aws-sdk-iam 1.3.0 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2e89f4247a115db9ca87b66116f0106ce3c6037a
4
- data.tar.gz: 44f5baec07931eb1ebbdc18049150589f787da94
3
+ metadata.gz: 70d3b2943e08edf884bc6f426a3cbe25ce889254
4
+ data.tar.gz: d075c01c0af0f9e31d0b573e79bf5e9800985f8c
5
5
  SHA512:
6
- metadata.gz: c4dd248bb48875de1327da22ec1cdfa655d477d97fe58a49b540c6f59ee1df4422932fbeefc44c53ad024a93a38c446ca80a66a64d111b6e11430135c254dc69
7
- data.tar.gz: 1ec446ebc2ab4bbb0e0a49c454667c3265ad15ae0b705ee54d090d14ca54969f18fcabacbf477f821cdeb74fdd38fb03e7fdf5138451cae27afcd333108b381b
6
+ metadata.gz: aa3765e58d1b48bb157fb455604fb188731c3cdadab84c5894aca0da32f833bed6343dc37850f0e2ad972fd29115f836237e4ac193b675f8d87a975ecc41478b
7
+ data.tar.gz: 225481aec67611c9a36f5e878d9f2acb80ee2d3674b13354f0a10199842c4d24fc311978b48e5f56f98ea448df5ef66cdbd506b27a853d9f527fd8176524a7c2
@@ -64,6 +64,6 @@ require_relative 'aws-sdk-iam/customizations'
64
64
  # @service
65
65
  module Aws::IAM
66
66
 
67
- GEM_VERSION = '1.3.0'
67
+ GEM_VERSION = '1.4.0'
68
68
 
69
69
  end
@@ -48,8 +48,8 @@ module Aws::IAM
48
48
  end
49
49
  alias :secret_access_key :secret
50
50
 
51
- # The status of the access key. `Active` means the key is valid for API
52
- # calls, while `Inactive` means it is not.
51
+ # The status of the access key. `Active` means that the key is valid for
52
+ # API calls, while `Inactive` means it is not.
53
53
  # @return [String]
54
54
  def status
55
55
  data[:status]
@@ -59,7 +59,7 @@ module Aws::IAM
59
59
  end
60
60
 
61
61
  # Indicates whether passwords in the account expire. Returns true if
62
- # MaxPasswordAge is contains a value greater than 0. Returns false if
62
+ # `MaxPasswordAge` contains a value greater than 0. Returns false if
63
63
  # MaxPasswordAge is 0 or not present.
64
64
  # @return [Boolean]
65
65
  def expire_passwords
@@ -245,55 +245,73 @@ module Aws::IAM
245
245
  # @option options [Integer] :minimum_password_length
246
246
  # The minimum number of characters allowed in an IAM user password.
247
247
  #
248
- # Default value: 6
248
+ # If you do not specify a value for this parameter, then the operation
249
+ # uses the default value of `6`.
249
250
  # @option options [Boolean] :require_symbols
250
251
  # Specifies whether IAM user passwords must contain at least one of the
251
252
  # following non-alphanumeric characters:
252
253
  #
253
254
  # ! @ # $ % ^ & * ( ) \_ + - = \[ \] \\\{ \\} \| '
254
255
  #
255
- # Default value: false
256
+ # If you do not specify a value for this parameter, then the operation
257
+ # uses the default value of `false`. The result is that passwords do not
258
+ # require at least one symbol character.
256
259
  # @option options [Boolean] :require_numbers
257
260
  # Specifies whether IAM user passwords must contain at least one numeric
258
261
  # character (0 to 9).
259
262
  #
260
- # Default value: false
263
+ # If you do not specify a value for this parameter, then the operation
264
+ # uses the default value of `false`. The result is that passwords do not
265
+ # require at least one numeric character.
261
266
  # @option options [Boolean] :require_uppercase_characters
262
267
  # Specifies whether IAM user passwords must contain at least one
263
268
  # uppercase character from the ISO basic Latin alphabet (A to Z).
264
269
  #
265
- # Default value: false
270
+ # If you do not specify a value for this parameter, then the operation
271
+ # uses the default value of `false`. The result is that passwords do not
272
+ # require at least one uppercase character.
266
273
  # @option options [Boolean] :require_lowercase_characters
267
274
  # Specifies whether IAM user passwords must contain at least one
268
275
  # lowercase character from the ISO basic Latin alphabet (a to z).
269
276
  #
270
- # Default value: false
277
+ # If you do not specify a value for this parameter, then the operation
278
+ # uses the default value of `false`. The result is that passwords do not
279
+ # require at least one lowercase character.
271
280
  # @option options [Boolean] :allow_users_to_change_password
272
281
  # Allows all IAM users in your account to use the AWS Management Console
273
282
  # to change their own passwords. For more information, see [Letting IAM
274
283
  # Users Change Their Own Passwords][1] in the *IAM User Guide*.
275
284
  #
276
- # Default value: false
285
+ # If you do not specify a value for this parameter, then the operation
286
+ # uses the default value of `false`. The result is that IAM users in the
287
+ # account do not automatically have permissions to change their own
288
+ # password.
277
289
  #
278
290
  #
279
291
  #
280
292
  # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html
281
293
  # @option options [Integer] :max_password_age
282
- # The number of days that an IAM user password is valid. The default
283
- # value of 0 means IAM user passwords never expire.
294
+ # The number of days that an IAM user password is valid.
284
295
  #
285
- # Default value: 0
296
+ # If you do not specify a value for this parameter, then the operation
297
+ # uses the default value of `0`. The result is that IAM user passwords
298
+ # never expire.
286
299
  # @option options [Integer] :password_reuse_prevention
287
300
  # Specifies the number of previous passwords that IAM users are
288
- # prevented from reusing. The default value of 0 means IAM users are not
289
- # prevented from reusing previous passwords.
301
+ # prevented from reusing.
290
302
  #
291
- # Default value: 0
303
+ # If you do not specify a value for this parameter, then the operation
304
+ # uses the default value of `0`. The result is that IAM users are not
305
+ # prevented from reusing previous passwords.
292
306
  # @option options [Boolean] :hard_expiry
293
307
  # Prevents IAM users from setting a new password after their password
294
- # has expired.
308
+ # has expired. The IAM user cannot be accessed until an administrator
309
+ # resets the password.
295
310
  #
296
- # Default value: false
311
+ # If you do not specify a value for this parameter, then the operation
312
+ # uses the default value of `false`. The result is that IAM users can
313
+ # change their passwords after they expire and continue to sign in as
314
+ # the user.
297
315
  # @return [EmptyStructure]
298
316
  def update(options = {})
299
317
  resp = @client.update_account_password_policy(options)
@@ -165,12 +165,16 @@ module Aws::IAM
165
165
  # The policy that grants an entity permission to assume the role.
166
166
  #
167
167
  # The [regex pattern][1] used to validate this parameter is a string of
168
- # characters consisting of any printable ASCII character ranging from
169
- # the space character (\\u0020) through end of the ASCII character range
170
- # as well as the printable characters in the Basic Latin and Latin-1
171
- # Supplement character set (through \\u00FF). It also includes the
172
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
173
- # return (\\u000D).
168
+ # characters consisting of the following:
169
+ #
170
+ # * Any printable ASCII character ranging from the space character
171
+ # (\\u0020) through the end of the ASCII character range
172
+ #
173
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
174
+ # character set (through \\u00FF)
175
+ #
176
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
177
+ # carriage return (\\u000D)
174
178
  #
175
179
  #
176
180
  #
@@ -149,13 +149,13 @@ module Aws::IAM
149
149
  # IDs already registered for the specified IAM OpenID Connect (OIDC)
150
150
  # provider resource.
151
151
  #
152
- # This action is idempotent; it does not fail or return an error if you
153
- # add an existing client ID to the provider.
152
+ # This operation is idempotent; it does not fail or return an error if
153
+ # you add an existing client ID to the provider.
154
154
  #
155
155
  # @option params [required, String] :open_id_connect_provider_arn
156
156
  # The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC)
157
157
  # provider resource to add the client ID to. You can get a list of OIDC
158
- # provider ARNs by using the ListOpenIDConnectProviders action.
158
+ # provider ARNs by using the ListOpenIDConnectProviders operation.
159
159
  #
160
160
  # @option params [required, String] :client_id
161
161
  # The client ID (also known as audience) to add to the IAM OpenID
@@ -192,21 +192,29 @@ module Aws::IAM
192
192
 
193
193
  # Adds the specified IAM role to the specified instance profile. An
194
194
  # instance profile can contain only one role, and this limit cannot be
195
- # increased.
195
+ # increased. You can remove the existing role and then add a different
196
+ # role to an instance profile. You must then wait for the change to
197
+ # appear across all of AWS because of [eventual consistency][1]. To
198
+ # force the change, you must [disassociate the instance profile][2] and
199
+ # then [associate the instance profile][3], or you can stop your
200
+ # instance and then restart it.
196
201
  #
197
202
  # <note markdown="1"> The caller of this API must be granted the `PassRole` permission on
198
203
  # the IAM role by a permission policy.
199
204
  #
200
205
  # </note>
201
206
  #
202
- # For more information about roles, go to [Working with Roles][1]. For
207
+ # For more information about roles, go to [Working with Roles][4]. For
203
208
  # more information about instance profiles, go to [About Instance
204
- # Profiles][2].
209
+ # Profiles][5].
205
210
  #
206
211
  #
207
212
  #
208
- # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
209
- # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
213
+ # [1]: https://en.wikipedia.org/wiki/Eventual_consistency
214
+ # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
215
+ # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
216
+ # [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
217
+ # [5]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
210
218
  #
211
219
  # @option params [required, String] :instance_profile_name
212
220
  # The name of the instance profile to update.
@@ -214,7 +222,7 @@ module Aws::IAM
214
222
  # This parameter allows (per its [regex pattern][1]) a string of
215
223
  # characters consisting of upper and lowercase alphanumeric characters
216
224
  # with no spaces. You can also include any of the following characters:
217
- # =,.@-
225
+ # \_+=,.@-
218
226
  #
219
227
  #
220
228
  #
@@ -268,7 +276,7 @@ module Aws::IAM
268
276
  # This parameter allows (per its [regex pattern][1]) a string of
269
277
  # characters consisting of upper and lowercase alphanumeric characters
270
278
  # with no spaces. You can also include any of the following characters:
271
- # =,.@-
279
+ # \_+=,.@-
272
280
  #
273
281
  #
274
282
  #
@@ -280,7 +288,7 @@ module Aws::IAM
280
288
  # This parameter allows (per its [regex pattern][1]) a string of
281
289
  # characters consisting of upper and lowercase alphanumeric characters
282
290
  # with no spaces. You can also include any of the following characters:
283
- # =,.@-
291
+ # \_+=,.@-
284
292
  #
285
293
  #
286
294
  #
@@ -333,7 +341,7 @@ module Aws::IAM
333
341
  # This parameter allows (per its [regex pattern][1]) a string of
334
342
  # characters consisting of upper and lowercase alphanumeric characters
335
343
  # with no spaces. You can also include any of the following characters:
336
- # =,.@-
344
+ # \_+=,.@-
337
345
  #
338
346
  #
339
347
  #
@@ -466,7 +474,7 @@ module Aws::IAM
466
474
  # This parameter allows (per its [regex pattern][1]) a string of
467
475
  # characters consisting of upper and lowercase alphanumeric characters
468
476
  # with no spaces. You can also include any of the following characters:
469
- # =,.@-
477
+ # \_+=,.@-
470
478
  #
471
479
  #
472
480
  #
@@ -510,8 +518,8 @@ module Aws::IAM
510
518
  req.send_request(options)
511
519
  end
512
520
 
513
- # Changes the password of the IAM user who is calling this action. The
514
- # root account password is not affected by this action.
521
+ # Changes the password of the IAM user who is calling this operation.
522
+ # The AWS account root user password is not affected by this operation.
515
523
  #
516
524
  # To change the password for a different user, see UpdateLoginProfile.
517
525
  # For more information about modifying passwords, see [Managing
@@ -528,14 +536,14 @@ module Aws::IAM
528
536
  # The new password. The new password must conform to the AWS account's
529
537
  # password policy, if one exists.
530
538
  #
531
- # The [regex pattern][1] used to validate this parameter is a string of
532
- # characters consisting of almost any printable ASCII character from the
533
- # space (\\u0020) through the end of the ASCII character range
534
- # (\\u00FF). You can also include the tab (\\u0009), line feed
535
- # (\\u000A), and carriage return (\\u000D) characters. Although any of
536
- # these characters are valid in a password, note that many tools, such
537
- # as the AWS Management Console, might restrict the ability to enter
538
- # certain characters because they have special meaning within that tool.
539
+ # The [regex pattern][1] that is used to validate this parameter is a
540
+ # string of characters. That string can include almost any printable
541
+ # ASCII character from the space (\\u0020) through the end of the ASCII
542
+ # character range (\\u00FF). You can also include the tab (\\u0009),
543
+ # line feed (\\u000A), and carriage return (\\u000D) characters. Any of
544
+ # these characters are valid in a password. However, many tools, such as
545
+ # the AWS Management Console, might restrict the ability to type certain
546
+ # characters because they have special meaning within that tool.
539
547
  #
540
548
  #
541
549
  #
@@ -575,9 +583,9 @@ module Aws::IAM
575
583
  #
576
584
  # If you do not specify a user name, IAM determines the user name
577
585
  # implicitly based on the AWS access key ID signing the request. Because
578
- # this action works for access keys under the AWS account, you can use
579
- # this action to manage root credentials even if the AWS account has no
580
- # associated users.
586
+ # this operation works for access keys under the AWS account, you can
587
+ # use this operation to manage AWS account root user credentials. This
588
+ # is true even if the AWS account has no associated users.
581
589
  #
582
590
  # For information about limits on the number of keys you can create, see
583
591
  # [Limitations on IAM Entities][1] in the *IAM User Guide*.
@@ -598,7 +606,7 @@ module Aws::IAM
598
606
  # This parameter allows (per its [regex pattern][1]) a string of
599
607
  # characters consisting of upper and lowercase alphanumeric characters
600
608
  # with no spaces. You can also include any of the following characters:
601
- # =,.@-
609
+ # \_+=,.@-
602
610
  #
603
611
  #
604
612
  #
@@ -713,12 +721,12 @@ module Aws::IAM
713
721
  # This parameter is optional. If it is not included, it defaults to a
714
722
  # slash (/).
715
723
  #
716
- # This paramater allows (per its [regex pattern][2]) a string of
724
+ # This parameter allows (per its [regex pattern][2]) a string of
717
725
  # characters consisting of either a forward slash (/) by itself or a
718
- # string that must begin and end with forward slashes, containing any
719
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
720
- # including most punctuation characters, digits, and upper and
721
- # lowercased letters.
726
+ # string that must begin and end with forward slashes. In addition, it
727
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
728
+ # character (\\u007F), including most punctuation characters, digits,
729
+ # and upper and lowercased letters.
722
730
  #
723
731
  #
724
732
  #
@@ -732,9 +740,9 @@ module Aws::IAM
732
740
  # This parameter allows (per its [regex pattern][1]) a string of
733
741
  # characters consisting of upper and lowercase alphanumeric characters
734
742
  # with no spaces. You can also include any of the following characters:
735
- # =,.@-. The group name must be unique within the account. Group names
736
- # are not distinguished by case. For example, you cannot create groups
737
- # named both "ADMINS" and "admins".
743
+ # \_+=,.@-. The group name must be unique within the account. Group
744
+ # names are not distinguished by case. For example, you cannot create
745
+ # groups named both "ADMINS" and "admins".
738
746
  #
739
747
  #
740
748
  #
@@ -805,7 +813,7 @@ module Aws::IAM
805
813
  # This parameter allows (per its [regex pattern][1]) a string of
806
814
  # characters consisting of upper and lowercase alphanumeric characters
807
815
  # with no spaces. You can also include any of the following characters:
808
- # =,.@-
816
+ # \_+=,.@-
809
817
  #
810
818
  #
811
819
  #
@@ -818,12 +826,12 @@ module Aws::IAM
818
826
  # This parameter is optional. If it is not included, it defaults to a
819
827
  # slash (/).
820
828
  #
821
- # This paramater allows (per its [regex pattern][2]) a string of
829
+ # This parameter allows (per its [regex pattern][2]) a string of
822
830
  # characters consisting of either a forward slash (/) by itself or a
823
- # string that must begin and end with forward slashes, containing any
824
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
825
- # including most punctuation characters, digits, and upper and
826
- # lowercased letters.
831
+ # string that must begin and end with forward slashes. In addition, it
832
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
833
+ # character (\\u007F), including most punctuation characters, digits,
834
+ # and upper and lowercased letters.
827
835
  #
828
836
  #
829
837
  #
@@ -879,6 +887,7 @@ module Aws::IAM
879
887
  # resp.instance_profile.roles[0].create_date #=> Time
880
888
  # resp.instance_profile.roles[0].assume_role_policy_document #=> String
881
889
  # resp.instance_profile.roles[0].description #=> String
890
+ # resp.instance_profile.roles[0].max_session_duration #=> Integer
882
891
  #
883
892
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation
884
893
  #
@@ -905,7 +914,7 @@ module Aws::IAM
905
914
  # This parameter allows (per its [regex pattern][1]) a string of
906
915
  # characters consisting of upper and lowercase alphanumeric characters
907
916
  # with no spaces. You can also include any of the following characters:
908
- # =,.@-
917
+ # \_+=,.@-
909
918
  #
910
919
  #
911
920
  #
@@ -914,14 +923,14 @@ module Aws::IAM
914
923
  # @option params [required, String] :password
915
924
  # The new password for the user.
916
925
  #
917
- # The [regex pattern][1] used to validate this parameter is a string of
918
- # characters consisting of almost any printable ASCII character from the
919
- # space (\\u0020) through the end of the ASCII character range
920
- # (\\u00FF). You can also include the tab (\\u0009), line feed
921
- # (\\u000A), and carriage return (\\u000D) characters. Although any of
922
- # these characters are valid in a password, note that many tools, such
923
- # as the AWS Management Console, might restrict the ability to enter
924
- # certain characters because they have special meaning within that tool.
926
+ # The [regex pattern][1] that is used to validate this parameter is a
927
+ # string of characters. That string can include almost any printable
928
+ # ASCII character from the space (\\u0020) through the end of the ASCII
929
+ # character range (\\u00FF). You can also include the tab (\\u0009),
930
+ # line feed (\\u000A), and carriage return (\\u000D) characters. Any of
931
+ # these characters are valid in a password. However, many tools, such as
932
+ # the AWS Management Console, might restrict the ability to type certain
933
+ # characters because they have special meaning within that tool.
925
934
  #
926
935
  #
927
936
  #
@@ -983,21 +992,26 @@ module Aws::IAM
983
992
  # supports [OpenID Connect (OIDC)][1].
984
993
  #
985
994
  # The OIDC provider that you create with this operation can be used as a
986
- # principal in a role's trust policy to establish a trust relationship
987
- # between AWS and the OIDC provider.
988
- #
989
- # When you create the IAM OIDC provider, you specify the URL of the OIDC
990
- # identity provider (IdP) to trust, a list of client IDs (also known as
991
- # audiences) that identify the application or applications that are
992
- # allowed to authenticate using the OIDC provider, and a list of
993
- # thumbprints of the server certificate(s) that the IdP uses. You get
994
- # all of this information from the OIDC IdP that you want to use for
995
- # access to AWS.
995
+ # principal in a role's trust policy. Such a policy establishes a trust
996
+ # relationship between AWS and the OIDC provider.
996
997
  #
997
- # <note markdown="1"> Because trust for the OIDC provider is ultimately derived from the IAM
998
- # provider that this action creates, it is a best practice to limit
999
- # access to the CreateOpenIDConnectProvider action to highly-privileged
1000
- # users.
998
+ # When you create the IAM OIDC provider, you specify the following:
999
+ #
1000
+ # * The URL of the OIDC identity provider (IdP) to trust
1001
+ #
1002
+ # * A list of client IDs (also known as audiences) that identify the
1003
+ # application or applications that are allowed to authenticate using
1004
+ # the OIDC provider
1005
+ #
1006
+ # * A list of thumbprints of the server certificate(s) that the IdP
1007
+ # uses.
1008
+ #
1009
+ # You get all of this information from the OIDC IdP that you want to use
1010
+ # to access AWS.
1011
+ #
1012
+ # <note markdown="1"> Because trust for the OIDC provider is derived from the IAM provider
1013
+ # that this operation creates, it is best to limit access to the
1014
+ # CreateOpenIDConnectProvider operation to highly privileged users.
1001
1015
  #
1002
1016
  # </note>
1003
1017
  #
@@ -1006,12 +1020,11 @@ module Aws::IAM
1006
1020
  # [1]: http://openid.net/connect/
1007
1021
  #
1008
1022
  # @option params [required, String] :url
1009
- # The URL of the identity provider. The URL must begin with "https://"
1023
+ # The URL of the identity provider. The URL must begin with `https://`
1010
1024
  # and should correspond to the `iss` claim in the provider's OpenID
1011
1025
  # Connect ID tokens. Per the OIDC standard, path components are allowed
1012
1026
  # but query parameters are not. Typically the URL consists of only a
1013
- # host name, like "https://server.example.org" or
1014
- # "https://example.com".
1027
+ # hostname, like `https://server.example.org` or `https://example.com`.
1015
1028
  #
1016
1029
  # You cannot register the same provider multiple times in a single AWS
1017
1030
  # account. If you try to submit a URL that has already been used for an
@@ -1029,26 +1042,26 @@ module Aws::IAM
1029
1042
  # IAM OIDC provider.
1030
1043
  #
1031
1044
  # There is no defined format for a client ID. The
1032
- # `CreateOpenIDConnectProviderRequest` action accepts client IDs up to
1033
- # 255 characters long.
1045
+ # `CreateOpenIDConnectProviderRequest` operation accepts client IDs up
1046
+ # to 255 characters long.
1034
1047
  #
1035
1048
  # @option params [required, Array<String>] :thumbprint_list
1036
1049
  # A list of server certificate thumbprints for the OpenID Connect (OIDC)
1037
- # identity provider's server certificate(s). Typically this list
1038
- # includes only one entry. However, IAM lets you have up to five
1039
- # thumbprints for an OIDC provider. This lets you maintain multiple
1040
- # thumbprints if the identity provider is rotating certificates.
1050
+ # identity provider's server certificates. Typically this list includes
1051
+ # only one entry. However, IAM lets you have up to five thumbprints for
1052
+ # an OIDC provider. This lets you maintain multiple thumbprints if the
1053
+ # identity provider is rotating certificates.
1041
1054
  #
1042
1055
  # The server certificate thumbprint is the hex-encoded SHA-1 hash value
1043
1056
  # of the X.509 certificate used by the domain where the OpenID Connect
1044
1057
  # provider makes its keys available. It is always a 40-character string.
1045
1058
  #
1046
1059
  # You must provide at least one thumbprint when creating an IAM OIDC
1047
- # provider. For example, if the OIDC provider is `server.example.com`
1048
- # and the provider stores its keys at
1049
- # "https://keys.server.example.com/openid-connect", the thumbprint
1050
- # string would be the hex-encoded SHA-1 hash value of the certificate
1051
- # used by https://keys.server.example.com.
1060
+ # provider. For example, assume that the OIDC provider is
1061
+ # `server.example.com` and the provider stores its keys at
1062
+ # https://keys.server.example.com/openid-connect. In that case, the
1063
+ # thumbprint string would be the hex-encoded SHA-1 hash value of the
1064
+ # certificate used by https://keys.server.example.com.
1052
1065
  #
1053
1066
  # For more information about obtaining the OIDC provider's thumbprint,
1054
1067
  # see [Obtaining the Thumbprint for an OpenID Connect Provider][1] in
@@ -1125,7 +1138,7 @@ module Aws::IAM
1125
1138
  # This parameter allows (per its [regex pattern][1]) a string of
1126
1139
  # characters consisting of upper and lowercase alphanumeric characters
1127
1140
  # with no spaces. You can also include any of the following characters:
1128
- # =,.@-+
1141
+ # \_+=,.@-
1129
1142
  #
1130
1143
  #
1131
1144
  #
@@ -1140,12 +1153,12 @@ module Aws::IAM
1140
1153
  # This parameter is optional. If it is not included, it defaults to a
1141
1154
  # slash (/).
1142
1155
  #
1143
- # This paramater allows (per its [regex pattern][2]) a string of
1156
+ # This parameter allows (per its [regex pattern][2]) a string of
1144
1157
  # characters consisting of either a forward slash (/) by itself or a
1145
- # string that must begin and end with forward slashes, containing any
1146
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
1147
- # including most punctuation characters, digits, and upper and
1148
- # lowercased letters.
1158
+ # string that must begin and end with forward slashes. In addition, it
1159
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
1160
+ # character (\\u007F), including most punctuation characters, digits,
1161
+ # and upper and lowercased letters.
1149
1162
  #
1150
1163
  #
1151
1164
  #
@@ -1157,12 +1170,16 @@ module Aws::IAM
1157
1170
  # new policy.
1158
1171
  #
1159
1172
  # The [regex pattern][1] used to validate this parameter is a string of
1160
- # characters consisting of any printable ASCII character ranging from
1161
- # the space character (\\u0020) through end of the ASCII character range
1162
- # as well as the printable characters in the Basic Latin and Latin-1
1163
- # Supplement character set (through \\u00FF). It also includes the
1164
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
1165
- # return (\\u000D).
1173
+ # characters consisting of the following:
1174
+ #
1175
+ # * Any printable ASCII character ranging from the space character
1176
+ # (\\u0020) through the end of the ASCII character range
1177
+ #
1178
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
1179
+ # character set (through \\u00FF)
1180
+ #
1181
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
1182
+ # carriage return (\\u000D)
1166
1183
  #
1167
1184
  #
1168
1185
  #
@@ -1246,12 +1263,16 @@ module Aws::IAM
1246
1263
  # new version of the policy.
1247
1264
  #
1248
1265
  # The [regex pattern][1] used to validate this parameter is a string of
1249
- # characters consisting of any printable ASCII character ranging from
1250
- # the space character (\\u0020) through end of the ASCII character range
1251
- # as well as the printable characters in the Basic Latin and Latin-1
1252
- # Supplement character set (through \\u00FF). It also includes the
1253
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
1254
- # return (\\u000D).
1266
+ # characters consisting of the following:
1267
+ #
1268
+ # * Any printable ASCII character ranging from the space character
1269
+ # (\\u0020) through the end of the ASCII character range
1270
+ #
1271
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
1272
+ # character set (through \\u00FF)
1273
+ #
1274
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
1275
+ # carriage return (\\u000D)
1255
1276
  #
1256
1277
  #
1257
1278
  #
@@ -1262,8 +1283,8 @@ module Aws::IAM
1262
1283
  # version.
1263
1284
  #
1264
1285
  # When this parameter is `true`, the new policy version becomes the
1265
- # operative version; that is, the version that is in effect for the IAM
1266
- # users, groups, and roles that the policy is attached to.
1286
+ # operative version. That is, it becomes the version that is in effect
1287
+ # for the IAM users, groups, and roles that the policy is attached to.
1267
1288
  #
1268
1289
  # For more information about managed policy versions, see [Versioning
1269
1290
  # for Managed Policies][1] in the *IAM User Guide*.
@@ -1301,9 +1322,9 @@ module Aws::IAM
1301
1322
  end
1302
1323
 
1303
1324
  # Creates a new role for your AWS account. For more information about
1304
- # roles, go to [Working with Roles][1]. For information about
1305
- # limitations on role names and the number of roles you can create, go
1306
- # to [Limitations on IAM Entities][2] in the *IAM User Guide*.
1325
+ # roles, go to [IAM Roles][1]. For information about limitations on role
1326
+ # names and the number of roles you can create, go to [Limitations on
1327
+ # IAM Entities][2] in the *IAM User Guide*.
1307
1328
  #
1308
1329
  #
1309
1330
  #
@@ -1317,12 +1338,12 @@ module Aws::IAM
1317
1338
  # This parameter is optional. If it is not included, it defaults to a
1318
1339
  # slash (/).
1319
1340
  #
1320
- # This paramater allows (per its [regex pattern][2]) a string of
1341
+ # This parameter allows (per its [regex pattern][2]) a string of
1321
1342
  # characters consisting of either a forward slash (/) by itself or a
1322
- # string that must begin and end with forward slashes, containing any
1323
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
1324
- # including most punctuation characters, digits, and upper and
1325
- # lowercased letters.
1343
+ # string that must begin and end with forward slashes. In addition, it
1344
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
1345
+ # character (\\u007F), including most punctuation characters, digits,
1346
+ # and upper and lowercased letters.
1326
1347
  #
1327
1348
  #
1328
1349
  #
@@ -1349,19 +1370,44 @@ module Aws::IAM
1349
1370
  # permission to assume the role.
1350
1371
  #
1351
1372
  # The [regex pattern][1] used to validate this parameter is a string of
1352
- # characters consisting of any printable ASCII character ranging from
1353
- # the space character (\\u0020) through end of the ASCII character range
1354
- # as well as the printable characters in the Basic Latin and Latin-1
1355
- # Supplement character set (through \\u00FF). It also includes the
1356
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
1357
- # return (\\u000D).
1373
+ # characters consisting of the following:
1374
+ #
1375
+ # * Any printable ASCII character ranging from the space character
1376
+ # (\\u0020) through the end of the ASCII character range
1377
+ #
1378
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
1379
+ # character set (through \\u00FF)
1380
+ #
1381
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
1382
+ # carriage return (\\u000D)
1358
1383
  #
1359
1384
  #
1360
1385
  #
1361
1386
  # [1]: http://wikipedia.org/wiki/regex
1362
1387
  #
1363
1388
  # @option params [String] :description
1364
- # A customer-provided description of the role.
1389
+ # A description of the role.
1390
+ #
1391
+ # @option params [Integer] :max_session_duration
1392
+ # The maximum session duration (in seconds) that you want to set for the
1393
+ # specified role. If you do not specify a value for this setting, the
1394
+ # default maximum of one hour is applied. This setting can have a value
1395
+ # from 1 hour to 12 hours.
1396
+ #
1397
+ # Anyone who assumes the role from the AWS CLI or API can use the
1398
+ # `DurationSeconds` API parameter or the `duration-seconds` CLI
1399
+ # parameter to request a longer session. The `MaxSessionDuration`
1400
+ # setting determines the maximum duration that can be requested using
1401
+ # the `DurationSeconds` parameter. If users don't specify a value for
1402
+ # the `DurationSeconds` parameter, their security credentials are valid
1403
+ # for one hour by default. This applies when you use the `AssumeRole*`
1404
+ # API operations or the `assume-role*` CLI operations but does not apply
1405
+ # when you use those operations to create a console URL. For more
1406
+ # information, see [Using IAM Roles][1] in the *IAM User Guide*.
1407
+ #
1408
+ #
1409
+ #
1410
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
1365
1411
  #
1366
1412
  # @return [Types::CreateRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1367
1413
  #
@@ -1398,6 +1444,7 @@ module Aws::IAM
1398
1444
  # role_name: "roleNameType", # required
1399
1445
  # assume_role_policy_document: "policyDocumentType", # required
1400
1446
  # description: "roleDescriptionType",
1447
+ # max_session_duration: 1,
1401
1448
  # })
1402
1449
  #
1403
1450
  # @example Response structure
@@ -1409,6 +1456,7 @@ module Aws::IAM
1409
1456
  # resp.role.create_date #=> Time
1410
1457
  # resp.role.assume_role_policy_document #=> String
1411
1458
  # resp.role.description #=> String
1459
+ # resp.role.max_session_duration #=> Integer
1412
1460
  #
1413
1461
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRole AWS API Documentation
1414
1462
  #
@@ -1423,13 +1471,14 @@ module Aws::IAM
1423
1471
  # supports SAML 2.0.
1424
1472
  #
1425
1473
  # The SAML provider resource that you create with this operation can be
1426
- # used as a principal in an IAM role's trust policy to enable federated
1427
- # users who sign-in using the SAML IdP to assume the role. You can
1428
- # create an IAM role that supports Web-based single sign-on (SSO) to the
1429
- # AWS Management Console or one that supports API access to AWS.
1474
+ # used as a principal in an IAM role's trust policy. Such a policy can
1475
+ # enable federated users who sign-in using the SAML IdP to assume the
1476
+ # role. You can create an IAM role that supports Web-based single
1477
+ # sign-on (SSO) to the AWS Management Console or one that supports API
1478
+ # access to AWS.
1430
1479
  #
1431
- # When you create the SAML provider resource, you upload an a SAML
1432
- # metadata document that you get from your IdP and that includes the
1480
+ # When you create the SAML provider resource, you upload a SAML metadata
1481
+ # document that you get from your IdP. That document includes the
1433
1482
  # issuer's name, expiration information, and keys that can be used to
1434
1483
  # validate the SAML authentication response (assertions) that the IdP
1435
1484
  # sends. You must generate the metadata document using the identity
@@ -1470,7 +1519,7 @@ module Aws::IAM
1470
1519
  # This parameter allows (per its [regex pattern][1]) a string of
1471
1520
  # characters consisting of upper and lowercase alphanumeric characters
1472
1521
  # with no spaces. You can also include any of the following characters:
1473
- # =,.@-
1522
+ # \_+=,.@-
1474
1523
  #
1475
1524
  #
1476
1525
  #
@@ -1508,7 +1557,7 @@ module Aws::IAM
1508
1557
  # role helps improve service stability and proper cleanup when a service
1509
1558
  # and its role are no longer needed.
1510
1559
  #
1511
- # The name of the role is autogenerated by combining the string that you
1560
+ # The name of the role is generated by combining the string that you
1512
1561
  # specify for the `AWSServiceName` parameter with the string that you
1513
1562
  # specify for the `CustomSuffix` parameter. The resulting name must be
1514
1563
  # unique in your account or the request fails.
@@ -1552,6 +1601,7 @@ module Aws::IAM
1552
1601
  # resp.role.create_date #=> Time
1553
1602
  # resp.role.assume_role_policy_document #=> String
1554
1603
  # resp.role.description #=> String
1604
+ # resp.role.max_session_duration #=> Integer
1555
1605
  #
1556
1606
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRole AWS API Documentation
1557
1607
  #
@@ -1592,7 +1642,7 @@ module Aws::IAM
1592
1642
  # This parameter allows (per its [regex pattern][1]) a string of
1593
1643
  # characters consisting of upper and lowercase alphanumeric characters
1594
1644
  # with no spaces. You can also include any of the following characters:
1595
- # =,.@-
1645
+ # \_+=,.@-
1596
1646
  #
1597
1647
  #
1598
1648
  #
@@ -1649,12 +1699,12 @@ module Aws::IAM
1649
1699
  # This parameter is optional. If it is not included, it defaults to a
1650
1700
  # slash (/).
1651
1701
  #
1652
- # This paramater allows (per its [regex pattern][2]) a string of
1702
+ # This parameter allows (per its [regex pattern][2]) a string of
1653
1703
  # characters consisting of either a forward slash (/) by itself or a
1654
- # string that must begin and end with forward slashes, containing any
1655
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
1656
- # including most punctuation characters, digits, and upper and
1657
- # lowercased letters.
1704
+ # string that must begin and end with forward slashes. In addition, it
1705
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
1706
+ # character (\\u007F), including most punctuation characters, digits,
1707
+ # and upper and lowercased letters.
1658
1708
  #
1659
1709
  #
1660
1710
  #
@@ -1667,7 +1717,7 @@ module Aws::IAM
1667
1717
  # This parameter allows (per its [regex pattern][1]) a string of
1668
1718
  # characters consisting of upper and lowercase alphanumeric characters
1669
1719
  # with no spaces. You can also include any of the following characters:
1670
- # =,.@-. User names are not distinguished by case. For example, you
1720
+ # \_+=,.@-. User names are not distinguished by case. For example, you
1671
1721
  # cannot create users named both "TESTUSER" and "testuser".
1672
1722
  #
1673
1723
  #
@@ -1750,12 +1800,12 @@ module Aws::IAM
1750
1800
  # This parameter is optional. If it is not included, it defaults to a
1751
1801
  # slash (/).
1752
1802
  #
1753
- # This paramater allows (per its [regex pattern][2]) a string of
1803
+ # This parameter allows (per its [regex pattern][2]) a string of
1754
1804
  # characters consisting of either a forward slash (/) by itself or a
1755
- # string that must begin and end with forward slashes, containing any
1756
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
1757
- # including most punctuation characters, digits, and upper and
1758
- # lowercased letters.
1805
+ # string that must begin and end with forward slashes. In addition, it
1806
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
1807
+ # character (\\u007F), including most punctuation characters, digits,
1808
+ # and upper and lowercased letters.
1759
1809
  #
1760
1810
  #
1761
1811
  #
@@ -1769,7 +1819,7 @@ module Aws::IAM
1769
1819
  # This parameter allows (per its [regex pattern][1]) a string of
1770
1820
  # characters consisting of upper and lowercase alphanumeric characters
1771
1821
  # with no spaces. You can also include any of the following characters:
1772
- # =,.@-
1822
+ # \_+=,.@-
1773
1823
  #
1774
1824
  #
1775
1825
  #
@@ -1825,7 +1875,7 @@ module Aws::IAM
1825
1875
  # This parameter allows (per its [regex pattern][1]) a string of
1826
1876
  # characters consisting of upper and lowercase alphanumeric characters
1827
1877
  # with no spaces. You can also include any of the following characters:
1828
- # =,.@-
1878
+ # \_+=,.@-
1829
1879
  #
1830
1880
  #
1831
1881
  #
@@ -1866,9 +1916,9 @@ module Aws::IAM
1866
1916
  #
1867
1917
  # If you do not specify a user name, IAM determines the user name
1868
1918
  # implicitly based on the AWS access key ID signing the request. Because
1869
- # this action works for access keys under the AWS account, you can use
1870
- # this action to manage root credentials even if the AWS account has no
1871
- # associated users.
1919
+ # this operation works for access keys under the AWS account, you can
1920
+ # use this operation to manage AWS account root user credentials even if
1921
+ # the AWS account has no associated users.
1872
1922
  #
1873
1923
  # @option params [String] :user_name
1874
1924
  # The name of the user whose access key pair you want to delete.
@@ -1876,7 +1926,7 @@ module Aws::IAM
1876
1926
  # This parameter allows (per its [regex pattern][1]) a string of
1877
1927
  # characters consisting of upper and lowercase alphanumeric characters
1878
1928
  # with no spaces. You can also include any of the following characters:
1879
- # =,.@-
1929
+ # \_+=,.@-
1880
1930
  #
1881
1931
  #
1882
1932
  #
@@ -1999,7 +2049,7 @@ module Aws::IAM
1999
2049
  # This parameter allows (per its [regex pattern][1]) a string of
2000
2050
  # characters consisting of upper and lowercase alphanumeric characters
2001
2051
  # with no spaces. You can also include any of the following characters:
2002
- # =,.@-
2052
+ # \_+=,.@-
2003
2053
  #
2004
2054
  #
2005
2055
  #
@@ -2041,7 +2091,7 @@ module Aws::IAM
2041
2091
  # This parameter allows (per its [regex pattern][1]) a string of
2042
2092
  # characters consisting of upper and lowercase alphanumeric characters
2043
2093
  # with no spaces. You can also include any of the following characters:
2044
- # =,.@-
2094
+ # \_+=,.@-
2045
2095
  #
2046
2096
  #
2047
2097
  #
@@ -2053,7 +2103,7 @@ module Aws::IAM
2053
2103
  # This parameter allows (per its [regex pattern][1]) a string of
2054
2104
  # characters consisting of upper and lowercase alphanumeric characters
2055
2105
  # with no spaces. You can also include any of the following characters:
2056
- # =,.@-+
2106
+ # \_+=,.@-
2057
2107
  #
2058
2108
  #
2059
2109
  #
@@ -2090,10 +2140,10 @@ module Aws::IAM
2090
2140
  # Deletes the specified instance profile. The instance profile must not
2091
2141
  # have an associated role.
2092
2142
  #
2093
- # Make sure you do not have any Amazon EC2 instances running with the
2094
- # instance profile you are about to delete. Deleting a role or instance
2095
- # profile that is associated with a running instance will break any
2096
- # applications running on the instance.
2143
+ # Make sure that you do not have any Amazon EC2 instances running with
2144
+ # the instance profile you are about to delete. Deleting a role or
2145
+ # instance profile that is associated with a running instance will break
2146
+ # any applications running on the instance.
2097
2147
  #
2098
2148
  # For more information about instance profiles, go to [About Instance
2099
2149
  # Profiles][1].
@@ -2108,7 +2158,7 @@ module Aws::IAM
2108
2158
  # This parameter allows (per its [regex pattern][1]) a string of
2109
2159
  # characters consisting of upper and lowercase alphanumeric characters
2110
2160
  # with no spaces. You can also include any of the following characters:
2111
- # =,.@-
2161
+ # \_+=,.@-
2112
2162
  #
2113
2163
  #
2114
2164
  #
@@ -2156,7 +2206,7 @@ module Aws::IAM
2156
2206
  # This parameter allows (per its [regex pattern][1]) a string of
2157
2207
  # characters consisting of upper and lowercase alphanumeric characters
2158
2208
  # with no spaces. You can also include any of the following characters:
2159
- # =,.@-
2209
+ # \_+=,.@-
2160
2210
  #
2161
2211
  #
2162
2212
  #
@@ -2195,13 +2245,14 @@ module Aws::IAM
2195
2245
  # reference the provider as a principal in their trust policies. Any
2196
2246
  # attempt to assume a role that references a deleted provider fails.
2197
2247
  #
2198
- # This action is idempotent; it does not fail or return an error if you
2199
- # call the action for a provider that does not exist.
2248
+ # This operation is idempotent; it does not fail or return an error if
2249
+ # you call the operation for a provider that does not exist.
2200
2250
  #
2201
2251
  # @option params [required, String] :open_id_connect_provider_arn
2202
2252
  # The Amazon Resource Name (ARN) of the IAM OpenID Connect provider
2203
2253
  # resource object to delete. You can get a list of OpenID Connect
2204
- # provider resource ARNs by using the ListOpenIDConnectProviders action.
2254
+ # provider resource ARNs by using the ListOpenIDConnectProviders
2255
+ # operation.
2205
2256
  #
2206
2257
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2207
2258
  #
@@ -2223,14 +2274,14 @@ module Aws::IAM
2223
2274
  # Deletes the specified managed policy.
2224
2275
  #
2225
2276
  # Before you can delete a managed policy, you must first detach the
2226
- # policy from all users, groups, and roles that it is attached to, and
2227
- # you must delete all of the policy's versions. The following steps
2228
- # describe the process for deleting a managed policy:
2277
+ # policy from all users, groups, and roles that it is attached to. In
2278
+ # addition you must delete all the policy's versions. The following
2279
+ # steps describe the process for deleting a managed policy:
2229
2280
  #
2230
2281
  # * Detach the policy from all users, groups, and roles that the policy
2231
2282
  # is attached to, using the DetachUserPolicy, DetachGroupPolicy, or
2232
- # DetachRolePolicy APIs. To list all the users, groups, and roles that
2233
- # a policy is attached to, use ListEntitiesForPolicy.
2283
+ # DetachRolePolicy API operations. To list all the users, groups, and
2284
+ # roles that a policy is attached to, use ListEntitiesForPolicy.
2234
2285
  #
2235
2286
  # * Delete all versions of the policy using DeletePolicyVersion. To list
2236
2287
  # the policy's versions, use ListPolicyVersions. You cannot use
@@ -2338,9 +2389,9 @@ module Aws::IAM
2338
2389
  # attached. For more information about roles, go to [Working with
2339
2390
  # Roles][1].
2340
2391
  #
2341
- # Make sure you do not have any Amazon EC2 instances running with the
2342
- # role you are about to delete. Deleting a role or instance profile that
2343
- # is associated with a running instance will break any applications
2392
+ # Make sure that you do not have any Amazon EC2 instances running with
2393
+ # the role you are about to delete. Deleting a role or instance profile
2394
+ # that is associated with a running instance will break any applications
2344
2395
  # running on the instance.
2345
2396
  #
2346
2397
  #
@@ -2416,7 +2467,7 @@ module Aws::IAM
2416
2467
  # This parameter allows (per its [regex pattern][1]) a string of
2417
2468
  # characters consisting of upper and lowercase alphanumeric characters
2418
2469
  # with no spaces. You can also include any of the following characters:
2419
- # =,.@-+
2470
+ # \_+=,.@-
2420
2471
  #
2421
2472
  #
2422
2473
  #
@@ -2487,7 +2538,7 @@ module Aws::IAM
2487
2538
 
2488
2539
  # Deletes the specified SSH public key.
2489
2540
  #
2490
- # The SSH public key deleted by this action is used only for
2541
+ # The SSH public key deleted by this operation is used only for
2491
2542
  # authenticating the associated IAM user to an AWS CodeCommit
2492
2543
  # repository. For more information about using SSH keys to authenticate
2493
2544
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
@@ -2503,7 +2554,7 @@ module Aws::IAM
2503
2554
  # This parameter allows (per its [regex pattern][1]) a string of
2504
2555
  # characters consisting of upper and lowercase alphanumeric characters
2505
2556
  # with no spaces. You can also include any of the following characters:
2506
- # =,.@-
2557
+ # \_+=,.@-
2507
2558
  #
2508
2559
  #
2509
2560
  #
@@ -2540,10 +2591,10 @@ module Aws::IAM
2540
2591
 
2541
2592
  # Deletes the specified server certificate.
2542
2593
  #
2543
- # For more information about working with server certificates, including
2544
- # a list of AWS services that can use the server certificates that you
2545
- # manage with IAM, go to [Working with Server Certificates][1] in the
2546
- # *IAM User Guide*.
2594
+ # For more information about working with server certificates, see
2595
+ # [Working with Server Certificates][1] in the *IAM User Guide*. This
2596
+ # topic also includes a list of AWS services that can use the server
2597
+ # certificates that you manage with IAM.
2547
2598
  #
2548
2599
  # If you are using a server certificate with Elastic Load Balancing,
2549
2600
  # deleting the certificate could have implications for your application.
@@ -2566,7 +2617,7 @@ module Aws::IAM
2566
2617
  # This parameter allows (per its [regex pattern][1]) a string of
2567
2618
  # characters consisting of upper and lowercase alphanumeric characters
2568
2619
  # with no spaces. You can also include any of the following characters:
2569
- # =,.@-
2620
+ # \_+=,.@-
2570
2621
  #
2571
2622
  #
2572
2623
  #
@@ -2600,12 +2651,13 @@ module Aws::IAM
2600
2651
  # If you submit a deletion request for a service-linked role whose
2601
2652
  # linked service is still accessing a resource, then the deletion task
2602
2653
  # fails. If it fails, the GetServiceLinkedRoleDeletionStatus API
2603
- # operation returns the reason for the failure, including the resources
2604
- # that must be deleted. To delete the service-linked role, you must
2605
- # first remove those resources from the linked service and then submit
2606
- # the deletion request again. Resources are specific to the service that
2607
- # is linked to the role. For more information about removing resources
2608
- # from a service, see the [AWS documentation][1] for your service.
2654
+ # operation returns the reason for the failure, usually including the
2655
+ # resources that must be deleted. To delete the service-linked role, you
2656
+ # must first remove those resources from the linked service and then
2657
+ # submit the deletion request again. Resources are specific to the
2658
+ # service that is linked to the role. For more information about
2659
+ # removing resources from a service, see the [AWS documentation][1] for
2660
+ # your service.
2609
2661
  #
2610
2662
  # For more information about service-linked roles, see [Roles Terms and
2611
2663
  # Concepts: AWS Service-Linked Role][2] in the *IAM User Guide*.
@@ -2651,7 +2703,7 @@ module Aws::IAM
2651
2703
  # This parameter allows (per its [regex pattern][1]) a string of
2652
2704
  # characters consisting of upper and lowercase alphanumeric characters
2653
2705
  # with no spaces. You can also include any of the following characters:
2654
- # =,.@-
2706
+ # \_+=,.@-
2655
2707
  #
2656
2708
  #
2657
2709
  #
@@ -2691,9 +2743,9 @@ module Aws::IAM
2691
2743
  #
2692
2744
  # If you do not specify a user name, IAM determines the user name
2693
2745
  # implicitly based on the AWS access key ID signing the request. Because
2694
- # this action works for access keys under the AWS account, you can use
2695
- # this action to manage root credentials even if the AWS account has no
2696
- # associated IAM users.
2746
+ # this operation works for access keys under the AWS account, you can
2747
+ # use this operation to manage AWS account root user credentials even if
2748
+ # the AWS account has no associated IAM users.
2697
2749
  #
2698
2750
  # @option params [String] :user_name
2699
2751
  # The name of the user the signing certificate belongs to.
@@ -2701,7 +2753,7 @@ module Aws::IAM
2701
2753
  # This parameter allows (per its [regex pattern][1]) a string of
2702
2754
  # characters consisting of upper and lowercase alphanumeric characters
2703
2755
  # with no spaces. You can also include any of the following characters:
2704
- # =,.@-
2756
+ # \_+=,.@-
2705
2757
  #
2706
2758
  #
2707
2759
  #
@@ -2755,7 +2807,7 @@ module Aws::IAM
2755
2807
  # This parameter allows (per its [regex pattern][1]) a string of
2756
2808
  # characters consisting of upper and lowercase alphanumeric characters
2757
2809
  # with no spaces. You can also include any of the following characters:
2758
- # =,.@-
2810
+ # \_+=,.@-
2759
2811
  #
2760
2812
  #
2761
2813
  #
@@ -2806,7 +2858,7 @@ module Aws::IAM
2806
2858
  # This parameter allows (per its [regex pattern][1]) a string of
2807
2859
  # characters consisting of upper and lowercase alphanumeric characters
2808
2860
  # with no spaces. You can also include any of the following characters:
2809
- # =,.@-
2861
+ # \_+=,.@-
2810
2862
  #
2811
2863
  #
2812
2864
  #
@@ -2818,7 +2870,7 @@ module Aws::IAM
2818
2870
  # This parameter allows (per its [regex pattern][1]) a string of
2819
2871
  # characters consisting of upper and lowercase alphanumeric characters
2820
2872
  # with no spaces. You can also include any of the following characters:
2821
- # =,.@-+
2873
+ # \_+=,.@-
2822
2874
  #
2823
2875
  #
2824
2876
  #
@@ -2917,7 +2969,7 @@ module Aws::IAM
2917
2969
  # This parameter allows (per its [regex pattern][1]) a string of
2918
2970
  # characters consisting of upper and lowercase alphanumeric characters
2919
2971
  # with no spaces. You can also include any of the following characters:
2920
- # =,.@-
2972
+ # \_+=,.@-
2921
2973
  #
2922
2974
  #
2923
2975
  #
@@ -3021,7 +3073,7 @@ module Aws::IAM
3021
3073
  # This parameter allows (per its [regex pattern][1]) a string of
3022
3074
  # characters consisting of upper and lowercase alphanumeric characters
3023
3075
  # with no spaces. You can also include any of the following characters:
3024
- # =,.@-
3076
+ # \_+=,.@-
3025
3077
  #
3026
3078
  #
3027
3079
  #
@@ -3065,7 +3117,7 @@ module Aws::IAM
3065
3117
  # This parameter allows (per its [regex pattern][1]) a string of
3066
3118
  # characters consisting of upper and lowercase alphanumeric characters
3067
3119
  # with no spaces. You can also include any of the following characters:
3068
- # =,.@-
3120
+ # \_+=,.@-
3069
3121
  #
3070
3122
  #
3071
3123
  #
@@ -3087,7 +3139,7 @@ module Aws::IAM
3087
3139
  # @option params [required, String] :authentication_code_1
3088
3140
  # An authentication code emitted by the device.
3089
3141
  #
3090
- # The format for this parameter is a string of 6 digits.
3142
+ # The format for this parameter is a string of six digits.
3091
3143
  #
3092
3144
  # Submit your request immediately after generating the authentication
3093
3145
  # codes. If you generate the codes and then wait too long to submit the
@@ -3103,7 +3155,7 @@ module Aws::IAM
3103
3155
  # @option params [required, String] :authentication_code_2
3104
3156
  # A subsequent authentication code emitted by the device.
3105
3157
  #
3106
- # The format for this parameter is a string of 6 digits.
3158
+ # The format for this parameter is a string of six digits.
3107
3159
  #
3108
3160
  # Submit your request immediately after generating the authentication
3109
3161
  # codes. If you generate the codes and then wait too long to submit the
@@ -3211,10 +3263,22 @@ module Aws::IAM
3211
3263
  # this API to obtain a snapshot of the configuration of IAM permissions
3212
3264
  # (users, groups, roles, and policies) in your account.
3213
3265
  #
3266
+ # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
3267
+ # 3986][1]. You can use a URL decoding method to convert the policy back
3268
+ # to plain JSON text. For example, if you use Java, you can use the
3269
+ # `decode` method of the `java.net.URLDecoder` utility class in the Java
3270
+ # SDK. Other languages and SDKs provide similar functionality.
3271
+ #
3272
+ # </note>
3273
+ #
3214
3274
  # You can optionally filter the results using the `Filter` parameter.
3215
3275
  # You can paginate the results using the `MaxItems` and `Marker`
3216
3276
  # parameters.
3217
3277
  #
3278
+ #
3279
+ #
3280
+ # [1]: https://tools.ietf.org/html/rfc3986
3281
+ #
3218
3282
  # @option params [Array<String>] :filter
3219
3283
  # A list of entity types used to filter the results. Only the entities
3220
3284
  # that match the types you specify are included in the output. Use the
@@ -3308,6 +3372,7 @@ module Aws::IAM
3308
3372
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].create_date #=> Time
3309
3373
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].assume_role_policy_document #=> String
3310
3374
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].description #=> String
3375
+ # resp.role_detail_list[0].instance_profile_list[0].roles[0].max_session_duration #=> Integer
3311
3376
  # resp.role_detail_list[0].role_policy_list #=> Array
3312
3377
  # resp.role_detail_list[0].role_policy_list[0].policy_name #=> String
3313
3378
  # resp.role_detail_list[0].role_policy_list[0].policy_document #=> String
@@ -3473,12 +3538,13 @@ module Aws::IAM
3473
3538
  # group, or role, use GetContextKeysForPrincipalPolicy.
3474
3539
  #
3475
3540
  # Context keys are variables maintained by AWS and its services that
3476
- # provide details about the context of an API query request, and can be
3477
- # evaluated by testing against a value specified in an IAM policy. Use
3478
- # GetContextKeysForCustomPolicy to understand what key names and values
3479
- # you must supply when you call SimulateCustomPolicy. Note that all
3480
- # parameters are shown in unencoded form here for clarity, but must be
3481
- # URL encoded to be included as a part of a real HTML request.
3541
+ # provide details about the context of an API query request. Context
3542
+ # keys can be evaluated by testing against a value specified in an IAM
3543
+ # policy. Use `GetContextKeysForCustomPolicy` to understand what key
3544
+ # names and values you must supply when you call SimulateCustomPolicy.
3545
+ # Note that all parameters are shown in unencoded form here for clarity
3546
+ # but must be URL encoded to be included as a part of a real HTML
3547
+ # request.
3482
3548
  #
3483
3549
  # @option params [required, Array<String>] :policy_input_list
3484
3550
  # A list of policies for which you want the list of context keys
@@ -3486,12 +3552,16 @@ module Aws::IAM
3486
3552
  # containing the complete, valid JSON text of an IAM policy.
3487
3553
  #
3488
3554
  # The [regex pattern][1] used to validate this parameter is a string of
3489
- # characters consisting of any printable ASCII character ranging from
3490
- # the space character (\\u0020) through end of the ASCII character range
3491
- # as well as the printable characters in the Basic Latin and Latin-1
3492
- # Supplement character set (through \\u00FF). It also includes the
3493
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
3494
- # return (\\u000D).
3555
+ # characters consisting of the following:
3556
+ #
3557
+ # * Any printable ASCII character ranging from the space character
3558
+ # (\\u0020) through the end of the ASCII character range
3559
+ #
3560
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
3561
+ # character set (through \\u00FF)
3562
+ #
3563
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
3564
+ # carriage return (\\u000D)
3495
3565
  #
3496
3566
  #
3497
3567
  #
@@ -3521,11 +3591,11 @@ module Aws::IAM
3521
3591
  req.send_request(options)
3522
3592
  end
3523
3593
 
3524
- # Gets a list of all of the context keys referenced in all of the IAM
3525
- # policies attached to the specified IAM entity. The entity can be an
3526
- # IAM user, group, or role. If you specify a user, then the request also
3527
- # includes all of the policies attached to groups that the user is a
3528
- # member of.
3594
+ # Gets a list of all of the context keys referenced in all the IAM
3595
+ # policies that are attached to the specified IAM entity. The entity can
3596
+ # be an IAM user, group, or role. If you specify a user, then the
3597
+ # request also includes all of the policies attached to groups that the
3598
+ # user is a member of.
3529
3599
  #
3530
3600
  # You can optionally include a list of one or more additional policies,
3531
3601
  # specified as strings. If you want to include *only* a list of policies
@@ -3537,20 +3607,20 @@ module Aws::IAM
3537
3607
  # GetContextKeysForCustomPolicy instead.
3538
3608
  #
3539
3609
  # Context keys are variables maintained by AWS and its services that
3540
- # provide details about the context of an API query request, and can be
3541
- # evaluated by testing against a value in an IAM policy. Use
3610
+ # provide details about the context of an API query request. Context
3611
+ # keys can be evaluated by testing against a value in an IAM policy. Use
3542
3612
  # GetContextKeysForPrincipalPolicy to understand what key names and
3543
3613
  # values you must supply when you call SimulatePrincipalPolicy.
3544
3614
  #
3545
3615
  # @option params [required, String] :policy_source_arn
3546
3616
  # The ARN of a user, group, or role whose policies contain the context
3547
3617
  # keys that you want listed. If you specify a user, the list includes
3548
- # context keys that are found in all policies attached to the user as
3549
- # well as to all groups that the user is a member of. If you pick a
3550
- # group or a role, then it includes only those context keys that are
3551
- # found in policies attached to that entity. Note that all parameters
3552
- # are shown in unencoded form here for clarity, but must be URL encoded
3553
- # to be included as a part of a real HTML request.
3618
+ # context keys that are found in all policies that are attached to the
3619
+ # user. The list also includes all groups that the user is a member of.
3620
+ # If you pick a group or a role, then it includes only those context
3621
+ # keys that are found in policies attached to that entity. Note that all
3622
+ # parameters are shown in unencoded form here for clarity, but must be
3623
+ # URL encoded to be included as a part of a real HTML request.
3554
3624
  #
3555
3625
  # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3556
3626
  # AWS Service Namespaces][1] in the *AWS General Reference*.
@@ -3564,12 +3634,16 @@ module Aws::IAM
3564
3634
  # context keys that are referenced.
3565
3635
  #
3566
3636
  # The [regex pattern][1] used to validate this parameter is a string of
3567
- # characters consisting of any printable ASCII character ranging from
3568
- # the space character (\\u0020) through end of the ASCII character range
3569
- # as well as the printable characters in the Basic Latin and Latin-1
3570
- # Supplement character set (through \\u00FF). It also includes the
3571
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
3572
- # return (\\u000D).
3637
+ # characters consisting of the following:
3638
+ #
3639
+ # * Any printable ASCII character ranging from the space character
3640
+ # (\\u0020) through the end of the ASCII character range
3641
+ #
3642
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
3643
+ # character set (through \\u00FF)
3644
+ #
3645
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
3646
+ # carriage return (\\u000D)
3573
3647
  #
3574
3648
  #
3575
3649
  #
@@ -3638,7 +3712,7 @@ module Aws::IAM
3638
3712
  # This parameter allows (per its [regex pattern][1]) a string of
3639
3713
  # characters consisting of upper and lowercase alphanumeric characters
3640
3714
  # with no spaces. You can also include any of the following characters:
3641
- # =,.@-
3715
+ # \_+=,.@-
3642
3716
  #
3643
3717
  #
3644
3718
  #
@@ -3733,7 +3807,7 @@ module Aws::IAM
3733
3807
  # This parameter allows (per its [regex pattern][1]) a string of
3734
3808
  # characters consisting of upper and lowercase alphanumeric characters
3735
3809
  # with no spaces. You can also include any of the following characters:
3736
- # =,.@-
3810
+ # \_+=,.@-
3737
3811
  #
3738
3812
  #
3739
3813
  #
@@ -3745,7 +3819,7 @@ module Aws::IAM
3745
3819
  # This parameter allows (per its [regex pattern][1]) a string of
3746
3820
  # characters consisting of upper and lowercase alphanumeric characters
3747
3821
  # with no spaces. You can also include any of the following characters:
3748
- # =,.@-+
3822
+ # \_+=,.@-
3749
3823
  #
3750
3824
  #
3751
3825
  #
@@ -3794,7 +3868,7 @@ module Aws::IAM
3794
3868
  # This parameter allows (per its [regex pattern][1]) a string of
3795
3869
  # characters consisting of upper and lowercase alphanumeric characters
3796
3870
  # with no spaces. You can also include any of the following characters:
3797
- # =,.@-
3871
+ # \_+=,.@-
3798
3872
  #
3799
3873
  #
3800
3874
  #
@@ -3855,6 +3929,7 @@ module Aws::IAM
3855
3929
  # resp.instance_profile.roles[0].create_date #=> Time
3856
3930
  # resp.instance_profile.roles[0].assume_role_policy_document #=> String
3857
3931
  # resp.instance_profile.roles[0].description #=> String
3932
+ # resp.instance_profile.roles[0].max_session_duration #=> Integer
3858
3933
  #
3859
3934
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetInstanceProfile AWS API Documentation
3860
3935
  #
@@ -3866,7 +3941,7 @@ module Aws::IAM
3866
3941
  end
3867
3942
 
3868
3943
  # Retrieves the user name and password-creation date for the specified
3869
- # IAM user. If the user has not been assigned a password, the action
3944
+ # IAM user. If the user has not been assigned a password, the operation
3870
3945
  # returns a 404 (`NoSuchEntity`) error.
3871
3946
  #
3872
3947
  # @option params [required, String] :user_name
@@ -3875,7 +3950,7 @@ module Aws::IAM
3875
3950
  # This parameter allows (per its [regex pattern][1]) a string of
3876
3951
  # characters consisting of upper and lowercase alphanumeric characters
3877
3952
  # with no spaces. You can also include any of the following characters:
3878
- # =,.@-
3953
+ # \_+=,.@-
3879
3954
  #
3880
3955
  #
3881
3956
  #
@@ -3929,7 +4004,7 @@ module Aws::IAM
3929
4004
  # @option params [required, String] :open_id_connect_provider_arn
3930
4005
  # The Amazon Resource Name (ARN) of the OIDC provider resource object in
3931
4006
  # IAM to get information for. You can get a list of OIDC provider
3932
- # resource ARNs by using the ListOpenIDConnectProviders action.
4007
+ # resource ARNs by using the ListOpenIDConnectProviders operation.
3933
4008
  #
3934
4009
  # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3935
4010
  # AWS Service Namespaces][1] in the *AWS General Reference*.
@@ -4181,6 +4256,7 @@ module Aws::IAM
4181
4256
  # resp.role.create_date #=> Time
4182
4257
  # resp.role.assume_role_policy_document #=> String
4183
4258
  # resp.role.description #=> String
4259
+ # resp.role.max_session_duration #=> Integer
4184
4260
  #
4185
4261
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRole AWS API Documentation
4186
4262
  #
@@ -4237,7 +4313,7 @@ module Aws::IAM
4237
4313
  # This parameter allows (per its [regex pattern][1]) a string of
4238
4314
  # characters consisting of upper and lowercase alphanumeric characters
4239
4315
  # with no spaces. You can also include any of the following characters:
4240
- # =,.@-+
4316
+ # \_+=,.@-
4241
4317
  #
4242
4318
  #
4243
4319
  #
@@ -4323,7 +4399,7 @@ module Aws::IAM
4323
4399
  # Retrieves the specified SSH public key, including metadata about the
4324
4400
  # key.
4325
4401
  #
4326
- # The SSH public key retrieved by this action is used only for
4402
+ # The SSH public key retrieved by this operation is used only for
4327
4403
  # authenticating the associated IAM user to an AWS CodeCommit
4328
4404
  # repository. For more information about using SSH keys to authenticate
4329
4405
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
@@ -4339,7 +4415,7 @@ module Aws::IAM
4339
4415
  # This parameter allows (per its [regex pattern][1]) a string of
4340
4416
  # characters consisting of upper and lowercase alphanumeric characters
4341
4417
  # with no spaces. You can also include any of the following characters:
4342
- # =,.@-
4418
+ # \_+=,.@-
4343
4419
  #
4344
4420
  #
4345
4421
  #
@@ -4394,10 +4470,10 @@ module Aws::IAM
4394
4470
  # Retrieves information about the specified server certificate stored in
4395
4471
  # IAM.
4396
4472
  #
4397
- # For more information about working with server certificates, including
4398
- # a list of AWS services that can use the server certificates that you
4399
- # manage with IAM, go to [Working with Server Certificates][1] in the
4400
- # *IAM User Guide*.
4473
+ # For more information about working with server certificates, see
4474
+ # [Working with Server Certificates][1] in the *IAM User Guide*. This
4475
+ # topic includes a list of AWS services that can use the server
4476
+ # certificates that you manage with IAM.
4401
4477
  #
4402
4478
  #
4403
4479
  #
@@ -4410,7 +4486,7 @@ module Aws::IAM
4410
4486
  # This parameter allows (per its [regex pattern][1]) a string of
4411
4487
  # characters consisting of upper and lowercase alphanumeric characters
4412
4488
  # with no spaces. You can also include any of the following characters:
4413
- # =,.@-
4489
+ # \_+=,.@-
4414
4490
  #
4415
4491
  #
4416
4492
  #
@@ -4451,7 +4527,7 @@ module Aws::IAM
4451
4527
  # service-linked role for deletion, you can use the `DeletionTaskId`
4452
4528
  # parameter in `GetServiceLinkedRoleDeletionStatus` to check the status
4453
4529
  # of the deletion. If the deletion fails, this operation returns the
4454
- # reason that it failed.
4530
+ # reason that it failed, if that information is returned by the service.
4455
4531
  #
4456
4532
  # @option params [required, String] :deletion_task_id
4457
4533
  # The deletion task identifier. This identifier is returned by the
@@ -4501,7 +4577,7 @@ module Aws::IAM
4501
4577
  # user making the request. This parameter allows (per its [regex
4502
4578
  # pattern][1]) a string of characters consisting of upper and lowercase
4503
4579
  # alphanumeric characters with no spaces. You can also include any of
4504
- # the following characters: =,.@-
4580
+ # the following characters: \_+=,.@-
4505
4581
  #
4506
4582
  #
4507
4583
  #
@@ -4585,7 +4661,7 @@ module Aws::IAM
4585
4661
  # This parameter allows (per its [regex pattern][1]) a string of
4586
4662
  # characters consisting of upper and lowercase alphanumeric characters
4587
4663
  # with no spaces. You can also include any of the following characters:
4588
- # =,.@-
4664
+ # \_+=,.@-
4589
4665
  #
4590
4666
  #
4591
4667
  #
@@ -4597,7 +4673,7 @@ module Aws::IAM
4597
4673
  # This parameter allows (per its [regex pattern][1]) a string of
4598
4674
  # characters consisting of upper and lowercase alphanumeric characters
4599
4675
  # with no spaces. You can also include any of the following characters:
4600
- # =,.@-+
4676
+ # \_+=,.@-
4601
4677
  #
4602
4678
  #
4603
4679
  #
@@ -4632,17 +4708,17 @@ module Aws::IAM
4632
4708
  end
4633
4709
 
4634
4710
  # Returns information about the access key IDs associated with the
4635
- # specified IAM user. If there are none, the action returns an empty
4711
+ # specified IAM user. If there are none, the operation returns an empty
4636
4712
  # list.
4637
4713
  #
4638
4714
  # Although each user is limited to a small number of keys, you can still
4639
4715
  # paginate the results using the `MaxItems` and `Marker` parameters.
4640
4716
  #
4641
- # If the `UserName` field is not specified, the UserName is determined
4717
+ # If the `UserName` field is not specified, the user name is determined
4642
4718
  # implicitly based on the AWS access key ID used to sign the request.
4643
- # Because this action works for access keys under the AWS account, you
4644
- # can use this action to manage root credentials even if the AWS account
4645
- # has no associated users.
4719
+ # Because this operation works for access keys under the AWS account,
4720
+ # you can use this operation to manage AWS account root user credentials
4721
+ # even if the AWS account has no associated users.
4646
4722
  #
4647
4723
  # <note markdown="1"> To ensure the security of your AWS account, the secret access key is
4648
4724
  # accessible only during key and user creation.
@@ -4655,7 +4731,7 @@ module Aws::IAM
4655
4731
  # This parameter allows (per its [regex pattern][1]) a string of
4656
4732
  # characters consisting of upper and lowercase alphanumeric characters
4657
4733
  # with no spaces. You can also include any of the following characters:
4658
- # =,.@-
4734
+ # \_+=,.@-
4659
4735
  #
4660
4736
  #
4661
4737
  #
@@ -4821,7 +4897,7 @@ module Aws::IAM
4821
4897
  # parameters. You can use the `PathPrefix` parameter to limit the list
4822
4898
  # of policies to only those matching the specified path prefix. If there
4823
4899
  # are no policies attached to the specified group (or none that match
4824
- # the specified path prefix), the action returns an empty list.
4900
+ # the specified path prefix), the operation returns an empty list.
4825
4901
  #
4826
4902
  #
4827
4903
  #
@@ -4834,7 +4910,7 @@ module Aws::IAM
4834
4910
  # This parameter allows (per its [regex pattern][1]) a string of
4835
4911
  # characters consisting of upper and lowercase alphanumeric characters
4836
4912
  # with no spaces. You can also include any of the following characters:
4837
- # =,.@-
4913
+ # \_+=,.@-
4838
4914
  #
4839
4915
  #
4840
4916
  #
@@ -4845,12 +4921,12 @@ module Aws::IAM
4845
4921
  # If it is not included, it defaults to a slash (/), listing all
4846
4922
  # policies.
4847
4923
  #
4848
- # This paramater allows (per its [regex pattern][1]) a string of
4924
+ # This parameter allows (per its [regex pattern][1]) a string of
4849
4925
  # characters consisting of either a forward slash (/) by itself or a
4850
- # string that must begin and end with forward slashes, containing any
4851
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
4852
- # including most punctuation characters, digits, and upper and
4853
- # lowercased letters.
4926
+ # string that must begin and end with forward slashes. In addition, it
4927
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
4928
+ # character (\\u007F), including most punctuation characters, digits,
4929
+ # and upper and lowercased letters.
4854
4930
  #
4855
4931
  #
4856
4932
  #
@@ -4918,7 +4994,7 @@ module Aws::IAM
4918
4994
  # parameters. You can use the `PathPrefix` parameter to limit the list
4919
4995
  # of policies to only those matching the specified path prefix. If there
4920
4996
  # are no policies attached to the specified role (or none that match the
4921
- # specified path prefix), the action returns an empty list.
4997
+ # specified path prefix), the operation returns an empty list.
4922
4998
  #
4923
4999
  #
4924
5000
  #
@@ -4942,12 +5018,12 @@ module Aws::IAM
4942
5018
  # If it is not included, it defaults to a slash (/), listing all
4943
5019
  # policies.
4944
5020
  #
4945
- # This paramater allows (per its [regex pattern][1]) a string of
5021
+ # This parameter allows (per its [regex pattern][1]) a string of
4946
5022
  # characters consisting of either a forward slash (/) by itself or a
4947
- # string that must begin and end with forward slashes, containing any
4948
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
4949
- # including most punctuation characters, digits, and upper and
4950
- # lowercased letters.
5023
+ # string that must begin and end with forward slashes. In addition, it
5024
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
5025
+ # character (\\u007F), including most punctuation characters, digits,
5026
+ # and upper and lowercased letters.
4951
5027
  #
4952
5028
  #
4953
5029
  #
@@ -5015,7 +5091,7 @@ module Aws::IAM
5015
5091
  # parameters. You can use the `PathPrefix` parameter to limit the list
5016
5092
  # of policies to only those matching the specified path prefix. If there
5017
5093
  # are no policies attached to the specified group (or none that match
5018
- # the specified path prefix), the action returns an empty list.
5094
+ # the specified path prefix), the operation returns an empty list.
5019
5095
  #
5020
5096
  #
5021
5097
  #
@@ -5028,7 +5104,7 @@ module Aws::IAM
5028
5104
  # This parameter allows (per its [regex pattern][1]) a string of
5029
5105
  # characters consisting of upper and lowercase alphanumeric characters
5030
5106
  # with no spaces. You can also include any of the following characters:
5031
- # =,.@-
5107
+ # \_+=,.@-
5032
5108
  #
5033
5109
  #
5034
5110
  #
@@ -5039,12 +5115,12 @@ module Aws::IAM
5039
5115
  # If it is not included, it defaults to a slash (/), listing all
5040
5116
  # policies.
5041
5117
  #
5042
- # This paramater allows (per its [regex pattern][1]) a string of
5118
+ # This parameter allows (per its [regex pattern][1]) a string of
5043
5119
  # characters consisting of either a forward slash (/) by itself or a
5044
- # string that must begin and end with forward slashes, containing any
5045
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
5046
- # including most punctuation characters, digits, and upper and
5047
- # lowercased letters.
5120
+ # string that must begin and end with forward slashes. In addition, it
5121
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
5122
+ # character (\\u007F), including most punctuation characters, digits,
5123
+ # and upper and lowercased letters.
5048
5124
  #
5049
5125
  #
5050
5126
  #
@@ -5136,12 +5212,12 @@ module Aws::IAM
5136
5212
  # If it is not included, it defaults to a slash (/), listing all
5137
5213
  # entities.
5138
5214
  #
5139
- # This paramater allows (per its [regex pattern][1]) a string of
5215
+ # This parameter allows (per its [regex pattern][1]) a string of
5140
5216
  # characters consisting of either a forward slash (/) by itself or a
5141
- # string that must begin and end with forward slashes, containing any
5142
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
5143
- # including most punctuation characters, digits, and upper and
5144
- # lowercased letters.
5217
+ # string that must begin and end with forward slashes. In addition, it
5218
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
5219
+ # character (\\u007F), including most punctuation characters, digits,
5220
+ # and upper and lowercased letters.
5145
5221
  #
5146
5222
  #
5147
5223
  #
@@ -5216,7 +5292,7 @@ module Aws::IAM
5216
5292
  #
5217
5293
  # You can paginate the results using the `MaxItems` and `Marker`
5218
5294
  # parameters. If there are no inline policies embedded with the
5219
- # specified group, the action returns an empty list.
5295
+ # specified group, the operation returns an empty list.
5220
5296
  #
5221
5297
  #
5222
5298
  #
@@ -5228,7 +5304,7 @@ module Aws::IAM
5228
5304
  # This parameter allows (per its [regex pattern][1]) a string of
5229
5305
  # characters consisting of upper and lowercase alphanumeric characters
5230
5306
  # with no spaces. You can also include any of the following characters:
5231
- # =,.@-
5307
+ # \_+=,.@-
5232
5308
  #
5233
5309
  #
5234
5310
  #
@@ -5310,12 +5386,12 @@ module Aws::IAM
5310
5386
  # with `/division_abc/subdivision_xyz/`.
5311
5387
  #
5312
5388
  # This parameter is optional. If it is not included, it defaults to a
5313
- # slash (/), listing all groups. This paramater allows (per its [regex
5389
+ # slash (/), listing all groups. This parameter allows (per its [regex
5314
5390
  # pattern][1]) a string of characters consisting of either a forward
5315
5391
  # slash (/) by itself or a string that must begin and end with forward
5316
- # slashes, containing any ASCII character from the ! (\\u0021) thru the
5317
- # DEL character (\\u007F), including most punctuation characters,
5318
- # digits, and upper and lowercased letters.
5392
+ # slashes. In addition, it can contain any ASCII character from the !
5393
+ # (\\u0021) through the DEL character (\\u007F), including most
5394
+ # punctuation characters, digits, and upper and lowercased letters.
5319
5395
  #
5320
5396
  #
5321
5397
  #
@@ -5419,7 +5495,7 @@ module Aws::IAM
5419
5495
  # This parameter allows (per its [regex pattern][1]) a string of
5420
5496
  # characters consisting of upper and lowercase alphanumeric characters
5421
5497
  # with no spaces. You can also include any of the following characters:
5422
- # =,.@-
5498
+ # \_+=,.@-
5423
5499
  #
5424
5500
  #
5425
5501
  #
@@ -5507,8 +5583,9 @@ module Aws::IAM
5507
5583
  end
5508
5584
 
5509
5585
  # Lists the instance profiles that have the specified path prefix. If
5510
- # there are none, the action returns an empty list. For more information
5511
- # about instance profiles, go to [About Instance Profiles][1].
5586
+ # there are none, the operation returns an empty list. For more
5587
+ # information about instance profiles, go to [About Instance
5588
+ # Profiles][1].
5512
5589
  #
5513
5590
  # You can paginate the results using the `MaxItems` and `Marker`
5514
5591
  # parameters.
@@ -5523,12 +5600,12 @@ module Aws::IAM
5523
5600
  # path starts with `/application_abc/component_xyz/`.
5524
5601
  #
5525
5602
  # This parameter is optional. If it is not included, it defaults to a
5526
- # slash (/), listing all instance profiles. This paramater allows (per
5603
+ # slash (/), listing all instance profiles. This parameter allows (per
5527
5604
  # its [regex pattern][1]) a string of characters consisting of either a
5528
5605
  # forward slash (/) by itself or a string that must begin and end with
5529
- # forward slashes, containing any ASCII character from the ! (\\u0021)
5530
- # thru the DEL character (\\u007F), including most punctuation
5531
- # characters, digits, and upper and lowercased letters.
5606
+ # forward slashes. In addition, it can contain any ASCII character from
5607
+ # the ! (\\u0021) through the DEL character (\\u007F), including most
5608
+ # punctuation characters, digits, and upper and lowercased letters.
5532
5609
  #
5533
5610
  #
5534
5611
  #
@@ -5582,6 +5659,7 @@ module Aws::IAM
5582
5659
  # resp.instance_profiles[0].roles[0].create_date #=> Time
5583
5660
  # resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
5584
5661
  # resp.instance_profiles[0].roles[0].description #=> String
5662
+ # resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
5585
5663
  # resp.is_truncated #=> Boolean
5586
5664
  # resp.marker #=> String
5587
5665
  #
@@ -5595,7 +5673,7 @@ module Aws::IAM
5595
5673
  end
5596
5674
 
5597
5675
  # Lists the instance profiles that have the specified associated IAM
5598
- # role. If there are none, the action returns an empty list. For more
5676
+ # role. If there are none, the operation returns an empty list. For more
5599
5677
  # information about instance profiles, go to [About Instance
5600
5678
  # Profiles][1].
5601
5679
  #
@@ -5666,6 +5744,7 @@ module Aws::IAM
5666
5744
  # resp.instance_profiles[0].roles[0].create_date #=> Time
5667
5745
  # resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
5668
5746
  # resp.instance_profiles[0].roles[0].description #=> String
5747
+ # resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
5669
5748
  # resp.is_truncated #=> Boolean
5670
5749
  # resp.marker #=> String
5671
5750
  #
@@ -5679,10 +5758,10 @@ module Aws::IAM
5679
5758
  end
5680
5759
 
5681
5760
  # Lists the MFA devices for an IAM user. If the request includes a IAM
5682
- # user name, then this action lists all the MFA devices associated with
5683
- # the specified user. If you do not specify a user name, IAM determines
5684
- # the user name implicitly based on the AWS access key ID signing the
5685
- # request for this API.
5761
+ # user name, then this operation lists all the MFA devices associated
5762
+ # with the specified user. If you do not specify a user name, IAM
5763
+ # determines the user name implicitly based on the AWS access key ID
5764
+ # signing the request for this API.
5686
5765
  #
5687
5766
  # You can paginate the results using the `MaxItems` and `Marker`
5688
5767
  # parameters.
@@ -5693,7 +5772,7 @@ module Aws::IAM
5693
5772
  # This parameter allows (per its [regex pattern][1]) a string of
5694
5773
  # characters consisting of upper and lowercase alphanumeric characters
5695
5774
  # with no spaces. You can also include any of the following characters:
5696
- # =,.@-
5775
+ # \_+=,.@-
5697
5776
  #
5698
5777
  #
5699
5778
  #
@@ -5811,12 +5890,12 @@ module Aws::IAM
5811
5890
  # @option params [String] :path_prefix
5812
5891
  # The path prefix for filtering the results. This parameter is optional.
5813
5892
  # If it is not included, it defaults to a slash (/), listing all
5814
- # policies. This paramater allows (per its [regex pattern][1]) a string
5893
+ # policies. This parameter allows (per its [regex pattern][1]) a string
5815
5894
  # of characters consisting of either a forward slash (/) by itself or a
5816
- # string that must begin and end with forward slashes, containing any
5817
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
5818
- # including most punctuation characters, digits, and upper and
5819
- # lowercased letters.
5895
+ # string that must begin and end with forward slashes. In addition, it
5896
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
5897
+ # character (\\u007F), including most punctuation characters, digits,
5898
+ # and upper and lowercased letters.
5820
5899
  #
5821
5900
  #
5822
5901
  #
@@ -5964,7 +6043,7 @@ module Aws::IAM
5964
6043
  #
5965
6044
  # You can paginate the results using the `MaxItems` and `Marker`
5966
6045
  # parameters. If there are no inline policies embedded with the
5967
- # specified role, the action returns an empty list.
6046
+ # specified role, the operation returns an empty list.
5968
6047
  #
5969
6048
  #
5970
6049
  #
@@ -6031,7 +6110,7 @@ module Aws::IAM
6031
6110
  end
6032
6111
 
6033
6112
  # Lists the IAM roles that have the specified path prefix. If there are
6034
- # none, the action returns an empty list. For more information about
6113
+ # none, the operation returns an empty list. For more information about
6035
6114
  # roles, go to [Working with Roles][1].
6036
6115
  #
6037
6116
  # You can paginate the results using the `MaxItems` and `Marker`
@@ -6047,12 +6126,12 @@ module Aws::IAM
6047
6126
  # with `/application_abc/component_xyz/`.
6048
6127
  #
6049
6128
  # This parameter is optional. If it is not included, it defaults to a
6050
- # slash (/), listing all roles. This paramater allows (per its [regex
6129
+ # slash (/), listing all roles. This parameter allows (per its [regex
6051
6130
  # pattern][1]) a string of characters consisting of either a forward
6052
6131
  # slash (/) by itself or a string that must begin and end with forward
6053
- # slashes, containing any ASCII character from the ! (\\u0021) thru the
6054
- # DEL character (\\u007F), including most punctuation characters,
6055
- # digits, and upper and lowercased letters.
6132
+ # slashes. In addition, it can contain any ASCII character from the !
6133
+ # (\\u0021) through the DEL character (\\u007F), including most
6134
+ # punctuation characters, digits, and upper and lowercased letters.
6056
6135
  #
6057
6136
  #
6058
6137
  #
@@ -6100,6 +6179,7 @@ module Aws::IAM
6100
6179
  # resp.roles[0].create_date #=> Time
6101
6180
  # resp.roles[0].assume_role_policy_document #=> String
6102
6181
  # resp.roles[0].description #=> String
6182
+ # resp.roles[0].max_session_duration #=> Integer
6103
6183
  # resp.is_truncated #=> Boolean
6104
6184
  # resp.marker #=> String
6105
6185
  #
@@ -6144,10 +6224,10 @@ module Aws::IAM
6144
6224
  end
6145
6225
 
6146
6226
  # Returns information about the SSH public keys associated with the
6147
- # specified IAM user. If there are none, the action returns an empty
6227
+ # specified IAM user. If there are none, the operation returns an empty
6148
6228
  # list.
6149
6229
  #
6150
- # The SSH public keys returned by this action are used only for
6230
+ # The SSH public keys returned by this operation are used only for
6151
6231
  # authenticating the IAM user to an AWS CodeCommit repository. For more
6152
6232
  # information about using SSH keys to authenticate to an AWS CodeCommit
6153
6233
  # repository, see [Set up AWS CodeCommit for SSH Connections][1] in the
@@ -6162,13 +6242,13 @@ module Aws::IAM
6162
6242
  #
6163
6243
  # @option params [String] :user_name
6164
6244
  # The name of the IAM user to list SSH public keys for. If none is
6165
- # specified, the UserName field is determined implicitly based on the
6245
+ # specified, the `UserName` field is determined implicitly based on the
6166
6246
  # AWS access key used to sign the request.
6167
6247
  #
6168
6248
  # This parameter allows (per its [regex pattern][1]) a string of
6169
6249
  # characters consisting of upper and lowercase alphanumeric characters
6170
6250
  # with no spaces. You can also include any of the following characters:
6171
- # =,.@-
6251
+ # \_+=,.@-
6172
6252
  #
6173
6253
  #
6174
6254
  #
@@ -6226,15 +6306,15 @@ module Aws::IAM
6226
6306
  end
6227
6307
 
6228
6308
  # Lists the server certificates stored in IAM that have the specified
6229
- # path prefix. If none exist, the action returns an empty list.
6309
+ # path prefix. If none exist, the operation returns an empty list.
6230
6310
  #
6231
6311
  # You can paginate the results using the `MaxItems` and `Marker`
6232
6312
  # parameters.
6233
6313
  #
6234
- # For more information about working with server certificates, including
6235
- # a list of AWS services that can use the server certificates that you
6236
- # manage with IAM, go to [Working with Server Certificates][1] in the
6237
- # *IAM User Guide*.
6314
+ # For more information about working with server certificates, see
6315
+ # [Working with Server Certificates][1] in the *IAM User Guide*. This
6316
+ # topic also includes a list of AWS services that can use the server
6317
+ # certificates that you manage with IAM.
6238
6318
  #
6239
6319
  #
6240
6320
  #
@@ -6246,12 +6326,12 @@ module Aws::IAM
6246
6326
  # path starts with `/company/servercerts`.
6247
6327
  #
6248
6328
  # This parameter is optional. If it is not included, it defaults to a
6249
- # slash (/), listing all server certificates. This paramater allows (per
6329
+ # slash (/), listing all server certificates. This parameter allows (per
6250
6330
  # its [regex pattern][1]) a string of characters consisting of either a
6251
6331
  # forward slash (/) by itself or a string that must begin and end with
6252
- # forward slashes, containing any ASCII character from the ! (\\u0021)
6253
- # thru the DEL character (\\u007F), including most punctuation
6254
- # characters, digits, and upper and lowercased letters.
6332
+ # forward slashes. In addition, it can contain any ASCII character from
6333
+ # the ! (\\u0021) through the DEL character (\\u007F), including most
6334
+ # punctuation characters, digits, and upper and lowercased letters.
6255
6335
  #
6256
6336
  #
6257
6337
  #
@@ -6311,11 +6391,11 @@ module Aws::IAM
6311
6391
  end
6312
6392
 
6313
6393
  # Returns information about the service-specific credentials associated
6314
- # with the specified IAM user. If there are none, the action returns an
6315
- # empty list. The service-specific credentials returned by this action
6316
- # are used only for authenticating the IAM user to a specific service.
6317
- # For more information about using service-specific credentials to
6318
- # authenticate to an AWS service, see [Set Up service-specific
6394
+ # with the specified IAM user. If there are none, the operation returns
6395
+ # an empty list. The service-specific credentials returned by this
6396
+ # operation are used only for authenticating the IAM user to a specific
6397
+ # service. For more information about using service-specific credentials
6398
+ # to authenticate to an AWS service, see [Set Up service-specific
6319
6399
  # credentials][1] in the AWS CodeCommit User Guide.
6320
6400
  #
6321
6401
  #
@@ -6324,13 +6404,13 @@ module Aws::IAM
6324
6404
  #
6325
6405
  # @option params [String] :user_name
6326
6406
  # The name of the user whose service-specific credentials you want
6327
- # information about. If this value is not specified then the operation
6407
+ # information about. If this value is not specified, then the operation
6328
6408
  # assumes the user whose credentials are used to call the operation.
6329
6409
  #
6330
6410
  # This parameter allows (per its [regex pattern][1]) a string of
6331
6411
  # characters consisting of upper and lowercase alphanumeric characters
6332
6412
  # with no spaces. You can also include any of the following characters:
6333
- # =,.@-
6413
+ # \_+=,.@-
6334
6414
  #
6335
6415
  #
6336
6416
  #
@@ -6372,7 +6452,7 @@ module Aws::IAM
6372
6452
  end
6373
6453
 
6374
6454
  # Returns information about the signing certificates associated with the
6375
- # specified IAM user. If there are none, the action returns an empty
6455
+ # specified IAM user. If there are none, the operation returns an empty
6376
6456
  # list.
6377
6457
  #
6378
6458
  # Although each user is limited to a small number of signing
@@ -6381,9 +6461,9 @@ module Aws::IAM
6381
6461
  #
6382
6462
  # If the `UserName` field is not specified, the user name is determined
6383
6463
  # implicitly based on the AWS access key ID used to sign the request for
6384
- # this API. Because this action works for access keys under the AWS
6385
- # account, you can use this action to manage root credentials even if
6386
- # the AWS account has no associated users.
6464
+ # this API. Because this operation works for access keys under the AWS
6465
+ # account, you can use this operation to manage AWS account root user
6466
+ # credentials even if the AWS account has no associated users.
6387
6467
  #
6388
6468
  # @option params [String] :user_name
6389
6469
  # The name of the IAM user whose signing certificates you want to
@@ -6392,7 +6472,7 @@ module Aws::IAM
6392
6472
  # This parameter allows (per its [regex pattern][1]) a string of
6393
6473
  # characters consisting of upper and lowercase alphanumeric characters
6394
6474
  # with no spaces. You can also include any of the following characters:
6395
- # =,.@-
6475
+ # \_+=,.@-
6396
6476
  #
6397
6477
  #
6398
6478
  #
@@ -6482,7 +6562,7 @@ module Aws::IAM
6482
6562
  #
6483
6563
  # You can paginate the results using the `MaxItems` and `Marker`
6484
6564
  # parameters. If there are no inline policies embedded with the
6485
- # specified user, the action returns an empty list.
6565
+ # specified user, the operation returns an empty list.
6486
6566
  #
6487
6567
  #
6488
6568
  #
@@ -6494,7 +6574,7 @@ module Aws::IAM
6494
6574
  # This parameter allows (per its [regex pattern][1]) a string of
6495
6575
  # characters consisting of upper and lowercase alphanumeric characters
6496
6576
  # with no spaces. You can also include any of the following characters:
6497
- # =,.@-
6577
+ # \_+=,.@-
6498
6578
  #
6499
6579
  #
6500
6580
  #
@@ -6549,8 +6629,8 @@ module Aws::IAM
6549
6629
  end
6550
6630
 
6551
6631
  # Lists the IAM users that have the specified path prefix. If no path
6552
- # prefix is specified, the action returns all users in the AWS account.
6553
- # If there are none, the action returns an empty list.
6632
+ # prefix is specified, the operation returns all users in the AWS
6633
+ # account. If there are none, the operation returns an empty list.
6554
6634
  #
6555
6635
  # You can paginate the results using the `MaxItems` and `Marker`
6556
6636
  # parameters.
@@ -6561,12 +6641,12 @@ module Aws::IAM
6561
6641
  # path starts with `/division_abc/subdivision_xyz/`.
6562
6642
  #
6563
6643
  # This parameter is optional. If it is not included, it defaults to a
6564
- # slash (/), listing all user names. This paramater allows (per its
6644
+ # slash (/), listing all user names. This parameter allows (per its
6565
6645
  # [regex pattern][1]) a string of characters consisting of either a
6566
6646
  # forward slash (/) by itself or a string that must begin and end with
6567
- # forward slashes, containing any ASCII character from the ! (\\u0021)
6568
- # thru the DEL character (\\u007F), including most punctuation
6569
- # characters, digits, and upper and lowercased letters.
6647
+ # forward slashes. In addition, it can contain any ASCII character from
6648
+ # the ! (\\u0021) through the DEL character (\\u007F), including most
6649
+ # punctuation characters, digits, and upper and lowercased letters.
6570
6650
  #
6571
6651
  #
6572
6652
  #
@@ -6656,8 +6736,8 @@ module Aws::IAM
6656
6736
  end
6657
6737
 
6658
6738
  # Lists the virtual MFA devices defined in the AWS account by assignment
6659
- # status. If you do not specify an assignment status, the action returns
6660
- # a list of all virtual MFA devices. Assignment status can be
6739
+ # status. If you do not specify an assignment status, the operation
6740
+ # returns a list of all virtual MFA devices. Assignment status can be
6661
6741
  # `Assigned`, `Unassigned`, or `Any`.
6662
6742
  #
6663
6743
  # You can paginate the results using the `MaxItems` and `Marker`
@@ -6665,7 +6745,7 @@ module Aws::IAM
6665
6745
  #
6666
6746
  # @option params [String] :assignment_status
6667
6747
  # The status (`Unassigned` or `Assigned`) of the devices to list. If you
6668
- # do not specify an `AssignmentStatus`, the action defaults to `Any`
6748
+ # do not specify an `AssignmentStatus`, the operation defaults to `Any`
6669
6749
  # which lists both assigned and unassigned virtual MFA devices.
6670
6750
  #
6671
6751
  # @option params [String] :marker
@@ -6776,7 +6856,7 @@ module Aws::IAM
6776
6856
  # This parameter allows (per its [regex pattern][1]) a string of
6777
6857
  # characters consisting of upper and lowercase alphanumeric characters
6778
6858
  # with no spaces. You can also include any of the following characters:
6779
- # =,.@-
6859
+ # \_+=,.@-
6780
6860
  #
6781
6861
  #
6782
6862
  #
@@ -6788,7 +6868,7 @@ module Aws::IAM
6788
6868
  # This parameter allows (per its [regex pattern][1]) a string of
6789
6869
  # characters consisting of upper and lowercase alphanumeric characters
6790
6870
  # with no spaces. You can also include any of the following characters:
6791
- # =,.@-+
6871
+ # \_+=,.@-
6792
6872
  #
6793
6873
  #
6794
6874
  #
@@ -6798,12 +6878,16 @@ module Aws::IAM
6798
6878
  # The policy document.
6799
6879
  #
6800
6880
  # The [regex pattern][1] used to validate this parameter is a string of
6801
- # characters consisting of any printable ASCII character ranging from
6802
- # the space character (\\u0020) through end of the ASCII character range
6803
- # as well as the printable characters in the Basic Latin and Latin-1
6804
- # Supplement character set (through \\u00FF). It also includes the
6805
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
6806
- # return (\\u000D).
6881
+ # characters consisting of the following:
6882
+ #
6883
+ # * Any printable ASCII character ranging from the space character
6884
+ # (\\u0020) through the end of the ASCII character range
6885
+ #
6886
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
6887
+ # character set (through \\u00FF)
6888
+ #
6889
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
6890
+ # carriage return (\\u000D)
6807
6891
  #
6808
6892
  #
6809
6893
  #
@@ -6890,7 +6974,7 @@ module Aws::IAM
6890
6974
  # This parameter allows (per its [regex pattern][1]) a string of
6891
6975
  # characters consisting of upper and lowercase alphanumeric characters
6892
6976
  # with no spaces. You can also include any of the following characters:
6893
- # =,.@-+
6977
+ # \_+=,.@-
6894
6978
  #
6895
6979
  #
6896
6980
  #
@@ -6900,12 +6984,16 @@ module Aws::IAM
6900
6984
  # The policy document.
6901
6985
  #
6902
6986
  # The [regex pattern][1] used to validate this parameter is a string of
6903
- # characters consisting of any printable ASCII character ranging from
6904
- # the space character (\\u0020) through end of the ASCII character range
6905
- # as well as the printable characters in the Basic Latin and Latin-1
6906
- # Supplement character set (through \\u00FF). It also includes the
6907
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
6908
- # return (\\u000D).
6987
+ # characters consisting of the following:
6988
+ #
6989
+ # * Any printable ASCII character ranging from the space character
6990
+ # (\\u0020) through the end of the ASCII character range
6991
+ #
6992
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
6993
+ # character set (through \\u00FF)
6994
+ #
6995
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
6996
+ # carriage return (\\u000D)
6909
6997
  #
6910
6998
  #
6911
6999
  #
@@ -6972,7 +7060,7 @@ module Aws::IAM
6972
7060
  # This parameter allows (per its [regex pattern][1]) a string of
6973
7061
  # characters consisting of upper and lowercase alphanumeric characters
6974
7062
  # with no spaces. You can also include any of the following characters:
6975
- # =,.@-
7063
+ # \_+=,.@-
6976
7064
  #
6977
7065
  #
6978
7066
  #
@@ -6984,7 +7072,7 @@ module Aws::IAM
6984
7072
  # This parameter allows (per its [regex pattern][1]) a string of
6985
7073
  # characters consisting of upper and lowercase alphanumeric characters
6986
7074
  # with no spaces. You can also include any of the following characters:
6987
- # =,.@-+
7075
+ # \_+=,.@-
6988
7076
  #
6989
7077
  #
6990
7078
  #
@@ -6994,12 +7082,16 @@ module Aws::IAM
6994
7082
  # The policy document.
6995
7083
  #
6996
7084
  # The [regex pattern][1] used to validate this parameter is a string of
6997
- # characters consisting of any printable ASCII character ranging from
6998
- # the space character (\\u0020) through end of the ASCII character range
6999
- # as well as the printable characters in the Basic Latin and Latin-1
7000
- # Supplement character set (through \\u00FF). It also includes the
7001
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
7002
- # return (\\u000D).
7085
+ # characters consisting of the following:
7086
+ #
7087
+ # * Any printable ASCII character ranging from the space character
7088
+ # (\\u0020) through the end of the ASCII character range
7089
+ #
7090
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
7091
+ # character set (through \\u00FF)
7092
+ #
7093
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
7094
+ # carriage return (\\u000D)
7003
7095
  #
7004
7096
  #
7005
7097
  #
@@ -7039,13 +7131,13 @@ module Aws::IAM
7039
7131
  # of client IDs registered for the specified IAM OpenID Connect (OIDC)
7040
7132
  # provider resource object.
7041
7133
  #
7042
- # This action is idempotent; it does not fail or return an error if you
7043
- # try to remove a client ID that does not exist.
7134
+ # This operation is idempotent; it does not fail or return an error if
7135
+ # you try to remove a client ID that does not exist.
7044
7136
  #
7045
7137
  # @option params [required, String] :open_id_connect_provider_arn
7046
7138
  # The Amazon Resource Name (ARN) of the IAM OIDC provider resource to
7047
7139
  # remove the client ID from. You can get a list of OIDC provider ARNs by
7048
- # using the ListOpenIDConnectProviders action.
7140
+ # using the ListOpenIDConnectProviders operation.
7049
7141
  #
7050
7142
  # For more information about ARNs, see [Amazon Resource Names (ARNs) and
7051
7143
  # AWS Service Namespaces][1] in the *AWS General Reference*.
@@ -7080,8 +7172,8 @@ module Aws::IAM
7080
7172
  # Removes the specified IAM role from the specified EC2 instance
7081
7173
  # profile.
7082
7174
  #
7083
- # Make sure you do not have any Amazon EC2 instances running with the
7084
- # role you are about to remove from the instance profile. Removing a
7175
+ # Make sure that you do not have any Amazon EC2 instances running with
7176
+ # the role you are about to remove from the instance profile. Removing a
7085
7177
  # role from an instance profile that is associated with a running
7086
7178
  # instance might break any applications running on the instance.
7087
7179
  #
@@ -7100,7 +7192,7 @@ module Aws::IAM
7100
7192
  # This parameter allows (per its [regex pattern][1]) a string of
7101
7193
  # characters consisting of upper and lowercase alphanumeric characters
7102
7194
  # with no spaces. You can also include any of the following characters:
7103
- # =,.@-
7195
+ # \_+=,.@-
7104
7196
  #
7105
7197
  #
7106
7198
  #
@@ -7154,7 +7246,7 @@ module Aws::IAM
7154
7246
  # This parameter allows (per its [regex pattern][1]) a string of
7155
7247
  # characters consisting of upper and lowercase alphanumeric characters
7156
7248
  # with no spaces. You can also include any of the following characters:
7157
- # =,.@-
7249
+ # \_+=,.@-
7158
7250
  #
7159
7251
  #
7160
7252
  #
@@ -7166,7 +7258,7 @@ module Aws::IAM
7166
7258
  # This parameter allows (per its [regex pattern][1]) a string of
7167
7259
  # characters consisting of upper and lowercase alphanumeric characters
7168
7260
  # with no spaces. You can also include any of the following characters:
7169
- # =,.@-
7261
+ # \_+=,.@-
7170
7262
  #
7171
7263
  #
7172
7264
  #
@@ -7213,7 +7305,7 @@ module Aws::IAM
7213
7305
  # This parameter allows (per its [regex pattern][1]) a string of
7214
7306
  # characters consisting of upper and lowercase alphanumeric characters
7215
7307
  # with no spaces. You can also include any of the following characters:
7216
- # =,.@-
7308
+ # \_+=,.@-
7217
7309
  #
7218
7310
  #
7219
7311
  #
@@ -7277,7 +7369,7 @@ module Aws::IAM
7277
7369
  # This parameter allows (per its [regex pattern][1]) a string of
7278
7370
  # characters consisting of upper and lowercase alphanumeric characters
7279
7371
  # with no spaces. You can also include any of the following characters:
7280
- # =,.@-
7372
+ # \_+=,.@-
7281
7373
  #
7282
7374
  #
7283
7375
  #
@@ -7289,7 +7381,7 @@ module Aws::IAM
7289
7381
  # This parameter allows (per its [regex pattern][1]) a string of
7290
7382
  # characters consisting of upper and lowercase alphanumeric characters
7291
7383
  # with no spaces. You can also include any of the following characters:
7292
- # =,.@-
7384
+ # \_+=,.@-
7293
7385
  #
7294
7386
  #
7295
7387
  #
@@ -7328,7 +7420,7 @@ module Aws::IAM
7328
7420
  # Sets the specified version of the specified policy as the policy's
7329
7421
  # default (operative) version.
7330
7422
  #
7331
- # This action affects all users, groups, and roles that the policy is
7423
+ # This operation affects all users, groups, and roles that the policy is
7332
7424
  # attached to. To list the users, groups, and roles that the policy is
7333
7425
  # attached to, use the ListEntitiesForPolicy API.
7334
7426
  #
@@ -7379,13 +7471,13 @@ module Aws::IAM
7379
7471
  end
7380
7472
 
7381
7473
  # Simulate how a set of IAM policies and optionally a resource-based
7382
- # policy works with a list of API actions and AWS resources to determine
7383
- # the policies' effective permissions. The policies are provided as
7384
- # strings.
7474
+ # policy works with a list of API operations and AWS resources to
7475
+ # determine the policies' effective permissions. The policies are
7476
+ # provided as strings.
7385
7477
  #
7386
- # The simulation does not perform the API actions; it only checks the
7478
+ # The simulation does not perform the API operations; it only checks the
7387
7479
  # authorization to determine if the simulated policies allow or deny the
7388
- # actions.
7480
+ # operations.
7389
7481
  #
7390
7482
  # If you want to simulate existing policies attached to an IAM user,
7391
7483
  # group, or role, use SimulatePrincipalPolicy instead.
@@ -7406,16 +7498,21 @@ module Aws::IAM
7406
7498
  # parameter. Any resource-based policy must be submitted with the
7407
7499
  # `ResourcePolicy` parameter. The policies cannot be "scope-down"
7408
7500
  # policies, such as you could include in a call to
7409
- # [GetFederationToken][1] or one of the [AssumeRole][2] APIs to restrict
7410
- # what a user can do while using the temporary credentials.
7501
+ # [GetFederationToken][1] or one of the [AssumeRole][2] API operations.
7502
+ # In other words, do not use policies designed to restrict what a user
7503
+ # can do while using the temporary credentials.
7411
7504
  #
7412
7505
  # The [regex pattern][3] used to validate this parameter is a string of
7413
- # characters consisting of any printable ASCII character ranging from
7414
- # the space character (\\u0020) through end of the ASCII character range
7415
- # as well as the printable characters in the Basic Latin and Latin-1
7416
- # Supplement character set (through \\u00FF). It also includes the
7417
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
7418
- # return (\\u000D).
7506
+ # characters consisting of the following:
7507
+ #
7508
+ # * Any printable ASCII character ranging from the space character
7509
+ # (\\u0020) through the end of the ASCII character range
7510
+ #
7511
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
7512
+ # character set (through \\u00FF)
7513
+ #
7514
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
7515
+ # carriage return (\\u000D)
7419
7516
  #
7420
7517
  #
7421
7518
  #
@@ -7424,9 +7521,9 @@ module Aws::IAM
7424
7521
  # [3]: http://wikipedia.org/wiki/regex
7425
7522
  #
7426
7523
  # @option params [required, Array<String>] :action_names
7427
- # A list of names of API actions to evaluate in the simulation. Each
7428
- # action is evaluated against each resource. Each action must include
7429
- # the service identifier, such as `iam:CreateUser`.
7524
+ # A list of names of API operations to evaluate in the simulation. Each
7525
+ # operation is evaluated against each resource. Each operation must
7526
+ # include the service identifier, such as `iam:CreateUser`.
7430
7527
  #
7431
7528
  # @option params [Array<String>] :resource_arns
7432
7529
  # A list of ARNs of AWS resources to include in the simulation. If this
@@ -7459,12 +7556,16 @@ module Aws::IAM
7459
7556
  # simulation.
7460
7557
  #
7461
7558
  # The [regex pattern][1] used to validate this parameter is a string of
7462
- # characters consisting of any printable ASCII character ranging from
7463
- # the space character (\\u0020) through end of the ASCII character range
7464
- # as well as the printable characters in the Basic Latin and Latin-1
7465
- # Supplement character set (through \\u00FF). It also includes the
7466
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
7467
- # return (\\u000D).
7559
+ # characters consisting of the following:
7560
+ #
7561
+ # * Any printable ASCII character ranging from the space character
7562
+ # (\\u0020) through the end of the ASCII character range
7563
+ #
7564
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
7565
+ # character set (through \\u00FF)
7566
+ #
7567
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
7568
+ # carriage return (\\u000D)
7468
7569
  #
7469
7570
  #
7470
7571
  #
@@ -7484,9 +7585,9 @@ module Aws::IAM
7484
7585
  #
7485
7586
  # @option params [String] :caller_arn
7486
7587
  # The ARN of the IAM user that you want to use as the simulated caller
7487
- # of the APIs. `CallerArn` is required if you include a `ResourcePolicy`
7488
- # so that the policy's `Principal` element has a value to use in
7489
- # evaluating the policy.
7588
+ # of the API operations. `CallerArn` is required if you include a
7589
+ # `ResourcePolicy` so that the policy's `Principal` element has a value
7590
+ # to use in evaluating the policy.
7490
7591
  #
7491
7592
  # You can specify only the ARN of an IAM user. You cannot specify the
7492
7593
  # ARN of an assumed role, federated user, or a service principal.
@@ -7497,12 +7598,12 @@ module Aws::IAM
7497
7598
  # permission policies, the corresponding value is supplied.
7498
7599
  #
7499
7600
  # @option params [String] :resource_handling_option
7500
- # Specifies the type of simulation to run. Different APIs that support
7501
- # resource-based policies require different combinations of resources.
7502
- # By specifying the type of simulation to run, you enable the policy
7503
- # simulator to enforce the presence of the required resources to ensure
7504
- # reliable simulation results. If your simulation does not match one of
7505
- # the following scenarios, then you can omit this parameter. The
7601
+ # Specifies the type of simulation to run. Different API operations that
7602
+ # support resource-based policies require different combinations of
7603
+ # resources. By specifying the type of simulation to run, you enable the
7604
+ # policy simulator to enforce the presence of the required resources to
7605
+ # ensure reliable simulation results. If your simulation does not match
7606
+ # one of the following scenarios, then you can omit this parameter. The
7506
7607
  # following list shows each of the supported scenario values and the
7507
7608
  # resources that you must define to run the simulation.
7508
7609
  #
@@ -7512,7 +7613,7 @@ module Aws::IAM
7512
7613
  # includes VPC, then you must supply the network-interface resource. If
7513
7614
  # it includes an IP subnet, then you must specify the subnet resource.
7514
7615
  # For more information on the EC2 scenario options, see [Supported
7515
- # Platforms][1] in the *AWS EC2 User Guide*.
7616
+ # Platforms][1] in the *Amazon EC2 User Guide*.
7516
7617
  #
7517
7618
  # * **EC2-Classic-InstanceStore**
7518
7619
  #
@@ -7632,11 +7733,11 @@ module Aws::IAM
7632
7733
  end
7633
7734
 
7634
7735
  # Simulate how a set of IAM policies attached to an IAM entity works
7635
- # with a list of API actions and AWS resources to determine the
7736
+ # with a list of API operations and AWS resources to determine the
7636
7737
  # policies' effective permissions. The entity can be an IAM user,
7637
7738
  # group, or role. If you specify a user, then the simulation also
7638
7739
  # includes all of the policies that are attached to groups that the user
7639
- # belongs to .
7740
+ # belongs to.
7640
7741
  #
7641
7742
  # You can optionally include a list of one or more additional policies
7642
7743
  # specified as strings to include in the simulation. If you want to
@@ -7646,9 +7747,9 @@ module Aws::IAM
7646
7747
  # You can also optionally include one resource-based policy to be
7647
7748
  # evaluated with each of the resources included in the simulation.
7648
7749
  #
7649
- # The simulation does not perform the API actions, it only checks the
7750
+ # The simulation does not perform the API operations, it only checks the
7650
7751
  # authorization to determine if the simulated policies allow or deny the
7651
- # actions.
7752
+ # operations.
7652
7753
  #
7653
7754
  # **Note:** This API discloses information about the permissions granted
7654
7755
  # to other users. If you do not want users to see other user's
@@ -7685,25 +7786,29 @@ module Aws::IAM
7685
7786
  # complete, valid JSON text of an IAM policy.
7686
7787
  #
7687
7788
  # The [regex pattern][1] used to validate this parameter is a string of
7688
- # characters consisting of any printable ASCII character ranging from
7689
- # the space character (\\u0020) through end of the ASCII character range
7690
- # as well as the printable characters in the Basic Latin and Latin-1
7691
- # Supplement character set (through \\u00FF). It also includes the
7692
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
7693
- # return (\\u000D).
7789
+ # characters consisting of the following:
7790
+ #
7791
+ # * Any printable ASCII character ranging from the space character
7792
+ # (\\u0020) through the end of the ASCII character range
7793
+ #
7794
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
7795
+ # character set (through \\u00FF)
7796
+ #
7797
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
7798
+ # carriage return (\\u000D)
7694
7799
  #
7695
7800
  #
7696
7801
  #
7697
7802
  # [1]: http://wikipedia.org/wiki/regex
7698
7803
  #
7699
7804
  # @option params [required, Array<String>] :action_names
7700
- # A list of names of API actions to evaluate in the simulation. Each
7701
- # action is evaluated for each resource. Each action must include the
7702
- # service identifier, such as `iam:CreateUser`.
7805
+ # A list of names of API operations to evaluate in the simulation. Each
7806
+ # operation is evaluated for each resource. Each operation must include
7807
+ # the service identifier, such as `iam:CreateUser`.
7703
7808
  #
7704
7809
  # @option params [Array<String>] :resource_arns
7705
7810
  # A list of ARNs of AWS resources to include in the simulation. If this
7706
- # parameter is not provided then the value defaults to `*` (all
7811
+ # parameter is not provided, then the value defaults to `*` (all
7707
7812
  # resources). Each API in the `ActionNames` parameter is evaluated for
7708
7813
  # each resource in this list. The simulation determines the access
7709
7814
  # result (allowed or denied) of each combination and reports it in the
@@ -7728,12 +7833,16 @@ module Aws::IAM
7728
7833
  # simulation.
7729
7834
  #
7730
7835
  # The [regex pattern][1] used to validate this parameter is a string of
7731
- # characters consisting of any printable ASCII character ranging from
7732
- # the space character (\\u0020) through end of the ASCII character range
7733
- # as well as the printable characters in the Basic Latin and Latin-1
7734
- # Supplement character set (through \\u00FF). It also includes the
7735
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
7736
- # return (\\u000D).
7836
+ # characters consisting of the following:
7837
+ #
7838
+ # * Any printable ASCII character ranging from the space character
7839
+ # (\\u0020) through the end of the ASCII character range
7840
+ #
7841
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
7842
+ # character set (through \\u00FF)
7843
+ #
7844
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
7845
+ # carriage return (\\u000D)
7737
7846
  #
7738
7847
  #
7739
7848
  #
@@ -7753,13 +7862,13 @@ module Aws::IAM
7753
7862
  #
7754
7863
  # @option params [String] :caller_arn
7755
7864
  # The ARN of the IAM user that you want to specify as the simulated
7756
- # caller of the APIs. If you do not specify a `CallerArn`, it defaults
7757
- # to the ARN of the user that you specify in `PolicySourceArn`, if you
7758
- # specified a user. If you include both a `PolicySourceArn` (for
7865
+ # caller of the API operations. If you do not specify a `CallerArn`, it
7866
+ # defaults to the ARN of the user that you specify in `PolicySourceArn`,
7867
+ # if you specified a user. If you include both a `PolicySourceArn` (for
7759
7868
  # example, `arn:aws:iam::123456789012:user/David`) and a `CallerArn`
7760
7869
  # (for example, `arn:aws:iam::123456789012:user/Bob`), the result is
7761
- # that you simulate calling the APIs as Bob, as if Bob had David's
7762
- # policies.
7870
+ # that you simulate calling the API operations as Bob, as if Bob had
7871
+ # David's policies.
7763
7872
  #
7764
7873
  # You can specify only the ARN of an IAM user. You cannot specify the
7765
7874
  # ARN of an assumed role, federated user, or a service principal.
@@ -7782,12 +7891,12 @@ module Aws::IAM
7782
7891
  # permission policies, the corresponding value is supplied.
7783
7892
  #
7784
7893
  # @option params [String] :resource_handling_option
7785
- # Specifies the type of simulation to run. Different APIs that support
7786
- # resource-based policies require different combinations of resources.
7787
- # By specifying the type of simulation to run, you enable the policy
7788
- # simulator to enforce the presence of the required resources to ensure
7789
- # reliable simulation results. If your simulation does not match one of
7790
- # the following scenarios, then you can omit this parameter. The
7894
+ # Specifies the type of simulation to run. Different API operations that
7895
+ # support resource-based policies require different combinations of
7896
+ # resources. By specifying the type of simulation to run, you enable the
7897
+ # policy simulator to enforce the presence of the required resources to
7898
+ # ensure reliable simulation results. If your simulation does not match
7899
+ # one of the following scenarios, then you can omit this parameter. The
7791
7900
  # following list shows each of the supported scenario values and the
7792
7901
  # resources that you must define to run the simulation.
7793
7902
  #
@@ -7797,7 +7906,7 @@ module Aws::IAM
7797
7906
  # includes VPC, then you must supply the network-interface resource. If
7798
7907
  # it includes an IP subnet, then you must specify the subnet resource.
7799
7908
  # For more information on the EC2 scenario options, see [Supported
7800
- # Platforms][1] in the *AWS EC2 User Guide*.
7909
+ # Platforms][1] in the *Amazon EC2 User Guide*.
7801
7910
  #
7802
7911
  # * **EC2-Classic-InstanceStore**
7803
7912
  #
@@ -7918,14 +8027,14 @@ module Aws::IAM
7918
8027
  end
7919
8028
 
7920
8029
  # Changes the status of the specified access key from Active to
7921
- # Inactive, or vice versa. This action can be used to disable a user's
7922
- # key as part of a key rotation work flow.
8030
+ # Inactive, or vice versa. This operation can be used to disable a
8031
+ # user's key as part of a key rotation workflow.
7923
8032
  #
7924
- # If the `UserName` field is not specified, the UserName is determined
8033
+ # If the `UserName` field is not specified, the user name is determined
7925
8034
  # implicitly based on the AWS access key ID used to sign the request.
7926
- # Because this action works for access keys under the AWS account, you
7927
- # can use this action to manage root credentials even if the AWS account
7928
- # has no associated users.
8035
+ # Because this operation works for access keys under the AWS account,
8036
+ # you can use this operation to manage AWS account root user credentials
8037
+ # even if the AWS account has no associated users.
7929
8038
  #
7930
8039
  # For information about rotating keys, see [Managing Keys and
7931
8040
  # Certificates][1] in the *IAM User Guide*.
@@ -7940,7 +8049,7 @@ module Aws::IAM
7940
8049
  # This parameter allows (per its [regex pattern][1]) a string of
7941
8050
  # characters consisting of upper and lowercase alphanumeric characters
7942
8051
  # with no spaces. You can also include any of the following characters:
7943
- # =,.@-
8052
+ # \_+=,.@-
7944
8053
  #
7945
8054
  #
7946
8055
  #
@@ -7959,8 +8068,8 @@ module Aws::IAM
7959
8068
  #
7960
8069
  # @option params [required, String] :status
7961
8070
  # The status you want to assign to the secret access key. `Active` means
7962
- # the key can be used for API calls to AWS, while `Inactive` means the
7963
- # key cannot be used.
8071
+ # that the key can be used for API calls to AWS, while `Inactive` means
8072
+ # that the key cannot be used.
7964
8073
  #
7965
8074
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
7966
8075
  #
@@ -7995,10 +8104,15 @@ module Aws::IAM
7995
8104
 
7996
8105
  # Updates the password policy settings for the AWS account.
7997
8106
  #
7998
- # <note markdown="1"> This action does not support partial updates. No parameters are
7999
- # required, but if you do not specify a parameter, that parameter's
8000
- # value reverts to its default value. See the **Request Parameters**
8001
- # section for each parameter's default value.
8107
+ # <note markdown="1"> * This operation does not support partial updates. No parameters are
8108
+ # required, but if you do not specify a parameter, that parameter's
8109
+ # value reverts to its default value. See the **Request Parameters**
8110
+ # section for each parameter's default value. Also note that some
8111
+ # parameters do not allow the default parameter to be explicitly set.
8112
+ # Instead, to invoke the default value, do not include that parameter
8113
+ # when you invoke the operation.
8114
+ #
8115
+ # ^
8002
8116
  #
8003
8117
  # </note>
8004
8118
  #
@@ -8012,7 +8126,8 @@ module Aws::IAM
8012
8126
  # @option params [Integer] :minimum_password_length
8013
8127
  # The minimum number of characters allowed in an IAM user password.
8014
8128
  #
8015
- # Default value: 6
8129
+ # If you do not specify a value for this parameter, then the operation
8130
+ # uses the default value of `6`.
8016
8131
  #
8017
8132
  # @option params [Boolean] :require_symbols
8018
8133
  # Specifies whether IAM user passwords must contain at least one of the
@@ -8020,55 +8135,72 @@ module Aws::IAM
8020
8135
  #
8021
8136
  # ! @ # $ % ^ &amp;amp; * ( ) \_ + - = \[ \] \\\{ \\} \| '
8022
8137
  #
8023
- # Default value: false
8138
+ # If you do not specify a value for this parameter, then the operation
8139
+ # uses the default value of `false`. The result is that passwords do not
8140
+ # require at least one symbol character.
8024
8141
  #
8025
8142
  # @option params [Boolean] :require_numbers
8026
8143
  # Specifies whether IAM user passwords must contain at least one numeric
8027
8144
  # character (0 to 9).
8028
8145
  #
8029
- # Default value: false
8146
+ # If you do not specify a value for this parameter, then the operation
8147
+ # uses the default value of `false`. The result is that passwords do not
8148
+ # require at least one numeric character.
8030
8149
  #
8031
8150
  # @option params [Boolean] :require_uppercase_characters
8032
8151
  # Specifies whether IAM user passwords must contain at least one
8033
8152
  # uppercase character from the ISO basic Latin alphabet (A to Z).
8034
8153
  #
8035
- # Default value: false
8154
+ # If you do not specify a value for this parameter, then the operation
8155
+ # uses the default value of `false`. The result is that passwords do not
8156
+ # require at least one uppercase character.
8036
8157
  #
8037
8158
  # @option params [Boolean] :require_lowercase_characters
8038
8159
  # Specifies whether IAM user passwords must contain at least one
8039
8160
  # lowercase character from the ISO basic Latin alphabet (a to z).
8040
8161
  #
8041
- # Default value: false
8162
+ # If you do not specify a value for this parameter, then the operation
8163
+ # uses the default value of `false`. The result is that passwords do not
8164
+ # require at least one lowercase character.
8042
8165
  #
8043
8166
  # @option params [Boolean] :allow_users_to_change_password
8044
8167
  # Allows all IAM users in your account to use the AWS Management Console
8045
8168
  # to change their own passwords. For more information, see [Letting IAM
8046
8169
  # Users Change Their Own Passwords][1] in the *IAM User Guide*.
8047
8170
  #
8048
- # Default value: false
8171
+ # If you do not specify a value for this parameter, then the operation
8172
+ # uses the default value of `false`. The result is that IAM users in the
8173
+ # account do not automatically have permissions to change their own
8174
+ # password.
8049
8175
  #
8050
8176
  #
8051
8177
  #
8052
8178
  # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html
8053
8179
  #
8054
8180
  # @option params [Integer] :max_password_age
8055
- # The number of days that an IAM user password is valid. The default
8056
- # value of 0 means IAM user passwords never expire.
8181
+ # The number of days that an IAM user password is valid.
8057
8182
  #
8058
- # Default value: 0
8183
+ # If you do not specify a value for this parameter, then the operation
8184
+ # uses the default value of `0`. The result is that IAM user passwords
8185
+ # never expire.
8059
8186
  #
8060
8187
  # @option params [Integer] :password_reuse_prevention
8061
8188
  # Specifies the number of previous passwords that IAM users are
8062
- # prevented from reusing. The default value of 0 means IAM users are not
8063
- # prevented from reusing previous passwords.
8189
+ # prevented from reusing.
8064
8190
  #
8065
- # Default value: 0
8191
+ # If you do not specify a value for this parameter, then the operation
8192
+ # uses the default value of `0`. The result is that IAM users are not
8193
+ # prevented from reusing previous passwords.
8066
8194
  #
8067
8195
  # @option params [Boolean] :hard_expiry
8068
8196
  # Prevents IAM users from setting a new password after their password
8069
- # has expired.
8197
+ # has expired. The IAM user cannot be accessed until an administrator
8198
+ # resets the password.
8070
8199
  #
8071
- # Default value: false
8200
+ # If you do not specify a value for this parameter, then the operation
8201
+ # uses the default value of `false`. The result is that IAM users can
8202
+ # change their passwords after they expire and continue to sign in as
8203
+ # the user.
8072
8204
  #
8073
8205
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
8074
8206
  #
@@ -8131,12 +8263,16 @@ module Aws::IAM
8131
8263
  # The policy that grants an entity permission to assume the role.
8132
8264
  #
8133
8265
  # The [regex pattern][1] used to validate this parameter is a string of
8134
- # characters consisting of any printable ASCII character ranging from
8135
- # the space character (\\u0020) through end of the ASCII character range
8136
- # as well as the printable characters in the Basic Latin and Latin-1
8137
- # Supplement character set (through \\u00FF). It also includes the
8138
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
8139
- # return (\\u000D).
8266
+ # characters consisting of the following:
8267
+ #
8268
+ # * Any printable ASCII character ranging from the space character
8269
+ # (\\u0020) through the end of the ASCII character range
8270
+ #
8271
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
8272
+ # character set (through \\u00FF)
8273
+ #
8274
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
8275
+ # carriage return (\\u000D)
8140
8276
  #
8141
8277
  #
8142
8278
  #
@@ -8176,19 +8312,20 @@ module Aws::IAM
8176
8312
  # name. For more information, see [Renaming Users and Groups][1] in the
8177
8313
  # *IAM User Guide*.
8178
8314
  #
8179
- # <note markdown="1"> To change an IAM group name the requester must have appropriate
8180
- # permissions on both the source object and the target object. For
8181
- # example, to change "Managers" to "MGRs", the entity making the
8182
- # request must have permission on both "Managers" and "MGRs", or
8183
- # must have permission on all (*). For more information about
8184
- # permissions, see [Permissions and Policies][2].
8315
+ # <note markdown="1"> The person making the request (the principal), must have permission to
8316
+ # change the role group with the old name and the new name. For example,
8317
+ # to change the group named `Managers` to `MGRs`, the principal must
8318
+ # have a policy that allows them to update both groups. If the principal
8319
+ # has permission to update the `Managers` group, but not the `MGRs`
8320
+ # group, then the update fails. For more information about permissions,
8321
+ # see [Access Management][2].
8185
8322
  #
8186
8323
  # </note>
8187
8324
  #
8188
8325
  #
8189
8326
  #
8190
8327
  # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html
8191
- # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html
8328
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
8192
8329
  #
8193
8330
  # @option params [required, String] :group_name
8194
8331
  # Name of the IAM group to update. If you're changing the name of the
@@ -8197,7 +8334,7 @@ module Aws::IAM
8197
8334
  # This parameter allows (per its [regex pattern][1]) a string of
8198
8335
  # characters consisting of upper and lowercase alphanumeric characters
8199
8336
  # with no spaces. You can also include any of the following characters:
8200
- # =,.@-
8337
+ # \_+=,.@-
8201
8338
  #
8202
8339
  #
8203
8340
  #
@@ -8207,12 +8344,12 @@ module Aws::IAM
8207
8344
  # New path for the IAM group. Only include this if changing the group's
8208
8345
  # path.
8209
8346
  #
8210
- # This paramater allows (per its [regex pattern][1]) a string of
8347
+ # This parameter allows (per its [regex pattern][1]) a string of
8211
8348
  # characters consisting of either a forward slash (/) by itself or a
8212
- # string that must begin and end with forward slashes, containing any
8213
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
8214
- # including most punctuation characters, digits, and upper and
8215
- # lowercased letters.
8349
+ # string that must begin and end with forward slashes. In addition, it
8350
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
8351
+ # character (\\u007F), including most punctuation characters, digits,
8352
+ # and upper and lowercased letters.
8216
8353
  #
8217
8354
  #
8218
8355
  #
@@ -8225,7 +8362,7 @@ module Aws::IAM
8225
8362
  # This parameter allows (per its [regex pattern][1]) a string of
8226
8363
  # characters consisting of upper and lowercase alphanumeric characters
8227
8364
  # with no spaces. You can also include any of the following characters:
8228
- # =,.@-
8365
+ # \_+=,.@-
8229
8366
  #
8230
8367
  #
8231
8368
  #
@@ -8276,7 +8413,7 @@ module Aws::IAM
8276
8413
  # This parameter allows (per its [regex pattern][1]) a string of
8277
8414
  # characters consisting of upper and lowercase alphanumeric characters
8278
8415
  # with no spaces. You can also include any of the following characters:
8279
- # =,.@-
8416
+ # \_+=,.@-
8280
8417
  #
8281
8418
  #
8282
8419
  #
@@ -8286,14 +8423,20 @@ module Aws::IAM
8286
8423
  # The new password for the specified IAM user.
8287
8424
  #
8288
8425
  # The [regex pattern][1] used to validate this parameter is a string of
8289
- # characters consisting of any printable ASCII character ranging from
8290
- # the space character (\\u0020) through end of the ASCII character range
8291
- # as well as the printable characters in the Basic Latin and Latin-1
8292
- # Supplement character set (through \\u00FF). It also includes the
8293
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
8294
- # return (\\u000D). However, the format can be further restricted by the
8295
- # account administrator by setting a password policy on the AWS account.
8296
- # For more information, see UpdateAccountPasswordPolicy.
8426
+ # characters consisting of the following:
8427
+ #
8428
+ # * Any printable ASCII character ranging from the space character
8429
+ # (\\u0020) through the end of the ASCII character range
8430
+ #
8431
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
8432
+ # character set (through \\u00FF)
8433
+ #
8434
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
8435
+ # carriage return (\\u000D)
8436
+ #
8437
+ # However, the format can be further restricted by the account
8438
+ # administrator by setting a password policy on the AWS account. For
8439
+ # more information, see UpdateAccountPasswordPolicy.
8297
8440
  #
8298
8441
  #
8299
8442
  #
@@ -8336,7 +8479,7 @@ module Aws::IAM
8336
8479
  # associated with an OpenID Connect (OIDC) provider resource object with
8337
8480
  # a new list of thumbprints.
8338
8481
  #
8339
- # The list that you pass with this action completely replaces the
8482
+ # The list that you pass with this operation completely replaces the
8340
8483
  # existing list of thumbprints. (The lists are not merged.)
8341
8484
  #
8342
8485
  # Typically, you need to update a thumbprint only when the identity
@@ -8345,18 +8488,18 @@ module Aws::IAM
8345
8488
  # role that specifies the OIDC provider as a principal fails until the
8346
8489
  # certificate thumbprint is updated.
8347
8490
  #
8348
- # <note markdown="1"> Because trust for the OIDC provider is ultimately derived from the
8349
- # provider's certificate and is validated by the thumbprint, it is a
8350
- # best practice to limit access to the
8351
- # `UpdateOpenIDConnectProviderThumbprint` action to highly-privileged
8352
- # users.
8491
+ # <note markdown="1"> Because trust for the OIDC provider is derived from the provider's
8492
+ # certificate and is validated by the thumbprint, it is best to limit
8493
+ # access to the `UpdateOpenIDConnectProviderThumbprint` operation to
8494
+ # highly privileged users.
8353
8495
  #
8354
8496
  # </note>
8355
8497
  #
8356
8498
  # @option params [required, String] :open_id_connect_provider_arn
8357
8499
  # The Amazon Resource Name (ARN) of the IAM OIDC provider resource
8358
8500
  # object for which you want to update the thumbprint. You can get a list
8359
- # of OIDC provider ARNs by using the ListOpenIDConnectProviders action.
8501
+ # of OIDC provider ARNs by using the ListOpenIDConnectProviders
8502
+ # operation.
8360
8503
  #
8361
8504
  # For more information about ARNs, see [Amazon Resource Names (ARNs) and
8362
8505
  # AWS Service Namespaces][1] in the *AWS General Reference*.
@@ -8388,7 +8531,59 @@ module Aws::IAM
8388
8531
  req.send_request(options)
8389
8532
  end
8390
8533
 
8391
- # Modifies the description of a role.
8534
+ # Updates the description or maximum session duration setting of a role.
8535
+ #
8536
+ # @option params [required, String] :role_name
8537
+ # The name of the role that you want to modify.
8538
+ #
8539
+ # @option params [String] :description
8540
+ # The new description that you want to apply to the specified role.
8541
+ #
8542
+ # @option params [Integer] :max_session_duration
8543
+ # The maximum session duration (in seconds) that you want to set for the
8544
+ # specified role. If you do not specify a value for this setting, the
8545
+ # default maximum of one hour is applied. This setting can have a value
8546
+ # from 1 hour to 12 hours.
8547
+ #
8548
+ # Anyone who assumes the role from the AWS CLI or API can use the
8549
+ # `DurationSeconds` API parameter or the `duration-seconds` CLI
8550
+ # parameter to request a longer session. The `MaxSessionDuration`
8551
+ # setting determines the maximum duration that can be requested using
8552
+ # the `DurationSeconds` parameter. If users don't specify a value for
8553
+ # the `DurationSeconds` parameter, their security credentials are valid
8554
+ # for one hour by default. This applies when you use the `AssumeRole*`
8555
+ # API operations or the `assume-role*` CLI operations but does not apply
8556
+ # when you use those operations to create a console URL. For more
8557
+ # information, see [Using IAM Roles][1] in the *IAM User Guide*.
8558
+ #
8559
+ #
8560
+ #
8561
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
8562
+ #
8563
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
8564
+ #
8565
+ # @example Request syntax with placeholder values
8566
+ #
8567
+ # resp = client.update_role({
8568
+ # role_name: "roleNameType", # required
8569
+ # description: "roleDescriptionType",
8570
+ # max_session_duration: 1,
8571
+ # })
8572
+ #
8573
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRole AWS API Documentation
8574
+ #
8575
+ # @overload update_role(params = {})
8576
+ # @param [Hash] params ({})
8577
+ def update_role(params = {}, options = {})
8578
+ req = build_request(:update_role, params)
8579
+ req.send_request(options)
8580
+ end
8581
+
8582
+ # Use instead.
8583
+ #
8584
+ # Modifies only the description of a role. This operation performs the
8585
+ # same function as the `Description` parameter in the `UpdateRole`
8586
+ # operation.
8392
8587
  #
8393
8588
  # @option params [required, String] :role_name
8394
8589
  # The name of the role that you want to modify.
@@ -8416,6 +8611,7 @@ module Aws::IAM
8416
8611
  # resp.role.create_date #=> Time
8417
8612
  # resp.role.assume_role_policy_document #=> String
8418
8613
  # resp.role.description #=> String
8614
+ # resp.role.max_session_duration #=> Integer
8419
8615
  #
8420
8616
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescription AWS API Documentation
8421
8617
  #
@@ -8481,10 +8677,10 @@ module Aws::IAM
8481
8677
 
8482
8678
  # Sets the status of an IAM user's SSH public key to active or
8483
8679
  # inactive. SSH public keys that are inactive cannot be used for
8484
- # authentication. This action can be used to disable a user's SSH
8680
+ # authentication. This operation can be used to disable a user's SSH
8485
8681
  # public key as part of a key rotation work flow.
8486
8682
  #
8487
- # The SSH public key affected by this action is used only for
8683
+ # The SSH public key affected by this operation is used only for
8488
8684
  # authenticating the associated IAM user to an AWS CodeCommit
8489
8685
  # repository. For more information about using SSH keys to authenticate
8490
8686
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
@@ -8500,7 +8696,7 @@ module Aws::IAM
8500
8696
  # This parameter allows (per its [regex pattern][1]) a string of
8501
8697
  # characters consisting of upper and lowercase alphanumeric characters
8502
8698
  # with no spaces. You can also include any of the following characters:
8503
- # =,.@-
8699
+ # \_+=,.@-
8504
8700
  #
8505
8701
  #
8506
8702
  #
@@ -8518,9 +8714,9 @@ module Aws::IAM
8518
8714
  # [1]: http://wikipedia.org/wiki/regex
8519
8715
  #
8520
8716
  # @option params [required, String] :status
8521
- # The status to assign to the SSH public key. `Active` means the key can
8522
- # be used for authentication with an AWS CodeCommit repository.
8523
- # `Inactive` means the key cannot be used.
8717
+ # The status to assign to the SSH public key. `Active` means that the
8718
+ # key can be used for authentication with an AWS CodeCommit repository.
8719
+ # `Inactive` means that the key cannot be used.
8524
8720
  #
8525
8721
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
8526
8722
  #
@@ -8544,21 +8740,22 @@ module Aws::IAM
8544
8740
  # Updates the name and/or the path of the specified server certificate
8545
8741
  # stored in IAM.
8546
8742
  #
8547
- # For more information about working with server certificates, including
8548
- # a list of AWS services that can use the server certificates that you
8549
- # manage with IAM, go to [Working with Server Certificates][1] in the
8550
- # *IAM User Guide*.
8743
+ # For more information about working with server certificates, see
8744
+ # [Working with Server Certificates][1] in the *IAM User Guide*. This
8745
+ # topic also includes a list of AWS services that can use the server
8746
+ # certificates that you manage with IAM.
8551
8747
  #
8552
8748
  # You should understand the implications of changing a server
8553
8749
  # certificate's path or name. For more information, see [Renaming a
8554
8750
  # Server Certificate][2] in the *IAM User Guide*.
8555
8751
  #
8556
- # <note markdown="1"> To change a server certificate name the requester must have
8557
- # appropriate permissions on both the source object and the target
8558
- # object. For example, to change the name from "ProductionCert" to
8559
- # "ProdCert", the entity making the request must have permission on
8560
- # "ProductionCert" and "ProdCert", or must have permission on all
8561
- # (*). For more information about permissions, see [Access
8752
+ # <note markdown="1"> The person making the request (the principal), must have permission to
8753
+ # change the server certificate with the old name and the new name. For
8754
+ # example, to change the certificate named `ProductionCert` to
8755
+ # `ProdCert`, the principal must have a policy that allows them to
8756
+ # update both certificates. If the principal has permission to update
8757
+ # the `ProductionCert` group, but not the `ProdCert` certificate, then
8758
+ # the update fails. For more information about permissions, see [Access
8562
8759
  # Management][3] in the *IAM User Guide*.
8563
8760
  #
8564
8761
  # </note>
@@ -8575,7 +8772,7 @@ module Aws::IAM
8575
8772
  # This parameter allows (per its [regex pattern][1]) a string of
8576
8773
  # characters consisting of upper and lowercase alphanumeric characters
8577
8774
  # with no spaces. You can also include any of the following characters:
8578
- # =,.@-
8775
+ # \_+=,.@-
8579
8776
  #
8580
8777
  #
8581
8778
  #
@@ -8585,12 +8782,12 @@ module Aws::IAM
8585
8782
  # The new path for the server certificate. Include this only if you are
8586
8783
  # updating the server certificate's path.
8587
8784
  #
8588
- # This paramater allows (per its [regex pattern][1]) a string of
8785
+ # This parameter allows (per its [regex pattern][1]) a string of
8589
8786
  # characters consisting of either a forward slash (/) by itself or a
8590
- # string that must begin and end with forward slashes, containing any
8591
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
8592
- # including most punctuation characters, digits, and upper and
8593
- # lowercased letters.
8787
+ # string that must begin and end with forward slashes. In addition, it
8788
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
8789
+ # character (\\u007F), including most punctuation characters, digits,
8790
+ # and upper and lowercased letters.
8594
8791
  #
8595
8792
  #
8596
8793
  #
@@ -8604,7 +8801,7 @@ module Aws::IAM
8604
8801
  # This parameter allows (per its [regex pattern][1]) a string of
8605
8802
  # characters consisting of upper and lowercase alphanumeric characters
8606
8803
  # with no spaces. You can also include any of the following characters:
8607
- # =,.@-
8804
+ # \_+=,.@-
8608
8805
  #
8609
8806
  #
8610
8807
  #
@@ -8631,7 +8828,7 @@ module Aws::IAM
8631
8828
 
8632
8829
  # Sets the status of a service-specific credential to `Active` or
8633
8830
  # `Inactive`. Service-specific credentials that are inactive cannot be
8634
- # used for authentication to the service. This action can be used to
8831
+ # used for authentication to the service. This operation can be used to
8635
8832
  # disable a user’s service-specific credential as part of a credential
8636
8833
  # rotation work flow.
8637
8834
  #
@@ -8643,7 +8840,7 @@ module Aws::IAM
8643
8840
  # This parameter allows (per its [regex pattern][1]) a string of
8644
8841
  # characters consisting of upper and lowercase alphanumeric characters
8645
8842
  # with no spaces. You can also include any of the following characters:
8646
- # =,.@-
8843
+ # \_+=,.@-
8647
8844
  #
8648
8845
  #
8649
8846
  #
@@ -8683,15 +8880,15 @@ module Aws::IAM
8683
8880
  end
8684
8881
 
8685
8882
  # Changes the status of the specified user signing certificate from
8686
- # active to disabled, or vice versa. This action can be used to disable
8687
- # an IAM user's signing certificate as part of a certificate rotation
8688
- # work flow.
8883
+ # active to disabled, or vice versa. This operation can be used to
8884
+ # disable an IAM user's signing certificate as part of a certificate
8885
+ # rotation work flow.
8689
8886
  #
8690
- # If the `UserName` field is not specified, the UserName is determined
8887
+ # If the `UserName` field is not specified, the user name is determined
8691
8888
  # implicitly based on the AWS access key ID used to sign the request.
8692
- # Because this action works for access keys under the AWS account, you
8693
- # can use this action to manage root credentials even if the AWS account
8694
- # has no associated users.
8889
+ # Because this operation works for access keys under the AWS account,
8890
+ # you can use this operation to manage AWS account root user credentials
8891
+ # even if the AWS account has no associated users.
8695
8892
  #
8696
8893
  # @option params [String] :user_name
8697
8894
  # The name of the IAM user the signing certificate belongs to.
@@ -8699,7 +8896,7 @@ module Aws::IAM
8699
8896
  # This parameter allows (per its [regex pattern][1]) a string of
8700
8897
  # characters consisting of upper and lowercase alphanumeric characters
8701
8898
  # with no spaces. You can also include any of the following characters:
8702
- # =,.@-
8899
+ # \_+=,.@-
8703
8900
  #
8704
8901
  #
8705
8902
  #
@@ -8717,8 +8914,8 @@ module Aws::IAM
8717
8914
  # [1]: http://wikipedia.org/wiki/regex
8718
8915
  #
8719
8916
  # @option params [required, String] :status
8720
- # The status you want to assign to the certificate. `Active` means the
8721
- # certificate can be used for API calls to AWS, while `Inactive` means
8917
+ # The status you want to assign to the certificate. `Active` means that
8918
+ # the certificate can be used for API calls to AWS `Inactive` means that
8722
8919
  # the certificate cannot be used.
8723
8920
  #
8724
8921
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -8757,7 +8954,7 @@ module Aws::IAM
8757
8954
  # or name. For more information, see [Renaming an IAM User][1] and
8758
8955
  # [Renaming an IAM Group][2] in the *IAM User Guide*.
8759
8956
  #
8760
- # <note markdown="1"> To change a user name the requester must have appropriate permissions
8957
+ # <note markdown="1"> To change a user name, the requester must have appropriate permissions
8761
8958
  # on both the source object and the target object. For example, to
8762
8959
  # change Bob to Robert, the entity making the request must have
8763
8960
  # permission on Bob and Robert, or must have permission on all (*). For
@@ -8778,7 +8975,7 @@ module Aws::IAM
8778
8975
  # This parameter allows (per its [regex pattern][1]) a string of
8779
8976
  # characters consisting of upper and lowercase alphanumeric characters
8780
8977
  # with no spaces. You can also include any of the following characters:
8781
- # =,.@-
8978
+ # \_+=,.@-
8782
8979
  #
8783
8980
  #
8784
8981
  #
@@ -8788,12 +8985,12 @@ module Aws::IAM
8788
8985
  # New path for the IAM user. Include this parameter only if you're
8789
8986
  # changing the user's path.
8790
8987
  #
8791
- # This paramater allows (per its [regex pattern][1]) a string of
8988
+ # This parameter allows (per its [regex pattern][1]) a string of
8792
8989
  # characters consisting of either a forward slash (/) by itself or a
8793
- # string that must begin and end with forward slashes, containing any
8794
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
8795
- # including most punctuation characters, digits, and upper and
8796
- # lowercased letters.
8990
+ # string that must begin and end with forward slashes. In addition, it
8991
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
8992
+ # character (\\u007F), including most punctuation characters, digits,
8993
+ # and upper and lowercased letters.
8797
8994
  #
8798
8995
  #
8799
8996
  #
@@ -8806,7 +9003,7 @@ module Aws::IAM
8806
9003
  # This parameter allows (per its [regex pattern][1]) a string of
8807
9004
  # characters consisting of upper and lowercase alphanumeric characters
8808
9005
  # with no spaces. You can also include any of the following characters:
8809
- # =,.@-
9006
+ # \_+=,.@-
8810
9007
  #
8811
9008
  #
8812
9009
  #
@@ -8844,7 +9041,7 @@ module Aws::IAM
8844
9041
  # Uploads an SSH public key and associates it with the specified IAM
8845
9042
  # user.
8846
9043
  #
8847
- # The SSH public key uploaded by this action can be used only for
9044
+ # The SSH public key uploaded by this operation can be used only for
8848
9045
  # authenticating the associated IAM user to an AWS CodeCommit
8849
9046
  # repository. For more information about using SSH keys to authenticate
8850
9047
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
@@ -8860,7 +9057,7 @@ module Aws::IAM
8860
9057
  # This parameter allows (per its [regex pattern][1]) a string of
8861
9058
  # characters consisting of upper and lowercase alphanumeric characters
8862
9059
  # with no spaces. You can also include any of the following characters:
8863
- # =,.@-
9060
+ # \_+=,.@-
8864
9061
  #
8865
9062
  #
8866
9063
  #
@@ -8871,12 +9068,16 @@ module Aws::IAM
8871
9068
  # or PEM format.
8872
9069
  #
8873
9070
  # The [regex pattern][1] used to validate this parameter is a string of
8874
- # characters consisting of any printable ASCII character ranging from
8875
- # the space character (\\u0020) through end of the ASCII character range
8876
- # as well as the printable characters in the Basic Latin and Latin-1
8877
- # Supplement character set (through \\u00FF). It also includes the
8878
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
8879
- # return (\\u000D).
9071
+ # characters consisting of the following:
9072
+ #
9073
+ # * Any printable ASCII character ranging from the space character
9074
+ # (\\u0020) through the end of the ASCII character range
9075
+ #
9076
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
9077
+ # character set (through \\u00FF)
9078
+ #
9079
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
9080
+ # carriage return (\\u000D)
8880
9081
  #
8881
9082
  #
8882
9083
  #
@@ -8922,10 +9123,10 @@ module Aws::IAM
8922
9123
  # For more information about using ACM, see the [AWS Certificate Manager
8923
9124
  # User Guide][2].
8924
9125
  #
8925
- # For more information about working with server certificates, including
8926
- # a list of AWS services that can use the server certificates that you
8927
- # manage with IAM, go to [Working with Server Certificates][3] in the
8928
- # *IAM User Guide*.
9126
+ # For more information about working with server certificates, see
9127
+ # [Working with Server Certificates][3] in the *IAM User Guide*. This
9128
+ # topic includes a list of AWS services that can use the server
9129
+ # certificates that you manage with IAM.
8929
9130
  #
8930
9131
  # For information about the number of server certificates you can
8931
9132
  # upload, see [Limitations on IAM Entities and Objects][4] in the *IAM
@@ -8955,16 +9156,16 @@ module Aws::IAM
8955
9156
  # see [IAM Identifiers][1] in the *IAM User Guide*.
8956
9157
  #
8957
9158
  # This parameter is optional. If it is not included, it defaults to a
8958
- # slash (/). This paramater allows (per its [regex pattern][2]) a string
9159
+ # slash (/). This parameter allows (per its [regex pattern][2]) a string
8959
9160
  # of characters consisting of either a forward slash (/) by itself or a
8960
- # string that must begin and end with forward slashes, containing any
8961
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
8962
- # including most punctuation characters, digits, and upper and
8963
- # lowercased letters.
9161
+ # string that must begin and end with forward slashes. In addition, it
9162
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
9163
+ # character (\\u007F), including most punctuation characters, digits,
9164
+ # and upper and lowercased letters.
8964
9165
  #
8965
9166
  # <note markdown="1"> If you are uploading a server certificate specifically for use with
8966
9167
  # Amazon CloudFront distributions, you must specify a path using the
8967
- # `--path` option. The path must begin with `/cloudfront` and must
9168
+ # `path` parameter. The path must begin with `/cloudfront` and must
8968
9169
  # include a trailing slash (for example, `/cloudfront/test/`).
8969
9170
  #
8970
9171
  # </note>
@@ -8981,7 +9182,7 @@ module Aws::IAM
8981
9182
  # This parameter allows (per its [regex pattern][1]) a string of
8982
9183
  # characters consisting of upper and lowercase alphanumeric characters
8983
9184
  # with no spaces. You can also include any of the following characters:
8984
- # =,.@-
9185
+ # \_+=,.@-
8985
9186
  #
8986
9187
  #
8987
9188
  #
@@ -8991,12 +9192,16 @@ module Aws::IAM
8991
9192
  # The contents of the public key certificate in PEM-encoded format.
8992
9193
  #
8993
9194
  # The [regex pattern][1] used to validate this parameter is a string of
8994
- # characters consisting of any printable ASCII character ranging from
8995
- # the space character (\\u0020) through end of the ASCII character range
8996
- # as well as the printable characters in the Basic Latin and Latin-1
8997
- # Supplement character set (through \\u00FF). It also includes the
8998
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
8999
- # return (\\u000D).
9195
+ # characters consisting of the following:
9196
+ #
9197
+ # * Any printable ASCII character ranging from the space character
9198
+ # (\\u0020) through the end of the ASCII character range
9199
+ #
9200
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
9201
+ # character set (through \\u00FF)
9202
+ #
9203
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
9204
+ # carriage return (\\u000D)
9000
9205
  #
9001
9206
  #
9002
9207
  #
@@ -9006,12 +9211,16 @@ module Aws::IAM
9006
9211
  # The contents of the private key in PEM-encoded format.
9007
9212
  #
9008
9213
  # The [regex pattern][1] used to validate this parameter is a string of
9009
- # characters consisting of any printable ASCII character ranging from
9010
- # the space character (\\u0020) through end of the ASCII character range
9011
- # as well as the printable characters in the Basic Latin and Latin-1
9012
- # Supplement character set (through \\u00FF). It also includes the
9013
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
9014
- # return (\\u000D).
9214
+ # characters consisting of the following:
9215
+ #
9216
+ # * Any printable ASCII character ranging from the space character
9217
+ # (\\u0020) through the end of the ASCII character range
9218
+ #
9219
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
9220
+ # character set (through \\u00FF)
9221
+ #
9222
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
9223
+ # carriage return (\\u000D)
9015
9224
  #
9016
9225
  #
9017
9226
  #
@@ -9022,12 +9231,16 @@ module Aws::IAM
9022
9231
  # concatenation of the PEM-encoded public key certificates of the chain.
9023
9232
  #
9024
9233
  # The [regex pattern][1] used to validate this parameter is a string of
9025
- # characters consisting of any printable ASCII character ranging from
9026
- # the space character (\\u0020) through end of the ASCII character range
9027
- # as well as the printable characters in the Basic Latin and Latin-1
9028
- # Supplement character set (through \\u00FF). It also includes the
9029
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
9030
- # return (\\u000D).
9234
+ # characters consisting of the following:
9235
+ #
9236
+ # * Any printable ASCII character ranging from the space character
9237
+ # (\\u0020) through the end of the ASCII character range
9238
+ #
9239
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
9240
+ # character set (through \\u00FF)
9241
+ #
9242
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
9243
+ # carriage return (\\u000D)
9031
9244
  #
9032
9245
  #
9033
9246
  #
@@ -9096,11 +9309,11 @@ module Aws::IAM
9096
9309
  #
9097
9310
  # If the `UserName` field is not specified, the IAM user name is
9098
9311
  # determined implicitly based on the AWS access key ID used to sign the
9099
- # request. Because this action works for access keys under the AWS
9100
- # account, you can use this action to manage root credentials even if
9101
- # the AWS account has no associated users.
9312
+ # request. Because this operation works for access keys under the AWS
9313
+ # account, you can use this operation to manage AWS account root user
9314
+ # credentials even if the AWS account has no associated users.
9102
9315
  #
9103
- # <note markdown="1"> Because the body of a X.509 certificate can be large, you should use
9316
+ # <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
9104
9317
  # POST rather than GET when calling `UploadSigningCertificate`. For
9105
9318
  # information about setting up signatures and authorization through the
9106
9319
  # API, go to [Signing AWS API Requests][1] in the *AWS General
@@ -9120,7 +9333,7 @@ module Aws::IAM
9120
9333
  # This parameter allows (per its [regex pattern][1]) a string of
9121
9334
  # characters consisting of upper and lowercase alphanumeric characters
9122
9335
  # with no spaces. You can also include any of the following characters:
9123
- # =,.@-
9336
+ # \_+=,.@-
9124
9337
  #
9125
9338
  #
9126
9339
  #
@@ -9130,12 +9343,16 @@ module Aws::IAM
9130
9343
  # The contents of the signing certificate.
9131
9344
  #
9132
9345
  # The [regex pattern][1] used to validate this parameter is a string of
9133
- # characters consisting of any printable ASCII character ranging from
9134
- # the space character (\\u0020) through end of the ASCII character range
9135
- # as well as the printable characters in the Basic Latin and Latin-1
9136
- # Supplement character set (through \\u00FF). It also includes the
9137
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
9138
- # return (\\u000D).
9346
+ # characters consisting of the following:
9347
+ #
9348
+ # * Any printable ASCII character ranging from the space character
9349
+ # (\\u0020) through the end of the ASCII character range
9350
+ #
9351
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
9352
+ # character set (through \\u00FF)
9353
+ #
9354
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
9355
+ # carriage return (\\u000D)
9139
9356
  #
9140
9357
  #
9141
9358
  #
@@ -9203,7 +9420,7 @@ module Aws::IAM
9203
9420
  params: params,
9204
9421
  config: config)
9205
9422
  context[:gem_name] = 'aws-sdk-iam'
9206
- context[:gem_version] = '1.3.0'
9423
+ context[:gem_version] = '1.4.0'
9207
9424
  Seahorse::Client::Request.new(handlers, context)
9208
9425
  end
9209
9426