aws-sdk-iam 1.44.0 → 1.49.0

Sign up to get free protection for your applications and to get access to all the features.
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 1.49.0
data/lib/aws-sdk-iam.rb CHANGED
@@ -3,10 +3,11 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
+
10
11
  require 'aws-sdk-core'
11
12
  require 'aws-sigv4'
12
13
 
@@ -69,6 +70,6 @@ require_relative 'aws-sdk-iam/customizations'
69
70
  # @!group service
70
71
  module Aws::IAM
71
72
 
72
- GEM_VERSION = '1.44.0'
73
+ GEM_VERSION = '1.49.0'
73
74
 
74
75
  end
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -30,27 +30,31 @@ module Aws::IAM
30
30
  data[:minimum_password_length]
31
31
  end
32
32
 
33
- # Specifies whether to require symbols for IAM user passwords.
33
+ # Specifies whether IAM user passwords must contain at least one of the
34
+ # following symbols:
35
+ #
36
+ # ! @ # $ % ^ & * ( ) \_ + - = \[ \] \\\{ \\} \| '
34
37
  # @return [Boolean]
35
38
  def require_symbols
36
39
  data[:require_symbols]
37
40
  end
38
41
 
39
- # Specifies whether to require numbers for IAM user passwords.
42
+ # Specifies whether IAM user passwords must contain at least one numeric
43
+ # character (0 to 9).
40
44
  # @return [Boolean]
41
45
  def require_numbers
42
46
  data[:require_numbers]
43
47
  end
44
48
 
45
- # Specifies whether to require uppercase characters for IAM user
46
- # passwords.
49
+ # Specifies whether IAM user passwords must contain at least one
50
+ # uppercase character (A to Z).
47
51
  # @return [Boolean]
48
52
  def require_uppercase_characters
49
53
  data[:require_uppercase_characters]
50
54
  end
51
55
 
52
- # Specifies whether to require lowercase characters for IAM user
53
- # passwords.
56
+ # Specifies whether IAM user passwords must contain at least one
57
+ # lowercase character (a to z).
54
58
  # @return [Boolean]
55
59
  def require_lowercase_characters
56
60
  data[:require_lowercase_characters]
@@ -286,7 +290,7 @@ module Aws::IAM
286
290
  # @option options [Boolean] :allow_users_to_change_password
287
291
  # Allows all IAM users in your account to use the AWS Management Console
288
292
  # to change their own passwords. For more information, see [Letting IAM
289
- # Users Change Their Own Passwords][1] in the *IAM User Guide*.
293
+ # users change their own passwords][1] in the *IAM User Guide*.
290
294
  #
291
295
  # If you do not specify a value for this parameter, then the operation
292
296
  # uses the default value of `false`. The result is that IAM users in the
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -373,33 +373,30 @@ module Aws::IAM
373
373
  end
374
374
 
375
375
  # Adds the specified IAM role to the specified instance profile. An
376
- # instance profile can contain only one role. (The number and size of
377
- # IAM resources in an AWS account are limited. For more information, see
378
- # [IAM and STS Quotas][1] in the *IAM User Guide*.) You can remove the
379
- # existing role and then add a different role to an instance profile.
380
- # You must then wait for the change to appear across all of AWS because
381
- # of [eventual consistency][2]. To force the change, you must
382
- # [disassociate the instance profile][3] and then [associate the
383
- # instance profile][4], or you can stop your instance and then restart
384
- # it.
385
- #
386
- # <note markdown="1"> The caller of this API must be granted the `PassRole` permission on
387
- # the IAM role by a permissions policy.
376
+ # instance profile can contain only one role, and this quota cannot be
377
+ # increased. You can remove the existing role and then add a different
378
+ # role to an instance profile. You must then wait for the change to
379
+ # appear across all of AWS because of [eventual consistency][1]. To
380
+ # force the change, you must [disassociate the instance profile][2] and
381
+ # then [associate the instance profile][3], or you can stop your
382
+ # instance and then restart it.
383
+ #
384
+ # <note markdown="1"> The caller of this operation must be granted the `PassRole` permission
385
+ # on the IAM role by a permissions policy.
388
386
  #
389
387
  # </note>
390
388
  #
391
- # For more information about roles, go to [Working with Roles][5]. For
392
- # more information about instance profiles, go to [About Instance
393
- # Profiles][6].
389
+ # For more information about roles, see [Working with roles][4]. For
390
+ # more information about instance profiles, see [About instance
391
+ # profiles][5].
394
392
  #
395
393
  #
396
394
  #
397
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
398
- # [2]: https://en.wikipedia.org/wiki/Eventual_consistency
399
- # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
400
- # [4]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
401
- # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
402
- # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
395
+ # [1]: https://en.wikipedia.org/wiki/Eventual_consistency
396
+ # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
397
+ # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
398
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
399
+ # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
403
400
  #
404
401
  # @option params [required, String] :instance_profile_name
405
402
  # The name of the instance profile to update.
@@ -509,11 +506,11 @@ module Aws::IAM
509
506
 
510
507
  # Attaches the specified managed policy to the specified IAM group.
511
508
  #
512
- # You use this API to attach a managed policy to a group. To embed an
513
- # inline policy in a group, use PutGroupPolicy.
509
+ # You use this operation to attach a managed policy to a group. To embed
510
+ # an inline policy in a group, use PutGroupPolicy.
514
511
  #
515
- # For more information about policies, see [Managed Policies and Inline
516
- # Policies][1] in the *IAM User Guide*.
512
+ # For more information about policies, see [Managed policies and inline
513
+ # policies][1] in the *IAM User Guide*.
517
514
  #
518
515
  #
519
516
  #
@@ -535,8 +532,8 @@ module Aws::IAM
535
532
  # @option params [required, String] :policy_arn
536
533
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
537
534
  #
538
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
539
- # AWS Service Namespaces][1] in the *AWS General Reference*.
535
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
536
+ # in the *AWS General Reference*.
540
537
  #
541
538
  #
542
539
  #
@@ -581,9 +578,9 @@ module Aws::IAM
581
578
  #
582
579
  # </note>
583
580
  #
584
- # Use this API to attach a *managed* policy to a role. To embed an
581
+ # Use this operation to attach a *managed* policy to a role. To embed an
585
582
  # inline policy in a role, use PutRolePolicy. For more information about
586
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
583
+ # policies, see [Managed policies and inline policies][1] in the *IAM
587
584
  # User Guide*.
588
585
  #
589
586
  #
@@ -605,8 +602,8 @@ module Aws::IAM
605
602
  # @option params [required, String] :policy_arn
606
603
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
607
604
  #
608
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
609
- # AWS Service Namespaces][1] in the *AWS General Reference*.
605
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
606
+ # in the *AWS General Reference*.
610
607
  #
611
608
  #
612
609
  #
@@ -642,11 +639,11 @@ module Aws::IAM
642
639
 
643
640
  # Attaches the specified managed policy to the specified user.
644
641
  #
645
- # You use this API to attach a *managed* policy to a user. To embed an
646
- # inline policy in a user, use PutUserPolicy.
642
+ # You use this operation to attach a *managed* policy to a user. To
643
+ # embed an inline policy in a user, use PutUserPolicy.
647
644
  #
648
- # For more information about policies, see [Managed Policies and Inline
649
- # Policies][1] in the *IAM User Guide*.
645
+ # For more information about policies, see [Managed policies and inline
646
+ # policies][1] in the *IAM User Guide*.
650
647
  #
651
648
  #
652
649
  #
@@ -668,8 +665,8 @@ module Aws::IAM
668
665
  # @option params [required, String] :policy_arn
669
666
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
670
667
  #
671
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
672
- # AWS Service Namespaces][1] in the *AWS General Reference*.
668
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
669
+ # in the *AWS General Reference*.
673
670
  #
674
671
  #
675
672
  #
@@ -704,11 +701,14 @@ module Aws::IAM
704
701
  end
705
702
 
706
703
  # Changes the password of the IAM user who is calling this operation.
707
- # The AWS account root user password is not affected by this operation.
704
+ # This operation can be performed using the AWS CLI, the AWS API, or the
705
+ # **My Security Credentials** page in the AWS Management Console. The
706
+ # AWS account root user password is not affected by this operation.
708
707
  #
709
- # To change the password for a different user, see UpdateLoginProfile.
710
- # For more information about modifying passwords, see [Managing
711
- # Passwords][1] in the *IAM User Guide*.
708
+ # Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the
709
+ # **Users** page in the IAM console to change the password for any IAM
710
+ # user. For more information about modifying passwords, see [Managing
711
+ # passwords][1] in the *IAM User Guide*.
712
712
  #
713
713
  #
714
714
  #
@@ -773,9 +773,8 @@ module Aws::IAM
773
773
  # credentials. This is true even if the AWS account has no associated
774
774
  # users.
775
775
  #
776
- # The number and size of IAM resources in an AWS account are limited.
777
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
778
- # Guide*.
776
+ # For information about quotas on the number of keys you can create, see
777
+ # [IAM and STS quotas][1] in the *IAM User Guide*.
779
778
  #
780
779
  # To ensure the security of your AWS account, the secret access key is
781
780
  # accessible only during key and user creation. You must save the key
@@ -847,7 +846,7 @@ module Aws::IAM
847
846
  end
848
847
 
849
848
  # Creates an alias for your AWS account. For information about using an
850
- # AWS account alias, see [Using an Alias for Your AWS Account ID][1] in
849
+ # AWS account alias, see [Using an alias for your AWS account ID][1] in
851
850
  # the *IAM User Guide*.
852
851
  #
853
852
  #
@@ -894,9 +893,8 @@ module Aws::IAM
894
893
 
895
894
  # Creates a new group.
896
895
  #
897
- # The number and size of IAM resources in an AWS account are limited.
898
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
899
- # Guide*.
896
+ # For information about the number of groups you can create, see [IAM
897
+ # and STS quotas][1] in the *IAM User Guide*.
900
898
  #
901
899
  #
902
900
  #
@@ -904,7 +902,7 @@ module Aws::IAM
904
902
  #
905
903
  # @option params [String] :path
906
904
  # The path to the group. For more information about paths, see [IAM
907
- # Identifiers][1] in the *IAM User Guide*.
905
+ # identifiers][1] in the *IAM User Guide*.
908
906
  #
909
907
  # This parameter is optional. If it is not included, it defaults to a
910
908
  # slash (/).
@@ -978,15 +976,14 @@ module Aws::IAM
978
976
  end
979
977
 
980
978
  # Creates a new instance profile. For information about instance
981
- # profiles, go to [About Instance Profiles][1].
979
+ # profiles, see [About instance profiles][1].
982
980
  #
983
- # The number and size of IAM resources in an AWS account are limited.
984
- # For more information, see [IAM and STS Quotas][2] in the *IAM User
985
- # Guide*.
981
+ # For information about the number of instance profiles you can create,
982
+ # see [IAM object quotas][2] in the *IAM User Guide*.
986
983
  #
987
984
  #
988
985
  #
989
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
986
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entities
990
987
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
991
988
  #
992
989
  # @option params [required, String] :instance_profile_name
@@ -1020,6 +1017,22 @@ module Aws::IAM
1020
1017
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
1021
1018
  # [2]: http://wikipedia.org/wiki/regex
1022
1019
  #
1020
+ # @option params [Array<Types::Tag>] :tags
1021
+ # A list of tags that you want to attach to the newly created IAM
1022
+ # instance profile. Each tag consists of a key name and an associated
1023
+ # value. For more information about tagging, see [Tagging IAM
1024
+ # resources][1] in the *IAM User Guide*.
1025
+ #
1026
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1027
+ # number of tags, then the entire request fails and the resource is not
1028
+ # created.
1029
+ #
1030
+ # </note>
1031
+ #
1032
+ #
1033
+ #
1034
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1035
+ #
1023
1036
  # @return [Types::CreateInstanceProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1024
1037
  #
1025
1038
  # * {Types::CreateInstanceProfileResponse#instance_profile #instance_profile} => Types::InstanceProfile
@@ -1052,6 +1065,12 @@ module Aws::IAM
1052
1065
  # resp = client.create_instance_profile({
1053
1066
  # instance_profile_name: "instanceProfileNameType", # required
1054
1067
  # path: "pathType",
1068
+ # tags: [
1069
+ # {
1070
+ # key: "tagKeyType", # required
1071
+ # value: "tagValueType", # required
1072
+ # },
1073
+ # ],
1055
1074
  # })
1056
1075
  #
1057
1076
  # @example Response structure
@@ -1077,6 +1096,9 @@ module Aws::IAM
1077
1096
  # resp.instance_profile.roles[0].tags[0].value #=> String
1078
1097
  # resp.instance_profile.roles[0].role_last_used.last_used_date #=> Time
1079
1098
  # resp.instance_profile.roles[0].role_last_used.region #=> String
1099
+ # resp.instance_profile.tags #=> Array
1100
+ # resp.instance_profile.tags[0].key #=> String
1101
+ # resp.instance_profile.tags[0].value #=> String
1080
1102
  #
1081
1103
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation
1082
1104
  #
@@ -1087,10 +1109,16 @@ module Aws::IAM
1087
1109
  req.send_request(options)
1088
1110
  end
1089
1111
 
1090
- # Creates a password for the specified user, giving the user the ability
1091
- # to access AWS services through the AWS Management Console. For more
1092
- # information about managing passwords, see [Managing Passwords][1] in
1093
- # the *IAM User Guide*.
1112
+ # Creates a password for the specified IAM user. A password allows an
1113
+ # IAM user to access AWS services through the AWS Management Console.
1114
+ #
1115
+ # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
1116
+ # console to create a password for any IAM user. Use ChangePassword to
1117
+ # update your own existing password in the **My Security Credentials**
1118
+ # page in the AWS Management Console.
1119
+ #
1120
+ # For more information about managing passwords, see [Managing
1121
+ # passwords][1] in the *IAM User Guide*.
1094
1122
  #
1095
1123
  #
1096
1124
  #
@@ -1253,16 +1281,33 @@ module Aws::IAM
1253
1281
  # certificate used by https://keys.server.example.com.
1254
1282
  #
1255
1283
  # For more information about obtaining the OIDC provider's thumbprint,
1256
- # see [Obtaining the Thumbprint for an OpenID Connect Provider][1] in
1284
+ # see [Obtaining the thumbprint for an OpenID Connect provider][1] in
1257
1285
  # the *IAM User Guide*.
1258
1286
  #
1259
1287
  #
1260
1288
  #
1261
1289
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html
1262
1290
  #
1291
+ # @option params [Array<Types::Tag>] :tags
1292
+ # A list of tags that you want to attach to the new IAM OpenID Connect
1293
+ # (OIDC) provider. Each tag consists of a key name and an associated
1294
+ # value. For more information about tagging, see [Tagging IAM
1295
+ # resources][1] in the *IAM User Guide*.
1296
+ #
1297
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1298
+ # number of tags, then the entire request fails and the resource is not
1299
+ # created.
1300
+ #
1301
+ # </note>
1302
+ #
1303
+ #
1304
+ #
1305
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1306
+ #
1263
1307
  # @return [Types::CreateOpenIDConnectProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1264
1308
  #
1265
1309
  # * {Types::CreateOpenIDConnectProviderResponse#open_id_connect_provider_arn #open_id_connect_provider_arn} => String
1310
+ # * {Types::CreateOpenIDConnectProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
1266
1311
  #
1267
1312
  #
1268
1313
  # @example Example: To create an instance profile
@@ -1291,11 +1336,20 @@ module Aws::IAM
1291
1336
  # url: "OpenIDConnectProviderUrlType", # required
1292
1337
  # client_id_list: ["clientIDType"],
1293
1338
  # thumbprint_list: ["thumbprintType"], # required
1339
+ # tags: [
1340
+ # {
1341
+ # key: "tagKeyType", # required
1342
+ # value: "tagValueType", # required
1343
+ # },
1344
+ # ],
1294
1345
  # })
1295
1346
  #
1296
1347
  # @example Response structure
1297
1348
  #
1298
1349
  # resp.open_id_connect_provider_arn #=> String
1350
+ # resp.tags #=> Array
1351
+ # resp.tags[0].key #=> String
1352
+ # resp.tags[0].value #=> String
1299
1353
  #
1300
1354
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProvider AWS API Documentation
1301
1355
  #
@@ -1310,11 +1364,11 @@ module Aws::IAM
1310
1364
  #
1311
1365
  # This operation creates a policy version with a version identifier of
1312
1366
  # `v1` and sets v1 as the policy's default version. For more
1313
- # information about policy versions, see [Versioning for Managed
1314
- # Policies][1] in the *IAM User Guide*.
1367
+ # information about policy versions, see [Versioning for managed
1368
+ # policies][1] in the *IAM User Guide*.
1315
1369
  #
1316
1370
  # For more information about managed policies in general, see [Managed
1317
- # Policies and Inline Policies][2] in the *IAM User Guide*.
1371
+ # policies and inline policies][2] in the *IAM User Guide*.
1318
1372
  #
1319
1373
  #
1320
1374
  #
@@ -1331,7 +1385,7 @@ module Aws::IAM
1331
1385
  # @option params [String] :path
1332
1386
  # The path for the policy.
1333
1387
  #
1334
- # For more information about paths, see [IAM Identifiers][1] in the *IAM
1388
+ # For more information about paths, see [IAM identifiers][1] in the *IAM
1335
1389
  # User Guide*.
1336
1390
  #
1337
1391
  # This parameter is optional. If it is not included, it defaults to a
@@ -1384,6 +1438,22 @@ module Aws::IAM
1384
1438
  # The policy description is immutable. After a value is assigned, it
1385
1439
  # cannot be changed.
1386
1440
  #
1441
+ # @option params [Array<Types::Tag>] :tags
1442
+ # A list of tags that you want to attach to the new IAM customer managed
1443
+ # policy. Each tag consists of a key name and an associated value. For
1444
+ # more information about tagging, see [Tagging IAM resources][1] in the
1445
+ # *IAM User Guide*.
1446
+ #
1447
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1448
+ # number of tags, then the entire request fails and the resource is not
1449
+ # created.
1450
+ #
1451
+ # </note>
1452
+ #
1453
+ #
1454
+ #
1455
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1456
+ #
1387
1457
  # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1388
1458
  #
1389
1459
  # * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
@@ -1395,6 +1465,12 @@ module Aws::IAM
1395
1465
  # path: "policyPathType",
1396
1466
  # policy_document: "policyDocumentType", # required
1397
1467
  # description: "policyDescriptionType",
1468
+ # tags: [
1469
+ # {
1470
+ # key: "tagKeyType", # required
1471
+ # value: "tagValueType", # required
1472
+ # },
1473
+ # ],
1398
1474
  # })
1399
1475
  #
1400
1476
  # @example Response structure
@@ -1410,6 +1486,9 @@ module Aws::IAM
1410
1486
  # resp.policy.description #=> String
1411
1487
  # resp.policy.create_date #=> Time
1412
1488
  # resp.policy.update_date #=> Time
1489
+ # resp.policy.tags #=> Array
1490
+ # resp.policy.tags[0].key #=> String
1491
+ # resp.policy.tags[0].value #=> String
1413
1492
  #
1414
1493
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicy AWS API Documentation
1415
1494
  #
@@ -1431,7 +1510,7 @@ module Aws::IAM
1431
1510
  # IAM users, groups, and roles to which the policy is attached.
1432
1511
  #
1433
1512
  # For more information about managed policy versions, see [Versioning
1434
- # for Managed Policies][1] in the *IAM User Guide*.
1513
+ # for managed policies][1] in the *IAM User Guide*.
1435
1514
  #
1436
1515
  #
1437
1516
  #
@@ -1441,8 +1520,8 @@ module Aws::IAM
1441
1520
  # The Amazon Resource Name (ARN) of the IAM policy to which you want to
1442
1521
  # add a new version.
1443
1522
  #
1444
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
1445
- # AWS Service Namespaces][1] in the *AWS General Reference*.
1523
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
1524
+ # in the *AWS General Reference*.
1446
1525
  #
1447
1526
  #
1448
1527
  #
@@ -1482,7 +1561,7 @@ module Aws::IAM
1482
1561
  # for the IAM users, groups, and roles that the policy is attached to.
1483
1562
  #
1484
1563
  # For more information about managed policy versions, see [Versioning
1485
- # for Managed Policies][1] in the *IAM User Guide*.
1564
+ # for managed policies][1] in the *IAM User Guide*.
1486
1565
  #
1487
1566
  #
1488
1567
  #
@@ -1517,9 +1596,9 @@ module Aws::IAM
1517
1596
  end
1518
1597
 
1519
1598
  # Creates a new role for your AWS account. For more information about
1520
- # roles, go to [IAM Roles][1]. The number and size of IAM resources in
1521
- # an AWS account are limited. For more information, see [IAM and STS
1522
- # Quotas][2] in the *IAM User Guide*.
1599
+ # roles, see [IAM roles][1]. For information about quotas for role names
1600
+ # and the number of roles you can create, see [IAM and STS quotas][2] in
1601
+ # the *IAM User Guide*.
1523
1602
  #
1524
1603
  #
1525
1604
  #
@@ -1599,7 +1678,7 @@ module Aws::IAM
1599
1678
  # for one hour by default. This applies when you use the `AssumeRole*`
1600
1679
  # API operations or the `assume-role*` CLI operations but does not apply
1601
1680
  # when you use those operations to create a console URL. For more
1602
- # information, see [Using IAM Roles][1] in the *IAM User Guide*.
1681
+ # information, see [Using IAM roles][1] in the *IAM User Guide*.
1603
1682
  #
1604
1683
  #
1605
1684
  #
@@ -1610,13 +1689,12 @@ module Aws::IAM
1610
1689
  # the role.
1611
1690
  #
1612
1691
  # @option params [Array<Types::Tag>] :tags
1613
- # A list of tags that you want to attach to the newly created role. Each
1614
- # tag consists of a key name and an associated value. For more
1615
- # information about tagging, see [Tagging IAM Identities][1] in the *IAM
1616
- # User Guide*.
1692
+ # A list of tags that you want to attach to the new role. Each tag
1693
+ # consists of a key name and an associated value. For more information
1694
+ # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
1617
1695
  #
1618
- # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1619
- # of tags per role, then the entire request fails and the role is not
1696
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1697
+ # number of tags, then the entire request fails and the resource is not
1620
1698
  # created.
1621
1699
  #
1622
1700
  # </note>
@@ -1718,9 +1796,9 @@ module Aws::IAM
1718
1796
  #
1719
1797
  # </note>
1720
1798
  #
1721
- # For more information, see [Enabling SAML 2.0 Federated Users to Access
1799
+ # For more information, see [Enabling SAML 2.0 federated users to access
1722
1800
  # the AWS Management Console][2] and [About SAML 2.0-based
1723
- # Federation][3] in the *IAM User Guide*.
1801
+ # federation][3] in the *IAM User Guide*.
1724
1802
  #
1725
1803
  #
1726
1804
  #
@@ -1736,7 +1814,7 @@ module Aws::IAM
1736
1814
  # You must generate the metadata document using the identity management
1737
1815
  # software that is used as your organization's IdP.
1738
1816
  #
1739
- # For more information, see [About SAML 2.0-based Federation][1] in the
1817
+ # For more information, see [About SAML 2.0-based federation][1] in the
1740
1818
  # *IAM User Guide*
1741
1819
  #
1742
1820
  #
@@ -1755,20 +1833,46 @@ module Aws::IAM
1755
1833
  #
1756
1834
  # [1]: http://wikipedia.org/wiki/regex
1757
1835
  #
1836
+ # @option params [Array<Types::Tag>] :tags
1837
+ # A list of tags that you want to attach to the new IAM SAML provider.
1838
+ # Each tag consists of a key name and an associated value. For more
1839
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
1840
+ # User Guide*.
1841
+ #
1842
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1843
+ # number of tags, then the entire request fails and the resource is not
1844
+ # created.
1845
+ #
1846
+ # </note>
1847
+ #
1848
+ #
1849
+ #
1850
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1851
+ #
1758
1852
  # @return [Types::CreateSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1759
1853
  #
1760
1854
  # * {Types::CreateSAMLProviderResponse#saml_provider_arn #saml_provider_arn} => String
1855
+ # * {Types::CreateSAMLProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
1761
1856
  #
1762
1857
  # @example Request syntax with placeholder values
1763
1858
  #
1764
1859
  # resp = client.create_saml_provider({
1765
1860
  # saml_metadata_document: "SAMLMetadataDocumentType", # required
1766
1861
  # name: "SAMLProviderNameType", # required
1862
+ # tags: [
1863
+ # {
1864
+ # key: "tagKeyType", # required
1865
+ # value: "tagValueType", # required
1866
+ # },
1867
+ # ],
1767
1868
  # })
1768
1869
  #
1769
1870
  # @example Response structure
1770
1871
  #
1771
1872
  # resp.saml_provider_arn #=> String
1873
+ # resp.tags #=> Array
1874
+ # resp.tags[0].key #=> String
1875
+ # resp.tags[0].value #=> String
1772
1876
  #
1773
1877
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProvider AWS API Documentation
1774
1878
  #
@@ -1786,7 +1890,7 @@ module Aws::IAM
1786
1890
  # resources into an unknown state. Allowing the service to control the
1787
1891
  # role helps improve service stability and proper cleanup when a service
1788
1892
  # and its role are no longer needed. For more information, see [Using
1789
- # Service-Linked Roles][1] in the *IAM User Guide*.
1893
+ # service-linked roles][1] in the *IAM User Guide*.
1790
1894
  #
1791
1895
  # To attach a policy to this service-linked role, you must make the
1792
1896
  # request using the AWS service that depends on this role.
@@ -1801,8 +1905,8 @@ module Aws::IAM
1801
1905
  # front. For example: `elasticbeanstalk.amazonaws.com`.
1802
1906
  #
1803
1907
  # Service principals are unique and case-sensitive. To find the exact
1804
- # service principal for your service-linked role, see [AWS Services That
1805
- # Work with IAM][1] in the *IAM User Guide*. Look for the services that
1908
+ # service principal for your service-linked role, see [AWS services that
1909
+ # work with IAM][1] in the *IAM User Guide*. Look for the services that
1806
1910
  # have <b>Yes </b>in the **Service-Linked Role** column. Choose the
1807
1911
  # **Yes** link to view the service-linked role documentation for that
1808
1912
  # service.
@@ -1872,14 +1976,15 @@ module Aws::IAM
1872
1976
  # You can have a maximum of two sets of service-specific credentials for
1873
1977
  # each supported service per user.
1874
1978
  #
1875
- # The only supported service at this time is AWS CodeCommit.
1979
+ # You can create service-specific credentials for AWS CodeCommit and
1980
+ # Amazon Keyspaces (for Apache Cassandra).
1876
1981
  #
1877
1982
  # You can reset the password to a new service-generated value by calling
1878
1983
  # ResetServiceSpecificCredential.
1879
1984
  #
1880
1985
  # For more information about service-specific credentials, see [Using
1881
- # IAM with AWS CodeCommit: Git Credentials, SSH Keys, and AWS Access
1882
- # Keys][1] in the *IAM User Guide*.
1986
+ # IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access
1987
+ # keys][1] in the *IAM User Guide*.
1883
1988
  #
1884
1989
  #
1885
1990
  #
@@ -1937,9 +2042,8 @@ module Aws::IAM
1937
2042
 
1938
2043
  # Creates a new IAM user for your AWS account.
1939
2044
  #
1940
- # The number and size of IAM resources in an AWS account are limited.
1941
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
1942
- # Guide*.
2045
+ # For information about quotas for the number of IAM users you can
2046
+ # create, see [IAM and STS quotas][1] in the *IAM User Guide*.
1943
2047
  #
1944
2048
  #
1945
2049
  #
@@ -1947,7 +2051,7 @@ module Aws::IAM
1947
2051
  #
1948
2052
  # @option params [String] :path
1949
2053
  # The path for the user name. For more information about paths, see [IAM
1950
- # Identifiers][1] in the *IAM User Guide*.
2054
+ # identifiers][1] in the *IAM User Guide*.
1951
2055
  #
1952
2056
  # This parameter is optional. If it is not included, it defaults to a
1953
2057
  # slash (/).
@@ -1976,13 +2080,12 @@ module Aws::IAM
1976
2080
  # the user.
1977
2081
  #
1978
2082
  # @option params [Array<Types::Tag>] :tags
1979
- # A list of tags that you want to attach to the newly created user. Each
1980
- # tag consists of a key name and an associated value. For more
1981
- # information about tagging, see [Tagging IAM Identities][1] in the *IAM
1982
- # User Guide*.
2083
+ # A list of tags that you want to attach to the new user. Each tag
2084
+ # consists of a key name and an associated value. For more information
2085
+ # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
1983
2086
  #
1984
- # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1985
- # of tags per user, then the entire request fails and the user is not
2087
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
2088
+ # number of tags, then the entire request fails and the resource is not
1986
2089
  # created.
1987
2090
  #
1988
2091
  # </note>
@@ -2055,12 +2158,11 @@ module Aws::IAM
2055
2158
  # Creates a new virtual MFA device for the AWS account. After creating
2056
2159
  # the virtual MFA, use EnableMFADevice to attach the MFA device to an
2057
2160
  # IAM user. For more information about creating and working with virtual
2058
- # MFA devices, go to [Using a Virtual MFA Device][1] in the *IAM User
2161
+ # MFA devices, see [Using a virtual MFA device][1] in the *IAM User
2059
2162
  # Guide*.
2060
2163
  #
2061
- # The number and size of IAM resources in an AWS account are limited.
2062
- # For more information, see [IAM and STS Quotas][2] in the *IAM User
2063
- # Guide*.
2164
+ # For information about the maximum number of MFA devices you can
2165
+ # create, see [IAM and STS quotas][2] in the *IAM User Guide*.
2064
2166
  #
2065
2167
  # The seed information contained in the QR code and the Base32 string
2066
2168
  # should be treated like any other secret access information. In other
@@ -2075,7 +2177,7 @@ module Aws::IAM
2075
2177
  #
2076
2178
  # @option params [String] :path
2077
2179
  # The path for the virtual MFA device. For more information about paths,
2078
- # see [IAM Identifiers][1] in the *IAM User Guide*.
2180
+ # see [IAM identifiers][1] in the *IAM User Guide*.
2079
2181
  #
2080
2182
  # This parameter is optional. If it is not included, it defaults to a
2081
2183
  # slash (/).
@@ -2105,6 +2207,22 @@ module Aws::IAM
2105
2207
  #
2106
2208
  # [1]: http://wikipedia.org/wiki/regex
2107
2209
  #
2210
+ # @option params [Array<Types::Tag>] :tags
2211
+ # A list of tags that you want to attach to the new IAM virtual MFA
2212
+ # device. Each tag consists of a key name and an associated value. For
2213
+ # more information about tagging, see [Tagging IAM resources][1] in the
2214
+ # *IAM User Guide*.
2215
+ #
2216
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
2217
+ # number of tags, then the entire request fails and the resource is not
2218
+ # created.
2219
+ #
2220
+ # </note>
2221
+ #
2222
+ #
2223
+ #
2224
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
2225
+ #
2108
2226
  # @return [Types::CreateVirtualMFADeviceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2109
2227
  #
2110
2228
  # * {Types::CreateVirtualMFADeviceResponse#virtual_mfa_device #virtual_mfa_device} => Types::VirtualMFADevice
@@ -2114,6 +2232,12 @@ module Aws::IAM
2114
2232
  # resp = client.create_virtual_mfa_device({
2115
2233
  # path: "pathType",
2116
2234
  # virtual_mfa_device_name: "virtualMFADeviceName", # required
2235
+ # tags: [
2236
+ # {
2237
+ # key: "tagKeyType", # required
2238
+ # value: "tagValueType", # required
2239
+ # },
2240
+ # ],
2117
2241
  # })
2118
2242
  #
2119
2243
  # @example Response structure
@@ -2133,6 +2257,9 @@ module Aws::IAM
2133
2257
  # resp.virtual_mfa_device.user.tags[0].key #=> String
2134
2258
  # resp.virtual_mfa_device.user.tags[0].value #=> String
2135
2259
  # resp.virtual_mfa_device.enable_date #=> Time
2260
+ # resp.virtual_mfa_device.tags #=> Array
2261
+ # resp.virtual_mfa_device.tags[0].key #=> String
2262
+ # resp.virtual_mfa_device.tags[0].value #=> String
2136
2263
  #
2137
2264
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADevice AWS API Documentation
2138
2265
  #
@@ -2147,8 +2274,8 @@ module Aws::IAM
2147
2274
  # with the user name for which it was originally enabled.
2148
2275
  #
2149
2276
  # For more information about creating and working with virtual MFA
2150
- # devices, go to [Enabling a Virtual Multi-factor Authentication (MFA)
2151
- # Device][1] in the *IAM User Guide*.
2277
+ # devices, see [Enabling a virtual multi-factor authentication (MFA)
2278
+ # device][1] in the *IAM User Guide*.
2152
2279
  #
2153
2280
  #
2154
2281
  #
@@ -2258,7 +2385,7 @@ module Aws::IAM
2258
2385
  end
2259
2386
 
2260
2387
  # Deletes the specified AWS account alias. For information about using
2261
- # an AWS account alias, see [Using an Alias for Your AWS Account ID][1]
2388
+ # an AWS account alias, see [Using an alias for your AWS account ID][1]
2262
2389
  # in the *IAM User Guide*.
2263
2390
  #
2264
2391
  #
@@ -2362,8 +2489,8 @@ module Aws::IAM
2362
2489
  #
2363
2490
  # A group can also have managed policies attached to it. To detach a
2364
2491
  # managed policy from a group, use DetachGroupPolicy. For more
2365
- # information about policies, refer to [Managed Policies and Inline
2366
- # Policies][1] in the *IAM User Guide*.
2492
+ # information about policies, refer to [Managed policies and inline
2493
+ # policies][1] in the *IAM User Guide*.
2367
2494
  #
2368
2495
  #
2369
2496
  #
@@ -2430,8 +2557,8 @@ module Aws::IAM
2430
2557
  # instance profile that is associated with a running instance will break
2431
2558
  # any applications running on the instance.
2432
2559
  #
2433
- # For more information about instance profiles, go to [About Instance
2434
- # Profiles][1].
2560
+ # For more information about instance profiles, see [About instance
2561
+ # profiles][1].
2435
2562
  #
2436
2563
  #
2437
2564
  #
@@ -2479,6 +2606,11 @@ module Aws::IAM
2479
2606
  # user's ability to access AWS services through the AWS Management
2480
2607
  # Console.
2481
2608
  #
2609
+ # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
2610
+ # console to delete a password for any IAM user. You can use
2611
+ # ChangePassword to update, but not delete, your own password in the
2612
+ # **My Security Credentials** page in the AWS Management Console.
2613
+ #
2482
2614
  # Deleting a user's password does not prevent a user from accessing AWS
2483
2615
  # through the command line interface or the API. To prevent all user
2484
2616
  # access, you must also either make any access keys inactive or delete
@@ -2564,9 +2696,9 @@ module Aws::IAM
2564
2696
  # steps describe the process for deleting a managed policy:
2565
2697
  #
2566
2698
  # * Detach the policy from all users, groups, and roles that the policy
2567
- # is attached to, using the DetachUserPolicy, DetachGroupPolicy, or
2568
- # DetachRolePolicy API operations. To list all the users, groups, and
2569
- # roles that a policy is attached to, use ListEntitiesForPolicy.
2699
+ # is attached to, using DetachUserPolicy, DetachGroupPolicy, or
2700
+ # DetachRolePolicy. To list all the users, groups, and roles that a
2701
+ # policy is attached to, use ListEntitiesForPolicy.
2570
2702
  #
2571
2703
  # * Delete all versions of the policy using DeletePolicyVersion. To list
2572
2704
  # the policy's versions, use ListPolicyVersions. You cannot use
@@ -2575,10 +2707,10 @@ module Aws::IAM
2575
2707
  # next step of the process.
2576
2708
  #
2577
2709
  # * Delete the policy (this automatically deletes the policy's default
2578
- # version) using this API.
2710
+ # version) using this operation.
2579
2711
  #
2580
- # For information about managed policies, see [Managed Policies and
2581
- # Inline Policies][1] in the *IAM User Guide*.
2712
+ # For information about managed policies, see [Managed policies and
2713
+ # inline policies][1] in the *IAM User Guide*.
2582
2714
  #
2583
2715
  #
2584
2716
  #
@@ -2587,8 +2719,8 @@ module Aws::IAM
2587
2719
  # @option params [required, String] :policy_arn
2588
2720
  # The Amazon Resource Name (ARN) of the IAM policy you want to delete.
2589
2721
  #
2590
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
2591
- # AWS Service Namespaces][1] in the *AWS General Reference*.
2722
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
2723
+ # in the *AWS General Reference*.
2592
2724
  #
2593
2725
  #
2594
2726
  #
@@ -2613,13 +2745,13 @@ module Aws::IAM
2613
2745
 
2614
2746
  # Deletes the specified version from the specified managed policy.
2615
2747
  #
2616
- # You cannot delete the default version from a policy using this API. To
2617
- # delete the default version from a policy, use DeletePolicy. To find
2618
- # out which version of a policy is marked as the default version, use
2619
- # ListPolicyVersions.
2748
+ # You cannot delete the default version from a policy using this
2749
+ # operation. To delete the default version from a policy, use
2750
+ # DeletePolicy. To find out which version of a policy is marked as the
2751
+ # default version, use ListPolicyVersions.
2620
2752
  #
2621
2753
  # For information about versions for managed policies, see [Versioning
2622
- # for Managed Policies][1] in the *IAM User Guide*.
2754
+ # for managed policies][1] in the *IAM User Guide*.
2623
2755
  #
2624
2756
  #
2625
2757
  #
@@ -2629,8 +2761,8 @@ module Aws::IAM
2629
2761
  # The Amazon Resource Name (ARN) of the IAM policy from which you want
2630
2762
  # to delete a version.
2631
2763
  #
2632
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
2633
- # AWS Service Namespaces][1] in the *AWS General Reference*.
2764
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
2765
+ # in the *AWS General Reference*.
2634
2766
  #
2635
2767
  #
2636
2768
  #
@@ -2645,7 +2777,7 @@ module Aws::IAM
2645
2777
  # of letters and digits.
2646
2778
  #
2647
2779
  # For more information about managed policy versions, see [Versioning
2648
- # for Managed Policies][2] in the *IAM User Guide*.
2780
+ # for managed policies][2] in the *IAM User Guide*.
2649
2781
  #
2650
2782
  #
2651
2783
  #
@@ -2671,8 +2803,8 @@ module Aws::IAM
2671
2803
  end
2672
2804
 
2673
2805
  # Deletes the specified role. The role must not have any policies
2674
- # attached. For more information about roles, go to [Working with
2675
- # Roles][1].
2806
+ # attached. For more information about roles, see [Working with
2807
+ # roles][1].
2676
2808
  #
2677
2809
  # Make sure that you do not have any Amazon EC2 instances running with
2678
2810
  # the role you are about to delete. Deleting a role or instance profile
@@ -2753,7 +2885,7 @@ module Aws::IAM
2753
2885
  #
2754
2886
  # A role can also have managed policies attached to it. To detach a
2755
2887
  # managed policy from a role, use DetachRolePolicy. For more information
2756
- # about policies, refer to [Managed Policies and Inline Policies][1] in
2888
+ # about policies, refer to [Managed policies and inline policies][1] in
2757
2889
  # the *IAM User Guide*.
2758
2890
  #
2759
2891
  #
@@ -2854,7 +2986,7 @@ module Aws::IAM
2854
2986
  # authenticating the associated IAM user to an AWS CodeCommit
2855
2987
  # repository. For more information about using SSH keys to authenticate
2856
2988
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
2857
- # Connections][1] in the *AWS CodeCommit User Guide*.
2989
+ # connections][1] in the *AWS CodeCommit User Guide*.
2858
2990
  #
2859
2991
  #
2860
2992
  #
@@ -2904,7 +3036,7 @@ module Aws::IAM
2904
3036
  # Deletes the specified server certificate.
2905
3037
  #
2906
3038
  # For more information about working with server certificates, see
2907
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
3039
+ # [Working with server certificates][1] in the *IAM User Guide*. This
2908
3040
  # topic also includes a list of AWS services that can use the server
2909
3041
  # certificates that you manage with IAM.
2910
3042
  #
@@ -2915,8 +3047,8 @@ module Aws::IAM
2915
3047
  # cause Elastic Load Balancing to stop accepting traffic. We recommend
2916
3048
  # that you remove the reference to the certificate from Elastic Load
2917
3049
  # Balancing before using this command to delete the certificate. For
2918
- # more information, go to [DeleteLoadBalancerListeners][2] in the
2919
- # *Elastic Load Balancing API Reference*.
3050
+ # more information, see [DeleteLoadBalancerListeners][2] in the *Elastic
3051
+ # Load Balancing API Reference*.
2920
3052
  #
2921
3053
  #
2922
3054
  #
@@ -2962,17 +3094,16 @@ module Aws::IAM
2962
3094
  #
2963
3095
  # If you submit a deletion request for a service-linked role whose
2964
3096
  # linked service is still accessing a resource, then the deletion task
2965
- # fails. If it fails, the GetServiceLinkedRoleDeletionStatus API
2966
- # operation returns the reason for the failure, usually including the
2967
- # resources that must be deleted. To delete the service-linked role, you
2968
- # must first remove those resources from the linked service and then
2969
- # submit the deletion request again. Resources are specific to the
2970
- # service that is linked to the role. For more information about
2971
- # removing resources from a service, see the [AWS documentation][1] for
2972
- # your service.
3097
+ # fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation
3098
+ # returns the reason for the failure, usually including the resources
3099
+ # that must be deleted. To delete the service-linked role, you must
3100
+ # first remove those resources from the linked service and then submit
3101
+ # the deletion request again. Resources are specific to the service that
3102
+ # is linked to the role. For more information about removing resources
3103
+ # from a service, see the [AWS documentation][1] for your service.
2973
3104
  #
2974
- # For more information about service-linked roles, see [Roles Terms and
2975
- # Concepts: AWS Service-Linked Role][2] in the *IAM User Guide*.
3105
+ # For more information about service-linked roles, see [Roles terms and
3106
+ # concepts: AWS service-linked role][2] in the *IAM User Guide*.
2976
3107
  #
2977
3108
  #
2978
3109
  #
@@ -3113,7 +3244,7 @@ module Aws::IAM
3113
3244
  # Deletes the specified IAM user. Unlike the AWS Management Console,
3114
3245
  # when you delete a user programmatically, you must delete the items
3115
3246
  # attached to the user manually, or the deletion fails. For more
3116
- # information, see [Deleting an IAM User][1]. Before attempting to
3247
+ # information, see [Deleting an IAM user][1]. Before attempting to
3117
3248
  # delete a user, remove the following items:
3118
3249
  #
3119
3250
  # * Password (DeleteLoginProfile)
@@ -3209,7 +3340,7 @@ module Aws::IAM
3209
3340
  #
3210
3341
  # A user can also have managed policies attached to it. To detach a
3211
3342
  # managed policy from a user, use DetachUserPolicy. For more information
3212
- # about policies, refer to [Managed Policies and Inline Policies][1] in
3343
+ # about policies, refer to [Managed policies and inline policies][1] in
3213
3344
  # the *IAM User Guide*.
3214
3345
  #
3215
3346
  #
@@ -3319,9 +3450,8 @@ module Aws::IAM
3319
3450
  # Removes the specified managed policy from the specified IAM group.
3320
3451
  #
3321
3452
  # A group can also have inline policies embedded with it. To delete an
3322
- # inline policy, use the DeleteGroupPolicy API. For information about
3323
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
3324
- # User Guide*.
3453
+ # inline policy, use DeleteGroupPolicy. For information about policies,
3454
+ # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3325
3455
  #
3326
3456
  #
3327
3457
  #
@@ -3343,8 +3473,8 @@ module Aws::IAM
3343
3473
  # @option params [required, String] :policy_arn
3344
3474
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3345
3475
  #
3346
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3347
- # AWS Service Namespaces][1] in the *AWS General Reference*.
3476
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3477
+ # in the *AWS General Reference*.
3348
3478
  #
3349
3479
  #
3350
3480
  #
@@ -3371,9 +3501,8 @@ module Aws::IAM
3371
3501
  # Removes the specified managed policy from the specified role.
3372
3502
  #
3373
3503
  # A role can also have inline policies embedded with it. To delete an
3374
- # inline policy, use the DeleteRolePolicy API. For information about
3375
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
3376
- # User Guide*.
3504
+ # inline policy, use DeleteRolePolicy. For information about policies,
3505
+ # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3377
3506
  #
3378
3507
  #
3379
3508
  #
@@ -3395,8 +3524,8 @@ module Aws::IAM
3395
3524
  # @option params [required, String] :policy_arn
3396
3525
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3397
3526
  #
3398
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3399
- # AWS Service Namespaces][1] in the *AWS General Reference*.
3527
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3528
+ # in the *AWS General Reference*.
3400
3529
  #
3401
3530
  #
3402
3531
  #
@@ -3423,9 +3552,8 @@ module Aws::IAM
3423
3552
  # Removes the specified managed policy from the specified user.
3424
3553
  #
3425
3554
  # A user can also have inline policies embedded with it. To delete an
3426
- # inline policy, use the DeleteUserPolicy API. For information about
3427
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
3428
- # User Guide*.
3555
+ # inline policy, use DeleteUserPolicy. For information about policies,
3556
+ # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3429
3557
  #
3430
3558
  #
3431
3559
  #
@@ -3447,8 +3575,8 @@ module Aws::IAM
3447
3575
  # @option params [required, String] :policy_arn
3448
3576
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3449
3577
  #
3450
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3451
- # AWS Service Namespaces][1] in the *AWS General Reference*.
3578
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3579
+ # in the *AWS General Reference*.
3452
3580
  #
3453
3581
  #
3454
3582
  #
@@ -3554,8 +3682,8 @@ module Aws::IAM
3554
3682
  end
3555
3683
 
3556
3684
  # Generates a credential report for the AWS account. For more
3557
- # information about the credential report, see [Getting Credential
3558
- # Reports][1] in the *IAM User Guide*.
3685
+ # information about the credential report, see [Getting credential
3686
+ # reports][1] in the *IAM User Guide*.
3559
3687
  #
3560
3688
  #
3561
3689
  #
@@ -3586,12 +3714,12 @@ module Aws::IAM
3586
3714
  # your organization.
3587
3715
  #
3588
3716
  # To call this operation, you must be signed in using your AWS
3589
- # Organizations master account credentials. You can use your long-term
3590
- # IAM user or root user credentials, or temporary credentials from
3591
- # assuming an IAM role. SCPs must be enabled for your organization root.
3592
- # You must have the required IAM and AWS Organizations permissions. For
3593
- # more information, see [Refining Permissions Using Service Last
3594
- # Accessed Data][1] in the *IAM User Guide*.
3717
+ # Organizations management account credentials. You can use your
3718
+ # long-term IAM user or root user credentials, or temporary credentials
3719
+ # from assuming an IAM role. SCPs must be enabled for your organization
3720
+ # root. You must have the required IAM and AWS Organizations
3721
+ # permissions. For more information, see [Refining permissions using
3722
+ # service last accessed data][1] in the *IAM User Guide*.
3595
3723
  #
3596
3724
  # You can generate a service last accessed data report for entities by
3597
3725
  # specifying only the entity's path. This data includes a list of
@@ -3607,8 +3735,8 @@ module Aws::IAM
3607
3735
  # recent account activity that the policy allows to account principals
3608
3736
  # in the entity or the entity's children. For important information
3609
3737
  # about the data, reporting period, permissions required,
3610
- # troubleshooting, and supported Regions see [Reducing Permissions Using
3611
- # Service Last Accessed Data][1] in the *IAM User Guide*.
3738
+ # troubleshooting, and supported Regions see [Reducing permissions using
3739
+ # service last accessed data][1] in the *IAM User Guide*.
3612
3740
  #
3613
3741
  # The data includes all attempts to access AWS, not just the successful
3614
3742
  # ones. This includes all attempts that were made using the AWS
@@ -3618,7 +3746,7 @@ module Aws::IAM
3618
3746
  # request might have been denied. Refer to your CloudTrail logs as the
3619
3747
  # authoritative source for information about all API calls and whether
3620
3748
  # they were successful or denied access. For more information,
3621
- # see [Logging IAM Events with CloudTrail][2] in the *IAM User Guide*.
3749
+ # see [Logging IAM events with CloudTrail][2] in the *IAM User Guide*.
3622
3750
  #
3623
3751
  # This operation returns a `JobId`. Use this parameter in the `
3624
3752
  # GetOrganizationsAccessReport ` operation to check the status of the
@@ -3635,20 +3763,20 @@ module Aws::IAM
3635
3763
  # * **Root** – When you specify the organizations root as the entity,
3636
3764
  # the resulting report lists all of the services allowed by SCPs that
3637
3765
  # are attached to your root. For each service, the report includes
3638
- # data for all accounts in your organization except the master
3639
- # account, because the master account is not limited by SCPs.
3766
+ # data for all accounts in your organization except the management
3767
+ # account, because the management account is not limited by SCPs.
3640
3768
  #
3641
3769
  # * **OU** – When you specify an organizational unit (OU) as the entity,
3642
3770
  # the resulting report lists all of the services allowed by SCPs that
3643
3771
  # are attached to the OU and its parents. For each service, the report
3644
3772
  # includes data for all accounts in the OU or its children. This data
3645
- # excludes the master account, because the master account is not
3646
- # limited by SCPs.
3773
+ # excludes the management account, because the management account is
3774
+ # not limited by SCPs.
3647
3775
  #
3648
- # * **Master account** – When you specify the master account, the
3649
- # resulting report lists all AWS services, because the master account
3650
- # is not limited by SCPs. For each service, the report includes data
3651
- # for only the master account.
3776
+ # * **management account** – When you specify the management account,
3777
+ # the resulting report lists all AWS services, because the management
3778
+ # account is not limited by SCPs. For each service, the report
3779
+ # includes data for only the management account.
3652
3780
  #
3653
3781
  # * **Account** – When you specify another account as the entity, the
3654
3782
  # resulting report lists all of the services allowed by SCPs that are
@@ -3664,26 +3792,26 @@ module Aws::IAM
3664
3792
  # resulting report lists all of the services that are allowed by the
3665
3793
  # specified SCP. For each service, the report includes data for all
3666
3794
  # accounts in your organization to which the SCP applies. This data
3667
- # excludes the master account, because the master account is not
3668
- # limited by SCPs. If the SCP is not attached to any entities in the
3669
- # organization, then the report will return a list of services with no
3670
- # data.
3795
+ # excludes the management account, because the management account is
3796
+ # not limited by SCPs. If the SCP is not attached to any entities in
3797
+ # the organization, then the report will return a list of services
3798
+ # with no data.
3671
3799
  #
3672
3800
  # * **OU** – When you specify an OU entity and a policy ID, the
3673
3801
  # resulting report lists all of the services that are allowed by the
3674
3802
  # specified SCP. For each service, the report includes data for all
3675
3803
  # accounts in the OU or its children to which the SCP applies. This
3676
3804
  # means that other accounts outside the OU that are affected by the
3677
- # SCP might not be included in the data. This data excludes the master
3678
- # account, because the master account is not limited by SCPs. If the
3679
- # SCP is not attached to the OU or one of its children, the report
3680
- # will return a list of services with no data.
3805
+ # SCP might not be included in the data. This data excludes the
3806
+ # management account, because the management account is not limited by
3807
+ # SCPs. If the SCP is not attached to the OU or one of its children,
3808
+ # the report will return a list of services with no data.
3681
3809
  #
3682
- # * **Master account** – When you specify the master account, the
3683
- # resulting report lists all AWS services, because the master account
3684
- # is not limited by SCPs. If you specify a policy ID in the CLI or
3685
- # API, the policy is ignored. For each service, the report includes
3686
- # data for only the master account.
3810
+ # * **management account** – When you specify the management account,
3811
+ # the resulting report lists all AWS services, because the management
3812
+ # account is not limited by SCPs. If you specify a policy ID in the
3813
+ # CLI or API, the policy is ignored. For each service, the report
3814
+ # includes data for only the management account.
3687
3815
  #
3688
3816
  # * **Account** – When you specify another account entity and a policy
3689
3817
  # ID, the resulting report lists all of the services that are allowed
@@ -3698,12 +3826,12 @@ module Aws::IAM
3698
3826
  # policy types include identity-based policies, resource-based policies,
3699
3827
  # access control lists, IAM permissions boundaries, and STS assume role
3700
3828
  # policies. It only applies SCP logic. For more about the evaluation of
3701
- # policy types, see [Evaluating Policies][3] in the *IAM User Guide*.
3829
+ # policy types, see [Evaluating policies][3] in the *IAM User Guide*.
3702
3830
  #
3703
3831
  # </note>
3704
3832
  #
3705
3833
  # For more information about service last accessed data, see [Reducing
3706
- # Policy Scope by Viewing User Activity][1] in the *IAM User Guide*.
3834
+ # policy scope by viewing user activity][1] in the *IAM User Guide*.
3707
3835
  #
3708
3836
  #
3709
3837
  #
@@ -3771,7 +3899,7 @@ module Aws::IAM
3771
3899
  # AWS services. Recent activity usually appears within four hours. IAM
3772
3900
  # reports activity for the last 365 days, or less if your Region began
3773
3901
  # supporting this feature within the last year. For more information,
3774
- # see [Regions Where Data Is Tracked][1].
3902
+ # see [Regions where data is tracked][1].
3775
3903
  #
3776
3904
  # The service last accessed data includes all attempts to access an AWS
3777
3905
  # API, not just the successful ones. This includes all attempts that
@@ -3781,7 +3909,7 @@ module Aws::IAM
3781
3909
  # compromised, because the request might have been denied. Refer to your
3782
3910
  # CloudTrail logs as the authoritative source for information about all
3783
3911
  # API calls and whether they were successful or denied access. For more
3784
- # information, see [Logging IAM Events with CloudTrail][2] in the *IAM
3912
+ # information, see [Logging IAM events with CloudTrail][2] in the *IAM
3785
3913
  # User Guide*.
3786
3914
  #
3787
3915
  # The `GenerateServiceLastAccessedDetails` operation returns a `JobId`.
@@ -3817,12 +3945,12 @@ module Aws::IAM
3817
3945
  # AWS Organizations policies, IAM permissions boundaries, and AWS STS
3818
3946
  # assume role policies. It only applies permissions policy logic. For
3819
3947
  # more about the evaluation of policy types, see [Evaluating
3820
- # Policies][3] in the *IAM User Guide*.
3948
+ # policies][3] in the *IAM User Guide*.
3821
3949
  #
3822
3950
  # </note>
3823
3951
  #
3824
3952
  # For more information about service and action last accessed data, see
3825
- # [Reducing Permissions Using Service Last Accessed Data][4] in the *IAM
3953
+ # [Reducing permissions using service last accessed data][4] in the *IAM
3826
3954
  # User Guide*.
3827
3955
  #
3828
3956
  #
@@ -3928,12 +4056,12 @@ module Aws::IAM
3928
4056
 
3929
4057
  # Retrieves information about all IAM users, groups, roles, and policies
3930
4058
  # in your AWS account, including their relationships to one another. Use
3931
- # this API to obtain a snapshot of the configuration of IAM permissions
3932
- # (users, groups, roles, and policies) in your account.
4059
+ # this operation to obtain a snapshot of the configuration of IAM
4060
+ # permissions (users, groups, roles, and policies) in your account.
3933
4061
  #
3934
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
3935
- # 3986][1]. You can use a URL decoding method to convert the policy back
3936
- # to plain JSON text. For example, if you use Java, you can use the
4062
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
4063
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
4064
+ # back to plain JSON text. For example, if you use Java, you can use the
3937
4065
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
3938
4066
  # SDK. Other languages and SDKs provide similar functionality.
3939
4067
  #
@@ -4054,6 +4182,9 @@ module Aws::IAM
4054
4182
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String
4055
4183
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].role_last_used.last_used_date #=> Time
4056
4184
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].role_last_used.region #=> String
4185
+ # resp.role_detail_list[0].instance_profile_list[0].tags #=> Array
4186
+ # resp.role_detail_list[0].instance_profile_list[0].tags[0].key #=> String
4187
+ # resp.role_detail_list[0].instance_profile_list[0].tags[0].value #=> String
4057
4188
  # resp.role_detail_list[0].role_policy_list #=> Array
4058
4189
  # resp.role_detail_list[0].role_policy_list[0].policy_name #=> String
4059
4190
  # resp.role_detail_list[0].role_policy_list[0].policy_document #=> String
@@ -4096,9 +4227,10 @@ module Aws::IAM
4096
4227
  req.send_request(options)
4097
4228
  end
4098
4229
 
4099
- # Retrieves the password policy for the AWS account. For more
4100
- # information about using a password policy, go to [Managing an IAM
4101
- # Password Policy][1].
4230
+ # Retrieves the password policy for the AWS account. This tells you the
4231
+ # complexity requirements and mandatory rotation periods for the IAM
4232
+ # user passwords in your account. For more information about using a
4233
+ # password policy, see [Managing an IAM password policy][1].
4102
4234
  #
4103
4235
  #
4104
4236
  #
@@ -4157,9 +4289,8 @@ module Aws::IAM
4157
4289
  # Retrieves information about IAM entity usage and IAM quotas in the AWS
4158
4290
  # account.
4159
4291
  #
4160
- # The number and size of IAM resources in an AWS account are limited.
4161
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
4162
- # Guide*.
4292
+ # For information about IAM quotas, see [IAM and STS quotas][1] in the
4293
+ # *IAM User Guide*.
4163
4294
  #
4164
4295
  #
4165
4296
  #
@@ -4292,8 +4423,8 @@ module Aws::IAM
4292
4423
  # specified as strings. If you want to include *only* a list of policies
4293
4424
  # by string, use GetContextKeysForCustomPolicy instead.
4294
4425
  #
4295
- # **Note:** This API discloses information about the permissions granted
4296
- # to other users. If you do not want users to see other user's
4426
+ # **Note:** This operation discloses information about the permissions
4427
+ # granted to other users. If you do not want users to see other user's
4297
4428
  # permissions, then consider allowing them to use
4298
4429
  # GetContextKeysForCustomPolicy instead.
4299
4430
  #
@@ -4313,8 +4444,8 @@ module Aws::IAM
4313
4444
  # parameters are shown in unencoded form here for clarity, but must be
4314
4445
  # URL encoded to be included as a part of a real HTML request.
4315
4446
  #
4316
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
4317
- # AWS Service Namespaces][1] in the *AWS General Reference*.
4447
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
4448
+ # in the *AWS General Reference*.
4318
4449
  #
4319
4450
  #
4320
4451
  #
@@ -4366,8 +4497,8 @@ module Aws::IAM
4366
4497
  end
4367
4498
 
4368
4499
  # Retrieves a credential report for the AWS account. For more
4369
- # information about the credential report, see [Getting Credential
4370
- # Reports][1] in the *IAM User Guide*.
4500
+ # information about the credential report, see [Getting credential
4501
+ # reports][1] in the *IAM User Guide*.
4371
4502
  #
4372
4503
  #
4373
4504
  #
@@ -4477,9 +4608,9 @@ module Aws::IAM
4477
4608
  # Retrieves the specified inline policy document that is embedded in the
4478
4609
  # specified IAM group.
4479
4610
  #
4480
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
4481
- # 3986][1]. You can use a URL decoding method to convert the policy back
4482
- # to plain JSON text. For example, if you use Java, you can use the
4611
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
4612
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
4613
+ # back to plain JSON text. For example, if you use Java, you can use the
4483
4614
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
4484
4615
  # SDK. Other languages and SDKs provide similar functionality.
4485
4616
  #
@@ -4490,8 +4621,8 @@ module Aws::IAM
4490
4621
  # GetPolicy to determine the policy's default version, then use
4491
4622
  # GetPolicyVersion to retrieve the policy document.
4492
4623
  #
4493
- # For more information about policies, see [Managed Policies and Inline
4494
- # Policies][2] in the *IAM User Guide*.
4624
+ # For more information about policies, see [Managed policies and inline
4625
+ # policies][2] in the *IAM User Guide*.
4495
4626
  #
4496
4627
  #
4497
4628
  #
@@ -4552,7 +4683,7 @@ module Aws::IAM
4552
4683
 
4553
4684
  # Retrieves information about the specified instance profile, including
4554
4685
  # the instance profile's path, GUID, ARN, and role. For more
4555
- # information about instance profiles, see [About Instance Profiles][1]
4686
+ # information about instance profiles, see [About instance profiles][1]
4556
4687
  # in the *IAM User Guide*.
4557
4688
  #
4558
4689
  #
@@ -4634,6 +4765,9 @@ module Aws::IAM
4634
4765
  # resp.instance_profile.roles[0].tags[0].value #=> String
4635
4766
  # resp.instance_profile.roles[0].role_last_used.last_used_date #=> Time
4636
4767
  # resp.instance_profile.roles[0].role_last_used.region #=> String
4768
+ # resp.instance_profile.tags #=> Array
4769
+ # resp.instance_profile.tags[0].key #=> String
4770
+ # resp.instance_profile.tags[0].value #=> String
4637
4771
  #
4638
4772
  #
4639
4773
  # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -4649,7 +4783,7 @@ module Aws::IAM
4649
4783
  req.send_request(options)
4650
4784
  end
4651
4785
 
4652
- # Retrieves the user name and password-creation date for the specified
4786
+ # Retrieves the user name and password creation date for the specified
4653
4787
  # IAM user. If the user has not been assigned a password, the operation
4654
4788
  # returns a 404 (`NoSuchEntity`) error.
4655
4789
  #
@@ -4715,8 +4849,8 @@ module Aws::IAM
4715
4849
  # IAM to get information for. You can get a list of OIDC provider
4716
4850
  # resource ARNs by using the ListOpenIDConnectProviders operation.
4717
4851
  #
4718
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
4719
- # AWS Service Namespaces][1] in the *AWS General Reference*.
4852
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
4853
+ # in the *AWS General Reference*.
4720
4854
  #
4721
4855
  #
4722
4856
  #
@@ -4728,6 +4862,7 @@ module Aws::IAM
4728
4862
  # * {Types::GetOpenIDConnectProviderResponse#client_id_list #client_id_list} => Array&lt;String&gt;
4729
4863
  # * {Types::GetOpenIDConnectProviderResponse#thumbprint_list #thumbprint_list} => Array&lt;String&gt;
4730
4864
  # * {Types::GetOpenIDConnectProviderResponse#create_date #create_date} => Time
4865
+ # * {Types::GetOpenIDConnectProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
4731
4866
  #
4732
4867
  # @example Request syntax with placeholder values
4733
4868
  #
@@ -4743,6 +4878,9 @@ module Aws::IAM
4743
4878
  # resp.thumbprint_list #=> Array
4744
4879
  # resp.thumbprint_list[0] #=> String
4745
4880
  # resp.create_date #=> Time
4881
+ # resp.tags #=> Array
4882
+ # resp.tags[0].key #=> String
4883
+ # resp.tags[0].value #=> String
4746
4884
  #
4747
4885
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProvider AWS API Documentation
4748
4886
  #
@@ -4762,11 +4900,11 @@ module Aws::IAM
4762
4900
  # report, the data returned could include different information. For
4763
4901
  # details, see GenerateOrganizationsAccessReport.
4764
4902
  #
4765
- # To call this operation, you must be signed in to the master account in
4766
- # your organization. SCPs must be enabled for your organization root.
4767
- # You must have permissions to perform this operation. For more
4768
- # information, see [Refining Permissions Using Service Last Accessed
4769
- # Data][1] in the *IAM User Guide*.
4903
+ # To call this operation, you must be signed in to the management
4904
+ # account in your organization. SCPs must be enabled for your
4905
+ # organization root. You must have permissions to perform this
4906
+ # operation. For more information, see [Refining permissions using
4907
+ # service last accessed data][1] in the *IAM User Guide*.
4770
4908
  #
4771
4909
  # For each service that principals in an account (root users, IAM users,
4772
4910
  # or IAM roles) could access using SCPs, the operation returns details
@@ -4902,17 +5040,17 @@ module Aws::IAM
4902
5040
  # the policy's default version and the total number of IAM users,
4903
5041
  # groups, and roles to which the policy is attached. To retrieve the
4904
5042
  # list of the specific users, groups, and roles that the policy is
4905
- # attached to, use the ListEntitiesForPolicy API. This API returns
5043
+ # attached to, use ListEntitiesForPolicy. This operation returns
4906
5044
  # metadata about the policy. To retrieve the actual policy document for
4907
5045
  # a specific version of the policy, use GetPolicyVersion.
4908
5046
  #
4909
- # This API retrieves information about managed policies. To retrieve
4910
- # information about an inline policy that is embedded with an IAM user,
4911
- # group, or role, use the GetUserPolicy, GetGroupPolicy, or
4912
- # GetRolePolicy API.
5047
+ # This operation retrieves information about managed policies. To
5048
+ # retrieve information about an inline policy that is embedded with an
5049
+ # IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or
5050
+ # GetRolePolicy.
4913
5051
  #
4914
- # For more information about policies, see [Managed Policies and Inline
4915
- # Policies][1] in the *IAM User Guide*.
5052
+ # For more information about policies, see [Managed policies and inline
5053
+ # policies][1] in the *IAM User Guide*.
4916
5054
  #
4917
5055
  #
4918
5056
  #
@@ -4922,8 +5060,8 @@ module Aws::IAM
4922
5060
  # The Amazon Resource Name (ARN) of the managed policy that you want
4923
5061
  # information about.
4924
5062
  #
4925
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
4926
- # AWS Service Namespaces][1] in the *AWS General Reference*.
5063
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5064
+ # in the *AWS General Reference*.
4927
5065
  #
4928
5066
  #
4929
5067
  #
@@ -4952,6 +5090,9 @@ module Aws::IAM
4952
5090
  # resp.policy.description #=> String
4953
5091
  # resp.policy.create_date #=> Time
4954
5092
  # resp.policy.update_date #=> Time
5093
+ # resp.policy.tags #=> Array
5094
+ # resp.policy.tags[0].key #=> String
5095
+ # resp.policy.tags[0].value #=> String
4955
5096
  #
4956
5097
  #
4957
5098
  # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -4970,9 +5111,9 @@ module Aws::IAM
4970
5111
  # Retrieves information about the specified version of the specified
4971
5112
  # managed policy, including the policy document.
4972
5113
  #
4973
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
4974
- # 3986][1]. You can use a URL decoding method to convert the policy back
4975
- # to plain JSON text. For example, if you use Java, you can use the
5114
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
5115
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
5116
+ # back to plain JSON text. For example, if you use Java, you can use the
4976
5117
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
4977
5118
  # SDK. Other languages and SDKs provide similar functionality.
4978
5119
  #
@@ -4980,15 +5121,16 @@ module Aws::IAM
4980
5121
  #
4981
5122
  # To list the available versions for a policy, use ListPolicyVersions.
4982
5123
  #
4983
- # This API retrieves information about managed policies. To retrieve
4984
- # information about an inline policy that is embedded in a user, group,
4985
- # or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.
5124
+ # This operation retrieves information about managed policies. To
5125
+ # retrieve information about an inline policy that is embedded in a
5126
+ # user, group, or role, use GetUserPolicy, GetGroupPolicy, or
5127
+ # GetRolePolicy.
4986
5128
  #
4987
5129
  # For more information about the types of policies, see [Managed
4988
- # Policies and Inline Policies][2] in the *IAM User Guide*.
5130
+ # policies and inline policies][2] in the *IAM User Guide*.
4989
5131
  #
4990
5132
  # For more information about managed policy versions, see [Versioning
4991
- # for Managed Policies][3] in the *IAM User Guide*.
5133
+ # for managed policies][3] in the *IAM User Guide*.
4992
5134
  #
4993
5135
  #
4994
5136
  #
@@ -5000,8 +5142,8 @@ module Aws::IAM
5000
5142
  # The Amazon Resource Name (ARN) of the managed policy that you want
5001
5143
  # information about.
5002
5144
  #
5003
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
5004
- # AWS Service Namespaces][1] in the *AWS General Reference*.
5145
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5146
+ # in the *AWS General Reference*.
5005
5147
  #
5006
5148
  #
5007
5149
  #
@@ -5049,11 +5191,11 @@ module Aws::IAM
5049
5191
  # Retrieves information about the specified role, including the role's
5050
5192
  # path, GUID, ARN, and the role's trust policy that grants permission
5051
5193
  # to assume the role. For more information about roles, see [Working
5052
- # with Roles][1].
5194
+ # with roles][1].
5053
5195
  #
5054
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
5055
- # 3986][2]. You can use a URL decoding method to convert the policy back
5056
- # to plain JSON text. For example, if you use Java, you can use the
5196
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
5197
+ # [RFC 3986][2]. You can use a URL decoding method to convert the policy
5198
+ # back to plain JSON text. For example, if you use Java, you can use the
5057
5199
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5058
5200
  # SDK. Other languages and SDKs provide similar functionality.
5059
5201
  #
@@ -5147,9 +5289,9 @@ module Aws::IAM
5147
5289
  # Retrieves the specified inline policy document that is embedded with
5148
5290
  # the specified IAM role.
5149
5291
  #
5150
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
5151
- # 3986][1]. You can use a URL decoding method to convert the policy back
5152
- # to plain JSON text. For example, if you use Java, you can use the
5292
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
5293
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
5294
+ # back to plain JSON text. For example, if you use Java, you can use the
5153
5295
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5154
5296
  # SDK. Other languages and SDKs provide similar functionality.
5155
5297
  #
@@ -5160,11 +5302,11 @@ module Aws::IAM
5160
5302
  # determine the policy's default version, then use GetPolicyVersion to
5161
5303
  # retrieve the policy document.
5162
5304
  #
5163
- # For more information about policies, see [Managed Policies and Inline
5164
- # Policies][2] in the *IAM User Guide*.
5305
+ # For more information about policies, see [Managed policies and inline
5306
+ # policies][2] in the *IAM User Guide*.
5165
5307
  #
5166
- # For more information about roles, see [Using Roles to Delegate
5167
- # Permissions and Federate Identities][3].
5308
+ # For more information about roles, see [Using roles to delegate
5309
+ # permissions and federate identities][3].
5168
5310
  #
5169
5311
  #
5170
5312
  #
@@ -5239,8 +5381,8 @@ module Aws::IAM
5239
5381
  # The Amazon Resource Name (ARN) of the SAML provider resource object in
5240
5382
  # IAM to get information about.
5241
5383
  #
5242
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
5243
- # AWS Service Namespaces][1] in the *AWS General Reference*.
5384
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5385
+ # in the *AWS General Reference*.
5244
5386
  #
5245
5387
  #
5246
5388
  #
@@ -5251,6 +5393,7 @@ module Aws::IAM
5251
5393
  # * {Types::GetSAMLProviderResponse#saml_metadata_document #saml_metadata_document} => String
5252
5394
  # * {Types::GetSAMLProviderResponse#create_date #create_date} => Time
5253
5395
  # * {Types::GetSAMLProviderResponse#valid_until #valid_until} => Time
5396
+ # * {Types::GetSAMLProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
5254
5397
  #
5255
5398
  # @example Request syntax with placeholder values
5256
5399
  #
@@ -5263,6 +5406,9 @@ module Aws::IAM
5263
5406
  # resp.saml_metadata_document #=> String
5264
5407
  # resp.create_date #=> Time
5265
5408
  # resp.valid_until #=> Time
5409
+ # resp.tags #=> Array
5410
+ # resp.tags[0].key #=> String
5411
+ # resp.tags[0].value #=> String
5266
5412
  #
5267
5413
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProvider AWS API Documentation
5268
5414
  #
@@ -5280,7 +5426,7 @@ module Aws::IAM
5280
5426
  # authenticating the associated IAM user to an AWS CodeCommit
5281
5427
  # repository. For more information about using SSH keys to authenticate
5282
5428
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
5283
- # Connections][1] in the *AWS CodeCommit User Guide*.
5429
+ # connections][1] in the *AWS CodeCommit User Guide*.
5284
5430
  #
5285
5431
  #
5286
5432
  #
@@ -5348,7 +5494,7 @@ module Aws::IAM
5348
5494
  # IAM.
5349
5495
  #
5350
5496
  # For more information about working with server certificates, see
5351
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
5497
+ # [Working with server certificates][1] in the *IAM User Guide*. This
5352
5498
  # topic includes a list of AWS services that can use the server
5353
5499
  # certificates that you manage with IAM.
5354
5500
  #
@@ -5389,6 +5535,9 @@ module Aws::IAM
5389
5535
  # resp.server_certificate.server_certificate_metadata.expiration #=> Time
5390
5536
  # resp.server_certificate.certificate_body #=> String
5391
5537
  # resp.server_certificate.certificate_chain #=> String
5538
+ # resp.server_certificate.tags #=> Array
5539
+ # resp.server_certificate.tags[0].key #=> String
5540
+ # resp.server_certificate.tags[0].value #=> String
5392
5541
  #
5393
5542
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServerCertificate AWS API Documentation
5394
5543
  #
@@ -5413,7 +5562,7 @@ module Aws::IAM
5413
5562
  # AWS Organizations policies, IAM permissions boundaries, and AWS STS
5414
5563
  # assume role policies. It only applies permissions policy logic. For
5415
5564
  # more about the evaluation of policy types, see [Evaluating
5416
- # Policies][1] in the *IAM User Guide*.
5565
+ # policies][1] in the *IAM User Guide*.
5417
5566
  #
5418
5567
  # </note>
5419
5568
  #
@@ -5448,7 +5597,7 @@ module Aws::IAM
5448
5597
  # within a service. Otherwise, this operation returns only service data.
5449
5598
  #
5450
5599
  # For more information about service and action last accessed data, see
5451
- # [Reducing Permissions Using Service Last Accessed Data][2] in the *IAM
5600
+ # [Reducing permissions using service last accessed data][2] in the *IAM
5452
5601
  # User Guide*.
5453
5602
  #
5454
5603
  #
@@ -5596,17 +5745,16 @@ module Aws::IAM
5596
5745
  # namespace to learn when the IAM entity last attempted to access the
5597
5746
  # specified service.
5598
5747
  #
5599
- # To learn the service namespace for a service, go to [Actions,
5600
- # Resources, and Condition Keys for AWS Services][1] in the *IAM User
5601
- # Guide*. Choose the name of the service to view details for that
5602
- # service. In the first paragraph, find the service prefix. For example,
5603
- # `(service prefix: a4b)`. For more information about service
5604
- # namespaces, see [AWS Service Namespaces][2] in the *AWS General
5605
- # Reference*.
5748
+ # To learn the service namespace for a service, see [Actions, resources,
5749
+ # and condition keys for AWS services][1] in the *IAM User Guide*.
5750
+ # Choose the name of the service to view details for that service. In
5751
+ # the first paragraph, find the service prefix. For example, `(service
5752
+ # prefix: a4b)`. For more information about service namespaces, see [AWS
5753
+ # service namespaces][2] in the *AWS General Reference*.
5606
5754
  #
5607
5755
  #
5608
5756
  #
5609
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
5757
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
5610
5758
  # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
5611
5759
  #
5612
5760
  # @option params [Integer] :max_items
@@ -5711,11 +5859,11 @@ module Aws::IAM
5711
5859
  end
5712
5860
 
5713
5861
  # Retrieves the status of your service-linked role deletion. After you
5714
- # use the DeleteServiceLinkedRole API operation to submit a
5715
- # service-linked role for deletion, you can use the `DeletionTaskId`
5716
- # parameter in `GetServiceLinkedRoleDeletionStatus` to check the status
5717
- # of the deletion. If the deletion fails, this operation returns the
5718
- # reason that it failed, if that information is returned by the service.
5862
+ # use DeleteServiceLinkedRole to submit a service-linked role for
5863
+ # deletion, you can use the `DeletionTaskId` parameter in
5864
+ # `GetServiceLinkedRoleDeletionStatus` to check the status of the
5865
+ # deletion. If the deletion fails, this operation returns the reason
5866
+ # that it failed, if that information is returned by the service.
5719
5867
  #
5720
5868
  # @option params [required, String] :deletion_task_id
5721
5869
  # The deletion task identifier. This identifier is returned by the
@@ -5756,7 +5904,7 @@ module Aws::IAM
5756
5904
  #
5757
5905
  # If you do not specify a user name, IAM determines the user name
5758
5906
  # implicitly based on the AWS access key ID used to sign the request to
5759
- # this API.
5907
+ # this operation.
5760
5908
  #
5761
5909
  # @option params [String] :user_name
5762
5910
  # The name of the user to get information about.
@@ -5832,9 +5980,9 @@ module Aws::IAM
5832
5980
  # Retrieves the specified inline policy document that is embedded in the
5833
5981
  # specified IAM user.
5834
5982
  #
5835
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
5836
- # 3986][1]. You can use a URL decoding method to convert the policy back
5837
- # to plain JSON text. For example, if you use Java, you can use the
5983
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
5984
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
5985
+ # back to plain JSON text. For example, if you use Java, you can use the
5838
5986
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5839
5987
  # SDK. Other languages and SDKs provide similar functionality.
5840
5988
  #
@@ -5845,8 +5993,8 @@ module Aws::IAM
5845
5993
  # determine the policy's default version. Then use GetPolicyVersion to
5846
5994
  # retrieve the policy document.
5847
5995
  #
5848
- # For more information about policies, see [Managed Policies and Inline
5849
- # Policies][2] in the *IAM User Guide*.
5996
+ # For more information about policies, see [Managed policies and inline
5997
+ # policies][2] in the *IAM User Guide*.
5850
5998
  #
5851
5999
  #
5852
6000
  #
@@ -6016,7 +6164,7 @@ module Aws::IAM
6016
6164
 
6017
6165
  # Lists the account alias associated with the AWS account (Note: you can
6018
6166
  # have only one). For information about using an AWS account alias, see
6019
- # [Using an Alias for Your AWS Account ID][1] in the *IAM User Guide*.
6167
+ # [Using an alias for your AWS account ID][1] in the *IAM User Guide*.
6020
6168
  #
6021
6169
  #
6022
6170
  #
@@ -6089,9 +6237,9 @@ module Aws::IAM
6089
6237
  # group.
6090
6238
  #
6091
6239
  # An IAM group can also have inline policies embedded with it. To list
6092
- # the inline policies for a group, use the ListGroupPolicies API. For
6093
- # information about policies, see [Managed Policies and Inline
6094
- # Policies][1] in the *IAM User Guide*.
6240
+ # the inline policies for a group, use ListGroupPolicies. For
6241
+ # information about policies, see [Managed policies and inline
6242
+ # policies][1] in the *IAM User Guide*.
6095
6243
  #
6096
6244
  # You can paginate the results using the `MaxItems` and `Marker`
6097
6245
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6187,9 +6335,9 @@ module Aws::IAM
6187
6335
  # role.
6188
6336
  #
6189
6337
  # An IAM role can also have inline policies embedded with it. To list
6190
- # the inline policies for a role, use the ListRolePolicies API. For
6191
- # information about policies, see [Managed Policies and Inline
6192
- # Policies][1] in the *IAM User Guide*.
6338
+ # the inline policies for a role, use ListRolePolicies. For information
6339
+ # about policies, see [Managed policies and inline policies][1] in the
6340
+ # *IAM User Guide*.
6193
6341
  #
6194
6342
  # You can paginate the results using the `MaxItems` and `Marker`
6195
6343
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6285,9 +6433,9 @@ module Aws::IAM
6285
6433
  # user.
6286
6434
  #
6287
6435
  # An IAM user can also have inline policies embedded with it. To list
6288
- # the inline policies for a user, use the ListUserPolicies API. For
6289
- # information about policies, see [Managed Policies and Inline
6290
- # Policies][1] in the *IAM User Guide*.
6436
+ # the inline policies for a user, use ListUserPolicies. For information
6437
+ # about policies, see [Managed policies and inline policies][1] in the
6438
+ # *IAM User Guide*.
6291
6439
  #
6292
6440
  # You can paginate the results using the `MaxItems` and `Marker`
6293
6441
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6394,8 +6542,8 @@ module Aws::IAM
6394
6542
  # The Amazon Resource Name (ARN) of the IAM policy for which you want
6395
6543
  # the versions.
6396
6544
  #
6397
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
6398
- # AWS Service Namespaces][1] in the *AWS General Reference*.
6545
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
6546
+ # in the *AWS General Reference*.
6399
6547
  #
6400
6548
  #
6401
6549
  #
@@ -6504,7 +6652,7 @@ module Aws::IAM
6504
6652
  # An IAM group can also have managed policies attached to it. To list
6505
6653
  # the managed policies that are attached to a group, use
6506
6654
  # ListAttachedGroupPolicies. For more information about policies, see
6507
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
6655
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
6508
6656
  #
6509
6657
  # You can paginate the results using the `MaxItems` and `Marker`
6510
6658
  # parameters. If there are no inline policies embedded with the
@@ -6801,10 +6949,87 @@ module Aws::IAM
6801
6949
  req.send_request(options)
6802
6950
  end
6803
6951
 
6952
+ # Lists the tags that are attached to the specified IAM instance
6953
+ # profile. The returned list of tags is sorted by tag key. For more
6954
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
6955
+ # User Guide*.
6956
+ #
6957
+ #
6958
+ #
6959
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
6960
+ #
6961
+ # @option params [required, String] :instance_profile_name
6962
+ # The name of the IAM instance profile whose tags you want to see.
6963
+ #
6964
+ # This parameter accepts (through its [regex pattern][1]) a string of
6965
+ # characters that consist of upper and lowercase alphanumeric characters
6966
+ # with no spaces. You can also include any of the following characters:
6967
+ # =,.@-
6968
+ #
6969
+ #
6970
+ #
6971
+ # [1]: http://wikipedia.org/wiki/regex
6972
+ #
6973
+ # @option params [String] :marker
6974
+ # Use this parameter only when paginating results and only after you
6975
+ # receive a response indicating that the results are truncated. Set it
6976
+ # to the value of the `Marker` element in the response that you received
6977
+ # to indicate where the next call should start.
6978
+ #
6979
+ # @option params [Integer] :max_items
6980
+ # (Optional) Use this only when paginating results to indicate the
6981
+ # maximum number of items that you want in the response. If additional
6982
+ # items exist beyond the maximum that you specify, the `IsTruncated`
6983
+ # response element is `true`.
6984
+ #
6985
+ # If you do not include this parameter, it defaults to 100. Note that
6986
+ # IAM might return fewer results, even when more results are available.
6987
+ # In that case, the `IsTruncated` response element returns `true`, and
6988
+ # `Marker` contains a value to include in the subsequent call that tells
6989
+ # the service where to continue from.
6990
+ #
6991
+ # @return [Types::ListInstanceProfileTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6992
+ #
6993
+ # * {Types::ListInstanceProfileTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
6994
+ # * {Types::ListInstanceProfileTagsResponse#is_truncated #is_truncated} => Boolean
6995
+ # * {Types::ListInstanceProfileTagsResponse#marker #marker} => String
6996
+ #
6997
+ # @example Request syntax with placeholder values
6998
+ #
6999
+ # resp = client.list_instance_profile_tags({
7000
+ # instance_profile_name: "instanceProfileNameType", # required
7001
+ # marker: "markerType",
7002
+ # max_items: 1,
7003
+ # })
7004
+ #
7005
+ # @example Response structure
7006
+ #
7007
+ # resp.tags #=> Array
7008
+ # resp.tags[0].key #=> String
7009
+ # resp.tags[0].value #=> String
7010
+ # resp.is_truncated #=> Boolean
7011
+ # resp.marker #=> String
7012
+ #
7013
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfileTags AWS API Documentation
7014
+ #
7015
+ # @overload list_instance_profile_tags(params = {})
7016
+ # @param [Hash] params ({})
7017
+ def list_instance_profile_tags(params = {}, options = {})
7018
+ req = build_request(:list_instance_profile_tags, params)
7019
+ req.send_request(options)
7020
+ end
7021
+
6804
7022
  # Lists the instance profiles that have the specified path prefix. If
6805
7023
  # there are none, the operation returns an empty list. For more
6806
- # information about instance profiles, go to [About Instance
6807
- # Profiles][1].
7024
+ # information about instance profiles, see [About instance profiles][1].
7025
+ #
7026
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
7027
+ # attributes for the resource. For example, this operation does not
7028
+ # return tags, even though they are an attribute of the returned object.
7029
+ # To view all of the information for an instance profile, see
7030
+ # GetInstanceProfile.
7031
+ #
7032
+ # </note>
6808
7033
  #
6809
7034
  # You can paginate the results using the `MaxItems` and `Marker`
6810
7035
  # parameters.
@@ -6888,6 +7113,9 @@ module Aws::IAM
6888
7113
  # resp.instance_profiles[0].roles[0].tags[0].value #=> String
6889
7114
  # resp.instance_profiles[0].roles[0].role_last_used.last_used_date #=> Time
6890
7115
  # resp.instance_profiles[0].roles[0].role_last_used.region #=> String
7116
+ # resp.instance_profiles[0].tags #=> Array
7117
+ # resp.instance_profiles[0].tags[0].key #=> String
7118
+ # resp.instance_profiles[0].tags[0].value #=> String
6891
7119
  # resp.is_truncated #=> Boolean
6892
7120
  # resp.marker #=> String
6893
7121
  #
@@ -6902,8 +7130,8 @@ module Aws::IAM
6902
7130
 
6903
7131
  # Lists the instance profiles that have the specified associated IAM
6904
7132
  # role. If there are none, the operation returns an empty list. For more
6905
- # information about instance profiles, go to [About Instance
6906
- # Profiles][1].
7133
+ # information about instance profiles, go to [About instance
7134
+ # profiles][1].
6907
7135
  #
6908
7136
  # You can paginate the results using the `MaxItems` and `Marker`
6909
7137
  # parameters.
@@ -6981,6 +7209,9 @@ module Aws::IAM
6981
7209
  # resp.instance_profiles[0].roles[0].tags[0].value #=> String
6982
7210
  # resp.instance_profiles[0].roles[0].role_last_used.last_used_date #=> Time
6983
7211
  # resp.instance_profiles[0].roles[0].role_last_used.region #=> String
7212
+ # resp.instance_profiles[0].tags #=> Array
7213
+ # resp.instance_profiles[0].tags[0].key #=> String
7214
+ # resp.instance_profiles[0].tags[0].value #=> String
6984
7215
  # resp.is_truncated #=> Boolean
6985
7216
  # resp.marker #=> String
6986
7217
  #
@@ -6993,11 +7224,83 @@ module Aws::IAM
6993
7224
  req.send_request(options)
6994
7225
  end
6995
7226
 
7227
+ # Lists the tags that are attached to the specified IAM virtual
7228
+ # multi-factor authentication (MFA) device. The returned list of tags is
7229
+ # sorted by tag key. For more information about tagging, see [Tagging
7230
+ # IAM resources][1] in the *IAM User Guide*.
7231
+ #
7232
+ #
7233
+ #
7234
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
7235
+ #
7236
+ # @option params [required, String] :serial_number
7237
+ # The unique identifier for the IAM virtual MFA device whose tags you
7238
+ # want to see. For virtual MFA devices, the serial number is the same as
7239
+ # the ARN.
7240
+ #
7241
+ # This parameter accepts (through its [regex pattern][1]) a string of
7242
+ # characters that consist of upper and lowercase alphanumeric characters
7243
+ # with no spaces. You can also include any of the following characters:
7244
+ # =,.@-
7245
+ #
7246
+ #
7247
+ #
7248
+ # [1]: http://wikipedia.org/wiki/regex
7249
+ #
7250
+ # @option params [String] :marker
7251
+ # Use this parameter only when paginating results and only after you
7252
+ # receive a response indicating that the results are truncated. Set it
7253
+ # to the value of the `Marker` element in the response that you received
7254
+ # to indicate where the next call should start.
7255
+ #
7256
+ # @option params [Integer] :max_items
7257
+ # (Optional) Use this only when paginating results to indicate the
7258
+ # maximum number of items that you want in the response. If additional
7259
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7260
+ # response element is `true`.
7261
+ #
7262
+ # If you do not include this parameter, it defaults to 100. Note that
7263
+ # IAM might return fewer results, even when more results are available.
7264
+ # In that case, the `IsTruncated` response element returns `true`, and
7265
+ # `Marker` contains a value to include in the subsequent call that tells
7266
+ # the service where to continue from.
7267
+ #
7268
+ # @return [Types::ListMFADeviceTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7269
+ #
7270
+ # * {Types::ListMFADeviceTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7271
+ # * {Types::ListMFADeviceTagsResponse#is_truncated #is_truncated} => Boolean
7272
+ # * {Types::ListMFADeviceTagsResponse#marker #marker} => String
7273
+ #
7274
+ # @example Request syntax with placeholder values
7275
+ #
7276
+ # resp = client.list_mfa_device_tags({
7277
+ # serial_number: "serialNumberType", # required
7278
+ # marker: "markerType",
7279
+ # max_items: 1,
7280
+ # })
7281
+ #
7282
+ # @example Response structure
7283
+ #
7284
+ # resp.tags #=> Array
7285
+ # resp.tags[0].key #=> String
7286
+ # resp.tags[0].value #=> String
7287
+ # resp.is_truncated #=> Boolean
7288
+ # resp.marker #=> String
7289
+ #
7290
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADeviceTags AWS API Documentation
7291
+ #
7292
+ # @overload list_mfa_device_tags(params = {})
7293
+ # @param [Hash] params ({})
7294
+ def list_mfa_device_tags(params = {}, options = {})
7295
+ req = build_request(:list_mfa_device_tags, params)
7296
+ req.send_request(options)
7297
+ end
7298
+
6996
7299
  # Lists the MFA devices for an IAM user. If the request includes a IAM
6997
7300
  # user name, then this operation lists all the MFA devices associated
6998
7301
  # with the specified user. If you do not specify a user name, IAM
6999
7302
  # determines the user name implicitly based on the AWS access key ID
7000
- # signing the request for this API.
7303
+ # signing the request for this operation.
7001
7304
  #
7002
7305
  # You can paginate the results using the `MaxItems` and `Marker`
7003
7306
  # parameters.
@@ -7065,30 +7368,113 @@ module Aws::IAM
7065
7368
  req.send_request(options)
7066
7369
  end
7067
7370
 
7068
- # Lists information about the IAM OpenID Connect (OIDC) provider
7069
- # resource objects defined in the AWS account.
7371
+ # Lists the tags that are attached to the specified OpenID Connect
7372
+ # (OIDC)-compatible identity provider. The returned list of tags is
7373
+ # sorted by tag key. For more information, see [About web identity
7374
+ # federation][1].
7070
7375
  #
7071
- # @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7376
+ # For more information about tagging, see [Tagging IAM resources][2] in
7377
+ # the *IAM User Guide*.
7072
7378
  #
7073
- # * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array&lt;Types::OpenIDConnectProviderListEntry&gt;
7074
7379
  #
7075
- # @example Response structure
7076
7380
  #
7077
- # resp.open_id_connect_provider_list #=> Array
7078
- # resp.open_id_connect_provider_list[0].arn #=> String
7381
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
7382
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
7079
7383
  #
7080
- # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviders AWS API Documentation
7384
+ # @option params [required, String] :open_id_connect_provider_arn
7385
+ # The ARN of the OpenID Connect (OIDC) identity provider whose tags you
7386
+ # want to see.
7081
7387
  #
7082
- # @overload list_open_id_connect_providers(params = {})
7083
- # @param [Hash] params ({})
7084
- def list_open_id_connect_providers(params = {}, options = {})
7085
- req = build_request(:list_open_id_connect_providers, params)
7086
- req.send_request(options)
7087
- end
7088
-
7089
- # Lists all the managed policies that are available in your AWS account,
7090
- # including your own customer-defined managed policies and all AWS
7091
- # managed policies.
7388
+ # This parameter accepts (through its [regex pattern][1]) a string of
7389
+ # characters that consist of upper and lowercase alphanumeric characters
7390
+ # with no spaces. You can also include any of the following characters:
7391
+ # =,.@-
7392
+ #
7393
+ #
7394
+ #
7395
+ # [1]: http://wikipedia.org/wiki/regex
7396
+ #
7397
+ # @option params [String] :marker
7398
+ # Use this parameter only when paginating results and only after you
7399
+ # receive a response indicating that the results are truncated. Set it
7400
+ # to the value of the `Marker` element in the response that you received
7401
+ # to indicate where the next call should start.
7402
+ #
7403
+ # @option params [Integer] :max_items
7404
+ # (Optional) Use this only when paginating results to indicate the
7405
+ # maximum number of items that you want in the response. If additional
7406
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7407
+ # response element is `true`.
7408
+ #
7409
+ # If you do not include this parameter, it defaults to 100. Note that
7410
+ # IAM might return fewer results, even when more results are available.
7411
+ # In that case, the `IsTruncated` response element returns `true`, and
7412
+ # `Marker` contains a value to include in the subsequent call that tells
7413
+ # the service where to continue from.
7414
+ #
7415
+ # @return [Types::ListOpenIDConnectProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7416
+ #
7417
+ # * {Types::ListOpenIDConnectProviderTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7418
+ # * {Types::ListOpenIDConnectProviderTagsResponse#is_truncated #is_truncated} => Boolean
7419
+ # * {Types::ListOpenIDConnectProviderTagsResponse#marker #marker} => String
7420
+ #
7421
+ # @example Request syntax with placeholder values
7422
+ #
7423
+ # resp = client.list_open_id_connect_provider_tags({
7424
+ # open_id_connect_provider_arn: "arnType", # required
7425
+ # marker: "markerType",
7426
+ # max_items: 1,
7427
+ # })
7428
+ #
7429
+ # @example Response structure
7430
+ #
7431
+ # resp.tags #=> Array
7432
+ # resp.tags[0].key #=> String
7433
+ # resp.tags[0].value #=> String
7434
+ # resp.is_truncated #=> Boolean
7435
+ # resp.marker #=> String
7436
+ #
7437
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviderTags AWS API Documentation
7438
+ #
7439
+ # @overload list_open_id_connect_provider_tags(params = {})
7440
+ # @param [Hash] params ({})
7441
+ def list_open_id_connect_provider_tags(params = {}, options = {})
7442
+ req = build_request(:list_open_id_connect_provider_tags, params)
7443
+ req.send_request(options)
7444
+ end
7445
+
7446
+ # Lists information about the IAM OpenID Connect (OIDC) provider
7447
+ # resource objects defined in the AWS account.
7448
+ #
7449
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
7450
+ # attributes for the resource. For example, this operation does not
7451
+ # return tags, even though they are an attribute of the returned object.
7452
+ # To view all of the information for an OIDC provider, see
7453
+ # GetOpenIDConnectProvider.
7454
+ #
7455
+ # </note>
7456
+ #
7457
+ # @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7458
+ #
7459
+ # * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array&lt;Types::OpenIDConnectProviderListEntry&gt;
7460
+ #
7461
+ # @example Response structure
7462
+ #
7463
+ # resp.open_id_connect_provider_list #=> Array
7464
+ # resp.open_id_connect_provider_list[0].arn #=> String
7465
+ #
7466
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviders AWS API Documentation
7467
+ #
7468
+ # @overload list_open_id_connect_providers(params = {})
7469
+ # @param [Hash] params ({})
7470
+ def list_open_id_connect_providers(params = {}, options = {})
7471
+ req = build_request(:list_open_id_connect_providers, params)
7472
+ req.send_request(options)
7473
+ end
7474
+
7475
+ # Lists all the managed policies that are available in your AWS account,
7476
+ # including your own customer-defined managed policies and all AWS
7477
+ # managed policies.
7092
7478
  #
7093
7479
  # You can filter the list of policies that is returned using the
7094
7480
  # optional `OnlyAttached`, `Scope`, and `PathPrefix` parameters. For
@@ -7099,8 +7485,16 @@ module Aws::IAM
7099
7485
  # You can paginate the results using the `MaxItems` and `Marker`
7100
7486
  # parameters.
7101
7487
  #
7102
- # For more information about managed policies, see [Managed Policies and
7103
- # Inline Policies][1] in the *IAM User Guide*.
7488
+ # For more information about managed policies, see [Managed policies and
7489
+ # inline policies][1] in the *IAM User Guide*.
7490
+ #
7491
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
7492
+ # attributes for the resource. For example, this operation does not
7493
+ # return tags, even though they are an attribute of the returned object.
7494
+ # To view all of the information for a customer manged policy, see
7495
+ # GetPolicy.
7496
+ #
7497
+ # </note>
7104
7498
  #
7105
7499
  #
7106
7500
  #
@@ -7199,6 +7593,9 @@ module Aws::IAM
7199
7593
  # resp.policies[0].description #=> String
7200
7594
  # resp.policies[0].create_date #=> Time
7201
7595
  # resp.policies[0].update_date #=> Time
7596
+ # resp.policies[0].tags #=> Array
7597
+ # resp.policies[0].tags[0].key #=> String
7598
+ # resp.policies[0].tags[0].value #=> String
7202
7599
  # resp.is_truncated #=> Boolean
7203
7600
  # resp.marker #=> String
7204
7601
  #
@@ -7219,7 +7616,7 @@ module Aws::IAM
7219
7616
  # include resource-based policies, access control lists, AWS
7220
7617
  # Organizations policies, IAM permissions boundaries, and AWS STS assume
7221
7618
  # role policies. It only applies permissions policy logic. For more
7222
- # about the evaluation of policy types, see [Evaluating Policies][1] in
7619
+ # about the evaluation of policy types, see [Evaluating policies][1] in
7223
7620
  # the *IAM User Guide*.
7224
7621
  #
7225
7622
  # </note>
@@ -7242,8 +7639,8 @@ module Aws::IAM
7242
7639
  # For each managed policy, this operation returns the ARN and policy
7243
7640
  # name. For each inline policy, it returns the policy name and the
7244
7641
  # entity to which it is attached. Inline policies do not have an ARN.
7245
- # For more information about these policy types, see [Managed Policies
7246
- # and Inline Policies][2] in the *IAM User Guide*.
7642
+ # For more information about these policy types, see [Managed policies
7643
+ # and inline policies][2] in the *IAM User Guide*.
7247
7644
  #
7248
7645
  # Policies that are attached to users and roles as permissions
7249
7646
  # boundaries are not returned. To view which managed policy is currently
@@ -7269,17 +7666,16 @@ module Aws::IAM
7269
7666
  # The service namespace for the AWS services whose policies you want to
7270
7667
  # list.
7271
7668
  #
7272
- # To learn the service namespace for a service, go to [Actions,
7273
- # Resources, and Condition Keys for AWS Services][1] in the *IAM User
7274
- # Guide*. Choose the name of the service to view details for that
7275
- # service. In the first paragraph, find the service prefix. For example,
7276
- # `(service prefix: a4b)`. For more information about service
7277
- # namespaces, see [AWS Service Namespaces][2] in the *AWS General
7278
- # Reference*.
7669
+ # To learn the service namespace for a service, see [Actions, resources,
7670
+ # and condition keys for AWS services][1] in the *IAM User Guide*.
7671
+ # Choose the name of the service to view details for that service. In
7672
+ # the first paragraph, find the service prefix. For example, `(service
7673
+ # prefix: a4b)`. For more information about service namespaces, see [AWS
7674
+ # service namespaces][2] in the *AWS General Reference*.
7279
7675
  #
7280
7676
  #
7281
7677
  #
7282
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
7678
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
7283
7679
  # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
7284
7680
  #
7285
7681
  # @return [Types::ListPoliciesGrantingServiceAccessResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -7364,12 +7760,82 @@ module Aws::IAM
7364
7760
  req.send_request(options)
7365
7761
  end
7366
7762
 
7763
+ # Lists the tags that are attached to the specified IAM customer managed
7764
+ # policy. The returned list of tags is sorted by tag key. For more
7765
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
7766
+ # User Guide*.
7767
+ #
7768
+ #
7769
+ #
7770
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
7771
+ #
7772
+ # @option params [required, String] :policy_arn
7773
+ # The ARN of the IAM customer managed policy whose tags you want to see.
7774
+ #
7775
+ # This parameter accepts (through its [regex pattern][1]) a string of
7776
+ # characters that consist of upper and lowercase alphanumeric characters
7777
+ # with no spaces. You can also include any of the following characters:
7778
+ # =,.@-
7779
+ #
7780
+ #
7781
+ #
7782
+ # [1]: http://wikipedia.org/wiki/regex
7783
+ #
7784
+ # @option params [String] :marker
7785
+ # Use this parameter only when paginating results and only after you
7786
+ # receive a response indicating that the results are truncated. Set it
7787
+ # to the value of the `Marker` element in the response that you received
7788
+ # to indicate where the next call should start.
7789
+ #
7790
+ # @option params [Integer] :max_items
7791
+ # (Optional) Use this only when paginating results to indicate the
7792
+ # maximum number of items that you want in the response. If additional
7793
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7794
+ # response element is `true`.
7795
+ #
7796
+ # If you do not include this parameter, it defaults to 100. Note that
7797
+ # IAM might return fewer results, even when more results are available.
7798
+ # In that case, the `IsTruncated` response element returns `true`, and
7799
+ # `Marker` contains a value to include in the subsequent call that tells
7800
+ # the service where to continue from.
7801
+ #
7802
+ # @return [Types::ListPolicyTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7803
+ #
7804
+ # * {Types::ListPolicyTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7805
+ # * {Types::ListPolicyTagsResponse#is_truncated #is_truncated} => Boolean
7806
+ # * {Types::ListPolicyTagsResponse#marker #marker} => String
7807
+ #
7808
+ # @example Request syntax with placeholder values
7809
+ #
7810
+ # resp = client.list_policy_tags({
7811
+ # policy_arn: "arnType", # required
7812
+ # marker: "markerType",
7813
+ # max_items: 1,
7814
+ # })
7815
+ #
7816
+ # @example Response structure
7817
+ #
7818
+ # resp.tags #=> Array
7819
+ # resp.tags[0].key #=> String
7820
+ # resp.tags[0].value #=> String
7821
+ # resp.is_truncated #=> Boolean
7822
+ # resp.marker #=> String
7823
+ #
7824
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyTags AWS API Documentation
7825
+ #
7826
+ # @overload list_policy_tags(params = {})
7827
+ # @param [Hash] params ({})
7828
+ def list_policy_tags(params = {}, options = {})
7829
+ req = build_request(:list_policy_tags, params)
7830
+ req.send_request(options)
7831
+ end
7832
+
7367
7833
  # Lists information about the versions of the specified managed policy,
7368
7834
  # including the version that is currently set as the policy's default
7369
7835
  # version.
7370
7836
  #
7371
- # For more information about managed policies, see [Managed Policies and
7372
- # Inline Policies][1] in the *IAM User Guide*.
7837
+ # For more information about managed policies, see [Managed policies and
7838
+ # inline policies][1] in the *IAM User Guide*.
7373
7839
  #
7374
7840
  #
7375
7841
  #
@@ -7379,8 +7845,8 @@ module Aws::IAM
7379
7845
  # The Amazon Resource Name (ARN) of the IAM policy for which you want
7380
7846
  # the versions.
7381
7847
  #
7382
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
7383
- # AWS Service Namespaces][1] in the *AWS General Reference*.
7848
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
7849
+ # in the *AWS General Reference*.
7384
7850
  #
7385
7851
  #
7386
7852
  #
@@ -7444,7 +7910,7 @@ module Aws::IAM
7444
7910
  # An IAM role can also have managed policies attached to it. To list the
7445
7911
  # managed policies that are attached to a role, use
7446
7912
  # ListAttachedRolePolicies. For more information about policies, see
7447
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
7913
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
7448
7914
  #
7449
7915
  # You can paginate the results using the `MaxItems` and `Marker`
7450
7916
  # parameters. If there are no inline policies embedded with the
@@ -7517,7 +7983,7 @@ module Aws::IAM
7517
7983
 
7518
7984
  # Lists the tags that are attached to the specified role. The returned
7519
7985
  # list of tags is sorted by tag key. For more information about tagging,
7520
- # see [Tagging IAM Identities][1] in the *IAM User Guide*.
7986
+ # see [Tagging IAM resources][1] in the *IAM User Guide*.
7521
7987
  #
7522
7988
  #
7523
7989
  #
@@ -7610,7 +8076,14 @@ module Aws::IAM
7610
8076
 
7611
8077
  # Lists the IAM roles that have the specified path prefix. If there are
7612
8078
  # none, the operation returns an empty list. For more information about
7613
- # roles, go to [Working with Roles][1].
8079
+ # roles, see [Working with roles][1].
8080
+ #
8081
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
8082
+ # attributes for the resource. For example, this operation does not
8083
+ # return tags, even though they are an attribute of the returned object.
8084
+ # To view all of the information for a role, see GetRole.
8085
+ #
8086
+ # </note>
7614
8087
  #
7615
8088
  # You can paginate the results using the `MaxItems` and `Marker`
7616
8089
  # parameters.
@@ -7699,12 +8172,89 @@ module Aws::IAM
7699
8172
  req.send_request(options)
7700
8173
  end
7701
8174
 
7702
- # Lists the SAML provider resource objects defined in IAM in the
7703
- # account.
8175
+ # Lists the tags that are attached to the specified Security Assertion
8176
+ # Markup Language (SAML) identity provider. The returned list of tags is
8177
+ # sorted by tag key. For more information, see [About SAML 2.0-based
8178
+ # federation][1].
7704
8179
  #
7705
- # <note markdown="1"> This operation requires [Signature Version 4][1].
8180
+ # For more information about tagging, see [Tagging IAM resources][2] in
8181
+ # the *IAM User Guide*.
7706
8182
  #
7707
- # </note>
8183
+ #
8184
+ #
8185
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
8186
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
8187
+ #
8188
+ # @option params [required, String] :saml_provider_arn
8189
+ # The ARN of the Security Assertion Markup Language (SAML) identity
8190
+ # provider whose tags you want to see.
8191
+ #
8192
+ # This parameter accepts (through its [regex pattern][1]) a string of
8193
+ # characters that consist of upper and lowercase alphanumeric characters
8194
+ # with no spaces. You can also include any of the following characters:
8195
+ # =,.@-
8196
+ #
8197
+ #
8198
+ #
8199
+ # [1]: http://wikipedia.org/wiki/regex
8200
+ #
8201
+ # @option params [String] :marker
8202
+ # Use this parameter only when paginating results and only after you
8203
+ # receive a response indicating that the results are truncated. Set it
8204
+ # to the value of the `Marker` element in the response that you received
8205
+ # to indicate where the next call should start.
8206
+ #
8207
+ # @option params [Integer] :max_items
8208
+ # (Optional) Use this only when paginating results to indicate the
8209
+ # maximum number of items that you want in the response. If additional
8210
+ # items exist beyond the maximum that you specify, the `IsTruncated`
8211
+ # response element is `true`.
8212
+ #
8213
+ # If you do not include this parameter, it defaults to 100. Note that
8214
+ # IAM might return fewer results, even when more results are available.
8215
+ # In that case, the `IsTruncated` response element returns `true`, and
8216
+ # `Marker` contains a value to include in the subsequent call that tells
8217
+ # the service where to continue from.
8218
+ #
8219
+ # @return [Types::ListSAMLProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8220
+ #
8221
+ # * {Types::ListSAMLProviderTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
8222
+ # * {Types::ListSAMLProviderTagsResponse#is_truncated #is_truncated} => Boolean
8223
+ # * {Types::ListSAMLProviderTagsResponse#marker #marker} => String
8224
+ #
8225
+ # @example Request syntax with placeholder values
8226
+ #
8227
+ # resp = client.list_saml_provider_tags({
8228
+ # saml_provider_arn: "arnType", # required
8229
+ # marker: "markerType",
8230
+ # max_items: 1,
8231
+ # })
8232
+ #
8233
+ # @example Response structure
8234
+ #
8235
+ # resp.tags #=> Array
8236
+ # resp.tags[0].key #=> String
8237
+ # resp.tags[0].value #=> String
8238
+ # resp.is_truncated #=> Boolean
8239
+ # resp.marker #=> String
8240
+ #
8241
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviderTags AWS API Documentation
8242
+ #
8243
+ # @overload list_saml_provider_tags(params = {})
8244
+ # @param [Hash] params ({})
8245
+ def list_saml_provider_tags(params = {}, options = {})
8246
+ req = build_request(:list_saml_provider_tags, params)
8247
+ req.send_request(options)
8248
+ end
8249
+
8250
+ # Lists the SAML provider resource objects defined in IAM in the
8251
+ # account. IAM resource-listing operations return a subset of the
8252
+ # available attributes for the resource. For example, this operation
8253
+ # does not return tags, even though they are an attribute of the
8254
+ # returned object. To view all of the information for a SAML provider,
8255
+ # see GetSAMLProvider.
8256
+ #
8257
+ # This operation requires [Signature Version 4][1].
7708
8258
  #
7709
8259
  #
7710
8260
  #
@@ -7737,7 +8287,7 @@ module Aws::IAM
7737
8287
  # The SSH public keys returned by this operation are used only for
7738
8288
  # authenticating the IAM user to an AWS CodeCommit repository. For more
7739
8289
  # information about using SSH keys to authenticate to an AWS CodeCommit
7740
- # repository, see [Set up AWS CodeCommit for SSH Connections][1] in the
8290
+ # repository, see [Set up AWS CodeCommit for SSH connections][1] in the
7741
8291
  # *AWS CodeCommit User Guide*.
7742
8292
  #
7743
8293
  # Although each user is limited to a small number of keys, you can still
@@ -7813,34 +8363,31 @@ module Aws::IAM
7813
8363
  req.send_request(options)
7814
8364
  end
7815
8365
 
7816
- # Lists the server certificates stored in IAM that have the specified
7817
- # path prefix. If none exist, the operation returns an empty list.
8366
+ # Lists the tags that are attached to the specified IAM server
8367
+ # certificate. The returned list of tags is sorted by tag key. For more
8368
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
8369
+ # User Guide*.
7818
8370
  #
7819
- # You can paginate the results using the `MaxItems` and `Marker`
7820
- # parameters.
8371
+ # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
8372
+ # (ACM), we recommend that you don't use IAM server certificates.
8373
+ # Instead, use ACM to provision, manage, and deploy your server
8374
+ # certificates. For more information about IAM server certificates,
8375
+ # [Working with server certificates][2] in the *IAM User Guide*.
7821
8376
  #
7822
- # For more information about working with server certificates, see
7823
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
7824
- # topic also includes a list of AWS services that can use the server
7825
- # certificates that you manage with IAM.
8377
+ # </note>
7826
8378
  #
7827
8379
  #
7828
8380
  #
7829
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
8381
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
8382
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
7830
8383
  #
7831
- # @option params [String] :path_prefix
7832
- # The path prefix for filtering the results. For example:
7833
- # `/company/servercerts` would get all server certificates for which the
7834
- # path starts with `/company/servercerts`.
8384
+ # @option params [required, String] :server_certificate_name
8385
+ # The name of the IAM server certificate whose tags you want to see.
7835
8386
  #
7836
- # This parameter is optional. If it is not included, it defaults to a
7837
- # slash (/), listing all server certificates. This parameter allows
7838
- # (through its [regex pattern][1]) a string of characters consisting of
7839
- # either a forward slash (/) by itself or a string that must begin and
7840
- # end with forward slashes. In addition, it can contain any ASCII
7841
- # character from the ! (`\u0021`) through the DEL character (`\u007F`),
7842
- # including most punctuation characters, digits, and upper and
7843
- # lowercased letters.
8387
+ # This parameter accepts (through its [regex pattern][1]) a string of
8388
+ # characters that consist of upper and lowercase alphanumeric characters
8389
+ # with no spaces. You can also include any of the following characters:
8390
+ # =,.@-
7844
8391
  #
7845
8392
  #
7846
8393
  #
@@ -7853,35 +8400,125 @@ module Aws::IAM
7853
8400
  # to indicate where the next call should start.
7854
8401
  #
7855
8402
  # @option params [Integer] :max_items
7856
- # Use this only when paginating results to indicate the maximum number
7857
- # of items you want in the response. If additional items exist beyond
7858
- # the maximum you specify, the `IsTruncated` response element is `true`.
7859
- #
7860
- # If you do not include this parameter, the number of items defaults to
7861
- # 100. Note that IAM might return fewer results, even when there are
7862
- # more results available. In that case, the `IsTruncated` response
7863
- # element returns `true`, and `Marker` contains a value to include in
7864
- # the subsequent call that tells the service where to continue from.
8403
+ # (Optional) Use this only when paginating results to indicate the
8404
+ # maximum number of items that you want in the response. If additional
8405
+ # items exist beyond the maximum that you specify, the `IsTruncated`
8406
+ # response element is `true`.
7865
8407
  #
7866
- # @return [Types::ListServerCertificatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8408
+ # If you do not include this parameter, it defaults to 100. Note that
8409
+ # IAM might return fewer results, even when more results are available.
8410
+ # In that case, the `IsTruncated` response element returns `true`, and
8411
+ # `Marker` contains a value to include in the subsequent call that tells
8412
+ # the service where to continue from.
7867
8413
  #
7868
- # * {Types::ListServerCertificatesResponse#server_certificate_metadata_list #server_certificate_metadata_list} => Array&lt;Types::ServerCertificateMetadata&gt;
7869
- # * {Types::ListServerCertificatesResponse#is_truncated #is_truncated} => Boolean
7870
- # * {Types::ListServerCertificatesResponse#marker #marker} => String
8414
+ # @return [Types::ListServerCertificateTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7871
8415
  #
7872
- # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
8416
+ # * {Types::ListServerCertificateTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
8417
+ # * {Types::ListServerCertificateTagsResponse#is_truncated #is_truncated} => Boolean
8418
+ # * {Types::ListServerCertificateTagsResponse#marker #marker} => String
7873
8419
  #
7874
8420
  # @example Request syntax with placeholder values
7875
8421
  #
7876
- # resp = client.list_server_certificates({
7877
- # path_prefix: "pathPrefixType",
8422
+ # resp = client.list_server_certificate_tags({
8423
+ # server_certificate_name: "serverCertificateNameType", # required
7878
8424
  # marker: "markerType",
7879
8425
  # max_items: 1,
7880
8426
  # })
7881
8427
  #
7882
8428
  # @example Response structure
7883
8429
  #
7884
- # resp.server_certificate_metadata_list #=> Array
8430
+ # resp.tags #=> Array
8431
+ # resp.tags[0].key #=> String
8432
+ # resp.tags[0].value #=> String
8433
+ # resp.is_truncated #=> Boolean
8434
+ # resp.marker #=> String
8435
+ #
8436
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificateTags AWS API Documentation
8437
+ #
8438
+ # @overload list_server_certificate_tags(params = {})
8439
+ # @param [Hash] params ({})
8440
+ def list_server_certificate_tags(params = {}, options = {})
8441
+ req = build_request(:list_server_certificate_tags, params)
8442
+ req.send_request(options)
8443
+ end
8444
+
8445
+ # Lists the server certificates stored in IAM that have the specified
8446
+ # path prefix. If none exist, the operation returns an empty list.
8447
+ #
8448
+ # You can paginate the results using the `MaxItems` and `Marker`
8449
+ # parameters.
8450
+ #
8451
+ # For more information about working with server certificates, see
8452
+ # [Working with server certificates][1] in the *IAM User Guide*. This
8453
+ # topic also includes a list of AWS services that can use the server
8454
+ # certificates that you manage with IAM.
8455
+ #
8456
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
8457
+ # attributes for the resource. For example, this operation does not
8458
+ # return tags, even though they are an attribute of the returned object.
8459
+ # To view all of the information for a servercertificate, see
8460
+ # GetServerCertificate.
8461
+ #
8462
+ # </note>
8463
+ #
8464
+ #
8465
+ #
8466
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
8467
+ #
8468
+ # @option params [String] :path_prefix
8469
+ # The path prefix for filtering the results. For example:
8470
+ # `/company/servercerts` would get all server certificates for which the
8471
+ # path starts with `/company/servercerts`.
8472
+ #
8473
+ # This parameter is optional. If it is not included, it defaults to a
8474
+ # slash (/), listing all server certificates. This parameter allows
8475
+ # (through its [regex pattern][1]) a string of characters consisting of
8476
+ # either a forward slash (/) by itself or a string that must begin and
8477
+ # end with forward slashes. In addition, it can contain any ASCII
8478
+ # character from the ! (`\u0021`) through the DEL character (`\u007F`),
8479
+ # including most punctuation characters, digits, and upper and
8480
+ # lowercased letters.
8481
+ #
8482
+ #
8483
+ #
8484
+ # [1]: http://wikipedia.org/wiki/regex
8485
+ #
8486
+ # @option params [String] :marker
8487
+ # Use this parameter only when paginating results and only after you
8488
+ # receive a response indicating that the results are truncated. Set it
8489
+ # to the value of the `Marker` element in the response that you received
8490
+ # to indicate where the next call should start.
8491
+ #
8492
+ # @option params [Integer] :max_items
8493
+ # Use this only when paginating results to indicate the maximum number
8494
+ # of items you want in the response. If additional items exist beyond
8495
+ # the maximum you specify, the `IsTruncated` response element is `true`.
8496
+ #
8497
+ # If you do not include this parameter, the number of items defaults to
8498
+ # 100. Note that IAM might return fewer results, even when there are
8499
+ # more results available. In that case, the `IsTruncated` response
8500
+ # element returns `true`, and `Marker` contains a value to include in
8501
+ # the subsequent call that tells the service where to continue from.
8502
+ #
8503
+ # @return [Types::ListServerCertificatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8504
+ #
8505
+ # * {Types::ListServerCertificatesResponse#server_certificate_metadata_list #server_certificate_metadata_list} => Array&lt;Types::ServerCertificateMetadata&gt;
8506
+ # * {Types::ListServerCertificatesResponse#is_truncated #is_truncated} => Boolean
8507
+ # * {Types::ListServerCertificatesResponse#marker #marker} => String
8508
+ #
8509
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
8510
+ #
8511
+ # @example Request syntax with placeholder values
8512
+ #
8513
+ # resp = client.list_server_certificates({
8514
+ # path_prefix: "pathPrefixType",
8515
+ # marker: "markerType",
8516
+ # max_items: 1,
8517
+ # })
8518
+ #
8519
+ # @example Response structure
8520
+ #
8521
+ # resp.server_certificate_metadata_list #=> Array
7885
8522
  # resp.server_certificate_metadata_list[0].path #=> String
7886
8523
  # resp.server_certificate_metadata_list[0].server_certificate_name #=> String
7887
8524
  # resp.server_certificate_metadata_list[0].server_certificate_id #=> String
@@ -7905,7 +8542,7 @@ module Aws::IAM
7905
8542
  # empty list. The service-specific credentials returned by this
7906
8543
  # operation are used only for authenticating the IAM user to a specific
7907
8544
  # service. For more information about using service-specific credentials
7908
- # to authenticate to an AWS service, see [Set Up service-specific
8545
+ # to authenticate to an AWS service, see [Set up service-specific
7909
8546
  # credentials][1] in the AWS CodeCommit User Guide.
7910
8547
  #
7911
8548
  #
@@ -7971,9 +8608,10 @@ module Aws::IAM
7971
8608
  #
7972
8609
  # If the `UserName` field is not specified, the user name is determined
7973
8610
  # implicitly based on the AWS access key ID used to sign the request for
7974
- # this API. This operation works for access keys under the AWS account.
7975
- # Consequently, you can use this operation to manage AWS account root
7976
- # user credentials even if the AWS account has no associated users.
8611
+ # this operation. This operation works for access keys under the AWS
8612
+ # account. Consequently, you can use this operation to manage AWS
8613
+ # account root user credentials even if the AWS account has no
8614
+ # associated users.
7977
8615
  #
7978
8616
  # @option params [String] :user_name
7979
8617
  # The name of the IAM user whose signing certificates you want to
@@ -8069,7 +8707,7 @@ module Aws::IAM
8069
8707
  # An IAM user can also have managed policies attached to it. To list the
8070
8708
  # managed policies that are attached to a user, use
8071
8709
  # ListAttachedUserPolicies. For more information about policies, see
8072
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
8710
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
8073
8711
  #
8074
8712
  # You can paginate the results using the `MaxItems` and `Marker`
8075
8713
  # parameters. If there are no inline policies embedded with the
@@ -8140,9 +8778,9 @@ module Aws::IAM
8140
8778
  req.send_request(options)
8141
8779
  end
8142
8780
 
8143
- # Lists the tags that are attached to the specified user. The returned
8144
- # list of tags is sorted by tag key. For more information about tagging,
8145
- # see [Tagging IAM Identities][1] in the *IAM User Guide*.
8781
+ # Lists the tags that are attached to the specified IAM user. The
8782
+ # returned list of tags is sorted by tag key. For more information about
8783
+ # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
8146
8784
  #
8147
8785
  #
8148
8786
  #
@@ -8237,6 +8875,13 @@ module Aws::IAM
8237
8875
  # prefix is specified, the operation returns all users in the AWS
8238
8876
  # account. If there are none, the operation returns an empty list.
8239
8877
  #
8878
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
8879
+ # attributes for the resource. For example, this operation does not
8880
+ # return tags, even though they are an attribute of the returned object.
8881
+ # To view all of the information for a user, see GetUser.
8882
+ #
8883
+ # </note>
8884
+ #
8240
8885
  # You can paginate the results using the `MaxItems` and `Marker`
8241
8886
  # parameters.
8242
8887
  #
@@ -8351,6 +8996,14 @@ module Aws::IAM
8351
8996
  # returns a list of all virtual MFA devices. Assignment status can be
8352
8997
  # `Assigned`, `Unassigned`, or `Any`.
8353
8998
  #
8999
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
9000
+ # attributes for the resource. For example, this operation does not
9001
+ # return tags, even though they are an attribute of the returned object.
9002
+ # To view all of the information for a virtual MFA device, see
9003
+ # ListVirtualMFADevices.
9004
+ #
9005
+ # </note>
9006
+ #
8354
9007
  # You can paginate the results using the `MaxItems` and `Marker`
8355
9008
  # parameters.
8356
9009
  #
@@ -8430,6 +9083,9 @@ module Aws::IAM
8430
9083
  # resp.virtual_mfa_devices[0].user.tags[0].key #=> String
8431
9084
  # resp.virtual_mfa_devices[0].user.tags[0].value #=> String
8432
9085
  # resp.virtual_mfa_devices[0].enable_date #=> Time
9086
+ # resp.virtual_mfa_devices[0].tags #=> Array
9087
+ # resp.virtual_mfa_devices[0].tags[0].key #=> String
9088
+ # resp.virtual_mfa_devices[0].tags[0].value #=> String
8433
9089
  # resp.is_truncated #=> Boolean
8434
9090
  # resp.marker #=> String
8435
9091
  #
@@ -8448,15 +9104,15 @@ module Aws::IAM
8448
9104
  # A user can also have managed policies attached to it. To attach a
8449
9105
  # managed policy to a group, use AttachGroupPolicy. To create a new
8450
9106
  # managed policy, use CreatePolicy. For information about policies, see
8451
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
9107
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
8452
9108
  #
8453
- # For information about limits on the number of inline policies that you
8454
- # can embed in a group, see [Limitations on IAM Entities][2] in the *IAM
8455
- # User Guide*.
9109
+ # For information about the maximum number of inline policies that you
9110
+ # can embed in a group, see [IAM and STS quotas][2] in the *IAM User
9111
+ # Guide*.
8456
9112
  #
8457
9113
  # <note markdown="1"> Because policy documents can be large, you should use POST rather than
8458
9114
  # GET when calling `PutGroupPolicy`. For general information about using
8459
- # the Query API with IAM, go to [Making Query Requests][3] in the *IAM
9115
+ # the Query API with IAM, see [Making query requests][3] in the *IAM
8460
9116
  # User Guide*.
8461
9117
  #
8462
9118
  # </note>
@@ -8464,7 +9120,7 @@ module Aws::IAM
8464
9120
  #
8465
9121
  #
8466
9122
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8467
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
9123
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
8468
9124
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
8469
9125
  #
8470
9126
  # @option params [required, String] :group_name
@@ -8557,7 +9213,7 @@ module Aws::IAM
8557
9213
  # Policies used as permissions boundaries do not provide permissions.
8558
9214
  # You must also attach a permissions policy to the role. To learn how
8559
9215
  # the effective permissions for a role are evaluated, see [IAM JSON
8560
- # Policy Evaluation Logic][1] in the IAM User Guide.
9216
+ # policy evaluation logic][1] in the IAM User Guide.
8561
9217
  #
8562
9218
  #
8563
9219
  #
@@ -8596,21 +9252,21 @@ module Aws::IAM
8596
9252
  # as part of the role's access (permissions) policy. The role's trust
8597
9253
  # policy is created at the same time as the role, using CreateRole. You
8598
9254
  # can update a role's trust policy using UpdateAssumeRolePolicy. For
8599
- # more information about IAM roles, go to [Using Roles to Delegate
8600
- # Permissions and Federate Identities][1].
9255
+ # more information about IAM roles, see [Using roles to delegate
9256
+ # permissions and federate identities][1].
8601
9257
  #
8602
9258
  # A role can also have a managed policy attached to it. To attach a
8603
9259
  # managed policy to a role, use AttachRolePolicy. To create a new
8604
9260
  # managed policy, use CreatePolicy. For information about policies, see
8605
- # [Managed Policies and Inline Policies][2] in the *IAM User Guide*.
9261
+ # [Managed policies and inline policies][2] in the *IAM User Guide*.
8606
9262
  #
8607
- # For information about limits on the number of inline policies that you
8608
- # can embed with a role, see [Limitations on IAM Entities][3] in the
8609
- # *IAM User Guide*.
9263
+ # For information about the maximum number of inline policies that you
9264
+ # can embed with a role, see [IAM and STS quotas][3] in the *IAM User
9265
+ # Guide*.
8610
9266
  #
8611
9267
  # <note markdown="1"> Because policy documents can be large, you should use POST rather than
8612
9268
  # GET when calling `PutRolePolicy`. For general information about using
8613
- # the Query API with IAM, go to [Making Query Requests][4] in the *IAM
9269
+ # the Query API with IAM, see [Making query requests][4] in the *IAM
8614
9270
  # User Guide*.
8615
9271
  #
8616
9272
  # </note>
@@ -8619,7 +9275,7 @@ module Aws::IAM
8619
9275
  #
8620
9276
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
8621
9277
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8622
- # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
9278
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
8623
9279
  # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
8624
9280
  #
8625
9281
  # @option params [required, String] :role_name
@@ -8710,7 +9366,7 @@ module Aws::IAM
8710
9366
  # Policies that are used as permissions boundaries do not provide
8711
9367
  # permissions. You must also attach a permissions policy to the user. To
8712
9368
  # learn how the effective permissions for a user are evaluated, see [IAM
8713
- # JSON Policy Evaluation Logic][1] in the IAM User Guide.
9369
+ # JSON policy evaluation logic][1] in the IAM User Guide.
8714
9370
  #
8715
9371
  #
8716
9372
  #
@@ -8748,15 +9404,15 @@ module Aws::IAM
8748
9404
  # An IAM user can also have a managed policy attached to it. To attach a
8749
9405
  # managed policy to a user, use AttachUserPolicy. To create a new
8750
9406
  # managed policy, use CreatePolicy. For information about policies, see
8751
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
9407
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
8752
9408
  #
8753
- # For information about limits on the number of inline policies that you
8754
- # can embed in a user, see [Limitations on IAM Entities][2] in the *IAM
8755
- # User Guide*.
9409
+ # For information about the maximum number of inline policies that you
9410
+ # can embed in a user, see [IAM and STS quotas][2] in the *IAM User
9411
+ # Guide*.
8756
9412
  #
8757
9413
  # <note markdown="1"> Because policy documents can be large, you should use POST rather than
8758
9414
  # GET when calling `PutUserPolicy`. For general information about using
8759
- # the Query API with IAM, go to [Making Query Requests][3] in the *IAM
9415
+ # the Query API with IAM, see [Making query requests][3] in the *IAM
8760
9416
  # User Guide*.
8761
9417
  #
8762
9418
  # </note>
@@ -8764,7 +9420,7 @@ module Aws::IAM
8764
9420
  #
8765
9421
  #
8766
9422
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8767
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
9423
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
8768
9424
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
8769
9425
  #
8770
9426
  # @option params [required, String] :user_name
@@ -8857,8 +9513,8 @@ module Aws::IAM
8857
9513
  # remove the client ID from. You can get a list of OIDC provider ARNs by
8858
9514
  # using the ListOpenIDConnectProviders operation.
8859
9515
  #
8860
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
8861
- # AWS Service Namespaces][1] in the *AWS General Reference*.
9516
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
9517
+ # in the *AWS General Reference*.
8862
9518
  #
8863
9519
  #
8864
9520
  #
@@ -8895,9 +9551,9 @@ module Aws::IAM
8895
9551
  # role from an instance profile that is associated with a running
8896
9552
  # instance might break any applications running on the instance.
8897
9553
  #
8898
- # For more information about IAM roles, go to [Working with Roles][1].
8899
- # For more information about instance profiles, go to [About Instance
8900
- # Profiles][2].
9554
+ # For more information about IAM roles, see [Working with roles][1]. For
9555
+ # more information about instance profiles, see [About instance
9556
+ # profiles][2].
8901
9557
  #
8902
9558
  #
8903
9559
  #
@@ -9074,8 +9730,7 @@ module Aws::IAM
9074
9730
  # the AWS servers.
9075
9731
  #
9076
9732
  # For more information about creating and working with virtual MFA
9077
- # devices, go to [Using a Virtual MFA Device][1] in the *IAM User
9078
- # Guide*.
9733
+ # devices, see [Using a virtual MFA device][1] in the *IAM User Guide*.
9079
9734
  #
9080
9735
  #
9081
9736
  #
@@ -9140,10 +9795,10 @@ module Aws::IAM
9140
9795
  #
9141
9796
  # This operation affects all users, groups, and roles that the policy is
9142
9797
  # attached to. To list the users, groups, and roles that the policy is
9143
- # attached to, use the ListEntitiesForPolicy API.
9798
+ # attached to, use ListEntitiesForPolicy.
9144
9799
  #
9145
- # For information about managed policies, see [Managed Policies and
9146
- # Inline Policies][1] in the *IAM User Guide*.
9800
+ # For information about managed policies, see [Managed policies and
9801
+ # inline policies][1] in the *IAM User Guide*.
9147
9802
  #
9148
9803
  #
9149
9804
  #
@@ -9153,8 +9808,8 @@ module Aws::IAM
9153
9808
  # The Amazon Resource Name (ARN) of the IAM policy whose default version
9154
9809
  # you want to set.
9155
9810
  #
9156
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9157
- # AWS Service Namespaces][1] in the *AWS General Reference*.
9811
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
9812
+ # in the *AWS General Reference*.
9158
9813
  #
9159
9814
  #
9160
9815
  #
@@ -9164,7 +9819,7 @@ module Aws::IAM
9164
9819
  # The version of the policy to set as the default (operative) version.
9165
9820
  #
9166
9821
  # For more information about managed policy versions, see [Versioning
9167
- # for Managed Policies][1] in the *IAM User Guide*.
9822
+ # for managed policies][1] in the *IAM User Guide*.
9168
9823
  #
9169
9824
  #
9170
9825
  #
@@ -9196,7 +9851,8 @@ module Aws::IAM
9196
9851
  # `https://sts.amazonaws.com`. AWS recommends using Regional STS
9197
9852
  # endpoints to reduce latency, build in redundancy, and increase session
9198
9853
  # token availability. For information about Regional endpoints for STS,
9199
- # see [AWS Regions and Endpoints][1] in the *AWS General Reference*.
9854
+ # see [AWS AWS Security Token Service endpoints and quotas][1] in the
9855
+ # *AWS General Reference*.
9200
9856
  #
9201
9857
  # If you make an STS call to the global endpoint, the resulting session
9202
9858
  # tokens might be valid in some Regions but not others. It depends on
@@ -9205,8 +9861,8 @@ module Aws::IAM
9205
9861
  # work in manually enabled Regions, such as Asia Pacific (Hong Kong).
9206
9862
  # Version 2 tokens are valid in all Regions. However, version 2 tokens
9207
9863
  # are longer and might affect systems where you temporarily store
9208
- # tokens. For information, see [Activating and Deactivating STS in an
9209
- # AWS Region][2] in the *IAM User Guide*.
9864
+ # tokens. For information, see [Activating and deactivating STS in an
9865
+ # AWS region][2] in the *IAM User Guide*.
9210
9866
  #
9211
9867
  # To view the current session token version, see the
9212
9868
  # `GlobalEndpointTokenVersion` entry in the response of the
@@ -9214,7 +9870,7 @@ module Aws::IAM
9214
9870
  #
9215
9871
  #
9216
9872
  #
9217
- # [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region
9873
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/sts.html
9218
9874
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
9219
9875
  #
9220
9876
  # @option params [required, String] :global_endpoint_token_version
@@ -9225,8 +9881,8 @@ module Aws::IAM
9225
9881
  # are longer and might affect systems where you temporarily store
9226
9882
  # tokens.
9227
9883
  #
9228
- # For information, see [Activating and Deactivating STS in an AWS
9229
- # Region][1] in the *IAM User Guide*.
9884
+ # For information, see [Activating and deactivating STS in an AWS
9885
+ # region][1] in the *IAM User Guide*.
9230
9886
  #
9231
9887
  #
9232
9888
  #
@@ -9265,7 +9921,8 @@ module Aws::IAM
9265
9921
  #
9266
9922
  # The simulation does not perform the API operations; it only checks the
9267
9923
  # authorization to determine if the simulated policies allow or deny the
9268
- # operations.
9924
+ # operations. You can simulate resources that don't exist in your
9925
+ # account.
9269
9926
  #
9270
9927
  # If you want to simulate existing policies that are attached to an IAM
9271
9928
  # user, group, or role, use SimulatePrincipalPolicy instead.
@@ -9279,6 +9936,14 @@ module Aws::IAM
9279
9936
  # If the output is long, you can use `MaxItems` and `Marker` parameters
9280
9937
  # to paginate the results.
9281
9938
  #
9939
+ # For more information about using the policy simulator, see [Testing
9940
+ # IAM policies with the IAM policy simulator ][1]in the *IAM User
9941
+ # Guide*.
9942
+ #
9943
+ #
9944
+ #
9945
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
9946
+ #
9282
9947
  # @option params [required, Array<String>] :policy_input_list
9283
9948
  # A list of policy documents to include in the simulation. Each document
9284
9949
  # is specified as a string containing the complete, valid JSON text of
@@ -9313,7 +9978,7 @@ module Aws::IAM
9313
9978
  # boundary sets the maximum permissions that an IAM entity can have. You
9314
9979
  # can input only one permissions boundary when you pass a policy to this
9315
9980
  # operation. For more information about permissions boundaries, see
9316
- # [Permissions Boundaries for IAM Entities][1] in the *IAM User Guide*.
9981
+ # [Permissions boundaries for IAM entities][1] in the *IAM User Guide*.
9317
9982
  # The policy input is specified as a string that contains the complete,
9318
9983
  # valid JSON text of a permissions boundary policy.
9319
9984
  #
@@ -9346,7 +10011,8 @@ module Aws::IAM
9346
10011
  # resources). Each API in the `ActionNames` parameter is evaluated for
9347
10012
  # each resource in this list. The simulation determines the access
9348
10013
  # result (allowed or denied) of each combination and reports it in the
9349
- # response.
10014
+ # response. You can simulate resources that don't exist in your
10015
+ # account.
9350
10016
  #
9351
10017
  # The simulation does not automatically retrieve policies for the
9352
10018
  # specified resources. If you want to include a resource policy in the
@@ -9357,8 +10023,8 @@ module Aws::IAM
9357
10023
  # of the resources included in the simulation or you receive an invalid
9358
10024
  # input error.
9359
10025
  #
9360
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9361
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10026
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10027
+ # in the *AWS General Reference*.
9362
10028
  #
9363
10029
  #
9364
10030
  #
@@ -9434,7 +10100,7 @@ module Aws::IAM
9434
10100
  # includes VPC, then you must supply the network-interface resource. If
9435
10101
  # it includes an IP subnet, then you must specify the subnet resource.
9436
10102
  # For more information on the EC2 scenario options, see [Supported
9437
- # Platforms][1] in the *Amazon EC2 User Guide*.
10103
+ # platforms][1] in the *Amazon EC2 User Guide*.
9438
10104
  #
9439
10105
  # * **EC2-Classic-InstanceStore**
9440
10106
  #
@@ -9562,7 +10228,8 @@ module Aws::IAM
9562
10228
  # policies' effective permissions. The entity can be an IAM user,
9563
10229
  # group, or role. If you specify a user, then the simulation also
9564
10230
  # includes all of the policies that are attached to groups that the user
9565
- # belongs to.
10231
+ # belongs to. You can simulate resources that don't exist in your
10232
+ # account.
9566
10233
  #
9567
10234
  # You can optionally include a list of one or more additional policies
9568
10235
  # specified as strings to include in the simulation. If you want to
@@ -9576,8 +10243,8 @@ module Aws::IAM
9576
10243
  # authorization to determine if the simulated policies allow or deny the
9577
10244
  # operations.
9578
10245
  #
9579
- # **Note:** This API discloses information about the permissions granted
9580
- # to other users. If you do not want users to see other user's
10246
+ # **Note:** This operation discloses information about the permissions
10247
+ # granted to other users. If you do not want users to see other user's
9581
10248
  # permissions, then consider allowing them to use SimulateCustomPolicy
9582
10249
  # instead.
9583
10250
  #
@@ -9590,6 +10257,14 @@ module Aws::IAM
9590
10257
  # If the output is long, you can use the `MaxItems` and `Marker`
9591
10258
  # parameters to paginate the results.
9592
10259
  #
10260
+ # For more information about using the policy simulator, see [Testing
10261
+ # IAM policies with the IAM policy simulator ][1]in the *IAM User
10262
+ # Guide*.
10263
+ #
10264
+ #
10265
+ #
10266
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
10267
+ #
9593
10268
  # @option params [required, String] :policy_source_arn
9594
10269
  # The Amazon Resource Name (ARN) of a user, group, or role whose
9595
10270
  # policies you want to include in the simulation. If you specify a user,
@@ -9598,8 +10273,8 @@ module Aws::IAM
9598
10273
  # also includes all policies that are attached to any groups the user
9599
10274
  # belongs to.
9600
10275
  #
9601
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9602
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10276
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10277
+ # in the *AWS General Reference*.
9603
10278
  #
9604
10279
  #
9605
10280
  #
@@ -9635,7 +10310,7 @@ module Aws::IAM
9635
10310
  # to an entity and you pass in a different permissions boundary policy
9636
10311
  # using this parameter, then the new permissions boundary policy is used
9637
10312
  # for the simulation. For more information about permissions boundaries,
9638
- # see [Permissions Boundaries for IAM Entities][1] in the *IAM User
10313
+ # see [Permissions boundaries for IAM entities][1] in the *IAM User
9639
10314
  # Guide*. The policy input is specified as a string containing the
9640
10315
  # complete, valid JSON text of a permissions boundary policy.
9641
10316
  #
@@ -9667,15 +10342,16 @@ module Aws::IAM
9667
10342
  # resources). Each API in the `ActionNames` parameter is evaluated for
9668
10343
  # each resource in this list. The simulation determines the access
9669
10344
  # result (allowed or denied) of each combination and reports it in the
9670
- # response.
10345
+ # response. You can simulate resources that don't exist in your
10346
+ # account.
9671
10347
  #
9672
10348
  # The simulation does not automatically retrieve policies for the
9673
10349
  # specified resources. If you want to include a resource policy in the
9674
10350
  # simulation, then you must include the policy as a string in the
9675
10351
  # `ResourcePolicy` parameter.
9676
10352
  #
9677
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9678
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10353
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10354
+ # in the *AWS General Reference*.
9679
10355
  #
9680
10356
  #
9681
10357
  #
@@ -9733,8 +10409,8 @@ module Aws::IAM
9733
10409
  # that the resource-based policy's `Principal` element has a value to
9734
10410
  # use in evaluating the policy.
9735
10411
  #
9736
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9737
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10412
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10413
+ # in the *AWS General Reference*.
9738
10414
  #
9739
10415
  #
9740
10416
  #
@@ -9761,7 +10437,7 @@ module Aws::IAM
9761
10437
  # includes VPC, then you must supply the network interface resource. If
9762
10438
  # it includes an IP subnet, then you must specify the subnet resource.
9763
10439
  # For more information on the EC2 scenario options, see [Supported
9764
- # Platforms][1] in the *Amazon EC2 User Guide*.
10440
+ # platforms][1] in the *Amazon EC2 User Guide*.
9765
10441
  #
9766
10442
  # * **EC2-Classic-InstanceStore**
9767
10443
  #
@@ -9885,6 +10561,309 @@ module Aws::IAM
9885
10561
  req.send_request(options)
9886
10562
  end
9887
10563
 
10564
+ # Adds one or more tags to an IAM instance profile. If a tag with the
10565
+ # same key name already exists, then that tag is overwritten with the
10566
+ # new value.
10567
+ #
10568
+ # Each tag consists of a key name and an associated value. By assigning
10569
+ # tags to your resources, you can do the following:
10570
+ #
10571
+ # * **Administrative grouping and discovery** - Attach tags to resources
10572
+ # to aid in organization and search. For example, you could search for
10573
+ # all resources with the key name *Project* and the value
10574
+ # *MyImportantProject*. Or search for all resources with the key name
10575
+ # *Cost Center* and the value *41200*.
10576
+ #
10577
+ # * **Access control** - Include tags in IAM user-based and
10578
+ # resource-based policies. You can use tags to restrict access to only
10579
+ # an IAM instance profile that has a specified tag attached. For
10580
+ # examples of policies that show how to use tags to control access,
10581
+ # see [Control access using IAM tags][1] in the *IAM User Guide*.
10582
+ #
10583
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10584
+ # maximum number of tags, then the entire request fails and the
10585
+ # resource is not created. For more information about tagging, see
10586
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10587
+ #
10588
+ # * AWS always interprets the tag `Value` as a single string. If you
10589
+ # need to store an array, you can store comma-separated values in the
10590
+ # string. However, you must interpret the value in your code.
10591
+ #
10592
+ # </note>
10593
+ #
10594
+ #
10595
+ #
10596
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10597
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10598
+ #
10599
+ # @option params [required, String] :instance_profile_name
10600
+ # The name of the IAM instance profile to which you want to add tags.
10601
+ #
10602
+ # This parameter accepts (through its [regex pattern][1]) a string of
10603
+ # characters that consist of upper and lowercase alphanumeric characters
10604
+ # with no spaces. You can also include any of the following characters:
10605
+ # =,.@-
10606
+ #
10607
+ #
10608
+ #
10609
+ # [1]: http://wikipedia.org/wiki/regex
10610
+ #
10611
+ # @option params [required, Array<Types::Tag>] :tags
10612
+ # The list of tags that you want to attach to the IAM instance profile.
10613
+ # Each tag consists of a key name and an associated value.
10614
+ #
10615
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10616
+ #
10617
+ # @example Request syntax with placeholder values
10618
+ #
10619
+ # resp = client.tag_instance_profile({
10620
+ # instance_profile_name: "instanceProfileNameType", # required
10621
+ # tags: [ # required
10622
+ # {
10623
+ # key: "tagKeyType", # required
10624
+ # value: "tagValueType", # required
10625
+ # },
10626
+ # ],
10627
+ # })
10628
+ #
10629
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagInstanceProfile AWS API Documentation
10630
+ #
10631
+ # @overload tag_instance_profile(params = {})
10632
+ # @param [Hash] params ({})
10633
+ def tag_instance_profile(params = {}, options = {})
10634
+ req = build_request(:tag_instance_profile, params)
10635
+ req.send_request(options)
10636
+ end
10637
+
10638
+ # Adds one or more tags to an IAM virtual multi-factor authentication
10639
+ # (MFA) device. If a tag with the same key name already exists, then
10640
+ # that tag is overwritten with the new value.
10641
+ #
10642
+ # A tag consists of a key name and an associated value. By assigning
10643
+ # tags to your resources, you can do the following:
10644
+ #
10645
+ # * **Administrative grouping and discovery** - Attach tags to resources
10646
+ # to aid in organization and search. For example, you could search for
10647
+ # all resources with the key name *Project* and the value
10648
+ # *MyImportantProject*. Or search for all resources with the key name
10649
+ # *Cost Center* and the value *41200*.
10650
+ #
10651
+ # * **Access control** - Include tags in IAM user-based and
10652
+ # resource-based policies. You can use tags to restrict access to only
10653
+ # an IAM virtual MFA device that has a specified tag attached. For
10654
+ # examples of policies that show how to use tags to control access,
10655
+ # see [Control access using IAM tags][1] in the *IAM User Guide*.
10656
+ #
10657
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10658
+ # maximum number of tags, then the entire request fails and the
10659
+ # resource is not created. For more information about tagging, see
10660
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10661
+ #
10662
+ # * AWS always interprets the tag `Value` as a single string. If you
10663
+ # need to store an array, you can store comma-separated values in the
10664
+ # string. However, you must interpret the value in your code.
10665
+ #
10666
+ # </note>
10667
+ #
10668
+ #
10669
+ #
10670
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10671
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10672
+ #
10673
+ # @option params [required, String] :serial_number
10674
+ # The unique identifier for the IAM virtual MFA device to which you want
10675
+ # to add tags. For virtual MFA devices, the serial number is the same as
10676
+ # the ARN.
10677
+ #
10678
+ # This parameter accepts (through its [regex pattern][1]) a string of
10679
+ # characters that consist of upper and lowercase alphanumeric characters
10680
+ # with no spaces. You can also include any of the following characters:
10681
+ # =,.@-
10682
+ #
10683
+ #
10684
+ #
10685
+ # [1]: http://wikipedia.org/wiki/regex
10686
+ #
10687
+ # @option params [required, Array<Types::Tag>] :tags
10688
+ # The list of tags that you want to attach to the IAM virtual MFA
10689
+ # device. Each tag consists of a key name and an associated value.
10690
+ #
10691
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10692
+ #
10693
+ # @example Request syntax with placeholder values
10694
+ #
10695
+ # resp = client.tag_mfa_device({
10696
+ # serial_number: "serialNumberType", # required
10697
+ # tags: [ # required
10698
+ # {
10699
+ # key: "tagKeyType", # required
10700
+ # value: "tagValueType", # required
10701
+ # },
10702
+ # ],
10703
+ # })
10704
+ #
10705
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagMFADevice AWS API Documentation
10706
+ #
10707
+ # @overload tag_mfa_device(params = {})
10708
+ # @param [Hash] params ({})
10709
+ def tag_mfa_device(params = {}, options = {})
10710
+ req = build_request(:tag_mfa_device, params)
10711
+ req.send_request(options)
10712
+ end
10713
+
10714
+ # Adds one or more tags to an OpenID Connect (OIDC)-compatible identity
10715
+ # provider. For more information about these providers, see [About web
10716
+ # identity federation][1]. If a tag with the same key name already
10717
+ # exists, then that tag is overwritten with the new value.
10718
+ #
10719
+ # A tag consists of a key name and an associated value. By assigning
10720
+ # tags to your resources, you can do the following:
10721
+ #
10722
+ # * **Administrative grouping and discovery** - Attach tags to resources
10723
+ # to aid in organization and search. For example, you could search for
10724
+ # all resources with the key name *Project* and the value
10725
+ # *MyImportantProject*. Or search for all resources with the key name
10726
+ # *Cost Center* and the value *41200*.
10727
+ #
10728
+ # * **Access control** - Include tags in IAM user-based and
10729
+ # resource-based policies. You can use tags to restrict access to only
10730
+ # an OIDC provider that has a specified tag attached. For examples of
10731
+ # policies that show how to use tags to control access, see [Control
10732
+ # access using IAM tags][2] in the *IAM User Guide*.
10733
+ #
10734
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10735
+ # maximum number of tags, then the entire request fails and the
10736
+ # resource is not created. For more information about tagging, see
10737
+ # [Tagging IAM resources][3] in the *IAM User Guide*.
10738
+ #
10739
+ # * AWS always interprets the tag `Value` as a single string. If you
10740
+ # need to store an array, you can store comma-separated values in the
10741
+ # string. However, you must interpret the value in your code.
10742
+ #
10743
+ # </note>
10744
+ #
10745
+ #
10746
+ #
10747
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
10748
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10749
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10750
+ #
10751
+ # @option params [required, String] :open_id_connect_provider_arn
10752
+ # The ARN of the OIDC identity provider in IAM to which you want to add
10753
+ # tags.
10754
+ #
10755
+ # This parameter accepts (through its [regex pattern][1]) a string of
10756
+ # characters that consist of upper and lowercase alphanumeric characters
10757
+ # with no spaces. You can also include any of the following characters:
10758
+ # =,.@-
10759
+ #
10760
+ #
10761
+ #
10762
+ # [1]: http://wikipedia.org/wiki/regex
10763
+ #
10764
+ # @option params [required, Array<Types::Tag>] :tags
10765
+ # The list of tags that you want to attach to the OIDC identity provider
10766
+ # in IAM. Each tag consists of a key name and an associated value.
10767
+ #
10768
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10769
+ #
10770
+ # @example Request syntax with placeholder values
10771
+ #
10772
+ # resp = client.tag_open_id_connect_provider({
10773
+ # open_id_connect_provider_arn: "arnType", # required
10774
+ # tags: [ # required
10775
+ # {
10776
+ # key: "tagKeyType", # required
10777
+ # value: "tagValueType", # required
10778
+ # },
10779
+ # ],
10780
+ # })
10781
+ #
10782
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagOpenIDConnectProvider AWS API Documentation
10783
+ #
10784
+ # @overload tag_open_id_connect_provider(params = {})
10785
+ # @param [Hash] params ({})
10786
+ def tag_open_id_connect_provider(params = {}, options = {})
10787
+ req = build_request(:tag_open_id_connect_provider, params)
10788
+ req.send_request(options)
10789
+ end
10790
+
10791
+ # Adds one or more tags to an IAM customer managed policy. If a tag with
10792
+ # the same key name already exists, then that tag is overwritten with
10793
+ # the new value.
10794
+ #
10795
+ # A tag consists of a key name and an associated value. By assigning
10796
+ # tags to your resources, you can do the following:
10797
+ #
10798
+ # * **Administrative grouping and discovery** - Attach tags to resources
10799
+ # to aid in organization and search. For example, you could search for
10800
+ # all resources with the key name *Project* and the value
10801
+ # *MyImportantProject*. Or search for all resources with the key name
10802
+ # *Cost Center* and the value *41200*.
10803
+ #
10804
+ # * **Access control** - Include tags in IAM user-based and
10805
+ # resource-based policies. You can use tags to restrict access to only
10806
+ # an IAM customer managed policy that has a specified tag attached.
10807
+ # For examples of policies that show how to use tags to control
10808
+ # access, see [Control access using IAM tags][1] in the *IAM User
10809
+ # Guide*.
10810
+ #
10811
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10812
+ # maximum number of tags, then the entire request fails and the
10813
+ # resource is not created. For more information about tagging, see
10814
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10815
+ #
10816
+ # * AWS always interprets the tag `Value` as a single string. If you
10817
+ # need to store an array, you can store comma-separated values in the
10818
+ # string. However, you must interpret the value in your code.
10819
+ #
10820
+ # </note>
10821
+ #
10822
+ #
10823
+ #
10824
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10825
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10826
+ #
10827
+ # @option params [required, String] :policy_arn
10828
+ # The ARN of the IAM customer managed policy to which you want to add
10829
+ # tags.
10830
+ #
10831
+ # This parameter accepts (through its [regex pattern][1]) a string of
10832
+ # characters that consist of upper and lowercase alphanumeric characters
10833
+ # with no spaces. You can also include any of the following characters:
10834
+ # =,.@-
10835
+ #
10836
+ #
10837
+ #
10838
+ # [1]: http://wikipedia.org/wiki/regex
10839
+ #
10840
+ # @option params [required, Array<Types::Tag>] :tags
10841
+ # The list of tags that you want to attach to the IAM customer managed
10842
+ # policy. Each tag consists of a key name and an associated value.
10843
+ #
10844
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10845
+ #
10846
+ # @example Request syntax with placeholder values
10847
+ #
10848
+ # resp = client.tag_policy({
10849
+ # policy_arn: "arnType", # required
10850
+ # tags: [ # required
10851
+ # {
10852
+ # key: "tagKeyType", # required
10853
+ # value: "tagValueType", # required
10854
+ # },
10855
+ # ],
10856
+ # })
10857
+ #
10858
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagPolicy AWS API Documentation
10859
+ #
10860
+ # @overload tag_policy(params = {})
10861
+ # @param [Hash] params ({})
10862
+ def tag_policy(params = {}, options = {})
10863
+ req = build_request(:tag_policy, params)
10864
+ req.send_request(options)
10865
+ end
10866
+
9888
10867
  # Adds one or more tags to an IAM role. The role can be a regular role
9889
10868
  # or a service-linked role. If a tag with the same key name already
9890
10869
  # exists, then that tag is overwritten with the new value.
@@ -9898,20 +10877,20 @@ module Aws::IAM
9898
10877
  # *MyImportantProject*. Or search for all resources with the key name
9899
10878
  # *Cost Center* and the value *41200*.
9900
10879
  #
9901
- # * **Access control** - Reference tags in IAM user-based and
10880
+ # * **Access control** - Include tags in IAM user-based and
9902
10881
  # resource-based policies. You can use tags to restrict access to only
9903
- # an IAM user or role that has a specified tag attached. You can also
9904
- # restrict access to only those resources that have a certain tag
9905
- # attached. For examples of policies that show how to use tags to
9906
- # control access, see [Control Access Using IAM Tags][1] in the *IAM
9907
- # User Guide*.
10882
+ # an IAM role that has a specified tag attached. You can also restrict
10883
+ # access to only those resources that have a certain tag attached. For
10884
+ # examples of policies that show how to use tags to control access,
10885
+ # see [Control access using IAM tags][1] in the *IAM User Guide*.
9908
10886
  #
9909
10887
  # * **Cost allocation** - Use tags to help track which individuals and
9910
10888
  # teams are using which AWS resources.
9911
10889
  #
9912
- # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed
9913
- # the allowed number of tags per role. In either case, the entire
9914
- # request fails and *no* tags are added to the role.
10890
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10891
+ # maximum number of tags, then the entire request fails and the
10892
+ # resource is not created. For more information about tagging, see
10893
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
9915
10894
  #
9916
10895
  # * AWS always interprets the tag `Value` as a single string. If you
9917
10896
  # need to store an array, you can store comma-separated values in the
@@ -9919,7 +10898,7 @@ module Aws::IAM
9919
10898
  #
9920
10899
  # </note>
9921
10900
  #
9922
- # For more information about tagging, see [Tagging IAM Identities][2] in
10901
+ # For more information about tagging, see [Tagging IAM identities][2] in
9923
10902
  # the *IAM User Guide*.
9924
10903
  #
9925
10904
  #
@@ -9928,47 +10907,209 @@ module Aws::IAM
9928
10907
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
9929
10908
  #
9930
10909
  # @option params [required, String] :role_name
9931
- # The name of the role that you want to add tags to.
10910
+ # The name of the IAM role to which you want to add tags.
10911
+ #
10912
+ # This parameter accepts (through its [regex pattern][1]) a string of
10913
+ # characters that consist of upper and lowercase alphanumeric characters
10914
+ # with no spaces. You can also include any of the following characters:
10915
+ # \_+=,.@-
10916
+ #
10917
+ #
10918
+ #
10919
+ # [1]: http://wikipedia.org/wiki/regex
10920
+ #
10921
+ # @option params [required, Array<Types::Tag>] :tags
10922
+ # The list of tags that you want to attach to the IAM role. Each tag
10923
+ # consists of a key name and an associated value.
10924
+ #
10925
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10926
+ #
10927
+ #
10928
+ # @example Example: To add a tag key and value to an IAM role
10929
+ #
10930
+ # # The following example shows how to add tags to an existing role.
10931
+ #
10932
+ # resp = client.tag_role({
10933
+ # role_name: "taggedrole",
10934
+ # tags: [
10935
+ # {
10936
+ # key: "Dept",
10937
+ # value: "Accounting",
10938
+ # },
10939
+ # {
10940
+ # key: "CostCenter",
10941
+ # value: "12345",
10942
+ # },
10943
+ # ],
10944
+ # })
10945
+ #
10946
+ # @example Request syntax with placeholder values
10947
+ #
10948
+ # resp = client.tag_role({
10949
+ # role_name: "roleNameType", # required
10950
+ # tags: [ # required
10951
+ # {
10952
+ # key: "tagKeyType", # required
10953
+ # value: "tagValueType", # required
10954
+ # },
10955
+ # ],
10956
+ # })
10957
+ #
10958
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole AWS API Documentation
10959
+ #
10960
+ # @overload tag_role(params = {})
10961
+ # @param [Hash] params ({})
10962
+ def tag_role(params = {}, options = {})
10963
+ req = build_request(:tag_role, params)
10964
+ req.send_request(options)
10965
+ end
10966
+
10967
+ # Adds one or more tags to a Security Assertion Markup Language (SAML)
10968
+ # identity provider. For more information about these providers, see
10969
+ # [About SAML 2.0-based federation ][1]. If a tag with the same key name
10970
+ # already exists, then that tag is overwritten with the new value.
10971
+ #
10972
+ # A tag consists of a key name and an associated value. By assigning
10973
+ # tags to your resources, you can do the following:
10974
+ #
10975
+ # * **Administrative grouping and discovery** - Attach tags to resources
10976
+ # to aid in organization and search. For example, you could search for
10977
+ # all resources with the key name *Project* and the value
10978
+ # *MyImportantProject*. Or search for all resources with the key name
10979
+ # *Cost Center* and the value *41200*.
10980
+ #
10981
+ # * **Access control** - Include tags in IAM user-based and
10982
+ # resource-based policies. You can use tags to restrict access to only
10983
+ # a SAML identity provider that has a specified tag attached. For
10984
+ # examples of policies that show how to use tags to control access,
10985
+ # see [Control access using IAM tags][2] in the *IAM User Guide*.
10986
+ #
10987
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10988
+ # maximum number of tags, then the entire request fails and the
10989
+ # resource is not created. For more information about tagging, see
10990
+ # [Tagging IAM resources][3] in the *IAM User Guide*.
10991
+ #
10992
+ # * AWS always interprets the tag `Value` as a single string. If you
10993
+ # need to store an array, you can store comma-separated values in the
10994
+ # string. However, you must interpret the value in your code.
10995
+ #
10996
+ # </note>
10997
+ #
10998
+ #
10999
+ #
11000
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
11001
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
11002
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11003
+ #
11004
+ # @option params [required, String] :saml_provider_arn
11005
+ # The ARN of the SAML identity provider in IAM to which you want to add
11006
+ # tags.
11007
+ #
11008
+ # This parameter accepts (through its [regex pattern][1]) a string of
11009
+ # characters that consist of upper and lowercase alphanumeric characters
11010
+ # with no spaces. You can also include any of the following characters:
11011
+ # =,.@-
11012
+ #
11013
+ #
11014
+ #
11015
+ # [1]: http://wikipedia.org/wiki/regex
11016
+ #
11017
+ # @option params [required, Array<Types::Tag>] :tags
11018
+ # The list of tags that you want to attach to the SAML identity provider
11019
+ # in IAM. Each tag consists of a key name and an associated value.
11020
+ #
11021
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11022
+ #
11023
+ # @example Request syntax with placeholder values
11024
+ #
11025
+ # resp = client.tag_saml_provider({
11026
+ # saml_provider_arn: "arnType", # required
11027
+ # tags: [ # required
11028
+ # {
11029
+ # key: "tagKeyType", # required
11030
+ # value: "tagValueType", # required
11031
+ # },
11032
+ # ],
11033
+ # })
11034
+ #
11035
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagSAMLProvider AWS API Documentation
11036
+ #
11037
+ # @overload tag_saml_provider(params = {})
11038
+ # @param [Hash] params ({})
11039
+ def tag_saml_provider(params = {}, options = {})
11040
+ req = build_request(:tag_saml_provider, params)
11041
+ req.send_request(options)
11042
+ end
11043
+
11044
+ # Adds one or more tags to an IAM server certificate. If a tag with the
11045
+ # same key name already exists, then that tag is overwritten with the
11046
+ # new value.
11047
+ #
11048
+ # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
11049
+ # (ACM), we recommend that you don't use IAM server certificates.
11050
+ # Instead, use ACM to provision, manage, and deploy your server
11051
+ # certificates. For more information about IAM server certificates,
11052
+ # [Working with server certificates][1] in the *IAM User Guide*.
11053
+ #
11054
+ # </note>
11055
+ #
11056
+ # A tag consists of a key name and an associated value. By assigning
11057
+ # tags to your resources, you can do the following:
11058
+ #
11059
+ # * **Administrative grouping and discovery** - Attach tags to resources
11060
+ # to aid in organization and search. For example, you could search for
11061
+ # all resources with the key name *Project* and the value
11062
+ # *MyImportantProject*. Or search for all resources with the key name
11063
+ # *Cost Center* and the value *41200*.
11064
+ #
11065
+ # * **Access control** - Include tags in IAM user-based and
11066
+ # resource-based policies. You can use tags to restrict access to only
11067
+ # a server certificate that has a specified tag attached. For examples
11068
+ # of policies that show how to use tags to control access, see
11069
+ # [Control access using IAM tags][2] in the *IAM User Guide*.
11070
+ #
11071
+ # * **Cost allocation** - Use tags to help track which individuals and
11072
+ # teams are using which AWS resources.
11073
+ #
11074
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
11075
+ # maximum number of tags, then the entire request fails and the
11076
+ # resource is not created. For more information about tagging, see
11077
+ # [Tagging IAM resources][3] in the *IAM User Guide*.
11078
+ #
11079
+ # * AWS always interprets the tag `Value` as a single string. If you
11080
+ # need to store an array, you can store comma-separated values in the
11081
+ # string. However, you must interpret the value in your code.
11082
+ #
11083
+ # </note>
11084
+ #
11085
+ #
11086
+ #
11087
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
11088
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
11089
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11090
+ #
11091
+ # @option params [required, String] :server_certificate_name
11092
+ # The name of the IAM server certificate to which you want to add tags.
9932
11093
  #
9933
11094
  # This parameter accepts (through its [regex pattern][1]) a string of
9934
11095
  # characters that consist of upper and lowercase alphanumeric characters
9935
11096
  # with no spaces. You can also include any of the following characters:
9936
- # \_+=,.@-
11097
+ # =,.@-
9937
11098
  #
9938
11099
  #
9939
11100
  #
9940
11101
  # [1]: http://wikipedia.org/wiki/regex
9941
11102
  #
9942
11103
  # @option params [required, Array<Types::Tag>] :tags
9943
- # The list of tags that you want to attach to the role. Each tag
9944
- # consists of a key name and an associated value. You can specify this
9945
- # with a JSON string.
11104
+ # The list of tags that you want to attach to the IAM server
11105
+ # certificate. Each tag consists of a key name and an associated value.
9946
11106
  #
9947
11107
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
9948
11108
  #
9949
- #
9950
- # @example Example: To add a tag key and value to an IAM role
9951
- #
9952
- # # The following example shows how to add tags to an existing role.
9953
- #
9954
- # resp = client.tag_role({
9955
- # role_name: "taggedrole",
9956
- # tags: [
9957
- # {
9958
- # key: "Dept",
9959
- # value: "Accounting",
9960
- # },
9961
- # {
9962
- # key: "CostCenter",
9963
- # value: "12345",
9964
- # },
9965
- # ],
9966
- # })
9967
- #
9968
11109
  # @example Request syntax with placeholder values
9969
11110
  #
9970
- # resp = client.tag_role({
9971
- # role_name: "roleNameType", # required
11111
+ # resp = client.tag_server_certificate({
11112
+ # server_certificate_name: "serverCertificateNameType", # required
9972
11113
  # tags: [ # required
9973
11114
  # {
9974
11115
  # key: "tagKeyType", # required
@@ -9977,12 +11118,12 @@ module Aws::IAM
9977
11118
  # ],
9978
11119
  # })
9979
11120
  #
9980
- # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole AWS API Documentation
11121
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagServerCertificate AWS API Documentation
9981
11122
  #
9982
- # @overload tag_role(params = {})
11123
+ # @overload tag_server_certificate(params = {})
9983
11124
  # @param [Hash] params ({})
9984
- def tag_role(params = {}, options = {})
9985
- req = build_request(:tag_role, params)
11125
+ def tag_server_certificate(params = {}, options = {})
11126
+ req = build_request(:tag_server_certificate, params)
9986
11127
  req.send_request(options)
9987
11128
  end
9988
11129
 
@@ -9998,20 +11139,21 @@ module Aws::IAM
9998
11139
  # *MyImportantProject*. Or search for all resources with the key name
9999
11140
  # *Cost Center* and the value *41200*.
10000
11141
  #
10001
- # * **Access control** - Reference tags in IAM user-based and
11142
+ # * **Access control** - Include tags in IAM user-based and
10002
11143
  # resource-based policies. You can use tags to restrict access to only
10003
- # an IAM requesting user or to a role that has a specified tag
10004
- # attached. You can also restrict access to only those resources that
10005
- # have a certain tag attached. For examples of policies that show how
10006
- # to use tags to control access, see [Control Access Using IAM
10007
- # Tags][1] in the *IAM User Guide*.
11144
+ # an IAM requesting user that has a specified tag attached. You can
11145
+ # also restrict access to only those resources that have a certain tag
11146
+ # attached. For examples of policies that show how to use tags to
11147
+ # control access, see [Control access using IAM tags][1] in the *IAM
11148
+ # User Guide*.
10008
11149
  #
10009
11150
  # * **Cost allocation** - Use tags to help track which individuals and
10010
11151
  # teams are using which AWS resources.
10011
11152
  #
10012
- # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed
10013
- # the allowed number of tags per role. In either case, the entire
10014
- # request fails and *no* tags are added to the role.
11153
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
11154
+ # maximum number of tags, then the entire request fails and the
11155
+ # resource is not created. For more information about tagging, see
11156
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10015
11157
  #
10016
11158
  # * AWS always interprets the tag `Value` as a single string. If you
10017
11159
  # need to store an array, you can store comma-separated values in the
@@ -10019,7 +11161,7 @@ module Aws::IAM
10019
11161
  #
10020
11162
  # </note>
10021
11163
  #
10022
- # For more information about tagging, see [Tagging IAM Identities][2] in
11164
+ # For more information about tagging, see [Tagging IAM identities][2] in
10023
11165
  # the *IAM User Guide*.
10024
11166
  #
10025
11167
  #
@@ -10028,7 +11170,7 @@ module Aws::IAM
10028
11170
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10029
11171
  #
10030
11172
  # @option params [required, String] :user_name
10031
- # The name of the user that you want to add tags to.
11173
+ # The name of the IAM user to which you want to add tags.
10032
11174
  #
10033
11175
  # This parameter accepts (through its [regex pattern][1]) a string of
10034
11176
  # characters that consist of upper and lowercase alphanumeric characters
@@ -10040,7 +11182,7 @@ module Aws::IAM
10040
11182
  # [1]: http://wikipedia.org/wiki/regex
10041
11183
  #
10042
11184
  # @option params [required, Array<Types::Tag>] :tags
10043
- # The list of tags that you want to attach to the user. Each tag
11185
+ # The list of tags that you want to attach to the IAM user. Each tag
10044
11186
  # consists of a key name and an associated value.
10045
11187
  #
10046
11188
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -10085,8 +11227,184 @@ module Aws::IAM
10085
11227
  req.send_request(options)
10086
11228
  end
10087
11229
 
11230
+ # Removes the specified tags from the IAM instance profile. For more
11231
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
11232
+ # User Guide*.
11233
+ #
11234
+ #
11235
+ #
11236
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11237
+ #
11238
+ # @option params [required, String] :instance_profile_name
11239
+ # The name of the IAM instance profile from which you want to remove
11240
+ # tags.
11241
+ #
11242
+ # This parameter accepts (through its [regex pattern][1]) a string of
11243
+ # characters that consist of upper and lowercase alphanumeric characters
11244
+ # with no spaces. You can also include any of the following characters:
11245
+ # =,.@-
11246
+ #
11247
+ #
11248
+ #
11249
+ # [1]: http://wikipedia.org/wiki/regex
11250
+ #
11251
+ # @option params [required, Array<String>] :tag_keys
11252
+ # A list of key names as a simple array of strings. The tags with
11253
+ # matching keys are removed from the specified instance profile.
11254
+ #
11255
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11256
+ #
11257
+ # @example Request syntax with placeholder values
11258
+ #
11259
+ # resp = client.untag_instance_profile({
11260
+ # instance_profile_name: "instanceProfileNameType", # required
11261
+ # tag_keys: ["tagKeyType"], # required
11262
+ # })
11263
+ #
11264
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagInstanceProfile AWS API Documentation
11265
+ #
11266
+ # @overload untag_instance_profile(params = {})
11267
+ # @param [Hash] params ({})
11268
+ def untag_instance_profile(params = {}, options = {})
11269
+ req = build_request(:untag_instance_profile, params)
11270
+ req.send_request(options)
11271
+ end
11272
+
11273
+ # Removes the specified tags from the IAM virtual multi-factor
11274
+ # authentication (MFA) device. For more information about tagging, see
11275
+ # [Tagging IAM resources][1] in the *IAM User Guide*.
11276
+ #
11277
+ #
11278
+ #
11279
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11280
+ #
11281
+ # @option params [required, String] :serial_number
11282
+ # The unique identifier for the IAM virtual MFA device from which you
11283
+ # want to remove tags. For virtual MFA devices, the serial number is the
11284
+ # same as the ARN.
11285
+ #
11286
+ # This parameter accepts (through its [regex pattern][1]) a string of
11287
+ # characters that consist of upper and lowercase alphanumeric characters
11288
+ # with no spaces. You can also include any of the following characters:
11289
+ # =,.@-
11290
+ #
11291
+ #
11292
+ #
11293
+ # [1]: http://wikipedia.org/wiki/regex
11294
+ #
11295
+ # @option params [required, Array<String>] :tag_keys
11296
+ # A list of key names as a simple array of strings. The tags with
11297
+ # matching keys are removed from the specified instance profile.
11298
+ #
11299
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11300
+ #
11301
+ # @example Request syntax with placeholder values
11302
+ #
11303
+ # resp = client.untag_mfa_device({
11304
+ # serial_number: "serialNumberType", # required
11305
+ # tag_keys: ["tagKeyType"], # required
11306
+ # })
11307
+ #
11308
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagMFADevice AWS API Documentation
11309
+ #
11310
+ # @overload untag_mfa_device(params = {})
11311
+ # @param [Hash] params ({})
11312
+ def untag_mfa_device(params = {}, options = {})
11313
+ req = build_request(:untag_mfa_device, params)
11314
+ req.send_request(options)
11315
+ end
11316
+
11317
+ # Removes the specified tags from the specified OpenID Connect
11318
+ # (OIDC)-compatible identity provider in IAM. For more information about
11319
+ # OIDC providers, see [About web identity federation][1]. For more
11320
+ # information about tagging, see [Tagging IAM resources][2] in the *IAM
11321
+ # User Guide*.
11322
+ #
11323
+ #
11324
+ #
11325
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
11326
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11327
+ #
11328
+ # @option params [required, String] :open_id_connect_provider_arn
11329
+ # The ARN of the OIDC provider in IAM from which you want to remove
11330
+ # tags.
11331
+ #
11332
+ # This parameter accepts (through its [regex pattern][1]) a string of
11333
+ # characters that consist of upper and lowercase alphanumeric characters
11334
+ # with no spaces. You can also include any of the following characters:
11335
+ # =,.@-
11336
+ #
11337
+ #
11338
+ #
11339
+ # [1]: http://wikipedia.org/wiki/regex
11340
+ #
11341
+ # @option params [required, Array<String>] :tag_keys
11342
+ # A list of key names as a simple array of strings. The tags with
11343
+ # matching keys are removed from the specified OIDC provider.
11344
+ #
11345
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11346
+ #
11347
+ # @example Request syntax with placeholder values
11348
+ #
11349
+ # resp = client.untag_open_id_connect_provider({
11350
+ # open_id_connect_provider_arn: "arnType", # required
11351
+ # tag_keys: ["tagKeyType"], # required
11352
+ # })
11353
+ #
11354
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagOpenIDConnectProvider AWS API Documentation
11355
+ #
11356
+ # @overload untag_open_id_connect_provider(params = {})
11357
+ # @param [Hash] params ({})
11358
+ def untag_open_id_connect_provider(params = {}, options = {})
11359
+ req = build_request(:untag_open_id_connect_provider, params)
11360
+ req.send_request(options)
11361
+ end
11362
+
11363
+ # Removes the specified tags from the customer managed policy. For more
11364
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
11365
+ # User Guide*.
11366
+ #
11367
+ #
11368
+ #
11369
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11370
+ #
11371
+ # @option params [required, String] :policy_arn
11372
+ # The ARN of the IAM customer managed policy from which you want to
11373
+ # remove tags.
11374
+ #
11375
+ # This parameter accepts (through its [regex pattern][1]) a string of
11376
+ # characters that consist of upper and lowercase alphanumeric characters
11377
+ # with no spaces. You can also include any of the following characters:
11378
+ # =,.@-
11379
+ #
11380
+ #
11381
+ #
11382
+ # [1]: http://wikipedia.org/wiki/regex
11383
+ #
11384
+ # @option params [required, Array<String>] :tag_keys
11385
+ # A list of key names as a simple array of strings. The tags with
11386
+ # matching keys are removed from the specified policy.
11387
+ #
11388
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11389
+ #
11390
+ # @example Request syntax with placeholder values
11391
+ #
11392
+ # resp = client.untag_policy({
11393
+ # policy_arn: "arnType", # required
11394
+ # tag_keys: ["tagKeyType"], # required
11395
+ # })
11396
+ #
11397
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagPolicy AWS API Documentation
11398
+ #
11399
+ # @overload untag_policy(params = {})
11400
+ # @param [Hash] params ({})
11401
+ def untag_policy(params = {}, options = {})
11402
+ req = build_request(:untag_policy, params)
11403
+ req.send_request(options)
11404
+ end
11405
+
10088
11406
  # Removes the specified tags from the role. For more information about
10089
- # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*.
11407
+ # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
10090
11408
  #
10091
11409
  #
10092
11410
  #
@@ -10138,8 +11456,106 @@ module Aws::IAM
10138
11456
  req.send_request(options)
10139
11457
  end
10140
11458
 
11459
+ # Removes the specified tags from the specified Security Assertion
11460
+ # Markup Language (SAML) identity provider in IAM. For more information
11461
+ # about these providers, see [About web identity federation][1]. For
11462
+ # more information about tagging, see [Tagging IAM resources][2] in the
11463
+ # *IAM User Guide*.
11464
+ #
11465
+ #
11466
+ #
11467
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
11468
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11469
+ #
11470
+ # @option params [required, String] :saml_provider_arn
11471
+ # The ARN of the SAML identity provider in IAM from which you want to
11472
+ # remove tags.
11473
+ #
11474
+ # This parameter accepts (through its [regex pattern][1]) a string of
11475
+ # characters that consist of upper and lowercase alphanumeric characters
11476
+ # with no spaces. You can also include any of the following characters:
11477
+ # =,.@-
11478
+ #
11479
+ #
11480
+ #
11481
+ # [1]: http://wikipedia.org/wiki/regex
11482
+ #
11483
+ # @option params [required, Array<String>] :tag_keys
11484
+ # A list of key names as a simple array of strings. The tags with
11485
+ # matching keys are removed from the specified SAML identity provider.
11486
+ #
11487
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11488
+ #
11489
+ # @example Request syntax with placeholder values
11490
+ #
11491
+ # resp = client.untag_saml_provider({
11492
+ # saml_provider_arn: "arnType", # required
11493
+ # tag_keys: ["tagKeyType"], # required
11494
+ # })
11495
+ #
11496
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagSAMLProvider AWS API Documentation
11497
+ #
11498
+ # @overload untag_saml_provider(params = {})
11499
+ # @param [Hash] params ({})
11500
+ def untag_saml_provider(params = {}, options = {})
11501
+ req = build_request(:untag_saml_provider, params)
11502
+ req.send_request(options)
11503
+ end
11504
+
11505
+ # Removes the specified tags from the IAM server certificate. For more
11506
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
11507
+ # User Guide*.
11508
+ #
11509
+ # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
11510
+ # (ACM), we recommend that you don't use IAM server certificates.
11511
+ # Instead, use ACM to provision, manage, and deploy your server
11512
+ # certificates. For more information about IAM server certificates,
11513
+ # [Working with server certificates][2] in the *IAM User Guide*.
11514
+ #
11515
+ # </note>
11516
+ #
11517
+ #
11518
+ #
11519
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11520
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
11521
+ #
11522
+ # @option params [required, String] :server_certificate_name
11523
+ # The name of the IAM server certificate from which you want to remove
11524
+ # tags.
11525
+ #
11526
+ # This parameter accepts (through its [regex pattern][1]) a string of
11527
+ # characters that consist of upper and lowercase alphanumeric characters
11528
+ # with no spaces. You can also include any of the following characters:
11529
+ # =,.@-
11530
+ #
11531
+ #
11532
+ #
11533
+ # [1]: http://wikipedia.org/wiki/regex
11534
+ #
11535
+ # @option params [required, Array<String>] :tag_keys
11536
+ # A list of key names as a simple array of strings. The tags with
11537
+ # matching keys are removed from the specified IAM server certificate.
11538
+ #
11539
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11540
+ #
11541
+ # @example Request syntax with placeholder values
11542
+ #
11543
+ # resp = client.untag_server_certificate({
11544
+ # server_certificate_name: "serverCertificateNameType", # required
11545
+ # tag_keys: ["tagKeyType"], # required
11546
+ # })
11547
+ #
11548
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagServerCertificate AWS API Documentation
11549
+ #
11550
+ # @overload untag_server_certificate(params = {})
11551
+ # @param [Hash] params ({})
11552
+ def untag_server_certificate(params = {}, options = {})
11553
+ req = build_request(:untag_server_certificate, params)
11554
+ req.send_request(options)
11555
+ end
11556
+
10141
11557
  # Removes the specified tags from the user. For more information about
10142
- # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*.
11558
+ # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
10143
11559
  #
10144
11560
  #
10145
11561
  #
@@ -10201,8 +11617,8 @@ module Aws::IAM
10201
11617
  # Consequently, you can use this operation to manage AWS account root
10202
11618
  # user credentials even if the AWS account has no associated users.
10203
11619
  #
10204
- # For information about rotating keys, see [Managing Keys and
10205
- # Certificates][1] in the *IAM User Guide*.
11620
+ # For information about rotating keys, see [Managing keys and
11621
+ # certificates][1] in the *IAM User Guide*.
10206
11622
  #
10207
11623
  #
10208
11624
  #
@@ -10233,8 +11649,8 @@ module Aws::IAM
10233
11649
  #
10234
11650
  # @option params [required, String] :status
10235
11651
  # The status you want to assign to the secret access key. `Active` means
10236
- # that the key can be used for API calls to AWS, while `Inactive` means
10237
- # that the key cannot be used.
11652
+ # that the key can be used for programmatic calls to AWS, while
11653
+ # `Inactive` means that the key cannot be used.
10238
11654
  #
10239
11655
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10240
11656
  #
@@ -10282,7 +11698,7 @@ module Aws::IAM
10282
11698
  # </note>
10283
11699
  #
10284
11700
  # For more information about using a password policy, see [Managing an
10285
- # IAM Password Policy][1] in the *IAM User Guide*.
11701
+ # IAM password policy][1] in the *IAM User Guide*.
10286
11702
  #
10287
11703
  #
10288
11704
  #
@@ -10331,7 +11747,7 @@ module Aws::IAM
10331
11747
  # @option params [Boolean] :allow_users_to_change_password
10332
11748
  # Allows all IAM users in your account to use the AWS Management Console
10333
11749
  # to change their own passwords. For more information, see [Letting IAM
10334
- # Users Change Their Own Passwords][1] in the *IAM User Guide*.
11750
+ # users change their own passwords][1] in the *IAM User Guide*.
10335
11751
  #
10336
11752
  # If you do not specify a value for this parameter, then the operation
10337
11753
  # uses the default value of `false`. The result is that IAM users in the
@@ -10405,8 +11821,8 @@ module Aws::IAM
10405
11821
 
10406
11822
  # Updates the policy that grants an IAM entity permission to assume a
10407
11823
  # role. This is typically referred to as the "role trust policy". For
10408
- # more information about roles, go to [Using Roles to Delegate
10409
- # Permissions and Federate Identities][1].
11824
+ # more information about roles, see [Using roles to delegate permissions
11825
+ # and federate identities][1].
10410
11826
  #
10411
11827
  #
10412
11828
  #
@@ -10479,7 +11895,7 @@ module Aws::IAM
10479
11895
  # Updates the name and/or the path of the specified IAM group.
10480
11896
  #
10481
11897
  # You should understand the implications of changing a group's path or
10482
- # name. For more information, see [Renaming Users and Groups][1] in the
11898
+ # name. For more information, see [Renaming users and groups][1] in the
10483
11899
  # *IAM User Guide*.
10484
11900
  #
10485
11901
  # <note markdown="1"> The person making the request (the principal), must have permission to
@@ -10488,7 +11904,7 @@ module Aws::IAM
10488
11904
  # have a policy that allows them to update both groups. If the principal
10489
11905
  # has permission to update the `Managers` group, but not the `MGRs`
10490
11906
  # group, then the update fails. For more information about permissions,
10491
- # see [Access Management][2].
11907
+ # see [Access management][2].
10492
11908
  #
10493
11909
  # </note>
10494
11910
  #
@@ -10562,11 +11978,14 @@ module Aws::IAM
10562
11978
  req.send_request(options)
10563
11979
  end
10564
11980
 
10565
- # Changes the password for the specified IAM user.
11981
+ # Changes the password for the specified IAM user. You can use the AWS
11982
+ # CLI, the AWS API, or the **Users** page in the IAM console to change
11983
+ # the password for any IAM user. Use ChangePassword to change your own
11984
+ # password in the **My Security Credentials** page in the AWS Management
11985
+ # Console.
10566
11986
  #
10567
- # IAM users can change their own passwords by calling ChangePassword.
10568
11987
  # For more information about modifying passwords, see [Managing
10569
- # Passwords][1] in the *IAM User Guide*.
11988
+ # passwords][1] in the *IAM User Guide*.
10570
11989
  #
10571
11990
  #
10572
11991
  #
@@ -10666,8 +12085,8 @@ module Aws::IAM
10666
12085
  # of OIDC provider ARNs by using the ListOpenIDConnectProviders
10667
12086
  # operation.
10668
12087
  #
10669
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
10670
- # AWS Service Namespaces][1] in the *AWS General Reference*.
12088
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
12089
+ # in the *AWS General Reference*.
10671
12090
  #
10672
12091
  #
10673
12092
  #
@@ -10719,7 +12138,7 @@ module Aws::IAM
10719
12138
  # for one hour by default. This applies when you use the `AssumeRole*`
10720
12139
  # API operations or the `assume-role*` CLI operations but does not apply
10721
12140
  # when you use those operations to create a console URL. For more
10722
- # information, see [Using IAM Roles][1] in the *IAM User Guide*.
12141
+ # information, see [Using IAM roles][1] in the *IAM User Guide*.
10723
12142
  #
10724
12143
  #
10725
12144
  #
@@ -10816,8 +12235,8 @@ module Aws::IAM
10816
12235
  # @option params [required, String] :saml_provider_arn
10817
12236
  # The Amazon Resource Name (ARN) of the SAML provider to update.
10818
12237
  #
10819
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
10820
- # AWS Service Namespaces][1] in the *AWS General Reference*.
12238
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
12239
+ # in the *AWS General Reference*.
10821
12240
  #
10822
12241
  #
10823
12242
  #
@@ -10856,7 +12275,7 @@ module Aws::IAM
10856
12275
  # authenticating the associated IAM user to an AWS CodeCommit
10857
12276
  # repository. For more information about using SSH keys to authenticate
10858
12277
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
10859
- # Connections][1] in the *AWS CodeCommit User Guide*.
12278
+ # connections][1] in the *AWS CodeCommit User Guide*.
10860
12279
  #
10861
12280
  #
10862
12281
  #
@@ -10913,13 +12332,13 @@ module Aws::IAM
10913
12332
  # stored in IAM.
10914
12333
  #
10915
12334
  # For more information about working with server certificates, see
10916
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
12335
+ # [Working with server certificates][1] in the *IAM User Guide*. This
10917
12336
  # topic also includes a list of AWS services that can use the server
10918
12337
  # certificates that you manage with IAM.
10919
12338
  #
10920
12339
  # You should understand the implications of changing a server
10921
12340
  # certificate's path or name. For more information, see [Renaming a
10922
- # Server Certificate][2] in the *IAM User Guide*.
12341
+ # server certificate][2] in the *IAM User Guide*.
10923
12342
  #
10924
12343
  # <note markdown="1"> The person making the request (the principal), must have permission to
10925
12344
  # change the server certificate with the old name and the new name. For
@@ -10928,7 +12347,7 @@ module Aws::IAM
10928
12347
  # update both certificates. If the principal has permission to update
10929
12348
  # the `ProductionCert` group, but not the `ProdCert` certificate, then
10930
12349
  # the update fails. For more information about permissions, see [Access
10931
- # Management][3] in the *IAM User Guide*.
12350
+ # management][3] in the *IAM User Guide*.
10932
12351
  #
10933
12352
  # </note>
10934
12353
  #
@@ -11087,8 +12506,8 @@ module Aws::IAM
11087
12506
  #
11088
12507
  # @option params [required, String] :status
11089
12508
  # The status you want to assign to the certificate. `Active` means that
11090
- # the certificate can be used for API calls to AWS `Inactive` means that
11091
- # the certificate cannot be used.
12509
+ # the certificate can be used for programmatic calls to AWS `Inactive`
12510
+ # means that the certificate cannot be used.
11092
12511
  #
11093
12512
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11094
12513
  #
@@ -11123,14 +12542,14 @@ module Aws::IAM
11123
12542
  # Updates the name and/or the path of the specified IAM user.
11124
12543
  #
11125
12544
  # You should understand the implications of changing an IAM user's path
11126
- # or name. For more information, see [Renaming an IAM User][1] and
11127
- # [Renaming an IAM Group][2] in the *IAM User Guide*.
12545
+ # or name. For more information, see [Renaming an IAM user][1] and
12546
+ # [Renaming an IAM group][2] in the *IAM User Guide*.
11128
12547
  #
11129
12548
  # <note markdown="1"> To change a user name, the requester must have appropriate permissions
11130
12549
  # on both the source object and the target object. For example, to
11131
12550
  # change Bob to Robert, the entity making the request must have
11132
12551
  # permission on Bob and Robert, or must have permission on all (*). For
11133
- # more information about permissions, see [Permissions and Policies][3].
12552
+ # more information about permissions, see [Permissions and policies][3].
11134
12553
  #
11135
12554
  # </note>
11136
12555
  #
@@ -11212,7 +12631,7 @@ module Aws::IAM
11212
12631
  # authenticating the associated IAM user to an AWS CodeCommit
11213
12632
  # repository. For more information about using SSH keys to authenticate
11214
12633
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
11215
- # Connections][1] in the *AWS CodeCommit User Guide*.
12634
+ # connections][1] in the *AWS CodeCommit User Guide*.
11216
12635
  #
11217
12636
  #
11218
12637
  #
@@ -11293,21 +12712,20 @@ module Aws::IAM
11293
12712
  # User Guide][2].
11294
12713
  #
11295
12714
  # For more information about working with server certificates, see
11296
- # [Working with Server Certificates][3] in the *IAM User Guide*. This
12715
+ # [Working with server certificates][3] in the *IAM User Guide*. This
11297
12716
  # topic includes a list of AWS services that can use the server
11298
12717
  # certificates that you manage with IAM.
11299
12718
  #
11300
12719
  # For information about the number of server certificates you can
11301
- # upload, see [Limitations on IAM Entities and Objects][4] in the *IAM
11302
- # User Guide*.
12720
+ # upload, see [IAM and STS quotas][4] in the *IAM User Guide*.
11303
12721
  #
11304
12722
  # <note markdown="1"> Because the body of the public key certificate, private key, and the
11305
12723
  # certificate chain can be large, you should use POST rather than GET
11306
12724
  # when calling `UploadServerCertificate`. For information about setting
11307
- # up signatures and authorization through the API, go to [Signing AWS
11308
- # API Requests][5] in the *AWS General Reference*. For general
11309
- # information about using the Query API with IAM, go to [Calling the API
11310
- # by Making HTTP Query Requests][6] in the *IAM User Guide*.
12725
+ # up signatures and authorization through the API, see [Signing AWS API
12726
+ # requests][5] in the *AWS General Reference*. For general information
12727
+ # about using the Query API with IAM, see [Calling the API by making
12728
+ # HTTP query requests][6] in the *IAM User Guide*.
11311
12729
  #
11312
12730
  # </note>
11313
12731
  #
@@ -11316,13 +12734,13 @@ module Aws::IAM
11316
12734
  # [1]: https://docs.aws.amazon.com/acm/
11317
12735
  # [2]: https://docs.aws.amazon.com/acm/latest/userguide/
11318
12736
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
11319
- # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html
12737
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
11320
12738
  # [5]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
11321
12739
  # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html
11322
12740
  #
11323
12741
  # @option params [String] :path
11324
12742
  # The path for the server certificate. For more information about paths,
11325
- # see [IAM Identifiers][1] in the *IAM User Guide*.
12743
+ # see [IAM identifiers][1] in the *IAM User Guide*.
11326
12744
  #
11327
12745
  # This parameter is optional. If it is not included, it defaults to a
11328
12746
  # slash (/). This parameter allows (through its [regex pattern][2]) a
@@ -11415,9 +12833,26 @@ module Aws::IAM
11415
12833
  #
11416
12834
  # [1]: http://wikipedia.org/wiki/regex
11417
12835
  #
12836
+ # @option params [Array<Types::Tag>] :tags
12837
+ # A list of tags that you want to attach to the new IAM server
12838
+ # certificate resource. Each tag consists of a key name and an
12839
+ # associated value. For more information about tagging, see [Tagging IAM
12840
+ # resources][1] in the *IAM User Guide*.
12841
+ #
12842
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
12843
+ # number of tags, then the entire request fails and the resource is not
12844
+ # created.
12845
+ #
12846
+ # </note>
12847
+ #
12848
+ #
12849
+ #
12850
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
12851
+ #
11418
12852
  # @return [Types::UploadServerCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
11419
12853
  #
11420
12854
  # * {Types::UploadServerCertificateResponse#server_certificate_metadata #server_certificate_metadata} => Types::ServerCertificateMetadata
12855
+ # * {Types::UploadServerCertificateResponse#tags #tags} => Array&lt;Types::Tag&gt;
11421
12856
  #
11422
12857
  #
11423
12858
  # @example Example: To upload a server certificate to your AWS account
@@ -11451,6 +12886,12 @@ module Aws::IAM
11451
12886
  # certificate_body: "certificateBodyType", # required
11452
12887
  # private_key: "privateKeyType", # required
11453
12888
  # certificate_chain: "certificateChainType",
12889
+ # tags: [
12890
+ # {
12891
+ # key: "tagKeyType", # required
12892
+ # value: "tagValueType", # required
12893
+ # },
12894
+ # ],
11454
12895
  # })
11455
12896
  #
11456
12897
  # @example Response structure
@@ -11461,6 +12902,9 @@ module Aws::IAM
11461
12902
  # resp.server_certificate_metadata.arn #=> String
11462
12903
  # resp.server_certificate_metadata.upload_date #=> Time
11463
12904
  # resp.server_certificate_metadata.expiration #=> Time
12905
+ # resp.tags #=> Array
12906
+ # resp.tags[0].key #=> String
12907
+ # resp.tags[0].value #=> String
11464
12908
  #
11465
12909
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificate AWS API Documentation
11466
12910
  #
@@ -11472,10 +12916,13 @@ module Aws::IAM
11472
12916
  end
11473
12917
 
11474
12918
  # Uploads an X.509 signing certificate and associates it with the
11475
- # specified IAM user. Some AWS services use X.509 signing certificates
12919
+ # specified IAM user. Some AWS services require you to use certificates
11476
12920
  # to validate requests that are signed with a corresponding private key.
11477
12921
  # When you upload the certificate, its default status is `Active`.
11478
12922
  #
12923
+ # For information about when you would use an X.509 signing certificate,
12924
+ # see [Managing server certificates in IAM][1] in the *IAM User Guide*.
12925
+ #
11479
12926
  # If the `UserName` is not specified, the IAM user name is determined
11480
12927
  # implicitly based on the AWS access key ID used to sign the request.
11481
12928
  # This operation works for access keys under the AWS account.
@@ -11485,16 +12932,17 @@ module Aws::IAM
11485
12932
  # <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
11486
12933
  # POST rather than GET when calling `UploadSigningCertificate`. For
11487
12934
  # information about setting up signatures and authorization through the
11488
- # API, go to [Signing AWS API Requests][1] in the *AWS General
11489
- # Reference*. For general information about using the Query API with
11490
- # IAM, go to [Making Query Requests][2] in the *IAM User Guide*.
12935
+ # API, see [Signing AWS API requests][2] in the *AWS General Reference*.
12936
+ # For general information about using the Query API with IAM, see
12937
+ # [Making query requests][3] in the *IAM User Guide*.
11491
12938
  #
11492
12939
  # </note>
11493
12940
  #
11494
12941
  #
11495
12942
  #
11496
- # [1]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
11497
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
12943
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
12944
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
12945
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
11498
12946
  #
11499
12947
  # @option params [String] :user_name
11500
12948
  # The name of the user the signing certificate is for.
@@ -11589,7 +13037,7 @@ module Aws::IAM
11589
13037
  params: params,
11590
13038
  config: config)
11591
13039
  context[:gem_name] = 'aws-sdk-iam'
11592
- context[:gem_version] = '1.44.0'
13040
+ context[:gem_version] = '1.49.0'
11593
13041
  Seahorse::Client::Request.new(handlers, context)
11594
13042
  end
11595
13043