RubyGems - aws-sdk-iam - Versions diffs - 1.43.0 → 1.48.0 - Mend

aws-sdk-iam 1.43.0 → 1.48.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +4 -4
data/lib/aws-sdk-iam.rb +3 -2
data/lib/aws-sdk-iam/account_password_policy.rb +11 -7
data/lib/aws-sdk-iam/client.rb +1970 -507
data/lib/aws-sdk-iam/client_api.rb +370 -0
data/lib/aws-sdk-iam/current_user.rb +9 -10
data/lib/aws-sdk-iam/group.rb +8 -8
data/lib/aws-sdk-iam/instance_profile.rb +15 -3
data/lib/aws-sdk-iam/policy.rb +16 -4
data/lib/aws-sdk-iam/resource.rb +123 -20
data/lib/aws-sdk-iam/role.rb +11 -12
data/lib/aws-sdk-iam/saml_provider.rb +12 -0
data/lib/aws-sdk-iam/server_certificate.rb +12 -0
data/lib/aws-sdk-iam/types.rb +1510 -274
data/lib/aws-sdk-iam/user.rb +19 -21
data/lib/aws-sdk-iam/virtual_mfa_device.rb +12 -0
metadata +4 -4

data/lib/aws-sdk-iam/role.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Aws::IAM
     alias :role_name :name
     # The path to the role. For more information about paths, see [IAM
-    # Identifiers][1] in the *IAM User Guide*.
+    # identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -47,7 +47,7 @@ module Aws::IAM
     end
     # The stable and unique string identifying the role. For more
-    # information about IDs, see [IAM Identifiers][1] in the *IAM User
+    # information about IDs, see [IAM identifiers][1] in the *IAM User
     # Guide*.
     #
     #
@@ -60,7 +60,7 @@ module Aws::IAM
     # The Amazon Resource Name (ARN) specifying the role. For more
     # information about ARNs and how to use them in policies, see [IAM
-    # Identifiers][1] in the *IAM User Guide* guide.
+    # identifiers][1] in the *IAM User Guide* guide.
     #
     #
     #
@@ -106,7 +106,7 @@ module Aws::IAM
     # role.
     #
     # For more information about permissions boundaries, see [Permissions
-    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    # boundaries for IAM identities ][1] in the *IAM User Guide*.
     #
     #
     #
@@ -116,9 +116,8 @@ module Aws::IAM
       data[:permissions_boundary]
     end
-    # A list of tags that are attached to the specified role. For more
-    # information about tagging, see [Tagging IAM Identities][1] in the *IAM
-    # User Guide*.
+    # A list of tags that are attached to the role. For more information
+    # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
     #
     #
     #
@@ -133,7 +132,7 @@ module Aws::IAM
     # last used. Activity is only reported for the trailing 400 days. This
     # period can be shorter if your Region began supporting these features
     # within the last year. The role might have been used more than 400 days
-    # ago. For more information, see [Regions Where Data Is Tracked][1] in
+    # ago. For more information, see [Regions where data is tracked][1] in
     # the *IAM User Guide*.
     #
     #
@@ -287,8 +286,8 @@ module Aws::IAM
     # @option options [required, String] :policy_arn
     #   The Amazon Resource Name (ARN) of the IAM policy you want to attach.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs) and
-    #   AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
+    #   in the *AWS General Reference*.
     #
     #
     #
@@ -320,8 +319,8 @@ module Aws::IAM
     # @option options [required, String] :policy_arn
     #   The Amazon Resource Name (ARN) of the IAM policy you want to detach.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs) and
-    #   AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
+    #   in the *AWS General Reference*.
     #
     #
     #

data/lib/aws-sdk-iam/saml_provider.rb CHANGED Viewed

@@ -53,6 +53,18 @@ module Aws::IAM
       data[:valid_until]
     end
+    # A list of tags that are attached to the specified IAM SAML provider.
+    # The returned list of tags is sorted by tag key. For more information
+    # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    # @return [Array<Types::Tag>]
+    def tags
+      data[:tags]
+    end
     # @!endgroup
     # @return [Client]

data/lib/aws-sdk-iam/server_certificate.rb CHANGED Viewed

@@ -53,6 +53,18 @@ module Aws::IAM
       data[:certificate_chain]
     end
+    # A list of tags that are attached to the server certificate. For more
+    # information about tagging, see [Tagging IAM resources][1] in the *IAM
+    # User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    # @return [Array<Types::Tag>]
+    def tags
+      data[:tags]
+    end
     # @!endgroup
     # @return [Client]

data/lib/aws-sdk-iam/types.rb CHANGED Viewed

@@ -25,17 +25,17 @@ module Aws::IAM
     # @!attribute [rw] service_namespace
     #   The namespace of the service in which access was attempted.
     #
-    #   To learn the service namespace of a service, go to [Actions,
-    #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
-    #   Guide*. Choose the name of the service to view details for that
-    #   service. In the first paragraph, find the service prefix. For
-    #   example, `(service prefix: a4b)`. For more information about service
-    #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
-    #   Reference*.
+    #   To learn the service namespace of a service, see [Actions,
+    #   resources, and condition keys for AWS services][1] in the *Service
+    #   Authorization Reference*. Choose the name of the service to view
+    #   details for that service. In the first paragraph, find the service
+    #   prefix. For example, `(service prefix: a4b)`. For more information
+    #   about service namespaces, see [AWS service namespaces][2] in
+    #   the *AWS General Reference*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
+    #   [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
     #   [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
     #   @return [String]
     #
@@ -192,7 +192,7 @@ module Aws::IAM
     #   * There is no sign-in data associated with the user.
     #
     #   For more information about AWS Regions, see [Regions and
-    #   Endpoints][1] in the Amazon Web Services General Reference.
+    #   endpoints][1] in the Amazon Web Services General Reference.
     #
     #
     #
@@ -382,8 +382,8 @@ module Aws::IAM
     # @!attribute [rw] policy_arn
     #   The Amazon Resource Name (ARN) of the IAM policy you want to attach.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -424,8 +424,8 @@ module Aws::IAM
     # @!attribute [rw] policy_arn
     #   The Amazon Resource Name (ARN) of the IAM policy you want to attach.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -466,8 +466,8 @@ module Aws::IAM
     # @!attribute [rw] policy_arn
     #   The Amazon Resource Name (ARN) of the IAM policy you want to attach.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -489,7 +489,7 @@ module Aws::IAM
     # attached to a user or role to set the permissions boundary.
     #
     # For more information about permissions boundaries, see [Permissions
-    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    # boundaries for IAM identities ][1] in the *IAM User Guide*.
     #
     #
     #
@@ -524,7 +524,7 @@ module Aws::IAM
     # operations.
     #
     # For more information about managed policies, refer to [Managed
-    # Policies and Inline Policies][1] in the *IAM User Guide*.
+    # policies and inline policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -538,8 +538,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
     #   resources.
     #
-    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, go to [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -734,7 +734,7 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path to the group. For more information about paths, see [IAM
-    #   Identifiers][1] in the *IAM User Guide*.
+    #   identifiers][1] in the *IAM User Guide*.
     #
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/).
@@ -791,6 +791,12 @@ module Aws::IAM
     #       {
     #         instance_profile_name: "instanceProfileNameType", # required
     #         path: "pathType",
+    #         tags: [
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] instance_profile_name
@@ -826,11 +832,29 @@ module Aws::IAM
     #   [2]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the newly created IAM
+    #   instance profile. Each tag consists of a key name and an associated
+    #   value. For more information about tagging, see [Tagging IAM
+    #   resources][1] in the *IAM User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   maximum number of tags, then the entire request fails and the
+    #   resource is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfileRequest AWS API Documentation
     #
     class CreateInstanceProfileRequest < Struct.new(
       :instance_profile_name,
-      :path)
+      :path,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -926,6 +950,12 @@ module Aws::IAM
     #         url: "OpenIDConnectProviderUrlType", # required
     #         client_id_list: ["clientIDType"],
     #         thumbprint_list: ["thumbprintType"], # required
+    #         tags: [
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] url
@@ -978,20 +1008,38 @@ module Aws::IAM
     #   certificate used by https://keys.server.example.com.
     #
     #   For more information about obtaining the OIDC provider's
-    #   thumbprint, see [Obtaining the Thumbprint for an OpenID Connect
-    #   Provider][1] in the *IAM User Guide*.
+    #   thumbprint, see [Obtaining the thumbprint for an OpenID Connect
+    #   provider][1] in the *IAM User Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html
     #   @return [Array<String>]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the new IAM OpenID Connect
+    #   (OIDC) provider. Each tag consists of a key name and an associated
+    #   value. For more information about tagging, see [Tagging IAM
+    #   resources][1] in the *IAM User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   maximum number of tags, then the entire request fails and the
+    #   resource is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProviderRequest AWS API Documentation
     #
     class CreateOpenIDConnectProviderRequest < Struct.new(
       :url,
       :client_id_list,
-      :thumbprint_list)
+      :thumbprint_list,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1005,10 +1053,22 @@ module Aws::IAM
     #   OpenIDConnectProviderListEntry.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the new IAM OIDC provider. The
+    #   returned list of tags is sorted by tag key. For more information
+    #   about tagging, see [Tagging IAM resources][1] in the *IAM User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProviderResponse AWS API Documentation
     #
     class CreateOpenIDConnectProviderResponse < Struct.new(
-      :open_id_connect_provider_arn)
+      :open_id_connect_provider_arn,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1021,6 +1081,12 @@ module Aws::IAM
     #         path: "policyPathType",
     #         policy_document: "policyDocumentType", # required
     #         description: "policyDescriptionType",
+    #         tags: [
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] policy_name
@@ -1035,7 +1101,7 @@ module Aws::IAM
     # @!attribute [rw] path
     #   The path for the policy.
     #
-    #   For more information about paths, see [IAM Identifiers][1] in the
+    #   For more information about paths, see [IAM identifiers][1] in the
     #   *IAM User Guide*.
     #
     #   This parameter is optional. If it is not included, it defaults to a
@@ -1091,13 +1157,31 @@ module Aws::IAM
     #   cannot be changed.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the new IAM customer
+    #   managed policy. Each tag consists of a key name and an associated
+    #   value. For more information about tagging, see [Tagging IAM
+    #   resources][1] in the *IAM User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   maximum number of tags, then the entire request fails and the
+    #   resource is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicyRequest AWS API Documentation
     #
     class CreatePolicyRequest < Struct.new(
       :policy_name,
       :path,
       :policy_document,
-      :description)
+      :description,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1129,8 +1213,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy to which you want
     #   to add a new version.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -1172,7 +1256,7 @@ module Aws::IAM
     #   for the IAM users, groups, and roles that the policy is attached to.
     #
     #   For more information about managed policy versions, see [Versioning
-    #   for Managed Policies][1] in the *IAM User Guide*.
+    #   for managed policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -1299,7 +1383,7 @@ module Aws::IAM
     #   valid for one hour by default. This applies when you use the
     #   `AssumeRole*` API operations or the `assume-role*` CLI operations
     #   but does not apply when you use those operations to create a console
-    #   URL. For more information, see [Using IAM Roles][1] in the *IAM User
+    #   URL. For more information, see [Using IAM roles][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -1313,14 +1397,14 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   A list of tags that you want to attach to the newly created role.
-    #   Each tag consists of a key name and an associated value. For more
-    #   information about tagging, see [Tagging IAM Identities][1] in the
-    #   *IAM User Guide*.
+    #   A list of tags that you want to attach to the new role. Each tag
+    #   consists of a key name and an associated value. For more information
+    #   about tagging, see [Tagging IAM resources][1] in the *IAM User
+    #   Guide*.
     #
     #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
-    #   number of tags per role, then the entire request fails and the role
-    #   is not created.
+    #   maximum number of tags, then the entire request fails and the
+    #   resource is not created.
     #
     #    </note>
     #
@@ -1363,6 +1447,12 @@ module Aws::IAM
     #       {
     #         saml_metadata_document: "SAMLMetadataDocumentType", # required
     #         name: "SAMLProviderNameType", # required
+    #         tags: [
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] saml_metadata_document
@@ -1373,7 +1463,7 @@ module Aws::IAM
     #   IdP. You must generate the metadata document using the identity
     #   management software that is used as your organization's IdP.
     #
-    #   For more information, see [About SAML 2.0-based Federation][1] in
+    #   For more information, see [About SAML 2.0-based federation][1] in
     #   the *IAM User Guide*
     #
     #
@@ -1394,11 +1484,29 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the new IAM SAML provider.
+    #   Each tag consists of a key name and an associated value. For more
+    #   information about tagging, see [Tagging IAM resources][1] in the
+    #   *IAM User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   maximum number of tags, then the entire request fails and the
+    #   resource is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProviderRequest AWS API Documentation
     #
     class CreateSAMLProviderRequest < Struct.new(
       :saml_metadata_document,
-      :name)
+      :name,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1410,10 +1518,22 @@ module Aws::IAM
     #   IAM.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the new IAM SAML provider. The
+    #   returned list of tags is sorted by tag key. For more information
+    #   about tagging, see [Tagging IAM resources][1] in the *IAM User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProviderResponse AWS API Documentation
     #
     class CreateSAMLProviderResponse < Struct.new(
-      :saml_provider_arn)
+      :saml_provider_arn,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1433,8 +1553,8 @@ module Aws::IAM
     #   in front. For example: `elasticbeanstalk.amazonaws.com`.
     #
     #   Service principals are unique and case-sensitive. To find the exact
-    #   service principal for your service-linked role, see [AWS Services
-    #   That Work with IAM][1] in the *IAM User Guide*. Look for the
+    #   service principal for your service-linked role, see [AWS services
+    #   that work with IAM][1] in the *IAM User Guide*. Look for the
     #   services that have <b>Yes </b>in the **Service-Linked Role** column.
     #   Choose the **Yes** link to view the service-linked role
     #   documentation for that service.
@@ -1556,7 +1676,7 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path for the user name. For more information about paths, see
-    #   [IAM Identifiers][1] in the *IAM User Guide*.
+    #   [IAM identifiers][1] in the *IAM User Guide*.
     #
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/).
@@ -1589,14 +1709,14 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   A list of tags that you want to attach to the newly created user.
-    #   Each tag consists of a key name and an associated value. For more
-    #   information about tagging, see [Tagging IAM Identities][1] in the
-    #   *IAM User Guide*.
+    #   A list of tags that you want to attach to the new user. Each tag
+    #   consists of a key name and an associated value. For more information
+    #   about tagging, see [Tagging IAM resources][1] in the *IAM User
+    #   Guide*.
     #
     #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
-    #   number of tags per user, then the entire request fails and the user
-    #   is not created.
+    #   maximum number of tags, then the entire request fails and the
+    #   resource is not created.
     #
     #    </note>
     #
@@ -1636,11 +1756,17 @@ module Aws::IAM
     #       {
     #         path: "pathType",
     #         virtual_mfa_device_name: "virtualMFADeviceName", # required
+    #         tags: [
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] path
     #   The path for the virtual MFA device. For more information about
-    #   paths, see [IAM Identifiers][1] in the *IAM User Guide*.
+    #   paths, see [IAM identifiers][1] in the *IAM User Guide*.
     #
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/).
@@ -1672,11 +1798,29 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the new IAM virtual MFA
+    #   device. Each tag consists of a key name and an associated value. For
+    #   more information about tagging, see [Tagging IAM resources][1] in
+    #   the *IAM User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   maximum number of tags, then the entire request fails and the
+    #   resource is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADeviceRequest AWS API Documentation
     #
     class CreateVirtualMFADeviceRequest < Struct.new(
       :path,
-      :virtual_mfa_device_name)
+      :virtual_mfa_device_name,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1698,7 +1842,7 @@ module Aws::IAM
     # The request was rejected because the most recent credential report has
     # expired. To generate a new credential report, use
     # GenerateCredentialReport. For more information about credential report
-    # expiration, see [Getting Credential Reports][1] in the *IAM User
+    # expiration, see [Getting credential reports][1] in the *IAM User
     # Guide*.
     #
     #
@@ -2034,8 +2178,8 @@ module Aws::IAM
     # @!attribute [rw] policy_arn
     #   The Amazon Resource Name (ARN) of the IAM policy you want to delete.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -2062,8 +2206,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy from which you want
     #   to delete a version.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -2079,7 +2223,7 @@ module Aws::IAM
     #   string of letters and digits.
     #
     #   For more information about managed policy versions, see [Versioning
-    #   for Managed Policies][2] in the *IAM User Guide*.
+    #   for managed policies][2] in the *IAM User Guide*.
     #
     #
     #
@@ -2572,8 +2716,8 @@ module Aws::IAM
     # @!attribute [rw] policy_arn
     #   The Amazon Resource Name (ARN) of the IAM policy you want to detach.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -2614,8 +2758,8 @@ module Aws::IAM
     # @!attribute [rw] policy_arn
     #   The Amazon Resource Name (ARN) of the IAM policy you want to detach.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -2656,8 +2800,8 @@ module Aws::IAM
     # @!attribute [rw] policy_arn
     #   The Amazon Resource Name (ARN) of the IAM policy you want to detach.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -2840,8 +2984,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
     #   resources.
     #
-    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, go to [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -2862,7 +3006,7 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path to the entity (user or role). For more information about
-    #   paths, see [IAM Identifiers][1] in the *IAM User Guide*.
+    #   paths, see [IAM identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -2986,8 +3130,8 @@ module Aws::IAM
     #   When you make a cross-account request, AWS evaluates the request in
     #   the trusting account and the trusted account. The request is allowed
     #   only if both evaluations return `true`. For more information about
-    #   how policies are evaluated, see [Evaluating Policies Within a Single
-    #   Account][1].
+    #   how policies are evaluated, see [Evaluating policies within a single
+    #   account][1].
     #
     #   If an AWS Organizations SCP included in the evaluation denies
     #   access, the simulation ends. In this case, policy evaluation does
@@ -3384,8 +3528,8 @@ module Aws::IAM
     #   clarity, but must be URL encoded to be included as a part of a real
     #   HTML request.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -3709,8 +3853,8 @@ module Aws::IAM
     #   in IAM to get information for. You can get a list of OIDC provider
     #   resource ARNs by using the ListOpenIDConnectProviders operation.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -3750,13 +3894,25 @@ module Aws::IAM
     #   created in the AWS account.
     #   @return [Time]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the specified IAM OIDC provider.
+    #   The returned list of tags is sorted by tag key. For more information
+    #   about tagging, see [Tagging IAM resources][1] in the *IAM User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProviderResponse AWS API Documentation
     #
     class GetOpenIDConnectProviderResponse < Struct.new(
       :url,
       :client_id_list,
       :thumbprint_list,
-      :create_date)
+      :create_date,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3905,8 +4061,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the managed policy that you want
     #   information about.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -3947,8 +4103,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the managed policy that you want
     #   information about.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -4116,8 +4272,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the SAML provider resource object
     #   in IAM to get information about.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -4147,12 +4303,24 @@ module Aws::IAM
     #   The expiration date and time for the SAML provider.
     #   @return [Time]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the specified IAM SAML provider.
+    #   The returned list of tags is sorted by tag key. For more information
+    #   about tagging, see [Tagging IAM resources][1] in the *IAM User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProviderResponse AWS API Documentation
     #
     class GetSAMLProviderResponse < Struct.new(
       :saml_metadata_document,
       :create_date,
-      :valid_until)
+      :valid_until,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4403,17 +4571,17 @@ module Aws::IAM
     #   namespace to learn when the IAM entity last attempted to access the
     #   specified service.
     #
-    #   To learn the service namespace for a service, go to [Actions,
-    #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
+    #   To learn the service namespace for a service, see [Actions,
+    #   resources, and condition keys for AWS services][1] in the *IAM User
     #   Guide*. Choose the name of the service to view details for that
     #   service. In the first paragraph, find the service prefix. For
     #   example, `(service prefix: a4b)`. For more information about service
-    #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
+    #   namespaces, see [AWS service namespaces][2] in the *AWS General
     #   Reference*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
+    #   [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
     #   [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
     #   @return [String]
     #
@@ -4663,7 +4831,7 @@ module Aws::IAM
     #   password use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT.
     #   This affects [last sign-in][1] dates shown in the IAM console and
     #   password last used dates in the [IAM credential report][2], and
-    #   returned by this GetUser API. If users signed in during the affected
+    #   returned by this operation. If users signed in during the affected
     #   time, the password last used date that is returned is the date the
     #   user last signed in before May 3, 2018. For users that signed in
     #   after May 23, 2018 14:08 PDT, the returned password last used date
@@ -4704,7 +4872,7 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path to the group. For more information about paths, see [IAM
-    #   Identifiers][1] in the *IAM User Guide*.
+    #   identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -4717,7 +4885,7 @@ module Aws::IAM
     #
     # @!attribute [rw] group_id
     #   The stable and unique string identifying the group. For more
-    #   information about IDs, see [IAM Identifiers][1] in the *IAM User
+    #   information about IDs, see [IAM identifiers][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -4728,7 +4896,7 @@ module Aws::IAM
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) specifying the group. For more
     #   information about ARNs and how to use them in policies, see [IAM
-    #   Identifiers][1] in the *IAM User Guide*.
+    #   identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -4764,7 +4932,7 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path to the group. For more information about paths, see [IAM
-    #   Identifiers][1] in the *IAM User Guide*.
+    #   identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -4777,7 +4945,7 @@ module Aws::IAM
     #
     # @!attribute [rw] group_id
     #   The stable and unique string identifying the group. For more
-    #   information about IDs, see [IAM Identifiers][1] in the *IAM User
+    #   information about IDs, see [IAM identifiers][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -4789,8 +4957,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
     #   resources.
     #
-    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, go to [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -4843,7 +5011,7 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path to the instance profile. For more information about paths,
-    #   see [IAM Identifiers][1] in the *IAM User Guide*.
+    #   see [IAM identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -4856,7 +5024,7 @@ module Aws::IAM
     #
     # @!attribute [rw] instance_profile_id
     #   The stable and unique string identifying the instance profile. For
-    #   more information about IDs, see [IAM Identifiers][1] in the *IAM
+    #   more information about IDs, see [IAM identifiers][1] in the *IAM
     #   User Guide*.
     #
     #
@@ -4867,7 +5035,7 @@ module Aws::IAM
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) specifying the instance profile. For
     #   more information about ARNs and how to use them in policies, see
-    #   [IAM Identifiers][1] in the *IAM User Guide*.
+    #   [IAM identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -4882,6 +5050,16 @@ module Aws::IAM
     #   The role associated with the instance profile.
     #   @return [Array<Types::Role>]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the instance profile. For more
+    #   information about tagging, see [Tagging IAM resources][1] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/InstanceProfile AWS API Documentation
     #
     class InstanceProfile < Struct.new(
@@ -4890,7 +5068,8 @@ module Aws::IAM
       :instance_profile_id,
       :arn,
       :create_date,
-      :roles)
+      :roles,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4979,8 +5158,8 @@ module Aws::IAM
     end
     # The request was rejected because it attempted to create resources
-    # beyond the current AWS account limitations. The error message
-    # describes the limit exceeded.
+    # beyond the current AWS account limits. The error message describes the
+    # limit exceeded.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -5478,8 +5657,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy for which you want
     #   the versions.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -5867,6 +6046,91 @@ module Aws::IAM
       include Aws::Structure
     end
+    # @note When making an API call, you may pass ListInstanceProfileTagsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_profile_name: "instanceProfileNameType", # required
+    #         marker: "markerType",
+    #         max_items: 1,
+    #       }
+    #
+    # @!attribute [rw] instance_profile_name
+    #   The name of the IAM instance profile whose tags you want to see.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   (Optional) Use this only when paginating results to indicate the
+    #   maximum number of items that you want in the response. If additional
+    #   items exist beyond the maximum that you specify, the `IsTruncated`
+    #   response element is `true`.
+    #
+    #   If you do not include this parameter, it defaults to 100. Note that
+    #   IAM might return fewer results, even when more results are
+    #   available. In that case, the `IsTruncated` response element returns
+    #   `true`, and `Marker` contains a value to include in the subsequent
+    #   call that tells the service where to continue from.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfileTagsRequest AWS API Documentation
+    #
+    class ListInstanceProfileTagsRequest < Struct.new(
+      :instance_profile_name,
+      :marker,
+      :max_items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] tags
+    #   The list of tags that are currently attached to the IAM instance
+    #   profile. Each tag consists of a key name and an associated value. If
+    #   no tags are attached to the specified resource, the response
+    #   contains an empty list.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can use the `Marker` request
+    #   parameter to make a subsequent pagination request that retrieves
+    #   more items. Note that IAM might return fewer than the `MaxItems`
+    #   number of results even when more results are available. Check
+    #   `IsTruncated` after every call to ensure that you receive all of
+    #   your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfileTagsResponse AWS API Documentation
+    #
+    class ListInstanceProfileTagsResponse < Struct.new(
+      :tags,
+      :is_truncated,
+      :marker)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass ListInstanceProfilesForRoleRequest
     #   data as a hash:
     #
@@ -6042,22 +6306,109 @@ module Aws::IAM
       include Aws::Structure
     end
-    # @note When making an API call, you may pass ListMFADevicesRequest
+    # @note When making an API call, you may pass ListMFADeviceTagsRequest
     #   data as a hash:
     #
     #       {
-    #         user_name: "existingUserNameType",
+    #         serial_number: "serialNumberType", # required
     #         marker: "markerType",
     #         max_items: 1,
     #       }
     #
-    # @!attribute [rw] user_name
-    #   The name of the user whose MFA devices you want to list.
+    # @!attribute [rw] serial_number
+    #   The unique identifier for the IAM virtual MFA device whose tags you
+    #   want to see. For virtual MFA devices, the serial number is the same
+    #   as the ARN.
     #
-    #   This parameter allows (through its [regex pattern][1]) a string of
-    #   characters consisting of upper and lowercase alphanumeric characters
-    #   with no spaces. You can also include any of the following
-    #   characters: \_+=,.@-
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   (Optional) Use this only when paginating results to indicate the
+    #   maximum number of items that you want in the response. If additional
+    #   items exist beyond the maximum that you specify, the `IsTruncated`
+    #   response element is `true`.
+    #
+    #   If you do not include this parameter, it defaults to 100. Note that
+    #   IAM might return fewer results, even when more results are
+    #   available. In that case, the `IsTruncated` response element returns
+    #   `true`, and `Marker` contains a value to include in the subsequent
+    #   call that tells the service where to continue from.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADeviceTagsRequest AWS API Documentation
+    #
+    class ListMFADeviceTagsRequest < Struct.new(
+      :serial_number,
+      :marker,
+      :max_items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] tags
+    #   The list of tags that are currently attached to the virtual MFA
+    #   device. Each tag consists of a key name and an associated value. If
+    #   no tags are attached to the specified resource, the response
+    #   contains an empty list.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can use the `Marker` request
+    #   parameter to make a subsequent pagination request that retrieves
+    #   more items. Note that IAM might return fewer than the `MaxItems`
+    #   number of results even when more results are available. Check
+    #   `IsTruncated` after every call to ensure that you receive all of
+    #   your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADeviceTagsResponse AWS API Documentation
+    #
+    class ListMFADeviceTagsResponse < Struct.new(
+      :tags,
+      :is_truncated,
+      :marker)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass ListMFADevicesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         user_name: "existingUserNameType",
+    #         marker: "markerType",
+    #         max_items: 1,
+    #       }
+    #
+    # @!attribute [rw] user_name
+    #   The name of the user whose MFA devices you want to list.
+    #
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following
+    #   characters: \_+=,.@-
     #
     #
     #
@@ -6126,6 +6477,92 @@ module Aws::IAM
       include Aws::Structure
     end
+    # @note When making an API call, you may pass ListOpenIDConnectProviderTagsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         open_id_connect_provider_arn: "arnType", # required
+    #         marker: "markerType",
+    #         max_items: 1,
+    #       }
+    #
+    # @!attribute [rw] open_id_connect_provider_arn
+    #   The ARN of the OpenID Connect (OIDC) identity provider whose tags
+    #   you want to see.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   (Optional) Use this only when paginating results to indicate the
+    #   maximum number of items that you want in the response. If additional
+    #   items exist beyond the maximum that you specify, the `IsTruncated`
+    #   response element is `true`.
+    #
+    #   If you do not include this parameter, it defaults to 100. Note that
+    #   IAM might return fewer results, even when more results are
+    #   available. In that case, the `IsTruncated` response element returns
+    #   `true`, and `Marker` contains a value to include in the subsequent
+    #   call that tells the service where to continue from.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviderTagsRequest AWS API Documentation
+    #
+    class ListOpenIDConnectProviderTagsRequest < Struct.new(
+      :open_id_connect_provider_arn,
+      :marker,
+      :max_items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] tags
+    #   The list of tags that are currently attached to the OpenID Connect
+    #   (OIDC) identity provider. Each tag consists of a key name and an
+    #   associated value. If no tags are attached to the specified resource,
+    #   the response contains an empty list.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can use the `Marker` request
+    #   parameter to make a subsequent pagination request that retrieves
+    #   more items. Note that IAM might return fewer than the `MaxItems`
+    #   number of results even when more results are available. Check
+    #   `IsTruncated` after every call to ensure that you receive all of
+    #   your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviderTagsResponse AWS API Documentation
+    #
+    class ListOpenIDConnectProviderTagsResponse < Struct.new(
+      :tags,
+      :is_truncated,
+      :marker)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProvidersRequest AWS API Documentation
@@ -6157,17 +6594,17 @@ module Aws::IAM
     # @!attribute [rw] service_namespace
     #   The namespace of the service that was accessed.
     #
-    #   To learn the service namespace of a service, go to [Actions,
-    #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
-    #   Guide*. Choose the name of the service to view details for that
-    #   service. In the first paragraph, find the service prefix. For
-    #   example, `(service prefix: a4b)`. For more information about service
-    #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
-    #   Reference*.
+    #   To learn the service namespace of a service, see [Actions,
+    #   resources, and condition keys for AWS services][1] in the *Service
+    #   Authorization Reference*. Choose the name of the service to view
+    #   details for that service. In the first paragraph, find the service
+    #   prefix. For example, `(service prefix: a4b)`. For more information
+    #   about service namespaces, see [AWS service namespaces][2] in
+    #   the *AWS General Reference*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
+    #   [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
     #   [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
     #   @return [String]
     #
@@ -6210,17 +6647,17 @@ module Aws::IAM
     #   The service namespace for the AWS services whose policies you want
     #   to list.
     #
-    #   To learn the service namespace for a service, go to [Actions,
-    #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
+    #   To learn the service namespace for a service, see [Actions,
+    #   resources, and condition keys for AWS services][1] in the *IAM User
     #   Guide*. Choose the name of the service to view details for that
     #   service. In the first paragraph, find the service prefix. For
     #   example, `(service prefix: a4b)`. For more information about service
-    #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
+    #   namespaces, see [AWS service namespaces][2] in the *AWS General
     #   Reference*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
+    #   [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
     #   [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
     #   @return [Array<String>]
     #
@@ -6388,6 +6825,92 @@ module Aws::IAM
       include Aws::Structure
     end
+    # @note When making an API call, you may pass ListPolicyTagsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         policy_arn: "arnType", # required
+    #         marker: "markerType",
+    #         max_items: 1,
+    #       }
+    #
+    # @!attribute [rw] policy_arn
+    #   The ARN of the IAM customer managed policy whose tags you want to
+    #   see.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   (Optional) Use this only when paginating results to indicate the
+    #   maximum number of items that you want in the response. If additional
+    #   items exist beyond the maximum that you specify, the `IsTruncated`
+    #   response element is `true`.
+    #
+    #   If you do not include this parameter, it defaults to 100. Note that
+    #   IAM might return fewer results, even when more results are
+    #   available. In that case, the `IsTruncated` response element returns
+    #   `true`, and `Marker` contains a value to include in the subsequent
+    #   call that tells the service where to continue from.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyTagsRequest AWS API Documentation
+    #
+    class ListPolicyTagsRequest < Struct.new(
+      :policy_arn,
+      :marker,
+      :max_items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] tags
+    #   The list of tags that are currently attached to the IAM customer
+    #   managed policy. Each tag consists of a key name and an associated
+    #   value. If no tags are attached to the specified resource, the
+    #   response contains an empty list.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can use the `Marker` request
+    #   parameter to make a subsequent pagination request that retrieves
+    #   more items. Note that IAM might return fewer than the `MaxItems`
+    #   number of results even when more results are available. Check
+    #   `IsTruncated` after every call to ensure that you receive all of
+    #   your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyTagsResponse AWS API Documentation
+    #
+    class ListPolicyTagsResponse < Struct.new(
+      :tags,
+      :is_truncated,
+      :marker)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass ListPolicyVersionsRequest
     #   data as a hash:
     #
@@ -6401,8 +6924,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy for which you want
     #   the versions.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -6445,7 +6968,7 @@ module Aws::IAM
     #   A list of policy versions.
     #
     #   For more information about managed policy versions, see [Versioning
-    #   for Managed Policies][1] in the *IAM User Guide*.
+    #   for managed policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -6615,9 +7138,10 @@ module Aws::IAM
     end
     # @!attribute [rw] tags
-    #   The list of tags currently that is attached to the role. Each tag
+    #   The list of tags that are currently attached to the role. Each tag
     #   consists of a key name and an associated value. If no tags are
-    #   attached to the specified role, the response contains an empty list.
+    #   attached to the specified resource, the response contains an empty
+    #   list.
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] is_truncated
@@ -6736,6 +7260,93 @@ module Aws::IAM
       include Aws::Structure
     end
+    # @note When making an API call, you may pass ListSAMLProviderTagsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         saml_provider_arn: "arnType", # required
+    #         marker: "markerType",
+    #         max_items: 1,
+    #       }
+    #
+    # @!attribute [rw] saml_provider_arn
+    #   The ARN of the Security Assertion Markup Language (SAML) identity
+    #   provider whose tags you want to see.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   (Optional) Use this only when paginating results to indicate the
+    #   maximum number of items that you want in the response. If additional
+    #   items exist beyond the maximum that you specify, the `IsTruncated`
+    #   response element is `true`.
+    #
+    #   If you do not include this parameter, it defaults to 100. Note that
+    #   IAM might return fewer results, even when more results are
+    #   available. In that case, the `IsTruncated` response element returns
+    #   `true`, and `Marker` contains a value to include in the subsequent
+    #   call that tells the service where to continue from.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviderTagsRequest AWS API Documentation
+    #
+    class ListSAMLProviderTagsRequest < Struct.new(
+      :saml_provider_arn,
+      :marker,
+      :max_items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] tags
+    #   The list of tags that are currently attached to the Security
+    #   Assertion Markup Language (SAML) identity provider. Each tag
+    #   consists of a key name and an associated value. If no tags are
+    #   attached to the specified resource, the response contains an empty
+    #   list.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can use the `Marker` request
+    #   parameter to make a subsequent pagination request that retrieves
+    #   more items. Note that IAM might return fewer than the `MaxItems`
+    #   number of results even when more results are available. Check
+    #   `IsTruncated` after every call to ensure that you receive all of
+    #   your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviderTagsResponse AWS API Documentation
+    #
+    class ListSAMLProviderTagsResponse < Struct.new(
+      :tags,
+      :is_truncated,
+      :marker)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProvidersRequest AWS API Documentation
@@ -6833,10 +7444,95 @@ module Aws::IAM
     #   pagination request.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSSHPublicKeysResponse AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSSHPublicKeysResponse AWS API Documentation
+    #
+    class ListSSHPublicKeysResponse < Struct.new(
+      :ssh_public_keys,
+      :is_truncated,
+      :marker)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass ListServerCertificateTagsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         server_certificate_name: "serverCertificateNameType", # required
+    #         marker: "markerType",
+    #         max_items: 1,
+    #       }
+    #
+    # @!attribute [rw] server_certificate_name
+    #   The name of the IAM server certificate whose tags you want to see.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   (Optional) Use this only when paginating results to indicate the
+    #   maximum number of items that you want in the response. If additional
+    #   items exist beyond the maximum that you specify, the `IsTruncated`
+    #   response element is `true`.
+    #
+    #   If you do not include this parameter, it defaults to 100. Note that
+    #   IAM might return fewer results, even when more results are
+    #   available. In that case, the `IsTruncated` response element returns
+    #   `true`, and `Marker` contains a value to include in the subsequent
+    #   call that tells the service where to continue from.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificateTagsRequest AWS API Documentation
+    #
+    class ListServerCertificateTagsRequest < Struct.new(
+      :server_certificate_name,
+      :marker,
+      :max_items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] tags
+    #   The list of tags that are currently attached to the IAM server
+    #   certificate. Each tag consists of a key name and an associated
+    #   value. If no tags are attached to the specified resource, the
+    #   response contains an empty list.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can use the `Marker` request
+    #   parameter to make a subsequent pagination request that retrieves
+    #   more items. Note that IAM might return fewer than the `MaxItems`
+    #   number of results even when more results are available. Check
+    #   `IsTruncated` after every call to ensure that you receive all of
+    #   your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificateTagsResponse AWS API Documentation
     #
-    class ListSSHPublicKeysResponse < Struct.new(
-      :ssh_public_keys,
+    class ListServerCertificateTagsResponse < Struct.new(
+      :tags,
       :is_truncated,
       :marker)
       SENSITIVE = []
@@ -7209,7 +7905,8 @@ module Aws::IAM
     # @!attribute [rw] tags
     #   The list of tags that are currently attached to the user. Each tag
     #   consists of a key name and an associated value. If no tags are
-    #   attached to the specified user, the response contains an empty list.
+    #   attached to the specified resource, the response contains an empty
+    #   list.
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] is_truncated
@@ -7499,8 +8196,8 @@ module Aws::IAM
     # This data type is used as a response element in the
     # GetAccountAuthorizationDetails operation.
     #
-    # For more information about managed policies, see [Managed Policies and
-    # Inline Policies][1] in the *IAM User Guide*.
+    # For more information about managed policies, see [Managed policies and
+    # inline policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -7513,7 +8210,7 @@ module Aws::IAM
     # @!attribute [rw] policy_id
     #   The stable and unique string identifying the policy.
     #
-    #   For more information about IDs, see [IAM Identifiers][1] in the *IAM
+    #   For more information about IDs, see [IAM identifiers][1] in the *IAM
     #   User Guide*.
     #
     #
@@ -7525,8 +8222,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
     #   resources.
     #
-    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, go to [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -7536,7 +8233,7 @@ module Aws::IAM
     # @!attribute [rw] path
     #   The path to the policy.
     #
-    #   For more information about paths, see [IAM Identifiers][1] in the
+    #   For more information about paths, see [IAM identifiers][1] in the
     #   *IAM User Guide*.
     #
     #
@@ -7549,7 +8246,7 @@ module Aws::IAM
     #   default (operative) version.
     #
     #   For more information about policy versions, see [Versioning for
-    #   Managed Policies][1] in the *IAM User Guide*.
+    #   managed policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -7566,7 +8263,7 @@ module Aws::IAM
     #   used as the permissions boundary.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #   boundaries for IAM identities ][1] in the *IAM User Guide*.
     #
     #
     #
@@ -7649,8 +8346,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
     #   resources.
     #
-    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, go to [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -7692,21 +8389,25 @@ module Aws::IAM
     #   @return [Integer]
     #
     # @!attribute [rw] require_symbols
-    #   Specifies whether to require symbols for IAM user passwords.
+    #   Specifies whether IAM user passwords must contain at least one of
+    #   the following symbols:
+    #
+    #   ! @ # $ % ^ &amp; * ( ) \_ + - = \[ \] \\\{ \\} \| '
     #   @return [Boolean]
     #
     # @!attribute [rw] require_numbers
-    #   Specifies whether to require numbers for IAM user passwords.
+    #   Specifies whether IAM user passwords must contain at least one
+    #   numeric character (0 to 9).
     #   @return [Boolean]
     #
     # @!attribute [rw] require_uppercase_characters
-    #   Specifies whether to require uppercase characters for IAM user
-    #   passwords.
+    #   Specifies whether IAM user passwords must contain at least one
+    #   uppercase character (A to Z).
     #   @return [Boolean]
     #
     # @!attribute [rw] require_lowercase_characters
-    #   Specifies whether to require lowercase characters for IAM user
-    #   passwords.
+    #   Specifies whether IAM user passwords must contain at least one
+    #   lowercase character (a to z).
     #   @return [Boolean]
     #
     # @!attribute [rw] allow_users_to_change_password
@@ -7795,7 +8496,7 @@ module Aws::IAM
     # GetPolicy, and ListPolicies operations.
     #
     # For more information about managed policies, refer to [Managed
-    # Policies and Inline Policies][1] in the *IAM User Guide*.
+    # policies and inline policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -7808,7 +8509,7 @@ module Aws::IAM
     # @!attribute [rw] policy_id
     #   The stable and unique string identifying the policy.
     #
-    #   For more information about IDs, see [IAM Identifiers][1] in the *IAM
+    #   For more information about IDs, see [IAM identifiers][1] in the *IAM
     #   User Guide*.
     #
     #
@@ -7820,8 +8521,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
     #   resources.
     #
-    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, go to [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -7831,7 +8532,7 @@ module Aws::IAM
     # @!attribute [rw] path
     #   The path to the policy.
     #
-    #   For more information about paths, see [IAM Identifiers][1] in the
+    #   For more information about paths, see [IAM identifiers][1] in the
     #   *IAM User Guide*.
     #
     #
@@ -7854,7 +8555,7 @@ module Aws::IAM
     #   used to set the permissions boundary.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #   boundaries for IAM identities ][1] in the *IAM User Guide*.
     #
     #
     #
@@ -7896,6 +8597,16 @@ module Aws::IAM
     #   [1]: http://www.iso.org/iso/iso8601
     #   @return [Time]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the instance profile. For more
+    #   information about tagging, see [Tagging IAM resources][1] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Policy AWS API Documentation
     #
     class Policy < Struct.new(
@@ -7909,7 +8620,8 @@ module Aws::IAM
       :is_attachable,
       :description,
       :create_date,
-      :update_date)
+      :update_date,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7964,7 +8676,7 @@ module Aws::IAM
     #
     # @!attribute [rw] policy_type
     #   The policy type. For more information about these policy types, see
-    #   [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
+    #   [Managed policies and inline policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -7975,8 +8687,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
     #   resources.
     #
-    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, go to [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -7988,7 +8700,7 @@ module Aws::IAM
     #   service to which the inline policy is attached.
     #
     #   This field is null for managed policies. For more information about
-    #   these policy types, see [Managed Policies and Inline Policies][1] in
+    #   these policy types, see [Managed policies and inline policies][1] in
     #   the *IAM User Guide*.
     #
     #
@@ -8001,7 +8713,7 @@ module Aws::IAM
     #   attached.
     #
     #   This field is null for managed policies. For more information about
-    #   these policy types, see [Managed Policies and Inline Policies][1] in
+    #   these policy types, see [Managed policies and inline policies][1] in
     #   the *IAM User Guide*.
     #
     #
@@ -8028,7 +8740,7 @@ module Aws::IAM
     # ListEntitiesForPolicy operation.
     #
     # For more information about managed policies, refer to [Managed
-    # Policies and Inline Policies][1] in the *IAM User Guide*.
+    # policies and inline policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -8040,7 +8752,7 @@ module Aws::IAM
     #
     # @!attribute [rw] group_id
     #   The stable and unique string identifying the group. For more
-    #   information about IDs, see [IAM Identifiers][1] in the *IAM User
+    #   information about IDs, see [IAM identifiers][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -8078,7 +8790,7 @@ module Aws::IAM
     # ListEntitiesForPolicy operation.
     #
     # For more information about managed policies, refer to [Managed
-    # Policies and Inline Policies][1] in the *IAM User Guide*.
+    # policies and inline policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -8090,7 +8802,7 @@ module Aws::IAM
     #
     # @!attribute [rw] role_id
     #   The stable and unique string identifying the role. For more
-    #   information about IDs, see [IAM Identifiers][1] in the *IAM User
+    #   information about IDs, see [IAM identifiers][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -8114,7 +8826,7 @@ module Aws::IAM
     # ListEntitiesForPolicy operation.
     #
     # For more information about managed policies, refer to [Managed
-    # Policies and Inline Policies][1] in the *IAM User Guide*.
+    # policies and inline policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -8126,7 +8838,7 @@ module Aws::IAM
     #
     # @!attribute [rw] user_id
     #   The stable and unique string identifying the user. For more
-    #   information about IDs, see [IAM Identifiers][1] in the *IAM User
+    #   information about IDs, see [IAM identifiers][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -8150,7 +8862,7 @@ module Aws::IAM
     # GetAccountAuthorizationDetails operations.
     #
     # For more information about managed policies, refer to [Managed
-    # Policies and Inline Policies][1] in the *IAM User Guide*.
+    # policies and inline policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -8508,8 +9220,8 @@ module Aws::IAM
     #   remove the client ID from. You can get a list of OIDC provider ARNs
     #   by using the ListOpenIDConnectProviders operation.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -8817,7 +9529,7 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path to the role. For more information about paths, see [IAM
-    #   Identifiers][1] in the *IAM User Guide*.
+    #   identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -8830,7 +9542,7 @@ module Aws::IAM
     #
     # @!attribute [rw] role_id
     #   The stable and unique string identifying the role. For more
-    #   information about IDs, see [IAM Identifiers][1] in the *IAM User
+    #   information about IDs, see [IAM identifiers][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -8841,7 +9553,7 @@ module Aws::IAM
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) specifying the role. For more
     #   information about ARNs and how to use them in policies, see [IAM
-    #   Identifiers][1] in the *IAM User Guide* guide.
+    #   identifiers][1] in the *IAM User Guide* guide.
     #
     #
     #
@@ -8877,7 +9589,7 @@ module Aws::IAM
     #   role.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #   boundaries for IAM identities ][1] in the *IAM User Guide*.
     #
     #
     #
@@ -8885,9 +9597,9 @@ module Aws::IAM
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags
-    #   A list of tags that are attached to the specified role. For more
-    #   information about tagging, see [Tagging IAM Identities][1] in the
-    #   *IAM User Guide*.
+    #   A list of tags that are attached to the role. For more information
+    #   about tagging, see [Tagging IAM resources][1] in the *IAM User
+    #   Guide*.
     #
     #
     #
@@ -8900,8 +9612,8 @@ module Aws::IAM
     #   last used. Activity is only reported for the trailing 400 days. This
     #   period can be shorter if your Region began supporting these features
     #   within the last year. The role might have been used more than 400
-    #   days ago. For more information, see [Regions Where Data Is
-    #   Tracked][1] in the *IAM User Guide*.
+    #   days ago. For more information, see [Regions where data is
+    #   tracked][1] in the *IAM User Guide*.
     #
     #
     #
@@ -8934,7 +9646,7 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path to the role. For more information about paths, see [IAM
-    #   Identifiers][1] in the *IAM User Guide*.
+    #   identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -8947,7 +9659,7 @@ module Aws::IAM
     #
     # @!attribute [rw] role_id
     #   The stable and unique string identifying the role. For more
-    #   information about IDs, see [IAM Identifiers][1] in the *IAM User
+    #   information about IDs, see [IAM identifiers][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -8959,8 +9671,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
     #   resources.
     #
-    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, go to [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -8999,7 +9711,7 @@ module Aws::IAM
     #   role.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #   boundaries for IAM identities ][1] in the *IAM User Guide*.
     #
     #
     #
@@ -9007,9 +9719,9 @@ module Aws::IAM
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags
-    #   A list of tags that are attached to the specified role. For more
-    #   information about tagging, see [Tagging IAM Identities][1] in the
-    #   *IAM User Guide*.
+    #   A list of tags that are attached to the role. For more information
+    #   about tagging, see [Tagging IAM resources][1] in the *IAM User
+    #   Guide*.
     #
     #
     #
@@ -9022,8 +9734,8 @@ module Aws::IAM
     #   last used. Activity is only reported for the trailing 400 days. This
     #   period can be shorter if your Region began supporting these features
     #   within the last year. The role might have been used more than 400
-    #   days ago. For more information, see [Regions Where Data Is
-    #   Tracked][1] in the *IAM User Guide*.
+    #   days ago. For more information, see [Regions where data is
+    #   tracked][1] in the *IAM User Guide*.
     #
     #
     #
@@ -9054,7 +9766,7 @@ module Aws::IAM
     # last used. Activity is only reported for the trailing 400 days. This
     # period can be shorter if your Region began supporting these features
     # within the last year. The role might have been used more than 400 days
-    # ago. For more information, see [Regions Where Data Is Tracked][1] in
+    # ago. For more information, see [Regions where data is tracked][1] in
     # the *IAM User Guide*.
     #
     # This data type is returned as a response element in the GetRole and
@@ -9070,7 +9782,7 @@ module Aws::IAM
     #
     #   This field is null if the role has not been used within the IAM
     #   tracking period. For more information about the tracking period, see
-    #   [Regions Where Data Is Tracked][2] in the *IAM User Guide*.
+    #   [Regions where data is tracked][2] in the *IAM User Guide*.
     #
     #
     #
@@ -9245,12 +9957,23 @@ module Aws::IAM
     #   The contents of the public key certificate chain.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the server certificate. For more
+    #   information about tagging, see [Tagging IAM resources][1] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ServerCertificate AWS API Documentation
     #
     class ServerCertificate < Struct.new(
       :server_certificate_metadata,
       :certificate_body,
-      :certificate_chain)
+      :certificate_chain,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9263,7 +9986,7 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path to the server certificate. For more information about
-    #   paths, see [IAM Identifiers][1] in the *IAM User Guide*.
+    #   paths, see [IAM identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -9276,7 +9999,7 @@ module Aws::IAM
     #
     # @!attribute [rw] server_certificate_id
     #   The stable and unique string identifying the server certificate. For
-    #   more information about IDs, see [IAM Identifiers][1] in the *IAM
+    #   more information about IDs, see [IAM identifiers][1] in the *IAM
     #   User Guide*.
     #
     #
@@ -9287,7 +10010,7 @@ module Aws::IAM
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) specifying the server certificate.
     #   For more information about ARNs and how to use them in policies, see
-    #   [IAM Identifiers][1] in the *IAM User Guide*.
+    #   [IAM identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -9355,17 +10078,17 @@ module Aws::IAM
     # @!attribute [rw] service_namespace
     #   The namespace of the service in which access was attempted.
     #
-    #   To learn the service namespace of a service, go to [Actions,
-    #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
-    #   Guide*. Choose the name of the service to view details for that
-    #   service. In the first paragraph, find the service prefix. For
-    #   example, `(service prefix: a4b)`. For more information about service
-    #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
-    #   Reference*.
+    #   To learn the service namespace of a service, see [Actions,
+    #   resources, and condition keys for AWS services][1] in the *Service
+    #   Authorization Reference*. Choose the name of the service to view
+    #   details for that service. In the first paragraph, find the service
+    #   prefix. For example, `(service prefix: a4b)`. For more information
+    #   about service namespaces, see [AWS Service Namespaces][2] in
+    #   the *AWS General Reference*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
+    #   [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
     #   [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
     #   @return [String]
     #
@@ -9563,8 +10286,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy whose default
     #   version you want to set.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -9575,7 +10298,7 @@ module Aws::IAM
     #   The version of the policy to set as the default (operative) version.
     #
     #   For more information about managed policy versions, see [Versioning
-    #   for Managed Policies][1] in the *IAM User Guide*.
+    #   for managed policies][1] in the *IAM User Guide*.
     #
     #
     #
@@ -9606,8 +10329,8 @@ module Aws::IAM
     #   tokens are longer and might affect systems where you temporarily
     #   store tokens.
     #
-    #   For information, see [Activating and Deactivating STS in an AWS
-    #   Region][1] in the *IAM User Guide*.
+    #   For information, see [Activating and deactivating STS in an AWS
+    #   region][1] in the *IAM User Guide*.
     #
     #
     #
@@ -9718,7 +10441,7 @@ module Aws::IAM
     #   boundary sets the maximum permissions that an IAM entity can have.
     #   You can input only one permissions boundary when you pass a policy
     #   to this operation. For more information about permissions
-    #   boundaries, see [Permissions Boundaries for IAM Entities][1] in the
+    #   boundaries, see [Permissions boundaries for IAM entities][1] in the
     #   *IAM User Guide*. The policy input is specified as a string that
     #   contains the complete, valid JSON text of a permissions boundary
     #   policy.
@@ -9754,7 +10477,8 @@ module Aws::IAM
     #   resources). Each API in the `ActionNames` parameter is evaluated for
     #   each resource in this list. The simulation determines the access
     #   result (allowed or denied) of each combination and reports it in the
-    #   response.
+    #   response. You can simulate resources that don't exist in your
+    #   account.
     #
     #   The simulation does not automatically retrieve policies for the
     #   specified resources. If you want to include a resource policy in the
@@ -9765,8 +10489,8 @@ module Aws::IAM
     #   of the resources included in the simulation or you receive an
     #   invalid input error.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -9848,7 +10572,7 @@ module Aws::IAM
     #   scenario includes VPC, then you must supply the network-interface
     #   resource. If it includes an IP subnet, then you must specify the
     #   subnet resource. For more information on the EC2 scenario options,
-    #   see [Supported Platforms][1] in the *Amazon EC2 User Guide*.
+    #   see [Supported platforms][1] in the *Amazon EC2 User Guide*.
     #
     #   * **EC2-Classic-InstanceStore**
     #
@@ -9982,8 +10706,8 @@ module Aws::IAM
     #   also includes all policies that are attached to any groups the user
     #   belongs to.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -10021,8 +10745,8 @@ module Aws::IAM
     #   attached to an entity and you pass in a different permissions
     #   boundary policy using this parameter, then the new permissions
     #   boundary policy is used for the simulation. For more information
-    #   about permissions boundaries, see [Permissions Boundaries for IAM
-    #   Entities][1] in the *IAM User Guide*. The policy input is specified
+    #   about permissions boundaries, see [Permissions boundaries for IAM
+    #   entities][1] in the *IAM User Guide*. The policy input is specified
     #   as a string containing the complete, valid JSON text of a
     #   permissions boundary policy.
     #
@@ -10056,15 +10780,16 @@ module Aws::IAM
     #   resources). Each API in the `ActionNames` parameter is evaluated for
     #   each resource in this list. The simulation determines the access
     #   result (allowed or denied) of each combination and reports it in the
-    #   response.
+    #   response. You can simulate resources that don't exist in your
+    #   account.
     #
     #   The simulation does not automatically retrieve policies for the
     #   specified resources. If you want to include a resource policy in the
     #   simulation, then you must include the policy as a string in the
     #   `ResourcePolicy` parameter.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -10127,8 +10852,8 @@ module Aws::IAM
     #   so that the resource-based policy's `Principal` element has a value
     #   to use in evaluating the policy.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -10158,7 +10883,7 @@ module Aws::IAM
     #   scenario includes VPC, then you must supply the network interface
     #   resource. If it includes an IP subnet, then you must specify the
     #   subnet resource. For more information on the EC2 scenario options,
-    #   see [Supported Platforms][1] in the *Amazon EC2 User Guide*.
+    #   see [Supported platforms][1] in the *Amazon EC2 User Guide*.
     #
     #   * **EC2-Classic-InstanceStore**
     #
@@ -10263,9 +10988,8 @@ module Aws::IAM
     end
     # A structure that represents user-provided metadata that can be
-    # associated with a resource such as an IAM user or role. For more
-    # information about tagging, see [Tagging IAM Identities][1] in the *IAM
-    # User Guide*.
+    # associated with an IAM resource. For more information about tagging,
+    # see [Tagging IAM resources][1] in the *IAM User Guide*.
     #
     #
     #
@@ -10293,27 +11017,274 @@ module Aws::IAM
     #   different cost centers in your company. Typically, many resources
     #   have tags with the same key name but with different values.
     #
-    #   <note markdown="1"> AWS always interprets the tag `Value` as a single string. If you
-    #   need to store an array, you can store comma-separated values in the
-    #   string. However, you must interpret the value in your code.
+    #   <note markdown="1"> AWS always interprets the tag `Value` as a single string. If you
+    #   need to store an array, you can store comma-separated values in the
+    #   string. However, you must interpret the value in your code.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Tag AWS API Documentation
+    #
+    class Tag < Struct.new(
+      :key,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass TagInstanceProfileRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_profile_name: "instanceProfileNameType", # required
+    #         tags: [ # required
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] instance_profile_name
+    #   The name of the IAM instance profile to which you want to add tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The list of tags that you want to attach to the IAM instance
+    #   profile. Each tag consists of a key name and an associated value.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagInstanceProfileRequest AWS API Documentation
+    #
+    class TagInstanceProfileRequest < Struct.new(
+      :instance_profile_name,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass TagMFADeviceRequest
+    #   data as a hash:
+    #
+    #       {
+    #         serial_number: "serialNumberType", # required
+    #         tags: [ # required
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] serial_number
+    #   The unique identifier for the IAM virtual MFA device to which you
+    #   want to add tags. For virtual MFA devices, the serial number is the
+    #   same as the ARN.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The list of tags that you want to attach to the IAM virtual MFA
+    #   device. Each tag consists of a key name and an associated value.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagMFADeviceRequest AWS API Documentation
+    #
+    class TagMFADeviceRequest < Struct.new(
+      :serial_number,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass TagOpenIDConnectProviderRequest
+    #   data as a hash:
+    #
+    #       {
+    #         open_id_connect_provider_arn: "arnType", # required
+    #         tags: [ # required
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] open_id_connect_provider_arn
+    #   The ARN of the OIDC identity provider in IAM to which you want to
+    #   add tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The list of tags that you want to attach to the OIDC identity
+    #   provider in IAM. Each tag consists of a key name and an associated
+    #   value.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagOpenIDConnectProviderRequest AWS API Documentation
+    #
+    class TagOpenIDConnectProviderRequest < Struct.new(
+      :open_id_connect_provider_arn,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass TagPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         policy_arn: "arnType", # required
+    #         tags: [ # required
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] policy_arn
+    #   The ARN of the IAM customer managed policy to which you want to add
+    #   tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The list of tags that you want to attach to the IAM customer managed
+    #   policy. Each tag consists of a key name and an associated value.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagPolicyRequest AWS API Documentation
+    #
+    class TagPolicyRequest < Struct.new(
+      :policy_arn,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass TagRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         role_name: "roleNameType", # required
+    #         tags: [ # required
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] role_name
+    #   The name of the IAM role to which you want to add tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: \_+=,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The list of tags that you want to attach to the IAM role. Each tag
+    #   consists of a key name and an associated value.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRoleRequest AWS API Documentation
+    #
+    class TagRoleRequest < Struct.new(
+      :role_name,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass TagSAMLProviderRequest
+    #   data as a hash:
+    #
+    #       {
+    #         saml_provider_arn: "arnType", # required
+    #         tags: [ # required
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] saml_provider_arn
+    #   The ARN of the SAML identity provider in IAM to which you want to
+    #   add tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
     #
-    #    </note>
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Tag AWS API Documentation
+    # @!attribute [rw] tags
+    #   The list of tags that you want to attach to the SAML identity
+    #   provider in IAM. Each tag consists of a key name and an associated
+    #   value.
+    #   @return [Array<Types::Tag>]
     #
-    class Tag < Struct.new(
-      :key,
-      :value)
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagSAMLProviderRequest AWS API Documentation
+    #
+    class TagSAMLProviderRequest < Struct.new(
+      :saml_provider_arn,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
-    # @note When making an API call, you may pass TagRoleRequest
+    # @note When making an API call, you may pass TagServerCertificateRequest
     #   data as a hash:
     #
     #       {
-    #         role_name: "roleNameType", # required
+    #         server_certificate_name: "serverCertificateNameType", # required
     #         tags: [ # required
     #           {
     #             key: "tagKeyType", # required
@@ -10322,13 +11293,14 @@ module Aws::IAM
     #         ],
     #       }
     #
-    # @!attribute [rw] role_name
-    #   The name of the role that you want to add tags to.
+    # @!attribute [rw] server_certificate_name
+    #   The name of the IAM server certificate to which you want to add
+    #   tags.
     #
     #   This parameter accepts (through its [regex pattern][1]) a string of
     #   characters that consist of upper and lowercase alphanumeric
     #   characters with no spaces. You can also include any of the following
-    #   characters: \_+=,.@-
+    #   characters: =,.@-
     #
     #
     #
@@ -10336,15 +11308,15 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The list of tags that you want to attach to the role. Each tag
-    #   consists of a key name and an associated value. You can specify this
-    #   with a JSON string.
+    #   The list of tags that you want to attach to the IAM server
+    #   certificate. Each tag consists of a key name and an associated
+    #   value.
     #   @return [Array<Types::Tag>]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRoleRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagServerCertificateRequest AWS API Documentation
     #
-    class TagRoleRequest < Struct.new(
-      :role_name,
+    class TagServerCertificateRequest < Struct.new(
+      :server_certificate_name,
       :tags)
       SENSITIVE = []
       include Aws::Structure
@@ -10364,7 +11336,7 @@ module Aws::IAM
     #       }
     #
     # @!attribute [rw] user_name
-    #   The name of the user that you want to add tags to.
+    #   The name of the IAM user to which you want to add tags.
     #
     #   This parameter accepts (through its [regex pattern][1]) a string of
     #   characters that consist of upper and lowercase alphanumeric
@@ -10377,7 +11349,7 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The list of tags that you want to attach to the user. Each tag
+    #   The list of tags that you want to attach to the IAM user. Each tag
     #   consists of a key name and an associated value.
     #   @return [Array<Types::Tag>]
     #
@@ -10405,8 +11377,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
     #   resources.
     #
-    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, go to [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -10481,6 +11453,151 @@ module Aws::IAM
       include Aws::Structure
     end
+    # @note When making an API call, you may pass UntagInstanceProfileRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_profile_name: "instanceProfileNameType", # required
+    #         tag_keys: ["tagKeyType"], # required
+    #       }
+    #
+    # @!attribute [rw] instance_profile_name
+    #   The name of the IAM instance profile from which you want to remove
+    #   tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   A list of key names as a simple array of strings. The tags with
+    #   matching keys are removed from the specified instance profile.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagInstanceProfileRequest AWS API Documentation
+    #
+    class UntagInstanceProfileRequest < Struct.new(
+      :instance_profile_name,
+      :tag_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass UntagMFADeviceRequest
+    #   data as a hash:
+    #
+    #       {
+    #         serial_number: "serialNumberType", # required
+    #         tag_keys: ["tagKeyType"], # required
+    #       }
+    #
+    # @!attribute [rw] serial_number
+    #   The unique identifier for the IAM virtual MFA device from which you
+    #   want to remove tags. For virtual MFA devices, the serial number is
+    #   the same as the ARN.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   A list of key names as a simple array of strings. The tags with
+    #   matching keys are removed from the specified instance profile.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagMFADeviceRequest AWS API Documentation
+    #
+    class UntagMFADeviceRequest < Struct.new(
+      :serial_number,
+      :tag_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass UntagOpenIDConnectProviderRequest
+    #   data as a hash:
+    #
+    #       {
+    #         open_id_connect_provider_arn: "arnType", # required
+    #         tag_keys: ["tagKeyType"], # required
+    #       }
+    #
+    # @!attribute [rw] open_id_connect_provider_arn
+    #   The ARN of the OIDC provider in IAM from which you want to remove
+    #   tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   A list of key names as a simple array of strings. The tags with
+    #   matching keys are removed from the specified OIDC provider.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagOpenIDConnectProviderRequest AWS API Documentation
+    #
+    class UntagOpenIDConnectProviderRequest < Struct.new(
+      :open_id_connect_provider_arn,
+      :tag_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass UntagPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         policy_arn: "arnType", # required
+    #         tag_keys: ["tagKeyType"], # required
+    #       }
+    #
+    # @!attribute [rw] policy_arn
+    #   The ARN of the IAM customer managed policy from which you want to
+    #   remove tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   A list of key names as a simple array of strings. The tags with
+    #   matching keys are removed from the specified policy.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagPolicyRequest AWS API Documentation
+    #
+    class UntagPolicyRequest < Struct.new(
+      :policy_arn,
+      :tag_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass UntagRoleRequest
     #   data as a hash:
     #
@@ -10516,6 +11633,78 @@ module Aws::IAM
       include Aws::Structure
     end
+    # @note When making an API call, you may pass UntagSAMLProviderRequest
+    #   data as a hash:
+    #
+    #       {
+    #         saml_provider_arn: "arnType", # required
+    #         tag_keys: ["tagKeyType"], # required
+    #       }
+    #
+    # @!attribute [rw] saml_provider_arn
+    #   The ARN of the SAML identity provider in IAM from which you want to
+    #   remove tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   A list of key names as a simple array of strings. The tags with
+    #   matching keys are removed from the specified SAML identity provider.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagSAMLProviderRequest AWS API Documentation
+    #
+    class UntagSAMLProviderRequest < Struct.new(
+      :saml_provider_arn,
+      :tag_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass UntagServerCertificateRequest
+    #   data as a hash:
+    #
+    #       {
+    #         server_certificate_name: "serverCertificateNameType", # required
+    #         tag_keys: ["tagKeyType"], # required
+    #       }
+    #
+    # @!attribute [rw] server_certificate_name
+    #   The name of the IAM server certificate from which you want to remove
+    #   tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   A list of key names as a simple array of strings. The tags with
+    #   matching keys are removed from the specified IAM server certificate.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagServerCertificateRequest AWS API Documentation
+    #
+    class UntagServerCertificateRequest < Struct.new(
+      :server_certificate_name,
+      :tag_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass UntagUserRequest
     #   data as a hash:
     #
@@ -10587,7 +11776,7 @@ module Aws::IAM
     #
     # @!attribute [rw] status
     #   The status you want to assign to the secret access key. `Active`
-    #   means that the key can be used for API calls to AWS, while
+    #   means that the key can be used for programmatic calls to AWS, while
     #   `Inactive` means that the key cannot be used.
     #   @return [String]
     #
@@ -10664,7 +11853,7 @@ module Aws::IAM
     # @!attribute [rw] allow_users_to_change_password
     #   Allows all IAM users in your account to use the AWS Management
     #   Console to change their own passwords. For more information, see
-    #   [Letting IAM Users Change Their Own Passwords][1] in the *IAM User
+    #   [Letting IAM users change their own passwords][1] in the *IAM User
     #   Guide*.
     #
     #   If you do not specify a value for this parameter, then the operation
@@ -10910,8 +12099,8 @@ module Aws::IAM
     #   list of OIDC provider ARNs by using the ListOpenIDConnectProviders
     #   operation.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -11002,7 +12191,7 @@ module Aws::IAM
     #   valid for one hour by default. This applies when you use the
     #   `AssumeRole*` API operations or the `assume-role*` CLI operations
     #   but does not apply when you use those operations to create a console
-    #   URL. For more information, see [Using IAM Roles][1] in the *IAM User
+    #   URL. For more information, see [Using IAM roles][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -11044,8 +12233,8 @@ module Aws::IAM
     # @!attribute [rw] saml_provider_arn
     #   The Amazon Resource Name (ARN) of the SAML provider to update.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, see [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -11275,8 +12464,8 @@ module Aws::IAM
     #
     # @!attribute [rw] status
     #   The status you want to assign to the certificate. `Active` means
-    #   that the certificate can be used for API calls to AWS `Inactive`
-    #   means that the certificate cannot be used.
+    #   that the certificate can be used for programmatic calls to AWS
+    #   `Inactive` means that the certificate cannot be used.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSigningCertificateRequest AWS API Documentation
@@ -11424,11 +12613,17 @@ module Aws::IAM
     #         certificate_body: "certificateBodyType", # required
     #         private_key: "privateKeyType", # required
     #         certificate_chain: "certificateChainType",
+    #         tags: [
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] path
     #   The path for the server certificate. For more information about
-    #   paths, see [IAM Identifiers][1] in the *IAM User Guide*.
+    #   paths, see [IAM identifiers][1] in the *IAM User Guide*.
     #
     #   This parameter is optional. If it is not included, it defaults to a
     #   slash (/). This parameter allows (through its [regex pattern][2]) a
@@ -11527,6 +12722,23 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the new IAM server
+    #   certificate resource. Each tag consists of a key name and an
+    #   associated value. For more information about tagging, see [Tagging
+    #   IAM resources][1] in the *IAM User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   maximum number of tags, then the entire request fails and the
+    #   resource is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificateRequest AWS API Documentation
     #
     class UploadServerCertificateRequest < Struct.new(
@@ -11534,7 +12746,8 @@ module Aws::IAM
       :server_certificate_name,
       :certificate_body,
       :private_key,
-      :certificate_chain)
+      :certificate_chain,
+      :tags)
       SENSITIVE = [:private_key]
       include Aws::Structure
     end
@@ -11546,10 +12759,22 @@ module Aws::IAM
     #   certificate body, certificate chain, and private key.
     #   @return [Types::ServerCertificateMetadata]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the new IAM server certificate.
+    #   The returned list of tags is sorted by tag key. For more information
+    #   about tagging, see [Tagging IAM resources][1] in the *IAM User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificateResponse AWS API Documentation
     #
     class UploadServerCertificateResponse < Struct.new(
-      :server_certificate_metadata)
+      :server_certificate_metadata,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -11632,7 +12857,10 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path to the user. For more information about paths, see [IAM
-    #   Identifiers][1] in the *IAM User Guide*.
+    #   identifiers][1] in the *IAM User Guide*.
+    #
+    #   The ARN of the policy used to set the permissions boundary for the
+    #   user.
     #
     #
     #
@@ -11645,7 +12873,7 @@ module Aws::IAM
     #
     # @!attribute [rw] user_id
     #   The stable and unique string identifying the user. For more
-    #   information about IDs, see [IAM Identifiers][1] in the *IAM User
+    #   information about IDs, see [IAM identifiers][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -11676,7 +12904,7 @@ module Aws::IAM
     #   The date and time, in [ISO 8601 date-time format][1], when the
     #   user's password was last used to sign in to an AWS website. For a
     #   list of AWS websites that capture a user's last sign-in time, see
-    #   the [Credential Reports][2] topic in the *IAM User Guide*. If a
+    #   the [Credential reports][2] topic in the *IAM User Guide*. If a
     #   password is used more than once in a five-minute span, only the
     #   first use is returned in this field. If the field is null (no
     #   value), then it indicates that they never signed in with a password.
@@ -11701,11 +12929,8 @@ module Aws::IAM
     #   @return [Time]
     #
     # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy used to set the permissions boundary for the
-    #   user.
-    #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #   boundaries for IAM identities ][1] in the *IAM User Guide*.
     #
     #
     #
@@ -11713,8 +12938,8 @@ module Aws::IAM
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags
-    #   A list of tags that are associated with the specified user. For more
-    #   information about tagging, see [Tagging IAM Identities][1] in the
+    #   A list of tags that are associated with the user. For more
+    #   information about tagging, see [Tagging IAM resources][1] in the
     #   *IAM User Guide*.
     #
     #
@@ -11745,7 +12970,7 @@ module Aws::IAM
     #
     # @!attribute [rw] path
     #   The path to the user. For more information about paths, see [IAM
-    #   Identifiers][1] in the *IAM User Guide*.
+    #   identifiers][1] in the *IAM User Guide*.
     #
     #
     #
@@ -11758,7 +12983,7 @@ module Aws::IAM
     #
     # @!attribute [rw] user_id
     #   The stable and unique string identifying the user. For more
-    #   information about IDs, see [IAM Identifiers][1] in the *IAM User
+    #   information about IDs, see [IAM identifiers][1] in the *IAM User
     #   Guide*.
     #
     #
@@ -11770,8 +12995,8 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
     #   resources.
     #
-    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
-    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #   For more information about ARNs, go to [Amazon Resource Names
+    #   (ARNs)][1] in the *AWS General Reference*.
     #
     #
     #
@@ -11804,7 +13029,7 @@ module Aws::IAM
     #   user.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #   boundaries for IAM identities ][1] in the *IAM User Guide*.
     #
     #
     #
@@ -11812,8 +13037,8 @@ module Aws::IAM
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags
-    #   A list of tags that are associated with the specified user. For more
-    #   information about tagging, see [Tagging IAM Identities][1] in the
+    #   A list of tags that are associated with the user. For more
+    #   information about tagging, see [Tagging IAM resources][1] in the
     #   *IAM User Guide*.
     #
     #
@@ -11870,6 +13095,16 @@ module Aws::IAM
     #   The date and time on which the virtual MFA device was enabled.
     #   @return [Time]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the virtual MFA device. For more
+    #   information about tagging, see [Tagging IAM resources][1] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/VirtualMFADevice AWS API Documentation
     #
     class VirtualMFADevice < Struct.new(
@@ -11877,7 +13112,8 @@ module Aws::IAM
       :base_32_string_seed,
       :qr_code_png,
       :user,
-      :enable_date)
+      :enable_date,
+      :tags)
       SENSITIVE = [:base_32_string_seed, :qr_code_png]
       include Aws::Structure
     end