aws-sdk-iam 1.36.0 → 1.41.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2ea9f2ae6d9d5db55f1b2aeeecbad422294d2231b01cb5ae7cffe6688a44ac4
-  data.tar.gz: 8b815fe8b0bf12b454ad310156d9b349af86440152328e51f140d2e6ac29ccac
+  metadata.gz: 887c00097ed2c5a7bf9b0baff92a38e83511cdbd3f26748b53c6369472a4cb2c
+  data.tar.gz: 888d9443d86b854046b76237110eb555aab9e45d718325cfddd5107214eaa897
 SHA512:
-  metadata.gz: 46c2e4c82cfe6403732a015dff2be19778db25a99ad5d14fd4501fa8924c49fd6cd96e2022bf51be4d2dc101e26a49f251ab32030dd1321ff3ecfaa9189d0e9d
-  data.tar.gz: 0fa8b932baf27b80837b240974d879462f3a44cf22fa869c0fda7300085bf6acd21efcba1c21dd58a5cb619ff5baa8075336ac9cdc71442628f80d873c83ac3e
+  metadata.gz: cad2b479df05307c9b66037859e202383a0d9389cbe72cf2cbc5c01b976cf40195ce8dfef5fdeb4789af58c4b3831667f4c63273e36f43e79aa02d6c6d5f9da0
+  data.tar.gz: 26891edb4ff0c389c93d04c1a58107f4bb7506cc4dfb03aa6887ce27c9b66110db5f265c9aa8bf5a36e20c97dbe8b51ae0f3ac76e35f1c4deed48a06c498498f

data/lib/aws-sdk-iam.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -67,6 +69,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @service
 module Aws::IAM
 
-  GEM_VERSION = '1.36.0'
+  GEM_VERSION = '1.41.0'
 
 end

data/lib/aws-sdk-iam/access_key.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/access_key_pair.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/account_password_policy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/account_summary.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/assume_role_policy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -24,6 +26,7 @@ require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
 require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
+require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/query.rb'
 
@@ -69,6 +72,7 @@ module Aws::IAM
     add_plugin(Aws::Plugins::ClientMetricsPlugin)
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
+    add_plugin(Aws::Plugins::HttpChecksum)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::Query)
 
@@ -105,7 +109,7 @@ module Aws::IAM
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
     #     used to determine the service `:endpoint`. When not passed,
-    #     a default `:region` is search for in the following locations:
+    #     a default `:region` is searched for in the following locations:
     #
     #     * `Aws.config[:region]`
     #     * `ENV['AWS_REGION']`
@@ -161,7 +165,7 @@ module Aws::IAM
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
-    #     to test endpoints. This should be avalid HTTP(S) URI.
+    #     to test or custom endpoints. This should be a valid HTTP(S) URI.
     #
     #   @option options [Integer] :endpoint_cache_max_entries (1000)
     #     Used for the maximum size limit of the LRU cache storing endpoints data
@@ -176,7 +180,7 @@ module Aws::IAM
     #     requests fetching endpoints information. Defaults to 60 sec.
     #
     #   @option options [Boolean] :endpoint_discovery (false)
-    #     When set to `true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.
+    #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
@@ -3794,8 +3798,9 @@ module Aws::IAM
     #
     #  </note>
     #
-    # For more information about service last accessed data, see [Reducing
-    # Policy Scope by Viewing User Activity][4] in the *IAM User Guide*.
+    # For more information about service and action last accessed data, see
+    # [Reducing Permissions Using Service Last Accessed Data][4] in the *IAM
+    # User Guide*.
     #
     #
     #
@@ -3809,6 +3814,14 @@ module Aws::IAM
     #   used to generate information about when the resource was last used in
     #   an attempt to access an AWS service.
     #
+    # @option params [String] :granularity
+    #   The level of detail that you want to generate. You can specify whether
+    #   you want to generate information about the last attempt to access
+    #   services or actions. If you specify service-level granularity, this
+    #   operation generates only service data. If you specify action-level
+    #   granularity, it generates service and action data. If you don't
+    #   include this optional parameter, the operation generates service data.
+    #
     # @return [Types::GenerateServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GenerateServiceLastAccessedDetailsResponse#job_id #job_id} => String
@@ -3831,6 +3844,7 @@ module Aws::IAM
     #
     #   resp = client.generate_service_last_accessed_details({
     #     arn: "arnType", # required
+    #     granularity: "SERVICE_LEVEL", # accepts SERVICE_LEVEL, ACTION_LEVEL
     #   })
     #
     # @example Response structure
@@ -5404,9 +5418,19 @@ module Aws::IAM
     #
     # By default, the list is sorted by service namespace.
     #
+    # If you specified `ACTION_LEVEL` granularity when you generated the
+    # report, this operation returns service and action last accessed data.
+    # This includes the most recent access attempt for each tracked action
+    # within a service. Otherwise, this operation returns only service data.
+    #
+    # For more information about service and action last accessed data, see
+    # [Reducing Permissions Using Service Last Accessed Data][2] in the *IAM
+    # User Guide*.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
     #
     # @option params [required, String] :job_id
     #   The ID of the request generated by the
@@ -5435,6 +5459,7 @@ module Aws::IAM
     # @return [Types::GetServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetServiceLastAccessedDetailsResponse#job_status #job_status} => String
+    #   * {Types::GetServiceLastAccessedDetailsResponse#job_type #job_type} => String
     #   * {Types::GetServiceLastAccessedDetailsResponse#job_creation_date #job_creation_date} => Time
     #   * {Types::GetServiceLastAccessedDetailsResponse#services_last_accessed #services_last_accessed} => Array&lt;Types::ServiceLastAccessed&gt;
     #   * {Types::GetServiceLastAccessedDetailsResponse#job_completion_date #job_completion_date} => Time
@@ -5484,13 +5509,20 @@ module Aws::IAM
     # @example Response structure
     #
     #   resp.job_status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
+    #   resp.job_type #=> String, one of "SERVICE_LEVEL", "ACTION_LEVEL"
     #   resp.job_creation_date #=> Time
     #   resp.services_last_accessed #=> Array
     #   resp.services_last_accessed[0].service_name #=> String
     #   resp.services_last_accessed[0].last_authenticated #=> Time
     #   resp.services_last_accessed[0].service_namespace #=> String
     #   resp.services_last_accessed[0].last_authenticated_entity #=> String
+    #   resp.services_last_accessed[0].last_authenticated_region #=> String
     #   resp.services_last_accessed[0].total_authenticated_entities #=> Integer
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed #=> Array
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].action_name #=> String
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_entity #=> String
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_time #=> Time
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_region #=> String
     #   resp.job_completion_date #=> Time
     #   resp.is_truncated #=> Boolean
     #   resp.marker #=> String
@@ -9577,7 +9609,7 @@ module Aws::IAM
     #   operation. An IAM entity can only have one permissions boundary in
     #   effect at a time. For example, if a permissions boundary is attached
     #   to an entity and you pass in a different permissions boundary policy
-    #   using this parameter, then the new permission boundary policy is used
+    #   using this parameter, then the new permissions boundary policy is used
     #   for the simulation. For more information about permissions boundaries,
     #   see [Permissions Boundaries for IAM Entities][1] in the *IAM User
     #   Guide*. The policy input is specified as a string containing the
@@ -11533,7 +11565,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.36.0'
+      context[:gem_version] = '1.41.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iam/client_api.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -11,6 +13,7 @@ module Aws::IAM
 
     include Seahorse::Model
 
+    AccessAdvisorUsageGranularityType = Shapes::StringShape.new(name: 'AccessAdvisorUsageGranularityType')
     AccessDetail = Shapes::StructureShape.new(name: 'AccessDetail')
     AccessDetails = Shapes::ListShape.new(name: 'AccessDetails')
     AccessKey = Shapes::StructureShape.new(name: 'AccessKey')
@@ -320,6 +323,8 @@ module Aws::IAM
     Tag = Shapes::StructureShape.new(name: 'Tag')
     TagRoleRequest = Shapes::StructureShape.new(name: 'TagRoleRequest')
     TagUserRequest = Shapes::StructureShape.new(name: 'TagUserRequest')
+    TrackedActionLastAccessed = Shapes::StructureShape.new(name: 'TrackedActionLastAccessed')
+    TrackedActionsLastAccessed = Shapes::ListShape.new(name: 'TrackedActionsLastAccessed')
     UnmodifiableEntityException = Shapes::StructureShape.new(name: 'UnmodifiableEntityException')
     UnrecognizedPublicKeyEncodingException = Shapes::StructureShape.new(name: 'UnrecognizedPublicKeyEncodingException')
     UntagRoleRequest = Shapes::StructureShape.new(name: 'UntagRoleRequest')
@@ -833,6 +838,7 @@ module Aws::IAM
     GenerateOrganizationsAccessReportResponse.struct_class = Types::GenerateOrganizationsAccessReportResponse
 
     GenerateServiceLastAccessedDetailsRequest.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
+    GenerateServiceLastAccessedDetailsRequest.add_member(:granularity, Shapes::ShapeRef.new(shape: AccessAdvisorUsageGranularityType, location_name: "Granularity"))
     GenerateServiceLastAccessedDetailsRequest.struct_class = Types::GenerateServiceLastAccessedDetailsRequest
 
     GenerateServiceLastAccessedDetailsResponse.add_member(:job_id, Shapes::ShapeRef.new(shape: jobIDType, location_name: "JobId"))
@@ -993,6 +999,7 @@ module Aws::IAM
     GetServiceLastAccessedDetailsRequest.struct_class = Types::GetServiceLastAccessedDetailsRequest
 
     GetServiceLastAccessedDetailsResponse.add_member(:job_status, Shapes::ShapeRef.new(shape: jobStatusType, required: true, location_name: "JobStatus"))
+    GetServiceLastAccessedDetailsResponse.add_member(:job_type, Shapes::ShapeRef.new(shape: AccessAdvisorUsageGranularityType, location_name: "JobType"))
     GetServiceLastAccessedDetailsResponse.add_member(:job_creation_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "JobCreationDate"))
     GetServiceLastAccessedDetailsResponse.add_member(:services_last_accessed, Shapes::ShapeRef.new(shape: ServicesLastAccessed, required: true, location_name: "ServicesLastAccessed"))
     GetServiceLastAccessedDetailsResponse.add_member(:job_completion_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "JobCompletionDate"))
@@ -1626,7 +1633,9 @@ module Aws::IAM
     ServiceLastAccessed.add_member(:last_authenticated, Shapes::ShapeRef.new(shape: dateType, location_name: "LastAuthenticated"))
     ServiceLastAccessed.add_member(:service_namespace, Shapes::ShapeRef.new(shape: serviceNamespaceType, required: true, location_name: "ServiceNamespace"))
     ServiceLastAccessed.add_member(:last_authenticated_entity, Shapes::ShapeRef.new(shape: arnType, location_name: "LastAuthenticatedEntity"))
+    ServiceLastAccessed.add_member(:last_authenticated_region, Shapes::ShapeRef.new(shape: stringType, location_name: "LastAuthenticatedRegion"))
     ServiceLastAccessed.add_member(:total_authenticated_entities, Shapes::ShapeRef.new(shape: integerType, location_name: "TotalAuthenticatedEntities"))
+    ServiceLastAccessed.add_member(:tracked_actions_last_accessed, Shapes::ShapeRef.new(shape: TrackedActionsLastAccessed, location_name: "TrackedActionsLastAccessed"))
     ServiceLastAccessed.struct_class = Types::ServiceLastAccessed
 
     ServiceNotSupportedException.add_member(:message, Shapes::ShapeRef.new(shape: serviceNotSupportedMessage, location_name: "message"))
@@ -1721,6 +1730,14 @@ module Aws::IAM
     TagUserRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
     TagUserRequest.struct_class = Types::TagUserRequest
 
+    TrackedActionLastAccessed.add_member(:action_name, Shapes::ShapeRef.new(shape: stringType, location_name: "ActionName"))
+    TrackedActionLastAccessed.add_member(:last_accessed_entity, Shapes::ShapeRef.new(shape: arnType, location_name: "LastAccessedEntity"))
+    TrackedActionLastAccessed.add_member(:last_accessed_time, Shapes::ShapeRef.new(shape: dateType, location_name: "LastAccessedTime"))
+    TrackedActionLastAccessed.add_member(:last_accessed_region, Shapes::ShapeRef.new(shape: stringType, location_name: "LastAccessedRegion"))
+    TrackedActionLastAccessed.struct_class = Types::TrackedActionLastAccessed
+
+    TrackedActionsLastAccessed.member = Shapes::ShapeRef.new(shape: TrackedActionLastAccessed)
+
     UnmodifiableEntityException.add_member(:message, Shapes::ShapeRef.new(shape: unmodifiableEntityMessage, location_name: "message"))
     UnmodifiableEntityException.struct_class = Types::UnmodifiableEntityException
 

data/lib/aws-sdk-iam/current_user.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/customizations.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 # customizations to generated classes
 require 'aws-sdk-iam/customizations/resource'

data/lib/aws-sdk-iam/customizations/resource.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module IAM
     class Resource

data/lib/aws-sdk-iam/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/group.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -338,7 +340,7 @@ module Aws::IAM
     # @return [GroupPolicy]
     def create_policy(options = {})
       options = options.merge(group_name: @name)
-      resp = @client.put_group_policy(options)
+      @client.put_group_policy(options)
       GroupPolicy.new(
         group_name: @name,
         name: options[:policy_name],
@@ -434,7 +436,7 @@ module Aws::IAM
     # @return [Group]
     def update(options = {})
       options = options.merge(group_name: @name)
-      resp = @client.update_group(options)
+      @client.update_group(options)
       Group.new(
         name: options[:new_group_name],
         client: @client

data/lib/aws-sdk-iam/group_policy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/instance_profile.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/login_profile.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/mfa_device.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/policy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/policy_version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/resource.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -173,7 +175,7 @@ module Aws::IAM
     #   the user.
     # @return [AccountPasswordPolicy]
     def create_account_password_policy(options = {})
-      resp = @client.update_account_password_policy(options)
+      @client.update_account_password_policy(options)
       AccountPasswordPolicy.new(client: @client)
     end
 
@@ -604,7 +606,7 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     # @return [ServerCertificate]
     def create_server_certificate(options = {})
-      resp = @client.upload_server_certificate(options)
+      @client.upload_server_certificate(options)
       ServerCertificate.new(
         name: options[:server_certificate_name],
         client: @client

data/lib/aws-sdk-iam/role.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/role_policy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/saml_provider.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/server_certificate.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -233,7 +235,7 @@ module Aws::IAM
     # @return [ServerCertificate]
     def update(options = {})
       options = options.merge(server_certificate_name: @name)
-      resp = @client.update_server_certificate(options)
+      @client.update_server_certificate(options)
       ServerCertificate.new(
         name: options[:new_server_certificate_name],
         client: @client

data/lib/aws-sdk-iam/signing_certificate.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-iam/types.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -93,6 +95,7 @@ module Aws::IAM
       :entity_path,
       :last_authenticated_time,
       :total_authenticated_entities)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -137,6 +140,7 @@ module Aws::IAM
       :status,
       :secret_access_key,
       :create_date)
+      SENSITIVE = [:secret_access_key]
       include Aws::Structure
     end
 
@@ -201,6 +205,7 @@ module Aws::IAM
       :last_used_date,
       :service_name,
       :region)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -233,6 +238,7 @@ module Aws::IAM
       :access_key_id,
       :status,
       :create_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -261,6 +267,7 @@ module Aws::IAM
     class AddClientIDToOpenIDConnectProviderRequest < Struct.new(
       :open_id_connect_provider_arn,
       :client_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -303,6 +310,7 @@ module Aws::IAM
     class AddRoleToInstanceProfileRequest < Struct.new(
       :instance_profile_name,
       :role_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -345,6 +353,7 @@ module Aws::IAM
     class AddUserToGroupRequest < Struct.new(
       :group_name,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -386,6 +395,7 @@ module Aws::IAM
     class AttachGroupPolicyRequest < Struct.new(
       :group_name,
       :policy_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -427,6 +437,7 @@ module Aws::IAM
     class AttachRolePolicyRequest < Struct.new(
       :role_name,
       :policy_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -468,6 +479,7 @@ module Aws::IAM
     class AttachUserPolicyRequest < Struct.new(
       :user_name,
       :policy_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -499,6 +511,7 @@ module Aws::IAM
     class AttachedPermissionsBoundary < Struct.new(
       :permissions_boundary_type,
       :permissions_boundary_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -538,6 +551,7 @@ module Aws::IAM
     class AttachedPolicy < Struct.new(
       :policy_name,
       :policy_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -577,6 +591,7 @@ module Aws::IAM
     class ChangePasswordRequest < Struct.new(
       :old_password,
       :new_password)
+      SENSITIVE = [:old_password, :new_password]
       include Aws::Structure
     end
 
@@ -591,6 +606,7 @@ module Aws::IAM
     #
     class ConcurrentModificationException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -634,6 +650,7 @@ module Aws::IAM
       :context_key_name,
       :context_key_values,
       :context_key_type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -661,6 +678,7 @@ module Aws::IAM
     #
     class CreateAccessKeyRequest < Struct.new(
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -674,6 +692,7 @@ module Aws::IAM
     #
     class CreateAccessKeyResponse < Struct.new(
       :access_key)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -701,6 +720,7 @@ module Aws::IAM
     #
     class CreateAccountAliasRequest < Struct.new(
       :account_alias)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -747,6 +767,7 @@ module Aws::IAM
     class CreateGroupRequest < Struct.new(
       :path,
       :group_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -760,6 +781,7 @@ module Aws::IAM
     #
     class CreateGroupResponse < Struct.new(
       :group)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -809,6 +831,7 @@ module Aws::IAM
     class CreateInstanceProfileRequest < Struct.new(
       :instance_profile_name,
       :path)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -822,6 +845,7 @@ module Aws::IAM
     #
     class CreateInstanceProfileResponse < Struct.new(
       :instance_profile)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -877,6 +901,7 @@ module Aws::IAM
       :user_name,
       :password,
       :password_reset_required)
+      SENSITIVE = [:password]
       include Aws::Structure
     end
 
@@ -890,6 +915,7 @@ module Aws::IAM
     #
     class CreateLoginProfileResponse < Struct.new(
       :login_profile)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -966,6 +992,7 @@ module Aws::IAM
       :url,
       :client_id_list,
       :thumbprint_list)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -982,6 +1009,7 @@ module Aws::IAM
     #
     class CreateOpenIDConnectProviderResponse < Struct.new(
       :open_id_connect_provider_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1070,6 +1098,7 @@ module Aws::IAM
       :path,
       :policy_document,
       :description)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1083,6 +1112,7 @@ module Aws::IAM
     #
     class CreatePolicyResponse < Struct.new(
       :policy)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1155,6 +1185,7 @@ module Aws::IAM
       :policy_arn,
       :policy_document,
       :set_as_default)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1168,6 +1199,7 @@ module Aws::IAM
     #
     class CreatePolicyVersionResponse < Struct.new(
       :policy_version)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1307,6 +1339,7 @@ module Aws::IAM
       :max_session_duration,
       :permissions_boundary,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1320,6 +1353,7 @@ module Aws::IAM
     #
     class CreateRoleResponse < Struct.new(
       :role)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1365,6 +1399,7 @@ module Aws::IAM
     class CreateSAMLProviderRequest < Struct.new(
       :saml_metadata_document,
       :name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1379,6 +1414,7 @@ module Aws::IAM
     #
     class CreateSAMLProviderResponse < Struct.new(
       :saml_provider_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1431,6 +1467,7 @@ module Aws::IAM
       :aws_service_name,
       :description,
       :custom_suffix)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1442,6 +1479,7 @@ module Aws::IAM
     #
     class CreateServiceLinkedRoleResponse < Struct.new(
       :role)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1480,6 +1518,7 @@ module Aws::IAM
     class CreateServiceSpecificCredentialRequest < Struct.new(
       :user_name,
       :service_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1496,6 +1535,7 @@ module Aws::IAM
     #
     class CreateServiceSpecificCredentialResponse < Struct.new(
       :service_specific_credential)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1572,6 +1612,7 @@ module Aws::IAM
       :user_name,
       :permissions_boundary,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1585,6 +1626,7 @@ module Aws::IAM
     #
     class CreateUserResponse < Struct.new(
       :user)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1635,6 +1677,7 @@ module Aws::IAM
     class CreateVirtualMFADeviceRequest < Struct.new(
       :path,
       :virtual_mfa_device_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1648,6 +1691,7 @@ module Aws::IAM
     #
     class CreateVirtualMFADeviceResponse < Struct.new(
       :virtual_mfa_device)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1668,6 +1712,7 @@ module Aws::IAM
     #
     class CredentialReportExpiredException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1681,6 +1726,7 @@ module Aws::IAM
     #
     class CredentialReportNotPresentException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1694,6 +1740,7 @@ module Aws::IAM
     #
     class CredentialReportNotReadyException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1737,6 +1784,7 @@ module Aws::IAM
     class DeactivateMFADeviceRequest < Struct.new(
       :user_name,
       :serial_number)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1779,6 +1827,7 @@ module Aws::IAM
     class DeleteAccessKeyRequest < Struct.new(
       :user_name,
       :access_key_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1806,6 +1855,7 @@ module Aws::IAM
     #
     class DeleteAccountAliasRequest < Struct.new(
       :account_alias)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1820,6 +1870,7 @@ module Aws::IAM
     #
     class DeleteConflictException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1863,6 +1914,7 @@ module Aws::IAM
     class DeleteGroupPolicyRequest < Struct.new(
       :group_name,
       :policy_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1890,6 +1942,7 @@ module Aws::IAM
     #
     class DeleteGroupRequest < Struct.new(
       :group_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1917,6 +1970,7 @@ module Aws::IAM
     #
     class DeleteInstanceProfileRequest < Struct.new(
       :instance_profile_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1944,6 +1998,7 @@ module Aws::IAM
     #
     class DeleteLoginProfileRequest < Struct.new(
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1965,6 +2020,7 @@ module Aws::IAM
     #
     class DeleteOpenIDConnectProviderRequest < Struct.new(
       :open_id_connect_provider_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1990,6 +2046,7 @@ module Aws::IAM
     #
     class DeletePolicyRequest < Struct.new(
       :policy_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2035,6 +2092,7 @@ module Aws::IAM
     class DeletePolicyVersionRequest < Struct.new(
       :policy_arn,
       :version_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2054,6 +2112,7 @@ module Aws::IAM
     #
     class DeleteRolePermissionsBoundaryRequest < Struct.new(
       :role_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2097,6 +2156,7 @@ module Aws::IAM
     class DeleteRolePolicyRequest < Struct.new(
       :role_name,
       :policy_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2124,6 +2184,7 @@ module Aws::IAM
     #
     class DeleteRoleRequest < Struct.new(
       :role_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2142,6 +2203,7 @@ module Aws::IAM
     #
     class DeleteSAMLProviderRequest < Struct.new(
       :saml_provider_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2183,6 +2245,7 @@ module Aws::IAM
     class DeleteSSHPublicKeyRequest < Struct.new(
       :user_name,
       :ssh_public_key_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2210,6 +2273,7 @@ module Aws::IAM
     #
     class DeleteServerCertificateRequest < Struct.new(
       :server_certificate_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2228,6 +2292,7 @@ module Aws::IAM
     #
     class DeleteServiceLinkedRoleRequest < Struct.new(
       :role_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2241,6 +2306,7 @@ module Aws::IAM
     #
     class DeleteServiceLinkedRoleResponse < Struct.new(
       :deletion_task_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2285,6 +2351,7 @@ module Aws::IAM
     class DeleteServiceSpecificCredentialRequest < Struct.new(
       :user_name,
       :service_specific_credential_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2326,6 +2393,7 @@ module Aws::IAM
     class DeleteSigningCertificateRequest < Struct.new(
       :user_name,
       :certificate_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2345,6 +2413,7 @@ module Aws::IAM
     #
     class DeleteUserPermissionsBoundaryRequest < Struct.new(
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2388,6 +2457,7 @@ module Aws::IAM
     class DeleteUserPolicyRequest < Struct.new(
       :user_name,
       :policy_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2415,6 +2485,7 @@ module Aws::IAM
     #
     class DeleteUserRequest < Struct.new(
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2443,6 +2514,7 @@ module Aws::IAM
     #
     class DeleteVirtualMFADeviceRequest < Struct.new(
       :serial_number)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2471,6 +2543,7 @@ module Aws::IAM
     class DeletionTaskFailureReasonType < Struct.new(
       :reason,
       :role_usage_list)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2512,6 +2585,7 @@ module Aws::IAM
     class DetachGroupPolicyRequest < Struct.new(
       :group_name,
       :policy_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2553,6 +2627,7 @@ module Aws::IAM
     class DetachRolePolicyRequest < Struct.new(
       :role_name,
       :policy_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2594,6 +2669,7 @@ module Aws::IAM
     class DetachUserPolicyRequest < Struct.new(
       :user_name,
       :policy_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2607,6 +2683,7 @@ module Aws::IAM
     #
     class DuplicateCertificateException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2620,6 +2697,7 @@ module Aws::IAM
     #
     class DuplicateSSHPublicKeyException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2701,6 +2779,7 @@ module Aws::IAM
       :serial_number,
       :authentication_code_1,
       :authentication_code_2)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2714,6 +2793,7 @@ module Aws::IAM
     #
     class EntityAlreadyExistsException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2748,6 +2828,7 @@ module Aws::IAM
     class EntityDetails < Struct.new(
       :entity_info,
       :last_authenticated)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2796,6 +2877,7 @@ module Aws::IAM
       :type,
       :id,
       :path)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2812,6 +2894,7 @@ module Aws::IAM
     #
     class EntityTemporarilyUnmodifiableException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2834,6 +2917,7 @@ module Aws::IAM
     class ErrorDetails < Struct.new(
       :message,
       :code)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2931,6 +3015,7 @@ module Aws::IAM
       :permissions_boundary_decision_detail,
       :eval_decision_details,
       :resource_specific_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2950,6 +3035,7 @@ module Aws::IAM
     class GenerateCredentialReportResponse < Struct.new(
       :state,
       :description)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2985,6 +3071,7 @@ module Aws::IAM
     class GenerateOrganizationsAccessReportRequest < Struct.new(
       :entity_path,
       :organizations_policy_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2997,6 +3084,7 @@ module Aws::IAM
     #
     class GenerateOrganizationsAccessReportResponse < Struct.new(
       :job_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3005,6 +3093,7 @@ module Aws::IAM
     #
     #       {
     #         arn: "arnType", # required
+    #         granularity: "SERVICE_LEVEL", # accepts SERVICE_LEVEL, ACTION_LEVEL
     #       }
     #
     # @!attribute [rw] arn
@@ -3013,10 +3102,22 @@ module Aws::IAM
     #   in an attempt to access an AWS service.
     #   @return [String]
     #
+    # @!attribute [rw] granularity
+    #   The level of detail that you want to generate. You can specify
+    #   whether you want to generate information about the last attempt to
+    #   access services or actions. If you specify service-level
+    #   granularity, this operation generates only service data. If you
+    #   specify action-level granularity, it generates service and action
+    #   data. If you don't include this optional parameter, the operation
+    #   generates service data.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateServiceLastAccessedDetailsRequest AWS API Documentation
     #
     class GenerateServiceLastAccessedDetailsRequest < Struct.new(
-      :arn)
+      :arn,
+      :granularity)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3032,6 +3133,7 @@ module Aws::IAM
     #
     class GenerateServiceLastAccessedDetailsResponse < Struct.new(
       :job_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3058,6 +3160,7 @@ module Aws::IAM
     #
     class GetAccessKeyLastUsedRequest < Struct.new(
       :access_key_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3078,6 +3181,7 @@ module Aws::IAM
     class GetAccessKeyLastUsedResponse < Struct.new(
       :user_name,
       :access_key_last_used)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3126,6 +3230,7 @@ module Aws::IAM
       :filter,
       :max_items,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3173,6 +3278,7 @@ module Aws::IAM
       :policies,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3188,6 +3294,7 @@ module Aws::IAM
     #
     class GetAccountPasswordPolicyResponse < Struct.new(
       :password_policy)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3202,6 +3309,7 @@ module Aws::IAM
     #
     class GetAccountSummaryResponse < Struct.new(
       :summary_map)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3238,6 +3346,7 @@ module Aws::IAM
     #
     class GetContextKeysForCustomPolicyRequest < Struct.new(
       :policy_input_list)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3252,6 +3361,7 @@ module Aws::IAM
     #
     class GetContextKeysForPolicyResponse < Struct.new(
       :context_key_names)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3308,6 +3418,7 @@ module Aws::IAM
     class GetContextKeysForPrincipalPolicyRequest < Struct.new(
       :policy_source_arn,
       :policy_input_list)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3336,6 +3447,7 @@ module Aws::IAM
       :content,
       :report_format,
       :generated_time)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3378,6 +3490,7 @@ module Aws::IAM
     class GetGroupPolicyRequest < Struct.new(
       :group_name,
       :policy_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3406,6 +3519,7 @@ module Aws::IAM
       :group_name,
       :policy_name,
       :policy_document)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3457,6 +3571,7 @@ module Aws::IAM
       :group_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3493,6 +3608,7 @@ module Aws::IAM
       :users,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3520,6 +3636,7 @@ module Aws::IAM
     #
     class GetInstanceProfileRequest < Struct.new(
       :instance_profile_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3533,6 +3650,7 @@ module Aws::IAM
     #
     class GetInstanceProfileResponse < Struct.new(
       :instance_profile)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3560,6 +3678,7 @@ module Aws::IAM
     #
     class GetLoginProfileRequest < Struct.new(
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3574,6 +3693,7 @@ module Aws::IAM
     #
     class GetLoginProfileResponse < Struct.new(
       :login_profile)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3601,6 +3721,7 @@ module Aws::IAM
     #
     class GetOpenIDConnectProviderRequest < Struct.new(
       :open_id_connect_provider_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3636,6 +3757,7 @@ module Aws::IAM
       :client_id_list,
       :thumbprint_list,
       :create_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3688,6 +3810,7 @@ module Aws::IAM
       :max_items,
       :marker,
       :sort_key)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3767,6 +3890,7 @@ module Aws::IAM
       :is_truncated,
       :marker,
       :error_details)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3793,6 +3917,7 @@ module Aws::IAM
     #
     class GetPolicyRequest < Struct.new(
       :policy_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3806,6 +3931,7 @@ module Aws::IAM
     #
     class GetPolicyResponse < Struct.new(
       :policy)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3847,6 +3973,7 @@ module Aws::IAM
     class GetPolicyVersionRequest < Struct.new(
       :policy_arn,
       :version_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3860,6 +3987,7 @@ module Aws::IAM
     #
     class GetPolicyVersionResponse < Struct.new(
       :policy_version)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3902,6 +4030,7 @@ module Aws::IAM
     class GetRolePolicyRequest < Struct.new(
       :role_name,
       :policy_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3930,6 +4059,7 @@ module Aws::IAM
       :role_name,
       :policy_name,
       :policy_document)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3957,6 +4087,7 @@ module Aws::IAM
     #
     class GetRoleRequest < Struct.new(
       :role_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3970,6 +4101,7 @@ module Aws::IAM
     #
     class GetRoleResponse < Struct.new(
       :role)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3996,6 +4128,7 @@ module Aws::IAM
     #
     class GetSAMLProviderRequest < Struct.new(
       :saml_provider_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4020,6 +4153,7 @@ module Aws::IAM
       :saml_metadata_document,
       :create_date,
       :valid_until)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4069,6 +4203,7 @@ module Aws::IAM
       :user_name,
       :ssh_public_key_id,
       :encoding)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4082,6 +4217,7 @@ module Aws::IAM
     #
     class GetSSHPublicKeyResponse < Struct.new(
       :ssh_public_key)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4110,6 +4246,7 @@ module Aws::IAM
     #
     class GetServerCertificateRequest < Struct.new(
       :server_certificate_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4123,6 +4260,7 @@ module Aws::IAM
     #
     class GetServerCertificateResponse < Struct.new(
       :server_certificate)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4169,6 +4307,7 @@ module Aws::IAM
       :job_id,
       :max_items,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4176,6 +4315,12 @@ module Aws::IAM
     #   The status of the job.
     #   @return [String]
     #
+    # @!attribute [rw] job_type
+    #   The type of job. Service jobs return information about when each
+    #   service was last accessed. Action jobs also include information
+    #   about when tracked actions within the service were last accessed.
+    #   @return [String]
+    #
     # @!attribute [rw] job_creation_date
     #   The date and time, in [ISO 8601 date-time format][1], when the
     #   report job was created.
@@ -4227,12 +4372,14 @@ module Aws::IAM
     #
     class GetServiceLastAccessedDetailsResponse < Struct.new(
       :job_status,
+      :job_type,
       :job_creation_date,
       :services_last_accessed,
       :job_completion_date,
       :is_truncated,
       :marker,
       :error)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4297,6 +4444,7 @@ module Aws::IAM
       :service_namespace,
       :max_items,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4362,6 +4510,7 @@ module Aws::IAM
       :is_truncated,
       :marker,
       :error)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4382,6 +4531,7 @@ module Aws::IAM
     #
     class GetServiceLinkedRoleDeletionStatusRequest < Struct.new(
       :deletion_task_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4399,6 +4549,7 @@ module Aws::IAM
     class GetServiceLinkedRoleDeletionStatusResponse < Struct.new(
       :status,
       :reason)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4441,6 +4592,7 @@ module Aws::IAM
     class GetUserPolicyRequest < Struct.new(
       :user_name,
       :policy_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4469,6 +4621,7 @@ module Aws::IAM
       :user_name,
       :policy_name,
       :policy_document)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4497,6 +4650,7 @@ module Aws::IAM
     #
     class GetUserRequest < Struct.new(
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4533,6 +4687,7 @@ module Aws::IAM
     #
     class GetUserResponse < Struct.new(
       :user)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4597,6 +4752,7 @@ module Aws::IAM
       :group_id,
       :arn,
       :create_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4668,6 +4824,7 @@ module Aws::IAM
       :create_date,
       :group_policy_list,
       :attached_managed_policies)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4734,6 +4891,7 @@ module Aws::IAM
       :arn,
       :create_date,
       :roles)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4747,6 +4905,7 @@ module Aws::IAM
     #
     class InvalidAuthenticationCodeException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4759,6 +4918,7 @@ module Aws::IAM
     #
     class InvalidCertificateException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4772,6 +4932,7 @@ module Aws::IAM
     #
     class InvalidInputException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4785,6 +4946,7 @@ module Aws::IAM
     #
     class InvalidPublicKeyException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4798,6 +4960,7 @@ module Aws::IAM
     #
     class InvalidUserTypeException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4811,6 +4974,7 @@ module Aws::IAM
     #
     class KeyPairMismatchException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4825,6 +4989,7 @@ module Aws::IAM
     #
     class LimitExceededException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4876,6 +5041,7 @@ module Aws::IAM
       :user_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4907,6 +5073,7 @@ module Aws::IAM
       :access_key_metadata,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4943,6 +5110,7 @@ module Aws::IAM
     class ListAccountAliasesRequest < Struct.new(
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4975,6 +5143,7 @@ module Aws::IAM
       :account_aliases,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5046,6 +5215,7 @@ module Aws::IAM
       :path_prefix,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5078,6 +5248,7 @@ module Aws::IAM
       :attached_policies,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5149,6 +5320,7 @@ module Aws::IAM
       :path_prefix,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5181,6 +5353,7 @@ module Aws::IAM
       :attached_policies,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5252,6 +5425,7 @@ module Aws::IAM
       :path_prefix,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5284,6 +5458,7 @@ module Aws::IAM
       :attached_policies,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5379,6 +5554,7 @@ module Aws::IAM
       :policy_usage_filter,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5420,6 +5596,7 @@ module Aws::IAM
       :policy_roles,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5471,6 +5648,7 @@ module Aws::IAM
       :group_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5511,6 +5689,7 @@ module Aws::IAM
       :policy_names,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5562,6 +5741,7 @@ module Aws::IAM
       :user_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5593,6 +5773,7 @@ module Aws::IAM
       :groups,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5650,6 +5831,7 @@ module Aws::IAM
       :path_prefix,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5681,6 +5863,7 @@ module Aws::IAM
       :groups,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5732,6 +5915,7 @@ module Aws::IAM
       :role_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5764,6 +5948,7 @@ module Aws::IAM
       :instance_profiles,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5821,6 +6006,7 @@ module Aws::IAM
       :path_prefix,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5852,6 +6038,7 @@ module Aws::IAM
       :instance_profiles,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5903,6 +6090,7 @@ module Aws::IAM
       :user_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5934,6 +6122,7 @@ module Aws::IAM
       :mfa_devices,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5955,6 +6144,7 @@ module Aws::IAM
     #
     class ListOpenIDConnectProvidersResponse < Struct.new(
       :open_id_connect_provider_list)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5991,6 +6181,7 @@ module Aws::IAM
     class ListPoliciesGrantingServiceAccessEntry < Struct.new(
       :service_namespace,
       :policies)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6039,6 +6230,7 @@ module Aws::IAM
       :marker,
       :arn,
       :service_namespaces)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6068,6 +6260,7 @@ module Aws::IAM
       :policies_granting_service_access,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6159,6 +6352,7 @@ module Aws::IAM
       :policy_usage_filter,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6190,6 +6384,7 @@ module Aws::IAM
       :policies,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6240,6 +6435,7 @@ module Aws::IAM
       :policy_arn,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6278,6 +6474,7 @@ module Aws::IAM
       :versions,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6329,6 +6526,7 @@ module Aws::IAM
       :role_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6360,6 +6558,7 @@ module Aws::IAM
       :policy_names,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6411,6 +6610,7 @@ module Aws::IAM
       :role_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6442,6 +6642,7 @@ module Aws::IAM
       :tags,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6499,6 +6700,7 @@ module Aws::IAM
       :path_prefix,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6530,6 +6732,7 @@ module Aws::IAM
       :roles,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6550,6 +6753,7 @@ module Aws::IAM
     #
     class ListSAMLProvidersResponse < Struct.new(
       :saml_provider_list)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6603,6 +6807,7 @@ module Aws::IAM
       :user_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6634,6 +6839,7 @@ module Aws::IAM
       :ssh_public_keys,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6691,6 +6897,7 @@ module Aws::IAM
       :path_prefix,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6722,6 +6929,7 @@ module Aws::IAM
       :server_certificate_metadata_list,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6760,6 +6968,7 @@ module Aws::IAM
     class ListServiceSpecificCredentialsRequest < Struct.new(
       :user_name,
       :service_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6772,6 +6981,7 @@ module Aws::IAM
     #
     class ListServiceSpecificCredentialsResponse < Struct.new(
       :service_specific_credentials)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6824,6 +7034,7 @@ module Aws::IAM
       :user_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6855,6 +7066,7 @@ module Aws::IAM
       :certificates,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6906,6 +7118,7 @@ module Aws::IAM
       :user_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6937,6 +7150,7 @@ module Aws::IAM
       :policy_names,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6988,6 +7202,7 @@ module Aws::IAM
       :user_name,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7019,6 +7234,7 @@ module Aws::IAM
       :tags,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7076,6 +7292,7 @@ module Aws::IAM
       :path_prefix,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7107,6 +7324,7 @@ module Aws::IAM
       :users,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7152,6 +7370,7 @@ module Aws::IAM
       :assignment_status,
       :marker,
       :max_items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7184,6 +7403,7 @@ module Aws::IAM
       :virtual_mfa_devices,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7212,6 +7432,7 @@ module Aws::IAM
       :user_name,
       :create_date,
       :password_reset_required)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7239,6 +7460,7 @@ module Aws::IAM
       :user_name,
       :serial_number,
       :enable_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7252,6 +7474,7 @@ module Aws::IAM
     #
     class MalformedCertificateException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7265,6 +7488,7 @@ module Aws::IAM
     #
     class MalformedPolicyDocumentException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7400,6 +7624,7 @@ module Aws::IAM
       :create_date,
       :update_date,
       :policy_version_list)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7413,6 +7638,7 @@ module Aws::IAM
     #
     class NoSuchEntityException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7435,6 +7661,7 @@ module Aws::IAM
     #
     class OpenIDConnectProviderListEntry < Struct.new(
       :arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7451,6 +7678,7 @@ module Aws::IAM
     #
     class OrganizationsDecisionDetail < Struct.new(
       :allowed_by_organizations)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7519,6 +7747,7 @@ module Aws::IAM
       :max_password_age,
       :password_reuse_prevention,
       :hard_expiry)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7532,6 +7761,7 @@ module Aws::IAM
     #
     class PasswordPolicyViolationException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7555,6 +7785,7 @@ module Aws::IAM
     #
     class PermissionsBoundaryDecisionDetail < Struct.new(
       :allowed_by_permissions_boundary)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7679,6 +7910,7 @@ module Aws::IAM
       :description,
       :create_date,
       :update_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7701,6 +7933,7 @@ module Aws::IAM
     class PolicyDetail < Struct.new(
       :policy_name,
       :policy_document)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7715,6 +7948,7 @@ module Aws::IAM
     #
     class PolicyEvaluationException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7783,6 +8017,7 @@ module Aws::IAM
       :policy_arn,
       :entity_type,
       :entity_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7818,6 +8053,7 @@ module Aws::IAM
     class PolicyGroup < Struct.new(
       :group_name,
       :group_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7831,6 +8067,7 @@ module Aws::IAM
     #
     class PolicyNotAttachableException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7866,6 +8103,7 @@ module Aws::IAM
     class PolicyRole < Struct.new(
       :role_name,
       :role_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7901,6 +8139,7 @@ module Aws::IAM
     class PolicyUser < Struct.new(
       :user_name,
       :user_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7965,6 +8204,7 @@ module Aws::IAM
       :version_id,
       :is_default_version,
       :create_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7987,6 +8227,7 @@ module Aws::IAM
     class Position < Struct.new(
       :line,
       :column)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8056,6 +8297,7 @@ module Aws::IAM
       :group_name,
       :policy_name,
       :policy_document)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8082,6 +8324,7 @@ module Aws::IAM
     class PutRolePermissionsBoundaryRequest < Struct.new(
       :role_name,
       :permissions_boundary)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8151,6 +8394,7 @@ module Aws::IAM
       :role_name,
       :policy_name,
       :policy_document)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8177,6 +8421,7 @@ module Aws::IAM
     class PutUserPermissionsBoundaryRequest < Struct.new(
       :user_name,
       :permissions_boundary)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8246,6 +8491,7 @@ module Aws::IAM
       :user_name,
       :policy_name,
       :policy_document)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8281,6 +8527,7 @@ module Aws::IAM
     class RemoveClientIDFromOpenIDConnectProviderRequest < Struct.new(
       :open_id_connect_provider_arn,
       :client_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8323,6 +8570,7 @@ module Aws::IAM
     class RemoveRoleFromInstanceProfileRequest < Struct.new(
       :instance_profile_name,
       :role_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8365,6 +8613,7 @@ module Aws::IAM
     class RemoveUserFromGroupRequest < Struct.new(
       :group_name,
       :user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8378,6 +8627,7 @@ module Aws::IAM
     #
     class ReportGenerationLimitExceededException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8421,6 +8671,7 @@ module Aws::IAM
     class ResetServiceSpecificCredentialRequest < Struct.new(
       :user_name,
       :service_specific_credential_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8436,6 +8687,7 @@ module Aws::IAM
     #
     class ResetServiceSpecificCredentialResponse < Struct.new(
       :service_specific_credential)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8497,6 +8749,7 @@ module Aws::IAM
       :missing_context_values,
       :eval_decision_details,
       :permissions_boundary_decision_detail)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8555,6 +8808,7 @@ module Aws::IAM
       :serial_number,
       :authentication_code_1,
       :authentication_code_2)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8668,6 +8922,7 @@ module Aws::IAM
       :permissions_boundary,
       :tags,
       :role_last_used)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8790,6 +9045,7 @@ module Aws::IAM
       :permissions_boundary,
       :tags,
       :role_last_used)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8831,6 +9087,7 @@ module Aws::IAM
     class RoleLastUsed < Struct.new(
       :last_used_date,
       :region)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8853,6 +9110,7 @@ module Aws::IAM
     class RoleUsageType < Struct.new(
       :region,
       :resources)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8876,6 +9134,7 @@ module Aws::IAM
       :arn,
       :valid_until,
       :create_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8924,6 +9183,7 @@ module Aws::IAM
       :ssh_public_key_body,
       :status,
       :upload_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8963,6 +9223,7 @@ module Aws::IAM
       :ssh_public_key_id,
       :status,
       :upload_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8990,6 +9251,7 @@ module Aws::IAM
       :server_certificate_metadata,
       :certificate_body,
       :certificate_chain)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9049,6 +9311,7 @@ module Aws::IAM
       :arn,
       :upload_date,
       :expiration)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9062,6 +9325,7 @@ module Aws::IAM
     #
     class ServiceFailureException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9118,6 +9382,19 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
     #   @return [String]
     #
+    # @!attribute [rw] last_authenticated_region
+    #   The Region from which the authenticated entity (user or role) last
+    #   attempted to access the service. AWS does not report unauthenticated
+    #   requests.
+    #
+    #   This field is null if no IAM entities attempted to access the
+    #   service within the [reporting period][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [String]
+    #
     # @!attribute [rw] total_authenticated_entities
     #   The total number of authenticated principals (root user, IAM users,
     #   or IAM roles) that have attempted to access the service.
@@ -9130,6 +9407,21 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
     #   @return [Integer]
     #
+    # @!attribute [rw] tracked_actions_last_accessed
+    #   An object that contains details about the most recent attempt to
+    #   access a tracked action within the service.
+    #
+    #   This field is null if there no tracked actions or if the principal
+    #   did not use the tracked actions within the [reporting period][1].
+    #   This field is also null if the report was generated at the service
+    #   level and not the action level. For more information, see the
+    #   `Granularity` field in GenerateServiceLastAccessedDetails.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [Array<Types::TrackedActionLastAccessed>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ServiceLastAccessed AWS API Documentation
     #
     class ServiceLastAccessed < Struct.new(
@@ -9137,7 +9429,10 @@ module Aws::IAM
       :last_authenticated,
       :service_namespace,
       :last_authenticated_entity,
-      :total_authenticated_entities)
+      :last_authenticated_region,
+      :total_authenticated_entities,
+      :tracked_actions_last_accessed)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9150,6 +9445,7 @@ module Aws::IAM
     #
     class ServiceNotSupportedException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9204,6 +9500,7 @@ module Aws::IAM
       :service_specific_credential_id,
       :user_name,
       :status)
+      SENSITIVE = [:service_password]
       include Aws::Structure
     end
 
@@ -9250,6 +9547,7 @@ module Aws::IAM
       :create_date,
       :service_specific_credential_id,
       :service_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9289,6 +9587,7 @@ module Aws::IAM
     class SetDefaultPolicyVersionRequest < Struct.new(
       :policy_arn,
       :version_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9319,6 +9618,7 @@ module Aws::IAM
     #
     class SetSecurityTokenServicePreferencesRequest < Struct.new(
       :global_endpoint_token_version)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9356,6 +9656,7 @@ module Aws::IAM
       :certificate_body,
       :status,
       :upload_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9612,6 +9913,7 @@ module Aws::IAM
       :resource_handling_option,
       :max_items,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9644,6 +9946,7 @@ module Aws::IAM
       :evaluation_results,
       :is_truncated,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9716,7 +10019,7 @@ module Aws::IAM
     #   this operation. An IAM entity can only have one permissions boundary
     #   in effect at a time. For example, if a permissions boundary is
     #   attached to an entity and you pass in a different permissions
-    #   boundary policy using this parameter, then the new permission
+    #   boundary policy using this parameter, then the new permissions
     #   boundary policy is used for the simulation. For more information
     #   about permissions boundaries, see [Permissions Boundaries for IAM
     #   Entities][1] in the *IAM User Guide*. The policy input is specified
@@ -9921,6 +10224,7 @@ module Aws::IAM
       :resource_handling_option,
       :max_items,
       :marker)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9954,6 +10258,7 @@ module Aws::IAM
       :source_policy_type,
       :start_position,
       :end_position)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10000,6 +10305,7 @@ module Aws::IAM
     class Tag < Struct.new(
       :key,
       :value)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10040,6 +10346,7 @@ module Aws::IAM
     class TagRoleRequest < Struct.new(
       :role_name,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10079,6 +10386,68 @@ module Aws::IAM
     class TagUserRequest < Struct.new(
       :user_name,
       :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains details about the most recent attempt to access an action
+    # within the service.
+    #
+    # This data type is used as a response element in the
+    # GetServiceLastAccessedDetails operation.
+    #
+    # @!attribute [rw] action_name
+    #   The name of the tracked action to which access was attempted.
+    #   Tracked actions are actions that report activity to IAM.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_accessed_entity
+    #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
+    #   resources.
+    #
+    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
+    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   @return [String]
+    #
+    # @!attribute [rw] last_accessed_time
+    #   The date and time, in [ISO 8601 date-time format][1], when an
+    #   authenticated entity most recently attempted to access the tracked
+    #   service. AWS does not report unauthenticated requests.
+    #
+    #   This field is null if no IAM entities attempted to access the
+    #   service within the [reporting period][2].
+    #
+    #
+    #
+    #   [1]: http://www.iso.org/iso/iso8601
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_accessed_region
+    #   The Region from which the authenticated entity (user or role) last
+    #   attempted to access the tracked action. AWS does not report
+    #   unauthenticated requests.
+    #
+    #   This field is null if no IAM entities attempted to access the
+    #   service within the [reporting period][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TrackedActionLastAccessed AWS API Documentation
+    #
+    class TrackedActionLastAccessed < Struct.new(
+      :action_name,
+      :last_accessed_entity,
+      :last_accessed_time,
+      :last_accessed_region)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10094,6 +10463,7 @@ module Aws::IAM
     #
     class UnmodifiableEntityException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10107,6 +10477,7 @@ module Aws::IAM
     #
     class UnrecognizedPublicKeyEncodingException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10141,6 +10512,7 @@ module Aws::IAM
     class UntagRoleRequest < Struct.new(
       :role_name,
       :tag_keys)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10175,6 +10547,7 @@ module Aws::IAM
     class UntagUserRequest < Struct.new(
       :user_name,
       :tag_keys)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10224,6 +10597,7 @@ module Aws::IAM
       :user_name,
       :access_key_id,
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10343,6 +10717,7 @@ module Aws::IAM
       :max_password_age,
       :password_reuse_prevention,
       :hard_expiry)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10397,6 +10772,7 @@ module Aws::IAM
     class UpdateAssumeRolePolicyRequest < Struct.new(
       :role_name,
       :policy_document)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10455,6 +10831,7 @@ module Aws::IAM
       :group_name,
       :new_path,
       :new_group_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10515,6 +10892,7 @@ module Aws::IAM
       :user_name,
       :password,
       :password_reset_required)
+      SENSITIVE = [:password]
       include Aws::Structure
     end
 
@@ -10551,6 +10929,7 @@ module Aws::IAM
     class UpdateOpenIDConnectProviderThumbprintRequest < Struct.new(
       :open_id_connect_provider_arn,
       :thumbprint_list)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10575,6 +10954,7 @@ module Aws::IAM
     class UpdateRoleDescriptionRequest < Struct.new(
       :role_name,
       :description)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10586,6 +10966,7 @@ module Aws::IAM
     #
     class UpdateRoleDescriptionResponse < Struct.new(
       :role)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10635,6 +11016,7 @@ module Aws::IAM
       :role_name,
       :description,
       :max_session_duration)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10675,6 +11057,7 @@ module Aws::IAM
     class UpdateSAMLProviderRequest < Struct.new(
       :saml_metadata_document,
       :saml_provider_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10689,6 +11072,7 @@ module Aws::IAM
     #
     class UpdateSAMLProviderResponse < Struct.new(
       :saml_provider_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10738,6 +11122,7 @@ module Aws::IAM
       :user_name,
       :ssh_public_key_id,
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10800,6 +11185,7 @@ module Aws::IAM
       :server_certificate_name,
       :new_path,
       :new_server_certificate_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10849,6 +11235,7 @@ module Aws::IAM
       :user_name,
       :service_specific_credential_id,
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10898,6 +11285,7 @@ module Aws::IAM
       :user_name,
       :certificate_id,
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10956,6 +11344,7 @@ module Aws::IAM
       :user_name,
       :new_path,
       :new_user_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11008,6 +11397,7 @@ module Aws::IAM
     class UploadSSHPublicKeyRequest < Struct.new(
       :user_name,
       :ssh_public_key_body)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11021,6 +11411,7 @@ module Aws::IAM
     #
     class UploadSSHPublicKeyResponse < Struct.new(
       :ssh_public_key)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11144,6 +11535,7 @@ module Aws::IAM
       :certificate_body,
       :private_key,
       :certificate_chain)
+      SENSITIVE = [:private_key]
       include Aws::Structure
     end
 
@@ -11158,6 +11550,7 @@ module Aws::IAM
     #
     class UploadServerCertificateResponse < Struct.new(
       :server_certificate_metadata)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11207,6 +11600,7 @@ module Aws::IAM
     class UploadSigningCertificateRequest < Struct.new(
       :user_name,
       :certificate_body)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11221,6 +11615,7 @@ module Aws::IAM
     #
     class UploadSigningCertificateResponse < Struct.new(
       :certificate)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11338,6 +11733,7 @@ module Aws::IAM
       :password_last_used,
       :permissions_boundary,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11438,6 +11834,7 @@ module Aws::IAM
       :attached_managed_policies,
       :permissions_boundary,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11481,6 +11878,7 @@ module Aws::IAM
       :qr_code_png,
       :user,
       :enable_date)
+      SENSITIVE = [:base_32_string_seed, :qr_code_png]
       include Aws::Structure
     end