AWS SDK guidelines.
module Amazonka.Auth
-- | An authorisation environment containing AWS credentials, and
-- potentially a reference which can be refreshed out-of-band as
-- temporary credentials expire.
data Auth
Ref :: ThreadId -> IORef AuthEnv -> Auth
Auth :: AuthEnv -> Auth
withAuth :: MonadIO m => Auth -> (AuthEnv -> m a) -> m a
-- | Attempt to fetch credentials in a way similar to the official AWS
-- SDKs. The C++ SDK lists the following sequence:
--
--
-- - Check environment variables for keys provided directly
-- (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,
-- optionally AWS_SESSION_TOKEN)
-- - Check credentials/config files for authentication information,
-- respecting the AWS_PROFILE environment variable.
-- - Exchange a Web Identity for AWS Credentials using
-- sts:AssumeRoleWithWebIdentity, respecting the
-- AWS_WEB_IDENTITY_TOKEN_FILE, AWS_ROLE_ARN, and
-- optionally the AWS_ROLE_SESSION_NAME environment
-- variables.
-- - Retrieve credentials from the ECS Container Agent if the
-- AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable
-- is set.
-- - If we think we're running on EC2, retrieve the first available IAM
-- profile from the instance identity document, and use this to set the
-- Placement. We attempt to resolve http://instance-data
-- rather than directly retrieving http://169.254.169.254 for IAM
-- profile information. This ensures that the DNS lookup terminates
-- promptly if not running on EC2, but means that your VPC must have
-- enableDnsSupport and enableDnsHostnames
-- set.NOTE: This is not 100% consistent with the AWS SDKs, which
-- does not attempt to query the ECS service if either
-- AWS_CONTAINER_CREDENTIALS_RELATIVE_URI or
-- AWS_CONTAINER_CREDENTIALS_FULL_URI are set.See:
-- https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/EC2ContainerCredentialsProviderWrapper.html
--
discover :: (MonadCatch m, MonadIO m, Foldable withAuth) => Env' withAuth -> m Env
-- | Compose a list of credential-providing functions by testing each until
-- one returns successfully. If they throw AuthError, the next
-- function in the chain will be tried. Throws
-- CredentialChainExhausted if the list is exhausted.
runCredentialChain :: MonadCatch m => [a -> m b] -> a -> m b
-- | Explicit access and secret keys.
fromKeys :: AccessKey -> SecretKey -> Env' withAuth -> Env
-- | Temporary credentials from a STS session consisting of the access key,
-- secret key, and session token.
--
-- See: fromTemporarySession
fromSession :: AccessKey -> SecretKey -> SessionToken -> Env' withAuth -> Env
-- | Temporary credentials from a STS session consisting of the access key,
-- secret key, session token, and expiration time.
--
-- See: fromSession
fromTemporarySession :: AccessKey -> SecretKey -> SessionToken -> UTCTime -> Env' withAuth -> Env
-- | Retrieve access key, secret key and a session token from environment
-- variables. We copy the behaviour of the SDKs and respect the following
-- variables:
--
--
-- - AWS_ACCESS_KEY_ID (and its alternate name,
-- AWS_ACCESS_KEY)
-- - AWS_SECRET_ACCESS_KEY (and its alternate name,
-- AWS_SECRET_KEY)
-- - AWS_SESSION_TOKEN (if present)
--
--
-- Throws MissingEnvError if a required environment variable is
-- empty or unset.
fromKeysEnv :: MonadIO m => Env' withAuth -> m Env
-- | Retrieve credentials from the AWS config/credentials files, as
-- Amazonka currently understands them:
--
--
-- - AWS recommends credentials do not live in the config file, but
-- allows it.
-- - Sections in the config file start should either be named
-- [default] or [profile foo]. Unprefixed
-- [foo] currently "happens to work" but is not officially
-- supported, to match the observed behaviour of the AWS SDK/CLI.
-- - Sections in the credentials file are always unprefixed -
-- [default] or [foo].
--
--
-- See: the ConfigProfile type, to understand the methods
-- Amazonka currently supports.
fromFilePath :: forall m withAuth. (MonadIO m, Foldable withAuth) => Text -> FilePath -> FilePath -> Env' withAuth -> m Env
-- | Loads the default config/credentials INI files and selects a profile
-- by environment variable (AWS_PROFILE).
--
-- Throws MissingFileError if credFile is missing, or
-- InvalidFileError if an error occurs during parsing.
--
-- This looks in in the HOME directory as determined by the
-- directory library.
--
--
-- - Not Windows: $HOME/.aws/credentials
-- - Windows: %USERPROFILE%\.aws\credentials
--
fromFileEnv :: (MonadIO m, Foldable withAuth) => Env' withAuth -> m Env
-- | Obtain credentials exposed to a task via the ECS container agent, as
-- described in the IAM Roles for Tasks section of the AWS ECS
-- documentation. The credentials are obtained by making a request to the
-- given URL.
--
-- The ECS container agent provides an access key, secret key, session
-- token, and expiration time. As these are temporary credentials, this
-- function also starts a refresh thread that will periodically fetch
-- fresh credentials before the current ones expire.
fromContainer :: MonadIO m => Text -> Env' withAuth -> m Env
-- | Obtain credentials from the ECS container agent, by querying
-- http://169.254.170.2 at the path contained by the
-- AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.
--
-- Throws MissingEnvError if the
-- AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable
-- is not set or InvalidIAMError if the payload returned by the
-- ECS container agent is not of the expected format.
--
-- NOTE: We do not currently respect the
-- AWS_CONTAINER_CREDENTIALS_FULL_URI or
-- AWS_CONTAINTER_AUTHORIZATION_TOKEN environment variable. If
-- you need support for these, please file a PR.
fromContainerEnv :: MonadIO m => Env' withAuth -> m Env
-- | Assume a role using the sts:AssumeRole API.
--
-- This is a simplified interface suitable for most purposes, but if you
-- need the full functionality of the sts:AssumeRole API, you
-- will need to craft your own requests using amazonka-sts. If
-- you do this, remember to use fetchAuthInBackground so that your
-- application does not get stuck holding temporary credentials which
-- have expired.
fromAssumedRole :: MonadIO m => Text -> Text -> Env -> m Env
-- |
-- https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
-- Obtain temporary credentials from
-- sts:AssumeRoleWithWebIdentity.
--
-- The STS service provides an access key, secret key, session token, and
-- expiration time. Also spawns a refresh thread that will periodically
-- fetch fresh credentials before the current ones expire.
--
-- The implementation is modelled on the C++ SDK:
-- https://github.com/aws/aws-sdk-cpp/blob/6d6dcdbfa377393306bf79585f61baea524ac124/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp#L33
fromWebIdentity :: MonadIO m => FilePath -> Text -> Maybe Text -> Env' withAuth -> m Env
-- | Obtain temporary credentials from
-- sts:AssumeRoleWithWebIdentity, sourcing arguments from
-- standard environment variables:
--
--
--
-- Throws MissingEnvError if a required environment variable is
-- empty or unset.
fromWebIdentityEnv :: MonadIO m => Env' withAuth -> m Env
-- | Retrieve the default IAM Profile from the local EC2 instance-data.
--
-- The default IAM profile is determined by Amazon as the first profile
-- found in the response from:
-- http://169.254.169.254/latest/meta-data/iam/security-credentials/
--
-- Throws RetrievalError if the HTTP call fails, or
-- InvalidIAMError if the default IAM profile cannot be read.
fromDefaultInstanceProfile :: MonadIO m => Env' withAuth -> m Env
-- | Lookup a specific IAM Profile by name from the local EC2
-- instance-data.
--
-- Additionally starts a refresh thread for the given authentication
-- environment.
--
-- The resulting IORef wrapper + timer is designed so that
-- multiple concurrent accesses of AuthEnv from the AWS
-- environment are not required to calculate expiry and sequentially
-- queue to update it.
--
-- The forked timer ensures a singular owner and pre-emptive refresh of
-- the temporary session credentials before expiration.
--
-- A weak reference is used to ensure that the forked thread will
-- eventually terminate when Auth is no longer referenced.
--
-- If no session token or expiration time is present the credentials will
-- be returned verbatim.
fromNamedInstanceProfile :: MonadIO m => Text -> Env' withAuth -> m Env
-- | Assume a role using an SSO Token.
--
-- The user must have previously called aws sso login, and pass
-- in the path to the cached token file, along with SSO region, account
-- ID and role name. (fromFilePath understands the sso_
-- variables used by the official AWS CLI and will call fromSSO
-- for you.) This function uses fetchAuthInBackground to refresh
-- the credentials as long as the token in the sso/cache file is
-- not expired. When it has, the user will need to aws sso login
-- again.
--
--
-- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
fromSSO :: forall m withAuth. MonadIO m => FilePath -> Region -> Text -> Text -> Env' withAuth -> m Env
-- | An access key ID.
--
-- For example: AKIAIOSFODNN7EXAMPLE
--
-- See: Understanding and Getting Your Security
-- Credentials.
newtype AccessKey
AccessKey :: ByteString -> AccessKey
-- | Secret access key credential.
--
-- For example: wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKE
--
-- See: Understanding and Getting Your Security
-- Credentials.
newtype SecretKey
SecretKey :: ByteString -> SecretKey
-- | A session token used by STS to temporarily authorise access to an AWS
-- resource.
--
-- See: Temporary Security Credentials.
newtype SessionToken
SessionToken :: ByteString -> SessionToken
class AsAuthError a
-- | A general authentication error.
_AuthError :: AsAuthError a => Prism' a AuthError
-- | An error occured while communicating over HTTP with the local metadata
-- endpoint.
_RetrievalError :: AsAuthError a => Prism' a HttpException
-- | The named environment variable was not found.
_MissingEnvError :: AsAuthError a => Prism' a Text
-- | The specified credentials file could not be found.
_MissingFileError :: AsAuthError a => Prism' a FilePath
-- | An error occured parsing the credentials file.
_InvalidFileError :: AsAuthError a => Prism' a Text
-- | The specified IAM profile could not be found or deserialised.
_InvalidIAMError :: AsAuthError a => Prism' a Text
-- | An error thrown when attempting to read AuthN/AuthZ information.
data AuthError
RetrievalError :: HttpException -> AuthError
MissingEnvError :: Text -> AuthError
MissingFileError :: FilePath -> AuthError
InvalidFileError :: Text -> AuthError
InvalidIAMError :: Text -> AuthError
CredentialChainExhausted :: AuthError
-- | An environment with auth credentials. Most AWS requests need one of
-- these, and you can create one with newEnv.
type Env = Env' Identity
-- | An environment with no auth credentials. Used for certain requests
-- which need to be unsigned, like
-- sts:AssumeRoleWithWebIdentity, and you can create one with
-- newEnvNoAuth if you need it.
type EnvNoAuth = Env' Proxy
-- | The environment containing the parameters required to make AWS
-- requests.
--
-- This type tracks whether or not we have credentials at the type level,
-- to avoid "presigning" requests when we lack auth information.
data Env' withAuth
Env :: Region -> Logger -> ~Hooks -> (Int -> HttpException -> Bool) -> (Service -> Service) -> Manager -> withAuth Auth -> Env' withAuth
[$sel:region:Env] :: Env' withAuth -> Region
[$sel:logger:Env] :: Env' withAuth -> Logger
[$sel:hooks:Env] :: Env' withAuth -> ~Hooks
[$sel:retryCheck:Env] :: Env' withAuth -> Int -> HttpException -> Bool
[$sel:overrides:Env] :: Env' withAuth -> Service -> Service
[$sel:manager:Env] :: Env' withAuth -> Manager
[$sel:auth:Env] :: Env' withAuth -> withAuth Auth
-- | This module provides simple Env and IO-based operations
-- which can be performed against remote Amazon Web Services APIs, for
-- use with the types supplied by the various amazonka-*
-- libraries.
module Amazonka
-- | An environment with auth credentials. Most AWS requests need one of
-- these, and you can create one with newEnv.
type Env = Env' Identity
-- | An environment with no auth credentials. Used for certain requests
-- which need to be unsigned, like
-- sts:AssumeRoleWithWebIdentity, and you can create one with
-- newEnvNoAuth if you need it.
type EnvNoAuth = Env' Proxy
-- | The environment containing the parameters required to make AWS
-- requests.
--
-- This type tracks whether or not we have credentials at the type level,
-- to avoid "presigning" requests when we lack auth information.
data Env' withAuth
Env :: Region -> Logger -> ~Hooks -> (Int -> HttpException -> Bool) -> (Service -> Service) -> Manager -> withAuth Auth -> Env' withAuth
[$sel:region:Env] :: Env' withAuth -> Region
[$sel:logger:Env] :: Env' withAuth -> Logger
[$sel:hooks:Env] :: Env' withAuth -> ~Hooks
[$sel:retryCheck:Env] :: Env' withAuth -> Int -> HttpException -> Bool
[$sel:overrides:Env] :: Env' withAuth -> Service -> Service
[$sel:manager:Env] :: Env' withAuth -> Manager
[$sel:auth:Env] :: Env' withAuth -> withAuth Auth
-- | Creates a new environment with a new Manager without debug
-- logging and uses the provided function to expand/discover credentials.
-- Record updates or lenses can be used to further configure the
-- resulting Env.
--
-- Since: 1.5.0 - The region is now retrieved from the
-- AWS_REGION environment variable (identical to official SDKs),
-- or defaults to us-east-1. You can override the Env
-- region by updating its $sel:region:Env field.
--
-- Since: 1.3.6 - The default logic for retrying
-- HttpExceptions now uses retryConnectionFailure to retry
-- specific connection failure conditions up to 3 times. Previously only
-- service specific errors were automatically retried. This can be
-- reverted to the old behaviour by resetting the Env's
-- $sel:retryCheck:Env field to (\_ _ -> False).
--
-- Throws AuthError when environment variables or IAM profiles
-- cannot be read.
--
-- See: newEnvFromManager.
newEnv :: MonadIO m => (EnvNoAuth -> m Env) -> m Env
-- | Creates a new environment, but with an existing Manager.
newEnvFromManager :: MonadIO m => Manager -> (EnvNoAuth -> m Env) -> m Env
-- | Generate an environment without credentials, which may only make
-- unsigned requests. Sets the region based on the AWS_REGION
-- environment variable, or NorthVirginia if unset.
--
-- This lets us support calls like the
-- sts:AssumeRoleWithWebIdentity operation, which needs to make an
-- unsigned request to pass the token from an identity provider.
newEnvNoAuth :: MonadIO m => m EnvNoAuth
-- | Generate an environment without credentials, passing in an explicit
-- Manager.
newEnvNoAuthFromManager :: MonadIO m => Manager -> m EnvNoAuth
-- | Get "the" Auth from an Env', if we can.
authMaybe :: Foldable withAuth => Env' withAuth -> Maybe Auth
-- | Provide a function which will be added to the existing stack of
-- overrides applied to all service configurations.
overrideService :: (Service -> Service) -> Env' withAuth -> Env' withAuth
-- | Configure a specific service. All requests belonging to the supplied
-- service will use this configuration instead of the default.
--
-- It's suggested you modify the default service configuration, such as
-- Amazonka.DynamoDB.defaultService.
configureService :: Service -> Env' withAuth -> Env' withAuth
-- | Override the timeout value for this Env.
--
-- Default timeouts are chosen by considering:
--
--
-- - This timeout, if set.
-- - The related Service timeout for the sent request if set.
-- (Usually 70s)
-- - The $sel:manager:Env timeout if set.
-- - The default ClientRequest timeout. (Approximately 30s)
--
globalTimeout :: Seconds -> Env' withAuth -> Env' withAuth
-- | Disable any retry logic for an Env, so that any requests will
-- at most be sent once.
once :: Env' withAuth -> Env' withAuth
-- | Unwrap a ResourceT transformer, and call all registered release
-- actions.
--
-- Note that there is some reference counting involved due to
-- resourceForkIO. If multiple threads are sharing the same
-- collection of resources, only the last call to runResourceT
-- will deallocate the resources.
--
-- NOTE Since version 1.2.0, this function will throw a
-- ResourceCleanupException if any of the cleanup functions throw
-- an exception.
runResourceT :: MonadUnliftIO m => ResourceT m a -> m a
-- | An access key ID.
--
-- For example: AKIAIOSFODNN7EXAMPLE
--
-- See: Understanding and Getting Your Security
-- Credentials.
newtype AccessKey
AccessKey :: ByteString -> AccessKey
-- | Secret access key credential.
--
-- For example: wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKE
--
-- See: Understanding and Getting Your Security
-- Credentials.
newtype SecretKey
SecretKey :: ByteString -> SecretKey
-- | A session token used by STS to temporarily authorise access to an AWS
-- resource.
--
-- See: Temporary Security Credentials.
newtype SessionToken
SessionToken :: ByteString -> SessionToken
-- | Attempt to fetch credentials in a way similar to the official AWS
-- SDKs. The C++ SDK lists the following sequence:
--
--
-- - Check environment variables for keys provided directly
-- (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,
-- optionally AWS_SESSION_TOKEN)
-- - Check credentials/config files for authentication information,
-- respecting the AWS_PROFILE environment variable.
-- - Exchange a Web Identity for AWS Credentials using
-- sts:AssumeRoleWithWebIdentity, respecting the
-- AWS_WEB_IDENTITY_TOKEN_FILE, AWS_ROLE_ARN, and
-- optionally the AWS_ROLE_SESSION_NAME environment
-- variables.
-- - Retrieve credentials from the ECS Container Agent if the
-- AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable
-- is set.
-- - If we think we're running on EC2, retrieve the first available IAM
-- profile from the instance identity document, and use this to set the
-- Placement. We attempt to resolve http://instance-data
-- rather than directly retrieving http://169.254.169.254 for IAM
-- profile information. This ensures that the DNS lookup terminates
-- promptly if not running on EC2, but means that your VPC must have
-- enableDnsSupport and enableDnsHostnames
-- set.NOTE: This is not 100% consistent with the AWS SDKs, which
-- does not attempt to query the ECS service if either
-- AWS_CONTAINER_CREDENTIALS_RELATIVE_URI or
-- AWS_CONTAINER_CREDENTIALS_FULL_URI are set.See:
-- https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/EC2ContainerCredentialsProviderWrapper.html
--
discover :: (MonadCatch m, MonadIO m, Foldable withAuth) => Env' withAuth -> m Env
-- | The available AWS regions.
newtype Region
Region' :: Text -> Region
[$sel:fromRegion:Region'] :: Region -> Text
pattern Ningxia :: Region
pattern Beijing :: Region
pattern GovCloudWest :: Region
pattern GovCloudEast :: Region
pattern SaoPaulo :: Region
pattern UAE :: Region
pattern Bahrain :: Region
pattern Zurich :: Region
pattern Stockholm :: Region
pattern Spain :: Region
pattern Paris :: Region
pattern Milan :: Region
pattern London :: Region
pattern Ireland :: Region
pattern Frankfurt :: Region
pattern Montreal :: Region
pattern Tokyo :: Region
pattern Sydney :: Region
pattern Singapore :: Region
pattern Seoul :: Region
pattern Osaka :: Region
pattern Mumbai :: Region
pattern Melbourne :: Region
pattern Jakarta :: Region
pattern Hyderabad :: Region
pattern HongKong :: Region
pattern CapeTown :: Region
pattern Oregon :: Region
pattern NorthCalifornia :: Region
pattern NorthVirginia :: Region
pattern Ohio :: Region
data Endpoint
Endpoint :: ByteString -> RawPath -> Bool -> Int -> ByteString -> Endpoint
-- | The host to make requests to. Usually something like
-- s3.us-east-1.amazonaws.com.
[$sel:host:Endpoint] :: Endpoint -> ByteString
-- | Path segment prepended to the request path of any request made to this
-- endpoint. This is useful if you want to use the AWS API Gateway
-- Management API, which requires you to override the client endpoint
-- including a leading path segment (either the stage or, on a custom
-- domain, the mapped base path).
[$sel:basePath:Endpoint] :: Endpoint -> RawPath
[$sel:secure:Endpoint] :: Endpoint -> Bool
[$sel:port:Endpoint] :: Endpoint -> Int
-- | Signing scope, usually a region like us-east-1.
[$sel:scope:Endpoint] :: Endpoint -> ByteString
-- | A convenience function for overriding the Service
-- Endpoint.
--
-- See: $sel:endpoint:Service.
setEndpoint :: Bool -> ByteString -> Int -> Service -> Service
-- | Send a request, returning the associated response if successful.
--
-- Errors are thrown in IO.
--
-- See sendEither.
send :: (MonadResource m, AWSRequest a, Typeable a, Typeable (AWSResponse a)) => Env -> a -> m (AWSResponse a)
-- | Send a request, returning the associated response if successful.
--
-- See send.
sendEither :: (MonadResource m, AWSRequest a, Typeable a, Typeable (AWSResponse a)) => Env -> a -> m (Either Error (AWSResponse a))
-- | Repeatedly send a request, automatically setting markers and
-- performing pagination. Exits on the first encountered error.
--
-- Errors are thrown in IO.
--
-- See paginateEither.
paginate :: (MonadResource m, AWSPager a, Typeable a, Typeable (AWSResponse a)) => Env -> a -> ConduitM () (AWSResponse a) m ()
-- | Repeatedly send a request, automatically setting markers and
-- performing pagination.
--
-- Exits on the first encountered error.
--
-- See paginate.
paginateEither :: (MonadResource m, AWSPager a, Typeable a, Typeable (AWSResponse a)) => Env -> a -> ConduitM () (AWSResponse a) m (Either Error ())
-- | Poll the API with the supplied request until a specific Wait
-- condition is fulfilled.
--
-- Errors are thrown in IO.
--
-- See awaitEither.
await :: (MonadResource m, AWSRequest a, Typeable a) => Env -> Wait a -> a -> m Accept
-- | Poll the API with the supplied request until a specific Wait
-- condition is fulfilled.
--
-- See await.
awaitEither :: (MonadResource m, AWSRequest a, Typeable a) => Env -> Wait a -> a -> m (Either Error Accept)
-- | Make an unsigned request, returning the associated response if
-- successful.
--
-- Errors are thrown in IO.
--
-- See sendUnsignedEither.
sendUnsigned :: (MonadResource m, AWSRequest a, Typeable a, Typeable (AWSResponse a)) => Env' withAuth -> a -> m (AWSResponse a)
-- | Make a request without signing it. You will almost never need to do
-- this, but some authentication methods (e.g.
-- sts:AssumeRoleWithWebIdentity and
-- sso:GetRoleCredentials) require you to exchange a token using
-- an unsigned request. Amazonka's support for these authentication
-- methods calls sendUnsigned, and we re-export these functions in
-- case you need to support similar authentication methods in your code.
--
-- See sendUnsigned.
sendUnsignedEither :: (MonadResource m, AWSRequest a, Typeable a, Typeable (AWSResponse a)) => Env' withAuth -> a -> m (Either Error (AWSResponse a))
-- | Anything that can be converted to a streaming request Body.
class ToBody a
-- | Convert a value to a request body.
toBody :: ToBody a => a -> RequestBody
-- | Invariant: only services that support both standard and chunked
-- signing expose RequestBody as a parameter.
data RequestBody
-- | Currently S3 only, see ChunkedBody for details.
Chunked :: ChunkedBody -> RequestBody
Hashed :: HashedBody -> RequestBody
-- | A streaming, exception safe response body.
--
-- newtype for show/orhpan instance purposes.
newtype ResponseBody
ResponseBody :: ConduitM () ByteString (ResourceT IO) () -> ResponseBody
[$sel:body:ResponseBody] :: ResponseBody -> ConduitM () ByteString (ResourceT IO) ()
-- | Anything that can be safely converted to a HashedBody.
class ToHashedBody a
-- | Convert a value to a hashed request body.
toHashed :: ToHashedBody a => a -> HashedBody
-- | An opaque request body containing a SHA256 hash.
data HashedBody
HashedStream :: Digest SHA256 -> !Integer -> ConduitM () ByteString (ResourceT IO) () -> HashedBody
HashedBytes :: Digest SHA256 -> ByteString -> HashedBody
-- | Construct a HashedBody from a FilePath, calculating the
-- SHA256 hash and file size.
--
-- Note: While this function will perform in constant space, it
-- will enumerate the entirety of the file contents twice. Firstly
-- to calculate the SHA256 and lastly to stream the contents to the
-- socket during sending.
--
-- See: ToHashedBody.
hashedFile :: MonadIO m => FilePath -> m HashedBody
-- | Construct a HashedBody from a FilePath, specifying the
-- range of bytes to read. This can be useful for constructing multiple
-- requests from a single file, say for S3 multipart uploads.
--
-- See: hashedFile, sourceFileRange.
hashedFileRange :: MonadIO m => FilePath -> Integer -> Integer -> m HashedBody
-- | Construct a HashedBody from a Source, manually
-- specifying the SHA256 hash and file size. It's left up to the
-- caller to calculate these correctly, otherwise AWS will return signing
-- errors.
--
-- See: ToHashedBody.
hashedBody :: Digest SHA256 -> Integer -> ConduitM () ByteString (ResourceT IO) () -> HashedBody
-- | An opaque request body which will be transmitted via
-- Transfer-Encoding: chunked.
--
-- Invariant: Only services that support chunked encoding can
-- accept a ChunkedBody. (Currently S3.) This is enforced by the
-- type signatures emitted by the generator.
data ChunkedBody
ChunkedBody :: ChunkSize -> Integer -> ConduitM () ByteString (ResourceT IO) () -> ChunkedBody
[$sel:size:ChunkedBody] :: ChunkedBody -> ChunkSize
[$sel:length:ChunkedBody] :: ChunkedBody -> Integer
[$sel:body:ChunkedBody] :: ChunkedBody -> ConduitM () ByteString (ResourceT IO) ()
-- | Specifies the transmitted size of the 'Transfer-Encoding' chunks.
--
-- See: defaultChunk.
newtype ChunkSize
ChunkSize :: Int -> ChunkSize
-- | The default chunk size of 128 KB. The minimum chunk size accepted by
-- AWS is 8 KB, unless the entirety of the request is below this
-- threshold.
--
-- A chunk size of 64 KB or higher is recommended for performance
-- reasons.
defaultChunkSize :: ChunkSize
-- | Construct a ChunkedBody from a FilePath, where the
-- contents will be read and signed incrementally in chunks if the target
-- service supports it.
--
-- Will intelligently revert to HashedBody if the file is smaller
-- than the specified ChunkSize.
--
-- See: ToBody.
chunkedFile :: MonadIO m => ChunkSize -> FilePath -> m RequestBody
-- | Construct a ChunkedBody from a FilePath, specifying the
-- range of bytes to read. This can be useful for constructing multiple
-- requests from a single file, say for S3 multipart uploads.
--
-- See: chunkedFile.
chunkedFileRange :: MonadIO m => ChunkSize -> FilePath -> Integer -> Integer -> m RequestBody
-- | Unsafely construct a ChunkedBody.
--
-- This function is marked unsafe because it does nothing to enforce the
-- chunk size. Typically for conduit IO functions, it's whatever
-- ByteString's defaultBufferSize is, around 32 KB. If the chunk
-- size is less than 8 KB, the request will error. 64 KB or higher chunk
-- size is recommended for performance reasons.
--
-- Note that it will always create a chunked body even if the request is
-- too small.
--
-- See: ToBody.
unsafeChunkedBody :: ChunkSize -> Integer -> ConduitM () ByteString (ResourceT IO) () -> RequestBody
-- | Connect a Sink to a response stream.
sinkBody :: MonadIO m => ResponseBody -> ConduitM ByteString Void (ResourceT IO) a -> m a
-- | Convenience function for obtaining the size of a file.
getFileSize :: MonadIO m => FilePath -> m Integer
-- | Incrementally calculate a MD5 Digest.
sinkMD5 :: forall (m :: Type -> Type) o. Monad m => ConduitM ByteString o m (Digest MD5)
-- | Incrementally calculate a SHA256 Digest.
sinkSHA256 :: forall (m :: Type -> Type) o. Monad m => ConduitM ByteString o m (Digest SHA256)
-- | Presign an URL that is valid from the specified time until the number
-- of seconds expiry has elapsed.
presignURL :: (MonadIO m, AWSRequest a) => Env -> UTCTime -> Seconds -> a -> m ByteString
-- | Presign an HTTP request that is valid from the specified time until
-- the number of seconds expiry has elapsed.
presign :: (MonadIO m, AWSRequest a) => Env -> UTCTime -> Seconds -> a -> m ClientRequest
class AsError a
-- | A general Amazonka error.
_Error :: AsError a => Prism' a Error
-- | An error occured while communicating over HTTP with a remote service.
_TransportError :: AsError a => Prism' a HttpException
-- | A serialisation error occured when attempting to deserialise a
-- response.
_SerializeError :: AsError a => Prism' a SerializeError
-- | A service specific error returned by the remote service.
_ServiceError :: AsError a => Prism' a ServiceError
class AsAuthError a
-- | A general authentication error.
_AuthError :: AsAuthError a => Prism' a AuthError
-- | An error occured while communicating over HTTP with the local metadata
-- endpoint.
_RetrievalError :: AsAuthError a => Prism' a HttpException
-- | The named environment variable was not found.
_MissingEnvError :: AsAuthError a => Prism' a Text
-- | The specified credentials file could not be found.
_MissingFileError :: AsAuthError a => Prism' a FilePath
-- | An error occured parsing the credentials file.
_InvalidFileError :: AsAuthError a => Prism' a Text
-- | The specified IAM profile could not be found or deserialised.
_InvalidIAMError :: AsAuthError a => Prism' a Text
-- | A variant of try that takes a ReifiedPrism (or any
-- ReifiedFold) to select which exceptions are caught (c.f.
-- tryJust, catchJust). If the Exception does not
-- match the predicate, it is re-thrown.
--
--
-- trying :: MonadCatch m => Prism' SomeException a -> m r -> m (Either a r)
-- trying :: MonadCatch m => Lens' SomeException a -> m r -> m (Either a r)
-- trying :: MonadCatch m => Traversal' SomeException a -> m r -> m (Either a r)
-- trying :: MonadCatch m => Iso' SomeException a -> m r -> m (Either a r)
-- trying :: MonadCatch m => ReifiedGetter SomeException a -> m r -> m (Either a r)
-- trying :: MonadCatch m => ReifiedFold SomeException a -> m r -> m (Either a r)
--
trying :: MonadCatch m => Getting (First a) SomeException a -> m r -> m (Either a r)
-- | Catch exceptions that match a given ReifiedPrism (or any
-- ReifiedFold, really).
--
--
-- >>> catching _AssertionFailed (assert False (return "uncaught")) $ \ _ -> return "caught"
-- "caught"
--
--
--
-- catching :: MonadCatch m => Prism' SomeException a -> m r -> (a -> m r) -> m r
-- catching :: MonadCatch m => Lens' SomeException a -> m r -> (a -> m r) -> m r
-- catching :: MonadCatch m => Traversal' SomeException a -> m r -> (a -> m r) -> m r
-- catching :: MonadCatch m => Iso' SomeException a -> m r -> (a -> m r) -> m r
-- catching :: MonadCatch m => ReifiedGetter SomeException a -> m r -> (a -> m r) -> m r
-- catching :: MonadCatch m => ReifiedFold SomeException a -> m r -> (a -> m r) -> m r
--
catching :: MonadCatch m => Getting (First a) SomeException a -> m r -> (a -> m r) -> m r
-- | Provides a generalised prism for catching a specific service error
-- identified by the opaque service abbreviation and error code.
--
-- This can be used if the generated error prisms provided by
-- Amazonka.ServiceName.Types do not cover all the thrown
-- error codes. For example to define a new error prism:
--
--
-- {-# LANGUAGE OverloadedStrings #-}
--
-- import Amazonka.S3 (ServiceError, s3)
--
-- _NoSuchBucketPolicy :: AsError a => Fold a ServiceError
-- _NoSuchBucketPolicy = _MatchServiceError s3 "NoSuchBucketPolicy"
--
--
-- With example usage being:
--
--
-- >>> import Control.Exception.Lens (trying)
--
-- >>> :t trying _NoSuchBucketPolicy
-- MonadCatch m => m a -> m (Either ServiceError a)
--
_MatchServiceError :: AsError a => Service -> ErrorCode -> Fold a ServiceError
hasService :: (Applicative f, Choice p) => Service -> Optic' p f ServiceError ServiceError
hasStatus :: (Applicative f, Choice p) => Int -> Optic' p f ServiceError ServiceError
hasCode :: (Applicative f, Choice p) => ErrorCode -> Optic' p f ServiceError ServiceError
data LogLevel
-- | Info messages supplied by the user - this level is not emitted by the
-- library.
Info :: LogLevel
-- | Error messages only.
Error :: LogLevel
-- | Useful debug information + info + error levels.
Debug :: LogLevel
-- | Includes potentially sensitive signing metadata, and non-streaming
-- response bodies.
Trace :: LogLevel
-- | A logging function called by various default hooks to log
-- informational and debug messages.
type Logger = LogLevel -> ByteStringBuilder -> IO ()
-- | This is a primitive logger which can be used to log builds to a
-- Handle.
--
-- Note: A more sophisticated logging library such as
-- tinylog or fast-logger should be used in production
-- code.
newLogger :: MonadIO m => LogLevel -> Handle -> m Logger
-- | This is the simplest representation of UTC. It consists of the day
-- number, and a time offset from midnight. Note that if a day has a leap
-- second added to it, it will have 86401 seconds.
data UTCTime
may :: Applicative f => ([a] -> f b) -> [a] -> f (Maybe b)
(.!@) :: Functor f => f (Maybe a) -> a -> f a
infixl 7 .!@
nonEmptyText :: Fold a Text -> Fold a Bool
matchError :: ErrorCode -> Accept -> Acceptor a
matchStatus :: Int -> Accept -> Acceptor a
matchNonEmpty :: Bool -> Accept -> Fold (AWSResponse a) b -> Acceptor a
matchAny :: Eq b => b -> Accept -> Fold (AWSResponse a) b -> Acceptor a
matchAll :: Eq b => b -> Accept -> Fold (AWSResponse a) b -> Acceptor a
accept :: Wait a -> Acceptor a
wait_acceptors :: Lens (Wait a) (Wait b) [Acceptor a] [Acceptor b]
wait_delay :: Lens' (Wait a) Seconds
wait_attempts :: Lens' (Wait a) Int
wait_name :: Lens' (Wait a) ByteString
type Acceptor a = Request a -> Either Error ClientResponse AWSResponse a -> Maybe Accept
data Accept
AcceptSuccess :: Accept
AcceptFailure :: Accept
AcceptRetry :: Accept
-- | Timing and acceptance criteria to check fulfillment of a remote
-- operation.
data Wait a
Wait :: ByteString -> Int -> Seconds -> [Acceptor a] -> Wait a
[$sel:name:Wait] :: Wait a -> ByteString
[$sel:attempts:Wait] :: Wait a -> Int
[$sel:delay:Wait] :: Wait a -> Seconds
[$sel:acceptors:Wait] :: Wait a -> [Acceptor a]
-- | Determine the full host address and credential scope within the
-- specified Region.
defaultEndpoint :: Service -> Region -> Endpoint
-- | A convenience function for overriding the Service
-- Endpoint.
--
-- See: $sel:endpoint:Service.
setEndpoint :: Bool -> ByteString -> Int -> Service -> Service
decodeError :: Abbrev -> Status -> [Header] -> ByteStringLazy -> Either String ServiceError -> Error
parseRESTError :: Abbrev -> Status -> [Header] -> a -> Error
parseXMLError :: Abbrev -> Status -> [Header] -> ByteStringLazy -> Error
parseJSONError :: Abbrev -> Status -> [Header] -> ByteStringLazy -> Error
getErrorCode :: Status -> [Header] -> ErrorCode
getRequestId :: [Header] -> Maybe RequestId
serviceError :: Abbrev -> Status -> [Header] -> Maybe ErrorCode -> Maybe ErrorMessage -> Maybe RequestId -> ServiceError
hasCode :: (Applicative f, Choice p) => ErrorCode -> Optic' p f ServiceError ServiceError
hasStatus :: (Applicative f, Choice p) => Int -> Optic' p f ServiceError ServiceError
hasService :: (Applicative f, Choice p) => Service -> Optic' p f ServiceError ServiceError
_HttpStatus :: AsError a => Traversal' a Status
statusSuccess :: Status -> Bool
-- | Provides a generalised prism for catching a specific service error
-- identified by the opaque service abbreviation and error code.
--
-- This can be used if the generated error prisms provided by
-- Amazonka.ServiceName.Types do not cover all the thrown
-- error codes. For example to define a new error prism:
--
--
-- {-# LANGUAGE OverloadedStrings #-}
--
-- import Amazonka.S3 (ServiceError, s3)
--
-- _NoSuchBucketPolicy :: AsError a => Fold a ServiceError
-- _NoSuchBucketPolicy = _MatchServiceError s3 "NoSuchBucketPolicy"
--
--
-- With example usage being:
--
--
-- >>> import Control.Exception.Lens (trying)
--
-- >>> :t trying _NoSuchBucketPolicy
-- MonadCatch m => m a -> m (Either ServiceError a)
--
_MatchServiceError :: AsError a => Service -> ErrorCode -> Fold a ServiceError
choice :: (Alternative f, ToText a, ToText b) => (s -> f a) -> (s -> f b) -> Getter s (f Text)
stop :: AWSTruncated a => a -> Bool
-- | Specify how an AWSRequest and it's associated Rs
-- response can generate a subsequent request, if available.
class AWSRequest a => AWSPager a
page :: AWSPager a => a -> AWSResponse a -> Maybe a
-- | Generalise IsTruncated and other optional/required response pagination
-- fields.
class AWSTruncated a
truncated :: AWSTruncated a => a -> Bool
toMicroseconds :: Seconds -> Int
toSeconds :: Seconds -> DiffTime
withAuth :: MonadIO m => Auth -> (AuthEnv -> m a) -> m a
authEnv_expiration :: Lens' AuthEnv (Maybe ISO8601)
authEnv_sessionToken :: Lens' AuthEnv (Maybe (Sensitive SessionToken))
authEnv_secretAccessKey :: Lens' AuthEnv (Sensitive SecretKey)
authEnv_accessKeyId :: Lens' AuthEnv AccessKey
_SessionToken :: Iso' SessionToken ByteString
_SecretKey :: Iso' SecretKey ByteString
_AccessKey :: Iso' AccessKey ByteString
-- | Create an unsigned ClientRequest. You will almost never need to
-- do this.
requestUnsigned :: Request a -> Region -> ClientRequest
requestPresign :: Seconds -> Algorithm a
requestSign :: Algorithm a
request_body :: Lens' (Request a) RequestBody
request_headers :: Lens' (Request a) [Header]
request_query :: Lens' (Request a) QueryString
request_path :: Lens' (Request a) RawPath
request_method :: Lens' (Request a) StdMethod
request_service :: Lens' (Request a) Service
service_retry :: Lens' Service Retry
service_error :: Lens' Service (Status -> [Header] -> ByteStringLazy -> Error)
service_check :: Lens' Service (Status -> Bool)
service_timeout :: Lens' Service (Maybe Seconds)
service_endpoint :: Lens' Service (Region -> Endpoint)
service_endpointPrefix :: Lens' Service ByteString
service_s3AddressingStyle :: Lens' Service S3AddressingStyle
service_version :: Lens' Service ByteString
service_signingName :: Lens' Service ByteString
service_signer :: Lens' Service Signer
service_abbrev :: Lens' Service Abbrev
signed_signedRequest :: Lens' (Signed a) ClientRequest
signed_signedMeta :: Lens' (Signed a) Meta
retry_check :: Lens' Retry (ServiceError -> Maybe Text)
retry_attempts :: Lens' Retry Int
retry_growth :: Lens' Retry Int
retry_base :: Lens' Retry Double
endpoint_scope :: Lens' Endpoint ByteString
endpoint_port :: Lens' Endpoint Int
endpoint_secure :: Lens' Endpoint Bool
endpoint_basePath :: Lens' Endpoint RawPath
endpoint_host :: Lens' Endpoint ByteString
serviceError_requestId :: Lens' ServiceError (Maybe RequestId)
serviceError_message :: Lens' ServiceError (Maybe ErrorMessage)
serviceError_code :: Lens' ServiceError ErrorCode
serviceError_headers :: Lens' ServiceError [Header]
serviceError_status :: Lens' ServiceError Status
serviceError_abbrev :: Lens' ServiceError Abbrev
serializeError_message :: Lens' SerializeError String
serializeError_body :: Lens' SerializeError (Maybe ByteStringLazy)
serializeError_status :: Lens' SerializeError Status
serializeError_abbrev :: Lens' SerializeError Abbrev
_RequestId :: Iso' RequestId Text
_ErrorMessage :: Iso' ErrorMessage Text
-- | Construct an ErrorCode.
newErrorCode :: Text -> ErrorCode
_ErrorCode :: Iso' ErrorCode Text
_Abbrev :: Iso' Abbrev Text
-- | Construct a ClientRequest using common parameters such as TLS
-- and prevent throwing errors when receiving erroneous status codes in
-- respones.
newClientRequest :: Endpoint -> Maybe Seconds -> ClientRequest
-- | A convenience alias to avoid type ambiguity.
type ClientRequest = Request
-- | A convenience alias encapsulating the common Response.
type ClientResponse = Response
-- | A convenience alias encapsulating the common Response body.
type ClientBody = ConduitM () ByteString ResourceT IO ()
-- | Abbreviated service name.
data Abbrev
newtype ErrorCode
ErrorCode :: Text -> ErrorCode
newtype ErrorMessage
ErrorMessage :: Text -> ErrorMessage
[$sel:fromErrorMessage:ErrorMessage] :: ErrorMessage -> Text
newtype RequestId
RequestId :: Text -> RequestId
[$sel:fromRequestId:RequestId] :: RequestId -> Text
-- | An error type representing errors that can be attributed to this
-- library.
data Error
TransportError :: HttpException -> Error
SerializeError :: SerializeError -> Error
ServiceError :: ServiceError -> Error
data SerializeError
SerializeError' :: Abbrev -> Status -> Maybe ByteStringLazy -> String -> SerializeError
[$sel:abbrev:SerializeError'] :: SerializeError -> Abbrev
[$sel:status:SerializeError'] :: SerializeError -> Status
-- | The response body, if the response was not streaming.
[$sel:body:SerializeError'] :: SerializeError -> Maybe ByteStringLazy
[$sel:message:SerializeError'] :: SerializeError -> String
data ServiceError
ServiceError' :: Abbrev -> Status -> [Header] -> ErrorCode -> Maybe ErrorMessage -> Maybe RequestId -> ServiceError
[$sel:abbrev:ServiceError'] :: ServiceError -> Abbrev
[$sel:status:ServiceError'] :: ServiceError -> Status
[$sel:headers:ServiceError'] :: ServiceError -> [Header]
[$sel:code:ServiceError'] :: ServiceError -> ErrorCode
[$sel:message:ServiceError'] :: ServiceError -> Maybe ErrorMessage
[$sel:requestId:ServiceError'] :: ServiceError -> Maybe RequestId
class AsError a
-- | A general Amazonka error.
_Error :: AsError a => Prism' a Error
-- | An error occured while communicating over HTTP with a remote service.
_TransportError :: AsError a => Prism' a HttpException
-- | A serialisation error occured when attempting to deserialise a
-- response.
_SerializeError :: AsError a => Prism' a SerializeError
-- | A service specific error returned by the remote service.
_ServiceError :: AsError a => Prism' a ServiceError
data Endpoint
Endpoint :: ByteString -> RawPath -> Bool -> Int -> ByteString -> Endpoint
-- | The host to make requests to. Usually something like
-- s3.us-east-1.amazonaws.com.
[$sel:host:Endpoint] :: Endpoint -> ByteString
-- | Path segment prepended to the request path of any request made to this
-- endpoint. This is useful if you want to use the AWS API Gateway
-- Management API, which requires you to override the client endpoint
-- including a leading path segment (either the stage or, on a custom
-- domain, the mapped base path).
[$sel:basePath:Endpoint] :: Endpoint -> RawPath
[$sel:secure:Endpoint] :: Endpoint -> Bool
[$sel:port:Endpoint] :: Endpoint -> Int
-- | Signing scope, usually a region like us-east-1.
[$sel:scope:Endpoint] :: Endpoint -> ByteString
-- | Constants and predicates used to create a RetryPolicy.
data Retry
Exponential :: Double -> Int -> Int -> (ServiceError -> Maybe Text) -> Retry
[$sel:base:Exponential] :: Retry -> Double
[$sel:growth:Exponential] :: Retry -> Int
[$sel:attempts:Exponential] :: Retry -> Int
-- | Returns a descriptive name for logging if the request should be
-- retried.
[$sel:check:Exponential] :: Retry -> ServiceError -> Maybe Text
-- | Signing algorithm specific metadata.
data Meta
[Meta] :: forall a. ToLog a => a -> Meta
-- | A signed ClientRequest and associated metadata specific to the
-- signing algorithm, tagged with the initial request type to be able to
-- obtain the associated response, AWSResponse a.
data Signed a
Signed :: Meta -> ClientRequest -> Signed a
[$sel:signedMeta:Signed] :: Signed a -> Meta
[$sel:signedRequest:Signed] :: Signed a -> ClientRequest
type Algorithm a = Request a -> AuthEnv -> Region -> UTCTime -> Signed a
data Signer
Signer :: (forall a. () => Algorithm a) -> (forall a. () => Seconds -> Algorithm a) -> Signer
-- | Attributes and functions specific to an AWS service.
data Service
Service :: Abbrev -> Signer -> ByteString -> ByteString -> S3AddressingStyle -> ByteString -> (Region -> Endpoint) -> Maybe Seconds -> (Status -> Bool) -> (Status -> [Header] -> ByteStringLazy -> Error) -> Retry -> Service
[$sel:abbrev:Service] :: Service -> Abbrev
[$sel:signer:Service] :: Service -> Signer
[$sel:signingName:Service] :: Service -> ByteString
[$sel:version:Service] :: Service -> ByteString
-- | Only service bindings using the s3vhost request plugin (configured in
-- the generator) will care about this field. It is ignored otherwise.
[$sel:s3AddressingStyle:Service] :: Service -> S3AddressingStyle
[$sel:endpointPrefix:Service] :: Service -> ByteString
[$sel:endpoint:Service] :: Service -> Region -> Endpoint
[$sel:timeout:Service] :: Service -> Maybe Seconds
[$sel:check:Service] :: Service -> Status -> Bool
[$sel:error:Service] :: Service -> Status -> [Header] -> ByteStringLazy -> Error
[$sel:retry:Service] :: Service -> Retry
-- | When to rewrite S3 requests into virtual-hosted style.
--
-- Requests to S3 can be rewritten to access buckets by setting the
-- Host: header, which allows you to point a CNAME
-- record at an Amazon S3 Bucket.
--
-- Non-S3 object stores usually do not support this, which is usually the
-- only time you'll need to change this.
--
-- See: Virtual hosting of buckets in the Amazon S3 User
-- Guide.
--
-- See: Changing the Addressing Style for the corresponding
-- option in Boto 3.
data S3AddressingStyle
-- | Rewrite S3 request paths only if they can be expressed as a DNS label.
-- This is the default.
S3AddressingStyleAuto :: S3AddressingStyle
-- | Do not ever rewrite S3 request paths.
S3AddressingStylePath :: S3AddressingStyle
-- | Force virtual hosted style rewrites without checking the bucket name.
S3AddressingStyleVirtual :: S3AddressingStyle
-- | An unsigned request.
data Request a
Request :: Service -> StdMethod -> RawPath -> QueryString -> [Header] -> RequestBody -> Request a
[$sel:service:Request] :: Request a -> Service
[$sel:method:Request] :: Request a -> StdMethod
[$sel:path:Request] :: Request a -> RawPath
[$sel:query:Request] :: Request a -> QueryString
[$sel:headers:Request] :: Request a -> [Header]
[$sel:body:Request] :: Request a -> RequestBody
-- | The successful, expected response associated with a request.
type family AWSResponse a
-- | Specify how a request can be de/serialised.
class AWSRequest a where {
-- | The successful, expected response associated with a request.
type family AWSResponse a;
}
request :: AWSRequest a => (Service -> Service) -> a -> Request a
response :: (AWSRequest a, MonadResource m) => (ByteStringLazy -> IO ByteStringLazy) -> Service -> Proxy a -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse a)))
-- | An access key ID.
--
-- For example: AKIAIOSFODNN7EXAMPLE
--
-- See: Understanding and Getting Your Security
-- Credentials.
newtype AccessKey
AccessKey :: ByteString -> AccessKey
-- | Secret access key credential.
--
-- For example: wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKE
--
-- See: Understanding and Getting Your Security
-- Credentials.
newtype SecretKey
SecretKey :: ByteString -> SecretKey
-- | A session token used by STS to temporarily authorise access to an AWS
-- resource.
--
-- See: Temporary Security Credentials.
newtype SessionToken
SessionToken :: ByteString -> SessionToken
-- | The AuthN/AuthZ credential environment.
data AuthEnv
AuthEnv :: AccessKey -> Sensitive SecretKey -> Maybe (Sensitive SessionToken) -> Maybe ISO8601 -> AuthEnv
[$sel:accessKeyId:AuthEnv] :: AuthEnv -> AccessKey
[$sel:secretAccessKey:AuthEnv] :: AuthEnv -> Sensitive SecretKey
[$sel:sessionToken:AuthEnv] :: AuthEnv -> Maybe (Sensitive SessionToken)
[$sel:expiration:AuthEnv] :: AuthEnv -> Maybe ISO8601
-- | An authorisation environment containing AWS credentials, and
-- potentially a reference which can be refreshed out-of-band as
-- temporary credentials expire.
data Auth
Ref :: ThreadId -> IORef AuthEnv -> Auth
Auth :: AuthEnv -> Auth
-- | The available AWS regions.
newtype Region
Region' :: Text -> Region
[$sel:fromRegion:Region'] :: Region -> Text
pattern Ohio :: Region
pattern NorthVirginia :: Region
pattern NorthCalifornia :: Region
pattern Oregon :: Region
pattern CapeTown :: Region
pattern HongKong :: Region
pattern Hyderabad :: Region
pattern Jakarta :: Region
pattern Melbourne :: Region
pattern Mumbai :: Region
pattern Osaka :: Region
pattern Seoul :: Region
pattern Singapore :: Region
pattern Sydney :: Region
pattern Tokyo :: Region
pattern Montreal :: Region
pattern Frankfurt :: Region
pattern Ireland :: Region
pattern London :: Region
pattern Milan :: Region
pattern Paris :: Region
pattern Spain :: Region
pattern Stockholm :: Region
pattern Zurich :: Region
pattern Bahrain :: Region
pattern UAE :: Region
pattern SaoPaulo :: Region
pattern GovCloudEast :: Region
pattern GovCloudWest :: Region
pattern Beijing :: Region
pattern Ningxia :: Region
-- | A numeric value representing seconds.
newtype Seconds
Seconds :: DiffTime -> Seconds
_Base64 :: Iso' Base64 ByteString
-- | Base64 encoded binary data.
--
-- Encoding/decoding is automatically deferred to serialisation and
-- deserialisation respectively.
newtype Base64
Base64 :: ByteString -> Base64
[$sel:unBase64:Base64] :: Base64 -> ByteString
_Sensitive :: Iso' (Sensitive a) a
-- | Note: read . show /= isomorphic
newtype Sensitive a
Sensitive :: a -> Sensitive a
[$sel:fromSensitive:Sensitive] :: Sensitive a -> a
contentLength :: RequestBody -> Integer
toRequestBody :: RequestBody -> RequestBody
isStreaming :: RequestBody -> Bool
md5Base64 :: RequestBody -> Maybe ByteString
-- | Construct a HashedBody from a Source, manually
-- specifying the SHA256 hash and file size. It's left up to the
-- caller to calculate these correctly, otherwise AWS will return signing
-- errors.
--
-- See: ToHashedBody.
hashedBody :: Digest SHA256 -> Integer -> ConduitM () ByteString (ResourceT IO) () -> HashedBody
-- | Construct a HashedBody from a FilePath, specifying the
-- range of bytes to read. This can be useful for constructing multiple
-- requests from a single file, say for S3 multipart uploads.
--
-- See: hashedFile, sourceFileRange.
hashedFileRange :: MonadIO m => FilePath -> Integer -> Integer -> m HashedBody
-- | Construct a HashedBody from a FilePath, calculating the
-- SHA256 hash and file size.
--
-- Note: While this function will perform in constant space, it
-- will enumerate the entirety of the file contents twice. Firstly
-- to calculate the SHA256 and lastly to stream the contents to the
-- socket during sending.
--
-- See: ToHashedBody.
hashedFile :: MonadIO m => FilePath -> m HashedBody
sha256Base16 :: HashedBody -> ByteString
sourceFileRangeChunks :: forall (m :: Type -> Type). MonadResource m => ChunkSize -> FilePath -> Integer -> Integer -> ConduitM () ByteString m ()
sourceFileChunks :: forall (m :: Type -> Type). MonadResource m => ChunkSize -> FilePath -> ConduitM () ByteString m ()
-- | Unsafely construct a ChunkedBody.
--
-- This function is marked unsafe because it does nothing to enforce the
-- chunk size. Typically for conduit IO functions, it's whatever
-- ByteString's defaultBufferSize is, around 32 KB. If the chunk
-- size is less than 8 KB, the request will error. 64 KB or higher chunk
-- size is recommended for performance reasons.
--
-- Note that it will always create a chunked body even if the request is
-- too small.
--
-- See: ToBody.
unsafeChunkedBody :: ChunkSize -> Integer -> ConduitM () ByteString (ResourceT IO) () -> RequestBody
-- | Construct a ChunkedBody from a FilePath, specifying the
-- range of bytes to read. This can be useful for constructing multiple
-- requests from a single file, say for S3 multipart uploads.
--
-- See: chunkedFile.
chunkedFileRange :: MonadIO m => ChunkSize -> FilePath -> Integer -> Integer -> m RequestBody
-- | Construct a ChunkedBody from a FilePath, where the
-- contents will be read and signed incrementally in chunks if the target
-- service supports it.
--
-- Will intelligently revert to HashedBody if the file is smaller
-- than the specified ChunkSize.
--
-- See: ToBody.
chunkedFile :: MonadIO m => ChunkSize -> FilePath -> m RequestBody
remainderBytes :: ChunkedBody -> Maybe Integer
fullChunks :: ChunkedBody -> Integer
fuseChunks :: ChunkedBody -> ConduitM ByteString ByteString (ResourceT IO) () -> ChunkedBody
chunkedBody_body :: Lens' ChunkedBody (ConduitM () ByteString (ResourceT IO) ())
chunkedBody_length :: Lens' ChunkedBody Integer
chunkedBody_size :: Lens' ChunkedBody ChunkSize
-- | The default chunk size of 128 KB. The minimum chunk size accepted by
-- AWS is 8 KB, unless the entirety of the request is below this
-- threshold.
--
-- A chunk size of 64 KB or higher is recommended for performance
-- reasons.
defaultChunkSize :: ChunkSize
_ChunkSize :: Iso' ChunkSize Int
-- | Connect a Sink to a response stream.
sinkBody :: MonadIO m => ResponseBody -> ConduitM ByteString Void (ResourceT IO) a -> m a
fuseStream :: ResponseBody -> ConduitM ByteString ByteString (ResourceT IO) () -> ResponseBody
_ResponseBody :: Iso' ResponseBody (ConduitM () ByteString (ResourceT IO) ())
-- | Convenience function for obtaining the size of a file.
getFileSize :: MonadIO m => FilePath -> m Integer
-- | A streaming, exception safe response body.
--
-- newtype for show/orhpan instance purposes.
newtype ResponseBody
ResponseBody :: ConduitM () ByteString (ResourceT IO) () -> ResponseBody
[$sel:body:ResponseBody] :: ResponseBody -> ConduitM () ByteString (ResourceT IO) ()
-- | Specifies the transmitted size of the 'Transfer-Encoding' chunks.
--
-- See: defaultChunk.
newtype ChunkSize
ChunkSize :: Int -> ChunkSize
-- | An opaque request body which will be transmitted via
-- Transfer-Encoding: chunked.
--
-- Invariant: Only services that support chunked encoding can
-- accept a ChunkedBody. (Currently S3.) This is enforced by the
-- type signatures emitted by the generator.
data ChunkedBody
ChunkedBody :: ChunkSize -> Integer -> ConduitM () ByteString (ResourceT IO) () -> ChunkedBody
[$sel:size:ChunkedBody] :: ChunkedBody -> ChunkSize
[$sel:length:ChunkedBody] :: ChunkedBody -> Integer
[$sel:body:ChunkedBody] :: ChunkedBody -> ConduitM () ByteString (ResourceT IO) ()
-- | An opaque request body containing a SHA256 hash.
data HashedBody
HashedStream :: Digest SHA256 -> !Integer -> ConduitM () ByteString (ResourceT IO) () -> HashedBody
HashedBytes :: Digest SHA256 -> ByteString -> HashedBody
-- | Invariant: only services that support both standard and chunked
-- signing expose RequestBody as a parameter.
data RequestBody
-- | Currently S3 only, see ChunkedBody for details.
Chunked :: ChunkedBody -> RequestBody
Hashed :: HashedBody -> RequestBody
-- | Anything that can be safely converted to a HashedBody.
class ToHashedBody a
-- | Convert a value to a hashed request body.
toHashed :: ToHashedBody a => a -> HashedBody
-- | Anything that can be converted to a streaming request Body.
class ToBody a
-- | Convert a value to a request body.
toBody :: ToBody a => a -> RequestBody
-- | Intercalate a list of ByteStringBuilders with newlines.
buildLines :: [ByteStringBuilder] -> ByteStringBuilder
class ToLog a
-- | Convert a value to a loggable builder.
build :: ToLog a => a -> ByteStringBuilder
_Time :: forall (a :: Format). Iso' (Time a) UTCTime
data Format
RFC822Format :: Format
ISO8601Format :: Format
BasicFormat :: Format
AWSFormat :: Format
POSIXFormat :: Format
newtype Time (a :: Format)
Time :: UTCTime -> Time (a :: Format)
[$sel:fromTime:Time] :: Time (a :: Format) -> UTCTime
type RFC822 = Time 'RFC822Format
type ISO8601 = Time 'ISO8601Format
type BasicTime = Time 'BasicFormat
type AWSTime = Time 'AWSFormat
type POSIX = Time 'POSIXFormat
-- | An exception which may be generated by this library
data HttpException