aws-sdk-iam 1.113.0 → 1.114.0

data/lib/aws-sdk-iam/types.rb

@@ -249,6 +249,18 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # The request was rejected because the account making the request is not
+    # the management account or delegated administrator account for
+    # [centralized root access][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AccountNotManagementOrDelegatedAdministratorException AWS API Documentation
+    #
+    class AccountNotManagementOrDelegatedAdministratorException < Aws::EmptyStructure; end
+
     # @!attribute [rw] open_id_connect_provider_arn
     #   The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC)
     #   provider resource to add the client ID to. You can get a list of
@@ -514,6 +526,13 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # The request was rejected because the account making the request is not
+    # the management account for the organization.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CallerIsNotManagementAccountException AWS API Documentation
+    #
+    class CallerIsNotManagementAccountException < Aws::EmptyStructure; end
+
     # @!attribute [rw] old_password
     #   The IAM user's current password.
     #   @return [String]
@@ -783,20 +802,29 @@ module Aws::IAM
     #   The name of the IAM user to create a password for. The user must
     #   already exist.
     #
-    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   This parameter is optional. If no user name is included, it defaults
+    #   to the principal making the request. When you make this request with
+    #   root user credentials, you must use an [AssumeRoot][1] session to
+    #   omit the user name.
+    #
+    #   This parameter allows (through its [regex pattern][2]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
     #
     #
     #
-    #   [1]: http://wikipedia.org/wiki/regex
+    #   [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+    #   [2]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
     # @!attribute [rw] password
     #   The new password for the user.
     #
-    #   The [regex pattern][1] that is used to validate this parameter is a
+    #   This parameter must be omitted when you make the request with an
+    #   [AssumeRoot][1] session. It is required in all other cases.
+    #
+    #   The [regex pattern][2] that is used to validate this parameter is a
     #   string of characters. That string can include almost any printable
     #   ASCII character from the space (`\u0020`) through the end of the
     #   ASCII character range (`\u00FF`). You can also include the tab
@@ -808,7 +836,8 @@ module Aws::IAM
     #
     #
     #
-    #   [1]: http://wikipedia.org/wiki/regex
+    #   [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+    #   [2]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
     # @!attribute [rw] password_reset_required
@@ -1731,14 +1760,20 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose MFA device you want to deactivate.
     #
-    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   This parameter is optional. If no user name is included, it defaults
+    #   to the principal making the request. When you make this request with
+    #   root user credentials, you must use an [AssumeRoot][1] session to
+    #   omit the user name.
+    #
+    #   This parameter allows (through its [regex pattern][2]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
     #
     #
     #
-    #   [1]: http://wikipedia.org/wiki/regex
+    #   [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+    #   [2]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
     # @!attribute [rw] serial_number
@@ -1916,14 +1951,20 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose password you want to delete.
     #
-    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   This parameter is optional. If no user name is included, it defaults
+    #   to the principal making the request. When you make this request with
+    #   root user credentials, you must use an [AssumeRoot][1] session to
+    #   omit the user name.
+    #
+    #   This parameter allows (through its [regex pattern][2]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
     #
     #
     #
-    #   [1]: http://wikipedia.org/wiki/regex
+    #   [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+    #   [2]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteLoginProfileRequest AWS API Documentation
@@ -2463,6 +2504,54 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DisableOrganizationsRootCredentialsManagementRequest AWS API Documentation
+    #
+    class DisableOrganizationsRootCredentialsManagementRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] organization_id
+    #   The unique identifier (ID) of an organization.
+    #   @return [String]
+    #
+    # @!attribute [rw] enabled_features
+    #   The features enabled for centralized root access for member accounts
+    #   in your organization.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DisableOrganizationsRootCredentialsManagementResponse AWS API Documentation
+    #
+    class DisableOrganizationsRootCredentialsManagementResponse < Struct.new(
+      :organization_id,
+      :enabled_features)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DisableOrganizationsRootSessionsRequest AWS API Documentation
+    #
+    class DisableOrganizationsRootSessionsRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] organization_id
+    #   The unique identifier (ID) of an organization.
+    #   @return [String]
+    #
+    # @!attribute [rw] enabled_features
+    #   The features you have enabled for centralized root access of member
+    #   accounts in your organization.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DisableOrganizationsRootSessionsResponse AWS API Documentation
+    #
+    class DisableOrganizationsRootSessionsResponse < Struct.new(
+      :organization_id,
+      :enabled_features)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request was rejected because the same certificate is associated
     # with an IAM user in the account.
     #
@@ -2563,6 +2652,52 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableOrganizationsRootCredentialsManagementRequest AWS API Documentation
+    #
+    class EnableOrganizationsRootCredentialsManagementRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] organization_id
+    #   The unique identifier (ID) of an organization.
+    #   @return [String]
+    #
+    # @!attribute [rw] enabled_features
+    #   The features you have enabled for centralized root access.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableOrganizationsRootCredentialsManagementResponse AWS API Documentation
+    #
+    class EnableOrganizationsRootCredentialsManagementResponse < Struct.new(
+      :organization_id,
+      :enabled_features)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableOrganizationsRootSessionsRequest AWS API Documentation
+    #
+    class EnableOrganizationsRootSessionsRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] organization_id
+    #   The unique identifier (ID) of an organization.
+    #   @return [String]
+    #
+    # @!attribute [rw] enabled_features
+    #   The features you have enabled for centralized root access.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableOrganizationsRootSessionsResponse AWS API Documentation
+    #
+    class EnableOrganizationsRootSessionsResponse < Struct.new(
+      :organization_id,
+      :enabled_features)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request was rejected because it attempted to create a resource
     # that already exists.
     #
@@ -3366,14 +3501,20 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose login profile you want to retrieve.
     #
-    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   This parameter is optional. If no user name is included, it defaults
+    #   to the principal making the request. When you make this request with
+    #   root user credentials, you must use an [AssumeRoot][1] session to
+    #   omit the user name.
+    #
+    #   This parameter allows (through its [regex pattern][2]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
     #
     #
     #
-    #   [1]: http://wikipedia.org/wiki/regex
+    #   [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+    #   [2]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetLoginProfileRequest AWS API Documentation
@@ -5953,6 +6094,30 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOrganizationsFeaturesRequest AWS API Documentation
+    #
+    class ListOrganizationsFeaturesRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] organization_id
+    #   The unique identifier (ID) of an organization.
+    #   @return [String]
+    #
+    # @!attribute [rw] enabled_features
+    #   Specifies the features that are currently available in your
+    #   organization.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOrganizationsFeaturesResponse AWS API Documentation
+    #
+    class ListOrganizationsFeaturesResponse < Struct.new(
+      :organization_id,
+      :enabled_features)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains details about the permissions policies that are attached to
     # the specified identity (user, group, or role).
     #
@@ -7590,6 +7755,25 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # The request was rejected because no organization is associated with
+    # your account.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/OrganizationNotFoundException AWS API Documentation
+    #
+    class OrganizationNotFoundException < Aws::EmptyStructure; end
+
+    # The request was rejected because your organization does not have All
+    # features enabled. For more information, see [Available feature
+    # sets][1] in the *Organizations User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/OrganizationNotInAllFeaturesModeException AWS API Documentation
+    #
+    class OrganizationNotInAllFeaturesModeException < Aws::EmptyStructure; end
+
     # Contains information about the effect that Organizations has on a
     # policy simulation.
     #
@@ -9220,6 +9404,14 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # The request was rejected because trusted access is not enabled for IAM
+    # in Organizations. For details, see IAM and Organizations in the
+    # *Organizations User Guide*.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ServiceAccessNotEnabledException AWS API Documentation
+    #
+    class ServiceAccessNotEnabledException < Aws::EmptyStructure; end
+
     # The request processing has failed because of an unknown error,
     # exception or failure.
     #

data/lib/aws-sdk-iam/user.rb

@@ -455,14 +455,17 @@ module Aws::IAM
     # @example Request syntax with placeholder values
     #
     #   loginprofile = user.create_login_profile({
-    #     password: "passwordType", # required
+    #     password: "passwordType",
     #     password_reset_required: false,
     #   })
     # @param [Hash] options ({})
-    # @option options [required, String] :password
+    # @option options [String] :password
     #   The new password for the user.
     #
-    #   The [regex pattern][1] that is used to validate this parameter is a
+    #   This parameter must be omitted when you make the request with an
+    #   [AssumeRoot][1] session. It is required in all other cases.
+    #
+    #   The [regex pattern][2] that is used to validate this parameter is a
     #   string of characters. That string can include almost any printable
     #   ASCII character from the space (`\u0020`) through the end of the ASCII
     #   character range (`\u00FF`). You can also include the tab (`\u0009`),
@@ -474,7 +477,8 @@ module Aws::IAM
     #
     #
     #
-    #   [1]: http://wikipedia.org/wiki/regex
+    #   [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+    #   [2]: http://wikipedia.org/wiki/regex
     # @option options [Boolean] :password_reset_required
     #   Specifies whether the user is required to set a new password on next
     #   sign-in.

data/lib/aws-sdk-iam.rb

@@ -76,7 +76,7 @@ module Aws::IAM
   autoload :UserPolicy, 'aws-sdk-iam/user_policy'
   autoload :VirtualMfaDevice, 'aws-sdk-iam/virtual_mfa_device'
 
-  GEM_VERSION = '1.113.0'
+  GEM_VERSION = '1.114.0'
 
 end
 

data/sig/account_summary.rbs

@@ -13,7 +13,7 @@ module Aws
       def initialize: (Hash[Symbol, untyped] args) -> void
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/AccountSummary.html#summary_map-instance_method
-      def summary_map: () -> ::Hash[("Users" | "UsersQuota" | "Groups" | "GroupsQuota" | "ServerCertificates" | "ServerCertificatesQuota" | "UserPolicySizeQuota" | "GroupPolicySizeQuota" | "GroupsPerUserQuota" | "SigningCertificatesPerUserQuota" | "AccessKeysPerUserQuota" | "MFADevices" | "MFADevicesInUse" | "AccountMFAEnabled" | "AccountAccessKeysPresent" | "AccountSigningCertificatesPresent" | "AttachedPoliciesPerGroupQuota" | "AttachedPoliciesPerRoleQuota" | "AttachedPoliciesPerUserQuota" | "Policies" | "PoliciesQuota" | "PolicySizeQuota" | "PolicyVersionsInUse" | "PolicyVersionsInUseQuota" | "VersionsPerPolicyQuota" | "GlobalEndpointTokenVersion"), ::Integer]
+      def summary_map: () -> ::Hash[("Users" | "UsersQuota" | "Groups" | "GroupsQuota" | "ServerCertificates" | "ServerCertificatesQuota" | "UserPolicySizeQuota" | "GroupPolicySizeQuota" | "GroupsPerUserQuota" | "SigningCertificatesPerUserQuota" | "AccessKeysPerUserQuota" | "MFADevices" | "MFADevicesInUse" | "AccountMFAEnabled" | "AccountAccessKeysPresent" | "AccountPasswordPresent" | "AccountSigningCertificatesPresent" | "AttachedPoliciesPerGroupQuota" | "AttachedPoliciesPerRoleQuota" | "AttachedPoliciesPerUserQuota" | "Policies" | "PoliciesQuota" | "PolicySizeQuota" | "PolicyVersionsInUse" | "PolicyVersionsInUseQuota" | "VersionsPerPolicyQuota" | "GlobalEndpointTokenVersion"), ::Integer]
 
       def client: () -> Client
 

data/sig/client.rbs

@@ -174,11 +174,11 @@ module Aws
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#create_login_profile-instance_method
       def create_login_profile: (
-                                  user_name: ::String,
-                                  password: ::String,
+                                  ?user_name: ::String,
+                                  ?password: ::String,
                                   ?password_reset_required: bool
                                 ) -> _CreateLoginProfileResponseSuccess
-                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateLoginProfileResponseSuccess
+                              | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateLoginProfileResponseSuccess
 
       interface _CreateOpenIDConnectProviderResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::CreateOpenIDConnectProviderResponse]
@@ -329,7 +329,7 @@ module Aws
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#deactivate_mfa_device-instance_method
       def deactivate_mfa_device: (
-                                   user_name: ::String,
+                                   ?user_name: ::String,
                                    serial_number: ::String
                                  ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
@@ -372,9 +372,9 @@ module Aws
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#delete_login_profile-instance_method
       def delete_login_profile: (
-                                  user_name: ::String
+                                  ?user_name: ::String
                                 ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
-                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+                              | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#delete_open_id_connect_provider-instance_method
       def delete_open_id_connect_provider: (
@@ -503,6 +503,26 @@ module Aws
                               ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
+      interface _DisableOrganizationsRootCredentialsManagementResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::DisableOrganizationsRootCredentialsManagementResponse]
+        def organization_id: () -> ::String
+        def enabled_features: () -> ::Array[("RootCredentialsManagement" | "RootSessions")]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#disable_organizations_root_credentials_management-instance_method
+      def disable_organizations_root_credentials_management: (
+                                                             ) -> _DisableOrganizationsRootCredentialsManagementResponseSuccess
+                                                           | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DisableOrganizationsRootCredentialsManagementResponseSuccess
+
+      interface _DisableOrganizationsRootSessionsResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::DisableOrganizationsRootSessionsResponse]
+        def organization_id: () -> ::String
+        def enabled_features: () -> ::Array[("RootCredentialsManagement" | "RootSessions")]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#disable_organizations_root_sessions-instance_method
+      def disable_organizations_root_sessions: (
+                                               ) -> _DisableOrganizationsRootSessionsResponseSuccess
+                                             | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DisableOrganizationsRootSessionsResponseSuccess
+
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#enable_mfa_device-instance_method
       def enable_mfa_device: (
                                user_name: ::String,
@@ -512,6 +532,26 @@ module Aws
                              ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                            | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
+      interface _EnableOrganizationsRootCredentialsManagementResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::EnableOrganizationsRootCredentialsManagementResponse]
+        def organization_id: () -> ::String
+        def enabled_features: () -> ::Array[("RootCredentialsManagement" | "RootSessions")]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#enable_organizations_root_credentials_management-instance_method
+      def enable_organizations_root_credentials_management: (
+                                                            ) -> _EnableOrganizationsRootCredentialsManagementResponseSuccess
+                                                          | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _EnableOrganizationsRootCredentialsManagementResponseSuccess
+
+      interface _EnableOrganizationsRootSessionsResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::EnableOrganizationsRootSessionsResponse]
+        def organization_id: () -> ::String
+        def enabled_features: () -> ::Array[("RootCredentialsManagement" | "RootSessions")]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#enable_organizations_root_sessions-instance_method
+      def enable_organizations_root_sessions: (
+                                              ) -> _EnableOrganizationsRootSessionsResponseSuccess
+                                            | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _EnableOrganizationsRootSessionsResponseSuccess
+
       interface _GenerateCredentialReportResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GenerateCredentialReportResponse]
         def state: () -> ("STARTED" | "INPROGRESS" | "COMPLETE")
@@ -581,7 +621,7 @@ module Aws
 
       interface _GetAccountSummaryResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetAccountSummaryResponse]
-        def summary_map: () -> ::Hash[("Users" | "UsersQuota" | "Groups" | "GroupsQuota" | "ServerCertificates" | "ServerCertificatesQuota" | "UserPolicySizeQuota" | "GroupPolicySizeQuota" | "GroupsPerUserQuota" | "SigningCertificatesPerUserQuota" | "AccessKeysPerUserQuota" | "MFADevices" | "MFADevicesInUse" | "AccountMFAEnabled" | "AccountAccessKeysPresent" | "AccountSigningCertificatesPresent" | "AttachedPoliciesPerGroupQuota" | "AttachedPoliciesPerRoleQuota" | "AttachedPoliciesPerUserQuota" | "Policies" | "PoliciesQuota" | "PolicySizeQuota" | "PolicyVersionsInUse" | "PolicyVersionsInUseQuota" | "VersionsPerPolicyQuota" | "GlobalEndpointTokenVersion"), ::Integer]
+        def summary_map: () -> ::Hash[("Users" | "UsersQuota" | "Groups" | "GroupsQuota" | "ServerCertificates" | "ServerCertificatesQuota" | "UserPolicySizeQuota" | "GroupPolicySizeQuota" | "GroupsPerUserQuota" | "SigningCertificatesPerUserQuota" | "AccessKeysPerUserQuota" | "MFADevices" | "MFADevicesInUse" | "AccountMFAEnabled" | "AccountAccessKeysPresent" | "AccountPasswordPresent" | "AccountSigningCertificatesPresent" | "AttachedPoliciesPerGroupQuota" | "AttachedPoliciesPerRoleQuota" | "AttachedPoliciesPerUserQuota" | "Policies" | "PoliciesQuota" | "PolicySizeQuota" | "PolicyVersionsInUse" | "PolicyVersionsInUseQuota" | "VersionsPerPolicyQuota" | "GlobalEndpointTokenVersion"), ::Integer]
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#get_account_summary-instance_method
       def get_account_summary: () -> _GetAccountSummaryResponseSuccess
@@ -662,9 +702,9 @@ module Aws
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#get_login_profile-instance_method
       def get_login_profile: (
-                               user_name: ::String
+                               ?user_name: ::String
                              ) -> _GetLoginProfileResponseSuccess
-                           | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetLoginProfileResponseSuccess
+                           | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetLoginProfileResponseSuccess
 
       interface _GetMFADeviceResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetMFADeviceResponse]
@@ -1090,6 +1130,16 @@ module Aws
                                           ) -> _ListOpenIDConnectProvidersResponseSuccess
                                         | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListOpenIDConnectProvidersResponseSuccess
 
+      interface _ListOrganizationsFeaturesResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::ListOrganizationsFeaturesResponse]
+        def organization_id: () -> ::String
+        def enabled_features: () -> ::Array[("RootCredentialsManagement" | "RootSessions")]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#list_organizations_features-instance_method
+      def list_organizations_features: (
+                                       ) -> _ListOrganizationsFeaturesResponseSuccess
+                                     | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListOrganizationsFeaturesResponseSuccess
+
       interface _ListPoliciesResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::ListPoliciesResponse]
         def policies: () -> ::Array[Types::Policy]

data/sig/errors.rbs

@@ -11,6 +11,10 @@ module Aws
       class ServiceError < ::Aws::Errors::ServiceError
       end
 
+      class AccountNotManagementOrDelegatedAdministratorException < ::Aws::Errors::ServiceError
+      end
+      class CallerIsNotManagementAccountException < ::Aws::Errors::ServiceError
+      end
       class ConcurrentModificationException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
@@ -71,6 +75,10 @@ module Aws
       class OpenIdIdpCommunicationErrorException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
+      class OrganizationNotFoundException < ::Aws::Errors::ServiceError
+      end
+      class OrganizationNotInAllFeaturesModeException < ::Aws::Errors::ServiceError
+      end
       class PasswordPolicyViolationException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
@@ -83,6 +91,8 @@ module Aws
       class ReportGenerationLimitExceededException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
+      class ServiceAccessNotEnabledException < ::Aws::Errors::ServiceError
+      end
       class ServiceFailureException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end

data/sig/login_profile.rbs

@@ -38,7 +38,7 @@ module Aws
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/LoginProfile.html#create-instance_method
       def create: (
-                    password: ::String,
+                    ?password: ::String,
                     ?password_reset_required: bool
                   ) -> LoginProfile
                 | (?Hash[Symbol, untyped]) -> LoginProfile

data/sig/types.rbs

@@ -42,6 +42,9 @@ module Aws::IAM
       SENSITIVE: []
     end
 
+    class AccountNotManagementOrDelegatedAdministratorException < Aws::EmptyStructure
+    end
+
     class AddClientIDToOpenIDConnectProviderRequest
       attr_accessor open_id_connect_provider_arn: ::String
       attr_accessor client_id: ::String
@@ -90,6 +93,9 @@ module Aws::IAM
       SENSITIVE: []
     end
 
+    class CallerIsNotManagementAccountException < Aws::EmptyStructure
+    end
+
     class ChangePasswordRequest
       attr_accessor old_password: ::String
       attr_accessor new_password: ::String
@@ -448,6 +454,24 @@ module Aws::IAM
       SENSITIVE: []
     end
 
+    class DisableOrganizationsRootCredentialsManagementRequest < Aws::EmptyStructure
+    end
+
+    class DisableOrganizationsRootCredentialsManagementResponse
+      attr_accessor organization_id: ::String
+      attr_accessor enabled_features: ::Array[("RootCredentialsManagement" | "RootSessions")]
+      SENSITIVE: []
+    end
+
+    class DisableOrganizationsRootSessionsRequest < Aws::EmptyStructure
+    end
+
+    class DisableOrganizationsRootSessionsResponse
+      attr_accessor organization_id: ::String
+      attr_accessor enabled_features: ::Array[("RootCredentialsManagement" | "RootSessions")]
+      SENSITIVE: []
+    end
+
     class DuplicateCertificateException
       attr_accessor message: ::String
       SENSITIVE: []
@@ -466,6 +490,24 @@ module Aws::IAM
       SENSITIVE: []
     end
 
+    class EnableOrganizationsRootCredentialsManagementRequest < Aws::EmptyStructure
+    end
+
+    class EnableOrganizationsRootCredentialsManagementResponse
+      attr_accessor organization_id: ::String
+      attr_accessor enabled_features: ::Array[("RootCredentialsManagement" | "RootSessions")]
+      SENSITIVE: []
+    end
+
+    class EnableOrganizationsRootSessionsRequest < Aws::EmptyStructure
+    end
+
+    class EnableOrganizationsRootSessionsResponse
+      attr_accessor organization_id: ::String
+      attr_accessor enabled_features: ::Array[("RootCredentialsManagement" | "RootSessions")]
+      SENSITIVE: []
+    end
+
     class EntityAlreadyExistsException
       attr_accessor message: ::String
       SENSITIVE: []
@@ -572,7 +614,7 @@ module Aws::IAM
     end
 
     class GetAccountSummaryResponse
-      attr_accessor summary_map: ::Hash[("Users" | "UsersQuota" | "Groups" | "GroupsQuota" | "ServerCertificates" | "ServerCertificatesQuota" | "UserPolicySizeQuota" | "GroupPolicySizeQuota" | "GroupsPerUserQuota" | "SigningCertificatesPerUserQuota" | "AccessKeysPerUserQuota" | "MFADevices" | "MFADevicesInUse" | "AccountMFAEnabled" | "AccountAccessKeysPresent" | "AccountSigningCertificatesPresent" | "AttachedPoliciesPerGroupQuota" | "AttachedPoliciesPerRoleQuota" | "AttachedPoliciesPerUserQuota" | "Policies" | "PoliciesQuota" | "PolicySizeQuota" | "PolicyVersionsInUse" | "PolicyVersionsInUseQuota" | "VersionsPerPolicyQuota" | "GlobalEndpointTokenVersion"), ::Integer]
+      attr_accessor summary_map: ::Hash[("Users" | "UsersQuota" | "Groups" | "GroupsQuota" | "ServerCertificates" | "ServerCertificatesQuota" | "UserPolicySizeQuota" | "GroupPolicySizeQuota" | "GroupsPerUserQuota" | "SigningCertificatesPerUserQuota" | "AccessKeysPerUserQuota" | "MFADevices" | "MFADevicesInUse" | "AccountMFAEnabled" | "AccountAccessKeysPresent" | "AccountPasswordPresent" | "AccountSigningCertificatesPresent" | "AttachedPoliciesPerGroupQuota" | "AttachedPoliciesPerRoleQuota" | "AttachedPoliciesPerUserQuota" | "Policies" | "PoliciesQuota" | "PolicySizeQuota" | "PolicyVersionsInUse" | "PolicyVersionsInUseQuota" | "VersionsPerPolicyQuota" | "GlobalEndpointTokenVersion"), ::Integer]
       SENSITIVE: []
     end
 
@@ -1138,6 +1180,15 @@ module Aws::IAM
       SENSITIVE: []
     end
 
+    class ListOrganizationsFeaturesRequest < Aws::EmptyStructure
+    end
+
+    class ListOrganizationsFeaturesResponse
+      attr_accessor organization_id: ::String
+      attr_accessor enabled_features: ::Array[("RootCredentialsManagement" | "RootSessions")]
+      SENSITIVE: []
+    end
+
     class ListPoliciesGrantingServiceAccessEntry
       attr_accessor service_namespace: ::String
       attr_accessor policies: ::Array[Types::PolicyGrantingServiceAccess]
@@ -1445,6 +1496,12 @@ module Aws::IAM
       SENSITIVE: []
     end
 
+    class OrganizationNotFoundException < Aws::EmptyStructure
+    end
+
+    class OrganizationNotInAllFeaturesModeException < Aws::EmptyStructure
+    end
+
     class OrganizationsDecisionDetail
       attr_accessor allowed_by_organizations: bool
       SENSITIVE: []
@@ -1718,6 +1775,9 @@ module Aws::IAM
       SENSITIVE: []
     end
 
+    class ServiceAccessNotEnabledException < Aws::EmptyStructure
+    end
+
     class ServiceFailureException
       attr_accessor message: ::String
       SENSITIVE: []