aws-sdk-iam 1.12.0 → 1.13.0

data/lib/aws-sdk-iam/role.rb

@@ -89,20 +89,8 @@ module Aws::IAM
       data[:description]
     end
 
-    # A list of tags that are attached to the specified role. For more
-    # information about tagging, see [Tagging IAM Identities][1] in the *IAM
-    # User Guide*.
-    #
-    #
-    #
-    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
-    # @return [Array<Types::Tag>]
-    def tags
-      data[:tags]
-    end
-
     # The maximum session duration (in seconds) for the specified role.
-    # Anyone who uses the AWS CLI or API to assume the role can specify the
+    # Anyone who uses the AWS CLI, or API to assume the role can specify the
     # duration using the optional `DurationSeconds` API parameter or
     # `duration-seconds` CLI parameter.
     # @return [Integer]
@@ -114,16 +102,26 @@ module Aws::IAM
     # role.
     #
     # For more information about permissions boundaries, see [Permissions
-    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
-    #
-    #
-    #
-    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    # Boundaries for IAM Identities
+    # ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
+    # User Guide*.
     # @return [Types::AttachedPermissionsBoundary]
     def permissions_boundary
       data[:permissions_boundary]
     end
 
+    # A list of tags that are attached to the specified role. For more
+    # information about tagging, see [Tagging IAM Identities][1] in the *IAM
+    # User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    # @return [Array<Types::Tag>]
+    def tags
+      data[:tags]
+    end
+
     # @!endgroup
 
     # @return [Client]
@@ -332,7 +330,7 @@ module Aws::IAM
     #   If it is not included, it defaults to a slash (/), listing all
     #   policies.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL

data/lib/aws-sdk-iam/server_certificate.rb

@@ -203,7 +203,7 @@ module Aws::IAM
     #   The new path for the server certificate. Include this only if you are
     #   updating the server certificate's path.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -218,7 +218,7 @@ module Aws::IAM
     #   updating the server certificate's name. The name of the certificate
     #   cannot contain any spaces.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
     #   \_+=,.@-

data/lib/aws-sdk-iam/types.rb

@@ -52,7 +52,8 @@ module Aws::IAM
       include Aws::Structure
     end
 
-    # Contains information about the last time an AWS access key was used.
+    # Contains information about the last time an AWS access key was used
+    # since IAM began tracking this information on April 22, 2015.
     #
     # This data type is used as a response element in the
     # GetAccessKeyLastUsed operation.
@@ -64,8 +65,8 @@ module Aws::IAM
     #
     #   * The user does not have an access key.
     #
-    #   * An access key exists but has never been used, at least not since
-    #     IAM started tracking this information on April 22nd, 2015.
+    #   * An access key exists but has not been used since IAM began
+    #     tracking this information.
     #
     #   * There is no sign-in data associated with the user
     #
@@ -76,25 +77,25 @@ module Aws::IAM
     #
     # @!attribute [rw] service_name
     #   The name of the AWS service with which this access key was most
-    #   recently used. This field displays "N/A" in the following
+    #   recently used. The value of this field is "N/A" in the following
     #   situations:
     #
     #   * The user does not have an access key.
     #
-    #   * An access key exists but has never been used, at least not since
-    #     IAM started tracking this information on April 22nd, 2015.
+    #   * An access key exists but has not been used since IAM started
+    #     tracking this information.
     #
     #   * There is no sign-in data associated with the user
     #   @return [String]
     #
     # @!attribute [rw] region
-    #   The AWS region where this access key was most recently used. This
-    #   field is displays "N/A" in the following situations:
+    #   The AWS region where this access key was most recently used. The
+    #   value for this field is "N/A" in the following situations:
     #
     #   * The user does not have an access key.
     #
-    #   * An access key exists but has never been used, at least not since
-    #     IAM started tracking this information on April 22nd, 2015.
+    #   * An access key exists but has not been used since IAM began
+    #     tracking this information.
     #
     #   * There is no sign-in data associated with the user
     #
@@ -129,8 +130,8 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] status
-    #   The status of the access key. `Active` means the key is valid for
-    #   API calls; `Inactive` means it is not.
+    #   The status of the access key. `Active` means that the key is valid
+    #   for API calls; `Inactive` means it is not.
     #   @return [String]
     #
     # @!attribute [rw] create_date
@@ -186,7 +187,7 @@ module Aws::IAM
     # @!attribute [rw] instance_profile_name
     #   The name of the instance profile to update.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -199,7 +200,7 @@ module Aws::IAM
     # @!attribute [rw] role_name
     #   The name of the role to add.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -228,7 +229,7 @@ module Aws::IAM
     # @!attribute [rw] group_name
     #   The name of the group to update.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -241,7 +242,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user to add.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -271,7 +272,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) of the group to attach the policy
     #   to.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -312,7 +313,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) of the role to attach the policy
     #   to.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -353,7 +354,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) of the IAM user to attach the
     #   policy to.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -392,7 +393,7 @@ module Aws::IAM
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #
     # @!attribute [rw] permissions_boundary_type
     #   The permissions boundary usage type that indicates what type of IAM
@@ -544,7 +545,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the IAM user that the new key will belong to.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -584,7 +585,7 @@ module Aws::IAM
     # @!attribute [rw] account_alias
     #   The account alias to create.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of lowercase letters, digits, and dashes. You
     #   cannot start or finish with a dash, nor can you have two dashes in a
     #   row.
@@ -616,7 +617,7 @@ module Aws::IAM
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/).
     #
-    #   This parameter allows (per its [regex pattern][2]) a string of
+    #   This parameter allows (through its [regex pattern][2]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -633,7 +634,7 @@ module Aws::IAM
     #   The name of the group to create. Do not include the path in this
     #   value.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-. The group name must be unique within the
@@ -677,7 +678,7 @@ module Aws::IAM
     # @!attribute [rw] instance_profile_name
     #   The name of the instance profile to create.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -694,7 +695,7 @@ module Aws::IAM
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/).
     #
-    #   This parameter allows (per its [regex pattern][2]) a string of
+    #   This parameter allows (through its [regex pattern][2]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -741,7 +742,7 @@ module Aws::IAM
     #   The name of the IAM user to create a password for. The user must
     #   already exist.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -901,7 +902,7 @@ module Aws::IAM
     # @!attribute [rw] policy_name
     #   The friendly name of the policy.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -920,7 +921,7 @@ module Aws::IAM
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/).
     #
-    #   This parameter allows (per its [regex pattern][2]) a string of
+    #   This parameter allows (through its [regex pattern][2]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -1076,14 +1077,14 @@ module Aws::IAM
     #         role_name: "roleNameType", # required
     #         assume_role_policy_document: "policyDocumentType", # required
     #         description: "roleDescriptionType",
+    #         max_session_duration: 1,
+    #         permissions_boundary: "arnType",
     #         tags: [
     #           {
     #             key: "tagKeyType", # required
     #             value: "tagValueType", # required
     #           },
     #         ],
-    #         max_session_duration: 1,
-    #         permissions_boundary: "arnType",
     #       }
     #
     # @!attribute [rw] path
@@ -1093,7 +1094,7 @@ module Aws::IAM
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/).
     #
-    #   This parameter allows (per its [regex pattern][2]) a string of
+    #   This parameter allows (through its [regex pattern][2]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -1109,7 +1110,7 @@ module Aws::IAM
     # @!attribute [rw] role_name
     #   The name of the role to create.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1147,23 +1148,6 @@ module Aws::IAM
     #   A description of the role.
     #   @return [String]
     #
-    # @!attribute [rw] tags
-    #   A list of tags that you want to attach to the newly created role.
-    #   Each tag consists of a key name and an associated value. For more
-    #   information about tagging, see [Tagging IAM Identities][1] in the
-    #   *IAM User Guide*.
-    #
-    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
-    #   number of tags per role, then the entire request fails and the role
-    #   is not created.
-    #
-    #    </note>
-    #
-    #
-    #
-    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
-    #   @return [Array<Types::Tag>]
-    #
     # @!attribute [rw] max_session_duration
     #   The maximum session duration (in seconds) that you want to set for
     #   the specified role. If you do not specify a value for this setting,
@@ -1192,6 +1176,23 @@ module Aws::IAM
     #   for the role.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the newly created role.
+    #   Each tag consists of a key name and an associated value. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   number of tags per role, then the entire request fails and the role
+    #   is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRoleRequest AWS API Documentation
     #
     class CreateRoleRequest < Struct.new(
@@ -1199,9 +1200,9 @@ module Aws::IAM
       :role_name,
       :assume_role_policy_document,
       :description,
-      :tags,
       :max_session_duration,
-      :permissions_boundary)
+      :permissions_boundary,
+      :tags)
       include Aws::Structure
     end
 
@@ -1245,7 +1246,7 @@ module Aws::IAM
     # @!attribute [rw] name
     #   The name of the provider to create.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1354,7 +1355,7 @@ module Aws::IAM
     #   permissions as the associated user except that they can be used only
     #   to access the specified service.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1400,13 +1401,13 @@ module Aws::IAM
     #       {
     #         path: "pathType",
     #         user_name: "userNameType", # required
+    #         permissions_boundary: "arnType",
     #         tags: [
     #           {
     #             key: "tagKeyType", # required
     #             value: "tagValueType", # required
     #           },
     #         ],
-    #         permissions_boundary: "arnType",
     #       }
     #
     # @!attribute [rw] path
@@ -1416,7 +1417,7 @@ module Aws::IAM
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/).
     #
-    #   This parameter allows (per its [regex pattern][2]) a string of
+    #   This parameter allows (through its [regex pattern][2]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -1432,7 +1433,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user to create.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-. User names are not distinguished by case. For
@@ -1444,6 +1445,11 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy that is used to set the permissions boundary
+    #   for the user.
+    #   @return [String]
+    #
     # @!attribute [rw] tags
     #   A list of tags that you want to attach to the newly created user.
     #   Each tag consists of a key name and an associated value. For more
@@ -1461,18 +1467,13 @@ module Aws::IAM
     #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
     #   @return [Array<Types::Tag>]
     #
-    # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary
-    #   for the user.
-    #   @return [String]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateUserRequest AWS API Documentation
     #
     class CreateUserRequest < Struct.new(
       :path,
       :user_name,
-      :tags,
-      :permissions_boundary)
+      :permissions_boundary,
+      :tags)
       include Aws::Structure
     end
 
@@ -1504,7 +1505,7 @@ module Aws::IAM
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/).
     #
-    #   This parameter allows (per its [regex pattern][2]) a string of
+    #   This parameter allows (through its [regex pattern][2]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -1521,7 +1522,7 @@ module Aws::IAM
     #   The name of the virtual MFA device. Use with path to uniquely
     #   identify a virtual MFA device.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1563,7 +1564,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose MFA device you want to deactivate.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1577,7 +1578,7 @@ module Aws::IAM
     #   The serial number that uniquely identifies the MFA device. For
     #   virtual MFA devices, the serial number is the device ARN.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: =,.@:/-
@@ -1606,7 +1607,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose access key pair you want to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1620,7 +1621,7 @@ module Aws::IAM
     #   The access key ID for the access key ID and secret access key you
     #   want to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that can consist of any upper or lowercased letter or
     #   digit.
     #
@@ -1647,7 +1648,7 @@ module Aws::IAM
     # @!attribute [rw] account_alias
     #   The name of the account alias to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of lowercase letters, digits, and dashes. You
     #   cannot start or finish with a dash, nor can you have two dashes in a
     #   row.
@@ -1676,7 +1677,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) identifying the group that the
     #   policy is embedded in.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1689,7 +1690,7 @@ module Aws::IAM
     # @!attribute [rw] policy_name
     #   The name identifying the policy document to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1717,7 +1718,7 @@ module Aws::IAM
     # @!attribute [rw] group_name
     #   The name of the IAM group to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1744,7 +1745,7 @@ module Aws::IAM
     # @!attribute [rw] instance_profile_name
     #   The name of the instance profile to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1771,7 +1772,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose password you want to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1857,7 +1858,7 @@ module Aws::IAM
     # @!attribute [rw] version_id
     #   The policy version to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that consists of the lowercase letter 'v' followed by
     #   one or two digits, and optionally followed by a period '.' and a
     #   string of letters and digits.
@@ -1910,7 +1911,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) identifying the role that the
     #   policy is embedded in.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1923,7 +1924,7 @@ module Aws::IAM
     # @!attribute [rw] policy_name
     #   The name of the inline policy to delete from the specified IAM role.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1951,7 +1952,7 @@ module Aws::IAM
     # @!attribute [rw] role_name
     #   The name of the role to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -1997,7 +1998,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the IAM user associated with the SSH public key.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2010,7 +2011,7 @@ module Aws::IAM
     # @!attribute [rw] ssh_public_key_id
     #   The unique identifier for the SSH public key.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that can consist of any upper or lowercased letter or
     #   digit.
     #
@@ -2037,7 +2038,7 @@ module Aws::IAM
     # @!attribute [rw] server_certificate_name
     #   The name of the server certificate you want to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2098,7 +2099,7 @@ module Aws::IAM
     #   credential. If this value is not specified, then the operation
     #   assumes the user whose credentials are used to call the operation.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2112,7 +2113,7 @@ module Aws::IAM
     #   The unique identifier of the service-specific credential. You can
     #   get this value by calling ListServiceSpecificCredentials.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that can consist of any upper or lowercased letter or
     #   digit.
     #
@@ -2140,7 +2141,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user the signing certificate belongs to.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2201,7 +2202,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) identifying the user that the
     #   policy is embedded in.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2214,7 +2215,7 @@ module Aws::IAM
     # @!attribute [rw] policy_name
     #   The name identifying the policy document to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2242,7 +2243,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user to delete.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2270,7 +2271,7 @@ module Aws::IAM
     #   The serial number that uniquely identifies the MFA device. For
     #   virtual MFA devices, the serial number is the same as the ARN.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: =,.@:/-
@@ -2327,7 +2328,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) of the IAM group to detach the
     #   policy from.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2368,7 +2369,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) of the IAM role to detach the
     #   policy from.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2409,7 +2410,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) of the IAM user to detach the
     #   policy from.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2451,7 +2452,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the IAM user for whom you want to enable the MFA device.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2465,7 +2466,7 @@ module Aws::IAM
     #   The serial number that uniquely identifies the MFA device. For
     #   virtual MFA devices, the serial number is the device ARN.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: =,.@:/-
@@ -2519,6 +2520,110 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # An object that contains details about when the IAM entities (users or
+    # roles) were last used in an attempt to access the specified AWS
+    # service.
+    #
+    # This data type is a response element in the
+    # GetServiceLastAccessedDetailsWithEntities operation.
+    #
+    # @!attribute [rw] entity_info
+    #   The `EntityInfo` object that contains details about the entity (user
+    #   or role).
+    #   @return [Types::EntityInfo]
+    #
+    # @!attribute [rw] last_authenticated
+    #   The date and time, in [ISO 8601 date-time format][1], when the
+    #   authenticated entity last attempted to access AWS. AWS does not
+    #   report unauthenticated requests.
+    #
+    #   This field is null if no IAM entities attempted to access the
+    #   service within the [reporting period][2].
+    #
+    #
+    #
+    #   [1]: http://www.iso.org/iso/iso8601
+    #   [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EntityDetails AWS API Documentation
+    #
+    class EntityDetails < Struct.new(
+      :entity_info,
+      :last_authenticated)
+      include Aws::Structure
+    end
+
+    # Contains details about the specified entity (user or role).
+    #
+    # This data type is an element of the EntityDetails object.
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
+    #   resources.
+    #
+    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
+    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the entity (user or role).
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of entity (user or role).
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   The identifier of the entity (user or role).
+    #   @return [String]
+    #
+    # @!attribute [rw] path
+    #   The path to the entity (user or role). For more information about
+    #   paths, see [IAM Identifiers][1] in the *Using IAM* guide.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EntityInfo AWS API Documentation
+    #
+    class EntityInfo < Struct.new(
+      :arn,
+      :name,
+      :type,
+      :id,
+      :path)
+      include Aws::Structure
+    end
+
+    # Contains information about the reason that the operation failed.
+    #
+    # This data type is used as a response element in the
+    # GetServiceLastAccessedDetails operation and the
+    # GetServiceLastAccessedDetailsWithEntities operation.
+    #
+    # @!attribute [rw] message
+    #   Detailed information about the reason that the operation failed.
+    #   @return [String]
+    #
+    # @!attribute [rw] code
+    #   The error code associated with the operation failure.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ErrorDetails AWS API Documentation
+    #
+    class ErrorDetails < Struct.new(
+      :message,
+      :code)
+      include Aws::Structure
+    end
+
     # Contains the results of a simulation.
     #
     # This data type is used by the return parameter of `
@@ -2541,8 +2646,9 @@ module Aws::IAM
     #   A list of the statements in the input policies that determine the
     #   result for this scenario. Remember that even if multiple statements
     #   allow the operation on the resource, if only one statement denies
-    #   that operation, then the explicit deny overrides any allow, and the
-    #   deny statement is the only entry included in the result.
+    #   that operation, then the explicit deny overrides any allow.
+    #   Inaddition, the deny statement is the only entry included in the
+    #   result.
     #   @return [Array<Types::Statement>]
     #
     # @!attribute [rw] missing_context_values
@@ -2614,6 +2720,38 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GenerateServiceLastAccessedDetailsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         arn: "arnType", # required
+    #       }
+    #
+    # @!attribute [rw] arn
+    #   The ARN of the IAM resource (user, group, role, or managed policy)
+    #   used to generate information about when the resource was last used
+    #   in an attempt to access an AWS service.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateServiceLastAccessedDetailsRequest AWS API Documentation
+    #
+    class GenerateServiceLastAccessedDetailsRequest < Struct.new(
+      :arn)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] job_id
+    #   The job ID that you can use in the GetServiceLastAccessedDetails or
+    #   GetServiceLastAccessedDetailsWithEntities operations.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateServiceLastAccessedDetailsResponse AWS API Documentation
+    #
+    class GenerateServiceLastAccessedDetailsResponse < Struct.new(
+      :job_id)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetAccessKeyLastUsedRequest
     #   data as a hash:
     #
@@ -2624,7 +2762,7 @@ module Aws::IAM
     # @!attribute [rw] access_key_id
     #   The identifier of an access key.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that can consist of any upper or lowercased letter or
     #   digit.
     #
@@ -2680,16 +2818,16 @@ module Aws::IAM
     #   @return [Array<String>]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @!attribute [rw] marker
@@ -2734,7 +2872,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -2773,7 +2911,7 @@ module Aws::IAM
     # Contains the response to a successful GetAccountSummary request.
     #
     # @!attribute [rw] summary_map
-    #   A set of key value pairs containing information about IAM entity
+    #   A set of key–value pairs containing information about IAM entity
     #   usage and IAM quotas.
     #   @return [Hash<String,Integer>]
     #
@@ -2929,7 +3067,7 @@ module Aws::IAM
     # @!attribute [rw] group_name
     #   The name of the group the policy is associated with.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2942,7 +3080,7 @@ module Aws::IAM
     # @!attribute [rw] policy_name
     #   The name of the policy document to get.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -2995,7 +3133,7 @@ module Aws::IAM
     # @!attribute [rw] group_name
     #   The name of the group.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3013,16 +3151,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroupRequest AWS API Documentation
@@ -3051,7 +3189,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -3080,7 +3218,7 @@ module Aws::IAM
     # @!attribute [rw] instance_profile_name
     #   The name of the instance profile to get information about.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3120,7 +3258,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose login profile you want to retrieve.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3275,7 +3413,7 @@ module Aws::IAM
     # @!attribute [rw] version_id
     #   Identifies the policy version to retrieve.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that consists of the lowercase letter 'v' followed by
     #   one or two digits, and optionally followed by a period '.' and a
     #   string of letters and digits.
@@ -3317,7 +3455,7 @@ module Aws::IAM
     # @!attribute [rw] role_name
     #   The name of the role associated with the policy.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3330,7 +3468,7 @@ module Aws::IAM
     # @!attribute [rw] policy_name
     #   The name of the policy document to get.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3381,7 +3519,7 @@ module Aws::IAM
     # @!attribute [rw] role_name
     #   The name of the IAM role to get information about.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3473,7 +3611,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the IAM user associated with the SSH public key.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3486,7 +3624,7 @@ module Aws::IAM
     # @!attribute [rw] ssh_public_key_id
     #   The unique identifier for the SSH public key.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that can consist of any upper or lowercased letter or
     #   digit.
     #
@@ -3534,7 +3672,7 @@ module Aws::IAM
     #   The name of the server certificate you want to retrieve information
     #   about.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3564,6 +3702,239 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetServiceLastAccessedDetailsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         job_id: "jobIDType", # required
+    #         max_items: 1,
+    #         marker: "markerType",
+    #       }
+    #
+    # @!attribute [rw] job_id
+    #   The ID of the request generated by the
+    #   GenerateServiceLastAccessedDetails operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetailsRequest AWS API Documentation
+    #
+    class GetServiceLastAccessedDetailsRequest < Struct.new(
+      :job_id,
+      :max_items,
+      :marker)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] job_status
+    #   The status of the job.
+    #   @return [String]
+    #
+    # @!attribute [rw] job_creation_date
+    #   The date and time, in [ISO 8601 date-time format][1], when the
+    #   report job was created.
+    #
+    #
+    #
+    #   [1]: http://www.iso.org/iso/iso8601
+    #   @return [Time]
+    #
+    # @!attribute [rw] services_last_accessed
+    #   A `ServiceLastAccessed` object that contains details about the most
+    #   recent attempt to access the service.
+    #   @return [Array<Types::ServiceLastAccessed>]
+    #
+    # @!attribute [rw] job_completion_date
+    #   The date and time, in [ISO 8601 date-time format][1], when the
+    #   generated report job was completed or failed.
+    #
+    #   This field is null if the job is still in progress, as indicated by
+    #   a `JobStatus` value of `IN_PROGRESS`.
+    #
+    #
+    #
+    #   [1]: http://www.iso.org/iso/iso8601
+    #   @return [Time]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can make a subsequent pagination
+    #   request using the `Marker` request parameter to retrieve more items.
+    #   Note that IAM might return fewer than the `MaxItems` number of
+    #   results even when there are more results available. We recommend
+    #   that you check `IsTruncated` after every call to ensure that you
+    #   receive all your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @!attribute [rw] error
+    #   An object that contains details about the reason the operation
+    #   failed.
+    #   @return [Types::ErrorDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetailsResponse AWS API Documentation
+    #
+    class GetServiceLastAccessedDetailsResponse < Struct.new(
+      :job_status,
+      :job_creation_date,
+      :services_last_accessed,
+      :job_completion_date,
+      :is_truncated,
+      :marker,
+      :error)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetServiceLastAccessedDetailsWithEntitiesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         job_id: "jobIDType", # required
+    #         service_namespace: "serviceNamespaceType", # required
+    #         max_items: 1,
+    #         marker: "markerType",
+    #       }
+    #
+    # @!attribute [rw] job_id
+    #   The ID of the request generated by the
+    #   `GenerateServiceLastAccessedDetails` operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] service_namespace
+    #   The service namespace for an AWS service. Provide the service
+    #   namespace to learn when the IAM entity last attempted to access the
+    #   specified service.
+    #
+    #   To learn the service namespace for a service, go to [Actions,
+    #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
+    #   Guide* and choose the name of the service to view details for that
+    #   service. In the first paragraph, find the service prefix. For
+    #   example, `(service prefix: a4b)`. For more information about service
+    #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
+    #   Reference*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
+    #   [2]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetailsWithEntitiesRequest AWS API Documentation
+    #
+    class GetServiceLastAccessedDetailsWithEntitiesRequest < Struct.new(
+      :job_id,
+      :service_namespace,
+      :max_items,
+      :marker)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] job_status
+    #   The status of the job.
+    #   @return [String]
+    #
+    # @!attribute [rw] job_creation_date
+    #   The date and time, in [ISO 8601 date-time format][1], when the
+    #   report job was created.
+    #
+    #
+    #
+    #   [1]: http://www.iso.org/iso/iso8601
+    #   @return [Time]
+    #
+    # @!attribute [rw] job_completion_date
+    #   The date and time, in [ISO 8601 date-time format][1], when the
+    #   generated report job was completed or failed.
+    #
+    #
+    #
+    #   [1]: http://www.iso.org/iso/iso8601
+    #   @return [Time]
+    #
+    # @!attribute [rw] entity_details_list
+    #   An `EntityDetailsList` object that contains details about when an
+    #   IAM entity (user or role) used group or policy permissions in an
+    #   attempt to access the specified AWS service.
+    #   @return [Array<Types::EntityDetails>]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can make a subsequent pagination
+    #   request using the `Marker` request parameter to retrieve more items.
+    #   Note that IAM might return fewer than the `MaxItems` number of
+    #   results even when there are more results available. We recommend
+    #   that you check `IsTruncated` after every call to ensure that you
+    #   receive all your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @!attribute [rw] error
+    #   An object that contains details about the reason the operation
+    #   failed.
+    #   @return [Types::ErrorDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetailsWithEntitiesResponse AWS API Documentation
+    #
+    class GetServiceLastAccessedDetailsWithEntitiesResponse < Struct.new(
+      :job_status,
+      :job_creation_date,
+      :job_completion_date,
+      :entity_details_list,
+      :is_truncated,
+      :marker,
+      :error)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetServiceLinkedRoleDeletionStatusRequest
     #   data as a hash:
     #
@@ -3612,7 +3983,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user who the policy is associated with.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3625,7 +3996,7 @@ module Aws::IAM
     # @!attribute [rw] policy_name
     #   The name of the policy document to get.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3677,8 +4048,8 @@ module Aws::IAM
     #   The name of the user to get information about.
     #
     #   This parameter is optional. If it is not included, it defaults to
-    #   the user making the request. This parameter allows (per its [regex
-    #   pattern][1]) a string of characters consisting of upper and
+    #   the user making the request. This parameter allows (through its
+    #   [regex pattern][1]) a string of characters consisting of upper and
     #   lowercase alphanumeric characters with no spaces. You can also
     #   include any of the following characters: \_+=,.@-
     #
@@ -3700,22 +4071,22 @@ module Aws::IAM
     #   A structure containing details about the IAM user.
     #
     #   Due to a service issue, password last used data does not include
-    #   password use from May 3rd 2018 22:50 PDT to May 23rd 2018 14:08 PDT.
+    #   password use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT.
     #   This affects [last sign-in][1] dates shown in the IAM console and
     #   password last used dates in the [IAM credential report][2], and
     #   returned by this GetUser API. If users signed in during the affected
     #   time, the password last used date that is returned is the date the
-    #   user last signed in before May 3rd 2018. For users that signed in
-    #   after May 23rd 2018 14:08 PDT, the returned password last used date
+    #   user last signed in before May 3, 2018. For users that signed in
+    #   after May 23, 2018 14:08 PDT, the returned password last used date
     #   is accurate.
     #
-    #    If you use password last used information to identify unused
-    #   credentials for deletion, such as deleting users who did not sign in
-    #   to AWS in the last 90 days, we recommend that you adjust your
-    #   evaluation window to include dates after May 23rd 2018.
-    #   Alternatively, if your users use access keys to access AWS
-    #   programmatically you can refer to access key last used information
-    #   because it is accurate for all dates.
+    #    You can use password last used information to identify unused
+    #   credentials for deletion. For example, you might delete users who
+    #   did not sign in to AWS in the last 90 days. In cases like this, we
+    #   recommend that you adjust your evaluation window to include dates
+    #   after May 23, 2018. Alternatively, if your users use access keys to
+    #   access AWS programmatically you can refer to access key last used
+    #   information because it is accurate for all dates.
     #
     #
     #
@@ -3943,7 +4314,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -3961,16 +4332,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccessKeysRequest AWS API Documentation
@@ -3995,7 +4366,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4029,16 +4400,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccountAliasesRequest AWS API Documentation
@@ -4063,7 +4434,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4095,7 +4466,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) of the group to list attached
     #   policies for.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -4110,7 +4481,7 @@ module Aws::IAM
     #   optional. If it is not included, it defaults to a slash (/), listing
     #   all policies.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -4130,16 +4501,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedGroupPoliciesRequest AWS API Documentation
@@ -4166,7 +4537,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4198,7 +4569,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) of the role to list attached
     #   policies for.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -4213,7 +4584,7 @@ module Aws::IAM
     #   optional. If it is not included, it defaults to a slash (/), listing
     #   all policies.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -4233,16 +4604,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedRolePoliciesRequest AWS API Documentation
@@ -4269,7 +4640,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4301,7 +4672,7 @@ module Aws::IAM
     #   The name (friendly name, not ARN) of the user to list attached
     #   policies for.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -4316,7 +4687,7 @@ module Aws::IAM
     #   optional. If it is not included, it defaults to a slash (/), listing
     #   all policies.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -4336,16 +4707,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedUserPoliciesRequest AWS API Documentation
@@ -4372,7 +4743,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4429,7 +4800,7 @@ module Aws::IAM
     #   optional. If it is not included, it defaults to a slash (/), listing
     #   all entities.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -4461,16 +4832,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListEntitiesForPolicyRequest AWS API Documentation
@@ -4506,7 +4877,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4538,7 +4909,7 @@ module Aws::IAM
     # @!attribute [rw] group_name
     #   The name of the group to list policies for.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -4556,16 +4927,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupPoliciesRequest AWS API Documentation
@@ -4582,7 +4953,7 @@ module Aws::IAM
     # @!attribute [rw] policy_names
     #   A list of policy names.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -4599,7 +4970,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4629,7 +5000,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user to list groups for.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -4647,16 +5018,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupsForUserRequest AWS API Documentation
@@ -4681,7 +5052,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4714,12 +5085,13 @@ module Aws::IAM
     #   with `/division_abc/subdivision_xyz/`.
     #
     #   This parameter is optional. If it is not included, it defaults to a
-    #   slash (/), listing all groups. This parameter allows (per its [regex
-    #   pattern][1]) a string of characters consisting of either a forward
-    #   slash (/) by itself or a string that must begin and end with forward
-    #   slashes. In addition, it can contain any ASCII character from the !
-    #   (\\u0021) through the DEL character (\\u007F), including most
-    #   punctuation characters, digits, and upper and lowercased letters.
+    #   slash (/), listing all groups. This parameter allows (through its
+    #   [regex pattern][1]) a string of characters consisting of either a
+    #   forward slash (/) by itself or a string that must begin and end with
+    #   forward slashes. In addition, it can contain any ASCII character
+    #   from the ! (\\u0021) through the DEL character (\\u007F), including
+    #   most punctuation characters, digits, and upper and lowercased
+    #   letters.
     #
     #
     #
@@ -4734,16 +5106,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupsRequest AWS API Documentation
@@ -4768,7 +5140,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4798,7 +5170,7 @@ module Aws::IAM
     # @!attribute [rw] role_name
     #   The name of the role to list instance profiles for.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -4816,16 +5188,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesForRoleRequest AWS API Documentation
@@ -4851,7 +5223,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4884,10 +5256,10 @@ module Aws::IAM
     #   path starts with `/application_abc/component_xyz/`.
     #
     #   This parameter is optional. If it is not included, it defaults to a
-    #   slash (/), listing all instance profiles. This parameter allows (per
-    #   its [regex pattern][1]) a string of characters consisting of either
-    #   a forward slash (/) by itself or a string that must begin and end
-    #   with forward slashes. In addition, it can contain any ASCII
+    #   slash (/), listing all instance profiles. This parameter allows
+    #   (through its [regex pattern][1]) a string of characters consisting
+    #   of either a forward slash (/) by itself or a string that must begin
+    #   and end with forward slashes. In addition, it can contain any ASCII
     #   character from the ! (\\u0021) through the DEL character (\\u007F),
     #   including most punctuation characters, digits, and upper and
     #   lowercased letters.
@@ -4905,16 +5277,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesRequest AWS API Documentation
@@ -4939,7 +5311,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -4969,7 +5341,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose MFA devices you want to list.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -4987,16 +5359,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADevicesRequest AWS API Documentation
@@ -5021,7 +5393,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -5060,6 +5432,119 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # Contains details about the permissions policies that are attached to
+    # the specified identity (user, group, or role).
+    #
+    # This data type is used as a response element in the
+    # ListPoliciesGrantingServiceAccess operation.
+    #
+    # @!attribute [rw] service_namespace
+    #   The namespace of the service that was accessed.
+    #
+    #   To learn the service namespace of a service, go to [Actions,
+    #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
+    #   Guide*. Choose the name of the service to view details for that
+    #   service. In the first paragraph, find the service prefix. For
+    #   example, `(service prefix: a4b)`. For more information about service
+    #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
+    #   Reference*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
+    #   [2]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
+    #   @return [String]
+    #
+    # @!attribute [rw] policies
+    #   The `PoliciesGrantingServiceAccess` object that contains details
+    #   about the policy.
+    #   @return [Array<Types::PolicyGrantingServiceAccess>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPoliciesGrantingServiceAccessEntry AWS API Documentation
+    #
+    class ListPoliciesGrantingServiceAccessEntry < Struct.new(
+      :service_namespace,
+      :policies)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListPoliciesGrantingServiceAccessRequest
+    #   data as a hash:
+    #
+    #       {
+    #         marker: "markerType",
+    #         arn: "arnType", # required
+    #         service_namespaces: ["serviceNamespaceType"], # required
+    #       }
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
+    #   @return [String]
+    #
+    # @!attribute [rw] arn
+    #   The ARN of the IAM identity (user, group, or role) whose policies
+    #   you want to list.
+    #   @return [String]
+    #
+    # @!attribute [rw] service_namespaces
+    #   The service namespace for the AWS services whose policies you want
+    #   to list.
+    #
+    #   To learn the service namespace for a service, go to [Actions,
+    #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
+    #   Guide*. Choose the name of the service to view details for that
+    #   service. In the first paragraph, find the service prefix. For
+    #   example, `(service prefix: a4b)`. For more information about service
+    #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
+    #   Reference*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
+    #   [2]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPoliciesGrantingServiceAccessRequest AWS API Documentation
+    #
+    class ListPoliciesGrantingServiceAccessRequest < Struct.new(
+      :marker,
+      :arn,
+      :service_namespaces)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policies_granting_service_access
+    #   A `ListPoliciesGrantingServiceAccess` object that contains details
+    #   about the permissions policies attached to the specified identity
+    #   (user, group, or role).
+    #   @return [Array<Types::ListPoliciesGrantingServiceAccessEntry>]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can make a subsequent pagination
+    #   request using the `Marker` request parameter to retrieve more items.
+    #   We recommend that you check `IsTruncated` after every call to ensure
+    #   that you receive all your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPoliciesGrantingServiceAccessResponse AWS API Documentation
+    #
+    class ListPoliciesGrantingServiceAccessResponse < Struct.new(
+      :policies_granting_service_access,
+      :is_truncated,
+      :marker)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListPoliciesRequest
     #   data as a hash:
     #
@@ -5095,8 +5580,8 @@ module Aws::IAM
     # @!attribute [rw] path_prefix
     #   The path prefix for filtering the results. This parameter is
     #   optional. If it is not included, it defaults to a slash (/), listing
-    #   all policies. This parameter allows (per its [regex pattern][1]) a
-    #   string of characters consisting of either a forward slash (/) by
+    #   all policies. This parameter allows (through its [regex pattern][1])
+    #   a string of characters consisting of either a forward slash (/) by
     #   itself or a string that must begin and end with forward slashes. In
     #   addition, it can contain any ASCII character from the ! (\\u0021)
     #   through the DEL character (\\u007F), including most punctuation
@@ -5127,16 +5612,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPoliciesRequest AWS API Documentation
@@ -5164,7 +5649,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -5211,16 +5696,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyVersionsRequest AWS API Documentation
@@ -5252,7 +5737,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -5282,7 +5767,7 @@ module Aws::IAM
     # @!attribute [rw] role_name
     #   The name of the role to list policies for.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -5300,16 +5785,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRolePoliciesRequest AWS API Documentation
@@ -5334,7 +5819,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -5449,12 +5934,13 @@ module Aws::IAM
     #   with `/application_abc/component_xyz/`.
     #
     #   This parameter is optional. If it is not included, it defaults to a
-    #   slash (/), listing all roles. This parameter allows (per its [regex
-    #   pattern][1]) a string of characters consisting of either a forward
-    #   slash (/) by itself or a string that must begin and end with forward
-    #   slashes. In addition, it can contain any ASCII character from the !
-    #   (\\u0021) through the DEL character (\\u007F), including most
-    #   punctuation characters, digits, and upper and lowercased letters.
+    #   slash (/), listing all roles. This parameter allows (through its
+    #   [regex pattern][1]) a string of characters consisting of either a
+    #   forward slash (/) by itself or a string that must begin and end with
+    #   forward slashes. In addition, it can contain any ASCII character
+    #   from the ! (\\u0021) through the DEL character (\\u007F), including
+    #   most punctuation characters, digits, and upper and lowercased
+    #   letters.
     #
     #
     #
@@ -5469,16 +5955,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRolesRequest AWS API Documentation
@@ -5503,7 +5989,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -5555,7 +6041,7 @@ module Aws::IAM
     #   specified, the `UserName` field is determined implicitly based on
     #   the AWS access key used to sign the request.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -5573,16 +6059,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSSHPublicKeysRequest AWS API Documentation
@@ -5607,7 +6093,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -5641,9 +6127,9 @@ module Aws::IAM
     #
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/), listing all server certificates. This parameter allows
-    #   (per its [regex pattern][1]) a string of characters consisting of
-    #   either a forward slash (/) by itself or a string that must begin and
-    #   end with forward slashes. In addition, it can contain any ASCII
+    #   (through its [regex pattern][1]) a string of characters consisting
+    #   of either a forward slash (/) by itself or a string that must begin
+    #   and end with forward slashes. In addition, it can contain any ASCII
     #   character from the ! (\\u0021) through the DEL character (\\u007F),
     #   including most punctuation characters, digits, and upper and
     #   lowercased letters.
@@ -5661,16 +6147,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificatesRequest AWS API Documentation
@@ -5695,7 +6181,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -5727,7 +6213,7 @@ module Aws::IAM
     #   operation assumes the user whose credentials are used to call the
     #   operation.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -5776,7 +6262,7 @@ module Aws::IAM
     #   The name of the IAM user whose signing certificates you want to
     #   examine.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -5794,16 +6280,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSigningCertificatesRequest AWS API Documentation
@@ -5828,7 +6314,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -5858,7 +6344,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user to list policies for.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -5876,16 +6362,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserPoliciesRequest AWS API Documentation
@@ -5910,7 +6396,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -6025,13 +6511,13 @@ module Aws::IAM
     #   whose path starts with `/division_abc/subdivision_xyz/`.
     #
     #   This parameter is optional. If it is not included, it defaults to a
-    #   slash (/), listing all user names. This parameter allows (per its
-    #   [regex pattern][1]) a string of characters consisting of either a
-    #   forward slash (/) by itself or a string that must begin and end with
-    #   forward slashes. In addition, it can contain any ASCII character
-    #   from the ! (\\u0021) through the DEL character (\\u007F), including
-    #   most punctuation characters, digits, and upper and lowercased
-    #   letters.
+    #   slash (/), listing all user names. This parameter allows (through
+    #   its [regex pattern][1]) a string of characters consisting of either
+    #   a forward slash (/) by itself or a string that must begin and end
+    #   with forward slashes. In addition, it can contain any ASCII
+    #   character from the ! (\\u0021) through the DEL character (\\u007F),
+    #   including most punctuation characters, digits, and upper and
+    #   lowercased letters.
     #
     #
     #
@@ -6046,16 +6532,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUsersRequest AWS API Documentation
@@ -6080,7 +6566,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -6110,7 +6596,8 @@ module Aws::IAM
     # @!attribute [rw] assignment_status
     #   The status (`Unassigned` or `Assigned`) of the devices to list. If
     #   you do not specify an `AssignmentStatus`, the operation defaults to
-    #   `Any` which lists both assigned and unassigned virtual MFA devices.
+    #   `Any`, which lists both assigned and unassigned virtual MFA
+    #   devices.,
     #   @return [String]
     #
     # @!attribute [rw] marker
@@ -6121,16 +6608,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListVirtualMFADevicesRequest AWS API Documentation
@@ -6156,7 +6643,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -6307,7 +6794,7 @@ module Aws::IAM
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #   @return [Integer]
     #
     # @!attribute [rw] is_attachable
@@ -6539,7 +7026,7 @@ module Aws::IAM
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #   @return [Integer]
     #
     # @!attribute [rw] is_attachable
@@ -6616,6 +7103,74 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # Contains details about the permissions policies that are attached to
+    # the specified identity (user, group, or role).
+    #
+    # This data type is an element of the
+    # ListPoliciesGrantingServiceAccessEntry object.
+    #
+    # @!attribute [rw] policy_name
+    #   The policy name.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_type
+    #   The policy type. For more information about these policy types, see
+    #   [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_arn
+    #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
+    #   resources.
+    #
+    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
+    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   @return [String]
+    #
+    # @!attribute [rw] entity_type
+    #   The type of entity (user or role) that used the policy to access the
+    #   service to which the inline policy is attached.
+    #
+    #   This field is null for managed policies. For more information about
+    #   these policy types, see [Managed Policies and Inline Policies][1] in
+    #   the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
+    #   @return [String]
+    #
+    # @!attribute [rw] entity_name
+    #   The name of the entity (user or role) to which the inline policy is
+    #   attached.
+    #
+    #   This field is null for managed policies. For more information about
+    #   these policy types, see [Managed Policies and Inline Policies][1] in
+    #   the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PolicyGrantingServiceAccess AWS API Documentation
+    #
+    class PolicyGrantingServiceAccess < Struct.new(
+      :policy_name,
+      :policy_type,
+      :policy_arn,
+      :entity_type,
+      :entity_name)
+      include Aws::Structure
+    end
+
     # Contains information about a group that a managed policy is attached
     # to.
     #
@@ -6819,7 +7374,7 @@ module Aws::IAM
     # @!attribute [rw] group_name
     #   The name of the group to associate the policy with.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -6832,7 +7387,7 @@ module Aws::IAM
     # @!attribute [rw] policy_name
     #   The name of the policy document.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -6909,7 +7464,7 @@ module Aws::IAM
     # @!attribute [rw] role_name
     #   The name of the role to associate the policy with.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -6922,7 +7477,7 @@ module Aws::IAM
     # @!attribute [rw] policy_name
     #   The name of the policy document.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -6999,7 +7554,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user to associate the policy with.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -7012,7 +7567,7 @@ module Aws::IAM
     # @!attribute [rw] policy_name
     #   The name of the policy document.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -7097,7 +7652,7 @@ module Aws::IAM
     # @!attribute [rw] instance_profile_name
     #   The name of the instance profile to update.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -7110,7 +7665,7 @@ module Aws::IAM
     # @!attribute [rw] role_name
     #   The name of the role to remove.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -7139,7 +7694,7 @@ module Aws::IAM
     # @!attribute [rw] group_name
     #   The name of the group to update.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -7152,7 +7707,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user to remove.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -7183,7 +7738,7 @@ module Aws::IAM
     #   credential. If this value is not specified, then the operation
     #   assumes the user whose credentials are used to call the operation.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -7196,7 +7751,7 @@ module Aws::IAM
     # @!attribute [rw] service_specific_credential_id
     #   The unique identifier of the service-specific credential.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that can consist of any upper or lowercased letter or
     #   digit.
     #
@@ -7248,8 +7803,8 @@ module Aws::IAM
     #   result for this part of the simulation. Remember that even if
     #   multiple statements allow the operation on the resource, if *any*
     #   statement denies that operation, then the explicit deny overrides
-    #   any allow, and the deny statement is the only entry included in the
-    #   result.
+    #   any allow. In addition, the deny statement is the only entry
+    #   included in the result.
     #   @return [Array<Types::Statement>]
     #
     # @!attribute [rw] missing_context_values
@@ -7297,7 +7852,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose MFA device you want to resynchronize.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -7310,7 +7865,7 @@ module Aws::IAM
     # @!attribute [rw] serial_number
     #   Serial number that uniquely identifies the MFA device.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -7395,19 +7950,9 @@ module Aws::IAM
     #   A description of the role that you provide.
     #   @return [String]
     #
-    # @!attribute [rw] tags
-    #   A list of tags that are attached to the specified role. For more
-    #   information about tagging, see [Tagging IAM Identities][1] in the
-    #   *IAM User Guide*.
-    #
-    #
-    #
-    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
-    #   @return [Array<Types::Tag>]
-    #
     # @!attribute [rw] max_session_duration
     #   The maximum session duration (in seconds) for the specified role.
-    #   Anyone who uses the AWS CLI or API to assume the role can specify
+    #   Anyone who uses the AWS CLI, or API to assume the role can specify
     #   the duration using the optional `DurationSeconds` API parameter or
     #   `duration-seconds` CLI parameter.
     #   @return [Integer]
@@ -7417,12 +7962,20 @@ module Aws::IAM
     #   role.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #   Boundaries for IAM Identities
+    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
+    #   User Guide*.
+    #   @return [Types::AttachedPermissionsBoundary]
+    #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the specified role. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the
+    #   *IAM User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
-    #   @return [Types::AttachedPermissionsBoundary]
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Role AWS API Documentation
     #
@@ -7434,9 +7987,9 @@ module Aws::IAM
       :create_date,
       :assume_role_policy_document,
       :description,
-      :tags,
       :max_session_duration,
-      :permissions_boundary)
+      :permissions_boundary,
+      :tags)
       include Aws::Structure
     end
 
@@ -7508,6 +8061,16 @@ module Aws::IAM
     #   the role's access (permissions) policies.
     #   @return [Array<Types::AttachedPolicy>]
     #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy used to set the permissions boundary for the
+    #   role.
+    #
+    #   For more information about permissions boundaries, see [Permissions
+    #   Boundaries for IAM Identities
+    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
+    #   User Guide*.
+    #   @return [Types::AttachedPermissionsBoundary]
+    #
     # @!attribute [rw] tags
     #   A list of tags that are attached to the specified role. For more
     #   information about tagging, see [Tagging IAM Identities][1] in the
@@ -7518,18 +8081,6 @@ module Aws::IAM
     #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
     #   @return [Array<Types::Tag>]
     #
-    # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy used to set the permissions boundary for the
-    #   role.
-    #
-    #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
-    #   @return [Types::AttachedPermissionsBoundary]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RoleDetail AWS API Documentation
     #
     class RoleDetail < Struct.new(
@@ -7542,8 +8093,8 @@ module Aws::IAM
       :instance_profile_list,
       :role_policy_list,
       :attached_managed_policies,
-      :tags,
-      :permissions_boundary)
+      :permissions_boundary,
+      :tags)
       include Aws::Structure
     end
 
@@ -7765,6 +8316,82 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # Contains details about the most recent attempt to access the service.
+    #
+    # This data type is used as a response element in the
+    # GetServiceLastAccessedDetails operation.
+    #
+    # @!attribute [rw] service_name
+    #   The name of the service in which access was attempted.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_authenticated
+    #   The date and time, in [ISO 8601 date-time format][1], when an
+    #   authenticated entity most recently attempted to access the service.
+    #   AWS does not report unauthenticated requests.
+    #
+    #   This field is null if no IAM entities attempted to access the
+    #   service within the [reporting period][2].
+    #
+    #
+    #
+    #   [1]: http://www.iso.org/iso/iso8601
+    #   [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [Time]
+    #
+    # @!attribute [rw] service_namespace
+    #   The namespace of the service in which access was attempted.
+    #
+    #   To learn the service namespace of a service, go to [Actions,
+    #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
+    #   Guide*. Choose the name of the service to view details for that
+    #   service. In the first paragraph, find the service prefix. For
+    #   example, `(service prefix: a4b)`. For more information about service
+    #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
+    #   Reference*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
+    #   [2]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
+    #   @return [String]
+    #
+    # @!attribute [rw] last_authenticated_entity
+    #   The ARN of the authenticated entity (user or role) that last
+    #   attempted to access the service. AWS does not report unauthenticated
+    #   requests.
+    #
+    #   This field is null if no IAM entities attempted to access the
+    #   service within the [reporting period][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [String]
+    #
+    # @!attribute [rw] total_authenticated_entities
+    #   The total number of authenticated entities that have attempted to
+    #   access the service.
+    #
+    #   This field is null if no IAM entities attempted to access the
+    #   service within the [reporting period][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ServiceLastAccessed AWS API Documentation
+    #
+    class ServiceLastAccessed < Struct.new(
+      :service_name,
+      :last_authenticated,
+      :service_namespace,
+      :last_authenticated_entity,
+      :total_authenticated_entities)
+      include Aws::Structure
+    end
+
     # Contains the details of a service-specific credential.
     #
     # @!attribute [rw] create_date
@@ -8001,7 +8628,7 @@ module Aws::IAM
     #
     # @!attribute [rw] resource_arns
     #   A list of ARNs of AWS resources to include in the simulation. If
-    #   this parameter is not provided then the value defaults to `*` (all
+    #   this parameter is not provided, then the value defaults to `*` (all
     #   resources). Each API in the `ActionNames` parameter is evaluated for
     #   each resource in this list. The simulation determines the access
     #   result (allowed or denied) of each combination and reports it in the
@@ -8131,16 +8758,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @!attribute [rw] marker
@@ -8180,7 +8807,7 @@ module Aws::IAM
     #   Note that IAM might return fewer than the `MaxItems` number of
     #   results even when there are more results available. We recommend
     #   that you check `IsTruncated` after every call to ensure that you
-    #   receive all of your results.
+    #   receive all your results.
     #   @return [Boolean]
     #
     # @!attribute [rw] marker
@@ -8367,36 +8994,36 @@ module Aws::IAM
     #   simulation.
     #
     #   Each of the EC2 scenarios requires that you specify instance, image,
-    #   and security-group resources. If your scenario includes an EBS
+    #   and security group resources. If your scenario includes an EBS
     #   volume, then you must specify that volume as a resource. If the EC2
-    #   scenario includes VPC, then you must supply the network-interface
+    #   scenario includes VPC, then you must supply the network interface
     #   resource. If it includes an IP subnet, then you must specify the
     #   subnet resource. For more information on the EC2 scenario options,
     #   see [Supported Platforms][1] in the *Amazon EC2 User Guide*.
     #
     #   * **EC2-Classic-InstanceStore**
     #
-    #     instance, image, security-group
+    #     instance, image, security group
     #
     #   * **EC2-Classic-EBS**
     #
-    #     instance, image, security-group, volume
+    #     instance, image, security group, volume
     #
     #   * **EC2-VPC-InstanceStore**
     #
-    #     instance, image, security-group, network-interface
+    #     instance, image, security group, network interface
     #
     #   * **EC2-VPC-InstanceStore-Subnet**
     #
-    #     instance, image, security-group, network-interface, subnet
+    #     instance, image, security group, network interface, subnet
     #
     #   * **EC2-VPC-EBS**
     #
-    #     instance, image, security-group, network-interface, volume
+    #     instance, image, security group, network interface, volume
     #
     #   * **EC2-VPC-EBS-Subnet**
     #
-    #     instance, image, security-group, network-interface, subnet, volume
+    #     instance, image, security group, network interface, subnet, volume
     #
     #
     #
@@ -8404,16 +9031,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items you want in the response. If additional
-    #   items exist beyond the maximum you specify, the `IsTruncated`
-    #   response element is `true`.
-    #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when there are more results
-    #   available. In that case, the `IsTruncated` response element returns
-    #   `true` and `Marker` contains a value to include in the subsequent
-    #   call that tells the service where to continue from.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is
+    #   `true`.
+    #
+    #   If you do not include this parameter, the number of items defaults
+    #   to 100. Note that IAM might return fewer results, even when there
+    #   are more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #   @return [Integer]
     #
     # @!attribute [rw] marker
@@ -8678,7 +9305,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose key you want to update.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -8691,7 +9318,7 @@ module Aws::IAM
     # @!attribute [rw] access_key_id
     #   The access key ID of the secret access key you want to update.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that can consist of any upper or lowercased letter or
     #   digit.
     #
@@ -8845,7 +9472,7 @@ module Aws::IAM
     # @!attribute [rw] role_name
     #   The name of the role to update with the new policy.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -8896,7 +9523,7 @@ module Aws::IAM
     #   Name of the IAM group to update. If you're changing the name of the
     #   group, this is the original name.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -8910,7 +9537,7 @@ module Aws::IAM
     #   New path for the IAM group. Only include this if changing the
     #   group's path.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -8926,7 +9553,7 @@ module Aws::IAM
     #   New name for the IAM group. Only include this if changing the
     #   group's name.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -8957,7 +9584,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user whose password you want to update.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9191,7 +9818,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the IAM user associated with the SSH public key.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9204,7 +9831,7 @@ module Aws::IAM
     # @!attribute [rw] ssh_public_key_id
     #   The unique identifier for the SSH public key.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that can consist of any upper or lowercased letter or
     #   digit.
     #
@@ -9240,7 +9867,7 @@ module Aws::IAM
     # @!attribute [rw] server_certificate_name
     #   The name of the server certificate that you want to update.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9254,7 +9881,7 @@ module Aws::IAM
     #   The new path for the server certificate. Include this only if you
     #   are updating the server certificate's path.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -9271,7 +9898,7 @@ module Aws::IAM
     #   are updating the server certificate's name. The name of the
     #   certificate cannot contain any spaces.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9304,7 +9931,7 @@ module Aws::IAM
     #   credential. If you do not specify this value, then the operation
     #   assumes the user whose credentials are used to call the operation.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9317,7 +9944,7 @@ module Aws::IAM
     # @!attribute [rw] service_specific_credential_id
     #   The unique identifier of the service-specific credential.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that can consist of any upper or lowercased letter or
     #   digit.
     #
@@ -9351,7 +9978,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the IAM user the signing certificate belongs to.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9364,7 +9991,7 @@ module Aws::IAM
     # @!attribute [rw] certificate_id
     #   The ID of the signing certificate you want to update.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters that can consist of any upper or lowercased letter or
     #   digit.
     #
@@ -9401,7 +10028,7 @@ module Aws::IAM
     #   Name of the user to update. If you're changing the name of the
     #   user, this is the original user name.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9415,7 +10042,7 @@ module Aws::IAM
     #   New path for the IAM user. Include this parameter only if you're
     #   changing the user's path.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of either a forward slash (/) by itself or a
     #   string that must begin and end with forward slashes. In addition, it
     #   can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -9431,7 +10058,7 @@ module Aws::IAM
     #   New name for the user. Include this parameter only if you're
     #   changing the user's name.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9461,7 +10088,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the IAM user to associate the SSH public key with.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9473,7 +10100,7 @@ module Aws::IAM
     #
     # @!attribute [rw] ssh_public_key_body
     #   The SSH public key. The public key must be encoded in ssh-rsa format
-    #   or PEM format. The miminum bit-length of the public key is 2048
+    #   or PEM format. The minimum bit-length of the public key is 2048
     #   bits. For example, you can generate a 2048-bit key, and the
     #   resulting PEM file is 1679 bytes long.
     #
@@ -9531,7 +10158,7 @@ module Aws::IAM
     #   paths, see [IAM Identifiers][1] in the *IAM User Guide*.
     #
     #   This parameter is optional. If it is not included, it defaults to a
-    #   slash (/). This parameter allows (per its [regex pattern][2]) a
+    #   slash (/). This parameter allows (through its [regex pattern][2]) a
     #   string of characters consisting of either a forward slash (/) by
     #   itself or a string that must begin and end with forward slashes. In
     #   addition, it can contain any ASCII character from the ! (\\u0021)
@@ -9555,7 +10182,7 @@ module Aws::IAM
     #   The name for the server certificate. Do not include the path in this
     #   value. The name of the certificate cannot contain any spaces.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9663,7 +10290,7 @@ module Aws::IAM
     # @!attribute [rw] user_name
     #   The name of the user the signing certificate is for.
     #
-    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
     #   characters: \_+=,.@-
@@ -9774,18 +10401,18 @@ module Aws::IAM
     #   list of AWS websites that capture a user's last sign-in time, see
     #   the [Credential Reports][2] topic in the *Using IAM* guide. If a
     #   password is used more than once in a five-minute span, only the
-    #   first use is returned in this field. If the field is null (no value)
-    #   then it indicates that they never signed in with a password. This
-    #   can be because:
+    #   first use is returned in this field. If the field is null (no
+    #   value), then it indicates that they never signed in with a password.
+    #   This can be because:
     #
     #   * The user never had a password.
     #
     #   * A password exists but has not been used since IAM started tracking
-    #     this information on October 20th, 2014.
+    #     this information on October 20, 2014.
     #
-    #   A null does not mean that the user *never* had a password. Also, if
-    #   the user does not currently have a password, but had one in the
-    #   past, then this field contains the date and time the most recent
+    #   A null valuedoes not mean that the user *never* had a password.
+    #   Also, if the user does not currently have a password, but had one in
+    #   the past, then this field contains the date and time the most recent
     #   password was used.
     #
     #   This value is returned only in the GetUser and ListUsers operations.
@@ -9796,6 +10423,16 @@ module Aws::IAM
     #   [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
     #   @return [Time]
     #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy used to set the permissions boundary for the
+    #   user.
+    #
+    #   For more information about permissions boundaries, see [Permissions
+    #   Boundaries for IAM Identities
+    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
+    #   User Guide*.
+    #   @return [Types::AttachedPermissionsBoundary]
+    #
     # @!attribute [rw] tags
     #   A list of tags that are associated with the specified user. For more
     #   information about tagging, see [Tagging IAM Identities][1] in the
@@ -9806,18 +10443,6 @@ module Aws::IAM
     #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
     #   @return [Array<Types::Tag>]
     #
-    # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy used to set the permissions boundary for the
-    #   user.
-    #
-    #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
-    #   @return [Types::AttachedPermissionsBoundary]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/User AWS API Documentation
     #
     class User < Struct.new(
@@ -9827,8 +10452,8 @@ module Aws::IAM
       :arn,
       :create_date,
       :password_last_used,
-      :tags,
-      :permissions_boundary)
+      :permissions_boundary,
+      :tags)
       include Aws::Structure
     end
 
@@ -9894,6 +10519,16 @@ module Aws::IAM
     #   A list of the managed policies attached to the user.
     #   @return [Array<Types::AttachedPolicy>]
     #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy used to set the permissions boundary for the
+    #   user.
+    #
+    #   For more information about permissions boundaries, see [Permissions
+    #   Boundaries for IAM Identities
+    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
+    #   User Guide*.
+    #   @return [Types::AttachedPermissionsBoundary]
+    #
     # @!attribute [rw] tags
     #   A list of tags that are associated with the specified user. For more
     #   information about tagging, see [Tagging IAM Identities][1] in the
@@ -9904,18 +10539,6 @@ module Aws::IAM
     #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
     #   @return [Array<Types::Tag>]
     #
-    # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy used to set the permissions boundary for the
-    #   user.
-    #
-    #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
-    #   @return [Types::AttachedPermissionsBoundary]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UserDetail AWS API Documentation
     #
     class UserDetail < Struct.new(
@@ -9927,8 +10550,8 @@ module Aws::IAM
       :user_policy_list,
       :group_list,
       :attached_managed_policies,
-      :tags,
-      :permissions_boundary)
+      :permissions_boundary,
+      :tags)
       include Aws::Structure
     end
 
@@ -9939,8 +10562,8 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] base_32_string_seed
-    #   The Base32 seed defined as specified in [RFC3548][1]. The
-    #   `Base32StringSeed` is Base64-encoded.
+    #   The base32 seed defined as specified in [RFC3548][1]. The
+    #   `Base32StringSeed` is base64-encoded.
     #
     #
     #
@@ -9950,10 +10573,10 @@ module Aws::IAM
     # @!attribute [rw] qr_code_png
     #   A QR code PNG image that encodes
     #   `otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String`
-    #   where `$virtualMFADeviceName` is one of the create call arguments,
+    #   where `$virtualMFADeviceName` is one of the create call arguments.
     #   `AccountName` is the user name if set (otherwise, the account ID
-    #   otherwise), and `Base32String` is the seed in Base32 format. The
-    #   `Base32String` value is Base64-encoded.
+    #   otherwise), and `Base32String` is the seed in base32 format. The
+    #   `Base32String` value is base64-encoded.
     #   @return [String]
     #
     # @!attribute [rw] user