-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Comprehensive Amazon Web Services SDK.
--   
--   This client library contains request and response logic to communicate
--   with Amazon Web Service compatible APIs using the types supplied by
--   the various <tt>amazonka-*</tt> service libraries. See the <a>AWS</a>
--   category on Hackage for supported services.
--   
--   To get started, import the desired <tt>amazonka-*</tt> library (such
--   as <a>Network.AWS.MachineLearning</a>) and one of the following:
--   
--   <ul>
--   <li><a>Control.Monad.Trans.AWS</a>: The <a>AWST</a> transformer and
--   generalised operations.</li>
--   <li><a>Network.AWS</a>: The <a>AWS</a> monad and <a>MonadAWS</a> type
--   class for automatically lifting operations when embedded as a layer in
--   a transformer stack.</li>
--   </ul>
--   
--   GHC 7.8.4 and higher is officially supported.
@package amazonka
@version 1.6.1


-- | Re-exports some of the underlying textual and byte serialisation
--   mechanisms for convenience.
--   
--   Many of the AWS identifiers like S3's <tt>ObjectVersionId</tt> or
--   <tt>ETag</tt>, as well as any nullary sum types such as <a>Region</a>
--   have <a>ToText</a> and <a>ToByteString</a> instances, making it
--   convenient to use the type classes to convert a value to its textual
--   representation.
module Network.AWS.Data
class FromText a
parser :: FromText a => Parser a
fromText :: FromText a => Text -> Either String a

-- | Fail parsing with a <a>Text</a> error.
--   
--   Constrained to the actual attoparsec monad to avoid exposing
--   <a>fail</a> usage directly.
fromTextError :: () => Text -> Parser a
takeLowerText :: Parser Text
class ToText a
toText :: ToText a => a -> Text
class ToByteString a
toBS :: ToByteString a => a -> ByteString
class ToLog a

-- | Convert a value to a loggable builder.
build :: ToLog a => a -> Builder


-- | This module contains functions for retrieving various EC2 metadata
--   from an instance's local metadata endpoint using <a>MonadIO</a> and
--   not one of the AWS specific transformers.
--   
--   It is intended to be used when you need to make metadata calls prior
--   to initialisation of the <a>Env</a>.
module Network.AWS.EC2.Metadata

-- | Test whether the underlying host is running on EC2 by making an HTTP
--   request to <tt><a>http://instance-data/latest</a></tt>.
isEC2 :: MonadIO m => Manager -> m Bool

-- | Retrieve the specified <a>Dynamic</a> data.
--   
--   Throws <a>HttpException</a> if HTTP communication fails.
dynamic :: (MonadIO m, MonadThrow m) => Manager -> Dynamic -> m ByteString

-- | Retrieve the specified <a>Metadata</a>.
--   
--   Throws <a>HttpException</a> if HTTP communication fails.
metadata :: (MonadIO m, MonadThrow m) => Manager -> Metadata -> m ByteString

-- | Retrieve the user data. Returns <a>Nothing</a> if no user data is
--   assigned to the instance.
--   
--   Throws <a>HttpException</a> if HTTP communication fails.
userdata :: (MonadIO m, MonadCatch m) => Manager -> m (Maybe ByteString)

-- | Retrieve the instance's identity document, detailing various EC2
--   metadata.
--   
--   You can alternatively retrieve the raw unparsed identity document by
--   using <a>dynamic</a> and the <a>Document</a> path.
--   
--   <i>See:</i> <a>AWS Instance Identity Documents</a>.
identity :: (MonadIO m, MonadThrow m) => Manager -> m (Either String IdentityDocument)
data Dynamic

-- | Value showing whether the customer has enabled detailed one-minute
--   monitoring in CloudWatch.
--   
--   Valid values: enabled | disabled.
FWS :: Dynamic

-- | JSON containing instance attributes, such as instance-id, private IP
--   address, etc. <i>See:</i> <a>identity</a>, <tt>InstanceDocument</tt>.
Document :: Dynamic

-- | Used to verify the document's authenticity and content against the
--   signature.
PKCS7 :: Dynamic
Signature :: Dynamic
data Metadata

-- | The AMI ID used to launch the instance.
AMIId :: Metadata

-- | If you started more than one instance at the same time, this value
--   indicates the order in which the instance was launched. The value of
--   the first instance launched is 0.
AMILaunchIndex :: Metadata

-- | The path to the AMI's manifest file in Amazon S3. If you used an
--   Amazon EBS-backed AMI to launch the instance, the returned result is
--   unknown.
AMIManifestPath :: Metadata

-- | The AMI IDs of any instances that were rebundled to create this AMI.
--   This value will only exist if the AMI manifest file contained an
--   ancestor-amis key.
AncestorAMIIds :: Metadata

-- | See: <a>Mapping</a>
BlockDevice :: !Mapping -> Metadata

-- | The private hostname of the instance. In cases where multiple network
--   interfaces are present, this refers to the eth0 device (the device for
--   which the device number is 0).
Hostname :: Metadata

-- | See: <a>Info</a>
IAM :: !Info -> Metadata

-- | Notifies the instance that it should reboot in preparation for
--   bundling. Valid values: none | shutdown | bundle-pending.
InstanceAction :: Metadata

-- | The ID of this instance.
InstanceId :: Metadata

-- | The type of instance.
--   
--   See: <tt>InstanceType</tt>
InstanceType :: Metadata

-- | The ID of the kernel launched with this instance, if applicable.
KernelId :: Metadata

-- | The private DNS hostname of the instance. In cases where multiple
--   network interfaces are present, this refers to the eth0 device (the
--   device for which the device number is 0).
LocalHostname :: Metadata

-- | The private IP address of the instance. In cases where multiple
--   network interfaces are present, this refers to the eth0 device (the
--   device for which the device number is 0).
LocalIPV4 :: Metadata

-- | The instance's media access control (MAC) address. In cases where
--   multiple network interfaces are present, this refers to the eth0
--   device (the device for which the device number is 0).
MAC :: Metadata

-- | See: <a>Interface</a>
Network :: !Text -> !Interface -> Metadata

-- | The Availability Zone in which the instance launched.
AvailabilityZone :: Metadata

-- | Product codes associated with the instance, if any.
ProductCodes :: Metadata

-- | The instance's public DNS. If the instance is in a VPC, this category
--   is only returned if the enableDnsHostnames attribute is set to true.
--   For more information, see Using DNS with Your VPC.
PublicHostname :: Metadata

-- | The public IP address. If an Elastic IP address is associated with the
--   instance, the value returned is the Elastic IP address.
PublicIPV4 :: Metadata

-- | Public key. Only available if supplied at instance launch time.
OpenSSHKey :: Metadata

-- | The ID of the RAM disk specified at launch time, if applicable.
RAMDiskId :: Metadata

-- | ID of the reservation.
ReservationId :: Metadata

-- | The names of the security groups applied to the instance.
SecurityGroups :: Metadata
data Mapping

-- | The virtual device that contains the root/boot file system.
AMI :: Mapping

-- | The virtual devices associated with Amazon EBS volumes, if present.
--   This value is only available in metadata if it is present at launch
--   time. The N indicates the index of the Amazon EBS volume (such as ebs1
--   or ebs2).
EBS :: !Int -> Mapping

-- | The virtual devices associated with ephemeral devices, if present. The
--   N indicates the index of the ephemeral volume.
Ephemeral :: !Int -> Mapping

-- | The virtual devices or partitions associated with the root devices, or
--   partitions on the virtual device, where the root (/ or C:) file system
--   is associated with the given instance.
Root :: Mapping

-- | The virtual devices associated with swap. Not always present.
Swap :: Mapping
data Info

-- | Returns information about the last time the instance profile was
--   updated, including the instance's LastUpdated date,
--   InstanceProfileArn, and InstanceProfileId.
Info' :: Info

-- | Where role-name is the name of the IAM role associated with the
--   instance. Returns the temporary security credentials.
--   
--   See: <a>Auth</a> for JSON deserialisation.
SecurityCredentials :: Maybe Text -> Info
data Interface

-- | The device number associated with that interface. Each interface must
--   have a unique device number. The device number serves as a hint to
--   device naming in the instance; for example, device-number is 2 for the
--   eth2 device.
IDeviceNumber :: Interface

-- | The private IPv4 addresses that are associated with each public-ip
--   address and assigned to that interface.
IIPV4Associations :: !Text -> Interface

-- | The interface's local hostname.
ILocalHostname :: Interface

-- | The private IP addresses associated with the interface.
ILocalIPV4s :: Interface

-- | The instance's MAC address.
IMAC :: Interface

-- | The ID of the owner of the network interface. In multiple-interface
--   environments, an interface can be attached by a third party, such as
--   Elastic Load Balancing. Traffic on an interface is always billed to
--   the interface owner.
IOwnerId :: Interface

-- | The interface's public DNS. If the instance is in a VPC, this category
--   is only returned if the enableDnsHostnames attribute is set to true.
--   For more information, see Using DNS with Your VPC.
IPublicHostname :: Interface

-- | The Elastic IP addresses associated with the interface. There may be
--   multiple IP addresses on an instance.
IPublicIPV4s :: Interface

-- | Security groups to which the network interface belongs. Returned only
--   for instances launched into a VPC.
ISecurityGroups :: Interface

-- | IDs of the security groups to which the network interface belongs.
--   Returned only for instances launched into a VPC. For more information
--   on security groups in the EC2-VPC platform, see Security Groups for
--   Your VPC.
ISecurityGroupIds :: Interface

-- | The ID of the subnet in which the interface resides. Returned only for
--   instances launched into a VPC.
ISubnetId :: Interface

-- | The CIDR block of the subnet in which the interface resides. Returned
--   only for instances launched into a VPC.
ISubnetIPV4_CIDRBlock :: Interface

-- | The ID of the VPC in which the interface resides. Returned only for
--   instances launched into a VPC.
IVPCId :: Interface

-- | The CIDR block of the VPC in which the interface resides. Returned
--   only for instances launched into a VPC.
IVPCIPV4_CIDRBlock :: Interface

-- | Represents an instance's identity document.
--   
--   <i>Note:</i> Fields such as <a>_instanceType</a> are represented as
--   unparsed <a>Text</a> and will need to be manually parsed using
--   <a>fromText</a> when the relevant types from a library such as
--   <a>Network.AWS.EC2</a> are brought into scope.
data IdentityDocument
IdentityDocument :: Maybe [Text] -> Maybe [Text] -> Maybe Text -> Maybe Text -> Text -> !Region -> Text -> Text -> Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe ISO8601 -> IdentityDocument
[_devpayProductCodes] :: IdentityDocument -> Maybe [Text]
[_billingProducts] :: IdentityDocument -> Maybe [Text]
[_version] :: IdentityDocument -> Maybe Text
[_privateIp] :: IdentityDocument -> Maybe Text
[_availabilityZone] :: IdentityDocument -> Text
[_region] :: IdentityDocument -> !Region
[_instanceId] :: IdentityDocument -> Text
[_instanceType] :: IdentityDocument -> Text
[_accountId] :: IdentityDocument -> Text
[_imageId] :: IdentityDocument -> Maybe Text
[_kernelId] :: IdentityDocument -> Maybe Text
[_ramdiskId] :: IdentityDocument -> Maybe Text
[_architecture] :: IdentityDocument -> Maybe Text
[_pendingTime] :: IdentityDocument -> Maybe ISO8601
devpayProductCodes :: Lens' IdentityDocument (Maybe [Text])
billingProducts :: Lens' IdentityDocument (Maybe [Text])
version :: Lens' IdentityDocument (Maybe Text)
privateIp :: Lens' IdentityDocument (Maybe Text)
availabilityZone :: Lens' IdentityDocument Text
region :: Lens' IdentityDocument Region
instanceId :: Lens' IdentityDocument Text
instanceType :: Lens' IdentityDocument Text
accountId :: Lens' IdentityDocument Text
imageId :: Lens' IdentityDocument (Maybe Text)
kernelId :: Lens' IdentityDocument (Maybe Text)
ramdiskId :: Lens' IdentityDocument (Maybe Text)
architecture :: Lens' IdentityDocument (Maybe Text)
pendingTime :: Lens' IdentityDocument (Maybe UTCTime)
instance GHC.Show.Show Network.AWS.EC2.Metadata.IdentityDocument
instance GHC.Classes.Eq Network.AWS.EC2.Metadata.IdentityDocument
instance GHC.Show.Show Network.AWS.EC2.Metadata.Metadata
instance GHC.Classes.Ord Network.AWS.EC2.Metadata.Metadata
instance GHC.Classes.Eq Network.AWS.EC2.Metadata.Metadata
instance GHC.Show.Show Network.AWS.EC2.Metadata.Info
instance GHC.Classes.Ord Network.AWS.EC2.Metadata.Info
instance GHC.Classes.Eq Network.AWS.EC2.Metadata.Info
instance GHC.Show.Show Network.AWS.EC2.Metadata.Interface
instance GHC.Classes.Ord Network.AWS.EC2.Metadata.Interface
instance GHC.Classes.Eq Network.AWS.EC2.Metadata.Interface
instance GHC.Show.Show Network.AWS.EC2.Metadata.Mapping
instance GHC.Classes.Ord Network.AWS.EC2.Metadata.Mapping
instance GHC.Classes.Eq Network.AWS.EC2.Metadata.Mapping
instance GHC.Show.Show Network.AWS.EC2.Metadata.Dynamic
instance GHC.Classes.Ord Network.AWS.EC2.Metadata.Dynamic
instance GHC.Classes.Eq Network.AWS.EC2.Metadata.Dynamic
instance Data.Aeson.Types.FromJSON.FromJSON Network.AWS.EC2.Metadata.IdentityDocument
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.EC2.Metadata.IdentityDocument
instance Network.AWS.Data.Text.ToText Network.AWS.EC2.Metadata.Metadata
instance Network.AWS.Data.Text.ToText Network.AWS.EC2.Metadata.Info
instance Network.AWS.Data.Text.ToText Network.AWS.EC2.Metadata.Interface
instance Network.AWS.Data.Text.ToText Network.AWS.EC2.Metadata.Mapping
instance Network.AWS.Data.Text.ToText Network.AWS.EC2.Metadata.Dynamic


-- | Explicitly specify your Amazon AWS security credentials, or retrieve
--   them from the underlying OS.
--   
--   The format of environment variables and the credentials file follows
--   the official <a>AWS SDK guidelines</a>.
module Network.AWS.Auth

-- | Retrieve authentication information via the specified
--   <a>Credentials</a> mechanism.
--   
--   Throws <a>AuthError</a> when environment variables or IAM profiles
--   cannot be read, and credentials files are invalid or cannot be found.
getAuth :: (Applicative m, MonadIO m, MonadCatch m) => Manager -> Credentials -> m (Auth, Maybe Region)

-- | Determines how AuthN/AuthZ information is retrieved.
data Credentials

-- | Explicit access and secret keys. See <a>fromKeys</a>.
FromKeys :: AccessKey -> SecretKey -> Credentials

-- | Explicit access key, secret key and a session token. See
--   <a>fromSession</a>.
FromSession :: AccessKey -> SecretKey -> SessionToken -> Credentials

-- | Lookup specific environment variables for access key, secret key, an
--   optional session token, and an optional region, respectively.
FromEnv :: Text -> Text -> Maybe Text -> Maybe Text -> Credentials

-- | An IAM Profile name to lookup from the local EC2 instance-data.
--   Environment variables to lookup for the access key, secret key and
--   optional session token.
FromProfile :: Text -> Credentials

-- | A credentials profile name (the INI section) and the path to the AWS
--   <a>credentials</a> file.
FromFile :: Text -> FilePath -> Credentials

-- | Obtain credentials by attempting to contact the ECS container agent at
--   <a>http://169.254.170.2</a> using the path in
--   <a>envContainerCredentialsURI</a>. See <a>IAM Roles for Tasks</a> in
--   the AWS documentation for more information.
FromContainer :: Credentials

-- | Attempt credentials discovery via the following steps:
--   
--   <ul>
--   <li>Read the <a>envAccessKey</a>, <a>envSecretKey</a>, and
--   <a>envRegion</a> from the environment if they are set.</li>
--   <li>Read the credentials file if <a>credFile</a> exists.</li>
--   <li>Obtain credentials from the ECS container agent if
--   <a>envContainerCredentialsURI</a> is set.</li>
--   <li>Retrieve the first available IAM profile and read the
--   <a>Region</a> from the instance identity document, if running on
--   EC2.</li>
--   </ul>
--   
--   An attempt is made to resolve <a>http://instance-data</a> rather than
--   directly retrieving <a>http://169.254.169.254</a> for IAM profile
--   information. This assists in ensuring the DNS lookup terminates
--   promptly if not running on EC2.
Discover :: Credentials

-- | An authorisation environment containing AWS credentials, and
--   potentially a reference which can be refreshed out-of-band as
--   temporary credentials expire.
data Auth
Ref :: ThreadId -> IORef AuthEnv -> Auth
Auth :: AuthEnv -> Auth

-- | Default access key environment variable.
envAccessKey :: Text

-- | Default secret key environment variable.
envSecretKey :: Text

-- | Default session token environment variable.
envSessionToken :: Text

-- | Credentials INI file access key variable.
credAccessKey :: Text

-- | Credentials INI file secret key variable.
credSecretKey :: Text

-- | Credentials INI file session token variable.
credSessionToken :: Text

-- | Credentials INI default profile section variable.
credProfile :: Text

-- | Default path for the credentials file. This looks in in the
--   <tt>HOME</tt> directory as determined by the <a>directory</a> library.
--   
--   <ul>
--   <li>UNIX<i>OSX: @$HOME</i>.aws/credentials@</li>
--   <li>Windows: <tt>C:/Users//&lt;user&gt;.awscredentials</tt></li>
--   </ul>
--   
--   <i>Note:</i> This does not match the default AWS SDK location of
--   <tt>%USERPROFILE%.awscredentials</tt> on Windows. (Sorry.)
credFile :: (MonadCatch m, MonadIO m) => m FilePath

-- | Explicit access and secret keys.
fromKeys :: AccessKey -> SecretKey -> Auth

-- | Temporary credentials from a STS session consisting of the access key,
--   secret key, and session token.
--   
--   <i>See:</i> <a>fromTemporarySession</a>
fromSession :: AccessKey -> SecretKey -> SessionToken -> Auth

-- | Temporary credentials from a STS session consisting of the access key,
--   secret key, session token, and expiration time.
--   
--   <i>See:</i> <a>fromSession</a>
fromTemporarySession :: AccessKey -> SecretKey -> SessionToken -> UTCTime -> Auth

-- | Retrieve access key, secret key, and a session token from the default
--   environment variables.
--   
--   Throws <a>MissingEnvError</a> if either of the default environment
--   variables cannot be read, but not if the session token is absent.
--   
--   <i>See:</i> <a>envAccessKey</a>, <a>envSecretKey</a>,
--   <a>envSessionToken</a>
fromEnv :: (Applicative m, MonadIO m, MonadThrow m) => m (Auth, Maybe Region)

-- | Retrieve access key, secret key and a session token from specific
--   environment variables.
--   
--   Throws <a>MissingEnvError</a> if either of the specified key
--   environment variables cannot be read, but not if the session token is
--   absent.
fromEnvKeys :: (Applicative m, MonadIO m, MonadThrow m) => Text -> Text -> Maybe Text -> Maybe Text -> m (Auth, Maybe Region)

-- | Loads the default <tt>credentials</tt> INI file using the default
--   profile name.
--   
--   Throws <a>MissingFileError</a> if <a>credFile</a> is missing, or
--   <a>InvalidFileError</a> if an error occurs during parsing.
--   
--   <i>See:</i> <a>credProfile</a>, <a>credFile</a>, and <a>envProfile</a>
fromFile :: (Applicative m, MonadIO m, MonadCatch m) => m (Auth, Maybe Region)

-- | Retrieve the access, secret and session token from the specified
--   section (profile) in a valid INI <tt>credentials</tt> file.
--   
--   Throws <a>MissingFileError</a> if the specified file is missing, or
--   <a>InvalidFileError</a> if an error occurs during parsing.
fromFilePath :: (Applicative m, MonadIO m, MonadCatch m) => Text -> FilePath -> m (Auth, Maybe Region)

-- | Retrieve the default IAM Profile from the local EC2 instance-data.
--   
--   The default IAM profile is determined by Amazon as the first profile
--   found in the response from:
--   <tt><a>http://169.254.169.254/latest/meta-data/iam/security-credentials/</a></tt>
--   
--   Throws <a>RetrievalError</a> if the HTTP call fails, or
--   <a>InvalidIAMError</a> if the default IAM profile cannot be read.
fromProfile :: (MonadIO m, MonadCatch m) => Manager -> m (Auth, Maybe Region)

-- | Lookup a specific IAM Profile by name from the local EC2
--   instance-data.
--   
--   Additionally starts a refresh thread for the given authentication
--   environment.
--   
--   The resulting <a>IORef</a> wrapper + timer is designed so that
--   multiple concurrent accesses of <a>AuthEnv</a> from the <tt>AWS</tt>
--   environment are not required to calculate expiry and sequentially
--   queue to update it.
--   
--   The forked timer ensures a singular owner and pre-emptive refresh of
--   the temporary session credentials before expiration.
--   
--   A weak reference is used to ensure that the forked thread will
--   eventually terminate when <a>Auth</a> is no longer referenced.
--   
--   If no session token or expiration time is present the credentials will
--   be returned verbatim.
fromProfileName :: (MonadIO m, MonadCatch m) => Manager -> Text -> m (Auth, Maybe Region)

-- | Obtain credentials exposed to a task via the ECS container agent, as
--   described in the <a>IAM Roles for Tasks</a> section of the AWS ECS
--   documentation. The credentials are obtained by making a request to
--   <a>http://169.254.170.2</a> at the path contained by the
--   <a>envContainerCredentialsURI</a> environment variable.
--   
--   The ECS container agent provides an access key, secret key, session
--   token, and expiration time, but it does not include a region, so the
--   region will attempt to be determined from the <a>envRegion</a>
--   environment variable if it is set.
--   
--   Like <a>fromProfileName</a>, additionally starts a refresh thread that
--   will periodically fetch fresh credentials before the current ones
--   expire.
--   
--   Throws <a>MissingEnvError</a> if the <a>envContainerCredentialsURI</a>
--   environment variable is not set or <a>InvalidIAMError</a> if the
--   payload returned by the ECS container agent is not of the expected
--   format.
fromContainer :: (MonadIO m, MonadThrow m) => Manager -> m (Auth, Maybe Region)

-- | An access key ID.
--   
--   For example: <tt>AKIAIOSFODNN7EXAMPLE</tt>
--   
--   <i>See:</i> <a>Understanding and Getting Your Security
--   Credentials</a>.
newtype AccessKey
AccessKey :: ByteString -> AccessKey

-- | Secret access key credential.
--   
--   For example: <tt>wJalrXUtnFEMI<i>K7MDENG</i>bPxRfiCYEXAMPLEKE</tt>
--   
--   <i>See:</i> <a>Understanding and Getting Your Security
--   Credentials</a>.
newtype SecretKey
SecretKey :: ByteString -> SecretKey

-- | A session token used by STS to temporarily authorise access to an AWS
--   resource.
--   
--   <i>See:</i> <a>Temporary Security Credentials</a>.
newtype SessionToken
SessionToken :: ByteString -> SessionToken
class AsAuthError a

-- | A general authentication error.
_AuthError :: AsAuthError a => Prism' a AuthError

-- | An error occured while communicating over HTTP with the local metadata
--   endpoint.
_RetrievalError :: AsAuthError a => Prism' a HttpException

-- | The named environment variable was not found.
_MissingEnvError :: AsAuthError a => Prism' a Text

-- | An error occured parsing named environment variable's value.
_InvalidEnvError :: AsAuthError a => Prism' a Text

-- | The specified credentials file could not be found.
_MissingFileError :: AsAuthError a => Prism' a FilePath

-- | An error occured parsing the credentials file.
_InvalidFileError :: AsAuthError a => Prism' a Text

-- | The specified IAM profile could not be found or deserialised.
_InvalidIAMError :: AsAuthError a => Prism' a Text

-- | An error thrown when attempting to read AuthN/AuthZ information.
data AuthError
RetrievalError :: HttpException -> AuthError
MissingEnvError :: Text -> AuthError
InvalidEnvError :: Text -> AuthError
MissingFileError :: FilePath -> AuthError
InvalidFileError :: Text -> AuthError
InvalidIAMError :: Text -> AuthError
instance GHC.Show.Show Network.AWS.Auth.AuthError
instance GHC.Classes.Eq Network.AWS.Auth.Credentials
instance Network.AWS.Auth.AsAuthError GHC.Exception.Type.SomeException
instance Network.AWS.Auth.AsAuthError Network.AWS.Auth.AuthError
instance GHC.Exception.Type.Exception Network.AWS.Auth.AuthError
instance Network.AWS.Data.Log.ToLog Network.AWS.Auth.AuthError
instance Network.AWS.Data.Log.ToLog Network.AWS.Auth.Credentials
instance GHC.Show.Show Network.AWS.Auth.Credentials


-- | Environment and AWS specific configuration for the <a>AWS</a> and
--   <a>AWST</a> monads.
module Network.AWS.Env

-- | Creates a new environment with a new <a>Manager</a> without debug
--   logging and uses <a>getAuth</a> to expand/discover the supplied
--   <a>Credentials</a>. Lenses from <a>HasEnv</a> can be used to further
--   configure the resulting <a>Env</a>.
--   
--   <i>Since:</i> <tt>1.5.0</tt> - The region is now retrieved from the
--   <tt>AWS_REGION</tt> environment variable (identical to official SDKs),
--   or defaults to <tt>us-east-1</tt>. You can override the <a>Env</a>
--   region by using <a>envRegion</a>, or the current operation's region by
--   using <a>within</a>.
--   
--   <i>Since:</i> <tt>1.3.6</tt> - The default logic for retrying
--   <a>HttpException</a>s now uses <a>retryConnectionFailure</a> to retry
--   specific connection failure conditions up to 3 times. Previously only
--   service specific errors were automatically retried. This can be
--   reverted to the old behaviour by resetting the <a>Env</a> using
--   <a>envRetryCheck</a> lens to <tt>(\_ _ -&gt; False)</tt>.
--   
--   Throws <a>AuthError</a> when environment variables or IAM profiles
--   cannot be read.
--   
--   <i>See:</i> <a>newEnvWith</a>.
newEnv :: (Applicative m, MonadIO m, MonadCatch m) => Credentials -> m Env

-- | <i>See:</i> <a>newEnv</a>
--   
--   The <a>Maybe</a> <a>Bool</a> parameter is used by the EC2 instance
--   check. By passing a value of <a>Nothing</a>, the check will be
--   performed. <a>Just</a> <a>True</a> would cause the check to be skipped
--   and the host treated as an EC2 instance.
--   
--   Throws <a>AuthError</a> when environment variables or IAM profiles
--   cannot be read.
newEnvWith :: (Applicative m, MonadIO m, MonadCatch m) => Credentials -> Maybe Bool -> Manager -> m Env

-- | The environment containing the parameters required to make AWS
--   requests.
data Env
Env :: !Region -> !Logger -> !Int -> HttpException -> Bool -> !Dual (Endo Service) -> !Manager -> !IORef (Maybe Bool) -> !Auth -> Env
[_envRegion] :: Env -> !Region
[_envLogger] :: Env -> !Logger
[_envRetryCheck] :: Env -> !Int -> HttpException -> Bool
[_envOverride] :: Env -> !Dual (Endo Service)
[_envManager] :: Env -> !Manager
[_envEC2] :: Env -> !IORef (Maybe Bool)
[_envAuth] :: Env -> !Auth
class HasEnv a
environment :: HasEnv a => Lens' a Env

-- | The current region.
envRegion :: HasEnv a => Lens' a Region

-- | The function used to output log messages.
envLogger :: HasEnv a => Lens' a Logger

-- | The function used to determine if an <a>HttpException</a> should be
--   retried.
envRetryCheck :: HasEnv a => Lens' a (Int -> HttpException -> Bool)

-- | The currently applied overrides to all <a>Service</a> configuration.
envOverride :: HasEnv a => Lens' a (Dual (Endo Service))

-- | The <a>Manager</a> used to create and manage open HTTP connections.
envManager :: HasEnv a => Lens' a Manager

-- | The credentials used to sign requests for authentication with AWS.
envAuth :: HasEnv a => Lens' a Auth

-- | A memoised predicate for whether the underlying host is an EC2
--   instance.
envEC2 :: HasEnv a => Getter a (IORef (Maybe Bool))

-- | Provide a function which will be added to the existing stack of
--   overrides applied to all service configuration.
--   
--   To override a specific service, it's suggested you use either
--   <a>configure</a> or <a>reconfigure</a> with a modified version of the
--   default service, such as <tt>Network.AWS.DynamoDB.dynamoDB</tt>.
override :: HasEnv a => (Service -> Service) -> a -> a

-- | Configure a specific service. All requests belonging to the supplied
--   service will use this configuration instead of the default.
--   
--   It's suggested you use a modified version of the default service, such
--   as <tt>Network.AWS.DynamoDB.dynamoDB</tt>.
--   
--   <i>See:</i> <a>reconfigure</a>.
configure :: HasEnv a => Service -> a -> a

-- | Scope an action such that all requests belonging to the supplied
--   service will use this configuration instead of the default.
--   
--   It's suggested you use a modified version of the default service, such
--   as <tt>Network.AWS.DynamoDB.dynamoDB</tt>.
--   
--   <i>See:</i> <a>configure</a>.
reconfigure :: (MonadReader r m, HasEnv r) => Service -> m a -> m a

-- | Scope an action within the specific <a>Region</a>.
within :: (MonadReader r m, HasEnv r) => Region -> m a -> m a

-- | Scope an action such that any retry logic for the <a>Service</a> is
--   ignored and any requests will at most be sent once.
once :: (MonadReader r m, HasEnv r) => m a -> m a

-- | Scope an action such that any HTTP response will use this timeout
--   value.
--   
--   Default timeouts are chosen by considering:
--   
--   <ul>
--   <li>This <a>timeout</a>, if set.</li>
--   <li>The related <a>Service</a> timeout for the sent request if set.
--   (Usually 70s)</li>
--   <li>The <a>envManager</a> timeout if set.</li>
--   <li>The default <a>ClientRequest</a> timeout. (Approximately 30s)</li>
--   </ul>
timeout :: (MonadReader r m, HasEnv r) => Seconds -> m a -> m a

-- | Retry the subset of transport specific errors encompassing connection
--   failure up to the specific number of times.
retryConnectionFailure :: Int -> Int -> HttpException -> Bool
instance Network.AWS.Env.HasEnv Network.AWS.Env.Env
instance Network.AWS.Data.Log.ToLog Network.AWS.Env.Env


-- | This module contains functions for presigning requests using
--   <a>MonadIO</a> and not one of the AWS specific transformers.
--   
--   It is intended for use directly with <a>Network.AWS.Auth</a> when only
--   presigning and no other AWS actions are required.
module Network.AWS.Presign

-- | Presign an URL that is valid from the specified time until the number
--   of seconds expiry has elapsed.
--   
--   <i>See:</i> <a>presign</a>, <a>presignWith</a>
presignURL :: (MonadIO m, AWSRequest a) => Auth -> Region -> UTCTime -> Seconds -> a -> m ByteString

-- | Presign an HTTP request that is valid from the specified time until
--   the number of seconds expiry has elapsed.
--   
--   <i>See:</i> <a>presignWith</a>, <a>presignWithHeaders</a>
presign :: (MonadIO m, AWSRequest a) => Auth -> Region -> UTCTime -> Seconds -> a -> m ClientRequest

-- | A variant of <a>presign</a> that allows modifying the default
--   <a>Service</a> definition used to configure the request.
--   
--   <i>See:</i> <a>presignWithHeaders</a>
presignWith :: (MonadIO m, AWSRequest a) => (Service -> Service) -> Auth -> Region -> UTCTime -> Seconds -> a -> m ClientRequest

-- | Modification to the headers that is applied by default (in
--   <a>presignWith</a>); removes the <a>Expect</a> header which is added
--   to every <tt>PutObject</tt>.
defaultHeaders :: [Header] -> [Header]

-- | A variant of <a>presign</a> that allows modifying the default
--   <tt>Headers</tt> and the default <a>Service</a> definition used to
--   configure the request.
presignWithHeaders :: (MonadIO m, AWSRequest a) => ([Header] -> [Header]) -> (Service -> Service) -> Auth -> Region -> UTCTime -> Seconds -> a -> m ClientRequest


-- | The <a>AWST</a> transformer provides the environment required to
--   perform AWS operations. The transformer is intended to be used
--   directly or embedded as a layer within a transformer stack.
--   
--   <a>Network.AWS</a> contains an <a>IO</a> specialised version of
--   <a>AWST</a> with a typeclass to assist in automatically lifting
--   operations.
module Control.Monad.Trans.AWS
type AWST = AWST' Env
data AWST' r m a

-- | Run an <a>AWST</a> action with the specified environment.
runAWST :: HasEnv r => r -> AWST' r m a -> m a

-- | Unwrap a <a>ResourceT</a> transformer, and call all registered release
--   actions.
--   
--   Note that there is some reference counting involved due to
--   <a>resourceForkIO</a>. If multiple threads are sharing the same
--   collection of resources, only the last call to <tt>runResourceT</tt>
--   will deallocate the resources.
--   
--   <i>NOTE</i> Since version 1.2.0, this function will throw a
--   <a>ResourceCleanupException</a> if any of the cleanup functions throw
--   an exception.
runResourceT :: MonadUnliftIO m => ResourceT m a -> m a

-- | An alias for the constraints required to send requests, which
--   <a>AWST</a> implicitly fulfils.
type AWSConstraint r m = (MonadThrow m, MonadCatch m, MonadResource m, MonadReader r m, HasEnv r)

-- | Creates a new environment with a new <a>Manager</a> without debug
--   logging and uses <a>getAuth</a> to expand/discover the supplied
--   <a>Credentials</a>. Lenses from <a>HasEnv</a> can be used to further
--   configure the resulting <a>Env</a>.
--   
--   <i>Since:</i> <tt>1.5.0</tt> - The region is now retrieved from the
--   <tt>AWS_REGION</tt> environment variable (identical to official SDKs),
--   or defaults to <tt>us-east-1</tt>. You can override the <a>Env</a>
--   region by using <a>envRegion</a>, or the current operation's region by
--   using <a>within</a>.
--   
--   <i>Since:</i> <tt>1.3.6</tt> - The default logic for retrying
--   <a>HttpException</a>s now uses <a>retryConnectionFailure</a> to retry
--   specific connection failure conditions up to 3 times. Previously only
--   service specific errors were automatically retried. This can be
--   reverted to the old behaviour by resetting the <a>Env</a> using
--   <a>envRetryCheck</a> lens to <tt>(\_ _ -&gt; False)</tt>.
--   
--   Throws <a>AuthError</a> when environment variables or IAM profiles
--   cannot be read.
--   
--   <i>See:</i> <a>newEnvWith</a>.
newEnv :: (Applicative m, MonadIO m, MonadCatch m) => Credentials -> m Env

-- | The environment containing the parameters required to make AWS
--   requests.
data Env
class HasEnv a
environment :: HasEnv a => Lens' a Env

-- | The current region.
envRegion :: HasEnv a => Lens' a Region

-- | The function used to output log messages.
envLogger :: HasEnv a => Lens' a Logger

-- | The function used to determine if an <a>HttpException</a> should be
--   retried.
envRetryCheck :: HasEnv a => Lens' a (Int -> HttpException -> Bool)

-- | The currently applied overrides to all <a>Service</a> configuration.
envOverride :: HasEnv a => Lens' a (Dual (Endo Service))

-- | The <a>Manager</a> used to create and manage open HTTP connections.
envManager :: HasEnv a => Lens' a Manager

-- | The credentials used to sign requests for authentication with AWS.
envAuth :: HasEnv a => Lens' a Auth

-- | A memoised predicate for whether the underlying host is an EC2
--   instance.
envEC2 :: HasEnv a => Getter a (IORef (Maybe Bool))

-- | Determines how AuthN/AuthZ information is retrieved.
data Credentials

-- | Explicit access and secret keys. See <a>fromKeys</a>.
FromKeys :: AccessKey -> SecretKey -> Credentials

-- | Explicit access key, secret key and a session token. See
--   <a>fromSession</a>.
FromSession :: AccessKey -> SecretKey -> SessionToken -> Credentials

-- | Lookup specific environment variables for access key, secret key, an
--   optional session token, and an optional region, respectively.
FromEnv :: Text -> Text -> Maybe Text -> Maybe Text -> Credentials

-- | An IAM Profile name to lookup from the local EC2 instance-data.
--   Environment variables to lookup for the access key, secret key and
--   optional session token.
FromProfile :: Text -> Credentials

-- | A credentials profile name (the INI section) and the path to the AWS
--   <a>credentials</a> file.
FromFile :: Text -> FilePath -> Credentials

-- | Obtain credentials by attempting to contact the ECS container agent at
--   <a>http://169.254.170.2</a> using the path in
--   <a>envContainerCredentialsURI</a>. See <a>IAM Roles for Tasks</a> in
--   the AWS documentation for more information.
FromContainer :: Credentials

-- | Attempt credentials discovery via the following steps:
--   
--   <ul>
--   <li>Read the <a>envAccessKey</a>, <a>envSecretKey</a>, and
--   <a>envRegion</a> from the environment if they are set.</li>
--   <li>Read the credentials file if <a>credFile</a> exists.</li>
--   <li>Obtain credentials from the ECS container agent if
--   <a>envContainerCredentialsURI</a> is set.</li>
--   <li>Retrieve the first available IAM profile and read the
--   <a>Region</a> from the instance identity document, if running on
--   EC2.</li>
--   </ul>
--   
--   An attempt is made to resolve <a>http://instance-data</a> rather than
--   directly retrieving <a>http://169.254.169.254</a> for IAM profile
--   information. This assists in ensuring the DNS lookup terminates
--   promptly if not running on EC2.
Discover :: Credentials

-- | The available AWS regions.
data Region

-- | US East ('us-east-1').
NorthVirginia :: Region

-- | US East ('us-east-2').
Ohio :: Region

-- | US West ('us-west-1').
NorthCalifornia :: Region

-- | US West ('us-west-2').
Oregon :: Region

-- | Canada ('ca-central-1').
Montreal :: Region

-- | Asia Pacific ('ap-northeast-1').
Tokyo :: Region

-- | Asia Pacific ('ap-northeast-2').
Seoul :: Region

-- | Asia Pacific ('ap-south-1').
Mumbai :: Region

-- | Asia Pacific ('ap-southeast-1').
Singapore :: Region

-- | Asia Pacific ('ap-southeast-2').
Sydney :: Region

-- | South America ('sa-east-1').
SaoPaulo :: Region

-- | EU ('eu-west-1').
Ireland :: Region

-- | EU ('eu-west-2').
London :: Region

-- | EU ('eu-central-1').
Frankfurt :: Region

-- | US GovCloud ('us-gov-west-1').
GovCloud :: Region

-- | US GovCloud FIPS (S3 Only, 'fips-us-gov-west-1').
GovCloudFIPS :: Region

-- | China ('cn-north-1').
Beijing :: Region

-- | Send a request, returning the associated response if successful.
--   
--   Throws <a>LogLevel</a>.
send :: (AWSConstraint r m, AWSRequest a) => a -> m (Rs a)

-- | Repeatedly send a request, automatically setting markers and
--   paginating over multiple responses while available.
--   
--   Throws <a>LogLevel</a>.
paginate :: (AWSConstraint r m, AWSPager a) => a -> ConduitM () (Rs a) m ()

-- | Poll the API with the supplied request until a specific <a>Wait</a>
--   condition is fulfilled.
--   
--   Throws <a>LogLevel</a>.
await :: (AWSConstraint r m, AWSRequest a) => Wait a -> a -> m Accept

-- | Configure a specific service. All requests belonging to the supplied
--   service will use this configuration instead of the default.
--   
--   It's suggested you use a modified version of the default service, such
--   as <tt>Network.AWS.DynamoDB.dynamoDB</tt>.
--   
--   <i>See:</i> <a>reconfigure</a>.
configure :: HasEnv a => Service -> a -> a

-- | Provide a function which will be added to the existing stack of
--   overrides applied to all service configuration.
--   
--   To override a specific service, it's suggested you use either
--   <a>configure</a> or <a>reconfigure</a> with a modified version of the
--   default service, such as <tt>Network.AWS.DynamoDB.dynamoDB</tt>.
override :: HasEnv a => (Service -> Service) -> a -> a

-- | Scope an action such that all requests belonging to the supplied
--   service will use this configuration instead of the default.
--   
--   It's suggested you use a modified version of the default service, such
--   as <tt>Network.AWS.DynamoDB.dynamoDB</tt>.
--   
--   <i>See:</i> <a>configure</a>.
reconfigure :: (MonadReader r m, HasEnv r) => Service -> m a -> m a

-- | Scope an action within the specific <a>Region</a>.
within :: (MonadReader r m, HasEnv r) => Region -> m a -> m a

-- | Scope an action such that any retry logic for the <a>Service</a> is
--   ignored and any requests will at most be sent once.
once :: (MonadReader r m, HasEnv r) => m a -> m a

-- | Scope an action such that any HTTP response will use this timeout
--   value.
--   
--   Default timeouts are chosen by considering:
--   
--   <ul>
--   <li>This <a>timeout</a>, if set.</li>
--   <li>The related <a>Service</a> timeout for the sent request if set.
--   (Usually 70s)</li>
--   <li>The <a>envManager</a> timeout if set.</li>
--   <li>The default <a>ClientRequest</a> timeout. (Approximately 30s)</li>
--   </ul>
timeout :: (MonadReader r m, HasEnv r) => Seconds -> m a -> m a

-- | Anything that can be safely converted to a <a>HashedBody</a>.
class ToHashedBody a

-- | Convert a value to a hashed request body.
toHashed :: ToHashedBody a => a -> HashedBody

-- | Construct a <a>HashedBody</a> from a <a>FilePath</a>, calculating the
--   <a>SHA256</a> hash and file size.
--   
--   <i>Note:</i> While this function will perform in constant space, it
--   will enumerate the entirety of the file contents _twice_. Firstly to
--   calculate the SHA256 and lastly to stream the contents to the socket
--   during sending.
--   
--   <i>See:</i> <a>ToHashedBody</a>.
hashedFile :: MonadIO m => FilePath -> m HashedBody

-- | Construct a <a>HashedBody</a> from a <a>Source</a>, manually
--   specifying the <a>SHA256</a> hash and file size. It's left up to the
--   caller to calculate these correctly, otherwise AWS will return signing
--   errors.
--   
--   <i>See:</i> <a>ToHashedBody</a>.
hashedBody :: Digest SHA256 -> Integer -> ConduitM () ByteString (ResourceT IO) () -> HashedBody

-- | Anything that can be converted to a streaming request <tt>Body</tt>.
class ToBody a

-- | Convert a value to a request body.
toBody :: ToBody a => a -> RqBody

-- | Specifies the transmitted size of the 'Transfer-Encoding' chunks.
--   
--   <i>See:</i> <tt>defaultChunk</tt>.
newtype ChunkSize
ChunkSize :: Int -> ChunkSize

-- | The default chunk size of 128 KB. The minimum chunk size accepted by
--   AWS is 8 KB, unless the entirety of the request is below this
--   threshold.
--   
--   A chunk size of 64 KB or higher is recommended for performance
--   reasons.
defaultChunkSize :: ChunkSize

-- | Construct a <a>ChunkedBody</a> from a <a>FilePath</a>, where the
--   contents will be read and signed incrementally in chunks if the target
--   service supports it.
--   
--   Will intelligently revert to <a>HashedBody</a> if the file is smaller
--   than the specified <a>ChunkSize</a>.
--   
--   <i>See:</i> <a>ToBody</a>.
chunkedFile :: MonadIO m => ChunkSize -> FilePath -> m RqBody

-- | Unsafely construct a <a>ChunkedBody</a>.
--   
--   This function is marked unsafe because it does nothing to enforce the
--   chunk size. Typically for conduit <a>IO</a> functions, it's whatever
--   ByteString's <tt>defaultBufferSize</tt> is, around 32 KB. If the chunk
--   size is less than 8 KB, the request will error. 64 KB or higher chunk
--   size is recommended for performance reasons.
--   
--   Note that it will always create a chunked body even if the request is
--   too small.
--   
--   <i>See:</i> <a>ToBody</a>.
unsafeChunkedBody :: ChunkSize -> Integer -> ConduitM () ByteString (ResourceT IO) () -> RqBody

-- | Connect a <a>Sink</a> to a response stream.
sinkBody :: MonadIO m => RsBody -> ConduitM ByteString Void (ResourceT IO) a -> m a

-- | Convenience function for obtaining the size of a file.
getFileSize :: MonadIO m => FilePath -> m Integer

-- | Incrementally calculate a <a>MD5</a> <a>Digest</a>.
sinkMD5 :: Monad m => ConduitM ByteString o m (Digest MD5)

-- | Incrementally calculate a <a>SHA256</a> <a>Digest</a>.
sinkSHA256 :: Monad m => ConduitM ByteString o m (Digest SHA256)

-- | Presign an URL that is valid from the specified time until the number
--   of seconds expiry has elapsed.
presignURL :: (MonadIO m, MonadReader r m, HasEnv r, AWSRequest a) => UTCTime -> Seconds -> a -> m ByteString

-- | Presign an HTTP request that is valid from the specified time until
--   the number of seconds expiry has elapsed.
presign :: (MonadIO m, MonadReader r m, HasEnv r, AWSRequest a) => UTCTime -> Seconds -> a -> m ClientRequest

-- | Test whether the underlying host is running on EC2. This is memoised
--   and any external check occurs for the first invocation only.
isEC2 :: (MonadIO m, MonadReader r m, HasEnv r) => m Bool

-- | Retrieve the specified <tt>Dynamic</tt> data.
--   
--   Throws <a>HttpException</a>.
dynamic :: (MonadIO m, MonadThrow m, MonadReader r m, HasEnv r) => Dynamic -> m ByteString

-- | Retrieve the specified <tt>Metadata</tt>.
--   
--   Throws <a>HttpException</a>.
metadata :: (MonadIO m, MonadThrow m, MonadReader r m, HasEnv r) => Metadata -> m ByteString

-- | Retrieve the user data. Returns <a>Nothing</a> if no user data is
--   assigned to the instance.
--   
--   Throws <a>HttpException</a>.
userdata :: (MonadIO m, MonadCatch m, MonadReader r m, HasEnv r) => m (Maybe ByteString)
data Dynamic

-- | Value showing whether the customer has enabled detailed one-minute
--   monitoring in CloudWatch.
--   
--   Valid values: enabled | disabled.
FWS :: Dynamic

-- | JSON containing instance attributes, such as instance-id, private IP
--   address, etc. <i>See:</i> <a>identity</a>, <tt>InstanceDocument</tt>.
Document :: Dynamic

-- | Used to verify the document's authenticity and content against the
--   signature.
PKCS7 :: Dynamic
Signature :: Dynamic
data Metadata

-- | The AMI ID used to launch the instance.
AMIId :: Metadata

-- | If you started more than one instance at the same time, this value
--   indicates the order in which the instance was launched. The value of
--   the first instance launched is 0.
AMILaunchIndex :: Metadata

-- | The path to the AMI's manifest file in Amazon S3. If you used an
--   Amazon EBS-backed AMI to launch the instance, the returned result is
--   unknown.
AMIManifestPath :: Metadata

-- | The AMI IDs of any instances that were rebundled to create this AMI.
--   This value will only exist if the AMI manifest file contained an
--   ancestor-amis key.
AncestorAMIIds :: Metadata

-- | See: <a>Mapping</a>
BlockDevice :: !Mapping -> Metadata

-- | The private hostname of the instance. In cases where multiple network
--   interfaces are present, this refers to the eth0 device (the device for
--   which the device number is 0).
Hostname :: Metadata

-- | See: <a>Info</a>
IAM :: !Info -> Metadata

-- | Notifies the instance that it should reboot in preparation for
--   bundling. Valid values: none | shutdown | bundle-pending.
InstanceAction :: Metadata

-- | The ID of this instance.
InstanceId :: Metadata

-- | The type of instance.
--   
--   See: <tt>InstanceType</tt>
InstanceType :: Metadata

-- | The ID of the kernel launched with this instance, if applicable.
KernelId :: Metadata

-- | The private DNS hostname of the instance. In cases where multiple
--   network interfaces are present, this refers to the eth0 device (the
--   device for which the device number is 0).
LocalHostname :: Metadata

-- | The private IP address of the instance. In cases where multiple
--   network interfaces are present, this refers to the eth0 device (the
--   device for which the device number is 0).
LocalIPV4 :: Metadata

-- | The instance's media access control (MAC) address. In cases where
--   multiple network interfaces are present, this refers to the eth0
--   device (the device for which the device number is 0).
MAC :: Metadata

-- | See: <a>Interface</a>
Network :: !Text -> !Interface -> Metadata

-- | The Availability Zone in which the instance launched.
AvailabilityZone :: Metadata

-- | Product codes associated with the instance, if any.
ProductCodes :: Metadata

-- | The instance's public DNS. If the instance is in a VPC, this category
--   is only returned if the enableDnsHostnames attribute is set to true.
--   For more information, see Using DNS with Your VPC.
PublicHostname :: Metadata

-- | The public IP address. If an Elastic IP address is associated with the
--   instance, the value returned is the Elastic IP address.
PublicIPV4 :: Metadata

-- | Public key. Only available if supplied at instance launch time.
OpenSSHKey :: Metadata

-- | The ID of the RAM disk specified at launch time, if applicable.
RAMDiskId :: Metadata

-- | ID of the reservation.
ReservationId :: Metadata

-- | The names of the security groups applied to the instance.
SecurityGroups :: Metadata
class AsError a

-- | A general Amazonka error.
_Error :: AsError a => Prism' a Error

-- | An error occured while communicating over HTTP with a remote service.
_TransportError :: AsError a => Prism' a HttpException

-- | A serialisation error occured when attempting to deserialise a
--   response.
_SerializeError :: AsError a => Prism' a SerializeError

-- | A service specific error returned by the remote service.
_ServiceError :: AsError a => Prism' a ServiceError
class AsAuthError a

-- | A general authentication error.
_AuthError :: AsAuthError a => Prism' a AuthError

-- | An error occured while communicating over HTTP with the local metadata
--   endpoint.
_RetrievalError :: AsAuthError a => Prism' a HttpException

-- | The named environment variable was not found.
_MissingEnvError :: AsAuthError a => Prism' a Text

-- | An error occured parsing named environment variable's value.
_InvalidEnvError :: AsAuthError a => Prism' a Text

-- | The specified credentials file could not be found.
_MissingFileError :: AsAuthError a => Prism' a FilePath

-- | An error occured parsing the credentials file.
_InvalidFileError :: AsAuthError a => Prism' a Text

-- | The specified IAM profile could not be found or deserialised.
_InvalidIAMError :: AsAuthError a => Prism' a Text

-- | A variant of <a>try</a> that takes a <a>ReifiedPrism</a> (or any
--   <a>ReifiedFold</a>) to select which exceptions are caught (c.f.
--   <a>tryJust</a>, <a>catchJust</a>). If the <a>Exception</a> does not
--   match the predicate, it is re-thrown.
--   
--   <pre>
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>Prism'</a>     <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>Lens'</a>      <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>Traversal'</a> <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>Iso'</a>       <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>ReifiedGetter</a>     <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>ReifiedFold</a>       <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   </pre>
trying :: MonadCatch m => Getting (First a) SomeException a -> m r -> m (Either a r)

-- | Catch exceptions that match a given <a>ReifiedPrism</a> (or any
--   <a>ReifiedFold</a>, really).
--   
--   <pre>
--   &gt;&gt;&gt; catching _AssertionFailed (assert False (return "uncaught")) $ \ _ -&gt; return "caught"
--   "caught"
--   </pre>
--   
--   <pre>
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>Prism'</a> <a>SomeException</a> a     -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>Lens'</a> <a>SomeException</a> a      -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>Traversal'</a> <a>SomeException</a> a -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>Iso'</a> <a>SomeException</a> a       -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>ReifiedGetter</a> <a>SomeException</a> a     -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>ReifiedFold</a> <a>SomeException</a> a       -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   </pre>
catching :: MonadCatch m => Getting (First a) SomeException a -> m r -> (a -> m r) -> m r

-- | Provides a generalised prism for catching a specific service error
--   identified by the opaque service abbreviation and error code.
--   
--   This can be used if the generated error prisms provided by
--   <tt>Network.AWS.<a>ServiceName</a>.Types</tt> do not cover all the
--   thrown error codes. For example to define a new error prism:
--   
--   <pre>
--   {-# LANGUAGE OverloadedStrings #-}
--   
--   import Network.AWS.S3 (ServiceError, s3)
--   
--   _NoSuchBucketPolicy :: AsError a =&gt; Getting (First ServiceError) a ServiceError
--   _NoSuchBucketPolicy = _MatchServiceError s3 "NoSuchBucketPolicy"
--   </pre>
--   
--   With example usage being:
--   
--   <pre>
--   &gt;&gt;&gt; import Control.Exception.Lens (trying)
--   
--   &gt;&gt;&gt; :t trying _NoSuchBucketPolicy
--   MonadCatch m =&gt; m a -&gt; m (Either ServiceError a)
--   </pre>
_MatchServiceError :: AsError a => Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
hasService :: (Applicative f, Choice p) => Service -> Optic' p f ServiceError ServiceError
hasStatus :: (Applicative f, Choice p) => Int -> Optic' p f ServiceError ServiceError
hasCode :: (Applicative f, Choice p) => ErrorCode -> Optic' p f ServiceError ServiceError

-- | A function threaded through various request and serialisation routines
--   to log informational and debug messages.
type Logger = LogLevel -> Builder -> IO ()
data LogLevel

-- | Info messages supplied by the user - this level is not emitted by the
--   library.
Info :: LogLevel

-- | Error messages only.
Error :: LogLevel

-- | Useful debug information + info + error levels.
Debug :: LogLevel

-- | Includes potentially sensitive signing metadata, and non-streaming
--   response bodies.
Trace :: LogLevel

-- | This is a primitive logger which can be used to log builds to a
--   <a>Handle</a>.
--   
--   <i>Note:</i> A more sophisticated logging library such as
--   <a>tinylog</a> or <a>fast-logger</a> should be used in production
--   code.
newLogger :: MonadIO m => LogLevel -> Handle -> m Logger
data Endpoint

-- | A convenience function for overriding the <a>Service</a>
--   <a>Endpoint</a>.
--   
--   <i>See:</i> <a>serviceEndpoint</a>.
setEndpoint :: Bool -> ByteString -> Int -> Service -> Service

-- | Invalid Iso, should be a Prism but exists for ease of composition with
--   the current 'Lens . Iso' chaining to hide internal types from the
--   user.
_Default :: Monoid a => Iso' (Maybe a) a
_Coerce :: (Coercible a b, Coercible b a) => Iso' a b
microseconds :: Seconds -> Int
seconds :: Seconds -> Int
withAuth :: MonadIO m => Auth -> (AuthEnv -> m a) -> m a

-- | The date on which the current credentials expire.
expiration :: Lens' AuthEnv (Maybe UTCTime)

-- | The token that users must pass to the service API to use the temporary
--   credentials.
sessionToken :: Lens' AuthEnv (Maybe SessionToken)

-- | The secret access key that can be used to sign requests.
secretAccessKey :: Lens' AuthEnv SecretKey

-- | The access key ID that identifies the temporary security credentials.
accessKeyId :: Lens' AuthEnv AccessKey
rqPresign :: () => Seconds -> Algorithm a
rqSign :: () => Algorithm a
rqQuery :: () => Lens' (Request a) QueryString
rqPath :: () => Lens' (Request a) RawPath
rqMethod :: () => Lens' (Request a) StdMethod
rqHeaders :: () => Lens' (Request a) [Header]
rqBody :: () => Lens' (Request a) RqBody
rqService :: () => Lens' (Request a) Service

-- | Construct a <a>ClientRequest</a> using common parameters such as TLS
--   and prevent throwing errors when receiving erroneous status codes in
--   respones.
clientRequest :: Endpoint -> Maybe Seconds -> ClientRequest
serviceRetry :: Lens' Service Retry
serviceCheck :: Lens' Service (Status -> Bool)
serviceTimeout :: Lens' Service (Maybe Seconds)
serviceEndpoint :: Setter' Service Endpoint
serviceSigner :: Lens' Service Signer
retryCheck :: Lens' Retry (ServiceError -> Maybe Text)
retryAttempts :: Lens' Retry Int
exponentGrowth :: Lens' Retry Int
exponentBase :: Lens' Retry Double
endpointScope :: Lens' Endpoint ByteString
endpointPort :: Lens' Endpoint Int
endpointSecure :: Lens' Endpoint Bool
endpointHost :: Lens' Endpoint ByteString
serviceRequestId :: Lens' ServiceError (Maybe RequestId)
serviceMessage :: Lens' ServiceError (Maybe ErrorMessage)
serviceCode :: Lens' ServiceError ErrorCode
serviceHeaders :: Lens' ServiceError [Header]
serviceStatus :: Lens' ServiceError Status
serviceAbbrev :: Lens' ServiceError Abbrev
serializeMessage :: Lens' SerializeError String
serializeStatus :: Lens' SerializeError Status
serializeAbbrev :: Lens' SerializeError Abbrev

-- | Construct an <a>ErrorCode</a>.
errorCode :: Text -> ErrorCode

-- | A convenience alias to avoid type ambiguity.
type ClientRequest = Request

-- | A convenience alias encapsulating the common <a>Response</a>.
type ClientResponse = Response ResponseBody

-- | A convenience alias encapsulating the common <a>Response</a> body.
type ResponseBody = ConduitM () ByteString ResourceT IO ()

-- | Abbreviated service name.
data Abbrev
newtype ErrorCode
ErrorCode :: Text -> ErrorCode
newtype ErrorMessage
ErrorMessage :: Text -> ErrorMessage
newtype RequestId
RequestId :: Text -> RequestId

-- | An error type representing errors that can be attributed to this
--   library.
data Error
TransportError :: HttpException -> Error
SerializeError :: SerializeError -> Error
ServiceError :: ServiceError -> Error
data SerializeError
SerializeError' :: !Abbrev -> !Status -> Maybe LazyByteString -> String -> SerializeError
[_serializeAbbrev] :: SerializeError -> !Abbrev
[_serializeStatus] :: SerializeError -> !Status

-- | The response body, if the response was not streaming.
[_serializeBody] :: SerializeError -> Maybe LazyByteString
[_serializeMessage] :: SerializeError -> String
data ServiceError
ServiceError' :: !Abbrev -> !Status -> [Header] -> !ErrorCode -> Maybe ErrorMessage -> Maybe RequestId -> ServiceError
[_serviceAbbrev] :: ServiceError -> !Abbrev
[_serviceStatus] :: ServiceError -> !Status
[_serviceHeaders] :: ServiceError -> [Header]
[_serviceCode] :: ServiceError -> !ErrorCode
[_serviceMessage] :: ServiceError -> Maybe ErrorMessage
[_serviceRequestId] :: ServiceError -> Maybe RequestId
class AsError a

-- | A general Amazonka error.
_Error :: AsError a => Prism' a Error

-- | An error occured while communicating over HTTP with a remote service.
_TransportError :: AsError a => Prism' a HttpException

-- | A serialisation error occured when attempting to deserialise a
--   response.
_SerializeError :: AsError a => Prism' a SerializeError

-- | A service specific error returned by the remote service.
_ServiceError :: AsError a => Prism' a ServiceError
data Endpoint
Endpoint :: ByteString -> !Bool -> !Int -> ByteString -> Endpoint
[_endpointHost] :: Endpoint -> ByteString
[_endpointSecure] :: Endpoint -> !Bool
[_endpointPort] :: Endpoint -> !Int
[_endpointScope] :: Endpoint -> ByteString

-- | A function threaded through various request and serialisation routines
--   to log informational and debug messages.
type Logger = LogLevel -> Builder -> IO ()

-- | Constants and predicates used to create a <tt>RetryPolicy</tt>.
data Retry
Exponential :: !Double -> !Int -> !Int -> (ServiceError -> Maybe Text) -> Retry
[_retryBase] :: Retry -> !Double
[_retryGrowth] :: Retry -> !Int
[_retryAttempts] :: Retry -> !Int

-- | Returns a descriptive name for logging if the request should be
--   retried.
[_retryCheck] :: Retry -> ServiceError -> Maybe Text

-- | Signing algorithm specific metadata.
data Meta
[Meta] :: forall a. ToLog a => a -> Meta

-- | A signed <a>ClientRequest</a> and associated metadata specific to the
--   signing algorithm, tagged with the initial request type to be able to
--   obtain the associated response, 'Rs a'.
data Signed a
Signed :: !Meta -> !ClientRequest -> Signed a
[sgMeta] :: Signed a -> !Meta
[sgRequest] :: Signed a -> !ClientRequest
type Algorithm a = Request a -> AuthEnv -> Region -> UTCTime -> Signed a
data Signer
Signer :: (forall a. () => Algorithm a) -> (forall a. () => Seconds -> Algorithm a) -> Signer
[sgSign] :: Signer -> forall a. () => Algorithm a
[sgPresign] :: Signer -> forall a. () => Seconds -> Algorithm a

-- | Attributes and functions specific to an AWS service.
data Service
Service :: !Abbrev -> !Signer -> !ByteString -> !ByteString -> !Region -> Endpoint -> !Maybe Seconds -> !Status -> Bool -> !Status -> [Header] -> LazyByteString -> Error -> !Retry -> Service
[_svcAbbrev] :: Service -> !Abbrev
[_svcSigner] :: Service -> !Signer
[_svcPrefix] :: Service -> !ByteString
[_svcVersion] :: Service -> !ByteString
[_svcEndpoint] :: Service -> !Region -> Endpoint
[_svcTimeout] :: Service -> !Maybe Seconds
[_svcCheck] :: Service -> !Status -> Bool
[_svcError] :: Service -> !Status -> [Header] -> LazyByteString -> Error
[_svcRetry] :: Service -> !Retry

-- | An unsigned request.
data Request a
Request :: !Service -> !StdMethod -> !RawPath -> !QueryString -> ![Header] -> !RqBody -> Request a
[_rqService] :: Request a -> !Service
[_rqMethod] :: Request a -> !StdMethod
[_rqPath] :: Request a -> !RawPath
[_rqQuery] :: Request a -> !QueryString
[_rqHeaders] :: Request a -> ![Header]
[_rqBody] :: Request a -> !RqBody
type Response a = (Status, Rs a)

-- | Specify how a request can be de/serialised.
class AWSRequest a where {
    
    -- | The successful, expected response associated with a request.
    type family Rs a :: Type;
}
request :: AWSRequest a => a -> Request a
response :: (AWSRequest a, MonadResource m, MonadThrow m) => Logger -> Service -> Proxy a -> ClientResponse -> m (Response a)

-- | An access key ID.
--   
--   For example: <tt>AKIAIOSFODNN7EXAMPLE</tt>
--   
--   <i>See:</i> <a>Understanding and Getting Your Security
--   Credentials</a>.
newtype AccessKey
AccessKey :: ByteString -> AccessKey

-- | Secret access key credential.
--   
--   For example: <tt>wJalrXUtnFEMI<i>K7MDENG</i>bPxRfiCYEXAMPLEKE</tt>
--   
--   <i>See:</i> <a>Understanding and Getting Your Security
--   Credentials</a>.
newtype SecretKey
SecretKey :: ByteString -> SecretKey

-- | A session token used by STS to temporarily authorise access to an AWS
--   resource.
--   
--   <i>See:</i> <a>Temporary Security Credentials</a>.
newtype SessionToken
SessionToken :: ByteString -> SessionToken

-- | The AuthN/AuthZ credential environment.
data AuthEnv
AuthEnv :: !AccessKey -> !Sensitive SecretKey -> Maybe (Sensitive SessionToken) -> Maybe ISO8601 -> AuthEnv
[_authAccess] :: AuthEnv -> !AccessKey
[_authSecret] :: AuthEnv -> !Sensitive SecretKey
[_authToken] :: AuthEnv -> Maybe (Sensitive SessionToken)
[_authExpiry] :: AuthEnv -> Maybe ISO8601

-- | An authorisation environment containing AWS credentials, and
--   potentially a reference which can be refreshed out-of-band as
--   temporary credentials expire.
data Auth
Ref :: ThreadId -> IORef AuthEnv -> Auth
Auth :: AuthEnv -> Auth

-- | The available AWS regions.
data Region

-- | US East ('us-east-1').
NorthVirginia :: Region

-- | US East ('us-east-2').
Ohio :: Region

-- | US West ('us-west-1').
NorthCalifornia :: Region

-- | US West ('us-west-2').
Oregon :: Region

-- | Canada ('ca-central-1').
Montreal :: Region

-- | Asia Pacific ('ap-northeast-1').
Tokyo :: Region

-- | Asia Pacific ('ap-northeast-2').
Seoul :: Region

-- | Asia Pacific ('ap-south-1').
Mumbai :: Region

-- | Asia Pacific ('ap-southeast-1').
Singapore :: Region

-- | Asia Pacific ('ap-southeast-2').
Sydney :: Region

-- | South America ('sa-east-1').
SaoPaulo :: Region

-- | EU ('eu-west-1').
Ireland :: Region

-- | EU ('eu-west-2').
London :: Region

-- | EU ('eu-central-1').
Frankfurt :: Region

-- | US GovCloud ('us-gov-west-1').
GovCloud :: Region

-- | US GovCloud FIPS (S3 Only, 'fips-us-gov-west-1').
GovCloudFIPS :: Region

-- | China ('cn-north-1').
Beijing :: Region

-- | An integral value representing seconds.
newtype Seconds
Seconds :: Int -> Seconds

-- | An exception which may be generated by this library
data HttpException
data Accept

-- | Timing and acceptance criteria to check fulfillment of a remote
--   operation.
data Wait a

-- | Specify how an <a>AWSRequest</a> and it's associated <a>Rs</a>
--   response can generate a subsequent request, if available.
class AWSRequest a => AWSPager a
page :: AWSPager a => a -> Rs a -> Maybe a

-- | Invariant: only services that support _both_ standard and chunked
--   signing expose <a>RqBody</a> as a parameter.
data RqBody

-- | An opaque request body containing a <a>SHA256</a> hash.
data HashedBody

-- | An opaque request body which will be transmitted via
--   <tt>Transfer-Encoding: chunked</tt>.
--   
--   <i>Invariant:</i> Only services that support chunked encoding can
--   accept a <a>ChunkedBody</a>. (Currently S3.) This is enforced by the
--   type signatures emitted by the generator.
data ChunkedBody

-- | A streaming, exception safe response body.
data RsBody
instance Control.Monad.Trans.Class.MonadTrans (Control.Monad.Trans.AWS.AWST' r)
instance Data.Conduit.Lazy.MonadActive m => Data.Conduit.Lazy.MonadActive (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.IO.Class.MonadIO m => Control.Monad.IO.Class.MonadIO (Control.Monad.Trans.AWS.AWST' r m)
instance GHC.Base.MonadPlus m => GHC.Base.MonadPlus (Control.Monad.Trans.AWS.AWST' r m)
instance GHC.Base.Monad m => GHC.Base.Monad (Control.Monad.Trans.AWS.AWST' r m)
instance GHC.Base.Alternative m => GHC.Base.Alternative (Control.Monad.Trans.AWS.AWST' r m)
instance GHC.Base.Applicative m => GHC.Base.Applicative (Control.Monad.Trans.AWS.AWST' r m)
instance GHC.Base.Functor m => GHC.Base.Functor (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.Catch.MonadThrow m => Control.Monad.Catch.MonadThrow (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.Catch.MonadCatch m => Control.Monad.Catch.MonadCatch (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.Catch.MonadMask m => Control.Monad.Catch.MonadMask (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.Base.MonadBase b m => Control.Monad.Base.MonadBase b (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.Trans.Control.MonadTransControl (Control.Monad.Trans.AWS.AWST' r)
instance Control.Monad.Trans.Control.MonadBaseControl b m => Control.Monad.Trans.Control.MonadBaseControl b (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.IO.Unlift.MonadUnliftIO m => Control.Monad.IO.Unlift.MonadUnliftIO (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.Trans.Resource.Internal.MonadResource m => Control.Monad.Trans.Resource.Internal.MonadResource (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.Error.Class.MonadError e m => Control.Monad.Error.Class.MonadError e (Control.Monad.Trans.AWS.AWST' r m)
instance GHC.Base.Monad m => Control.Monad.Reader.Class.MonadReader r (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.Writer.Class.MonadWriter w m => Control.Monad.Writer.Class.MonadWriter w (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.State.Class.MonadState s m => Control.Monad.State.Class.MonadState s (Control.Monad.Trans.AWS.AWST' r m)
instance Control.Monad.Morph.MFunctor (Control.Monad.Trans.AWS.AWST' r)


-- | This module provides a simple <a>AWS</a> monad and a set of operations
--   which can be performed against remote Amazon Web Services APIs, for
--   use with the types supplied by the various <tt>amazonka-*</tt>
--   libraries.
--   
--   A <a>MonadAWS</a> typeclass is used as a function constraint to
--   provide automatic lifting of functions when embedding <a>AWS</a> as a
--   layer inside your own application stack.
--   
--   <a>Control.Monad.Trans.AWS</a> contains the underlying <a>AWST</a>
--   transformer.
module Network.AWS

-- | A specialisation of the <a>AWST</a> transformer.
type AWS = AWST (ResourceT IO)

-- | Monads in which <a>AWS</a> actions may be embedded.
class (Functor m, Applicative m, Monad m, MonadIO m, MonadCatch m) => MonadAWS m

-- | Lift a computation to the <a>AWS</a> monad.
liftAWS :: MonadAWS m => AWS a -> m a

-- | Run the <a>AWS</a> monad. Any outstanding HTTP responses'
--   <tt>ResumableSource</tt> will be closed when the <a>ResourceT</a>
--   computation is unwrapped with <a>runResourceT</a>.
--   
--   Throws <a>LogLevel</a>, which will include <tt>HTTPExceptions</tt>,
--   serialisation errors, or any particular errors returned by the
--   respective AWS service.
--   
--   <i>See:</i> <a>runAWST</a>, <a>runResourceT</a>.
runAWS :: (MonadResource m, HasEnv r) => r -> AWS a -> m a

-- | Unwrap a <a>ResourceT</a> transformer, and call all registered release
--   actions.
--   
--   Note that there is some reference counting involved due to
--   <a>resourceForkIO</a>. If multiple threads are sharing the same
--   collection of resources, only the last call to <tt>runResourceT</tt>
--   will deallocate the resources.
--   
--   <i>NOTE</i> Since version 1.2.0, this function will throw a
--   <a>ResourceCleanupException</a> if any of the cleanup functions throw
--   an exception.
runResourceT :: MonadUnliftIO m => ResourceT m a -> m a

-- | Creates a new environment with a new <a>Manager</a> without debug
--   logging and uses <a>getAuth</a> to expand/discover the supplied
--   <a>Credentials</a>. Lenses from <a>HasEnv</a> can be used to further
--   configure the resulting <a>Env</a>.
--   
--   <i>Since:</i> <tt>1.5.0</tt> - The region is now retrieved from the
--   <tt>AWS_REGION</tt> environment variable (identical to official SDKs),
--   or defaults to <tt>us-east-1</tt>. You can override the <a>Env</a>
--   region by using <a>envRegion</a>, or the current operation's region by
--   using <a>within</a>.
--   
--   <i>Since:</i> <tt>1.3.6</tt> - The default logic for retrying
--   <a>HttpException</a>s now uses <a>retryConnectionFailure</a> to retry
--   specific connection failure conditions up to 3 times. Previously only
--   service specific errors were automatically retried. This can be
--   reverted to the old behaviour by resetting the <a>Env</a> using
--   <a>envRetryCheck</a> lens to <tt>(\_ _ -&gt; False)</tt>.
--   
--   Throws <a>AuthError</a> when environment variables or IAM profiles
--   cannot be read.
--   
--   <i>See:</i> <a>newEnvWith</a>.
newEnv :: (Applicative m, MonadIO m, MonadCatch m) => Credentials -> m Env

-- | The environment containing the parameters required to make AWS
--   requests.
data Env
class HasEnv a
environment :: HasEnv a => Lens' a Env

-- | The current region.
envRegion :: HasEnv a => Lens' a Region

-- | The function used to output log messages.
envLogger :: HasEnv a => Lens' a Logger

-- | The function used to determine if an <a>HttpException</a> should be
--   retried.
envRetryCheck :: HasEnv a => Lens' a (Int -> HttpException -> Bool)

-- | The currently applied overrides to all <a>Service</a> configuration.
envOverride :: HasEnv a => Lens' a (Dual (Endo Service))

-- | The <a>Manager</a> used to create and manage open HTTP connections.
envManager :: HasEnv a => Lens' a Manager

-- | The credentials used to sign requests for authentication with AWS.
envAuth :: HasEnv a => Lens' a Auth

-- | A memoised predicate for whether the underlying host is an EC2
--   instance.
envEC2 :: HasEnv a => Getter a (IORef (Maybe Bool))

-- | Determines how AuthN/AuthZ information is retrieved.
data Credentials

-- | Explicit access and secret keys. See <a>fromKeys</a>.
FromKeys :: AccessKey -> SecretKey -> Credentials

-- | Explicit access key, secret key and a session token. See
--   <a>fromSession</a>.
FromSession :: AccessKey -> SecretKey -> SessionToken -> Credentials

-- | Lookup specific environment variables for access key, secret key, an
--   optional session token, and an optional region, respectively.
FromEnv :: Text -> Text -> Maybe Text -> Maybe Text -> Credentials

-- | An IAM Profile name to lookup from the local EC2 instance-data.
--   Environment variables to lookup for the access key, secret key and
--   optional session token.
FromProfile :: Text -> Credentials

-- | A credentials profile name (the INI section) and the path to the AWS
--   <a>credentials</a> file.
FromFile :: Text -> FilePath -> Credentials

-- | Obtain credentials by attempting to contact the ECS container agent at
--   <a>http://169.254.170.2</a> using the path in
--   <a>envContainerCredentialsURI</a>. See <a>IAM Roles for Tasks</a> in
--   the AWS documentation for more information.
FromContainer :: Credentials

-- | Attempt credentials discovery via the following steps:
--   
--   <ul>
--   <li>Read the <a>envAccessKey</a>, <a>envSecretKey</a>, and
--   <a>envRegion</a> from the environment if they are set.</li>
--   <li>Read the credentials file if <a>credFile</a> exists.</li>
--   <li>Obtain credentials from the ECS container agent if
--   <a>envContainerCredentialsURI</a> is set.</li>
--   <li>Retrieve the first available IAM profile and read the
--   <a>Region</a> from the instance identity document, if running on
--   EC2.</li>
--   </ul>
--   
--   An attempt is made to resolve <a>http://instance-data</a> rather than
--   directly retrieving <a>http://169.254.169.254</a> for IAM profile
--   information. This assists in ensuring the DNS lookup terminates
--   promptly if not running on EC2.
Discover :: Credentials

-- | The available AWS regions.
data Region

-- | US East ('us-east-1').
NorthVirginia :: Region

-- | US East ('us-east-2').
Ohio :: Region

-- | US West ('us-west-1').
NorthCalifornia :: Region

-- | US West ('us-west-2').
Oregon :: Region

-- | Canada ('ca-central-1').
Montreal :: Region

-- | Asia Pacific ('ap-northeast-1').
Tokyo :: Region

-- | Asia Pacific ('ap-northeast-2').
Seoul :: Region

-- | Asia Pacific ('ap-south-1').
Mumbai :: Region

-- | Asia Pacific ('ap-southeast-1').
Singapore :: Region

-- | Asia Pacific ('ap-southeast-2').
Sydney :: Region

-- | South America ('sa-east-1').
SaoPaulo :: Region

-- | EU ('eu-west-1').
Ireland :: Region

-- | EU ('eu-west-2').
London :: Region

-- | EU ('eu-central-1').
Frankfurt :: Region

-- | US GovCloud ('us-gov-west-1').
GovCloud :: Region

-- | US GovCloud FIPS (S3 Only, 'fips-us-gov-west-1').
GovCloudFIPS :: Region

-- | China ('cn-north-1').
Beijing :: Region

-- | Send a request, returning the associated response if successful.
send :: (MonadAWS m, AWSRequest a) => a -> m (Rs a)

-- | Repeatedly send a request, automatically setting markers and
--   paginating over multiple responses while available.
paginate :: (MonadAWS m, AWSPager a) => a -> ConduitM () (Rs a) m ()

-- | Poll the API with the supplied request until a specific <a>Wait</a>
--   condition is fulfilled.
await :: (MonadAWS m, AWSRequest a) => Wait a -> a -> m Accept

-- | Configure a specific service. All requests belonging to the supplied
--   service will use this configuration instead of the default.
--   
--   It's suggested you use a modified version of the default service, such
--   as <tt>Network.AWS.DynamoDB.dynamoDB</tt>.
--   
--   <i>See:</i> <a>reconfigure</a>.
configure :: HasEnv a => Service -> a -> a

-- | Provide a function which will be added to the existing stack of
--   overrides applied to all service configuration.
--   
--   To override a specific service, it's suggested you use either
--   <a>configure</a> or <a>reconfigure</a> with a modified version of the
--   default service, such as <tt>Network.AWS.DynamoDB.dynamoDB</tt>.
override :: HasEnv a => (Service -> Service) -> a -> a

-- | Scope an action such that all requests belonging to the supplied
--   service will use this configuration instead of the default.
--   
--   It's suggested you use a modified version of the default service, such
--   as <tt>Network.AWS.DynamoDB.dynamoDB</tt>.
--   
--   <i>See:</i> <a>configure</a>.
reconfigure :: MonadAWS m => Service -> AWS a -> m a

-- | Scope an action within the specific <a>Region</a>.
within :: MonadAWS m => Region -> AWS a -> m a

-- | Scope an action such that any retry logic for the <a>Service</a> is
--   ignored and any requests will at most be sent once.
once :: MonadAWS m => AWS a -> m a

-- | Scope an action such that any HTTP response will use this timeout
--   value.
timeout :: MonadAWS m => Seconds -> AWS a -> m a

-- | Anything that can be safely converted to a <a>HashedBody</a>.
class ToHashedBody a

-- | Convert a value to a hashed request body.
toHashed :: ToHashedBody a => a -> HashedBody

-- | Construct a <a>HashedBody</a> from a <a>FilePath</a>, calculating the
--   <a>SHA256</a> hash and file size.
--   
--   <i>Note:</i> While this function will perform in constant space, it
--   will enumerate the entirety of the file contents _twice_. Firstly to
--   calculate the SHA256 and lastly to stream the contents to the socket
--   during sending.
--   
--   <i>See:</i> <a>ToHashedBody</a>.
hashedFile :: MonadIO m => FilePath -> m HashedBody

-- | Construct a <a>HashedBody</a> from a <a>FilePath</a>, specifying the
--   range of bytes to read. This can be useful for constructing multiple
--   requests from a single file, say for S3 multipart uploads.
--   
--   <i>See:</i> <a>hashedFile</a>, <a>sourceFileRange</a>.
hashedFileRange :: MonadIO m => FilePath -> Integer -> Integer -> m HashedBody

-- | Construct a <a>HashedBody</a> from a <a>Source</a>, manually
--   specifying the <a>SHA256</a> hash and file size. It's left up to the
--   caller to calculate these correctly, otherwise AWS will return signing
--   errors.
--   
--   <i>See:</i> <a>ToHashedBody</a>.
hashedBody :: Digest SHA256 -> Integer -> ConduitM () ByteString (ResourceT IO) () -> HashedBody

-- | Anything that can be converted to a streaming request <tt>Body</tt>.
class ToBody a

-- | Convert a value to a request body.
toBody :: ToBody a => a -> RqBody

-- | Specifies the transmitted size of the 'Transfer-Encoding' chunks.
--   
--   <i>See:</i> <tt>defaultChunk</tt>.
newtype ChunkSize
ChunkSize :: Int -> ChunkSize

-- | The default chunk size of 128 KB. The minimum chunk size accepted by
--   AWS is 8 KB, unless the entirety of the request is below this
--   threshold.
--   
--   A chunk size of 64 KB or higher is recommended for performance
--   reasons.
defaultChunkSize :: ChunkSize

-- | Construct a <a>ChunkedBody</a> from a <a>FilePath</a>, where the
--   contents will be read and signed incrementally in chunks if the target
--   service supports it.
--   
--   Will intelligently revert to <a>HashedBody</a> if the file is smaller
--   than the specified <a>ChunkSize</a>.
--   
--   <i>See:</i> <a>ToBody</a>.
chunkedFile :: MonadIO m => ChunkSize -> FilePath -> m RqBody

-- | Construct a <a>ChunkedBody</a> from a <a>FilePath</a>, specifying the
--   range of bytes to read. This can be useful for constructing multiple
--   requests from a single file, say for S3 multipart uploads.
--   
--   <i>See:</i> <a>chunkedFile</a>.
chunkedFileRange :: MonadIO m => ChunkSize -> FilePath -> Integer -> Integer -> m RqBody

-- | Unsafely construct a <a>ChunkedBody</a>.
--   
--   This function is marked unsafe because it does nothing to enforce the
--   chunk size. Typically for conduit <a>IO</a> functions, it's whatever
--   ByteString's <tt>defaultBufferSize</tt> is, around 32 KB. If the chunk
--   size is less than 8 KB, the request will error. 64 KB or higher chunk
--   size is recommended for performance reasons.
--   
--   Note that it will always create a chunked body even if the request is
--   too small.
--   
--   <i>See:</i> <a>ToBody</a>.
unsafeChunkedBody :: ChunkSize -> Integer -> ConduitM () ByteString (ResourceT IO) () -> RqBody

-- | Connect a <a>Sink</a> to a response stream.
sinkBody :: MonadIO m => RsBody -> ConduitM ByteString Void (ResourceT IO) a -> m a

-- | Convenience function for obtaining the size of a file.
getFileSize :: MonadIO m => FilePath -> m Integer

-- | Incrementally calculate a <a>MD5</a> <a>Digest</a>.
sinkMD5 :: Monad m => ConduitM ByteString o m (Digest MD5)

-- | Incrementally calculate a <a>SHA256</a> <a>Digest</a>.
sinkSHA256 :: Monad m => ConduitM ByteString o m (Digest SHA256)

-- | Presign an URL that is valid from the specified time until the number
--   of seconds expiry has elapsed.
presignURL :: (MonadAWS m, AWSRequest a) => UTCTime -> Seconds -> a -> m ByteString

-- | Test whether the underlying host is running on EC2. This is memoised
--   and an HTTP request is made to the host's metadata endpoint for the
--   first call only.
isEC2 :: MonadAWS m => m Bool

-- | Retrieve the specified <tt>Dynamic</tt> data.
dynamic :: MonadAWS m => Dynamic -> m ByteString

-- | Retrieve the specified <tt>Metadata</tt>.
metadata :: MonadAWS m => Metadata -> m ByteString

-- | Retrieve the user data. Returns <a>Nothing</a> if no user data is
--   assigned to the instance.
userdata :: MonadAWS m => m (Maybe ByteString)
data Dynamic

-- | Value showing whether the customer has enabled detailed one-minute
--   monitoring in CloudWatch.
--   
--   Valid values: enabled | disabled.
FWS :: Dynamic

-- | JSON containing instance attributes, such as instance-id, private IP
--   address, etc. <i>See:</i> <a>identity</a>, <tt>InstanceDocument</tt>.
Document :: Dynamic

-- | Used to verify the document's authenticity and content against the
--   signature.
PKCS7 :: Dynamic
Signature :: Dynamic
data Metadata

-- | The AMI ID used to launch the instance.
AMIId :: Metadata

-- | If you started more than one instance at the same time, this value
--   indicates the order in which the instance was launched. The value of
--   the first instance launched is 0.
AMILaunchIndex :: Metadata

-- | The path to the AMI's manifest file in Amazon S3. If you used an
--   Amazon EBS-backed AMI to launch the instance, the returned result is
--   unknown.
AMIManifestPath :: Metadata

-- | The AMI IDs of any instances that were rebundled to create this AMI.
--   This value will only exist if the AMI manifest file contained an
--   ancestor-amis key.
AncestorAMIIds :: Metadata

-- | See: <a>Mapping</a>
BlockDevice :: !Mapping -> Metadata

-- | The private hostname of the instance. In cases where multiple network
--   interfaces are present, this refers to the eth0 device (the device for
--   which the device number is 0).
Hostname :: Metadata

-- | See: <a>Info</a>
IAM :: !Info -> Metadata

-- | Notifies the instance that it should reboot in preparation for
--   bundling. Valid values: none | shutdown | bundle-pending.
InstanceAction :: Metadata

-- | The ID of this instance.
InstanceId :: Metadata

-- | The type of instance.
--   
--   See: <tt>InstanceType</tt>
InstanceType :: Metadata

-- | The ID of the kernel launched with this instance, if applicable.
KernelId :: Metadata

-- | The private DNS hostname of the instance. In cases where multiple
--   network interfaces are present, this refers to the eth0 device (the
--   device for which the device number is 0).
LocalHostname :: Metadata

-- | The private IP address of the instance. In cases where multiple
--   network interfaces are present, this refers to the eth0 device (the
--   device for which the device number is 0).
LocalIPV4 :: Metadata

-- | The instance's media access control (MAC) address. In cases where
--   multiple network interfaces are present, this refers to the eth0
--   device (the device for which the device number is 0).
MAC :: Metadata

-- | See: <a>Interface</a>
Network :: !Text -> !Interface -> Metadata

-- | The Availability Zone in which the instance launched.
AvailabilityZone :: Metadata

-- | Product codes associated with the instance, if any.
ProductCodes :: Metadata

-- | The instance's public DNS. If the instance is in a VPC, this category
--   is only returned if the enableDnsHostnames attribute is set to true.
--   For more information, see Using DNS with Your VPC.
PublicHostname :: Metadata

-- | The public IP address. If an Elastic IP address is associated with the
--   instance, the value returned is the Elastic IP address.
PublicIPV4 :: Metadata

-- | Public key. Only available if supplied at instance launch time.
OpenSSHKey :: Metadata

-- | The ID of the RAM disk specified at launch time, if applicable.
RAMDiskId :: Metadata

-- | ID of the reservation.
ReservationId :: Metadata

-- | The names of the security groups applied to the instance.
SecurityGroups :: Metadata
class AsError a

-- | A general Amazonka error.
_Error :: AsError a => Prism' a Error

-- | An error occured while communicating over HTTP with a remote service.
_TransportError :: AsError a => Prism' a HttpException

-- | A serialisation error occured when attempting to deserialise a
--   response.
_SerializeError :: AsError a => Prism' a SerializeError

-- | A service specific error returned by the remote service.
_ServiceError :: AsError a => Prism' a ServiceError
class AsAuthError a

-- | A general authentication error.
_AuthError :: AsAuthError a => Prism' a AuthError

-- | An error occured while communicating over HTTP with the local metadata
--   endpoint.
_RetrievalError :: AsAuthError a => Prism' a HttpException

-- | The named environment variable was not found.
_MissingEnvError :: AsAuthError a => Prism' a Text

-- | An error occured parsing named environment variable's value.
_InvalidEnvError :: AsAuthError a => Prism' a Text

-- | The specified credentials file could not be found.
_MissingFileError :: AsAuthError a => Prism' a FilePath

-- | An error occured parsing the credentials file.
_InvalidFileError :: AsAuthError a => Prism' a Text

-- | The specified IAM profile could not be found or deserialised.
_InvalidIAMError :: AsAuthError a => Prism' a Text

-- | A variant of <a>try</a> that takes a <a>ReifiedPrism</a> (or any
--   <a>ReifiedFold</a>) to select which exceptions are caught (c.f.
--   <a>tryJust</a>, <a>catchJust</a>). If the <a>Exception</a> does not
--   match the predicate, it is re-thrown.
--   
--   <pre>
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>Prism'</a>     <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>Lens'</a>      <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>Traversal'</a> <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>Iso'</a>       <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>ReifiedGetter</a>     <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   <a>trying</a> :: <a>MonadCatch</a> m =&gt; <a>ReifiedFold</a>       <a>SomeException</a> a -&gt; m r -&gt; m (<a>Either</a> a r)
--   </pre>
trying :: MonadCatch m => Getting (First a) SomeException a -> m r -> m (Either a r)

-- | Catch exceptions that match a given <a>ReifiedPrism</a> (or any
--   <a>ReifiedFold</a>, really).
--   
--   <pre>
--   &gt;&gt;&gt; catching _AssertionFailed (assert False (return "uncaught")) $ \ _ -&gt; return "caught"
--   "caught"
--   </pre>
--   
--   <pre>
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>Prism'</a> <a>SomeException</a> a     -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>Lens'</a> <a>SomeException</a> a      -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>Traversal'</a> <a>SomeException</a> a -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>Iso'</a> <a>SomeException</a> a       -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>ReifiedGetter</a> <a>SomeException</a> a     -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   <a>catching</a> :: <a>MonadCatch</a> m =&gt; <a>ReifiedFold</a> <a>SomeException</a> a       -&gt; m r -&gt; (a -&gt; m r) -&gt; m r
--   </pre>
catching :: MonadCatch m => Getting (First a) SomeException a -> m r -> (a -> m r) -> m r

-- | Provides a generalised prism for catching a specific service error
--   identified by the opaque service abbreviation and error code.
--   
--   This can be used if the generated error prisms provided by
--   <tt>Network.AWS.<a>ServiceName</a>.Types</tt> do not cover all the
--   thrown error codes. For example to define a new error prism:
--   
--   <pre>
--   {-# LANGUAGE OverloadedStrings #-}
--   
--   import Network.AWS.S3 (ServiceError, s3)
--   
--   _NoSuchBucketPolicy :: AsError a =&gt; Getting (First ServiceError) a ServiceError
--   _NoSuchBucketPolicy = _MatchServiceError s3 "NoSuchBucketPolicy"
--   </pre>
--   
--   With example usage being:
--   
--   <pre>
--   &gt;&gt;&gt; import Control.Exception.Lens (trying)
--   
--   &gt;&gt;&gt; :t trying _NoSuchBucketPolicy
--   MonadCatch m =&gt; m a -&gt; m (Either ServiceError a)
--   </pre>
_MatchServiceError :: AsError a => Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
hasService :: (Applicative f, Choice p) => Service -> Optic' p f ServiceError ServiceError
hasStatus :: (Applicative f, Choice p) => Int -> Optic' p f ServiceError ServiceError
hasCode :: (Applicative f, Choice p) => ErrorCode -> Optic' p f ServiceError ServiceError

-- | A function threaded through various request and serialisation routines
--   to log informational and debug messages.
type Logger = LogLevel -> Builder -> IO ()
data LogLevel

-- | Info messages supplied by the user - this level is not emitted by the
--   library.
Info :: LogLevel

-- | Error messages only.
Error :: LogLevel

-- | Useful debug information + info + error levels.
Debug :: LogLevel

-- | Includes potentially sensitive signing metadata, and non-streaming
--   response bodies.
Trace :: LogLevel

-- | This is a primitive logger which can be used to log builds to a
--   <a>Handle</a>.
--   
--   <i>Note:</i> A more sophisticated logging library such as
--   <a>tinylog</a> or <a>fast-logger</a> should be used in production
--   code.
newLogger :: MonadIO m => LogLevel -> Handle -> m Logger
data Endpoint

-- | A convenience function for overriding the <a>Service</a>
--   <a>Endpoint</a>.
--   
--   <i>See:</i> <a>serviceEndpoint</a>.
setEndpoint :: Bool -> ByteString -> Int -> Service -> Service

-- | Invalid Iso, should be a Prism but exists for ease of composition with
--   the current 'Lens . Iso' chaining to hide internal types from the
--   user.
_Default :: Monoid a => Iso' (Maybe a) a
_Coerce :: (Coercible a b, Coercible b a) => Iso' a b
microseconds :: Seconds -> Int
seconds :: Seconds -> Int
withAuth :: MonadIO m => Auth -> (AuthEnv -> m a) -> m a

-- | The date on which the current credentials expire.
expiration :: Lens' AuthEnv (Maybe UTCTime)

-- | The token that users must pass to the service API to use the temporary
--   credentials.
sessionToken :: Lens' AuthEnv (Maybe SessionToken)

-- | The secret access key that can be used to sign requests.
secretAccessKey :: Lens' AuthEnv SecretKey

-- | The access key ID that identifies the temporary security credentials.
accessKeyId :: Lens' AuthEnv AccessKey
rqPresign :: () => Seconds -> Algorithm a
rqSign :: () => Algorithm a
rqQuery :: () => Lens' (Request a) QueryString
rqPath :: () => Lens' (Request a) RawPath
rqMethod :: () => Lens' (Request a) StdMethod
rqHeaders :: () => Lens' (Request a) [Header]
rqBody :: () => Lens' (Request a) RqBody
rqService :: () => Lens' (Request a) Service

-- | Construct a <a>ClientRequest</a> using common parameters such as TLS
--   and prevent throwing errors when receiving erroneous status codes in
--   respones.
clientRequest :: Endpoint -> Maybe Seconds -> ClientRequest
serviceRetry :: Lens' Service Retry
serviceCheck :: Lens' Service (Status -> Bool)
serviceTimeout :: Lens' Service (Maybe Seconds)
serviceEndpoint :: Setter' Service Endpoint
serviceSigner :: Lens' Service Signer
retryCheck :: Lens' Retry (ServiceError -> Maybe Text)
retryAttempts :: Lens' Retry Int
exponentGrowth :: Lens' Retry Int
exponentBase :: Lens' Retry Double
endpointScope :: Lens' Endpoint ByteString
endpointPort :: Lens' Endpoint Int
endpointSecure :: Lens' Endpoint Bool
endpointHost :: Lens' Endpoint ByteString
serviceRequestId :: Lens' ServiceError (Maybe RequestId)
serviceMessage :: Lens' ServiceError (Maybe ErrorMessage)
serviceCode :: Lens' ServiceError ErrorCode
serviceHeaders :: Lens' ServiceError [Header]
serviceStatus :: Lens' ServiceError Status
serviceAbbrev :: Lens' ServiceError Abbrev
serializeMessage :: Lens' SerializeError String
serializeStatus :: Lens' SerializeError Status
serializeAbbrev :: Lens' SerializeError Abbrev

-- | Construct an <a>ErrorCode</a>.
errorCode :: Text -> ErrorCode

-- | A convenience alias to avoid type ambiguity.
type ClientRequest = Request

-- | A convenience alias encapsulating the common <a>Response</a>.
type ClientResponse = Response ResponseBody

-- | A convenience alias encapsulating the common <a>Response</a> body.
type ResponseBody = ConduitM () ByteString ResourceT IO ()

-- | Abbreviated service name.
data Abbrev
newtype ErrorCode
ErrorCode :: Text -> ErrorCode
newtype ErrorMessage
ErrorMessage :: Text -> ErrorMessage
newtype RequestId
RequestId :: Text -> RequestId

-- | An error type representing errors that can be attributed to this
--   library.
data Error
TransportError :: HttpException -> Error
SerializeError :: SerializeError -> Error
ServiceError :: ServiceError -> Error
data SerializeError
SerializeError' :: !Abbrev -> !Status -> Maybe LazyByteString -> String -> SerializeError
[_serializeAbbrev] :: SerializeError -> !Abbrev
[_serializeStatus] :: SerializeError -> !Status

-- | The response body, if the response was not streaming.
[_serializeBody] :: SerializeError -> Maybe LazyByteString
[_serializeMessage] :: SerializeError -> String
data ServiceError
ServiceError' :: !Abbrev -> !Status -> [Header] -> !ErrorCode -> Maybe ErrorMessage -> Maybe RequestId -> ServiceError
[_serviceAbbrev] :: ServiceError -> !Abbrev
[_serviceStatus] :: ServiceError -> !Status
[_serviceHeaders] :: ServiceError -> [Header]
[_serviceCode] :: ServiceError -> !ErrorCode
[_serviceMessage] :: ServiceError -> Maybe ErrorMessage
[_serviceRequestId] :: ServiceError -> Maybe RequestId
class AsError a

-- | A general Amazonka error.
_Error :: AsError a => Prism' a Error

-- | An error occured while communicating over HTTP with a remote service.
_TransportError :: AsError a => Prism' a HttpException

-- | A serialisation error occured when attempting to deserialise a
--   response.
_SerializeError :: AsError a => Prism' a SerializeError

-- | A service specific error returned by the remote service.
_ServiceError :: AsError a => Prism' a ServiceError
data Endpoint
Endpoint :: ByteString -> !Bool -> !Int -> ByteString -> Endpoint
[_endpointHost] :: Endpoint -> ByteString
[_endpointSecure] :: Endpoint -> !Bool
[_endpointPort] :: Endpoint -> !Int
[_endpointScope] :: Endpoint -> ByteString

-- | A function threaded through various request and serialisation routines
--   to log informational and debug messages.
type Logger = LogLevel -> Builder -> IO ()

-- | Constants and predicates used to create a <tt>RetryPolicy</tt>.
data Retry
Exponential :: !Double -> !Int -> !Int -> (ServiceError -> Maybe Text) -> Retry
[_retryBase] :: Retry -> !Double
[_retryGrowth] :: Retry -> !Int
[_retryAttempts] :: Retry -> !Int

-- | Returns a descriptive name for logging if the request should be
--   retried.
[_retryCheck] :: Retry -> ServiceError -> Maybe Text

-- | Signing algorithm specific metadata.
data Meta
[Meta] :: forall a. ToLog a => a -> Meta

-- | A signed <a>ClientRequest</a> and associated metadata specific to the
--   signing algorithm, tagged with the initial request type to be able to
--   obtain the associated response, 'Rs a'.
data Signed a
Signed :: !Meta -> !ClientRequest -> Signed a
[sgMeta] :: Signed a -> !Meta
[sgRequest] :: Signed a -> !ClientRequest
type Algorithm a = Request a -> AuthEnv -> Region -> UTCTime -> Signed a
data Signer
Signer :: (forall a. () => Algorithm a) -> (forall a. () => Seconds -> Algorithm a) -> Signer
[sgSign] :: Signer -> forall a. () => Algorithm a
[sgPresign] :: Signer -> forall a. () => Seconds -> Algorithm a

-- | Attributes and functions specific to an AWS service.
data Service
Service :: !Abbrev -> !Signer -> !ByteString -> !ByteString -> !Region -> Endpoint -> !Maybe Seconds -> !Status -> Bool -> !Status -> [Header] -> LazyByteString -> Error -> !Retry -> Service
[_svcAbbrev] :: Service -> !Abbrev
[_svcSigner] :: Service -> !Signer
[_svcPrefix] :: Service -> !ByteString
[_svcVersion] :: Service -> !ByteString
[_svcEndpoint] :: Service -> !Region -> Endpoint
[_svcTimeout] :: Service -> !Maybe Seconds
[_svcCheck] :: Service -> !Status -> Bool
[_svcError] :: Service -> !Status -> [Header] -> LazyByteString -> Error
[_svcRetry] :: Service -> !Retry

-- | An unsigned request.
data Request a
Request :: !Service -> !StdMethod -> !RawPath -> !QueryString -> ![Header] -> !RqBody -> Request a
[_rqService] :: Request a -> !Service
[_rqMethod] :: Request a -> !StdMethod
[_rqPath] :: Request a -> !RawPath
[_rqQuery] :: Request a -> !QueryString
[_rqHeaders] :: Request a -> ![Header]
[_rqBody] :: Request a -> !RqBody
type Response a = (Status, Rs a)

-- | Specify how a request can be de/serialised.
class AWSRequest a where {
    
    -- | The successful, expected response associated with a request.
    type family Rs a :: Type;
}
request :: AWSRequest a => a -> Request a
response :: (AWSRequest a, MonadResource m, MonadThrow m) => Logger -> Service -> Proxy a -> ClientResponse -> m (Response a)

-- | An access key ID.
--   
--   For example: <tt>AKIAIOSFODNN7EXAMPLE</tt>
--   
--   <i>See:</i> <a>Understanding and Getting Your Security
--   Credentials</a>.
newtype AccessKey
AccessKey :: ByteString -> AccessKey

-- | Secret access key credential.
--   
--   For example: <tt>wJalrXUtnFEMI<i>K7MDENG</i>bPxRfiCYEXAMPLEKE</tt>
--   
--   <i>See:</i> <a>Understanding and Getting Your Security
--   Credentials</a>.
newtype SecretKey
SecretKey :: ByteString -> SecretKey

-- | A session token used by STS to temporarily authorise access to an AWS
--   resource.
--   
--   <i>See:</i> <a>Temporary Security Credentials</a>.
newtype SessionToken
SessionToken :: ByteString -> SessionToken

-- | The AuthN/AuthZ credential environment.
data AuthEnv
AuthEnv :: !AccessKey -> !Sensitive SecretKey -> Maybe (Sensitive SessionToken) -> Maybe ISO8601 -> AuthEnv
[_authAccess] :: AuthEnv -> !AccessKey
[_authSecret] :: AuthEnv -> !Sensitive SecretKey
[_authToken] :: AuthEnv -> Maybe (Sensitive SessionToken)
[_authExpiry] :: AuthEnv -> Maybe ISO8601

-- | An authorisation environment containing AWS credentials, and
--   potentially a reference which can be refreshed out-of-band as
--   temporary credentials expire.
data Auth
Ref :: ThreadId -> IORef AuthEnv -> Auth
Auth :: AuthEnv -> Auth

-- | The available AWS regions.
data Region

-- | US East ('us-east-1').
NorthVirginia :: Region

-- | US East ('us-east-2').
Ohio :: Region

-- | US West ('us-west-1').
NorthCalifornia :: Region

-- | US West ('us-west-2').
Oregon :: Region

-- | Canada ('ca-central-1').
Montreal :: Region

-- | Asia Pacific ('ap-northeast-1').
Tokyo :: Region

-- | Asia Pacific ('ap-northeast-2').
Seoul :: Region

-- | Asia Pacific ('ap-south-1').
Mumbai :: Region

-- | Asia Pacific ('ap-southeast-1').
Singapore :: Region

-- | Asia Pacific ('ap-southeast-2').
Sydney :: Region

-- | South America ('sa-east-1').
SaoPaulo :: Region

-- | EU ('eu-west-1').
Ireland :: Region

-- | EU ('eu-west-2').
London :: Region

-- | EU ('eu-central-1').
Frankfurt :: Region

-- | US GovCloud ('us-gov-west-1').
GovCloud :: Region

-- | US GovCloud FIPS (S3 Only, 'fips-us-gov-west-1').
GovCloudFIPS :: Region

-- | China ('cn-north-1').
Beijing :: Region

-- | An integral value representing seconds.
newtype Seconds
Seconds :: Int -> Seconds

-- | An exception which may be generated by this library
data HttpException

-- | Timing and acceptance criteria to check fulfillment of a remote
--   operation.
data Wait a

-- | Specify how an <a>AWSRequest</a> and it's associated <a>Rs</a>
--   response can generate a subsequent request, if available.
class AWSRequest a => AWSPager a

-- | Invariant: only services that support _both_ standard and chunked
--   signing expose <a>RqBody</a> as a parameter.
data RqBody

-- | An opaque request body containing a <a>SHA256</a> hash.
data HashedBody

-- | An opaque request body which will be transmitted via
--   <tt>Transfer-Encoding: chunked</tt>.
--   
--   <i>Invariant:</i> Only services that support chunked encoding can
--   accept a <a>ChunkedBody</a>. (Currently S3.) This is enforced by the
--   type signatures emitted by the generator.
data ChunkedBody

-- | A streaming, exception safe response body.
data RsBody
instance Network.AWS.MonadAWS Network.AWS.AWS
instance Network.AWS.MonadAWS m => Network.AWS.MonadAWS (Control.Monad.Trans.Identity.IdentityT m)
instance Network.AWS.MonadAWS m => Network.AWS.MonadAWS (Control.Monad.Trans.List.ListT m)
instance Network.AWS.MonadAWS m => Network.AWS.MonadAWS (Control.Monad.Trans.Maybe.MaybeT m)
instance Network.AWS.MonadAWS m => Network.AWS.MonadAWS (Control.Monad.Trans.Except.ExceptT e m)
instance Network.AWS.MonadAWS m => Network.AWS.MonadAWS (Control.Monad.Trans.Reader.ReaderT r m)
instance Network.AWS.MonadAWS m => Network.AWS.MonadAWS (Control.Monad.Trans.State.Strict.StateT s m)
instance Network.AWS.MonadAWS m => Network.AWS.MonadAWS (Control.Monad.Trans.State.Lazy.StateT s m)
instance (GHC.Base.Monoid w, Network.AWS.MonadAWS m) => Network.AWS.MonadAWS (Control.Monad.Trans.Writer.Strict.WriterT w m)
instance (GHC.Base.Monoid w, Network.AWS.MonadAWS m) => Network.AWS.MonadAWS (Control.Monad.Trans.Writer.Lazy.WriterT w m)
instance (GHC.Base.Monoid w, Network.AWS.MonadAWS m) => Network.AWS.MonadAWS (Control.Monad.Trans.RWS.Strict.RWST r w s m)
instance (GHC.Base.Monoid w, Network.AWS.MonadAWS m) => Network.AWS.MonadAWS (Control.Monad.Trans.RWS.Lazy.RWST r w s m)
