aws-sdk-iam 1.123.0 → 1.125.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -95,7 +95,7 @@ module Aws::IAM
95
95
  # class name or an instance of a plugin class.
96
96
  #
97
97
  # @option options [required, Aws::CredentialProvider] :credentials
98
- # Your AWS credentials. This can be an instance of any one of the
98
+ # Your AWS credentials used for authentication. This can be an instance of any one of the
99
99
  # following classes:
100
100
  #
101
101
  # * `Aws::Credentials` - Used for configuring static, non-refreshing
@@ -128,18 +128,23 @@ module Aws::IAM
128
128
  # locations will be searched for credentials:
129
129
  #
130
130
  # * `Aws.config[:credentials]`
131
+ #
131
132
  # * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
132
133
  # `:account_id` options.
133
- # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
134
- # ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
134
+ #
135
+ # * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
136
+ # `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
137
+ #
135
138
  # * `~/.aws/credentials`
139
+ #
136
140
  # * `~/.aws/config`
141
+ #
137
142
  # * EC2/ECS IMDS instance profile - When used by default, the timeouts
138
143
  # are very aggressive. Construct and pass an instance of
139
144
  # `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
140
145
  # enable retries and extended timeouts. Instance profile credential
141
- # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
142
- # to true.
146
+ # fetching can be disabled by setting `ENV['AWS_EC2_METADATA_DISABLED']`
147
+ # to `true`.
143
148
  #
144
149
  # @option options [required, String] :region
145
150
  # The AWS region to connect to. The configured `:region` is
@@ -167,6 +172,11 @@ module Aws::IAM
167
172
  # When false, the request will raise a `RetryCapacityNotAvailableError` and will
168
173
  # not retry instead of sleeping.
169
174
  #
175
+ # @option options [Array<String>] :auth_scheme_preference
176
+ # A list of preferred authentication schemes to use when making a request. Supported values are:
177
+ # `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
178
+ # shared config as `auth_scheme_preference`, the value should be a comma-separated list.
179
+ #
170
180
  # @option options [Boolean] :client_side_monitoring (false)
171
181
  # When `true`, client-side metrics will be collected for all API requests from
172
182
  # this client.
@@ -253,8 +263,8 @@ module Aws::IAM
253
263
  # 4 times. Used in `standard` and `adaptive` retry modes.
254
264
  #
255
265
  # @option options [String] :profile ("default")
256
- # Used when loading credentials from the shared credentials file
257
- # at HOME/.aws/credentials. When not specified, 'default' is used.
266
+ # Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
267
+ # When not specified, 'default' is used.
258
268
  #
259
269
  # @option options [String] :request_checksum_calculation ("when_supported")
260
270
  # Determines when a checksum will be calculated for request payloads. Values are:
@@ -367,7 +377,7 @@ module Aws::IAM
367
377
  # `Aws::Telemetry::OTelProvider` for telemetry provider.
368
378
  #
369
379
  # @option options [Aws::TokenProvider] :token_provider
370
- # A Bearer Token Provider. This can be an instance of any one of the
380
+ # Your Bearer token used for authentication. This can be an instance of any one of the
371
381
  # following classes:
372
382
  #
373
383
  # * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
@@ -479,7 +489,11 @@ module Aws::IAM
479
489
  # @option params [required, String] :open_id_connect_provider_arn
480
490
  # The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC)
481
491
  # provider resource to add the client ID to. You can get a list of OIDC
482
- # provider ARNs by using the ListOpenIDConnectProviders operation.
492
+ # provider ARNs by using the [ListOpenIDConnectProviders][1] operation.
493
+ #
494
+ #
495
+ #
496
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
483
497
  #
484
498
  # @option params [required, String] :client_id
485
499
  # The client ID (also known as audience) to add to the IAM OpenID
@@ -875,14 +889,15 @@ module Aws::IAM
875
889
  # Services Management Console. The Amazon Web Services account root user
876
890
  # password is not affected by this operation.
877
891
  #
878
- # Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or
879
- # the **Users** page in the IAM console to change the password for any
880
- # IAM user. For more information about modifying passwords, see
881
- # [Managing passwords][1] in the *IAM User Guide*.
892
+ # Use [UpdateLoginProfile][1] to use the CLI, the Amazon Web Services
893
+ # API, or the **Users** page in the IAM console to change the password
894
+ # for any IAM user. For more information about modifying passwords, see
895
+ # [Managing passwords][2] in the *IAM User Guide*.
882
896
  #
883
897
  #
884
898
  #
885
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
899
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html
900
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
886
901
  #
887
902
  # @option params [required, String] :old_password
888
903
  # The IAM user's current password.
@@ -1003,7 +1018,7 @@ module Aws::IAM
1003
1018
  #
1004
1019
  # resp.access_key.user_name #=> String
1005
1020
  # resp.access_key.access_key_id #=> String
1006
- # resp.access_key.status #=> String, one of "Active", "Inactive"
1021
+ # resp.access_key.status #=> String, one of "Active", "Inactive", "Expired"
1007
1022
  # resp.access_key.secret_access_key #=> String
1008
1023
  # resp.access_key.create_date #=> Time
1009
1024
  #
@@ -1290,16 +1305,17 @@ module Aws::IAM
1290
1305
  #
1291
1306
  # You can use the CLI, the Amazon Web Services API, or the **Users**
1292
1307
  # page in the IAM console to create a password for any IAM user. Use
1293
- # ChangePassword to update your own existing password in the **My
1308
+ # [ChangePassword][1] to update your own existing password in the **My
1294
1309
  # Security Credentials** page in the Amazon Web Services Management
1295
1310
  # Console.
1296
1311
  #
1297
1312
  # For more information about managing passwords, see [Managing
1298
- # passwords][1] in the *IAM User Guide*.
1313
+ # passwords][2] in the *IAM User Guide*.
1299
1314
  #
1300
1315
  #
1301
1316
  #
1302
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
1317
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
1318
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
1303
1319
  #
1304
1320
  # @option params [String] :user_name
1305
1321
  # The name of the IAM user to create a password for. The user must
@@ -1435,7 +1451,7 @@ module Aws::IAM
1435
1451
  #
1436
1452
  # <note markdown="1"> The trust for the OIDC provider is derived from the IAM provider that
1437
1453
  # this operation creates. Therefore, it is best to limit access to the
1438
- # CreateOpenIDConnectProvider operation to highly privileged users.
1454
+ # [CreateOpenIDConnectProvider][3] operation to highly privileged users.
1439
1455
  #
1440
1456
  # </note>
1441
1457
  #
@@ -1443,6 +1459,7 @@ module Aws::IAM
1443
1459
  #
1444
1460
  # [1]: http://openid.net/connect/
1445
1461
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
1462
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html
1446
1463
  #
1447
1464
  # @option params [required, String] :url
1448
1465
  # The URL of the identity provider. The URL must begin with `https://`
@@ -1733,19 +1750,20 @@ module Aws::IAM
1733
1750
  # Creates a new version of the specified managed policy. To update a
1734
1751
  # managed policy, you create a new policy version. A managed policy can
1735
1752
  # have up to five versions. If the policy has five versions, you must
1736
- # delete an existing version using DeletePolicyVersion before you create
1737
- # a new version.
1753
+ # delete an existing version using [DeletePolicyVersion][1] before you
1754
+ # create a new version.
1738
1755
  #
1739
1756
  # Optionally, you can set the new version as the policy's default
1740
1757
  # version. The default version is the version that is in effect for the
1741
1758
  # IAM users, groups, and roles to which the policy is attached.
1742
1759
  #
1743
1760
  # For more information about managed policy versions, see [Versioning
1744
- # for managed policies][1] in the *IAM User Guide*.
1761
+ # for managed policies][2] in the *IAM User Guide*.
1745
1762
  #
1746
1763
  #
1747
1764
  #
1748
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
1765
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html
1766
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
1749
1767
  #
1750
1768
  # @option params [required, String] :policy_arn
1751
1769
  # The Amazon Resource Name (ARN) of the IAM policy to which you want to
@@ -2250,19 +2268,20 @@ module Aws::IAM
2250
2268
  # You can have a maximum of two sets of service-specific credentials for
2251
2269
  # each supported service per user.
2252
2270
  #
2253
- # You can create service-specific credentials for CodeCommit and Amazon
2254
- # Keyspaces (for Apache Cassandra).
2271
+ # You can create service-specific credentials for Amazon Bedrock,
2272
+ # CodeCommit and Amazon Keyspaces (for Apache Cassandra).
2255
2273
  #
2256
2274
  # You can reset the password to a new service-generated value by calling
2257
- # ResetServiceSpecificCredential.
2275
+ # [ResetServiceSpecificCredential][1].
2258
2276
  #
2259
- # For more information about service-specific credentials, see [Using
2260
- # IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web
2261
- # Services access keys][1] in the *IAM User Guide*.
2277
+ # For more information about service-specific credentials, see
2278
+ # [Service-specific credentials for IAM users][2] in the *IAM User
2279
+ # Guide*.
2262
2280
  #
2263
2281
  #
2264
2282
  #
2265
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html
2283
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html
2284
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bedrock.html
2266
2285
  #
2267
2286
  # @option params [required, String] :user_name
2268
2287
  # The name of the IAM user that is to be associated with the
@@ -2284,6 +2303,11 @@ module Aws::IAM
2284
2303
  # with the credentials. The service you specify here is the only service
2285
2304
  # that can be accessed using these credentials.
2286
2305
  #
2306
+ # @option params [Integer] :credential_age_days
2307
+ # The number of days until the service specific credential expires. This
2308
+ # field is only valid for Bedrock API keys and must be a positive
2309
+ # integer. When not specified, the credential will not expire.
2310
+ #
2287
2311
  # @return [Types::CreateServiceSpecificCredentialResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2288
2312
  #
2289
2313
  # * {Types::CreateServiceSpecificCredentialResponse#service_specific_credential #service_specific_credential} => Types::ServiceSpecificCredential
@@ -2293,17 +2317,21 @@ module Aws::IAM
2293
2317
  # resp = client.create_service_specific_credential({
2294
2318
  # user_name: "userNameType", # required
2295
2319
  # service_name: "serviceName", # required
2320
+ # credential_age_days: 1,
2296
2321
  # })
2297
2322
  #
2298
2323
  # @example Response structure
2299
2324
  #
2300
2325
  # resp.service_specific_credential.create_date #=> Time
2326
+ # resp.service_specific_credential.expiration_date #=> Time
2301
2327
  # resp.service_specific_credential.service_name #=> String
2302
2328
  # resp.service_specific_credential.service_user_name #=> String
2303
2329
  # resp.service_specific_credential.service_password #=> String
2330
+ # resp.service_specific_credential.service_credential_alias #=> String
2331
+ # resp.service_specific_credential.service_credential_secret #=> String
2304
2332
  # resp.service_specific_credential.service_specific_credential_id #=> String
2305
2333
  # resp.service_specific_credential.user_name #=> String
2306
- # resp.service_specific_credential.status #=> String, one of "Active", "Inactive"
2334
+ # resp.service_specific_credential.status #=> String, one of "Active", "Inactive", "Expired"
2307
2335
  #
2308
2336
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceSpecificCredential AWS API Documentation
2309
2337
  #
@@ -2445,13 +2473,13 @@ module Aws::IAM
2445
2473
  end
2446
2474
 
2447
2475
  # Creates a new virtual MFA device for the Amazon Web Services account.
2448
- # After creating the virtual MFA, use EnableMFADevice to attach the MFA
2449
- # device to an IAM user. For more information about creating and working
2450
- # with virtual MFA devices, see [Using a virtual MFA device][1] in the
2451
- # *IAM User Guide*.
2476
+ # After creating the virtual MFA, use [EnableMFADevice][1] to attach the
2477
+ # MFA device to an IAM user. For more information about creating and
2478
+ # working with virtual MFA devices, see [Using a virtual MFA device][2]
2479
+ # in the *IAM User Guide*.
2452
2480
  #
2453
2481
  # For information about the maximum number of MFA devices you can
2454
- # create, see [IAM and STS quotas][2] in the *IAM User Guide*.
2482
+ # create, see [IAM and STS quotas][3] in the *IAM User Guide*.
2455
2483
  #
2456
2484
  # The seed information contained in the QR code and the Base32 string
2457
2485
  # should be treated like any other secret access information. In other
@@ -2462,8 +2490,9 @@ module Aws::IAM
2462
2490
  #
2463
2491
  #
2464
2492
  #
2465
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
2466
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
2493
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html
2494
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
2495
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
2467
2496
  #
2468
2497
  # @option params [String] :path
2469
2498
  # The path for the virtual MFA device. For more information about paths,
@@ -2786,13 +2815,14 @@ module Aws::IAM
2786
2815
  # IAM group.
2787
2816
  #
2788
2817
  # A group can also have managed policies attached to it. To detach a
2789
- # managed policy from a group, use DetachGroupPolicy. For more
2818
+ # managed policy from a group, use [DetachGroupPolicy][1]. For more
2790
2819
  # information about policies, refer to [Managed policies and inline
2791
- # policies][1] in the *IAM User Guide*.
2820
+ # policies][2] in the *IAM User Guide*.
2792
2821
  #
2793
2822
  #
2794
2823
  #
2795
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
2824
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html
2825
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
2796
2826
  #
2797
2827
  # @option params [required, String] :group_name
2798
2828
  # The name (friendly name, not ARN) identifying the group that the
@@ -2900,24 +2930,28 @@ module Aws::IAM
2900
2930
  req.send_request(options)
2901
2931
  end
2902
2932
 
2903
- # Deletes the password for the specified IAM user, For more information,
2904
- # see [Managing passwords for IAM users][1].
2933
+ # Deletes the password for the specified IAM user or root user, For more
2934
+ # information, see [Managing passwords for IAM users][1].
2905
2935
  #
2906
2936
  # You can use the CLI, the Amazon Web Services API, or the **Users**
2907
2937
  # page in the IAM console to delete a password for any IAM user. You can
2908
- # use ChangePassword to update, but not delete, your own password in the
2909
- # **My Security Credentials** page in the Amazon Web Services Management
2910
- # Console.
2938
+ # use [ChangePassword][2] to update, but not delete, your own password
2939
+ # in the **My Security Credentials** page in the Amazon Web Services
2940
+ # Management Console.
2911
2941
  #
2912
2942
  # Deleting a user's password does not prevent a user from accessing
2913
2943
  # Amazon Web Services through the command line interface or the API. To
2914
2944
  # prevent all user access, you must also either make any access keys
2915
2945
  # inactive or delete them. For more information about making keys
2916
- # inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
2946
+ # inactive or deleting them, see [UpdateAccessKey][3] and
2947
+ # [DeleteAccessKey][4].
2917
2948
  #
2918
2949
  #
2919
2950
  #
2920
2951
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html
2952
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
2953
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html
2954
+ # [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html
2921
2955
  #
2922
2956
  # @option params [String] :user_name
2923
2957
  # The name of the user whose password you want to delete.
@@ -2976,9 +3010,13 @@ module Aws::IAM
2976
3010
  # @option params [required, String] :open_id_connect_provider_arn
2977
3011
  # The Amazon Resource Name (ARN) of the IAM OpenID Connect provider
2978
3012
  # resource object to delete. You can get a list of OpenID Connect
2979
- # provider resource ARNs by using the ListOpenIDConnectProviders
3013
+ # provider resource ARNs by using the [ListOpenIDConnectProviders][1]
2980
3014
  # operation.
2981
3015
  #
3016
+ #
3017
+ #
3018
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
3019
+ #
2982
3020
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2983
3021
  #
2984
3022
  # @example Request syntax with placeholder values
@@ -3004,25 +3042,31 @@ module Aws::IAM
3004
3042
  # steps describe the process for deleting a managed policy:
3005
3043
  #
3006
3044
  # * Detach the policy from all users, groups, and roles that the policy
3007
- # is attached to, using DetachUserPolicy, DetachGroupPolicy, or
3008
- # DetachRolePolicy. To list all the users, groups, and roles that a
3009
- # policy is attached to, use ListEntitiesForPolicy.
3010
- #
3011
- # * Delete all versions of the policy using DeletePolicyVersion. To list
3012
- # the policy's versions, use ListPolicyVersions. You cannot use
3013
- # DeletePolicyVersion to delete the version that is marked as the
3014
- # default version. You delete the policy's default version in the
3045
+ # is attached to, using [DetachUserPolicy][1], [DetachGroupPolicy][2],
3046
+ # or [DetachRolePolicy][3]. To list all the users, groups, and roles
3047
+ # that a policy is attached to, use [ListEntitiesForPolicy][4].
3048
+ #
3049
+ # * Delete all versions of the policy using [DeletePolicyVersion][5]. To
3050
+ # list the policy's versions, use [ListPolicyVersions][6]. You cannot
3051
+ # use [DeletePolicyVersion][5] to delete the version that is marked as
3052
+ # the default version. You delete the policy's default version in the
3015
3053
  # next step of the process.
3016
3054
  #
3017
3055
  # * Delete the policy (this automatically deletes the policy's default
3018
3056
  # version) using this operation.
3019
3057
  #
3020
3058
  # For information about managed policies, see [Managed policies and
3021
- # inline policies][1] in the *IAM User Guide*.
3059
+ # inline policies][7] in the *IAM User Guide*.
3022
3060
  #
3023
3061
  #
3024
3062
  #
3025
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3063
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
3064
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html
3065
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
3066
+ # [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
3067
+ # [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html
3068
+ # [6]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
3069
+ # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3026
3070
  #
3027
3071
  # @option params [required, String] :policy_arn
3028
3072
  # The Amazon Resource Name (ARN) of the IAM policy you want to delete.
@@ -3055,15 +3099,17 @@ module Aws::IAM
3055
3099
  #
3056
3100
  # You cannot delete the default version from a policy using this
3057
3101
  # operation. To delete the default version from a policy, use
3058
- # DeletePolicy. To find out which version of a policy is marked as the
3059
- # default version, use ListPolicyVersions.
3102
+ # [DeletePolicy][1]. To find out which version of a policy is marked as
3103
+ # the default version, use [ListPolicyVersions][2].
3060
3104
  #
3061
3105
  # For information about versions for managed policies, see [Versioning
3062
- # for managed policies][1] in the *IAM User Guide*.
3106
+ # for managed policies][3] in the *IAM User Guide*.
3063
3107
  #
3064
3108
  #
3065
3109
  #
3066
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
3110
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html
3111
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
3112
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
3067
3113
  #
3068
3114
  # @option params [required, String] :policy_arn
3069
3115
  # The Amazon Resource Name (ARN) of the IAM policy from which you want
@@ -3116,14 +3162,14 @@ module Aws::IAM
3116
3162
  # information, see [Deleting an IAM role][1]. Before attempting to
3117
3163
  # delete a role, remove the following attached items:
3118
3164
  #
3119
- # * Inline policies (DeleteRolePolicy)
3165
+ # * Inline policies ([DeleteRolePolicy][2])
3120
3166
  #
3121
- # * Attached managed policies (DetachRolePolicy)
3167
+ # * Attached managed policies ([DetachRolePolicy][3])
3122
3168
  #
3123
- # * Instance profile (RemoveRoleFromInstanceProfile)
3169
+ # * Instance profile ([RemoveRoleFromInstanceProfile][4])
3124
3170
  #
3125
3171
  # * Optional – Delete instance profile after detaching from role for
3126
- # resource clean up (DeleteInstanceProfile)
3172
+ # resource clean up ([DeleteInstanceProfile][5])
3127
3173
  #
3128
3174
  # Make sure that you do not have any Amazon EC2 instances running with
3129
3175
  # the role you are about to delete. Deleting a role or instance profile
@@ -3133,6 +3179,10 @@ module Aws::IAM
3133
3179
  #
3134
3180
  #
3135
3181
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli
3182
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html
3183
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
3184
+ # [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html
3185
+ # [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html
3136
3186
  #
3137
3187
  # @option params [required, String] :role_name
3138
3188
  # The name of the role to delete.
@@ -3205,13 +3255,14 @@ module Aws::IAM
3205
3255
  # IAM role.
3206
3256
  #
3207
3257
  # A role can also have managed policies attached to it. To detach a
3208
- # managed policy from a role, use DetachRolePolicy. For more information
3209
- # about policies, refer to [Managed policies and inline policies][1] in
3210
- # the *IAM User Guide*.
3258
+ # managed policy from a role, use [DetachRolePolicy][1]. For more
3259
+ # information about policies, refer to [Managed policies and inline
3260
+ # policies][2] in the *IAM User Guide*.
3211
3261
  #
3212
3262
  #
3213
3263
  #
3214
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3264
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
3265
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3215
3266
  #
3216
3267
  # @option params [required, String] :role_name
3217
3268
  # The name (friendly name, not ARN) identifying the role that the policy
@@ -3415,23 +3466,24 @@ module Aws::IAM
3415
3466
  #
3416
3467
  # If you submit a deletion request for a service-linked role whose
3417
3468
  # linked service is still accessing a resource, then the deletion task
3418
- # fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation
3419
- # returns the reason for the failure, usually including the resources
3420
- # that must be deleted. To delete the service-linked role, you must
3421
- # first remove those resources from the linked service and then submit
3422
- # the deletion request again. Resources are specific to the service that
3423
- # is linked to the role. For more information about removing resources
3424
- # from a service, see the [Amazon Web Services documentation][1] for
3425
- # your service.
3469
+ # fails. If it fails, the [GetServiceLinkedRoleDeletionStatus][1]
3470
+ # operation returns the reason for the failure, usually including the
3471
+ # resources that must be deleted. To delete the service-linked role, you
3472
+ # must first remove those resources from the linked service and then
3473
+ # submit the deletion request again. Resources are specific to the
3474
+ # service that is linked to the role. For more information about
3475
+ # removing resources from a service, see the [Amazon Web Services
3476
+ # documentation][2] for your service.
3426
3477
  #
3427
3478
  # For more information about service-linked roles, see [Roles terms and
3428
- # concepts: Amazon Web Services service-linked role][2] in the *IAM User
3479
+ # concepts: Amazon Web Services service-linked role][3] in the *IAM User
3429
3480
  # Guide*.
3430
3481
  #
3431
3482
  #
3432
3483
  #
3433
- # [1]: http://docs.aws.amazon.com/
3434
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role
3484
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html
3485
+ # [2]: http://docs.aws.amazon.com/
3486
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role
3435
3487
  #
3436
3488
  # @option params [required, String] :role_name
3437
3489
  # The name of the service-linked role to be deleted.
@@ -3477,15 +3529,16 @@ module Aws::IAM
3477
3529
  #
3478
3530
  # @option params [required, String] :service_specific_credential_id
3479
3531
  # The unique identifier of the service-specific credential. You can get
3480
- # this value by calling ListServiceSpecificCredentials.
3532
+ # this value by calling [ListServiceSpecificCredentials][1].
3481
3533
  #
3482
- # This parameter allows (through its [regex pattern][1]) a string of
3534
+ # This parameter allows (through its [regex pattern][2]) a string of
3483
3535
  # characters that can consist of any upper or lowercased letter or
3484
3536
  # digit.
3485
3537
  #
3486
3538
  #
3487
3539
  #
3488
- # [1]: http://wikipedia.org/wiki/regex
3540
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html
3541
+ # [2]: http://wikipedia.org/wiki/regex
3489
3542
  #
3490
3543
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3491
3544
  #
@@ -3571,28 +3624,38 @@ module Aws::IAM
3571
3624
  # For more information, see [Deleting an IAM user][1]. Before attempting
3572
3625
  # to delete a user, remove the following items:
3573
3626
  #
3574
- # * Password (DeleteLoginProfile)
3627
+ # * Password ([DeleteLoginProfile][2])
3575
3628
  #
3576
- # * Access keys (DeleteAccessKey)
3629
+ # * Access keys ([DeleteAccessKey][3])
3577
3630
  #
3578
- # * Signing certificate (DeleteSigningCertificate)
3631
+ # * Signing certificate ([DeleteSigningCertificate][4])
3579
3632
  #
3580
- # * SSH public key (DeleteSSHPublicKey)
3633
+ # * SSH public key ([DeleteSSHPublicKey][5])
3581
3634
  #
3582
- # * Git credentials (DeleteServiceSpecificCredential)
3635
+ # * Git credentials ([DeleteServiceSpecificCredential][6])
3583
3636
  #
3584
- # * Multi-factor authentication (MFA) device (DeactivateMFADevice,
3585
- # DeleteVirtualMFADevice)
3637
+ # * Multi-factor authentication (MFA) device ([DeactivateMFADevice][7],
3638
+ # [DeleteVirtualMFADevice][8])
3586
3639
  #
3587
- # * Inline policies (DeleteUserPolicy)
3640
+ # * Inline policies ([DeleteUserPolicy][9])
3588
3641
  #
3589
- # * Attached managed policies (DetachUserPolicy)
3642
+ # * Attached managed policies ([DetachUserPolicy][10])
3590
3643
  #
3591
- # * Group memberships (RemoveUserFromGroup)
3644
+ # * Group memberships ([RemoveUserFromGroup][11])
3592
3645
  #
3593
3646
  #
3594
3647
  #
3595
3648
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli
3649
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteLoginProfile.html
3650
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html
3651
+ # [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSigningCertificate.html
3652
+ # [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSSHPublicKey.html
3653
+ # [6]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceSpecificCredential.html
3654
+ # [7]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html
3655
+ # [8]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteVirtualMFADevice.html
3656
+ # [9]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html
3657
+ # [10]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
3658
+ # [11]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveUserFromGroup.html
3596
3659
  #
3597
3660
  # @option params [required, String] :user_name
3598
3661
  # The name of the user to delete.
@@ -3663,13 +3726,14 @@ module Aws::IAM
3663
3726
  # IAM user.
3664
3727
  #
3665
3728
  # A user can also have managed policies attached to it. To detach a
3666
- # managed policy from a user, use DetachUserPolicy. For more information
3667
- # about policies, refer to [Managed policies and inline policies][1] in
3668
- # the *IAM User Guide*.
3729
+ # managed policy from a user, use [DetachUserPolicy][1]. For more
3730
+ # information about policies, refer to [Managed policies and inline
3731
+ # policies][2] in the *IAM User Guide*.
3669
3732
  #
3670
3733
  #
3671
3734
  #
3672
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3735
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
3736
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3673
3737
  #
3674
3738
  # @option params [required, String] :user_name
3675
3739
  # The name (friendly name, not ARN) identifying the user that the policy
@@ -3728,10 +3792,14 @@ module Aws::IAM
3728
3792
  #
3729
3793
  # <note markdown="1"> You must deactivate a user's virtual MFA device before you can delete
3730
3794
  # it. For information about deactivating MFA devices, see
3731
- # DeactivateMFADevice.
3795
+ # [DeactivateMFADevice][1].
3732
3796
  #
3733
3797
  # </note>
3734
3798
  #
3799
+ #
3800
+ #
3801
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html
3802
+ #
3735
3803
  # @option params [required, String] :serial_number
3736
3804
  # The serial number that uniquely identifies the MFA device. For virtual
3737
3805
  # MFA devices, the serial number is the same as the ARN.
@@ -3774,12 +3842,14 @@ module Aws::IAM
3774
3842
  # Removes the specified managed policy from the specified IAM group.
3775
3843
  #
3776
3844
  # A group can also have inline policies embedded with it. To delete an
3777
- # inline policy, use DeleteGroupPolicy. For information about policies,
3778
- # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3845
+ # inline policy, use [DeleteGroupPolicy][1]. For information about
3846
+ # policies, see [Managed policies and inline policies][2] in the *IAM
3847
+ # User Guide*.
3779
3848
  #
3780
3849
  #
3781
3850
  #
3782
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3851
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html
3852
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3783
3853
  #
3784
3854
  # @option params [required, String] :group_name
3785
3855
  # The name (friendly name, not ARN) of the IAM group to detach the
@@ -3825,12 +3895,14 @@ module Aws::IAM
3825
3895
  # Removes the specified managed policy from the specified role.
3826
3896
  #
3827
3897
  # A role can also have inline policies embedded with it. To delete an
3828
- # inline policy, use DeleteRolePolicy. For information about policies,
3829
- # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3898
+ # inline policy, use [DeleteRolePolicy][1]. For information about
3899
+ # policies, see [Managed policies and inline policies][2] in the *IAM
3900
+ # User Guide*.
3830
3901
  #
3831
3902
  #
3832
3903
  #
3833
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3904
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html
3905
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3834
3906
  #
3835
3907
  # @option params [required, String] :role_name
3836
3908
  # The name (friendly name, not ARN) of the IAM role to detach the policy
@@ -3876,12 +3948,14 @@ module Aws::IAM
3876
3948
  # Removes the specified managed policy from the specified user.
3877
3949
  #
3878
3950
  # A user can also have inline policies embedded with it. To delete an
3879
- # inline policy, use DeleteUserPolicy. For information about policies,
3880
- # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3951
+ # inline policy, use [DeleteUserPolicy][1]. For information about
3952
+ # policies, see [Managed policies and inline policies][2] in the *IAM
3953
+ # User Guide*.
3881
3954
  #
3882
3955
  #
3883
3956
  #
3884
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3957
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html
3958
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
3885
3959
  #
3886
3960
  # @option params [required, String] :user_name
3887
3961
  # The name (friendly name, not ARN) of the IAM user to detach the policy
@@ -4446,7 +4520,7 @@ module Aws::IAM
4446
4520
  # Use this parameter in the following operations to retrieve the
4447
4521
  # following details from your report:
4448
4522
  #
4449
- # * GetServiceLastAccessedDetails – Use this operation for users,
4523
+ # * [GetServiceLastAccessedDetails][4] – Use this operation for users,
4450
4524
  # groups, roles, or policies to list every Amazon Web Services service
4451
4525
  # that the resource could access using permissions policies. For each
4452
4526
  # service, the response includes information about the most recent
@@ -4456,8 +4530,8 @@ module Aws::IAM
4456
4530
  # used by the same role within a session, or by the same user when
4457
4531
  # used to call `GetServiceLastAccessedDetail`.
4458
4532
  #
4459
- # * GetServiceLastAccessedDetailsWithEntities – Use this operation for
4460
- # groups and policies to list information about the associated
4533
+ # * [GetServiceLastAccessedDetailsWithEntities][5] – Use this operation
4534
+ # for groups and policies to list information about the associated
4461
4535
  # entities (users or roles) that attempted to access a specific Amazon
4462
4536
  # Web Services service.
4463
4537
  #
@@ -4467,20 +4541,20 @@ module Aws::IAM
4467
4541
  #
4468
4542
  # For additional information about the permissions policies that allow
4469
4543
  # an identity (user, group, or role) to access specific services, use
4470
- # the ListPoliciesGrantingServiceAccess operation.
4544
+ # the [ListPoliciesGrantingServiceAccess][6] operation.
4471
4545
  #
4472
4546
  # <note markdown="1"> Service last accessed data does not use other policy types when
4473
4547
  # determining whether a resource could access a service. These other
4474
4548
  # policy types include resource-based policies, access control lists,
4475
4549
  # Organizations policies, IAM permissions boundaries, and STS assume
4476
4550
  # role policies. It only applies permissions policy logic. For more
4477
- # about the evaluation of policy types, see [Evaluating policies][4] in
4551
+ # about the evaluation of policy types, see [Evaluating policies][7] in
4478
4552
  # the *IAM User Guide*.
4479
4553
  #
4480
4554
  # </note>
4481
4555
  #
4482
4556
  # For more information about service and action last accessed data, see
4483
- # [Reducing permissions using service last accessed data][5] in the *IAM
4557
+ # [Reducing permissions using service last accessed data][8] in the *IAM
4484
4558
  # User Guide*.
4485
4559
  #
4486
4560
  #
@@ -4488,8 +4562,11 @@ module Aws::IAM
4488
4562
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
4489
4563
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-action-last-accessed.html
4490
4564
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
4491
- # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
4492
- # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
4565
+ # [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html
4566
+ # [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html
4567
+ # [6]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html
4568
+ # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
4569
+ # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
4493
4570
  #
4494
4571
  # @option params [required, String] :arn
4495
4572
  # The ARN of the IAM resource (user, group, role, or managed policy)
@@ -4595,7 +4672,8 @@ module Aws::IAM
4595
4672
  # [RFC 3986][1]. You can use a URL decoding method to convert the policy
4596
4673
  # back to plain JSON text. For example, if you use Java, you can use the
4597
4674
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
4598
- # SDK. Other languages and SDKs provide similar functionality.
4675
+ # SDK. Other languages and SDKs provide similar functionality, and some
4676
+ # SDKs do this decoding automatically.
4599
4677
  #
4600
4678
  # </note>
4601
4679
  #
@@ -4890,16 +4968,21 @@ module Aws::IAM
4890
4968
  # Gets a list of all of the context keys referenced in the input
4891
4969
  # policies. The policies are supplied as a list of one or more strings.
4892
4970
  # To get the context keys from policies associated with an IAM user,
4893
- # group, or role, use GetContextKeysForPrincipalPolicy.
4971
+ # group, or role, use [GetContextKeysForPrincipalPolicy][1].
4894
4972
  #
4895
4973
  # Context keys are variables maintained by Amazon Web Services and its
4896
4974
  # services that provide details about the context of an API query
4897
4975
  # request. Context keys can be evaluated by testing against a value
4898
4976
  # specified in an IAM policy. Use `GetContextKeysForCustomPolicy` to
4899
4977
  # understand what key names and values you must supply when you call
4900
- # SimulateCustomPolicy. Note that all parameters are shown in unencoded
4901
- # form here for clarity but must be URL encoded to be included as a part
4902
- # of a real HTML request.
4978
+ # [SimulateCustomPolicy][2]. Note that all parameters are shown in
4979
+ # unencoded form here for clarity but must be URL encoded to be included
4980
+ # as a part of a real HTML request.
4981
+ #
4982
+ #
4983
+ #
4984
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
4985
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html
4903
4986
  #
4904
4987
  # @option params [required, Array<String>] :policy_input_list
4905
4988
  # A list of policies for which you want the list of context keys
@@ -4954,19 +5037,25 @@ module Aws::IAM
4954
5037
  #
4955
5038
  # You can optionally include a list of one or more additional policies,
4956
5039
  # specified as strings. If you want to include *only* a list of policies
4957
- # by string, use GetContextKeysForCustomPolicy instead.
5040
+ # by string, use [GetContextKeysForCustomPolicy][1] instead.
4958
5041
  #
4959
5042
  # **Note:** This operation discloses information about the permissions
4960
5043
  # granted to other users. If you do not want users to see other user's
4961
5044
  # permissions, then consider allowing them to use
4962
- # GetContextKeysForCustomPolicy instead.
5045
+ # [GetContextKeysForCustomPolicy][1] instead.
4963
5046
  #
4964
5047
  # Context keys are variables maintained by Amazon Web Services and its
4965
5048
  # services that provide details about the context of an API query
4966
5049
  # request. Context keys can be evaluated by testing against a value in
4967
- # an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what
4968
- # key names and values you must supply when you call
4969
- # SimulatePrincipalPolicy.
5050
+ # an IAM policy. Use [GetContextKeysForPrincipalPolicy][2] to understand
5051
+ # what key names and values you must supply when you call
5052
+ # [SimulatePrincipalPolicy][3].
5053
+ #
5054
+ #
5055
+ #
5056
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html
5057
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
5058
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html
4970
5059
  #
4971
5060
  # @option params [required, String] :policy_source_arn
4972
5061
  # The ARN of a user, group, or role whose policies contain the context
@@ -5146,22 +5235,25 @@ module Aws::IAM
5146
5235
  # [RFC 3986][1]. You can use a URL decoding method to convert the policy
5147
5236
  # back to plain JSON text. For example, if you use Java, you can use the
5148
5237
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5149
- # SDK. Other languages and SDKs provide similar functionality.
5238
+ # SDK. Other languages and SDKs provide similar functionality, and some
5239
+ # SDKs do this decoding automatically.
5150
5240
  #
5151
5241
  # </note>
5152
5242
  #
5153
5243
  # An IAM group can also have managed policies attached to it. To
5154
5244
  # retrieve a managed policy document that is attached to a group, use
5155
- # GetPolicy to determine the policy's default version, then use
5156
- # GetPolicyVersion to retrieve the policy document.
5245
+ # [GetPolicy][2] to determine the policy's default version, then use
5246
+ # [GetPolicyVersion][3] to retrieve the policy document.
5157
5247
  #
5158
5248
  # For more information about policies, see [Managed policies and inline
5159
- # policies][2] in the *IAM User Guide*.
5249
+ # policies][4] in the *IAM User Guide*.
5160
5250
  #
5161
5251
  #
5162
5252
  #
5163
5253
  # [1]: https://tools.ietf.org/html/rfc3986
5164
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
5254
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
5255
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
5256
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
5165
5257
  #
5166
5258
  # @option params [required, String] :group_name
5167
5259
  # The name of the group the policy is associated with.
@@ -5443,14 +5535,15 @@ module Aws::IAM
5443
5535
  # @option params [required, String] :open_id_connect_provider_arn
5444
5536
  # The Amazon Resource Name (ARN) of the OIDC provider resource object in
5445
5537
  # IAM to get information for. You can get a list of OIDC provider
5446
- # resource ARNs by using the ListOpenIDConnectProviders operation.
5538
+ # resource ARNs by using the [ListOpenIDConnectProviders][1] operation.
5447
5539
  #
5448
- # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5540
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][2]
5449
5541
  # in the *Amazon Web Services General Reference*.
5450
5542
  #
5451
5543
  #
5452
5544
  #
5453
- # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
5545
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
5546
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
5454
5547
  #
5455
5548
  # @return [Types::GetOpenIDConnectProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5456
5549
  #
@@ -5494,13 +5587,13 @@ module Aws::IAM
5494
5587
  #
5495
5588
  # Depending on the parameters that you passed when you generated the
5496
5589
  # report, the data returned could include different information. For
5497
- # details, see GenerateOrganizationsAccessReport.
5590
+ # details, see [GenerateOrganizationsAccessReport][1].
5498
5591
  #
5499
5592
  # To call this operation, you must be signed in to the management
5500
5593
  # account in your organization. SCPs must be enabled for your
5501
5594
  # organization root. You must have permissions to perform this
5502
5595
  # operation. For more information, see [Refining permissions using
5503
- # service last accessed data][1] in the *IAM User Guide*.
5596
+ # service last accessed data][2] in the *IAM User Guide*.
5504
5597
  #
5505
5598
  # For each service that principals in an account (root user, IAM users,
5506
5599
  # or IAM roles) could access using SCPs, the operation returns details
@@ -5513,11 +5606,16 @@ module Aws::IAM
5513
5606
  #
5514
5607
  #
5515
5608
  #
5516
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
5609
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html
5610
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
5517
5611
  #
5518
5612
  # @option params [required, String] :job_id
5519
5613
  # The identifier of the request generated by the
5520
- # GenerateOrganizationsAccessReport operation.
5614
+ # [GenerateOrganizationsAccessReport][1] operation.
5615
+ #
5616
+ #
5617
+ #
5618
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html
5521
5619
  #
5522
5620
  # @option params [Integer] :max_items
5523
5621
  # Use this only when paginating results to indicate the maximum number
@@ -5636,21 +5734,26 @@ module Aws::IAM
5636
5734
  # the policy's default version and the total number of IAM users,
5637
5735
  # groups, and roles to which the policy is attached. To retrieve the
5638
5736
  # list of the specific users, groups, and roles that the policy is
5639
- # attached to, use ListEntitiesForPolicy. This operation returns
5737
+ # attached to, use [ListEntitiesForPolicy][1]. This operation returns
5640
5738
  # metadata about the policy. To retrieve the actual policy document for
5641
- # a specific version of the policy, use GetPolicyVersion.
5739
+ # a specific version of the policy, use [GetPolicyVersion][2].
5642
5740
  #
5643
5741
  # This operation retrieves information about managed policies. To
5644
5742
  # retrieve information about an inline policy that is embedded with an
5645
- # IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or
5646
- # GetRolePolicy.
5743
+ # IAM user, group, or role, use [GetUserPolicy][3], [GetGroupPolicy][4],
5744
+ # or [GetRolePolicy][5].
5647
5745
  #
5648
5746
  # For more information about policies, see [Managed policies and inline
5649
- # policies][1] in the *IAM User Guide*.
5747
+ # policies][6] in the *IAM User Guide*.
5650
5748
  #
5651
5749
  #
5652
5750
  #
5653
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
5751
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
5752
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
5753
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html
5754
+ # [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html
5755
+ # [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html
5756
+ # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
5654
5757
  #
5655
5758
  # @option params [required, String] :policy_arn
5656
5759
  # The Amazon Resource Name (ARN) of the managed policy that you want
@@ -5711,28 +5814,34 @@ module Aws::IAM
5711
5814
  # [RFC 3986][1]. You can use a URL decoding method to convert the policy
5712
5815
  # back to plain JSON text. For example, if you use Java, you can use the
5713
5816
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5714
- # SDK. Other languages and SDKs provide similar functionality.
5817
+ # SDK. Other languages and SDKs provide similar functionality, and some
5818
+ # SDKs do this decoding automatically.
5715
5819
  #
5716
5820
  # </note>
5717
5821
  #
5718
- # To list the available versions for a policy, use ListPolicyVersions.
5822
+ # To list the available versions for a policy, use
5823
+ # [ListPolicyVersions][2].
5719
5824
  #
5720
5825
  # This operation retrieves information about managed policies. To
5721
5826
  # retrieve information about an inline policy that is embedded in a
5722
- # user, group, or role, use GetUserPolicy, GetGroupPolicy, or
5723
- # GetRolePolicy.
5827
+ # user, group, or role, use [GetUserPolicy][3], [GetGroupPolicy][4], or
5828
+ # [GetRolePolicy][5].
5724
5829
  #
5725
5830
  # For more information about the types of policies, see [Managed
5726
- # policies and inline policies][2] in the *IAM User Guide*.
5831
+ # policies and inline policies][6] in the *IAM User Guide*.
5727
5832
  #
5728
5833
  # For more information about managed policy versions, see [Versioning
5729
- # for managed policies][3] in the *IAM User Guide*.
5834
+ # for managed policies][7] in the *IAM User Guide*.
5730
5835
  #
5731
5836
  #
5732
5837
  #
5733
5838
  # [1]: https://tools.ietf.org/html/rfc3986
5734
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
5735
- # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
5839
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
5840
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html
5841
+ # [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html
5842
+ # [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html
5843
+ # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
5844
+ # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
5736
5845
  #
5737
5846
  # @option params [required, String] :policy_arn
5738
5847
  # The Amazon Resource Name (ARN) of the managed policy that you want
@@ -5793,7 +5902,8 @@ module Aws::IAM
5793
5902
  # [RFC 3986][2]. You can use a URL decoding method to convert the policy
5794
5903
  # back to plain JSON text. For example, if you use Java, you can use the
5795
5904
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5796
- # SDK. Other languages and SDKs provide similar functionality.
5905
+ # SDK. Other languages and SDKs provide similar functionality, and some
5906
+ # SDKs do this decoding automatically.
5797
5907
  #
5798
5908
  # </note>
5799
5909
  #
@@ -5889,26 +5999,29 @@ module Aws::IAM
5889
5999
  # [RFC 3986][1]. You can use a URL decoding method to convert the policy
5890
6000
  # back to plain JSON text. For example, if you use Java, you can use the
5891
6001
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5892
- # SDK. Other languages and SDKs provide similar functionality.
6002
+ # SDK. Other languages and SDKs provide similar functionality, and some
6003
+ # SDKs do this decoding automatically.
5893
6004
  #
5894
6005
  # </note>
5895
6006
  #
5896
6007
  # An IAM role can also have managed policies attached to it. To retrieve
5897
- # a managed policy document that is attached to a role, use GetPolicy to
5898
- # determine the policy's default version, then use GetPolicyVersion to
5899
- # retrieve the policy document.
6008
+ # a managed policy document that is attached to a role, use
6009
+ # [GetPolicy][2] to determine the policy's default version, then use
6010
+ # [GetPolicyVersion][3] to retrieve the policy document.
5900
6011
  #
5901
6012
  # For more information about policies, see [Managed policies and inline
5902
- # policies][2] in the *IAM User Guide*.
6013
+ # policies][4] in the *IAM User Guide*.
5903
6014
  #
5904
- # For more information about roles, see [IAM roles][3] in the *IAM User
6015
+ # For more information about roles, see [IAM roles][5] in the *IAM User
5905
6016
  # Guide*.
5906
6017
  #
5907
6018
  #
5908
6019
  #
5909
6020
  # [1]: https://tools.ietf.org/html/rfc3986
5910
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
5911
- # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
6021
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
6022
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
6023
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
6024
+ # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
5912
6025
  #
5913
6026
  # @option params [required, String] :role_name
5914
6027
  # The name of the role associated with the policy.
@@ -6082,7 +6195,7 @@ module Aws::IAM
6082
6195
  # resp.ssh_public_key.ssh_public_key_id #=> String
6083
6196
  # resp.ssh_public_key.fingerprint #=> String
6084
6197
  # resp.ssh_public_key.ssh_public_key_body #=> String
6085
- # resp.ssh_public_key.status #=> String, one of "Active", "Inactive"
6198
+ # resp.ssh_public_key.status #=> String, one of "Active", "Inactive", "Expired"
6086
6199
  # resp.ssh_public_key.upload_date #=> Time
6087
6200
  #
6088
6201
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSSHPublicKey AWS API Documentation
@@ -6211,11 +6324,15 @@ module Aws::IAM
6211
6324
  #
6212
6325
  # @option params [required, String] :job_id
6213
6326
  # The ID of the request generated by the
6214
- # GenerateServiceLastAccessedDetails operation. The `JobId` returned by
6215
- # `GenerateServiceLastAccessedDetail` must be used by the same role
6216
- # within a session, or by the same user when used to call
6327
+ # [GenerateServiceLastAccessedDetails][1] operation. The `JobId`
6328
+ # returned by `GenerateServiceLastAccessedDetail` must be used by the
6329
+ # same role within a session, or by the same user when used to call
6217
6330
  # `GetServiceLastAccessedDetail`.
6218
6331
  #
6332
+ #
6333
+ #
6334
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateServiceLastAccessedDetails.html
6335
+ #
6219
6336
  # @option params [Integer] :max_items
6220
6337
  # Use this only when paginating results to indicate the maximum number
6221
6338
  # of items you want in the response. If additional items exist beyond
@@ -6464,17 +6581,25 @@ module Aws::IAM
6464
6581
  end
6465
6582
 
6466
6583
  # Retrieves the status of your service-linked role deletion. After you
6467
- # use DeleteServiceLinkedRole to submit a service-linked role for
6584
+ # use [DeleteServiceLinkedRole][1] to submit a service-linked role for
6468
6585
  # deletion, you can use the `DeletionTaskId` parameter in
6469
6586
  # `GetServiceLinkedRoleDeletionStatus` to check the status of the
6470
6587
  # deletion. If the deletion fails, this operation returns the reason
6471
6588
  # that it failed, if that information is returned by the service.
6472
6589
  #
6590
+ #
6591
+ #
6592
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html
6593
+ #
6473
6594
  # @option params [required, String] :deletion_task_id
6474
6595
  # The deletion task identifier. This identifier is returned by the
6475
- # DeleteServiceLinkedRole operation in the format
6596
+ # [DeleteServiceLinkedRole][1] operation in the format
6476
6597
  # `task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>`.
6477
6598
  #
6599
+ #
6600
+ #
6601
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html
6602
+ #
6478
6603
  # @return [Types::GetServiceLinkedRoleDeletionStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6479
6604
  #
6480
6605
  # * {Types::GetServiceLinkedRoleDeletionStatusResponse#status #status} => String
@@ -6589,22 +6714,25 @@ module Aws::IAM
6589
6714
  # [RFC 3986][1]. You can use a URL decoding method to convert the policy
6590
6715
  # back to plain JSON text. For example, if you use Java, you can use the
6591
6716
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
6592
- # SDK. Other languages and SDKs provide similar functionality.
6717
+ # SDK. Other languages and SDKs provide similar functionality, and some
6718
+ # SDKs do this decoding automatically.
6593
6719
  #
6594
6720
  # </note>
6595
6721
  #
6596
6722
  # An IAM user can also have managed policies attached to it. To retrieve
6597
- # a managed policy document that is attached to a user, use GetPolicy to
6598
- # determine the policy's default version. Then use GetPolicyVersion to
6599
- # retrieve the policy document.
6723
+ # a managed policy document that is attached to a user, use
6724
+ # [GetPolicy][2] to determine the policy's default version. Then use
6725
+ # [GetPolicyVersion][3] to retrieve the policy document.
6600
6726
  #
6601
6727
  # For more information about policies, see [Managed policies and inline
6602
- # policies][2] in the *IAM User Guide*.
6728
+ # policies][4] in the *IAM User Guide*.
6603
6729
  #
6604
6730
  #
6605
6731
  #
6606
6732
  # [1]: https://tools.ietf.org/html/rfc3986
6607
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
6733
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
6734
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
6735
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
6608
6736
  #
6609
6737
  # @option params [required, String] :user_name
6610
6738
  # The name of the user who the policy is associated with.
@@ -6758,7 +6886,7 @@ module Aws::IAM
6758
6886
  # resp.access_key_metadata #=> Array
6759
6887
  # resp.access_key_metadata[0].user_name #=> String
6760
6888
  # resp.access_key_metadata[0].access_key_id #=> String
6761
- # resp.access_key_metadata[0].status #=> String, one of "Active", "Inactive"
6889
+ # resp.access_key_metadata[0].status #=> String, one of "Active", "Inactive", "Expired"
6762
6890
  # resp.access_key_metadata[0].create_date #=> Time
6763
6891
  # resp.is_truncated #=> Boolean
6764
6892
  # resp.marker #=> String
@@ -6849,9 +6977,9 @@ module Aws::IAM
6849
6977
  # group.
6850
6978
  #
6851
6979
  # An IAM group can also have inline policies embedded with it. To list
6852
- # the inline policies for a group, use ListGroupPolicies. For
6980
+ # the inline policies for a group, use [ListGroupPolicies][1]. For
6853
6981
  # information about policies, see [Managed policies and inline
6854
- # policies][1] in the *IAM User Guide*.
6982
+ # policies][2] in the *IAM User Guide*.
6855
6983
  #
6856
6984
  # You can paginate the results using the `MaxItems` and `Marker`
6857
6985
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6861,7 +6989,8 @@ module Aws::IAM
6861
6989
  #
6862
6990
  #
6863
6991
  #
6864
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
6992
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html
6993
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
6865
6994
  #
6866
6995
  # @option params [required, String] :group_name
6867
6996
  # The name (friendly name, not ARN) of the group to list attached
@@ -6947,9 +7076,9 @@ module Aws::IAM
6947
7076
  # role.
6948
7077
  #
6949
7078
  # An IAM role can also have inline policies embedded with it. To list
6950
- # the inline policies for a role, use ListRolePolicies. For information
6951
- # about policies, see [Managed policies and inline policies][1] in the
6952
- # *IAM User Guide*.
7079
+ # the inline policies for a role, use [ListRolePolicies][1]. For
7080
+ # information about policies, see [Managed policies and inline
7081
+ # policies][2] in the *IAM User Guide*.
6953
7082
  #
6954
7083
  # You can paginate the results using the `MaxItems` and `Marker`
6955
7084
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6959,7 +7088,8 @@ module Aws::IAM
6959
7088
  #
6960
7089
  #
6961
7090
  #
6962
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
7091
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html
7092
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
6963
7093
  #
6964
7094
  # @option params [required, String] :role_name
6965
7095
  # The name (friendly name, not ARN) of the role to list attached
@@ -7045,9 +7175,9 @@ module Aws::IAM
7045
7175
  # user.
7046
7176
  #
7047
7177
  # An IAM user can also have inline policies embedded with it. To list
7048
- # the inline policies for a user, use ListUserPolicies. For information
7049
- # about policies, see [Managed policies and inline policies][1] in the
7050
- # *IAM User Guide*.
7178
+ # the inline policies for a user, use [ListUserPolicies][1]. For
7179
+ # information about policies, see [Managed policies and inline
7180
+ # policies][2] in the *IAM User Guide*.
7051
7181
  #
7052
7182
  # You can paginate the results using the `MaxItems` and `Marker`
7053
7183
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -7057,7 +7187,8 @@ module Aws::IAM
7057
7187
  #
7058
7188
  #
7059
7189
  #
7060
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
7190
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html
7191
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
7061
7192
  #
7062
7193
  # @option params [required, String] :user_name
7063
7194
  # The name (friendly name, not ARN) of the user to list attached
@@ -7263,8 +7394,8 @@ module Aws::IAM
7263
7394
  #
7264
7395
  # An IAM group can also have managed policies attached to it. To list
7265
7396
  # the managed policies that are attached to a group, use
7266
- # ListAttachedGroupPolicies. For more information about policies, see
7267
- # [Managed policies and inline policies][1] in the *IAM User Guide*.
7397
+ # [ListAttachedGroupPolicies][1]. For more information about policies,
7398
+ # see [Managed policies and inline policies][2] in the *IAM User Guide*.
7268
7399
  #
7269
7400
  # You can paginate the results using the `MaxItems` and `Marker`
7270
7401
  # parameters. If there are no inline policies embedded with the
@@ -7272,7 +7403,8 @@ module Aws::IAM
7272
7403
  #
7273
7404
  #
7274
7405
  #
7275
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
7406
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html
7407
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
7276
7408
  #
7277
7409
  # @option params [required, String] :group_name
7278
7410
  # The name of the group to list policies for.
@@ -7641,7 +7773,7 @@ module Aws::IAM
7641
7773
  # attributes for the resource. For example, this operation does not
7642
7774
  # return tags, even though they are an attribute of the returned object.
7643
7775
  # To view all of the information for an instance profile, see
7644
- # GetInstanceProfile.
7776
+ # [GetInstanceProfile][2].
7645
7777
  #
7646
7778
  # </note>
7647
7779
  #
@@ -7651,6 +7783,7 @@ module Aws::IAM
7651
7783
  #
7652
7784
  #
7653
7785
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
7786
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetInstanceProfile.html
7654
7787
  #
7655
7788
  # @option params [String] :path_prefix
7656
7789
  # The path prefix for filtering the results. For example, the prefix
@@ -8066,10 +8199,14 @@ module Aws::IAM
8066
8199
  # attributes for the resource. For example, this operation does not
8067
8200
  # return tags, even though they are an attribute of the returned object.
8068
8201
  # To view all of the information for an OIDC provider, see
8069
- # GetOpenIDConnectProvider.
8202
+ # [GetOpenIDConnectProvider][1].
8070
8203
  #
8071
8204
  # </note>
8072
8205
  #
8206
+ #
8207
+ #
8208
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOpenIDConnectProvider.html
8209
+ #
8073
8210
  # @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8074
8211
  #
8075
8212
  # * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array&lt;Types::OpenIDConnectProviderListEntry&gt;
@@ -8152,13 +8289,14 @@ module Aws::IAM
8152
8289
  # attributes for the resource. For example, this operation does not
8153
8290
  # return tags, even though they are an attribute of the returned object.
8154
8291
  # To view all of the information for a customer manged policy, see
8155
- # GetPolicy.
8292
+ # [GetPolicy][2].
8156
8293
  #
8157
8294
  # </note>
8158
8295
  #
8159
8296
  #
8160
8297
  #
8161
8298
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8299
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
8162
8300
  #
8163
8301
  # @option params [String] :scope
8164
8302
  # The scope to use for filtering the results.
@@ -8304,12 +8442,14 @@ module Aws::IAM
8304
8442
  # Policies that are attached to users and roles as permissions
8305
8443
  # boundaries are not returned. To view which managed policy is currently
8306
8444
  # used to set the permissions boundary for a user or role, use the
8307
- # GetUser or GetRole operations.
8445
+ # [GetUser][3] or [GetRole][4] operations.
8308
8446
  #
8309
8447
  #
8310
8448
  #
8311
8449
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
8312
8450
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
8451
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html
8452
+ # [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html
8313
8453
  #
8314
8454
  # @option params [String] :marker
8315
8455
  # Use this parameter only when paginating results and only after you
@@ -8570,8 +8710,8 @@ module Aws::IAM
8570
8710
  #
8571
8711
  # An IAM role can also have managed policies attached to it. To list the
8572
8712
  # managed policies that are attached to a role, use
8573
- # ListAttachedRolePolicies. For more information about policies, see
8574
- # [Managed policies and inline policies][1] in the *IAM User Guide*.
8713
+ # [ListAttachedRolePolicies][1]. For more information about policies,
8714
+ # see [Managed policies and inline policies][2] in the *IAM User Guide*.
8575
8715
  #
8576
8716
  # You can paginate the results using the `MaxItems` and `Marker`
8577
8717
  # parameters. If there are no inline policies embedded with the
@@ -8579,7 +8719,8 @@ module Aws::IAM
8579
8719
  #
8580
8720
  #
8581
8721
  #
8582
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8722
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html
8723
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8583
8724
  #
8584
8725
  # @option params [required, String] :role_name
8585
8726
  # The name of the role to list policies for.
@@ -8751,7 +8892,7 @@ module Aws::IAM
8751
8892
  #
8752
8893
  # * Tags
8753
8894
  #
8754
- # To view all of the information for a role, see GetRole.
8895
+ # To view all of the information for a role, see [GetRole][2].
8755
8896
  #
8756
8897
  # </note>
8757
8898
  #
@@ -8761,6 +8902,7 @@ module Aws::IAM
8761
8902
  #
8762
8903
  #
8763
8904
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
8905
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html
8764
8906
  #
8765
8907
  # @option params [String] :path_prefix
8766
8908
  # The path prefix for filtering the results. For example, the prefix
@@ -8923,13 +9065,14 @@ module Aws::IAM
8923
9065
  # available attributes for the resource. For example, this operation
8924
9066
  # does not return tags, even though they are an attribute of the
8925
9067
  # returned object. To view all of the information for a SAML provider,
8926
- # see GetSAMLProvider.
9068
+ # see [GetSAMLProvider][1].
8927
9069
  #
8928
- # This operation requires [Signature Version 4][1].
9070
+ # This operation requires [Signature Version 4][2].
8929
9071
  #
8930
9072
  #
8931
9073
  #
8932
- # [1]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
9074
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSAMLProvider.html
9075
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
8933
9076
  #
8934
9077
  # @return [Types::ListSAMLProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8935
9078
  #
@@ -9020,7 +9163,7 @@ module Aws::IAM
9020
9163
  # resp.ssh_public_keys #=> Array
9021
9164
  # resp.ssh_public_keys[0].user_name #=> String
9022
9165
  # resp.ssh_public_keys[0].ssh_public_key_id #=> String
9023
- # resp.ssh_public_keys[0].status #=> String, one of "Active", "Inactive"
9166
+ # resp.ssh_public_keys[0].status #=> String, one of "Active", "Inactive", "Expired"
9024
9167
  # resp.ssh_public_keys[0].upload_date #=> Time
9025
9168
  # resp.is_truncated #=> Boolean
9026
9169
  # resp.marker #=> String
@@ -9129,13 +9272,14 @@ module Aws::IAM
9129
9272
  # attributes for the resource. For example, this operation does not
9130
9273
  # return tags, even though they are an attribute of the returned object.
9131
9274
  # To view all of the information for a servercertificate, see
9132
- # GetServerCertificate.
9275
+ # [GetServerCertificate][2].
9133
9276
  #
9134
9277
  # </note>
9135
9278
  #
9136
9279
  #
9137
9280
  #
9138
9281
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
9282
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html
9139
9283
  #
9140
9284
  # @option params [String] :path_prefix
9141
9285
  # The path prefix for filtering the results. For example:
@@ -9240,26 +9384,51 @@ module Aws::IAM
9240
9384
  # Web Services service. If not specified, then Amazon Web Services
9241
9385
  # returns service-specific credentials for all services.
9242
9386
  #
9387
+ # @option params [Boolean] :all_users
9388
+ # A flag indicating whether to list service specific credentials for all
9389
+ # users. This parameter cannot be specified together with UserName. When
9390
+ # true, returns all credentials associated with the specified service.
9391
+ #
9392
+ # @option params [String] :marker
9393
+ # Use this parameter only when paginating results and only after you
9394
+ # receive a response indicating that the results are truncated. Set it
9395
+ # to the value of the Marker from the response that you received to
9396
+ # indicate where the next call should start.
9397
+ #
9398
+ # @option params [Integer] :max_items
9399
+ # Use this only when paginating results to indicate the maximum number
9400
+ # of items you want in the response. If additional items exist beyond
9401
+ # the maximum you specify, the IsTruncated response element is true.
9402
+ #
9243
9403
  # @return [Types::ListServiceSpecificCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
9244
9404
  #
9245
9405
  # * {Types::ListServiceSpecificCredentialsResponse#service_specific_credentials #service_specific_credentials} => Array&lt;Types::ServiceSpecificCredentialMetadata&gt;
9406
+ # * {Types::ListServiceSpecificCredentialsResponse#marker #marker} => String
9407
+ # * {Types::ListServiceSpecificCredentialsResponse#is_truncated #is_truncated} => Boolean
9246
9408
  #
9247
9409
  # @example Request syntax with placeholder values
9248
9410
  #
9249
9411
  # resp = client.list_service_specific_credentials({
9250
9412
  # user_name: "userNameType",
9251
9413
  # service_name: "serviceName",
9414
+ # all_users: false,
9415
+ # marker: "markerType",
9416
+ # max_items: 1,
9252
9417
  # })
9253
9418
  #
9254
9419
  # @example Response structure
9255
9420
  #
9256
9421
  # resp.service_specific_credentials #=> Array
9257
9422
  # resp.service_specific_credentials[0].user_name #=> String
9258
- # resp.service_specific_credentials[0].status #=> String, one of "Active", "Inactive"
9423
+ # resp.service_specific_credentials[0].status #=> String, one of "Active", "Inactive", "Expired"
9259
9424
  # resp.service_specific_credentials[0].service_user_name #=> String
9425
+ # resp.service_specific_credentials[0].service_credential_alias #=> String
9260
9426
  # resp.service_specific_credentials[0].create_date #=> Time
9427
+ # resp.service_specific_credentials[0].expiration_date #=> Time
9261
9428
  # resp.service_specific_credentials[0].service_specific_credential_id #=> String
9262
9429
  # resp.service_specific_credentials[0].service_name #=> String
9430
+ # resp.marker #=> String
9431
+ # resp.is_truncated #=> Boolean
9263
9432
  #
9264
9433
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServiceSpecificCredentials AWS API Documentation
9265
9434
  #
@@ -9359,7 +9528,7 @@ module Aws::IAM
9359
9528
  # resp.certificates[0].user_name #=> String
9360
9529
  # resp.certificates[0].certificate_id #=> String
9361
9530
  # resp.certificates[0].certificate_body #=> String
9362
- # resp.certificates[0].status #=> String, one of "Active", "Inactive"
9531
+ # resp.certificates[0].status #=> String, one of "Active", "Inactive", "Expired"
9363
9532
  # resp.certificates[0].upload_date #=> Time
9364
9533
  # resp.is_truncated #=> Boolean
9365
9534
  # resp.marker #=> String
@@ -9378,8 +9547,8 @@ module Aws::IAM
9378
9547
  #
9379
9548
  # An IAM user can also have managed policies attached to it. To list the
9380
9549
  # managed policies that are attached to a user, use
9381
- # ListAttachedUserPolicies. For more information about policies, see
9382
- # [Managed policies and inline policies][1] in the *IAM User Guide*.
9550
+ # [ListAttachedUserPolicies][1]. For more information about policies,
9551
+ # see [Managed policies and inline policies][2] in the *IAM User Guide*.
9383
9552
  #
9384
9553
  # You can paginate the results using the `MaxItems` and `Marker`
9385
9554
  # parameters. If there are no inline policies embedded with the
@@ -9387,7 +9556,8 @@ module Aws::IAM
9387
9556
  #
9388
9557
  #
9389
9558
  #
9390
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
9559
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html
9560
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
9391
9561
  #
9392
9562
  # @option params [required, String] :user_name
9393
9563
  # The name of the user to list policies for.
@@ -9558,13 +9728,17 @@ module Aws::IAM
9558
9728
  #
9559
9729
  # * Tags
9560
9730
  #
9561
- # To view all of the information for a user, see GetUser.
9731
+ # To view all of the information for a user, see [GetUser][1].
9562
9732
  #
9563
9733
  # </note>
9564
9734
  #
9565
9735
  # You can paginate the results using the `MaxItems` and `Marker`
9566
9736
  # parameters.
9567
9737
  #
9738
+ #
9739
+ #
9740
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html
9741
+ #
9568
9742
  # @option params [String] :path_prefix
9569
9743
  # The path prefix for filtering the results. For example:
9570
9744
  # `/division_abc/subdivision_xyz/`, which would get all user names whose
@@ -9680,13 +9854,17 @@ module Aws::IAM
9680
9854
  # attributes for the resource. For example, this operation does not
9681
9855
  # return tags, even though they are an attribute of the returned object.
9682
9856
  # To view tag information for a virtual MFA device, see
9683
- # ListMFADeviceTags.
9857
+ # [ListMFADeviceTags][1].
9684
9858
  #
9685
9859
  # </note>
9686
9860
  #
9687
9861
  # You can paginate the results using the `MaxItems` and `Marker`
9688
9862
  # parameters.
9689
9863
  #
9864
+ #
9865
+ #
9866
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADeviceTags.html
9867
+ #
9690
9868
  # @option params [String] :assignment_status
9691
9869
  # The status (`Unassigned` or `Assigned`) of the devices to list. If you
9692
9870
  # do not specify an `AssignmentStatus`, the operation defaults to `Any`,
@@ -9859,12 +10037,12 @@ module Aws::IAM
9859
10037
  #
9860
10038
  # @example Example: To add a policy to a group
9861
10039
  #
9862
- # # The following command adds a policy named AllPerms to the IAM group named Admins.
10040
+ # # The following command adds a policy named IAMReadAccess to the IAM group named PowerUsers.
9863
10041
  #
9864
10042
  # resp = client.put_group_policy({
9865
- # group_name: "Admins",
9866
- # policy_document: "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}",
9867
- # policy_name: "AllPerms",
10043
+ # group_name: "PowerUsers",
10044
+ # policy_document: "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":[\"iam:Get*\",\"iam:List*\",\"iam:Generate*\"],\"Resource\":\"*\"}}",
10045
+ # policy_name: "IAMReadAccess",
9868
10046
  # })
9869
10047
  #
9870
10048
  # @example Request syntax with placeholder values
@@ -10232,19 +10410,24 @@ module Aws::IAM
10232
10410
  # @option params [required, String] :open_id_connect_provider_arn
10233
10411
  # The Amazon Resource Name (ARN) of the IAM OIDC provider resource to
10234
10412
  # remove the client ID from. You can get a list of OIDC provider ARNs by
10235
- # using the ListOpenIDConnectProviders operation.
10413
+ # using the [ListOpenIDConnectProviders][1] operation.
10236
10414
  #
10237
- # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10415
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][2]
10238
10416
  # in the *Amazon Web Services General Reference*.
10239
10417
  #
10240
10418
  #
10241
10419
  #
10242
- # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
10420
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
10421
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
10243
10422
  #
10244
10423
  # @option params [required, String] :client_id
10245
10424
  # The client ID (also known as audience) to remove from the IAM OIDC
10246
10425
  # provider resource. For more information about client IDs, see
10247
- # CreateOpenIDConnectProvider.
10426
+ # [CreateOpenIDConnectProvider][1].
10427
+ #
10428
+ #
10429
+ #
10430
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html
10248
10431
  #
10249
10432
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10250
10433
  #
@@ -10432,12 +10615,15 @@ module Aws::IAM
10432
10615
  # @example Response structure
10433
10616
  #
10434
10617
  # resp.service_specific_credential.create_date #=> Time
10618
+ # resp.service_specific_credential.expiration_date #=> Time
10435
10619
  # resp.service_specific_credential.service_name #=> String
10436
10620
  # resp.service_specific_credential.service_user_name #=> String
10437
10621
  # resp.service_specific_credential.service_password #=> String
10622
+ # resp.service_specific_credential.service_credential_alias #=> String
10623
+ # resp.service_specific_credential.service_credential_secret #=> String
10438
10624
  # resp.service_specific_credential.service_specific_credential_id #=> String
10439
10625
  # resp.service_specific_credential.user_name #=> String
10440
- # resp.service_specific_credential.status #=> String, one of "Active", "Inactive"
10626
+ # resp.service_specific_credential.status #=> String, one of "Active", "Inactive", "Expired"
10441
10627
  #
10442
10628
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResetServiceSpecificCredential AWS API Documentation
10443
10629
  #
@@ -10517,14 +10703,15 @@ module Aws::IAM
10517
10703
  #
10518
10704
  # This operation affects all users, groups, and roles that the policy is
10519
10705
  # attached to. To list the users, groups, and roles that the policy is
10520
- # attached to, use ListEntitiesForPolicy.
10706
+ # attached to, use [ListEntitiesForPolicy][1].
10521
10707
  #
10522
10708
  # For information about managed policies, see [Managed policies and
10523
- # inline policies][1] in the *IAM User Guide*.
10709
+ # inline policies][2] in the *IAM User Guide*.
10524
10710
  #
10525
10711
  #
10526
10712
  #
10527
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
10713
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
10714
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
10528
10715
  #
10529
10716
  # @option params [required, String] :policy_arn
10530
10717
  # The Amazon Resource Name (ARN) of the IAM policy whose default version
@@ -10589,12 +10776,13 @@ module Aws::IAM
10589
10776
  #
10590
10777
  # To view the current session token version, see the
10591
10778
  # `GlobalEndpointTokenVersion` entry in the response of the
10592
- # GetAccountSummary operation.
10779
+ # [GetAccountSummary][3] operation.
10593
10780
  #
10594
10781
  #
10595
10782
  #
10596
10783
  # [1]: https://docs.aws.amazon.com/general/latest/gr/sts.html
10597
10784
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
10785
+ # [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html
10598
10786
  #
10599
10787
  # @option params [required, String] :global_endpoint_token_version
10600
10788
  # The version of the global endpoint token. Version 1 tokens are valid
@@ -10648,14 +10836,14 @@ module Aws::IAM
10648
10836
  # account.
10649
10837
  #
10650
10838
  # If you want to simulate existing policies that are attached to an IAM
10651
- # user, group, or role, use SimulatePrincipalPolicy instead.
10839
+ # user, group, or role, use [SimulatePrincipalPolicy][1] instead.
10652
10840
  #
10653
10841
  # Context keys are variables that are maintained by Amazon Web Services
10654
10842
  # and its services and which provide details about the context of an API
10655
10843
  # query request. You can use the `Condition` element of an IAM policy to
10656
10844
  # evaluate context keys. To get the list of context keys that the
10657
10845
  # policies require for correct simulation, use
10658
- # GetContextKeysForCustomPolicy.
10846
+ # [GetContextKeysForCustomPolicy][2].
10659
10847
  #
10660
10848
  # If the output is long, you can use `MaxItems` and `Marker` parameters
10661
10849
  # to paginate the results.
@@ -10667,13 +10855,15 @@ module Aws::IAM
10667
10855
  # live Amazon Web Services environment after testing using the policy
10668
10856
  # simulator to confirm that you have the desired results. For more
10669
10857
  # information about using the policy simulator, see [Testing IAM
10670
- # policies with the IAM policy simulator ][1]in the *IAM User Guide*.
10858
+ # policies with the IAM policy simulator ][3]in the *IAM User Guide*.
10671
10859
  #
10672
10860
  # </note>
10673
10861
  #
10674
10862
  #
10675
10863
  #
10676
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
10864
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html
10865
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html
10866
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
10677
10867
  #
10678
10868
  # @option params [required, Array<String>] :policy_input_list
10679
10869
  # A list of policy documents to include in the simulation. Each document
@@ -10982,8 +11172,8 @@ module Aws::IAM
10982
11172
  #
10983
11173
  # You can optionally include a list of one or more additional policies
10984
11174
  # specified as strings to include in the simulation. If you want to
10985
- # simulate only policies specified as strings, use SimulateCustomPolicy
10986
- # instead.
11175
+ # simulate only policies specified as strings, use
11176
+ # [SimulateCustomPolicy][1] instead.
10987
11177
  #
10988
11178
  # You can also optionally include one resource-based policy to be
10989
11179
  # evaluated with each of the resources included in the simulation for
@@ -10995,15 +11185,15 @@ module Aws::IAM
10995
11185
  #
10996
11186
  # **Note:** This operation discloses information about the permissions
10997
11187
  # granted to other users. If you do not want users to see other user's
10998
- # permissions, then consider allowing them to use SimulateCustomPolicy
10999
- # instead.
11188
+ # permissions, then consider allowing them to use
11189
+ # [SimulateCustomPolicy][1] instead.
11000
11190
  #
11001
11191
  # Context keys are variables maintained by Amazon Web Services and its
11002
11192
  # services that provide details about the context of an API query
11003
11193
  # request. You can use the `Condition` element of an IAM policy to
11004
11194
  # evaluate context keys. To get the list of context keys that the
11005
11195
  # policies require for correct simulation, use
11006
- # GetContextKeysForPrincipalPolicy.
11196
+ # [GetContextKeysForPrincipalPolicy][2].
11007
11197
  #
11008
11198
  # If the output is long, you can use the `MaxItems` and `Marker`
11009
11199
  # parameters to paginate the results.
@@ -11015,13 +11205,15 @@ module Aws::IAM
11015
11205
  # live Amazon Web Services environment after testing using the policy
11016
11206
  # simulator to confirm that you have the desired results. For more
11017
11207
  # information about using the policy simulator, see [Testing IAM
11018
- # policies with the IAM policy simulator ][1]in the *IAM User Guide*.
11208
+ # policies with the IAM policy simulator ][3]in the *IAM User Guide*.
11019
11209
  #
11020
11210
  # </note>
11021
11211
  #
11022
11212
  #
11023
11213
  #
11024
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
11214
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html
11215
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
11216
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
11025
11217
  #
11026
11218
  # @option params [required, String] :policy_source_arn
11027
11219
  # The Amazon Resource Name (ARN) of a user, group, or role whose
@@ -12459,7 +12651,7 @@ module Aws::IAM
12459
12651
  # resp = client.update_access_key({
12460
12652
  # user_name: "existingUserNameType",
12461
12653
  # access_key_id: "accessKeyIdType", # required
12462
- # status: "Active", # required, accepts Active, Inactive
12654
+ # status: "Active", # required, accepts Active, Inactive, Expired
12463
12655
  # })
12464
12656
  #
12465
12657
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccessKey AWS API Documentation
@@ -12780,16 +12972,17 @@ module Aws::IAM
12780
12972
 
12781
12973
  # Changes the password for the specified IAM user. You can use the CLI,
12782
12974
  # the Amazon Web Services API, or the **Users** page in the IAM console
12783
- # to change the password for any IAM user. Use ChangePassword to change
12784
- # your own password in the **My Security Credentials** page in the
12785
- # Amazon Web Services Management Console.
12975
+ # to change the password for any IAM user. Use [ChangePassword][1] to
12976
+ # change your own password in the **My Security Credentials** page in
12977
+ # the Amazon Web Services Management Console.
12786
12978
  #
12787
12979
  # For more information about modifying passwords, see [Managing
12788
- # passwords][1] in the *IAM User Guide*.
12980
+ # passwords][2] in the *IAM User Guide*.
12789
12981
  #
12790
12982
  #
12791
12983
  #
12792
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
12984
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
12985
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
12793
12986
  #
12794
12987
  # @option params [required, String] :user_name
12795
12988
  # The name of the user whose password you want to update.
@@ -12820,11 +13013,12 @@ module Aws::IAM
12820
13013
  #
12821
13014
  # However, the format can be further restricted by the account
12822
13015
  # administrator by setting a password policy on the Amazon Web Services
12823
- # account. For more information, see UpdateAccountPasswordPolicy.
13016
+ # account. For more information, see [UpdateAccountPasswordPolicy][2].
12824
13017
  #
12825
13018
  #
12826
13019
  #
12827
13020
  # [1]: http://wikipedia.org/wiki/regex
13021
+ # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccountPasswordPolicy.html
12828
13022
  #
12829
13023
  # @option params [Boolean] :password_reset_required
12830
13024
  # Allows this new password to be used only once by requiring the
@@ -12891,20 +13085,25 @@ module Aws::IAM
12891
13085
  # @option params [required, String] :open_id_connect_provider_arn
12892
13086
  # The Amazon Resource Name (ARN) of the IAM OIDC provider resource
12893
13087
  # object for which you want to update the thumbprint. You can get a list
12894
- # of OIDC provider ARNs by using the ListOpenIDConnectProviders
13088
+ # of OIDC provider ARNs by using the [ListOpenIDConnectProviders][1]
12895
13089
  # operation.
12896
13090
  #
12897
- # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
13091
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][2]
12898
13092
  # in the *Amazon Web Services General Reference*.
12899
13093
  #
12900
13094
  #
12901
13095
  #
12902
- # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
13096
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
13097
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
12903
13098
  #
12904
13099
  # @option params [required, Array<String>] :thumbprint_list
12905
13100
  # A list of certificate thumbprints that are associated with the
12906
13101
  # specified IAM OpenID Connect provider. For more information, see
12907
- # CreateOpenIDConnectProvider.
13102
+ # [CreateOpenIDConnectProvider][1].
13103
+ #
13104
+ #
13105
+ #
13106
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html
12908
13107
  #
12909
13108
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
12910
13109
  #
@@ -12977,12 +13176,16 @@ module Aws::IAM
12977
13176
  req.send_request(options)
12978
13177
  end
12979
13178
 
12980
- # Use UpdateRole instead.
13179
+ # Use [UpdateRole][1] instead.
12981
13180
  #
12982
13181
  # Modifies only the description of a role. This operation performs the
12983
13182
  # same function as the `Description` parameter in the `UpdateRole`
12984
13183
  # operation.
12985
13184
  #
13185
+ #
13186
+ #
13187
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRole.html
13188
+ #
12986
13189
  # @option params [required, String] :role_name
12987
13190
  # The name of the role that you want to modify.
12988
13191
  #
@@ -13137,7 +13340,7 @@ module Aws::IAM
13137
13340
  # resp = client.update_ssh_public_key({
13138
13341
  # user_name: "userNameType", # required
13139
13342
  # ssh_public_key_id: "publicKeyIdType", # required
13140
- # status: "Active", # required, accepts Active, Inactive
13343
+ # status: "Active", # required, accepts Active, Inactive, Expired
13141
13344
  # })
13142
13345
  #
13143
13346
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSSHPublicKey AWS API Documentation
@@ -13279,7 +13482,7 @@ module Aws::IAM
13279
13482
  # resp = client.update_service_specific_credential({
13280
13483
  # user_name: "userNameType",
13281
13484
  # service_specific_credential_id: "serviceSpecificCredentialId", # required
13282
- # status: "Active", # required, accepts Active, Inactive
13485
+ # status: "Active", # required, accepts Active, Inactive, Expired
13283
13486
  # })
13284
13487
  #
13285
13488
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServiceSpecificCredential AWS API Documentation
@@ -13349,7 +13552,7 @@ module Aws::IAM
13349
13552
  # resp = client.update_signing_certificate({
13350
13553
  # user_name: "existingUserNameType",
13351
13554
  # certificate_id: "certificateIdType", # required
13352
- # status: "Active", # required, accepts Active, Inactive
13555
+ # status: "Active", # required, accepts Active, Inactive, Expired
13353
13556
  # })
13354
13557
  #
13355
13558
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSigningCertificate AWS API Documentation
@@ -13510,7 +13713,7 @@ module Aws::IAM
13510
13713
  # resp.ssh_public_key.ssh_public_key_id #=> String
13511
13714
  # resp.ssh_public_key.fingerprint #=> String
13512
13715
  # resp.ssh_public_key.ssh_public_key_body #=> String
13513
- # resp.ssh_public_key.status #=> String, one of "Active", "Inactive"
13716
+ # resp.ssh_public_key.status #=> String, one of "Active", "Inactive", "Expired"
13514
13717
  # resp.ssh_public_key.upload_date #=> Time
13515
13718
  #
13516
13719
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSSHPublicKey AWS API Documentation
@@ -13839,7 +14042,7 @@ module Aws::IAM
13839
14042
  # resp.certificate.user_name #=> String
13840
14043
  # resp.certificate.certificate_id #=> String
13841
14044
  # resp.certificate.certificate_body #=> String
13842
- # resp.certificate.status #=> String, one of "Active", "Inactive"
14045
+ # resp.certificate.status #=> String, one of "Active", "Inactive", "Expired"
13843
14046
  # resp.certificate.upload_date #=> Time
13844
14047
  #
13845
14048
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSigningCertificate AWS API Documentation
@@ -13869,7 +14072,7 @@ module Aws::IAM
13869
14072
  tracer: tracer
13870
14073
  )
13871
14074
  context[:gem_name] = 'aws-sdk-iam'
13872
- context[:gem_version] = '1.123.0'
14075
+ context[:gem_version] = '1.125.0'
13873
14076
  Seahorse::Client::Request.new(handlers, context)
13874
14077
  end
13875
14078