aws-sdk-iam 1.0.0.rc3 → 1.0.0.rc4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b08113dded27fb7c6eea7fececdcd93c5d55c135
-  data.tar.gz: a24c642fcdc0837a45b1cea524f9b97d5008d11d
+  metadata.gz: 738dac965bcb0584bb038b74c3a257bbb8df62d6
+  data.tar.gz: 055a8de3fb34fb83a329a792880920d27820d63c
 SHA512:
-  metadata.gz: 1d2cee07e97e49261368c6b906dab49aa9d760ae18fa5aed44e45e8939707eff3016a8a024b800de0a53823b90b5bab95044aaf0f0827d410abe5fdb6a172158
-  data.tar.gz: 3780147243bc8dde015c247ccc2d66a327e3f8d8ac5c9513b252e8ca712be18f5a5a1888b0a27a426cec57076c777f0ea957d1f3fad7d1c972250cbf9a441442
+  metadata.gz: 0c59422e6e55a4856972f70253c6bd37cba09d325350deddf89c9e1ceff040c38ab5f00bb86a89373c6589c57bea7c003946e42414e754455ab53e75b82f4f8f
+  data.tar.gz: 2bfc5f30e6e27f381c6187e8bc830cb1c3389b035386d1953b80e20705ad4b1a9f5bd2bfcfd70c1d90d22b2c21c7b5ed6c38d898d771db6cd3491223b75f106f

data/lib/aws-sdk-iam.rb

@@ -64,6 +64,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @service
 module Aws::IAM
 
-  GEM_VERSION = '1.0.0.rc3'
+  GEM_VERSION = '1.0.0.rc4'
 
 end

data/lib/aws-sdk-iam/client.rb

@@ -18,6 +18,7 @@ require 'aws-sdk-core/plugins/regional_endpoint.rb'
 require 'aws-sdk-core/plugins/response_paging.rb'
 require 'aws-sdk-core/plugins/stub_responses.rb'
 require 'aws-sdk-core/plugins/idempotency_token.rb'
+require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/query.rb'
 
@@ -45,6 +46,7 @@ module Aws::IAM
     add_plugin(Aws::Plugins::ResponsePaging)
     add_plugin(Aws::Plugins::StubResponses)
     add_plugin(Aws::Plugins::IdempotencyToken)
+    add_plugin(Aws::Plugins::JsonvalueConverter)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::Query)
 
@@ -177,7 +179,9 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Adds the specified IAM role to the specified instance profile.
+    # Adds the specified IAM role to the specified instance profile. An
+    # instance profile can contain only one role, and this limit cannot be
+    # increased.
     #
     # <note markdown="1"> The caller of this API must be granted the `PassRole` permission on
     # the IAM role by a permission policy.
@@ -211,7 +215,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -332,13 +336,16 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Attaches the specified managed policy to the specified IAM role.
+    # Attaches the specified managed policy to the specified IAM role. When
+    # you attach a managed policy to a role, the managed policy becomes part
+    # of the role's permission (access) policy.
+    #
+    # <note markdown="1"> You cannot use a managed policy as the role's trust policy. The
+    # role's trust policy is created at the same time as the role, using
+    # CreateRole. You can update a role's trust policy using
+    # UpdateAssumeRolePolicy.
     #
-    # When you attach a managed policy to a role, the managed policy becomes
-    # part of the role's permission (access) policy. You cannot use a
-    # managed policy as the role's trust policy. The role's trust policy
-    # is created at the same time as the role, using CreateRole. You can
-    # update a role's trust policy using UpdateAssumeRolePolicy.
+    #  </note>
     #
     # Use this API to attach a *managed* policy to a role. To embed an
     # inline policy in a role, use PutRolePolicy. For more information about
@@ -355,7 +362,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -728,6 +735,7 @@ module Aws::IAM
     #   resp.instance_profile.roles[0].arn #=> String
     #   resp.instance_profile.roles[0].create_date #=> Time
     #   resp.instance_profile.roles[0].assume_role_policy_document #=> String
+    #   resp.instance_profile.roles[0].description #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation
     #
@@ -1142,8 +1150,10 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-. Role names are not distinguished by case. For example, you
-    #   cannot create roles named both "PRODROLE" and "prodrole".
+    #   \_+=,.@-
+    #
+    #   Role names are not distinguished by case. For example, you cannot
+    #   create roles named both "PRODROLE" and "prodrole".
     #
     #
     #
@@ -1165,6 +1175,9 @@ module Aws::IAM
     #
     #   [1]: http://wikipedia.org/wiki/regex
     #
+    # @option params [String] :description
+    #   A customer-provided description of the role.
+    #
     # @return [Types::CreateRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateRoleResponse#role #role} => Types::Role
@@ -1175,6 +1188,7 @@ module Aws::IAM
     #     path: "pathType",
     #     role_name: "roleNameType", # required
     #     assume_role_policy_document: "policyDocumentType", # required
+    #     description: "roleDescriptionType",
     #   })
     #
     # @example Response structure
@@ -1185,6 +1199,7 @@ module Aws::IAM
     #   resp.role.arn #=> String
     #   resp.role.create_date #=> Time
     #   resp.role.assume_role_policy_document #=> String
+    #   resp.role.description #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRole AWS API Documentation
     #
@@ -1276,6 +1291,68 @@ module Aws::IAM
       req.send_request(options)
     end
 
+    # Creates an IAM role that is linked to a specific AWS service. The
+    # service controls the attached policies and when the role can be
+    # deleted. This helps ensure that the service is not broken by an
+    # unexpectedly changed or deleted role, which could put your AWS
+    # resources into an unknown state. Allowing the service to control the
+    # role helps improve service stability and proper cleanup when a service
+    # and its role are no longer needed.
+    #
+    # The name of the role is autogenerated by combining the string that you
+    # specify for the `AWSServiceName` parameter with the string that you
+    # specify for the `CustomSuffix` parameter. The resulting name must be
+    # unique in your account or the request fails.
+    #
+    # To attach a policy to this service-linked role, you must make the
+    # request using the AWS service that depends on this role.
+    #
+    # @option params [required, String] :aws_service_name
+    #   The AWS service to which this role is attached. You use a string
+    #   similar to a URL but without the http:// in front. For example:
+    #   `elasticbeanstalk.amazonaws.com`
+    #
+    # @option params [String] :description
+    #   The description of the role.
+    #
+    # @option params [String] :custom_suffix
+    #   A string that you provide, which is combined with the service name to
+    #   form the complete role name. If you make multiple requests for the
+    #   same service, then you must supply a different `CustomSuffix` for each
+    #   request. Otherwise the request fails with a duplicate role name error.
+    #   For example, you could add `-1` or `-debug` to the suffix.
+    #
+    # @return [Types::CreateServiceLinkedRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateServiceLinkedRoleResponse#role #role} => Types::Role
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_service_linked_role({
+    #     aws_service_name: "groupNameType", # required
+    #     description: "roleDescriptionType",
+    #     custom_suffix: "customSuffixType",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.role.path #=> String
+    #   resp.role.role_name #=> String
+    #   resp.role.role_id #=> String
+    #   resp.role.arn #=> String
+    #   resp.role.create_date #=> Time
+    #   resp.role.assume_role_policy_document #=> String
+    #   resp.role.description #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRole AWS API Documentation
+    #
+    # @overload create_service_linked_role(params = {})
+    # @param [Hash] params ({})
+    def create_service_linked_role(params = {}, options = {})
+      req = build_request(:create_service_linked_role, params)
+      req.send_request(options)
+    end
+
     # Generates a set of credentials consisting of a user name and password
     # that can be used to access the service specified in the request. These
     # credentials are generated by IAM, and can be used only for the
@@ -1532,7 +1609,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =/:,.@-
+    #   =,.@:/-
     #
     #
     #
@@ -1992,7 +2069,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -2034,7 +2111,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -2406,7 +2483,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =/:,.@-
+    #   =,.@:/-
     #
     #
     #
@@ -2499,7 +2576,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -2608,7 +2685,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =/:,.@-
+    #   =,.@:/-
     #
     #
     #
@@ -2619,11 +2696,33 @@ module Aws::IAM
     #
     #   The format for this parameter is a string of 6 digits.
     #
+    #   Submit your request immediately after generating the authentication
+    #   codes. If you generate the codes and then wait too long to submit the
+    #   request, the MFA device successfully associates with the user but the
+    #   MFA device becomes out of sync. This happens because time-based
+    #   one-time passwords (TOTP) expire after a short period of time. If this
+    #   happens, you can [resync the device][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
+    #
     # @option params [required, String] :authentication_code_2
     #   A subsequent authentication code emitted by the device.
     #
     #   The format for this parameter is a string of 6 digits.
     #
+    #   Submit your request immediately after generating the authentication
+    #   codes. If you generate the codes and then wait too long to submit the
+    #   request, the MFA device successfully associates with the user but the
+    #   MFA device becomes out of sync. This happens because time-based
+    #   one-time passwords (TOTP) expire after a short period of time. If this
+    #   happens, you can [resync the device][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -2815,6 +2914,7 @@ module Aws::IAM
     #   resp.role_detail_list[0].instance_profile_list[0].roles[0].arn #=> String
     #   resp.role_detail_list[0].instance_profile_list[0].roles[0].create_date #=> Time
     #   resp.role_detail_list[0].instance_profile_list[0].roles[0].assume_role_policy_document #=> String
+    #   resp.role_detail_list[0].instance_profile_list[0].roles[0].description #=> String
     #   resp.role_detail_list[0].role_policy_list #=> Array
     #   resp.role_detail_list[0].role_policy_list[0].policy_name #=> String
     #   resp.role_detail_list[0].role_policy_list[0].policy_document #=> String
@@ -3268,6 +3368,7 @@ module Aws::IAM
     #   resp.instance_profile.roles[0].arn #=> String
     #   resp.instance_profile.roles[0].create_date #=> Time
     #   resp.instance_profile.roles[0].assume_role_policy_document #=> String
+    #   resp.instance_profile.roles[0].description #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetInstanceProfile AWS API Documentation
     #
@@ -3531,7 +3632,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -3555,6 +3656,7 @@ module Aws::IAM
     #   resp.role.arn #=> String
     #   resp.role.create_date #=> Time
     #   resp.role.assume_role_policy_document #=> String
+    #   resp.role.description #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRole AWS API Documentation
     #
@@ -3599,7 +3701,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -4202,7 +4304,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -4771,6 +4873,7 @@ module Aws::IAM
     #   resp.instance_profiles[0].roles[0].arn #=> String
     #   resp.instance_profiles[0].roles[0].create_date #=> Time
     #   resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
+    #   resp.instance_profiles[0].roles[0].description #=> String
     #   resp.is_truncated #=> Boolean
     #   resp.marker #=> String
     #
@@ -4801,7 +4904,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -4854,6 +4957,7 @@ module Aws::IAM
     #   resp.instance_profiles[0].roles[0].arn #=> String
     #   resp.instance_profiles[0].roles[0].create_date #=> Time
     #   resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
+    #   resp.instance_profiles[0].roles[0].description #=> String
     #   resp.is_truncated #=> Boolean
     #   resp.marker #=> String
     #
@@ -5164,7 +5268,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -5287,6 +5391,7 @@ module Aws::IAM
     #   resp.roles[0].arn #=> String
     #   resp.roles[0].create_date #=> Time
     #   resp.roles[0].assume_role_policy_document #=> String
+    #   resp.roles[0].description #=> String
     #   resp.is_truncated #=> Boolean
     #   resp.marker #=> String
     #
@@ -5982,7 +6087,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -6165,7 +6270,7 @@ module Aws::IAM
     # Make sure you do not have any Amazon EC2 instances running with the
     # role you are about to remove from the instance profile. Removing a
     # role from an instance profile that is associated with a running
-    # instance break any applications running on the instance.
+    # instance might break any applications running on the instance.
     #
     # For more information about IAM roles, go to [Working with Roles][1].
     # For more information about instance profiles, go to [About Instance
@@ -6194,7 +6299,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -7160,7 +7265,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -7397,6 +7502,44 @@ module Aws::IAM
       req.send_request(options)
     end
 
+    # Modifies the description of a role.
+    #
+    # @option params [required, String] :role_name
+    #   The name of the role that you want to modify.
+    #
+    # @option params [required, String] :description
+    #   The new description that you want to apply to the specified role.
+    #
+    # @return [Types::UpdateRoleDescriptionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateRoleDescriptionResponse#role #role} => Types::Role
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_role_description({
+    #     role_name: "roleNameType", # required
+    #     description: "roleDescriptionType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.role.path #=> String
+    #   resp.role.role_name #=> String
+    #   resp.role.role_id #=> String
+    #   resp.role.arn #=> String
+    #   resp.role.create_date #=> Time
+    #   resp.role.assume_role_policy_document #=> String
+    #   resp.role.description #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescription AWS API Documentation
+    #
+    # @overload update_role_description(params = {})
+    # @param [Hash] params ({})
+    def update_role_description(params = {}, options = {})
+      req = build_request(:update_role_description, params)
+      req.send_request(options)
+    end
+
     # Updates the metadata document for an existing SAML provider resource
     # object.
     #
@@ -8108,7 +8251,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.0.0.rc3'
+      context[:gem_version] = '1.0.0.rc4'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iam/client_api.rb

@@ -52,6 +52,8 @@ module Aws::IAM
     CreateRoleResponse = Shapes::StructureShape.new(name: 'CreateRoleResponse')
     CreateSAMLProviderRequest = Shapes::StructureShape.new(name: 'CreateSAMLProviderRequest')
     CreateSAMLProviderResponse = Shapes::StructureShape.new(name: 'CreateSAMLProviderResponse')
+    CreateServiceLinkedRoleRequest = Shapes::StructureShape.new(name: 'CreateServiceLinkedRoleRequest')
+    CreateServiceLinkedRoleResponse = Shapes::StructureShape.new(name: 'CreateServiceLinkedRoleResponse')
     CreateServiceSpecificCredentialRequest = Shapes::StructureShape.new(name: 'CreateServiceSpecificCredentialRequest')
     CreateServiceSpecificCredentialResponse = Shapes::StructureShape.new(name: 'CreateServiceSpecificCredentialResponse')
     CreateUserRequest = Shapes::StructureShape.new(name: 'CreateUserRequest')
@@ -264,6 +266,7 @@ module Aws::IAM
     SimulationPolicyListType = Shapes::ListShape.new(name: 'SimulationPolicyListType')
     Statement = Shapes::StructureShape.new(name: 'Statement')
     StatementListType = Shapes::ListShape.new(name: 'StatementListType')
+    UnmodifiableEntityException = Shapes::StructureShape.new(name: 'UnmodifiableEntityException')
     UnrecognizedPublicKeyEncodingException = Shapes::StructureShape.new(name: 'UnrecognizedPublicKeyEncodingException')
     UpdateAccessKeyRequest = Shapes::StructureShape.new(name: 'UpdateAccessKeyRequest')
     UpdateAccountPasswordPolicyRequest = Shapes::StructureShape.new(name: 'UpdateAccountPasswordPolicyRequest')
@@ -271,6 +274,8 @@ module Aws::IAM
     UpdateGroupRequest = Shapes::StructureShape.new(name: 'UpdateGroupRequest')
     UpdateLoginProfileRequest = Shapes::StructureShape.new(name: 'UpdateLoginProfileRequest')
     UpdateOpenIDConnectProviderThumbprintRequest = Shapes::StructureShape.new(name: 'UpdateOpenIDConnectProviderThumbprintRequest')
+    UpdateRoleDescriptionRequest = Shapes::StructureShape.new(name: 'UpdateRoleDescriptionRequest')
+    UpdateRoleDescriptionResponse = Shapes::StructureShape.new(name: 'UpdateRoleDescriptionResponse')
     UpdateSAMLProviderRequest = Shapes::StructureShape.new(name: 'UpdateSAMLProviderRequest')
     UpdateSAMLProviderResponse = Shapes::StructureShape.new(name: 'UpdateSAMLProviderResponse')
     UpdateSSHPublicKeyRequest = Shapes::StructureShape.new(name: 'UpdateSSHPublicKeyRequest')
@@ -308,6 +313,7 @@ module Aws::IAM
     credentialReportExpiredExceptionMessage = Shapes::StringShape.new(name: 'credentialReportExpiredExceptionMessage')
     credentialReportNotPresentExceptionMessage = Shapes::StringShape.new(name: 'credentialReportNotPresentExceptionMessage')
     credentialReportNotReadyExceptionMessage = Shapes::StringShape.new(name: 'credentialReportNotReadyExceptionMessage')
+    customSuffixType = Shapes::StringShape.new(name: 'customSuffixType')
     dateType = Shapes::TimestampShape.new(name: 'dateType')
     deleteConflictMessage = Shapes::StringShape.new(name: 'deleteConflictMessage')
     duplicateCertificateMessage = Shapes::StringShape.new(name: 'duplicateCertificateMessage')
@@ -359,6 +365,7 @@ module Aws::IAM
     publicKeyFingerprintType = Shapes::StringShape.new(name: 'publicKeyFingerprintType')
     publicKeyIdType = Shapes::StringShape.new(name: 'publicKeyIdType')
     publicKeyMaterialType = Shapes::StringShape.new(name: 'publicKeyMaterialType')
+    roleDescriptionType = Shapes::StringShape.new(name: 'roleDescriptionType')
     roleDetailListType = Shapes::ListShape.new(name: 'roleDetailListType')
     roleListType = Shapes::ListShape.new(name: 'roleListType')
     roleNameType = Shapes::StringShape.new(name: 'roleNameType')
@@ -378,6 +385,7 @@ module Aws::IAM
     summaryValueType = Shapes::IntegerShape.new(name: 'summaryValueType')
     thumbprintListType = Shapes::ListShape.new(name: 'thumbprintListType')
     thumbprintType = Shapes::StringShape.new(name: 'thumbprintType')
+    unmodifiableEntityMessage = Shapes::StringShape.new(name: 'unmodifiableEntityMessage')
     unrecognizedPublicKeyEncodingMessage = Shapes::StringShape.new(name: 'unrecognizedPublicKeyEncodingMessage')
     userDetailListType = Shapes::ListShape.new(name: 'userDetailListType')
     userListType = Shapes::ListShape.new(name: 'userListType')
@@ -507,6 +515,7 @@ module Aws::IAM
     CreateRoleRequest.add_member(:path, Shapes::ShapeRef.new(shape: pathType, location_name: "Path"))
     CreateRoleRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
     CreateRoleRequest.add_member(:assume_role_policy_document, Shapes::ShapeRef.new(shape: policyDocumentType, required: true, location_name: "AssumeRolePolicyDocument"))
+    CreateRoleRequest.add_member(:description, Shapes::ShapeRef.new(shape: roleDescriptionType, location_name: "Description"))
     CreateRoleRequest.struct_class = Types::CreateRoleRequest
 
     CreateRoleResponse.add_member(:role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "Role"))
@@ -519,6 +528,14 @@ module Aws::IAM
     CreateSAMLProviderResponse.add_member(:saml_provider_arn, Shapes::ShapeRef.new(shape: arnType, location_name: "SAMLProviderArn"))
     CreateSAMLProviderResponse.struct_class = Types::CreateSAMLProviderResponse
 
+    CreateServiceLinkedRoleRequest.add_member(:aws_service_name, Shapes::ShapeRef.new(shape: groupNameType, required: true, location_name: "AWSServiceName"))
+    CreateServiceLinkedRoleRequest.add_member(:description, Shapes::ShapeRef.new(shape: roleDescriptionType, location_name: "Description"))
+    CreateServiceLinkedRoleRequest.add_member(:custom_suffix, Shapes::ShapeRef.new(shape: customSuffixType, location_name: "CustomSuffix"))
+    CreateServiceLinkedRoleRequest.struct_class = Types::CreateServiceLinkedRoleRequest
+
+    CreateServiceLinkedRoleResponse.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
+    CreateServiceLinkedRoleResponse.struct_class = Types::CreateServiceLinkedRoleResponse
+
     CreateServiceSpecificCredentialRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
     CreateServiceSpecificCredentialRequest.add_member(:service_name, Shapes::ShapeRef.new(shape: serviceName, required: true, location_name: "ServiceName"))
     CreateServiceSpecificCredentialRequest.struct_class = Types::CreateServiceSpecificCredentialRequest
@@ -1208,6 +1225,7 @@ module Aws::IAM
     Role.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
     Role.add_member(:create_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "CreateDate"))
     Role.add_member(:assume_role_policy_document, Shapes::ShapeRef.new(shape: policyDocumentType, location_name: "AssumeRolePolicyDocument"))
+    Role.add_member(:description, Shapes::ShapeRef.new(shape: roleDescriptionType, location_name: "Description"))
     Role.struct_class = Types::Role
 
     RoleDetail.add_member(:path, Shapes::ShapeRef.new(shape: pathType, location_name: "Path"))
@@ -1361,6 +1379,13 @@ module Aws::IAM
     UpdateOpenIDConnectProviderThumbprintRequest.add_member(:thumbprint_list, Shapes::ShapeRef.new(shape: thumbprintListType, required: true, location_name: "ThumbprintList"))
     UpdateOpenIDConnectProviderThumbprintRequest.struct_class = Types::UpdateOpenIDConnectProviderThumbprintRequest
 
+    UpdateRoleDescriptionRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
+    UpdateRoleDescriptionRequest.add_member(:description, Shapes::ShapeRef.new(shape: roleDescriptionType, required: true, location_name: "Description"))
+    UpdateRoleDescriptionRequest.struct_class = Types::UpdateRoleDescriptionRequest
+
+    UpdateRoleDescriptionResponse.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
+    UpdateRoleDescriptionResponse.struct_class = Types::UpdateRoleDescriptionResponse
+
     UpdateSAMLProviderRequest.add_member(:saml_metadata_document, Shapes::ShapeRef.new(shape: SAMLMetadataDocumentType, required: true, location_name: "SAMLMetadataDocument"))
     UpdateSAMLProviderRequest.add_member(:saml_provider_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "SAMLProviderArn"))
     UpdateSAMLProviderRequest.struct_class = Types::UpdateSAMLProviderRequest
@@ -1524,6 +1549,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
         o.errors << Shapes::ShapeRef.new(shape: EntityAlreadyExistsException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -1559,6 +1585,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -1691,6 +1718,7 @@ module Aws::IAM
         o.input = Shapes::ShapeRef.new(shape: CreateRoleRequest)
         o.output = Shapes::ShapeRef.new(shape: CreateRoleResponse)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
         o.errors << Shapes::ShapeRef.new(shape: EntityAlreadyExistsException)
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
@@ -1708,6 +1736,18 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
+      api.add_operation(:create_service_linked_role, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreateServiceLinkedRole"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: CreateServiceLinkedRoleRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreateServiceLinkedRoleResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:create_service_specific_credential, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateServiceSpecificCredential"
         o.http_method = "POST"
@@ -1880,6 +1920,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
         o.errors << Shapes::ShapeRef.new(shape: DeleteConflictException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -1891,6 +1932,7 @@ module Aws::IAM
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -2003,6 +2045,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -2686,6 +2729,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -2720,6 +2764,7 @@ module Aws::IAM
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -2834,6 +2879,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -2873,6 +2919,17 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
+      api.add_operation(:update_role_description, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateRoleDescription"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UpdateRoleDescriptionRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateRoleDescriptionResponse)
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:update_saml_provider, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateSAMLProvider"
         o.http_method = "POST"

data/lib/aws-sdk-iam/instance_profile.rb

@@ -152,7 +152,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -187,7 +187,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #

data/lib/aws-sdk-iam/mfa_device.rb

@@ -87,10 +87,32 @@ module Aws::IAM
     #   An authentication code emitted by the device.
     #
     #   The format for this parameter is a string of 6 digits.
+    #
+    #   Submit your request immediately after generating the authentication
+    #   codes. If you generate the codes and then wait too long to submit the
+    #   request, the MFA device successfully associates with the user but the
+    #   MFA device becomes out of sync. This happens because time-based
+    #   one-time passwords (TOTP) expire after a short period of time. If this
+    #   happens, you can [resync the device][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
     # @option options [required, String] :authentication_code_2
     #   A subsequent authentication code emitted by the device.
     #
     #   The format for this parameter is a string of 6 digits.
+    #
+    #   Submit your request immediately after generating the authentication
+    #   codes. If you generate the codes and then wait too long to submit the
+    #   request, the MFA device successfully associates with the user but the
+    #   MFA device becomes out of sync. This happens because time-based
+    #   one-time passwords (TOTP) expire after a short period of time. If this
+    #   happens, you can [resync the device][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
     # @return [EmptyStructure]
     def associate(options = {})
       options = options.merge(

data/lib/aws-sdk-iam/policy.rb

@@ -193,7 +193,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -326,7 +326,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #

data/lib/aws-sdk-iam/resource.rb

@@ -321,6 +321,7 @@ module Aws::IAM
     #     path: "pathType",
     #     role_name: "roleNameType", # required
     #     assume_role_policy_document: "policyDocumentType", # required
+    #     description: "roleDescriptionType",
     #   })
     # @param [Hash] options ({})
     # @option options [String] :path
@@ -347,8 +348,10 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-. Role names are not distinguished by case. For example, you
-    #   cannot create roles named both "PRODROLE" and "prodrole".
+    #   \_+=,.@-
+    #
+    #   Role names are not distinguished by case. For example, you cannot
+    #   create roles named both "PRODROLE" and "prodrole".
     #
     #
     #
@@ -368,6 +371,8 @@ module Aws::IAM
     #
     #
     #   [1]: http://wikipedia.org/wiki/regex
+    # @option options [String] :description
+    #   A customer-provided description of the role.
     # @return [Role]
     def create_role(options = {})
       resp = @client.create_role(options)

data/lib/aws-sdk-iam/role.rb

@@ -56,7 +56,7 @@ module Aws::IAM
 
     # The Amazon Resource Name (ARN) specifying the role. For more
     # information about ARNs and how to use them in policies, see [IAM
-    # Identifiers][1] in the *Using IAM* guide.
+    # Identifiers][1] in the *IAM User Guide* guide.
     #
     #
     #
@@ -83,6 +83,12 @@ module Aws::IAM
       data.assume_role_policy_document
     end
 
+    # A description of the role that you provide.
+    # @return [String]
+    def description
+      data.description
+    end
+
     # @!endgroup
 
     # @return [Client]

data/lib/aws-sdk-iam/types.rb

@@ -75,7 +75,7 @@ module Aws::IAM
     #
     # @!attribute [rw] service_name
     #   The name of the AWS service with which this access key was most
-    #   recently used. This field is null when:
+    #   recently used. This field displays "N/A" when:
     #
     #   * The user does not have an access key.
     #
@@ -87,7 +87,7 @@ module Aws::IAM
     #
     # @!attribute [rw] region
     #   The AWS region where this access key was most recently used. This
-    #   field is null when:
+    #   field is displays "N/A" when:
     #
     #   * The user does not have an access key.
     #
@@ -199,7 +199,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -312,7 +312,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -1032,6 +1032,7 @@ module Aws::IAM
     #         path: "pathType",
     #         role_name: "roleNameType", # required
     #         assume_role_policy_document: "policyDocumentType", # required
+    #         description: "roleDescriptionType",
     #       }
     #
     # @!attribute [rw] path
@@ -1060,9 +1061,10 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-. Role names are not distinguished by case. For
-    #   example, you cannot create roles named both "PRODROLE" and
-    #   "prodrole".
+    #   characters: \_+=,.@-
+    #
+    #   Role names are not distinguished by case. For example, you cannot
+    #   create roles named both "PRODROLE" and "prodrole".
     #
     #
     #
@@ -1086,12 +1088,17 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
+    # @!attribute [rw] description
+    #   A customer-provided description of the role.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRoleRequest AWS API Documentation
     #
     class CreateRoleRequest < Struct.new(
       :path,
       :role_name,
-      :assume_role_policy_document)
+      :assume_role_policy_document,
+      :description)
       include Aws::Structure
     end
 
@@ -1167,6 +1174,54 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreateServiceLinkedRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         aws_service_name: "groupNameType", # required
+    #         description: "roleDescriptionType",
+    #         custom_suffix: "customSuffixType",
+    #       }
+    #
+    # @!attribute [rw] aws_service_name
+    #   The AWS service to which this role is attached. You use a string
+    #   similar to a URL but without the http:// in front. For example:
+    #   `elasticbeanstalk.amazonaws.com`
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The description of the role.
+    #   @return [String]
+    #
+    # @!attribute [rw] custom_suffix
+    #   A string that you provide, which is combined with the service name
+    #   to form the complete role name. If you make multiple requests for
+    #   the same service, then you must supply a different `CustomSuffix`
+    #   for each request. Otherwise the request fails with a duplicate role
+    #   name error. For example, you could add `-1` or `-debug` to the
+    #   suffix.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRoleRequest AWS API Documentation
+    #
+    class CreateServiceLinkedRoleRequest < Struct.new(
+      :aws_service_name,
+      :description,
+      :custom_suffix)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] role
+    #   A Role object that contains details about the newly created role.
+    #   @return [Types::Role]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRoleResponse AWS API Documentation
+    #
+    class CreateServiceLinkedRoleResponse < Struct.new(
+      :role)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateServiceSpecificCredentialRequest
     #   data as a hash:
     #
@@ -1376,7 +1431,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =/:,.@-
+    #   characters: =,.@:/-
     #
     #
     #
@@ -1690,7 +1745,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -1731,7 +1786,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -2000,7 +2055,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =/:,.@-
+    #   characters: =,.@:/-
     #
     #
     #
@@ -2070,7 +2125,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -2167,7 +2222,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =/:,.@-
+    #   characters: =,.@:/-
     #
     #
     #
@@ -2178,12 +2233,34 @@ module Aws::IAM
     #   An authentication code emitted by the device.
     #
     #   The format for this parameter is a string of 6 digits.
+    #
+    #   Submit your request immediately after generating the authentication
+    #   codes. If you generate the codes and then wait too long to submit
+    #   the request, the MFA device successfully associates with the user
+    #   but the MFA device becomes out of sync. This happens because
+    #   time-based one-time passwords (TOTP) expire after a short period of
+    #   time. If this happens, you can [resync the device][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
     #   @return [String]
     #
     # @!attribute [rw] authentication_code_2
     #   A subsequent authentication code emitted by the device.
     #
     #   The format for this parameter is a string of 6 digits.
+    #
+    #   Submit your request immediately after generating the authentication
+    #   codes. If you generate the codes and then wait too long to submit
+    #   the request, the MFA device successfully associates with the user
+    #   but the MFA device becomes out of sync. This happens because
+    #   time-based one-time passwords (TOTP) expire after a short period of
+    #   time. If this happens, you can [resync the device][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableMFADeviceRequest AWS API Documentation
@@ -2435,7 +2512,8 @@ module Aws::IAM
     # request.
     #
     # @!attribute [rw] password_policy
-    #   Contains information about the account password policy.
+    #   A structure that contains details about the account's password
+    #   policy.
     #   @return [Types::PasswordPolicy]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountPasswordPolicyResponse AWS API Documentation
@@ -2986,7 +3064,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -3050,7 +3128,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -3805,7 +3883,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -4382,7 +4460,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -4851,7 +4929,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -6244,7 +6322,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -6411,7 +6489,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -6640,15 +6718,8 @@ module Aws::IAM
       include Aws::Structure
     end
 
-    # Contains information about an IAM role.
-    #
-    # This data type is used as a response element in the following actions:
-    #
-    # * CreateRole
-    #
-    # * GetRole
-    #
-    # * ListRoles
+    # Contains information about an IAM role. This structure is returned as
+    # a response element in several APIs that interact with roles.
     #
     # @!attribute [rw] path
     #   The path to the role. For more information about paths, see [IAM
@@ -6676,7 +6747,7 @@ module Aws::IAM
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) specifying the role. For more
     #   information about ARNs and how to use them in policies, see [IAM
-    #   Identifiers][1] in the *Using IAM* guide.
+    #   Identifiers][1] in the *IAM User Guide* guide.
     #
     #
     #
@@ -6696,6 +6767,10 @@ module Aws::IAM
     #   The policy that grants an entity permission to assume the role.
     #   @return [String]
     #
+    # @!attribute [rw] description
+    #   A description of the role that you provide.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Role AWS API Documentation
     #
     class Role < Struct.new(
@@ -6704,7 +6779,8 @@ module Aws::IAM
       :role_id,
       :arn,
       :create_date,
-      :assume_role_policy_document)
+      :assume_role_policy_document,
+      :description)
       include Aws::Structure
     end
 
@@ -7833,7 +7909,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -8017,6 +8093,41 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass UpdateRoleDescriptionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         role_name: "roleNameType", # required
+    #         description: "roleDescriptionType", # required
+    #       }
+    #
+    # @!attribute [rw] role_name
+    #   The name of the role that you want to modify.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The new description that you want to apply to the specified role.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescriptionRequest AWS API Documentation
+    #
+    class UpdateRoleDescriptionRequest < Struct.new(
+      :role_name,
+      :description)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] role
+    #   A structure that contains details about the modified role.
+    #   @return [Types::Role]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescriptionResponse AWS API Documentation
+    #
+    class UpdateRoleDescriptionResponse < Struct.new(
+      :role)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateSAMLProviderRequest
     #   data as a hash:
     #
@@ -8770,7 +8881,7 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] user
-    #   The user to whom the MFA device is assigned.
+    #   The IAM user associated with this virtual MFA device.
     #   @return [Types::User]
     #
     # @!attribute [rw] enable_date

data/lib/aws-sdk-iam/user.rb

@@ -395,7 +395,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =/:,.@-
+    #   =,.@:/-
     #
     #
     #
@@ -404,10 +404,32 @@ module Aws::IAM
     #   An authentication code emitted by the device.
     #
     #   The format for this parameter is a string of 6 digits.
+    #
+    #   Submit your request immediately after generating the authentication
+    #   codes. If you generate the codes and then wait too long to submit the
+    #   request, the MFA device successfully associates with the user but the
+    #   MFA device becomes out of sync. This happens because time-based
+    #   one-time passwords (TOTP) expire after a short period of time. If this
+    #   happens, you can [resync the device][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
     # @option options [required, String] :authentication_code_2
     #   A subsequent authentication code emitted by the device.
     #
     #   The format for this parameter is a string of 6 digits.
+    #
+    #   Submit your request immediately after generating the authentication
+    #   codes. If you generate the codes and then wait too long to submit the
+    #   request, the MFA device successfully associates with the user but the
+    #   MFA device becomes out of sync. This happens because time-based
+    #   one-time passwords (TOTP) expire after a short period of time. If this
+    #   happens, you can [resync the device][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
     # @return [MfaDevice]
     def enable_mfa(options = {})
       options = options.merge(user_name: @name)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iam
 version: !ruby/object:Gem::Version
-  version: 1.0.0.rc3
+  version: 1.0.0.rc4
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-07 00:00:00.000000000 Z
+date: 2017-04-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core