aws
diff --git a/‎generator/ServiceModels/eks/eks-2017-11-01.api.json
Lines changed: 10 additions & 3 deletions b/‎generator/ServiceModels/eks/eks-2017-11-01.api.json
Lines changed: 10 additions & 3 deletions
diff --git a/‎generator/ServiceModels/eks/eks-2017-11-01.docs.json
Lines changed: 44 additions & 37 deletions b/‎generator/ServiceModels/eks/eks-2017-11-01.docs.json
Lines changed: 44 additions & 37 deletions
diff --git a/‎generator/ServiceModels/eks/eks-2017-11-01.normal.json
Lines changed: 65 additions & 37 deletions b/‎generator/ServiceModels/eks/eks-2017-11-01.normal.json
Lines changed: 65 additions & 37 deletions
diff --git a/‎sdk/src/Services/EKS/Generated/Model/Addon.cs
Lines changed: 4 additions & 4 deletions b/‎sdk/src/Services/EKS/Generated/Model/Addon.cs
Lines changed: 4 additions & 4 deletions
diff --git a/‎sdk/src/Services/EKS/Generated/Model/AddonPodIdentityAssociations.cs
Lines changed: 4 additions & 5 deletions b/‎sdk/src/Services/EKS/Generated/Model/AddonPodIdentityAssociations.cs
Lines changed: 4 additions & 5 deletions
diff --git a/‎sdk/src/Services/EKS/Generated/Model/AddonPodIdentityConfiguration.cs
Lines changed: 3 additions & 3 deletions b/‎sdk/src/Services/EKS/Generated/Model/AddonPodIdentityConfiguration.cs
Lines changed: 3 additions & 3 deletions
diff --git a/‎sdk/src/Services/EKS/Generated/Model/AddonVersionInfo.cs
Lines changed: 2 additions & 2 deletions b/‎sdk/src/Services/EKS/Generated/Model/AddonVersionInfo.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎sdk/src/Services/EKS/Generated/Model/CreateAddonRequest.cs
Lines changed: 4 additions & 4 deletions b/‎sdk/src/Services/EKS/Generated/Model/CreateAddonRequest.cs
Lines changed: 4 additions & 4 deletions
diff --git a/‎sdk/src/Services/EKS/Generated/Model/CreateClusterRequest.cs
Lines changed: 4 additions & 3 deletions b/‎sdk/src/Services/EKS/Generated/Model/CreateClusterRequest.cs
Lines changed: 4 additions & 3 deletions
diff --git a/‎sdk/src/Services/EKS/Generated/Model/CreatePodIdentityAssociationRequest.cs
Lines changed: 99 additions & 11 deletions b/‎sdk/src/Services/EKS/Generated/Model/CreatePodIdentityAssociationRequest.cs
Lines changed: 99 additions & 11 deletions
@@ -1731,7 +1731,9 @@
           "shape":"String",
           "idempotencyToken":true
         },
-        "tags":{"shape":"TagMap"}
+        "tags":{"shape":"TagMap"},
+        "disableSessionTags":{"shape":"BoxedBoolean"},
+        "targetRoleArn":{"shape":"String"}
       }
     },
     "CreatePodIdentityAssociationResponse":{
@@ -3452,7 +3454,10 @@
         "tags":{"shape":"TagMap"},
         "createdAt":{"shape":"Timestamp"},
         "modifiedAt":{"shape":"Timestamp"},
-        "ownerArn":{"shape":"String"}
+        "ownerArn":{"shape":"String"},
+        "disableSessionTags":{"shape":"BoxedBoolean"},
+        "targetRoleArn":{"shape":"String"},
+        "externalId":{"shape":"String"}
       }
     },
     "PodIdentityAssociationSummaries":{
@@ -4054,7 +4059,9 @@
         "clientRequestToken":{
           "shape":"String",
           "idempotencyToken":true
-        }
+        },
+        "disableSessionTags":{"shape":"BoxedBoolean"},
+        "targetRoleArn":{"shape":"String"}
       }
     },
     "UpdatePodIdentityAssociationResponse":{
 
@@ -235,14 +235,14 @@ internal bool IsSetOwner()
         /// <summary>
         /// Gets and sets the property PodIdentityAssociations. 
         /// <para>
-        /// An array of Pod Identity Assocations owned by the Addon. Each EKS Pod Identity association
-        /// maps a role to a service account in a namespace in the cluster.
+        /// An array of EKS Pod Identity associations owned by the add-on. Each association maps
+        /// a role to a service account in a namespace in the cluster.
         /// </para>
         ///  
         /// <para>
         /// For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html">Attach
-        /// an IAM Role to an Amazon EKS add-on using Pod Identity</a> in the <i>Amazon EKS User
-        /// Guide</i>.
+        /// an IAM Role to an Amazon EKS add-on using EKS Pod Identity</a> in the <i>Amazon EKS
+        /// User Guide</i>.
         /// </para>
         /// </summary>
         public List<string> PodIdentityAssociations
 
@@ -30,18 +30,17 @@
 namespace Amazon.EKS.Model
 {
     /// <summary>
-    /// A type of Pod Identity Association owned by an Amazon EKS Add-on.
+    /// A type of EKS Pod Identity association owned by an Amazon EKS add-on.
     /// 
     ///  
     /// <para>
-    /// Each EKS Pod Identity Association maps a role to a service account in a namespace
-    /// in the cluster.
+    /// Each association maps a role to a service account in a namespace in the cluster.
     /// </para>
     ///  
     /// <para>
     /// For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html">Attach
-    /// an IAM Role to an Amazon EKS add-on using Pod Identity</a> in the <i>Amazon EKS User
-    /// Guide</i>.
+    /// an IAM Role to an Amazon EKS add-on using EKS Pod Identity</a> in the <i>Amazon EKS
+    /// User Guide</i>.
     /// </para>
     /// </summary>
     public partial class AddonPodIdentityAssociations
 
@@ -30,7 +30,7 @@
 namespace Amazon.EKS.Model
 {
     /// <summary>
-    /// Information about how to configure IAM for an Addon.
+    /// Information about how to configure IAM for an add-on.
     /// </summary>
     public partial class AddonPodIdentityConfiguration
     {
@@ -40,7 +40,7 @@ public partial class AddonPodIdentityConfiguration
         /// <summary>
         /// Gets and sets the property RecommendedManagedPolicies. 
         /// <para>
-        /// A suggested IAM Policy for the addon.
+        /// A suggested IAM Policy for the add-on.
         /// </para>
         /// </summary>
         public List<string> RecommendedManagedPolicies
@@ -58,7 +58,7 @@ internal bool IsSetRecommendedManagedPolicies()
         /// <summary>
         /// Gets and sets the property ServiceAccount. 
         /// <para>
-        /// The Kubernetes Service Account name used by the addon.
+        /// The Kubernetes Service Account name used by the add-on.
         /// </para>
         /// </summary>
         public string ServiceAccount
 
@@ -98,7 +98,7 @@ internal bool IsSetCompatibilities()
         /// <summary>
         /// Gets and sets the property ComputeTypes. 
         /// <para>
-        /// Indicates the compute type of the addon version.
+        /// Indicates the compute type of the add-on version.
         /// </para>
         /// </summary>
         public List<string> ComputeTypes
@@ -134,7 +134,7 @@ internal bool IsSetRequiresConfiguration()
         /// <summary>
         /// Gets and sets the property RequiresIamPermissions. 
         /// <para>
-        /// Indicates if the Addon requires IAM Permissions to operate, such as networking permissions.
+        /// Indicates if the add-on requires IAM Permissions to operate, such as networking permissions.
         /// </para>
         /// </summary>
         public bool RequiresIamPermissions
 
@@ -151,14 +151,14 @@ internal bool IsSetConfigurationValues()
         /// <summary>
         /// Gets and sets the property PodIdentityAssociations. 
         /// <para>
-        /// An array of Pod Identity Assocations to be created. Each EKS Pod Identity association
-        /// maps a Kubernetes service account to an IAM Role.
+        /// An array of EKS Pod Identity associations to be created. Each association maps a Kubernetes
+        /// service account to an IAM role.
         /// </para>
         ///  
         /// <para>
         /// For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html">Attach
-        /// an IAM Role to an Amazon EKS add-on using Pod Identity</a> in the <i>Amazon EKS User
-        /// Guide</i>.
+        /// an IAM Role to an Amazon EKS add-on using EKS Pod Identity</a> in the <i>Amazon EKS
+        /// User Guide</i>.
         /// </para>
         /// </summary>
         public List<AddonPodIdentityAssociations> PodIdentityAssociations
 
@@ -59,8 +59,9 @@ namespace Amazon.EKS.Model
     /// <para>
     /// You can use the <c>endpointPublicAccess</c> and <c>endpointPrivateAccess</c> parameters
     /// to enable or disable public and private access to your cluster's Kubernetes API server
-    /// endpoint. By default, public access is enabled, and private access is disabled. For
-    /// more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html">Amazon
+    /// endpoint. By default, public access is enabled, and private access is disabled. The
+    /// endpoint domain name and IP address family depends on the value of the <c>ipFamily</c>
+    /// for the cluster. For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html">Amazon
     /// EKS Cluster Endpoint Access Control</a> in the <i> <i>Amazon EKS User Guide</i> </i>.
     /// 
     /// </para>
@@ -132,7 +133,7 @@ internal bool IsSetAccessConfig()
         /// </para>
         ///  
         /// <para>
-        /// The default networking addons include vpc-cni, coredns, and kube-proxy.
+        /// The default networking add-ons include <c>vpc-cni</c>, <c>coredns</c>, and <c>kube-proxy</c>.
         /// </para>
         ///  
         /// <para>
 
@@ -33,7 +33,7 @@ namespace Amazon.EKS.Model
     /// Container for the parameters to the CreatePodIdentityAssociation operation.
     /// Creates an EKS Pod Identity association between a service account in an Amazon EKS
     /// cluster and an IAM role with <i>EKS Pod Identity</i>. Use EKS Pod Identity to give
-    /// temporary IAM credentials to pods and the credentials are rotated automatically.
+    /// temporary IAM credentials to Pods and the credentials are rotated automatically.
     /// 
     ///  
     /// <para>
@@ -43,26 +43,46 @@ namespace Amazon.EKS.Model
     /// </para>
     ///  
     /// <para>
-    /// If a pod uses a service account that has an association, Amazon EKS sets environment
-    /// variables in the containers of the pod. The environment variables configure the Amazon
+    /// If a Pod uses a service account that has an association, Amazon EKS sets environment
+    /// variables in the containers of the Pod. The environment variables configure the Amazon
     /// Web Services SDKs, including the Command Line Interface, to use the EKS Pod Identity
     /// credentials.
     /// </para>
     ///  
     /// <para>
-    /// Pod Identity is a simpler method than <i>IAM roles for service accounts</i>, as this
-    /// method doesn't use OIDC identity providers. Additionally, you can configure a role
-    /// for Pod Identity once, and reuse it across clusters.
+    /// EKS Pod Identity is a simpler method than <i>IAM roles for service accounts</i>, as
+    /// this method doesn't use OIDC identity providers. Additionally, you can configure a
+    /// role for EKS Pod Identity once, and reuse it across clusters.
+    /// </para>
+    ///  
+    /// <para>
+    /// Similar to Amazon Web Services IAM behavior, EKS Pod Identity associations are eventually
+    /// consistent, and may take several seconds to be effective after the initial API call
+    /// returns successfully. You must design your applications to account for these potential
+    /// delays. We recommend that you don’t include association create/updates in the critical,
+    /// high-availability code paths of your application. Instead, make changes in a separate
+    /// initialization or setup routine that you run less frequently.
+    /// </para>
+    ///  
+    /// <para>
+    /// You can set a <i>target IAM role</i> in the same or a different account for advanced
+    /// scenarios. With a target role, EKS Pod Identity automatically performs two role assumptions
+    /// in sequence: first assuming the role in the association that is in this account, then
+    /// using those credentials to assume the target IAM role. This process provides your
+    /// Pod with temporary credentials that have the permissions defined in the target role,
+    /// allowing secure access to resources in another Amazon Web Services account.
     /// </para>
     /// </summary>
     public partial class CreatePodIdentityAssociationRequest : AmazonEKSRequest
     {
         private string _clientRequestToken;
         private string _clusterName;
+        private bool? _disableSessionTags;
         private string _awsNamespace;
         private string _roleArn;
         private string _serviceAccount;
         private Dictionary<string, string> _tags = AWSConfigs.InitializeCollections ? new Dictionary<string, string>() : null;
+        private string _targetRoleArn;
 
         /// <summary>
         /// Gets and sets the property ClientRequestToken. 
@@ -86,7 +106,7 @@ internal bool IsSetClientRequestToken()
         /// <summary>
         /// Gets and sets the property ClusterName. 
         /// <para>
-        /// The name of the cluster to create the association in.
+        /// The name of the cluster to create the EKS Pod Identity association in.
         /// </para>
         /// </summary>
         [AWSProperty(Required=true)]
@@ -102,12 +122,46 @@ internal bool IsSetClusterName()
             return this._clusterName != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property DisableSessionTags. 
+        /// <para>
+        /// Disable the automatic sessions tags that are appended by EKS Pod Identity.
+        /// </para>
+        ///  
+        /// <para>
+        /// EKS Pod Identity adds a pre-defined set of session tags when it assumes the role.
+        /// You can use these tags to author a single role that can work across resources by allowing
+        /// access to Amazon Web Services resources based on matching tags. By default, EKS Pod
+        /// Identity attaches six tags, including tags for cluster name, namespace, and service
+        /// account name. For the list of tags added by EKS Pod Identity, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags">List
+        /// of session tags added by EKS Pod Identity</a> in the <i>Amazon EKS User Guide</i>.
+        /// </para>
+        ///  
+        /// <para>
+        /// Amazon Web Services compresses inline session policies, managed policy ARNs, and session
+        /// tags into a packed binary format that has a separate limit. If you receive a <c>PackedPolicyTooLarge</c>
+        /// error indicating the packed binary format has exceeded the size limit, you can attempt
+        /// to reduce the size by disabling the session tags added by EKS Pod Identity.
+        /// </para>
+        /// </summary>
+        public bool DisableSessionTags
+        {
+            get { return this._disableSessionTags.GetValueOrDefault(); }
+            set { this._disableSessionTags = value; }
+        }
+
+        // Check to see if DisableSessionTags property is set
+        internal bool IsSetDisableSessionTags()
+        {
+            return this._disableSessionTags.HasValue; 
+        }
+
         /// <summary>
         /// Gets and sets the property Namespace. 
         /// <para>
-        /// The name of the Kubernetes namespace inside the cluster to create the association
-        /// in. The service account and the pods that use the service account must be in this
-        /// namespace.
+        /// The name of the Kubernetes namespace inside the cluster to create the EKS Pod Identity
+        /// association in. The service account and the Pods that use the service account must
+        /// be in this namespace.
         /// </para>
         /// </summary>
         [AWSProperty(Required=true)]
@@ -128,7 +182,7 @@ internal bool IsSetNamespace()
         /// <para>
         /// The Amazon Resource Name (ARN) of the IAM role to associate with the service account.
         /// The EKS Pod Identity agent manages credentials to assume this role for applications
-        /// in the containers in the pods that use this service account.
+        /// in the containers in the Pods that use this service account.
         /// </para>
         /// </summary>
         [AWSProperty(Required=true)]
@@ -225,5 +279,39 @@ internal bool IsSetTags()
             return this._tags != null && (this._tags.Count > 0 || !AWSConfigs.InitializeCollections); 
         }
 
+        /// <summary>
+        /// Gets and sets the property TargetRoleArn. 
+        /// <para>
+        /// The Amazon Resource Name (ARN) of the target IAM role to associate with the service
+        /// account. This role is assumed by using the EKS Pod Identity association role, then
+        /// the credentials for this role are injected into the Pod.
+        /// </para>
+        ///  
+        /// <para>
+        /// When you run applications on Amazon EKS, your application might need to access Amazon
+        /// Web Services resources from a different role that exists in the same or different
+        /// Amazon Web Services account. For example, your application running in “Account A”
+        /// might need to access resources, such as Amazon S3 buckets in “Account B” or within
+        /// “Account A” itself. You can create a association to access Amazon Web Services resources
+        /// in “Account B” by creating two IAM roles: a role in “Account A” and a role in “Account
+        /// B” (which can be the same or different account), each with the necessary trust and
+        /// permission policies. After you provide these roles in the <i>IAM role</i> and <i>Target
+        /// IAM role</i> fields, EKS will perform role chaining to ensure your application gets
+        /// the required permissions. This means Role A will assume Role B, allowing your Pods
+        /// to securely access resources like S3 buckets in the target account.
+        /// </para>
+        /// </summary>
+        public string TargetRoleArn
+        {
+            get { return this._targetRoleArn; }
+            set { this._targetRoleArn = value; }
+        }
+
+        // Check to see if TargetRoleArn property is set
+        internal bool IsSetTargetRoleArn()
+        {
+            return this._targetRoleArn != null;
+        }
+
     }
 }