aws-sdk-iam 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 34447b95daec77c8a33749df9cbf2815aa980b00
-  data.tar.gz: 504aab29c1d95c9375fd4b2a9fbce82b7a63c8e0
+  metadata.gz: 2e89f4247a115db9ca87b66116f0106ce3c6037a
+  data.tar.gz: 44f5baec07931eb1ebbdc18049150589f787da94
 SHA512:
-  metadata.gz: a930126f6176cd90d1ea02c6053c98e308575c997968f7e5e45612ea7fa4ae89bc14329bd2caa42c4a2e406d9700640e8a26b1bb4c75bd2ac37416973777cc38
-  data.tar.gz: d19831f886d6e9023ed6a1b928f5d9cabc078a8bfc8d591d1f554f09dd50a84eee83f486020288deed0018e14935ad71a6df8ceef73ddafab2091347e5218662
+  metadata.gz: c4dd248bb48875de1327da22ec1cdfa655d477d97fe58a49b540c6f59ee1df4422932fbeefc44c53ad024a93a38c446ca80a66a64d111b6e11430135c254dc69
+  data.tar.gz: 1ec446ebc2ab4bbb0e0a49c454667c3265ad15ae0b705ee54d090d14ca54969f18fcabacbf477f821cdeb74fdd38fb03e7fdf5138451cae27afcd333108b381b

data/lib/aws-sdk-iam.rb

@@ -64,6 +64,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @service
 module Aws::IAM
 
-  GEM_VERSION = '1.2.0'
+  GEM_VERSION = '1.3.0'
 
 end

data/lib/aws-sdk-iam/client.rb

@@ -1125,7 +1125,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #
@@ -2053,7 +2053,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #
@@ -2416,7 +2416,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #
@@ -2589,6 +2589,58 @@ module Aws::IAM
       req.send_request(options)
     end
 
+    # Submits a service-linked role deletion request and returns a
+    # `DeletionTaskId`, which you can use to check the status of the
+    # deletion. Before you call this operation, confirm that the role has no
+    # active sessions and that any resources used by the role in the linked
+    # service are deleted. If you call this operation more than once for the
+    # same service-linked role and an earlier deletion task is not complete,
+    # then the `DeletionTaskId` of the earlier request is returned.
+    #
+    # If you submit a deletion request for a service-linked role whose
+    # linked service is still accessing a resource, then the deletion task
+    # fails. If it fails, the GetServiceLinkedRoleDeletionStatus API
+    # operation returns the reason for the failure, including the resources
+    # that must be deleted. To delete the service-linked role, you must
+    # first remove those resources from the linked service and then submit
+    # the deletion request again. Resources are specific to the service that
+    # is linked to the role. For more information about removing resources
+    # from a service, see the [AWS documentation][1] for your service.
+    #
+    # For more information about service-linked roles, see [Roles Terms and
+    # Concepts: AWS Service-Linked Role][2] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/
+    # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role
+    #
+    # @option params [required, String] :role_name
+    #   The name of the service-linked role to be deleted.
+    #
+    # @return [Types::DeleteServiceLinkedRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteServiceLinkedRoleResponse#deletion_task_id #deletion_task_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_service_linked_role({
+    #     role_name: "roleNameType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.deletion_task_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceLinkedRole AWS API Documentation
+    #
+    # @overload delete_service_linked_role(params = {})
+    # @param [Hash] params ({})
+    def delete_service_linked_role(params = {}, options = {})
+      req = build_request(:delete_service_linked_role, params)
+      req.send_request(options)
+    end
+
     # Deletes the specified service-specific credential.
     #
     # @option params [String] :user_name
@@ -2766,7 +2818,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #
@@ -3693,7 +3745,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #
@@ -4185,7 +4237,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #
@@ -4394,6 +4446,47 @@ module Aws::IAM
       req.send_request(options)
     end
 
+    # Retrieves the status of your service-linked role deletion. After you
+    # use the DeleteServiceLinkedRole API operation to submit a
+    # service-linked role for deletion, you can use the `DeletionTaskId`
+    # parameter in `GetServiceLinkedRoleDeletionStatus` to check the status
+    # of the deletion. If the deletion fails, this operation returns the
+    # reason that it failed.
+    #
+    # @option params [required, String] :deletion_task_id
+    #   The deletion task identifier. This identifier is returned by the
+    #   DeleteServiceLinkedRole operation in the format
+    #   `task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>`.
+    #
+    # @return [Types::GetServiceLinkedRoleDeletionStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetServiceLinkedRoleDeletionStatusResponse#status #status} => String
+    #   * {Types::GetServiceLinkedRoleDeletionStatusResponse#reason #reason} => Types::DeletionTaskFailureReasonType
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_service_linked_role_deletion_status({
+    #     deletion_task_id: "DeletionTaskIdType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.status #=> String, one of "SUCCEEDED", "IN_PROGRESS", "FAILED", "NOT_STARTED"
+    #   resp.reason.reason #=> String
+    #   resp.reason.role_usage_list #=> Array
+    #   resp.reason.role_usage_list[0].region #=> String
+    #   resp.reason.role_usage_list[0].resources #=> Array
+    #   resp.reason.role_usage_list[0].resources[0] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLinkedRoleDeletionStatus AWS API Documentation
+    #
+    # @overload get_service_linked_role_deletion_status(params = {})
+    # @param [Hash] params ({})
+    def get_service_linked_role_deletion_status(params = {}, options = {})
+      req = build_request(:get_service_linked_role_deletion_status, params)
+      req.send_request(options)
+    end
+
     # Retrieves information about the specified IAM user, including the
     # user's creation date, path, unique ID, and ARN.
     #
@@ -4504,7 +4597,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #
@@ -6695,7 +6788,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #
@@ -6797,7 +6890,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #
@@ -6891,7 +6984,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #
@@ -9110,7 +9203,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.2.0'
+      context[:gem_version] = '1.3.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iam/client_api.rb

@@ -19,6 +19,7 @@ module Aws::IAM
     AddClientIDToOpenIDConnectProviderRequest = Shapes::StructureShape.new(name: 'AddClientIDToOpenIDConnectProviderRequest')
     AddRoleToInstanceProfileRequest = Shapes::StructureShape.new(name: 'AddRoleToInstanceProfileRequest')
     AddUserToGroupRequest = Shapes::StructureShape.new(name: 'AddUserToGroupRequest')
+    ArnListType = Shapes::ListShape.new(name: 'ArnListType')
     AttachGroupPolicyRequest = Shapes::StructureShape.new(name: 'AttachGroupPolicyRequest')
     AttachRolePolicyRequest = Shapes::StructureShape.new(name: 'AttachRolePolicyRequest')
     AttachUserPolicyRequest = Shapes::StructureShape.new(name: 'AttachUserPolicyRequest')
@@ -79,11 +80,16 @@ module Aws::IAM
     DeleteSAMLProviderRequest = Shapes::StructureShape.new(name: 'DeleteSAMLProviderRequest')
     DeleteSSHPublicKeyRequest = Shapes::StructureShape.new(name: 'DeleteSSHPublicKeyRequest')
     DeleteServerCertificateRequest = Shapes::StructureShape.new(name: 'DeleteServerCertificateRequest')
+    DeleteServiceLinkedRoleRequest = Shapes::StructureShape.new(name: 'DeleteServiceLinkedRoleRequest')
+    DeleteServiceLinkedRoleResponse = Shapes::StructureShape.new(name: 'DeleteServiceLinkedRoleResponse')
     DeleteServiceSpecificCredentialRequest = Shapes::StructureShape.new(name: 'DeleteServiceSpecificCredentialRequest')
     DeleteSigningCertificateRequest = Shapes::StructureShape.new(name: 'DeleteSigningCertificateRequest')
     DeleteUserPolicyRequest = Shapes::StructureShape.new(name: 'DeleteUserPolicyRequest')
     DeleteUserRequest = Shapes::StructureShape.new(name: 'DeleteUserRequest')
     DeleteVirtualMFADeviceRequest = Shapes::StructureShape.new(name: 'DeleteVirtualMFADeviceRequest')
+    DeletionTaskFailureReasonType = Shapes::StructureShape.new(name: 'DeletionTaskFailureReasonType')
+    DeletionTaskIdType = Shapes::StringShape.new(name: 'DeletionTaskIdType')
+    DeletionTaskStatusType = Shapes::StringShape.new(name: 'DeletionTaskStatusType')
     DetachGroupPolicyRequest = Shapes::StructureShape.new(name: 'DetachGroupPolicyRequest')
     DetachRolePolicyRequest = Shapes::StructureShape.new(name: 'DetachRolePolicyRequest')
     DetachUserPolicyRequest = Shapes::StructureShape.new(name: 'DetachUserPolicyRequest')
@@ -132,6 +138,8 @@ module Aws::IAM
     GetSSHPublicKeyResponse = Shapes::StructureShape.new(name: 'GetSSHPublicKeyResponse')
     GetServerCertificateRequest = Shapes::StructureShape.new(name: 'GetServerCertificateRequest')
     GetServerCertificateResponse = Shapes::StructureShape.new(name: 'GetServerCertificateResponse')
+    GetServiceLinkedRoleDeletionStatusRequest = Shapes::StructureShape.new(name: 'GetServiceLinkedRoleDeletionStatusRequest')
+    GetServiceLinkedRoleDeletionStatusResponse = Shapes::StructureShape.new(name: 'GetServiceLinkedRoleDeletionStatusResponse')
     GetUserPolicyRequest = Shapes::StructureShape.new(name: 'GetUserPolicyRequest')
     GetUserPolicyResponse = Shapes::StructureShape.new(name: 'GetUserPolicyResponse')
     GetUserRequest = Shapes::StructureShape.new(name: 'GetUserRequest')
@@ -217,6 +225,7 @@ module Aws::IAM
     PolicyGroup = Shapes::StructureShape.new(name: 'PolicyGroup')
     PolicyGroupListType = Shapes::ListShape.new(name: 'PolicyGroupListType')
     PolicyIdentifierType = Shapes::StringShape.new(name: 'PolicyIdentifierType')
+    PolicyNotAttachableException = Shapes::StructureShape.new(name: 'PolicyNotAttachableException')
     PolicyRole = Shapes::StructureShape.new(name: 'PolicyRole')
     PolicyRoleListType = Shapes::ListShape.new(name: 'PolicyRoleListType')
     PolicySourceType = Shapes::StringShape.new(name: 'PolicySourceType')
@@ -227,6 +236,8 @@ module Aws::IAM
     PutGroupPolicyRequest = Shapes::StructureShape.new(name: 'PutGroupPolicyRequest')
     PutRolePolicyRequest = Shapes::StructureShape.new(name: 'PutRolePolicyRequest')
     PutUserPolicyRequest = Shapes::StructureShape.new(name: 'PutUserPolicyRequest')
+    ReasonType = Shapes::StringShape.new(name: 'ReasonType')
+    RegionNameType = Shapes::StringShape.new(name: 'RegionNameType')
     RemoveClientIDFromOpenIDConnectProviderRequest = Shapes::StructureShape.new(name: 'RemoveClientIDFromOpenIDConnectProviderRequest')
     RemoveRoleFromInstanceProfileRequest = Shapes::StructureShape.new(name: 'RemoveRoleFromInstanceProfileRequest')
     RemoveUserFromGroupRequest = Shapes::StructureShape.new(name: 'RemoveUserFromGroupRequest')
@@ -244,6 +255,8 @@ module Aws::IAM
     ResyncMFADeviceRequest = Shapes::StructureShape.new(name: 'ResyncMFADeviceRequest')
     Role = Shapes::StructureShape.new(name: 'Role')
     RoleDetail = Shapes::StructureShape.new(name: 'RoleDetail')
+    RoleUsageListType = Shapes::ListShape.new(name: 'RoleUsageListType')
+    RoleUsageType = Shapes::StructureShape.new(name: 'RoleUsageType')
     SAMLMetadataDocumentType = Shapes::StringShape.new(name: 'SAMLMetadataDocumentType')
     SAMLProviderListEntry = Shapes::StructureShape.new(name: 'SAMLProviderListEntry')
     SAMLProviderListType = Shapes::ListShape.new(name: 'SAMLProviderListType')
@@ -358,6 +371,7 @@ module Aws::IAM
     policyListType = Shapes::ListShape.new(name: 'policyListType')
     policyNameListType = Shapes::ListShape.new(name: 'policyNameListType')
     policyNameType = Shapes::StringShape.new(name: 'policyNameType')
+    policyNotAttachableMessage = Shapes::StringShape.new(name: 'policyNotAttachableMessage')
     policyPathType = Shapes::StringShape.new(name: 'policyPathType')
     policyScopeType = Shapes::StringShape.new(name: 'policyScopeType')
     policyVersionIdType = Shapes::StringShape.new(name: 'policyVersionIdType')
@@ -425,6 +439,8 @@ module Aws::IAM
     AddUserToGroupRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
     AddUserToGroupRequest.struct_class = Types::AddUserToGroupRequest
 
+    ArnListType.member = Shapes::ShapeRef.new(shape: arnType)
+
     AttachGroupPolicyRequest.add_member(:group_name, Shapes::ShapeRef.new(shape: groupNameType, required: true, location_name: "GroupName"))
     AttachGroupPolicyRequest.add_member(:policy_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PolicyArn"))
     AttachGroupPolicyRequest.struct_class = Types::AttachGroupPolicyRequest
@@ -608,6 +624,12 @@ module Aws::IAM
     DeleteServerCertificateRequest.add_member(:server_certificate_name, Shapes::ShapeRef.new(shape: serverCertificateNameType, required: true, location_name: "ServerCertificateName"))
     DeleteServerCertificateRequest.struct_class = Types::DeleteServerCertificateRequest
 
+    DeleteServiceLinkedRoleRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
+    DeleteServiceLinkedRoleRequest.struct_class = Types::DeleteServiceLinkedRoleRequest
+
+    DeleteServiceLinkedRoleResponse.add_member(:deletion_task_id, Shapes::ShapeRef.new(shape: DeletionTaskIdType, required: true, location_name: "DeletionTaskId"))
+    DeleteServiceLinkedRoleResponse.struct_class = Types::DeleteServiceLinkedRoleResponse
+
     DeleteServiceSpecificCredentialRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, location_name: "UserName"))
     DeleteServiceSpecificCredentialRequest.add_member(:service_specific_credential_id, Shapes::ShapeRef.new(shape: serviceSpecificCredentialId, required: true, location_name: "ServiceSpecificCredentialId"))
     DeleteServiceSpecificCredentialRequest.struct_class = Types::DeleteServiceSpecificCredentialRequest
@@ -626,6 +648,10 @@ module Aws::IAM
     DeleteVirtualMFADeviceRequest.add_member(:serial_number, Shapes::ShapeRef.new(shape: serialNumberType, required: true, location_name: "SerialNumber"))
     DeleteVirtualMFADeviceRequest.struct_class = Types::DeleteVirtualMFADeviceRequest
 
+    DeletionTaskFailureReasonType.add_member(:reason, Shapes::ShapeRef.new(shape: ReasonType, location_name: "Reason"))
+    DeletionTaskFailureReasonType.add_member(:role_usage_list, Shapes::ShapeRef.new(shape: RoleUsageListType, location_name: "RoleUsageList"))
+    DeletionTaskFailureReasonType.struct_class = Types::DeletionTaskFailureReasonType
+
     DetachGroupPolicyRequest.add_member(:group_name, Shapes::ShapeRef.new(shape: groupNameType, required: true, location_name: "GroupName"))
     DetachGroupPolicyRequest.add_member(:policy_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PolicyArn"))
     DetachGroupPolicyRequest.struct_class = Types::DetachGroupPolicyRequest
@@ -795,6 +821,13 @@ module Aws::IAM
     GetServerCertificateResponse.add_member(:server_certificate, Shapes::ShapeRef.new(shape: ServerCertificate, required: true, location_name: "ServerCertificate"))
     GetServerCertificateResponse.struct_class = Types::GetServerCertificateResponse
 
+    GetServiceLinkedRoleDeletionStatusRequest.add_member(:deletion_task_id, Shapes::ShapeRef.new(shape: DeletionTaskIdType, required: true, location_name: "DeletionTaskId"))
+    GetServiceLinkedRoleDeletionStatusRequest.struct_class = Types::GetServiceLinkedRoleDeletionStatusRequest
+
+    GetServiceLinkedRoleDeletionStatusResponse.add_member(:status, Shapes::ShapeRef.new(shape: DeletionTaskStatusType, required: true, location_name: "Status"))
+    GetServiceLinkedRoleDeletionStatusResponse.add_member(:reason, Shapes::ShapeRef.new(shape: DeletionTaskFailureReasonType, location_name: "Reason"))
+    GetServiceLinkedRoleDeletionStatusResponse.struct_class = Types::GetServiceLinkedRoleDeletionStatusResponse
+
     GetUserPolicyRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
     GetUserPolicyRequest.add_member(:policy_name, Shapes::ShapeRef.new(shape: policyNameType, required: true, location_name: "PolicyName"))
     GetUserPolicyRequest.struct_class = Types::GetUserPolicyRequest
@@ -1239,6 +1272,12 @@ module Aws::IAM
     RoleDetail.add_member(:attached_managed_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedManagedPolicies"))
     RoleDetail.struct_class = Types::RoleDetail
 
+    RoleUsageListType.member = Shapes::ShapeRef.new(shape: RoleUsageType)
+
+    RoleUsageType.add_member(:region, Shapes::ShapeRef.new(shape: RegionNameType, location_name: "Region"))
+    RoleUsageType.add_member(:resources, Shapes::ShapeRef.new(shape: ArnListType, location_name: "Resources"))
+    RoleUsageType.struct_class = Types::RoleUsageType
+
     SAMLProviderListEntry.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, location_name: "Arn"))
     SAMLProviderListEntry.add_member(:valid_until, Shapes::ShapeRef.new(shape: dateType, location_name: "ValidUntil"))
     SAMLProviderListEntry.add_member(:create_date, Shapes::ShapeRef.new(shape: dateType, location_name: "CreateDate"))
@@ -1573,6 +1612,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: PolicyNotAttachableException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -1586,6 +1626,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
         o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: PolicyNotAttachableException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -1598,6 +1639,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: PolicyNotAttachableException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -1969,6 +2011,17 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
+      api.add_operation(:delete_service_linked_role, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteServiceLinkedRole"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DeleteServiceLinkedRoleRequest)
+        o.output = Shapes::ShapeRef.new(shape: DeleteServiceLinkedRoleResponse)
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:delete_service_specific_credential, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteServiceSpecificCredential"
         o.http_method = "POST"
@@ -2291,6 +2344,17 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
+      api.add_operation(:get_service_linked_role_deletion_status, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetServiceLinkedRoleDeletionStatus"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetServiceLinkedRoleDeletionStatusRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetServiceLinkedRoleDeletionStatusResponse)
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:get_user, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetUser"
         o.http_method = "POST"

data/lib/aws-sdk-iam/current_user.rb

@@ -77,14 +77,18 @@ module Aws::IAM
     # websites that capture a user's last sign-in time, see the [Credential
     # Reports][2] topic in the *Using IAM* guide. If a password is used more
     # than once in a five-minute span, only the first use is returned in
-    # this field. This field is null (not present) when:
+    # this field. If the field is null (no value) then it indicates that
+    # they never signed in with a password. This can be because:
     #
-    # * The user does not have a password
+    # * The user never had a password.
     #
-    # * The password exists but has never been used (at least not since IAM
-    #   started tracking this information on October 20th, 2014
+    # * A password exists but has not been used since IAM started tracking
+    #   this information on October 20th, 2014.
     #
-    # * there is no sign-in data associated with the user
+    # A null does not mean that the user *never* had a password. Also, if
+    # the user does not currently have a password, but had one in the past,
+    # then this field contains the date and time the most recent password
+    # was used.
     #
     # This value is returned only in the GetUser and ListUsers actions.
     #

data/lib/aws-sdk-iam/group.rb

@@ -303,7 +303,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #

data/lib/aws-sdk-iam/resource.rb

@@ -257,7 +257,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #

data/lib/aws-sdk-iam/types.rb

@@ -869,7 +869,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: =,.@-+
     #
     #
     #
@@ -1543,7 +1543,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: =,.@-+
     #
     #
     #
@@ -1758,7 +1758,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: =,.@-+
     #
     #
     #
@@ -1886,6 +1886,37 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteServiceLinkedRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         role_name: "roleNameType", # required
+    #       }
+    #
+    # @!attribute [rw] role_name
+    #   The name of the service-linked role to be deleted.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceLinkedRoleRequest AWS API Documentation
+    #
+    class DeleteServiceLinkedRoleRequest < Struct.new(
+      :role_name)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] deletion_task_id
+    #   The deletion task identifier that you can use to check the status of
+    #   the deletion. This identifier is returned in the format
+    #   `task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceLinkedRoleResponse AWS API Documentation
+    #
+    class DeleteServiceLinkedRoleResponse < Struct.new(
+      :deletion_task_id)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteServiceSpecificCredentialRequest
     #   data as a hash:
     #
@@ -1999,7 +2030,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: =,.@-+
     #
     #
     #
@@ -2069,6 +2100,33 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # The reason that the service-linked role deletion failed.
+    #
+    # This data type is used as a response element in the
+    # GetServiceLinkedRoleDeletionStatus operation.
+    #
+    # @!attribute [rw] reason
+    #   A short description of the reason that the service-linked role
+    #   deletion failed.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_usage_list
+    #   A list of objects that contains details about the service-linked
+    #   role deletion failure. If the service-linked role has active
+    #   sessions or if any resources that were used by the role have not
+    #   been deleted from the linked service, the role can't be deleted.
+    #   This parameter includes a list of the resources that are associated
+    #   with the role and the region in which the resources are being used.
+    #   @return [Array<Types::RoleUsageType>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletionTaskFailureReasonType AWS API Documentation
+    #
+    class DeletionTaskFailureReasonType < Struct.new(
+      :reason,
+      :role_usage_list)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DetachGroupPolicyRequest
     #   data as a hash:
     #
@@ -2689,7 +2747,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: =,.@-+
     #
     #
     #
@@ -3077,7 +3135,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: =,.@-+
     #
     #
     #
@@ -3308,6 +3366,43 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetServiceLinkedRoleDeletionStatusRequest
+    #   data as a hash:
+    #
+    #       {
+    #         deletion_task_id: "DeletionTaskIdType", # required
+    #       }
+    #
+    # @!attribute [rw] deletion_task_id
+    #   The deletion task identifier. This identifier is returned by the
+    #   DeleteServiceLinkedRole operation in the format
+    #   `task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLinkedRoleDeletionStatusRequest AWS API Documentation
+    #
+    class GetServiceLinkedRoleDeletionStatusRequest < Struct.new(
+      :deletion_task_id)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] status
+    #   The status of the deletion.
+    #   @return [String]
+    #
+    # @!attribute [rw] reason
+    #   An object that contains details about the reason the deletion
+    #   failed.
+    #   @return [Types::DeletionTaskFailureReasonType]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLinkedRoleDeletionStatusResponse AWS API Documentation
+    #
+    class GetServiceLinkedRoleDeletionStatusResponse < Struct.new(
+      :status,
+      :reason)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetUserPolicyRequest
     #   data as a hash:
     #
@@ -3335,7 +3430,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: =,.@-+
     #
     #
     #
@@ -4249,6 +4344,15 @@ module Aws::IAM
     #
     # @!attribute [rw] policy_names
     #   A list of policy names.
+    #
+    #   This parameter allows (per its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following
+    #   characters: =,.@-+
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
     #   @return [Array<String>]
     #
     # @!attribute [rw] is_truncated
@@ -6275,7 +6379,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: =,.@-+
     #
     #
     #
@@ -6335,7 +6439,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: =,.@-+
     #
     #
     #
@@ -6395,7 +6499,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following
-    #   characters: =,.@-
+    #   characters: =,.@-+
     #
     #
     #
@@ -6867,6 +6971,28 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # An object that contains details about how a service-linked role is
+    # used.
+    #
+    # This data type is used as a response element in the
+    # GetServiceLinkedRoleDeletionStatus operation.
+    #
+    # @!attribute [rw] region
+    #   The name of the region where the service-linked role is being used.
+    #   @return [String]
+    #
+    # @!attribute [rw] resources
+    #   The name of the resource that is using the service-linked role.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RoleUsageType AWS API Documentation
+    #
+    class RoleUsageType < Struct.new(
+      :region,
+      :resources)
+      include Aws::Structure
+    end
+
     # Contains the list of SAML providers for this account.
     #
     # @!attribute [rw] arn
@@ -8750,15 +8876,19 @@ module Aws::IAM
     #   list of AWS websites that capture a user's last sign-in time, see
     #   the [Credential Reports][2] topic in the *Using IAM* guide. If a
     #   password is used more than once in a five-minute span, only the
-    #   first use is returned in this field. This field is null (not
-    #   present) when:
+    #   first use is returned in this field. If the field is null (no value)
+    #   then it indicates that they never signed in with a password. This
+    #   can be because:
     #
-    #   * The user does not have a password
+    #   * The user never had a password.
     #
-    #   * The password exists but has never been used (at least not since
-    #     IAM started tracking this information on October 20th, 2014
+    #   * A password exists but has not been used since IAM started tracking
+    #     this information on October 20th, 2014.
     #
-    #   * there is no sign-in data associated with the user
+    #   A null does not mean that the user *never* had a password. Also, if
+    #   the user does not currently have a password, but had one in the
+    #   past, then this field contains the date and time the most recent
+    #   password was used.
     #
     #   This value is returned only in the GetUser and ListUsers actions.
     #

data/lib/aws-sdk-iam/user.rb

@@ -82,14 +82,18 @@ module Aws::IAM
     # websites that capture a user's last sign-in time, see the [Credential
     # Reports][2] topic in the *Using IAM* guide. If a password is used more
     # than once in a five-minute span, only the first use is returned in
-    # this field. This field is null (not present) when:
+    # this field. If the field is null (no value) then it indicates that
+    # they never signed in with a password. This can be because:
     #
-    # * The user does not have a password
+    # * The user never had a password.
     #
-    # * The password exists but has never been used (at least not since IAM
-    #   started tracking this information on October 20th, 2014
+    # * A password exists but has not been used since IAM started tracking
+    #   this information on October 20th, 2014.
     #
-    # * there is no sign-in data associated with the user
+    # A null does not mean that the user *never* had a password. Also, if
+    # the user does not currently have a password, but had one in the past,
+    # then this field contains the date and time the most recent password
+    # was used.
     #
     # This value is returned only in the GetUser and ListUsers actions.
     #
@@ -412,7 +416,7 @@ module Aws::IAM
     #   This parameter allows (per its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   =,.@-+
     #
     #
     #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iam
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-14 00:00:00.000000000 Z
+date: 2017-09-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core