We have created a dependency hell where tough, pubsys, and testsys all need to update the aws-sdk libraries in lockstep. This is because we have exposed types from these libraries in our public interface. Here is one such example:

We need to replace these types with types of our own that hide the underlying type. In other words, in the above example, instead of exposing a KmsClient as the input, we need to take a tough_kms::Client object that wraps and hides the foreign type.

We should scrub for additional exposed types and consider whether or not they should be hidden. Sometimes libraries are so stable on a major version that it is considered fine/idiomatic to expose them (Url for example), but as a general principle it is a very bad idea to leak someone else's types in a public interface.

Related: awslabs/coldsnap#301