aws-sdk-iam 1.45.0 → 1.50.0

Sign up to get free protection for your applications and to get access to all the features.
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 1.50.0
data/lib/aws-sdk-iam.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -70,6 +70,6 @@ require_relative 'aws-sdk-iam/customizations'
70
70
  # @!group service
71
71
  module Aws::IAM
72
72
 
73
- GEM_VERSION = '1.45.0'
73
+ GEM_VERSION = '1.50.0'
74
74
 
75
75
  end
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -30,27 +30,31 @@ module Aws::IAM
30
30
  data[:minimum_password_length]
31
31
  end
32
32
 
33
- # Specifies whether to require symbols for IAM user passwords.
33
+ # Specifies whether IAM user passwords must contain at least one of the
34
+ # following symbols:
35
+ #
36
+ # ! @ # $ % ^ & * ( ) \_ + - = \[ \] \\\{ \\} \| '
34
37
  # @return [Boolean]
35
38
  def require_symbols
36
39
  data[:require_symbols]
37
40
  end
38
41
 
39
- # Specifies whether to require numbers for IAM user passwords.
42
+ # Specifies whether IAM user passwords must contain at least one numeric
43
+ # character (0 to 9).
40
44
  # @return [Boolean]
41
45
  def require_numbers
42
46
  data[:require_numbers]
43
47
  end
44
48
 
45
- # Specifies whether to require uppercase characters for IAM user
46
- # passwords.
49
+ # Specifies whether IAM user passwords must contain at least one
50
+ # uppercase character (A to Z).
47
51
  # @return [Boolean]
48
52
  def require_uppercase_characters
49
53
  data[:require_uppercase_characters]
50
54
  end
51
55
 
52
- # Specifies whether to require lowercase characters for IAM user
53
- # passwords.
56
+ # Specifies whether IAM user passwords must contain at least one
57
+ # lowercase character (a to z).
54
58
  # @return [Boolean]
55
59
  def require_lowercase_characters
56
60
  data[:require_lowercase_characters]
@@ -286,7 +290,7 @@ module Aws::IAM
286
290
  # @option options [Boolean] :allow_users_to_change_password
287
291
  # Allows all IAM users in your account to use the AWS Management Console
288
292
  # to change their own passwords. For more information, see [Letting IAM
289
- # Users Change Their Own Passwords][1] in the *IAM User Guide*.
293
+ # users change their own passwords][1] in the *IAM User Guide*.
290
294
  #
291
295
  # If you do not specify a value for this parameter, then the operation
292
296
  # uses the default value of `false`. The result is that IAM users in the
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -373,33 +373,30 @@ module Aws::IAM
373
373
  end
374
374
 
375
375
  # Adds the specified IAM role to the specified instance profile. An
376
- # instance profile can contain only one role. (The number and size of
377
- # IAM resources in an AWS account are limited. For more information, see
378
- # [IAM and STS Quotas][1] in the *IAM User Guide*.) You can remove the
379
- # existing role and then add a different role to an instance profile.
380
- # You must then wait for the change to appear across all of AWS because
381
- # of [eventual consistency][2]. To force the change, you must
382
- # [disassociate the instance profile][3] and then [associate the
383
- # instance profile][4], or you can stop your instance and then restart
384
- # it.
385
- #
386
- # <note markdown="1"> The caller of this API must be granted the `PassRole` permission on
387
- # the IAM role by a permissions policy.
376
+ # instance profile can contain only one role, and this quota cannot be
377
+ # increased. You can remove the existing role and then add a different
378
+ # role to an instance profile. You must then wait for the change to
379
+ # appear across all of AWS because of [eventual consistency][1]. To
380
+ # force the change, you must [disassociate the instance profile][2] and
381
+ # then [associate the instance profile][3], or you can stop your
382
+ # instance and then restart it.
383
+ #
384
+ # <note markdown="1"> The caller of this operation must be granted the `PassRole` permission
385
+ # on the IAM role by a permissions policy.
388
386
  #
389
387
  # </note>
390
388
  #
391
- # For more information about roles, go to [Working with Roles][5]. For
392
- # more information about instance profiles, go to [About Instance
393
- # Profiles][6].
389
+ # For more information about roles, see [Working with roles][4]. For
390
+ # more information about instance profiles, see [About instance
391
+ # profiles][5].
394
392
  #
395
393
  #
396
394
  #
397
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
398
- # [2]: https://en.wikipedia.org/wiki/Eventual_consistency
399
- # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
400
- # [4]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
401
- # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
402
- # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
395
+ # [1]: https://en.wikipedia.org/wiki/Eventual_consistency
396
+ # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
397
+ # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
398
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
399
+ # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
403
400
  #
404
401
  # @option params [required, String] :instance_profile_name
405
402
  # The name of the instance profile to update.
@@ -509,15 +506,19 @@ module Aws::IAM
509
506
 
510
507
  # Attaches the specified managed policy to the specified IAM group.
511
508
  #
512
- # You use this API to attach a managed policy to a group. To embed an
513
- # inline policy in a group, use PutGroupPolicy.
509
+ # You use this operation to attach a managed policy to a group. To embed
510
+ # an inline policy in a group, use PutGroupPolicy.
514
511
  #
515
- # For more information about policies, see [Managed Policies and Inline
516
- # Policies][1] in the *IAM User Guide*.
512
+ # As a best practice, you can validate your IAM policies. To learn more,
513
+ # see [Validating IAM policies][1] in the *IAM User Guide*.
517
514
  #
515
+ # For more information about policies, see [Managed policies and inline
516
+ # policies][2] in the *IAM User Guide*.
518
517
  #
519
518
  #
520
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
519
+ #
520
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
521
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
521
522
  #
522
523
  # @option params [required, String] :group_name
523
524
  # The name (friendly name, not ARN) of the group to attach the policy
@@ -535,8 +536,8 @@ module Aws::IAM
535
536
  # @option params [required, String] :policy_arn
536
537
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
537
538
  #
538
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
539
- # AWS Service Namespaces][1] in the *AWS General Reference*.
539
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
540
+ # in the *AWS General Reference*.
540
541
  #
541
542
  #
542
543
  #
@@ -581,14 +582,18 @@ module Aws::IAM
581
582
  #
582
583
  # </note>
583
584
  #
584
- # Use this API to attach a *managed* policy to a role. To embed an
585
+ # Use this operation to attach a *managed* policy to a role. To embed an
585
586
  # inline policy in a role, use PutRolePolicy. For more information about
586
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
587
+ # policies, see [Managed policies and inline policies][1] in the *IAM
587
588
  # User Guide*.
588
589
  #
590
+ # As a best practice, you can validate your IAM policies. To learn more,
591
+ # see [Validating IAM policies][2] in the *IAM User Guide*.
592
+ #
589
593
  #
590
594
  #
591
595
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
596
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
592
597
  #
593
598
  # @option params [required, String] :role_name
594
599
  # The name (friendly name, not ARN) of the role to attach the policy to.
@@ -605,8 +610,8 @@ module Aws::IAM
605
610
  # @option params [required, String] :policy_arn
606
611
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
607
612
  #
608
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
609
- # AWS Service Namespaces][1] in the *AWS General Reference*.
613
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
614
+ # in the *AWS General Reference*.
610
615
  #
611
616
  #
612
617
  #
@@ -642,15 +647,19 @@ module Aws::IAM
642
647
 
643
648
  # Attaches the specified managed policy to the specified user.
644
649
  #
645
- # You use this API to attach a *managed* policy to a user. To embed an
646
- # inline policy in a user, use PutUserPolicy.
650
+ # You use this operation to attach a *managed* policy to a user. To
651
+ # embed an inline policy in a user, use PutUserPolicy.
647
652
  #
648
- # For more information about policies, see [Managed Policies and Inline
649
- # Policies][1] in the *IAM User Guide*.
653
+ # As a best practice, you can validate your IAM policies. To learn more,
654
+ # see [Validating IAM policies][1] in the *IAM User Guide*.
650
655
  #
656
+ # For more information about policies, see [Managed policies and inline
657
+ # policies][2] in the *IAM User Guide*.
651
658
  #
652
659
  #
653
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
660
+ #
661
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
662
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
654
663
  #
655
664
  # @option params [required, String] :user_name
656
665
  # The name (friendly name, not ARN) of the IAM user to attach the policy
@@ -668,8 +677,8 @@ module Aws::IAM
668
677
  # @option params [required, String] :policy_arn
669
678
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
670
679
  #
671
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
672
- # AWS Service Namespaces][1] in the *AWS General Reference*.
680
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
681
+ # in the *AWS General Reference*.
673
682
  #
674
683
  #
675
684
  #
@@ -704,11 +713,14 @@ module Aws::IAM
704
713
  end
705
714
 
706
715
  # Changes the password of the IAM user who is calling this operation.
707
- # The AWS account root user password is not affected by this operation.
716
+ # This operation can be performed using the AWS CLI, the AWS API, or the
717
+ # **My Security Credentials** page in the AWS Management Console. The
718
+ # AWS account root user password is not affected by this operation.
708
719
  #
709
- # To change the password for a different user, see UpdateLoginProfile.
710
- # For more information about modifying passwords, see [Managing
711
- # Passwords][1] in the *IAM User Guide*.
720
+ # Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the
721
+ # **Users** page in the IAM console to change the password for any IAM
722
+ # user. For more information about modifying passwords, see [Managing
723
+ # passwords][1] in the *IAM User Guide*.
712
724
  #
713
725
  #
714
726
  #
@@ -773,9 +785,8 @@ module Aws::IAM
773
785
  # credentials. This is true even if the AWS account has no associated
774
786
  # users.
775
787
  #
776
- # The number and size of IAM resources in an AWS account are limited.
777
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
778
- # Guide*.
788
+ # For information about quotas on the number of keys you can create, see
789
+ # [IAM and STS quotas][1] in the *IAM User Guide*.
779
790
  #
780
791
  # To ensure the security of your AWS account, the secret access key is
781
792
  # accessible only during key and user creation. You must save the key
@@ -847,7 +858,7 @@ module Aws::IAM
847
858
  end
848
859
 
849
860
  # Creates an alias for your AWS account. For information about using an
850
- # AWS account alias, see [Using an Alias for Your AWS Account ID][1] in
861
+ # AWS account alias, see [Using an alias for your AWS account ID][1] in
851
862
  # the *IAM User Guide*.
852
863
  #
853
864
  #
@@ -894,9 +905,8 @@ module Aws::IAM
894
905
 
895
906
  # Creates a new group.
896
907
  #
897
- # The number and size of IAM resources in an AWS account are limited.
898
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
899
- # Guide*.
908
+ # For information about the number of groups you can create, see [IAM
909
+ # and STS quotas][1] in the *IAM User Guide*.
900
910
  #
901
911
  #
902
912
  #
@@ -904,7 +914,7 @@ module Aws::IAM
904
914
  #
905
915
  # @option params [String] :path
906
916
  # The path to the group. For more information about paths, see [IAM
907
- # Identifiers][1] in the *IAM User Guide*.
917
+ # identifiers][1] in the *IAM User Guide*.
908
918
  #
909
919
  # This parameter is optional. If it is not included, it defaults to a
910
920
  # slash (/).
@@ -978,15 +988,14 @@ module Aws::IAM
978
988
  end
979
989
 
980
990
  # Creates a new instance profile. For information about instance
981
- # profiles, go to [About Instance Profiles][1].
991
+ # profiles, see [About instance profiles][1].
982
992
  #
983
- # The number and size of IAM resources in an AWS account are limited.
984
- # For more information, see [IAM and STS Quotas][2] in the *IAM User
985
- # Guide*.
993
+ # For information about the number of instance profiles you can create,
994
+ # see [IAM object quotas][2] in the *IAM User Guide*.
986
995
  #
987
996
  #
988
997
  #
989
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
998
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entities
990
999
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
991
1000
  #
992
1001
  # @option params [required, String] :instance_profile_name
@@ -1020,6 +1029,22 @@ module Aws::IAM
1020
1029
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
1021
1030
  # [2]: http://wikipedia.org/wiki/regex
1022
1031
  #
1032
+ # @option params [Array<Types::Tag>] :tags
1033
+ # A list of tags that you want to attach to the newly created IAM
1034
+ # instance profile. Each tag consists of a key name and an associated
1035
+ # value. For more information about tagging, see [Tagging IAM
1036
+ # resources][1] in the *IAM User Guide*.
1037
+ #
1038
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1039
+ # number of tags, then the entire request fails and the resource is not
1040
+ # created.
1041
+ #
1042
+ # </note>
1043
+ #
1044
+ #
1045
+ #
1046
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1047
+ #
1023
1048
  # @return [Types::CreateInstanceProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1024
1049
  #
1025
1050
  # * {Types::CreateInstanceProfileResponse#instance_profile #instance_profile} => Types::InstanceProfile
@@ -1052,6 +1077,12 @@ module Aws::IAM
1052
1077
  # resp = client.create_instance_profile({
1053
1078
  # instance_profile_name: "instanceProfileNameType", # required
1054
1079
  # path: "pathType",
1080
+ # tags: [
1081
+ # {
1082
+ # key: "tagKeyType", # required
1083
+ # value: "tagValueType", # required
1084
+ # },
1085
+ # ],
1055
1086
  # })
1056
1087
  #
1057
1088
  # @example Response structure
@@ -1077,6 +1108,9 @@ module Aws::IAM
1077
1108
  # resp.instance_profile.roles[0].tags[0].value #=> String
1078
1109
  # resp.instance_profile.roles[0].role_last_used.last_used_date #=> Time
1079
1110
  # resp.instance_profile.roles[0].role_last_used.region #=> String
1111
+ # resp.instance_profile.tags #=> Array
1112
+ # resp.instance_profile.tags[0].key #=> String
1113
+ # resp.instance_profile.tags[0].value #=> String
1080
1114
  #
1081
1115
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation
1082
1116
  #
@@ -1087,10 +1121,16 @@ module Aws::IAM
1087
1121
  req.send_request(options)
1088
1122
  end
1089
1123
 
1090
- # Creates a password for the specified user, giving the user the ability
1091
- # to access AWS services through the AWS Management Console. For more
1092
- # information about managing passwords, see [Managing Passwords][1] in
1093
- # the *IAM User Guide*.
1124
+ # Creates a password for the specified IAM user. A password allows an
1125
+ # IAM user to access AWS services through the AWS Management Console.
1126
+ #
1127
+ # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
1128
+ # console to create a password for any IAM user. Use ChangePassword to
1129
+ # update your own existing password in the **My Security Credentials**
1130
+ # page in the AWS Management Console.
1131
+ #
1132
+ # For more information about managing passwords, see [Managing
1133
+ # passwords][1] in the *IAM User Guide*.
1094
1134
  #
1095
1135
  #
1096
1136
  #
@@ -1253,16 +1293,33 @@ module Aws::IAM
1253
1293
  # certificate used by https://keys.server.example.com.
1254
1294
  #
1255
1295
  # For more information about obtaining the OIDC provider's thumbprint,
1256
- # see [Obtaining the Thumbprint for an OpenID Connect Provider][1] in
1296
+ # see [Obtaining the thumbprint for an OpenID Connect provider][1] in
1257
1297
  # the *IAM User Guide*.
1258
1298
  #
1259
1299
  #
1260
1300
  #
1261
1301
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html
1262
1302
  #
1303
+ # @option params [Array<Types::Tag>] :tags
1304
+ # A list of tags that you want to attach to the new IAM OpenID Connect
1305
+ # (OIDC) provider. Each tag consists of a key name and an associated
1306
+ # value. For more information about tagging, see [Tagging IAM
1307
+ # resources][1] in the *IAM User Guide*.
1308
+ #
1309
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1310
+ # number of tags, then the entire request fails and the resource is not
1311
+ # created.
1312
+ #
1313
+ # </note>
1314
+ #
1315
+ #
1316
+ #
1317
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1318
+ #
1263
1319
  # @return [Types::CreateOpenIDConnectProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1264
1320
  #
1265
1321
  # * {Types::CreateOpenIDConnectProviderResponse#open_id_connect_provider_arn #open_id_connect_provider_arn} => String
1322
+ # * {Types::CreateOpenIDConnectProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
1266
1323
  #
1267
1324
  #
1268
1325
  # @example Example: To create an instance profile
@@ -1291,11 +1348,20 @@ module Aws::IAM
1291
1348
  # url: "OpenIDConnectProviderUrlType", # required
1292
1349
  # client_id_list: ["clientIDType"],
1293
1350
  # thumbprint_list: ["thumbprintType"], # required
1351
+ # tags: [
1352
+ # {
1353
+ # key: "tagKeyType", # required
1354
+ # value: "tagValueType", # required
1355
+ # },
1356
+ # ],
1294
1357
  # })
1295
1358
  #
1296
1359
  # @example Response structure
1297
1360
  #
1298
1361
  # resp.open_id_connect_provider_arn #=> String
1362
+ # resp.tags #=> Array
1363
+ # resp.tags[0].key #=> String
1364
+ # resp.tags[0].value #=> String
1299
1365
  #
1300
1366
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProvider AWS API Documentation
1301
1367
  #
@@ -1310,16 +1376,20 @@ module Aws::IAM
1310
1376
  #
1311
1377
  # This operation creates a policy version with a version identifier of
1312
1378
  # `v1` and sets v1 as the policy's default version. For more
1313
- # information about policy versions, see [Versioning for Managed
1314
- # Policies][1] in the *IAM User Guide*.
1379
+ # information about policy versions, see [Versioning for managed
1380
+ # policies][1] in the *IAM User Guide*.
1381
+ #
1382
+ # As a best practice, you can validate your IAM policies. To learn more,
1383
+ # see [Validating IAM policies][2] in the *IAM User Guide*.
1315
1384
  #
1316
1385
  # For more information about managed policies in general, see [Managed
1317
- # Policies and Inline Policies][2] in the *IAM User Guide*.
1386
+ # policies and inline policies][3] in the *IAM User Guide*.
1318
1387
  #
1319
1388
  #
1320
1389
  #
1321
1390
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
1322
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
1391
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
1392
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
1323
1393
  #
1324
1394
  # @option params [required, String] :policy_name
1325
1395
  # The friendly name of the policy.
@@ -1331,7 +1401,7 @@ module Aws::IAM
1331
1401
  # @option params [String] :path
1332
1402
  # The path for the policy.
1333
1403
  #
1334
- # For more information about paths, see [IAM Identifiers][1] in the *IAM
1404
+ # For more information about paths, see [IAM identifiers][1] in the *IAM
1335
1405
  # User Guide*.
1336
1406
  #
1337
1407
  # This parameter is optional. If it is not included, it defaults to a
@@ -1384,6 +1454,22 @@ module Aws::IAM
1384
1454
  # The policy description is immutable. After a value is assigned, it
1385
1455
  # cannot be changed.
1386
1456
  #
1457
+ # @option params [Array<Types::Tag>] :tags
1458
+ # A list of tags that you want to attach to the new IAM customer managed
1459
+ # policy. Each tag consists of a key name and an associated value. For
1460
+ # more information about tagging, see [Tagging IAM resources][1] in the
1461
+ # *IAM User Guide*.
1462
+ #
1463
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1464
+ # number of tags, then the entire request fails and the resource is not
1465
+ # created.
1466
+ #
1467
+ # </note>
1468
+ #
1469
+ #
1470
+ #
1471
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1472
+ #
1387
1473
  # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1388
1474
  #
1389
1475
  # * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
@@ -1395,6 +1481,12 @@ module Aws::IAM
1395
1481
  # path: "policyPathType",
1396
1482
  # policy_document: "policyDocumentType", # required
1397
1483
  # description: "policyDescriptionType",
1484
+ # tags: [
1485
+ # {
1486
+ # key: "tagKeyType", # required
1487
+ # value: "tagValueType", # required
1488
+ # },
1489
+ # ],
1398
1490
  # })
1399
1491
  #
1400
1492
  # @example Response structure
@@ -1410,6 +1502,9 @@ module Aws::IAM
1410
1502
  # resp.policy.description #=> String
1411
1503
  # resp.policy.create_date #=> Time
1412
1504
  # resp.policy.update_date #=> Time
1505
+ # resp.policy.tags #=> Array
1506
+ # resp.policy.tags[0].key #=> String
1507
+ # resp.policy.tags[0].value #=> String
1413
1508
  #
1414
1509
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicy AWS API Documentation
1415
1510
  #
@@ -1431,7 +1526,7 @@ module Aws::IAM
1431
1526
  # IAM users, groups, and roles to which the policy is attached.
1432
1527
  #
1433
1528
  # For more information about managed policy versions, see [Versioning
1434
- # for Managed Policies][1] in the *IAM User Guide*.
1529
+ # for managed policies][1] in the *IAM User Guide*.
1435
1530
  #
1436
1531
  #
1437
1532
  #
@@ -1441,8 +1536,8 @@ module Aws::IAM
1441
1536
  # The Amazon Resource Name (ARN) of the IAM policy to which you want to
1442
1537
  # add a new version.
1443
1538
  #
1444
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
1445
- # AWS Service Namespaces][1] in the *AWS General Reference*.
1539
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
1540
+ # in the *AWS General Reference*.
1446
1541
  #
1447
1542
  #
1448
1543
  #
@@ -1482,7 +1577,7 @@ module Aws::IAM
1482
1577
  # for the IAM users, groups, and roles that the policy is attached to.
1483
1578
  #
1484
1579
  # For more information about managed policy versions, see [Versioning
1485
- # for Managed Policies][1] in the *IAM User Guide*.
1580
+ # for managed policies][1] in the *IAM User Guide*.
1486
1581
  #
1487
1582
  #
1488
1583
  #
@@ -1517,9 +1612,9 @@ module Aws::IAM
1517
1612
  end
1518
1613
 
1519
1614
  # Creates a new role for your AWS account. For more information about
1520
- # roles, go to [IAM Roles][1]. The number and size of IAM resources in
1521
- # an AWS account are limited. For more information, see [IAM and STS
1522
- # Quotas][2] in the *IAM User Guide*.
1615
+ # roles, see [IAM roles][1]. For information about quotas for role names
1616
+ # and the number of roles you can create, see [IAM and STS quotas][2] in
1617
+ # the *IAM User Guide*.
1523
1618
  #
1524
1619
  #
1525
1620
  #
@@ -1599,7 +1694,7 @@ module Aws::IAM
1599
1694
  # for one hour by default. This applies when you use the `AssumeRole*`
1600
1695
  # API operations or the `assume-role*` CLI operations but does not apply
1601
1696
  # when you use those operations to create a console URL. For more
1602
- # information, see [Using IAM Roles][1] in the *IAM User Guide*.
1697
+ # information, see [Using IAM roles][1] in the *IAM User Guide*.
1603
1698
  #
1604
1699
  #
1605
1700
  #
@@ -1610,13 +1705,12 @@ module Aws::IAM
1610
1705
  # the role.
1611
1706
  #
1612
1707
  # @option params [Array<Types::Tag>] :tags
1613
- # A list of tags that you want to attach to the newly created role. Each
1614
- # tag consists of a key name and an associated value. For more
1615
- # information about tagging, see [Tagging IAM Identities][1] in the *IAM
1616
- # User Guide*.
1708
+ # A list of tags that you want to attach to the new role. Each tag
1709
+ # consists of a key name and an associated value. For more information
1710
+ # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
1617
1711
  #
1618
- # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1619
- # of tags per role, then the entire request fails and the role is not
1712
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1713
+ # number of tags, then the entire request fails and the resource is not
1620
1714
  # created.
1621
1715
  #
1622
1716
  # </note>
@@ -1718,9 +1812,9 @@ module Aws::IAM
1718
1812
  #
1719
1813
  # </note>
1720
1814
  #
1721
- # For more information, see [Enabling SAML 2.0 Federated Users to Access
1815
+ # For more information, see [Enabling SAML 2.0 federated users to access
1722
1816
  # the AWS Management Console][2] and [About SAML 2.0-based
1723
- # Federation][3] in the *IAM User Guide*.
1817
+ # federation][3] in the *IAM User Guide*.
1724
1818
  #
1725
1819
  #
1726
1820
  #
@@ -1736,7 +1830,7 @@ module Aws::IAM
1736
1830
  # You must generate the metadata document using the identity management
1737
1831
  # software that is used as your organization's IdP.
1738
1832
  #
1739
- # For more information, see [About SAML 2.0-based Federation][1] in the
1833
+ # For more information, see [About SAML 2.0-based federation][1] in the
1740
1834
  # *IAM User Guide*
1741
1835
  #
1742
1836
  #
@@ -1755,20 +1849,46 @@ module Aws::IAM
1755
1849
  #
1756
1850
  # [1]: http://wikipedia.org/wiki/regex
1757
1851
  #
1852
+ # @option params [Array<Types::Tag>] :tags
1853
+ # A list of tags that you want to attach to the new IAM SAML provider.
1854
+ # Each tag consists of a key name and an associated value. For more
1855
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
1856
+ # User Guide*.
1857
+ #
1858
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1859
+ # number of tags, then the entire request fails and the resource is not
1860
+ # created.
1861
+ #
1862
+ # </note>
1863
+ #
1864
+ #
1865
+ #
1866
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1867
+ #
1758
1868
  # @return [Types::CreateSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1759
1869
  #
1760
1870
  # * {Types::CreateSAMLProviderResponse#saml_provider_arn #saml_provider_arn} => String
1871
+ # * {Types::CreateSAMLProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
1761
1872
  #
1762
1873
  # @example Request syntax with placeholder values
1763
1874
  #
1764
1875
  # resp = client.create_saml_provider({
1765
1876
  # saml_metadata_document: "SAMLMetadataDocumentType", # required
1766
1877
  # name: "SAMLProviderNameType", # required
1878
+ # tags: [
1879
+ # {
1880
+ # key: "tagKeyType", # required
1881
+ # value: "tagValueType", # required
1882
+ # },
1883
+ # ],
1767
1884
  # })
1768
1885
  #
1769
1886
  # @example Response structure
1770
1887
  #
1771
1888
  # resp.saml_provider_arn #=> String
1889
+ # resp.tags #=> Array
1890
+ # resp.tags[0].key #=> String
1891
+ # resp.tags[0].value #=> String
1772
1892
  #
1773
1893
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProvider AWS API Documentation
1774
1894
  #
@@ -1786,7 +1906,7 @@ module Aws::IAM
1786
1906
  # resources into an unknown state. Allowing the service to control the
1787
1907
  # role helps improve service stability and proper cleanup when a service
1788
1908
  # and its role are no longer needed. For more information, see [Using
1789
- # Service-Linked Roles][1] in the *IAM User Guide*.
1909
+ # service-linked roles][1] in the *IAM User Guide*.
1790
1910
  #
1791
1911
  # To attach a policy to this service-linked role, you must make the
1792
1912
  # request using the AWS service that depends on this role.
@@ -1801,8 +1921,8 @@ module Aws::IAM
1801
1921
  # front. For example: `elasticbeanstalk.amazonaws.com`.
1802
1922
  #
1803
1923
  # Service principals are unique and case-sensitive. To find the exact
1804
- # service principal for your service-linked role, see [AWS Services That
1805
- # Work with IAM][1] in the *IAM User Guide*. Look for the services that
1924
+ # service principal for your service-linked role, see [AWS services that
1925
+ # work with IAM][1] in the *IAM User Guide*. Look for the services that
1806
1926
  # have <b>Yes </b>in the **Service-Linked Role** column. Choose the
1807
1927
  # **Yes** link to view the service-linked role documentation for that
1808
1928
  # service.
@@ -1872,14 +1992,15 @@ module Aws::IAM
1872
1992
  # You can have a maximum of two sets of service-specific credentials for
1873
1993
  # each supported service per user.
1874
1994
  #
1875
- # The only supported service at this time is AWS CodeCommit.
1995
+ # You can create service-specific credentials for AWS CodeCommit and
1996
+ # Amazon Keyspaces (for Apache Cassandra).
1876
1997
  #
1877
1998
  # You can reset the password to a new service-generated value by calling
1878
1999
  # ResetServiceSpecificCredential.
1879
2000
  #
1880
2001
  # For more information about service-specific credentials, see [Using
1881
- # IAM with AWS CodeCommit: Git Credentials, SSH Keys, and AWS Access
1882
- # Keys][1] in the *IAM User Guide*.
2002
+ # IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access
2003
+ # keys][1] in the *IAM User Guide*.
1883
2004
  #
1884
2005
  #
1885
2006
  #
@@ -1937,9 +2058,8 @@ module Aws::IAM
1937
2058
 
1938
2059
  # Creates a new IAM user for your AWS account.
1939
2060
  #
1940
- # The number and size of IAM resources in an AWS account are limited.
1941
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
1942
- # Guide*.
2061
+ # For information about quotas for the number of IAM users you can
2062
+ # create, see [IAM and STS quotas][1] in the *IAM User Guide*.
1943
2063
  #
1944
2064
  #
1945
2065
  #
@@ -1947,7 +2067,7 @@ module Aws::IAM
1947
2067
  #
1948
2068
  # @option params [String] :path
1949
2069
  # The path for the user name. For more information about paths, see [IAM
1950
- # Identifiers][1] in the *IAM User Guide*.
2070
+ # identifiers][1] in the *IAM User Guide*.
1951
2071
  #
1952
2072
  # This parameter is optional. If it is not included, it defaults to a
1953
2073
  # slash (/).
@@ -1976,13 +2096,12 @@ module Aws::IAM
1976
2096
  # the user.
1977
2097
  #
1978
2098
  # @option params [Array<Types::Tag>] :tags
1979
- # A list of tags that you want to attach to the newly created user. Each
1980
- # tag consists of a key name and an associated value. For more
1981
- # information about tagging, see [Tagging IAM Identities][1] in the *IAM
1982
- # User Guide*.
2099
+ # A list of tags that you want to attach to the new user. Each tag
2100
+ # consists of a key name and an associated value. For more information
2101
+ # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
1983
2102
  #
1984
- # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1985
- # of tags per user, then the entire request fails and the user is not
2103
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
2104
+ # number of tags, then the entire request fails and the resource is not
1986
2105
  # created.
1987
2106
  #
1988
2107
  # </note>
@@ -2055,12 +2174,11 @@ module Aws::IAM
2055
2174
  # Creates a new virtual MFA device for the AWS account. After creating
2056
2175
  # the virtual MFA, use EnableMFADevice to attach the MFA device to an
2057
2176
  # IAM user. For more information about creating and working with virtual
2058
- # MFA devices, go to [Using a Virtual MFA Device][1] in the *IAM User
2177
+ # MFA devices, see [Using a virtual MFA device][1] in the *IAM User
2059
2178
  # Guide*.
2060
2179
  #
2061
- # The number and size of IAM resources in an AWS account are limited.
2062
- # For more information, see [IAM and STS Quotas][2] in the *IAM User
2063
- # Guide*.
2180
+ # For information about the maximum number of MFA devices you can
2181
+ # create, see [IAM and STS quotas][2] in the *IAM User Guide*.
2064
2182
  #
2065
2183
  # The seed information contained in the QR code and the Base32 string
2066
2184
  # should be treated like any other secret access information. In other
@@ -2075,7 +2193,7 @@ module Aws::IAM
2075
2193
  #
2076
2194
  # @option params [String] :path
2077
2195
  # The path for the virtual MFA device. For more information about paths,
2078
- # see [IAM Identifiers][1] in the *IAM User Guide*.
2196
+ # see [IAM identifiers][1] in the *IAM User Guide*.
2079
2197
  #
2080
2198
  # This parameter is optional. If it is not included, it defaults to a
2081
2199
  # slash (/).
@@ -2105,6 +2223,22 @@ module Aws::IAM
2105
2223
  #
2106
2224
  # [1]: http://wikipedia.org/wiki/regex
2107
2225
  #
2226
+ # @option params [Array<Types::Tag>] :tags
2227
+ # A list of tags that you want to attach to the new IAM virtual MFA
2228
+ # device. Each tag consists of a key name and an associated value. For
2229
+ # more information about tagging, see [Tagging IAM resources][1] in the
2230
+ # *IAM User Guide*.
2231
+ #
2232
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
2233
+ # number of tags, then the entire request fails and the resource is not
2234
+ # created.
2235
+ #
2236
+ # </note>
2237
+ #
2238
+ #
2239
+ #
2240
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
2241
+ #
2108
2242
  # @return [Types::CreateVirtualMFADeviceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2109
2243
  #
2110
2244
  # * {Types::CreateVirtualMFADeviceResponse#virtual_mfa_device #virtual_mfa_device} => Types::VirtualMFADevice
@@ -2114,6 +2248,12 @@ module Aws::IAM
2114
2248
  # resp = client.create_virtual_mfa_device({
2115
2249
  # path: "pathType",
2116
2250
  # virtual_mfa_device_name: "virtualMFADeviceName", # required
2251
+ # tags: [
2252
+ # {
2253
+ # key: "tagKeyType", # required
2254
+ # value: "tagValueType", # required
2255
+ # },
2256
+ # ],
2117
2257
  # })
2118
2258
  #
2119
2259
  # @example Response structure
@@ -2133,6 +2273,9 @@ module Aws::IAM
2133
2273
  # resp.virtual_mfa_device.user.tags[0].key #=> String
2134
2274
  # resp.virtual_mfa_device.user.tags[0].value #=> String
2135
2275
  # resp.virtual_mfa_device.enable_date #=> Time
2276
+ # resp.virtual_mfa_device.tags #=> Array
2277
+ # resp.virtual_mfa_device.tags[0].key #=> String
2278
+ # resp.virtual_mfa_device.tags[0].value #=> String
2136
2279
  #
2137
2280
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADevice AWS API Documentation
2138
2281
  #
@@ -2147,8 +2290,8 @@ module Aws::IAM
2147
2290
  # with the user name for which it was originally enabled.
2148
2291
  #
2149
2292
  # For more information about creating and working with virtual MFA
2150
- # devices, go to [Enabling a Virtual Multi-factor Authentication (MFA)
2151
- # Device][1] in the *IAM User Guide*.
2293
+ # devices, see [Enabling a virtual multi-factor authentication (MFA)
2294
+ # device][1] in the *IAM User Guide*.
2152
2295
  #
2153
2296
  #
2154
2297
  #
@@ -2258,7 +2401,7 @@ module Aws::IAM
2258
2401
  end
2259
2402
 
2260
2403
  # Deletes the specified AWS account alias. For information about using
2261
- # an AWS account alias, see [Using an Alias for Your AWS Account ID][1]
2404
+ # an AWS account alias, see [Using an alias for your AWS account ID][1]
2262
2405
  # in the *IAM User Guide*.
2263
2406
  #
2264
2407
  #
@@ -2362,8 +2505,8 @@ module Aws::IAM
2362
2505
  #
2363
2506
  # A group can also have managed policies attached to it. To detach a
2364
2507
  # managed policy from a group, use DetachGroupPolicy. For more
2365
- # information about policies, refer to [Managed Policies and Inline
2366
- # Policies][1] in the *IAM User Guide*.
2508
+ # information about policies, refer to [Managed policies and inline
2509
+ # policies][1] in the *IAM User Guide*.
2367
2510
  #
2368
2511
  #
2369
2512
  #
@@ -2430,8 +2573,8 @@ module Aws::IAM
2430
2573
  # instance profile that is associated with a running instance will break
2431
2574
  # any applications running on the instance.
2432
2575
  #
2433
- # For more information about instance profiles, go to [About Instance
2434
- # Profiles][1].
2576
+ # For more information about instance profiles, see [About instance
2577
+ # profiles][1].
2435
2578
  #
2436
2579
  #
2437
2580
  #
@@ -2479,6 +2622,11 @@ module Aws::IAM
2479
2622
  # user's ability to access AWS services through the AWS Management
2480
2623
  # Console.
2481
2624
  #
2625
+ # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
2626
+ # console to delete a password for any IAM user. You can use
2627
+ # ChangePassword to update, but not delete, your own password in the
2628
+ # **My Security Credentials** page in the AWS Management Console.
2629
+ #
2482
2630
  # Deleting a user's password does not prevent a user from accessing AWS
2483
2631
  # through the command line interface or the API. To prevent all user
2484
2632
  # access, you must also either make any access keys inactive or delete
@@ -2564,9 +2712,9 @@ module Aws::IAM
2564
2712
  # steps describe the process for deleting a managed policy:
2565
2713
  #
2566
2714
  # * Detach the policy from all users, groups, and roles that the policy
2567
- # is attached to, using the DetachUserPolicy, DetachGroupPolicy, or
2568
- # DetachRolePolicy API operations. To list all the users, groups, and
2569
- # roles that a policy is attached to, use ListEntitiesForPolicy.
2715
+ # is attached to, using DetachUserPolicy, DetachGroupPolicy, or
2716
+ # DetachRolePolicy. To list all the users, groups, and roles that a
2717
+ # policy is attached to, use ListEntitiesForPolicy.
2570
2718
  #
2571
2719
  # * Delete all versions of the policy using DeletePolicyVersion. To list
2572
2720
  # the policy's versions, use ListPolicyVersions. You cannot use
@@ -2575,10 +2723,10 @@ module Aws::IAM
2575
2723
  # next step of the process.
2576
2724
  #
2577
2725
  # * Delete the policy (this automatically deletes the policy's default
2578
- # version) using this API.
2726
+ # version) using this operation.
2579
2727
  #
2580
- # For information about managed policies, see [Managed Policies and
2581
- # Inline Policies][1] in the *IAM User Guide*.
2728
+ # For information about managed policies, see [Managed policies and
2729
+ # inline policies][1] in the *IAM User Guide*.
2582
2730
  #
2583
2731
  #
2584
2732
  #
@@ -2587,8 +2735,8 @@ module Aws::IAM
2587
2735
  # @option params [required, String] :policy_arn
2588
2736
  # The Amazon Resource Name (ARN) of the IAM policy you want to delete.
2589
2737
  #
2590
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
2591
- # AWS Service Namespaces][1] in the *AWS General Reference*.
2738
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
2739
+ # in the *AWS General Reference*.
2592
2740
  #
2593
2741
  #
2594
2742
  #
@@ -2613,13 +2761,13 @@ module Aws::IAM
2613
2761
 
2614
2762
  # Deletes the specified version from the specified managed policy.
2615
2763
  #
2616
- # You cannot delete the default version from a policy using this API. To
2617
- # delete the default version from a policy, use DeletePolicy. To find
2618
- # out which version of a policy is marked as the default version, use
2619
- # ListPolicyVersions.
2764
+ # You cannot delete the default version from a policy using this
2765
+ # operation. To delete the default version from a policy, use
2766
+ # DeletePolicy. To find out which version of a policy is marked as the
2767
+ # default version, use ListPolicyVersions.
2620
2768
  #
2621
2769
  # For information about versions for managed policies, see [Versioning
2622
- # for Managed Policies][1] in the *IAM User Guide*.
2770
+ # for managed policies][1] in the *IAM User Guide*.
2623
2771
  #
2624
2772
  #
2625
2773
  #
@@ -2629,8 +2777,8 @@ module Aws::IAM
2629
2777
  # The Amazon Resource Name (ARN) of the IAM policy from which you want
2630
2778
  # to delete a version.
2631
2779
  #
2632
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
2633
- # AWS Service Namespaces][1] in the *AWS General Reference*.
2780
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
2781
+ # in the *AWS General Reference*.
2634
2782
  #
2635
2783
  #
2636
2784
  #
@@ -2645,7 +2793,7 @@ module Aws::IAM
2645
2793
  # of letters and digits.
2646
2794
  #
2647
2795
  # For more information about managed policy versions, see [Versioning
2648
- # for Managed Policies][2] in the *IAM User Guide*.
2796
+ # for managed policies][2] in the *IAM User Guide*.
2649
2797
  #
2650
2798
  #
2651
2799
  #
@@ -2671,8 +2819,8 @@ module Aws::IAM
2671
2819
  end
2672
2820
 
2673
2821
  # Deletes the specified role. The role must not have any policies
2674
- # attached. For more information about roles, go to [Working with
2675
- # Roles][1].
2822
+ # attached. For more information about roles, see [Working with
2823
+ # roles][1].
2676
2824
  #
2677
2825
  # Make sure that you do not have any Amazon EC2 instances running with
2678
2826
  # the role you are about to delete. Deleting a role or instance profile
@@ -2753,7 +2901,7 @@ module Aws::IAM
2753
2901
  #
2754
2902
  # A role can also have managed policies attached to it. To detach a
2755
2903
  # managed policy from a role, use DetachRolePolicy. For more information
2756
- # about policies, refer to [Managed Policies and Inline Policies][1] in
2904
+ # about policies, refer to [Managed policies and inline policies][1] in
2757
2905
  # the *IAM User Guide*.
2758
2906
  #
2759
2907
  #
@@ -2854,7 +3002,7 @@ module Aws::IAM
2854
3002
  # authenticating the associated IAM user to an AWS CodeCommit
2855
3003
  # repository. For more information about using SSH keys to authenticate
2856
3004
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
2857
- # Connections][1] in the *AWS CodeCommit User Guide*.
3005
+ # connections][1] in the *AWS CodeCommit User Guide*.
2858
3006
  #
2859
3007
  #
2860
3008
  #
@@ -2904,7 +3052,7 @@ module Aws::IAM
2904
3052
  # Deletes the specified server certificate.
2905
3053
  #
2906
3054
  # For more information about working with server certificates, see
2907
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
3055
+ # [Working with server certificates][1] in the *IAM User Guide*. This
2908
3056
  # topic also includes a list of AWS services that can use the server
2909
3057
  # certificates that you manage with IAM.
2910
3058
  #
@@ -2915,8 +3063,8 @@ module Aws::IAM
2915
3063
  # cause Elastic Load Balancing to stop accepting traffic. We recommend
2916
3064
  # that you remove the reference to the certificate from Elastic Load
2917
3065
  # Balancing before using this command to delete the certificate. For
2918
- # more information, go to [DeleteLoadBalancerListeners][2] in the
2919
- # *Elastic Load Balancing API Reference*.
3066
+ # more information, see [DeleteLoadBalancerListeners][2] in the *Elastic
3067
+ # Load Balancing API Reference*.
2920
3068
  #
2921
3069
  #
2922
3070
  #
@@ -2962,17 +3110,16 @@ module Aws::IAM
2962
3110
  #
2963
3111
  # If you submit a deletion request for a service-linked role whose
2964
3112
  # linked service is still accessing a resource, then the deletion task
2965
- # fails. If it fails, the GetServiceLinkedRoleDeletionStatus API
2966
- # operation returns the reason for the failure, usually including the
2967
- # resources that must be deleted. To delete the service-linked role, you
2968
- # must first remove those resources from the linked service and then
2969
- # submit the deletion request again. Resources are specific to the
2970
- # service that is linked to the role. For more information about
2971
- # removing resources from a service, see the [AWS documentation][1] for
2972
- # your service.
3113
+ # fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation
3114
+ # returns the reason for the failure, usually including the resources
3115
+ # that must be deleted. To delete the service-linked role, you must
3116
+ # first remove those resources from the linked service and then submit
3117
+ # the deletion request again. Resources are specific to the service that
3118
+ # is linked to the role. For more information about removing resources
3119
+ # from a service, see the [AWS documentation][1] for your service.
2973
3120
  #
2974
- # For more information about service-linked roles, see [Roles Terms and
2975
- # Concepts: AWS Service-Linked Role][2] in the *IAM User Guide*.
3121
+ # For more information about service-linked roles, see [Roles terms and
3122
+ # concepts: AWS service-linked role][2] in the *IAM User Guide*.
2976
3123
  #
2977
3124
  #
2978
3125
  #
@@ -3113,7 +3260,7 @@ module Aws::IAM
3113
3260
  # Deletes the specified IAM user. Unlike the AWS Management Console,
3114
3261
  # when you delete a user programmatically, you must delete the items
3115
3262
  # attached to the user manually, or the deletion fails. For more
3116
- # information, see [Deleting an IAM User][1]. Before attempting to
3263
+ # information, see [Deleting an IAM user][1]. Before attempting to
3117
3264
  # delete a user, remove the following items:
3118
3265
  #
3119
3266
  # * Password (DeleteLoginProfile)
@@ -3209,7 +3356,7 @@ module Aws::IAM
3209
3356
  #
3210
3357
  # A user can also have managed policies attached to it. To detach a
3211
3358
  # managed policy from a user, use DetachUserPolicy. For more information
3212
- # about policies, refer to [Managed Policies and Inline Policies][1] in
3359
+ # about policies, refer to [Managed policies and inline policies][1] in
3213
3360
  # the *IAM User Guide*.
3214
3361
  #
3215
3362
  #
@@ -3319,9 +3466,8 @@ module Aws::IAM
3319
3466
  # Removes the specified managed policy from the specified IAM group.
3320
3467
  #
3321
3468
  # A group can also have inline policies embedded with it. To delete an
3322
- # inline policy, use the DeleteGroupPolicy API. For information about
3323
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
3324
- # User Guide*.
3469
+ # inline policy, use DeleteGroupPolicy. For information about policies,
3470
+ # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3325
3471
  #
3326
3472
  #
3327
3473
  #
@@ -3343,8 +3489,8 @@ module Aws::IAM
3343
3489
  # @option params [required, String] :policy_arn
3344
3490
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3345
3491
  #
3346
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3347
- # AWS Service Namespaces][1] in the *AWS General Reference*.
3492
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3493
+ # in the *AWS General Reference*.
3348
3494
  #
3349
3495
  #
3350
3496
  #
@@ -3371,9 +3517,8 @@ module Aws::IAM
3371
3517
  # Removes the specified managed policy from the specified role.
3372
3518
  #
3373
3519
  # A role can also have inline policies embedded with it. To delete an
3374
- # inline policy, use the DeleteRolePolicy API. For information about
3375
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
3376
- # User Guide*.
3520
+ # inline policy, use DeleteRolePolicy. For information about policies,
3521
+ # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3377
3522
  #
3378
3523
  #
3379
3524
  #
@@ -3395,8 +3540,8 @@ module Aws::IAM
3395
3540
  # @option params [required, String] :policy_arn
3396
3541
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3397
3542
  #
3398
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3399
- # AWS Service Namespaces][1] in the *AWS General Reference*.
3543
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3544
+ # in the *AWS General Reference*.
3400
3545
  #
3401
3546
  #
3402
3547
  #
@@ -3423,9 +3568,8 @@ module Aws::IAM
3423
3568
  # Removes the specified managed policy from the specified user.
3424
3569
  #
3425
3570
  # A user can also have inline policies embedded with it. To delete an
3426
- # inline policy, use the DeleteUserPolicy API. For information about
3427
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
3428
- # User Guide*.
3571
+ # inline policy, use DeleteUserPolicy. For information about policies,
3572
+ # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3429
3573
  #
3430
3574
  #
3431
3575
  #
@@ -3447,8 +3591,8 @@ module Aws::IAM
3447
3591
  # @option params [required, String] :policy_arn
3448
3592
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3449
3593
  #
3450
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3451
- # AWS Service Namespaces][1] in the *AWS General Reference*.
3594
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3595
+ # in the *AWS General Reference*.
3452
3596
  #
3453
3597
  #
3454
3598
  #
@@ -3554,8 +3698,8 @@ module Aws::IAM
3554
3698
  end
3555
3699
 
3556
3700
  # Generates a credential report for the AWS account. For more
3557
- # information about the credential report, see [Getting Credential
3558
- # Reports][1] in the *IAM User Guide*.
3701
+ # information about the credential report, see [Getting credential
3702
+ # reports][1] in the *IAM User Guide*.
3559
3703
  #
3560
3704
  #
3561
3705
  #
@@ -3586,12 +3730,12 @@ module Aws::IAM
3586
3730
  # your organization.
3587
3731
  #
3588
3732
  # To call this operation, you must be signed in using your AWS
3589
- # Organizations master account credentials. You can use your long-term
3590
- # IAM user or root user credentials, or temporary credentials from
3591
- # assuming an IAM role. SCPs must be enabled for your organization root.
3592
- # You must have the required IAM and AWS Organizations permissions. For
3593
- # more information, see [Refining Permissions Using Service Last
3594
- # Accessed Data][1] in the *IAM User Guide*.
3733
+ # Organizations management account credentials. You can use your
3734
+ # long-term IAM user or root user credentials, or temporary credentials
3735
+ # from assuming an IAM role. SCPs must be enabled for your organization
3736
+ # root. You must have the required IAM and AWS Organizations
3737
+ # permissions. For more information, see [Refining permissions using
3738
+ # service last accessed data][1] in the *IAM User Guide*.
3595
3739
  #
3596
3740
  # You can generate a service last accessed data report for entities by
3597
3741
  # specifying only the entity's path. This data includes a list of
@@ -3607,8 +3751,8 @@ module Aws::IAM
3607
3751
  # recent account activity that the policy allows to account principals
3608
3752
  # in the entity or the entity's children. For important information
3609
3753
  # about the data, reporting period, permissions required,
3610
- # troubleshooting, and supported Regions see [Reducing Permissions Using
3611
- # Service Last Accessed Data][1] in the *IAM User Guide*.
3754
+ # troubleshooting, and supported Regions see [Reducing permissions using
3755
+ # service last accessed data][1] in the *IAM User Guide*.
3612
3756
  #
3613
3757
  # The data includes all attempts to access AWS, not just the successful
3614
3758
  # ones. This includes all attempts that were made using the AWS
@@ -3618,7 +3762,7 @@ module Aws::IAM
3618
3762
  # request might have been denied. Refer to your CloudTrail logs as the
3619
3763
  # authoritative source for information about all API calls and whether
3620
3764
  # they were successful or denied access. For more information,
3621
- # see [Logging IAM Events with CloudTrail][2] in the *IAM User Guide*.
3765
+ # see [Logging IAM events with CloudTrail][2] in the *IAM User Guide*.
3622
3766
  #
3623
3767
  # This operation returns a `JobId`. Use this parameter in the `
3624
3768
  # GetOrganizationsAccessReport ` operation to check the status of the
@@ -3635,20 +3779,20 @@ module Aws::IAM
3635
3779
  # * **Root** – When you specify the organizations root as the entity,
3636
3780
  # the resulting report lists all of the services allowed by SCPs that
3637
3781
  # are attached to your root. For each service, the report includes
3638
- # data for all accounts in your organization except the master
3639
- # account, because the master account is not limited by SCPs.
3782
+ # data for all accounts in your organization except the management
3783
+ # account, because the management account is not limited by SCPs.
3640
3784
  #
3641
3785
  # * **OU** – When you specify an organizational unit (OU) as the entity,
3642
3786
  # the resulting report lists all of the services allowed by SCPs that
3643
3787
  # are attached to the OU and its parents. For each service, the report
3644
3788
  # includes data for all accounts in the OU or its children. This data
3645
- # excludes the master account, because the master account is not
3646
- # limited by SCPs.
3789
+ # excludes the management account, because the management account is
3790
+ # not limited by SCPs.
3647
3791
  #
3648
- # * **Master account** – When you specify the master account, the
3649
- # resulting report lists all AWS services, because the master account
3650
- # is not limited by SCPs. For each service, the report includes data
3651
- # for only the master account.
3792
+ # * **management account** – When you specify the management account,
3793
+ # the resulting report lists all AWS services, because the management
3794
+ # account is not limited by SCPs. For each service, the report
3795
+ # includes data for only the management account.
3652
3796
  #
3653
3797
  # * **Account** – When you specify another account as the entity, the
3654
3798
  # resulting report lists all of the services allowed by SCPs that are
@@ -3664,26 +3808,26 @@ module Aws::IAM
3664
3808
  # resulting report lists all of the services that are allowed by the
3665
3809
  # specified SCP. For each service, the report includes data for all
3666
3810
  # accounts in your organization to which the SCP applies. This data
3667
- # excludes the master account, because the master account is not
3668
- # limited by SCPs. If the SCP is not attached to any entities in the
3669
- # organization, then the report will return a list of services with no
3670
- # data.
3811
+ # excludes the management account, because the management account is
3812
+ # not limited by SCPs. If the SCP is not attached to any entities in
3813
+ # the organization, then the report will return a list of services
3814
+ # with no data.
3671
3815
  #
3672
3816
  # * **OU** – When you specify an OU entity and a policy ID, the
3673
3817
  # resulting report lists all of the services that are allowed by the
3674
3818
  # specified SCP. For each service, the report includes data for all
3675
3819
  # accounts in the OU or its children to which the SCP applies. This
3676
3820
  # means that other accounts outside the OU that are affected by the
3677
- # SCP might not be included in the data. This data excludes the master
3678
- # account, because the master account is not limited by SCPs. If the
3679
- # SCP is not attached to the OU or one of its children, the report
3680
- # will return a list of services with no data.
3821
+ # SCP might not be included in the data. This data excludes the
3822
+ # management account, because the management account is not limited by
3823
+ # SCPs. If the SCP is not attached to the OU or one of its children,
3824
+ # the report will return a list of services with no data.
3681
3825
  #
3682
- # * **Master account** – When you specify the master account, the
3683
- # resulting report lists all AWS services, because the master account
3684
- # is not limited by SCPs. If you specify a policy ID in the CLI or
3685
- # API, the policy is ignored. For each service, the report includes
3686
- # data for only the master account.
3826
+ # * **management account** – When you specify the management account,
3827
+ # the resulting report lists all AWS services, because the management
3828
+ # account is not limited by SCPs. If you specify a policy ID in the
3829
+ # CLI or API, the policy is ignored. For each service, the report
3830
+ # includes data for only the management account.
3687
3831
  #
3688
3832
  # * **Account** – When you specify another account entity and a policy
3689
3833
  # ID, the resulting report lists all of the services that are allowed
@@ -3698,12 +3842,12 @@ module Aws::IAM
3698
3842
  # policy types include identity-based policies, resource-based policies,
3699
3843
  # access control lists, IAM permissions boundaries, and STS assume role
3700
3844
  # policies. It only applies SCP logic. For more about the evaluation of
3701
- # policy types, see [Evaluating Policies][3] in the *IAM User Guide*.
3845
+ # policy types, see [Evaluating policies][3] in the *IAM User Guide*.
3702
3846
  #
3703
3847
  # </note>
3704
3848
  #
3705
3849
  # For more information about service last accessed data, see [Reducing
3706
- # Policy Scope by Viewing User Activity][1] in the *IAM User Guide*.
3850
+ # policy scope by viewing user activity][1] in the *IAM User Guide*.
3707
3851
  #
3708
3852
  #
3709
3853
  #
@@ -3771,7 +3915,7 @@ module Aws::IAM
3771
3915
  # AWS services. Recent activity usually appears within four hours. IAM
3772
3916
  # reports activity for the last 365 days, or less if your Region began
3773
3917
  # supporting this feature within the last year. For more information,
3774
- # see [Regions Where Data Is Tracked][1].
3918
+ # see [Regions where data is tracked][1].
3775
3919
  #
3776
3920
  # The service last accessed data includes all attempts to access an AWS
3777
3921
  # API, not just the successful ones. This includes all attempts that
@@ -3781,7 +3925,7 @@ module Aws::IAM
3781
3925
  # compromised, because the request might have been denied. Refer to your
3782
3926
  # CloudTrail logs as the authoritative source for information about all
3783
3927
  # API calls and whether they were successful or denied access. For more
3784
- # information, see [Logging IAM Events with CloudTrail][2] in the *IAM
3928
+ # information, see [Logging IAM events with CloudTrail][2] in the *IAM
3785
3929
  # User Guide*.
3786
3930
  #
3787
3931
  # The `GenerateServiceLastAccessedDetails` operation returns a `JobId`.
@@ -3817,12 +3961,12 @@ module Aws::IAM
3817
3961
  # AWS Organizations policies, IAM permissions boundaries, and AWS STS
3818
3962
  # assume role policies. It only applies permissions policy logic. For
3819
3963
  # more about the evaluation of policy types, see [Evaluating
3820
- # Policies][3] in the *IAM User Guide*.
3964
+ # policies][3] in the *IAM User Guide*.
3821
3965
  #
3822
3966
  # </note>
3823
3967
  #
3824
3968
  # For more information about service and action last accessed data, see
3825
- # [Reducing Permissions Using Service Last Accessed Data][4] in the *IAM
3969
+ # [Reducing permissions using service last accessed data][4] in the *IAM
3826
3970
  # User Guide*.
3827
3971
  #
3828
3972
  #
@@ -3928,12 +4072,12 @@ module Aws::IAM
3928
4072
 
3929
4073
  # Retrieves information about all IAM users, groups, roles, and policies
3930
4074
  # in your AWS account, including their relationships to one another. Use
3931
- # this API to obtain a snapshot of the configuration of IAM permissions
3932
- # (users, groups, roles, and policies) in your account.
4075
+ # this operation to obtain a snapshot of the configuration of IAM
4076
+ # permissions (users, groups, roles, and policies) in your account.
3933
4077
  #
3934
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
3935
- # 3986][1]. You can use a URL decoding method to convert the policy back
3936
- # to plain JSON text. For example, if you use Java, you can use the
4078
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
4079
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
4080
+ # back to plain JSON text. For example, if you use Java, you can use the
3937
4081
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
3938
4082
  # SDK. Other languages and SDKs provide similar functionality.
3939
4083
  #
@@ -4054,6 +4198,9 @@ module Aws::IAM
4054
4198
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String
4055
4199
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].role_last_used.last_used_date #=> Time
4056
4200
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].role_last_used.region #=> String
4201
+ # resp.role_detail_list[0].instance_profile_list[0].tags #=> Array
4202
+ # resp.role_detail_list[0].instance_profile_list[0].tags[0].key #=> String
4203
+ # resp.role_detail_list[0].instance_profile_list[0].tags[0].value #=> String
4057
4204
  # resp.role_detail_list[0].role_policy_list #=> Array
4058
4205
  # resp.role_detail_list[0].role_policy_list[0].policy_name #=> String
4059
4206
  # resp.role_detail_list[0].role_policy_list[0].policy_document #=> String
@@ -4096,9 +4243,10 @@ module Aws::IAM
4096
4243
  req.send_request(options)
4097
4244
  end
4098
4245
 
4099
- # Retrieves the password policy for the AWS account. For more
4100
- # information about using a password policy, go to [Managing an IAM
4101
- # Password Policy][1].
4246
+ # Retrieves the password policy for the AWS account. This tells you the
4247
+ # complexity requirements and mandatory rotation periods for the IAM
4248
+ # user passwords in your account. For more information about using a
4249
+ # password policy, see [Managing an IAM password policy][1].
4102
4250
  #
4103
4251
  #
4104
4252
  #
@@ -4157,9 +4305,8 @@ module Aws::IAM
4157
4305
  # Retrieves information about IAM entity usage and IAM quotas in the AWS
4158
4306
  # account.
4159
4307
  #
4160
- # The number and size of IAM resources in an AWS account are limited.
4161
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
4162
- # Guide*.
4308
+ # For information about IAM quotas, see [IAM and STS quotas][1] in the
4309
+ # *IAM User Guide*.
4163
4310
  #
4164
4311
  #
4165
4312
  #
@@ -4292,8 +4439,8 @@ module Aws::IAM
4292
4439
  # specified as strings. If you want to include *only* a list of policies
4293
4440
  # by string, use GetContextKeysForCustomPolicy instead.
4294
4441
  #
4295
- # **Note:** This API discloses information about the permissions granted
4296
- # to other users. If you do not want users to see other user's
4442
+ # **Note:** This operation discloses information about the permissions
4443
+ # granted to other users. If you do not want users to see other user's
4297
4444
  # permissions, then consider allowing them to use
4298
4445
  # GetContextKeysForCustomPolicy instead.
4299
4446
  #
@@ -4313,8 +4460,8 @@ module Aws::IAM
4313
4460
  # parameters are shown in unencoded form here for clarity, but must be
4314
4461
  # URL encoded to be included as a part of a real HTML request.
4315
4462
  #
4316
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
4317
- # AWS Service Namespaces][1] in the *AWS General Reference*.
4463
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
4464
+ # in the *AWS General Reference*.
4318
4465
  #
4319
4466
  #
4320
4467
  #
@@ -4366,8 +4513,8 @@ module Aws::IAM
4366
4513
  end
4367
4514
 
4368
4515
  # Retrieves a credential report for the AWS account. For more
4369
- # information about the credential report, see [Getting Credential
4370
- # Reports][1] in the *IAM User Guide*.
4516
+ # information about the credential report, see [Getting credential
4517
+ # reports][1] in the *IAM User Guide*.
4371
4518
  #
4372
4519
  #
4373
4520
  #
@@ -4477,9 +4624,9 @@ module Aws::IAM
4477
4624
  # Retrieves the specified inline policy document that is embedded in the
4478
4625
  # specified IAM group.
4479
4626
  #
4480
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
4481
- # 3986][1]. You can use a URL decoding method to convert the policy back
4482
- # to plain JSON text. For example, if you use Java, you can use the
4627
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
4628
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
4629
+ # back to plain JSON text. For example, if you use Java, you can use the
4483
4630
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
4484
4631
  # SDK. Other languages and SDKs provide similar functionality.
4485
4632
  #
@@ -4490,8 +4637,8 @@ module Aws::IAM
4490
4637
  # GetPolicy to determine the policy's default version, then use
4491
4638
  # GetPolicyVersion to retrieve the policy document.
4492
4639
  #
4493
- # For more information about policies, see [Managed Policies and Inline
4494
- # Policies][2] in the *IAM User Guide*.
4640
+ # For more information about policies, see [Managed policies and inline
4641
+ # policies][2] in the *IAM User Guide*.
4495
4642
  #
4496
4643
  #
4497
4644
  #
@@ -4552,7 +4699,7 @@ module Aws::IAM
4552
4699
 
4553
4700
  # Retrieves information about the specified instance profile, including
4554
4701
  # the instance profile's path, GUID, ARN, and role. For more
4555
- # information about instance profiles, see [About Instance Profiles][1]
4702
+ # information about instance profiles, see [About instance profiles][1]
4556
4703
  # in the *IAM User Guide*.
4557
4704
  #
4558
4705
  #
@@ -4634,6 +4781,9 @@ module Aws::IAM
4634
4781
  # resp.instance_profile.roles[0].tags[0].value #=> String
4635
4782
  # resp.instance_profile.roles[0].role_last_used.last_used_date #=> Time
4636
4783
  # resp.instance_profile.roles[0].role_last_used.region #=> String
4784
+ # resp.instance_profile.tags #=> Array
4785
+ # resp.instance_profile.tags[0].key #=> String
4786
+ # resp.instance_profile.tags[0].value #=> String
4637
4787
  #
4638
4788
  #
4639
4789
  # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -4649,7 +4799,7 @@ module Aws::IAM
4649
4799
  req.send_request(options)
4650
4800
  end
4651
4801
 
4652
- # Retrieves the user name and password-creation date for the specified
4802
+ # Retrieves the user name and password creation date for the specified
4653
4803
  # IAM user. If the user has not been assigned a password, the operation
4654
4804
  # returns a 404 (`NoSuchEntity`) error.
4655
4805
  #
@@ -4715,8 +4865,8 @@ module Aws::IAM
4715
4865
  # IAM to get information for. You can get a list of OIDC provider
4716
4866
  # resource ARNs by using the ListOpenIDConnectProviders operation.
4717
4867
  #
4718
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
4719
- # AWS Service Namespaces][1] in the *AWS General Reference*.
4868
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
4869
+ # in the *AWS General Reference*.
4720
4870
  #
4721
4871
  #
4722
4872
  #
@@ -4728,6 +4878,7 @@ module Aws::IAM
4728
4878
  # * {Types::GetOpenIDConnectProviderResponse#client_id_list #client_id_list} => Array&lt;String&gt;
4729
4879
  # * {Types::GetOpenIDConnectProviderResponse#thumbprint_list #thumbprint_list} => Array&lt;String&gt;
4730
4880
  # * {Types::GetOpenIDConnectProviderResponse#create_date #create_date} => Time
4881
+ # * {Types::GetOpenIDConnectProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
4731
4882
  #
4732
4883
  # @example Request syntax with placeholder values
4733
4884
  #
@@ -4743,6 +4894,9 @@ module Aws::IAM
4743
4894
  # resp.thumbprint_list #=> Array
4744
4895
  # resp.thumbprint_list[0] #=> String
4745
4896
  # resp.create_date #=> Time
4897
+ # resp.tags #=> Array
4898
+ # resp.tags[0].key #=> String
4899
+ # resp.tags[0].value #=> String
4746
4900
  #
4747
4901
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProvider AWS API Documentation
4748
4902
  #
@@ -4762,11 +4916,11 @@ module Aws::IAM
4762
4916
  # report, the data returned could include different information. For
4763
4917
  # details, see GenerateOrganizationsAccessReport.
4764
4918
  #
4765
- # To call this operation, you must be signed in to the master account in
4766
- # your organization. SCPs must be enabled for your organization root.
4767
- # You must have permissions to perform this operation. For more
4768
- # information, see [Refining Permissions Using Service Last Accessed
4769
- # Data][1] in the *IAM User Guide*.
4919
+ # To call this operation, you must be signed in to the management
4920
+ # account in your organization. SCPs must be enabled for your
4921
+ # organization root. You must have permissions to perform this
4922
+ # operation. For more information, see [Refining permissions using
4923
+ # service last accessed data][1] in the *IAM User Guide*.
4770
4924
  #
4771
4925
  # For each service that principals in an account (root users, IAM users,
4772
4926
  # or IAM roles) could access using SCPs, the operation returns details
@@ -4902,17 +5056,17 @@ module Aws::IAM
4902
5056
  # the policy's default version and the total number of IAM users,
4903
5057
  # groups, and roles to which the policy is attached. To retrieve the
4904
5058
  # list of the specific users, groups, and roles that the policy is
4905
- # attached to, use the ListEntitiesForPolicy API. This API returns
5059
+ # attached to, use ListEntitiesForPolicy. This operation returns
4906
5060
  # metadata about the policy. To retrieve the actual policy document for
4907
5061
  # a specific version of the policy, use GetPolicyVersion.
4908
5062
  #
4909
- # This API retrieves information about managed policies. To retrieve
4910
- # information about an inline policy that is embedded with an IAM user,
4911
- # group, or role, use the GetUserPolicy, GetGroupPolicy, or
4912
- # GetRolePolicy API.
5063
+ # This operation retrieves information about managed policies. To
5064
+ # retrieve information about an inline policy that is embedded with an
5065
+ # IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or
5066
+ # GetRolePolicy.
4913
5067
  #
4914
- # For more information about policies, see [Managed Policies and Inline
4915
- # Policies][1] in the *IAM User Guide*.
5068
+ # For more information about policies, see [Managed policies and inline
5069
+ # policies][1] in the *IAM User Guide*.
4916
5070
  #
4917
5071
  #
4918
5072
  #
@@ -4922,8 +5076,8 @@ module Aws::IAM
4922
5076
  # The Amazon Resource Name (ARN) of the managed policy that you want
4923
5077
  # information about.
4924
5078
  #
4925
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
4926
- # AWS Service Namespaces][1] in the *AWS General Reference*.
5079
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5080
+ # in the *AWS General Reference*.
4927
5081
  #
4928
5082
  #
4929
5083
  #
@@ -4952,6 +5106,9 @@ module Aws::IAM
4952
5106
  # resp.policy.description #=> String
4953
5107
  # resp.policy.create_date #=> Time
4954
5108
  # resp.policy.update_date #=> Time
5109
+ # resp.policy.tags #=> Array
5110
+ # resp.policy.tags[0].key #=> String
5111
+ # resp.policy.tags[0].value #=> String
4955
5112
  #
4956
5113
  #
4957
5114
  # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -4970,9 +5127,9 @@ module Aws::IAM
4970
5127
  # Retrieves information about the specified version of the specified
4971
5128
  # managed policy, including the policy document.
4972
5129
  #
4973
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
4974
- # 3986][1]. You can use a URL decoding method to convert the policy back
4975
- # to plain JSON text. For example, if you use Java, you can use the
5130
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
5131
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
5132
+ # back to plain JSON text. For example, if you use Java, you can use the
4976
5133
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
4977
5134
  # SDK. Other languages and SDKs provide similar functionality.
4978
5135
  #
@@ -4980,15 +5137,16 @@ module Aws::IAM
4980
5137
  #
4981
5138
  # To list the available versions for a policy, use ListPolicyVersions.
4982
5139
  #
4983
- # This API retrieves information about managed policies. To retrieve
4984
- # information about an inline policy that is embedded in a user, group,
4985
- # or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.
5140
+ # This operation retrieves information about managed policies. To
5141
+ # retrieve information about an inline policy that is embedded in a
5142
+ # user, group, or role, use GetUserPolicy, GetGroupPolicy, or
5143
+ # GetRolePolicy.
4986
5144
  #
4987
5145
  # For more information about the types of policies, see [Managed
4988
- # Policies and Inline Policies][2] in the *IAM User Guide*.
5146
+ # policies and inline policies][2] in the *IAM User Guide*.
4989
5147
  #
4990
5148
  # For more information about managed policy versions, see [Versioning
4991
- # for Managed Policies][3] in the *IAM User Guide*.
5149
+ # for managed policies][3] in the *IAM User Guide*.
4992
5150
  #
4993
5151
  #
4994
5152
  #
@@ -5000,8 +5158,8 @@ module Aws::IAM
5000
5158
  # The Amazon Resource Name (ARN) of the managed policy that you want
5001
5159
  # information about.
5002
5160
  #
5003
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
5004
- # AWS Service Namespaces][1] in the *AWS General Reference*.
5161
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5162
+ # in the *AWS General Reference*.
5005
5163
  #
5006
5164
  #
5007
5165
  #
@@ -5049,11 +5207,11 @@ module Aws::IAM
5049
5207
  # Retrieves information about the specified role, including the role's
5050
5208
  # path, GUID, ARN, and the role's trust policy that grants permission
5051
5209
  # to assume the role. For more information about roles, see [Working
5052
- # with Roles][1].
5210
+ # with roles][1].
5053
5211
  #
5054
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
5055
- # 3986][2]. You can use a URL decoding method to convert the policy back
5056
- # to plain JSON text. For example, if you use Java, you can use the
5212
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
5213
+ # [RFC 3986][2]. You can use a URL decoding method to convert the policy
5214
+ # back to plain JSON text. For example, if you use Java, you can use the
5057
5215
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5058
5216
  # SDK. Other languages and SDKs provide similar functionality.
5059
5217
  #
@@ -5147,9 +5305,9 @@ module Aws::IAM
5147
5305
  # Retrieves the specified inline policy document that is embedded with
5148
5306
  # the specified IAM role.
5149
5307
  #
5150
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
5151
- # 3986][1]. You can use a URL decoding method to convert the policy back
5152
- # to plain JSON text. For example, if you use Java, you can use the
5308
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
5309
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
5310
+ # back to plain JSON text. For example, if you use Java, you can use the
5153
5311
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5154
5312
  # SDK. Other languages and SDKs provide similar functionality.
5155
5313
  #
@@ -5160,11 +5318,11 @@ module Aws::IAM
5160
5318
  # determine the policy's default version, then use GetPolicyVersion to
5161
5319
  # retrieve the policy document.
5162
5320
  #
5163
- # For more information about policies, see [Managed Policies and Inline
5164
- # Policies][2] in the *IAM User Guide*.
5321
+ # For more information about policies, see [Managed policies and inline
5322
+ # policies][2] in the *IAM User Guide*.
5165
5323
  #
5166
- # For more information about roles, see [Using Roles to Delegate
5167
- # Permissions and Federate Identities][3].
5324
+ # For more information about roles, see [Using roles to delegate
5325
+ # permissions and federate identities][3].
5168
5326
  #
5169
5327
  #
5170
5328
  #
@@ -5239,8 +5397,8 @@ module Aws::IAM
5239
5397
  # The Amazon Resource Name (ARN) of the SAML provider resource object in
5240
5398
  # IAM to get information about.
5241
5399
  #
5242
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
5243
- # AWS Service Namespaces][1] in the *AWS General Reference*.
5400
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5401
+ # in the *AWS General Reference*.
5244
5402
  #
5245
5403
  #
5246
5404
  #
@@ -5251,6 +5409,7 @@ module Aws::IAM
5251
5409
  # * {Types::GetSAMLProviderResponse#saml_metadata_document #saml_metadata_document} => String
5252
5410
  # * {Types::GetSAMLProviderResponse#create_date #create_date} => Time
5253
5411
  # * {Types::GetSAMLProviderResponse#valid_until #valid_until} => Time
5412
+ # * {Types::GetSAMLProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
5254
5413
  #
5255
5414
  # @example Request syntax with placeholder values
5256
5415
  #
@@ -5263,6 +5422,9 @@ module Aws::IAM
5263
5422
  # resp.saml_metadata_document #=> String
5264
5423
  # resp.create_date #=> Time
5265
5424
  # resp.valid_until #=> Time
5425
+ # resp.tags #=> Array
5426
+ # resp.tags[0].key #=> String
5427
+ # resp.tags[0].value #=> String
5266
5428
  #
5267
5429
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProvider AWS API Documentation
5268
5430
  #
@@ -5280,7 +5442,7 @@ module Aws::IAM
5280
5442
  # authenticating the associated IAM user to an AWS CodeCommit
5281
5443
  # repository. For more information about using SSH keys to authenticate
5282
5444
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
5283
- # Connections][1] in the *AWS CodeCommit User Guide*.
5445
+ # connections][1] in the *AWS CodeCommit User Guide*.
5284
5446
  #
5285
5447
  #
5286
5448
  #
@@ -5348,7 +5510,7 @@ module Aws::IAM
5348
5510
  # IAM.
5349
5511
  #
5350
5512
  # For more information about working with server certificates, see
5351
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
5513
+ # [Working with server certificates][1] in the *IAM User Guide*. This
5352
5514
  # topic includes a list of AWS services that can use the server
5353
5515
  # certificates that you manage with IAM.
5354
5516
  #
@@ -5389,6 +5551,9 @@ module Aws::IAM
5389
5551
  # resp.server_certificate.server_certificate_metadata.expiration #=> Time
5390
5552
  # resp.server_certificate.certificate_body #=> String
5391
5553
  # resp.server_certificate.certificate_chain #=> String
5554
+ # resp.server_certificate.tags #=> Array
5555
+ # resp.server_certificate.tags[0].key #=> String
5556
+ # resp.server_certificate.tags[0].value #=> String
5392
5557
  #
5393
5558
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServerCertificate AWS API Documentation
5394
5559
  #
@@ -5413,7 +5578,7 @@ module Aws::IAM
5413
5578
  # AWS Organizations policies, IAM permissions boundaries, and AWS STS
5414
5579
  # assume role policies. It only applies permissions policy logic. For
5415
5580
  # more about the evaluation of policy types, see [Evaluating
5416
- # Policies][1] in the *IAM User Guide*.
5581
+ # policies][1] in the *IAM User Guide*.
5417
5582
  #
5418
5583
  # </note>
5419
5584
  #
@@ -5448,7 +5613,7 @@ module Aws::IAM
5448
5613
  # within a service. Otherwise, this operation returns only service data.
5449
5614
  #
5450
5615
  # For more information about service and action last accessed data, see
5451
- # [Reducing Permissions Using Service Last Accessed Data][2] in the *IAM
5616
+ # [Reducing permissions using service last accessed data][2] in the *IAM
5452
5617
  # User Guide*.
5453
5618
  #
5454
5619
  #
@@ -5596,17 +5761,16 @@ module Aws::IAM
5596
5761
  # namespace to learn when the IAM entity last attempted to access the
5597
5762
  # specified service.
5598
5763
  #
5599
- # To learn the service namespace for a service, go to [Actions,
5600
- # Resources, and Condition Keys for AWS Services][1] in the *IAM User
5601
- # Guide*. Choose the name of the service to view details for that
5602
- # service. In the first paragraph, find the service prefix. For example,
5603
- # `(service prefix: a4b)`. For more information about service
5604
- # namespaces, see [AWS Service Namespaces][2] in the *AWS General
5605
- # Reference*.
5764
+ # To learn the service namespace for a service, see [Actions, resources,
5765
+ # and condition keys for AWS services][1] in the *IAM User Guide*.
5766
+ # Choose the name of the service to view details for that service. In
5767
+ # the first paragraph, find the service prefix. For example, `(service
5768
+ # prefix: a4b)`. For more information about service namespaces, see [AWS
5769
+ # service namespaces][2] in the *AWS General Reference*.
5606
5770
  #
5607
5771
  #
5608
5772
  #
5609
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
5773
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
5610
5774
  # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
5611
5775
  #
5612
5776
  # @option params [Integer] :max_items
@@ -5711,11 +5875,11 @@ module Aws::IAM
5711
5875
  end
5712
5876
 
5713
5877
  # Retrieves the status of your service-linked role deletion. After you
5714
- # use the DeleteServiceLinkedRole API operation to submit a
5715
- # service-linked role for deletion, you can use the `DeletionTaskId`
5716
- # parameter in `GetServiceLinkedRoleDeletionStatus` to check the status
5717
- # of the deletion. If the deletion fails, this operation returns the
5718
- # reason that it failed, if that information is returned by the service.
5878
+ # use DeleteServiceLinkedRole to submit a service-linked role for
5879
+ # deletion, you can use the `DeletionTaskId` parameter in
5880
+ # `GetServiceLinkedRoleDeletionStatus` to check the status of the
5881
+ # deletion. If the deletion fails, this operation returns the reason
5882
+ # that it failed, if that information is returned by the service.
5719
5883
  #
5720
5884
  # @option params [required, String] :deletion_task_id
5721
5885
  # The deletion task identifier. This identifier is returned by the
@@ -5756,7 +5920,7 @@ module Aws::IAM
5756
5920
  #
5757
5921
  # If you do not specify a user name, IAM determines the user name
5758
5922
  # implicitly based on the AWS access key ID used to sign the request to
5759
- # this API.
5923
+ # this operation.
5760
5924
  #
5761
5925
  # @option params [String] :user_name
5762
5926
  # The name of the user to get information about.
@@ -5832,9 +5996,9 @@ module Aws::IAM
5832
5996
  # Retrieves the specified inline policy document that is embedded in the
5833
5997
  # specified IAM user.
5834
5998
  #
5835
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
5836
- # 3986][1]. You can use a URL decoding method to convert the policy back
5837
- # to plain JSON text. For example, if you use Java, you can use the
5999
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
6000
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
6001
+ # back to plain JSON text. For example, if you use Java, you can use the
5838
6002
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5839
6003
  # SDK. Other languages and SDKs provide similar functionality.
5840
6004
  #
@@ -5845,8 +6009,8 @@ module Aws::IAM
5845
6009
  # determine the policy's default version. Then use GetPolicyVersion to
5846
6010
  # retrieve the policy document.
5847
6011
  #
5848
- # For more information about policies, see [Managed Policies and Inline
5849
- # Policies][2] in the *IAM User Guide*.
6012
+ # For more information about policies, see [Managed policies and inline
6013
+ # policies][2] in the *IAM User Guide*.
5850
6014
  #
5851
6015
  #
5852
6016
  #
@@ -6016,7 +6180,7 @@ module Aws::IAM
6016
6180
 
6017
6181
  # Lists the account alias associated with the AWS account (Note: you can
6018
6182
  # have only one). For information about using an AWS account alias, see
6019
- # [Using an Alias for Your AWS Account ID][1] in the *IAM User Guide*.
6183
+ # [Using an alias for your AWS account ID][1] in the *IAM User Guide*.
6020
6184
  #
6021
6185
  #
6022
6186
  #
@@ -6089,9 +6253,9 @@ module Aws::IAM
6089
6253
  # group.
6090
6254
  #
6091
6255
  # An IAM group can also have inline policies embedded with it. To list
6092
- # the inline policies for a group, use the ListGroupPolicies API. For
6093
- # information about policies, see [Managed Policies and Inline
6094
- # Policies][1] in the *IAM User Guide*.
6256
+ # the inline policies for a group, use ListGroupPolicies. For
6257
+ # information about policies, see [Managed policies and inline
6258
+ # policies][1] in the *IAM User Guide*.
6095
6259
  #
6096
6260
  # You can paginate the results using the `MaxItems` and `Marker`
6097
6261
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6187,9 +6351,9 @@ module Aws::IAM
6187
6351
  # role.
6188
6352
  #
6189
6353
  # An IAM role can also have inline policies embedded with it. To list
6190
- # the inline policies for a role, use the ListRolePolicies API. For
6191
- # information about policies, see [Managed Policies and Inline
6192
- # Policies][1] in the *IAM User Guide*.
6354
+ # the inline policies for a role, use ListRolePolicies. For information
6355
+ # about policies, see [Managed policies and inline policies][1] in the
6356
+ # *IAM User Guide*.
6193
6357
  #
6194
6358
  # You can paginate the results using the `MaxItems` and `Marker`
6195
6359
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6285,9 +6449,9 @@ module Aws::IAM
6285
6449
  # user.
6286
6450
  #
6287
6451
  # An IAM user can also have inline policies embedded with it. To list
6288
- # the inline policies for a user, use the ListUserPolicies API. For
6289
- # information about policies, see [Managed Policies and Inline
6290
- # Policies][1] in the *IAM User Guide*.
6452
+ # the inline policies for a user, use ListUserPolicies. For information
6453
+ # about policies, see [Managed policies and inline policies][1] in the
6454
+ # *IAM User Guide*.
6291
6455
  #
6292
6456
  # You can paginate the results using the `MaxItems` and `Marker`
6293
6457
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6394,8 +6558,8 @@ module Aws::IAM
6394
6558
  # The Amazon Resource Name (ARN) of the IAM policy for which you want
6395
6559
  # the versions.
6396
6560
  #
6397
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
6398
- # AWS Service Namespaces][1] in the *AWS General Reference*.
6561
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
6562
+ # in the *AWS General Reference*.
6399
6563
  #
6400
6564
  #
6401
6565
  #
@@ -6504,7 +6668,7 @@ module Aws::IAM
6504
6668
  # An IAM group can also have managed policies attached to it. To list
6505
6669
  # the managed policies that are attached to a group, use
6506
6670
  # ListAttachedGroupPolicies. For more information about policies, see
6507
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
6671
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
6508
6672
  #
6509
6673
  # You can paginate the results using the `MaxItems` and `Marker`
6510
6674
  # parameters. If there are no inline policies embedded with the
@@ -6801,10 +6965,87 @@ module Aws::IAM
6801
6965
  req.send_request(options)
6802
6966
  end
6803
6967
 
6968
+ # Lists the tags that are attached to the specified IAM instance
6969
+ # profile. The returned list of tags is sorted by tag key. For more
6970
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
6971
+ # User Guide*.
6972
+ #
6973
+ #
6974
+ #
6975
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
6976
+ #
6977
+ # @option params [required, String] :instance_profile_name
6978
+ # The name of the IAM instance profile whose tags you want to see.
6979
+ #
6980
+ # This parameter accepts (through its [regex pattern][1]) a string of
6981
+ # characters that consist of upper and lowercase alphanumeric characters
6982
+ # with no spaces. You can also include any of the following characters:
6983
+ # =,.@-
6984
+ #
6985
+ #
6986
+ #
6987
+ # [1]: http://wikipedia.org/wiki/regex
6988
+ #
6989
+ # @option params [String] :marker
6990
+ # Use this parameter only when paginating results and only after you
6991
+ # receive a response indicating that the results are truncated. Set it
6992
+ # to the value of the `Marker` element in the response that you received
6993
+ # to indicate where the next call should start.
6994
+ #
6995
+ # @option params [Integer] :max_items
6996
+ # (Optional) Use this only when paginating results to indicate the
6997
+ # maximum number of items that you want in the response. If additional
6998
+ # items exist beyond the maximum that you specify, the `IsTruncated`
6999
+ # response element is `true`.
7000
+ #
7001
+ # If you do not include this parameter, it defaults to 100. Note that
7002
+ # IAM might return fewer results, even when more results are available.
7003
+ # In that case, the `IsTruncated` response element returns `true`, and
7004
+ # `Marker` contains a value to include in the subsequent call that tells
7005
+ # the service where to continue from.
7006
+ #
7007
+ # @return [Types::ListInstanceProfileTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7008
+ #
7009
+ # * {Types::ListInstanceProfileTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7010
+ # * {Types::ListInstanceProfileTagsResponse#is_truncated #is_truncated} => Boolean
7011
+ # * {Types::ListInstanceProfileTagsResponse#marker #marker} => String
7012
+ #
7013
+ # @example Request syntax with placeholder values
7014
+ #
7015
+ # resp = client.list_instance_profile_tags({
7016
+ # instance_profile_name: "instanceProfileNameType", # required
7017
+ # marker: "markerType",
7018
+ # max_items: 1,
7019
+ # })
7020
+ #
7021
+ # @example Response structure
7022
+ #
7023
+ # resp.tags #=> Array
7024
+ # resp.tags[0].key #=> String
7025
+ # resp.tags[0].value #=> String
7026
+ # resp.is_truncated #=> Boolean
7027
+ # resp.marker #=> String
7028
+ #
7029
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfileTags AWS API Documentation
7030
+ #
7031
+ # @overload list_instance_profile_tags(params = {})
7032
+ # @param [Hash] params ({})
7033
+ def list_instance_profile_tags(params = {}, options = {})
7034
+ req = build_request(:list_instance_profile_tags, params)
7035
+ req.send_request(options)
7036
+ end
7037
+
6804
7038
  # Lists the instance profiles that have the specified path prefix. If
6805
7039
  # there are none, the operation returns an empty list. For more
6806
- # information about instance profiles, go to [About Instance
6807
- # Profiles][1].
7040
+ # information about instance profiles, see [About instance profiles][1].
7041
+ #
7042
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
7043
+ # attributes for the resource. For example, this operation does not
7044
+ # return tags, even though they are an attribute of the returned object.
7045
+ # To view all of the information for an instance profile, see
7046
+ # GetInstanceProfile.
7047
+ #
7048
+ # </note>
6808
7049
  #
6809
7050
  # You can paginate the results using the `MaxItems` and `Marker`
6810
7051
  # parameters.
@@ -6888,6 +7129,9 @@ module Aws::IAM
6888
7129
  # resp.instance_profiles[0].roles[0].tags[0].value #=> String
6889
7130
  # resp.instance_profiles[0].roles[0].role_last_used.last_used_date #=> Time
6890
7131
  # resp.instance_profiles[0].roles[0].role_last_used.region #=> String
7132
+ # resp.instance_profiles[0].tags #=> Array
7133
+ # resp.instance_profiles[0].tags[0].key #=> String
7134
+ # resp.instance_profiles[0].tags[0].value #=> String
6891
7135
  # resp.is_truncated #=> Boolean
6892
7136
  # resp.marker #=> String
6893
7137
  #
@@ -6902,8 +7146,8 @@ module Aws::IAM
6902
7146
 
6903
7147
  # Lists the instance profiles that have the specified associated IAM
6904
7148
  # role. If there are none, the operation returns an empty list. For more
6905
- # information about instance profiles, go to [About Instance
6906
- # Profiles][1].
7149
+ # information about instance profiles, go to [About instance
7150
+ # profiles][1].
6907
7151
  #
6908
7152
  # You can paginate the results using the `MaxItems` and `Marker`
6909
7153
  # parameters.
@@ -6981,6 +7225,9 @@ module Aws::IAM
6981
7225
  # resp.instance_profiles[0].roles[0].tags[0].value #=> String
6982
7226
  # resp.instance_profiles[0].roles[0].role_last_used.last_used_date #=> Time
6983
7227
  # resp.instance_profiles[0].roles[0].role_last_used.region #=> String
7228
+ # resp.instance_profiles[0].tags #=> Array
7229
+ # resp.instance_profiles[0].tags[0].key #=> String
7230
+ # resp.instance_profiles[0].tags[0].value #=> String
6984
7231
  # resp.is_truncated #=> Boolean
6985
7232
  # resp.marker #=> String
6986
7233
  #
@@ -6993,11 +7240,83 @@ module Aws::IAM
6993
7240
  req.send_request(options)
6994
7241
  end
6995
7242
 
7243
+ # Lists the tags that are attached to the specified IAM virtual
7244
+ # multi-factor authentication (MFA) device. The returned list of tags is
7245
+ # sorted by tag key. For more information about tagging, see [Tagging
7246
+ # IAM resources][1] in the *IAM User Guide*.
7247
+ #
7248
+ #
7249
+ #
7250
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
7251
+ #
7252
+ # @option params [required, String] :serial_number
7253
+ # The unique identifier for the IAM virtual MFA device whose tags you
7254
+ # want to see. For virtual MFA devices, the serial number is the same as
7255
+ # the ARN.
7256
+ #
7257
+ # This parameter accepts (through its [regex pattern][1]) a string of
7258
+ # characters that consist of upper and lowercase alphanumeric characters
7259
+ # with no spaces. You can also include any of the following characters:
7260
+ # =,.@-
7261
+ #
7262
+ #
7263
+ #
7264
+ # [1]: http://wikipedia.org/wiki/regex
7265
+ #
7266
+ # @option params [String] :marker
7267
+ # Use this parameter only when paginating results and only after you
7268
+ # receive a response indicating that the results are truncated. Set it
7269
+ # to the value of the `Marker` element in the response that you received
7270
+ # to indicate where the next call should start.
7271
+ #
7272
+ # @option params [Integer] :max_items
7273
+ # (Optional) Use this only when paginating results to indicate the
7274
+ # maximum number of items that you want in the response. If additional
7275
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7276
+ # response element is `true`.
7277
+ #
7278
+ # If you do not include this parameter, it defaults to 100. Note that
7279
+ # IAM might return fewer results, even when more results are available.
7280
+ # In that case, the `IsTruncated` response element returns `true`, and
7281
+ # `Marker` contains a value to include in the subsequent call that tells
7282
+ # the service where to continue from.
7283
+ #
7284
+ # @return [Types::ListMFADeviceTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7285
+ #
7286
+ # * {Types::ListMFADeviceTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7287
+ # * {Types::ListMFADeviceTagsResponse#is_truncated #is_truncated} => Boolean
7288
+ # * {Types::ListMFADeviceTagsResponse#marker #marker} => String
7289
+ #
7290
+ # @example Request syntax with placeholder values
7291
+ #
7292
+ # resp = client.list_mfa_device_tags({
7293
+ # serial_number: "serialNumberType", # required
7294
+ # marker: "markerType",
7295
+ # max_items: 1,
7296
+ # })
7297
+ #
7298
+ # @example Response structure
7299
+ #
7300
+ # resp.tags #=> Array
7301
+ # resp.tags[0].key #=> String
7302
+ # resp.tags[0].value #=> String
7303
+ # resp.is_truncated #=> Boolean
7304
+ # resp.marker #=> String
7305
+ #
7306
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADeviceTags AWS API Documentation
7307
+ #
7308
+ # @overload list_mfa_device_tags(params = {})
7309
+ # @param [Hash] params ({})
7310
+ def list_mfa_device_tags(params = {}, options = {})
7311
+ req = build_request(:list_mfa_device_tags, params)
7312
+ req.send_request(options)
7313
+ end
7314
+
6996
7315
  # Lists the MFA devices for an IAM user. If the request includes a IAM
6997
7316
  # user name, then this operation lists all the MFA devices associated
6998
7317
  # with the specified user. If you do not specify a user name, IAM
6999
7318
  # determines the user name implicitly based on the AWS access key ID
7000
- # signing the request for this API.
7319
+ # signing the request for this operation.
7001
7320
  #
7002
7321
  # You can paginate the results using the `MaxItems` and `Marker`
7003
7322
  # parameters.
@@ -7065,21 +7384,104 @@ module Aws::IAM
7065
7384
  req.send_request(options)
7066
7385
  end
7067
7386
 
7068
- # Lists information about the IAM OpenID Connect (OIDC) provider
7069
- # resource objects defined in the AWS account.
7387
+ # Lists the tags that are attached to the specified OpenID Connect
7388
+ # (OIDC)-compatible identity provider. The returned list of tags is
7389
+ # sorted by tag key. For more information, see [About web identity
7390
+ # federation][1].
7070
7391
  #
7071
- # @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7392
+ # For more information about tagging, see [Tagging IAM resources][2] in
7393
+ # the *IAM User Guide*.
7072
7394
  #
7073
- # * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array&lt;Types::OpenIDConnectProviderListEntry&gt;
7074
7395
  #
7075
- # @example Response structure
7076
7396
  #
7077
- # resp.open_id_connect_provider_list #=> Array
7078
- # resp.open_id_connect_provider_list[0].arn #=> String
7397
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
7398
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
7079
7399
  #
7080
- # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviders AWS API Documentation
7400
+ # @option params [required, String] :open_id_connect_provider_arn
7401
+ # The ARN of the OpenID Connect (OIDC) identity provider whose tags you
7402
+ # want to see.
7081
7403
  #
7082
- # @overload list_open_id_connect_providers(params = {})
7404
+ # This parameter accepts (through its [regex pattern][1]) a string of
7405
+ # characters that consist of upper and lowercase alphanumeric characters
7406
+ # with no spaces. You can also include any of the following characters:
7407
+ # =,.@-
7408
+ #
7409
+ #
7410
+ #
7411
+ # [1]: http://wikipedia.org/wiki/regex
7412
+ #
7413
+ # @option params [String] :marker
7414
+ # Use this parameter only when paginating results and only after you
7415
+ # receive a response indicating that the results are truncated. Set it
7416
+ # to the value of the `Marker` element in the response that you received
7417
+ # to indicate where the next call should start.
7418
+ #
7419
+ # @option params [Integer] :max_items
7420
+ # (Optional) Use this only when paginating results to indicate the
7421
+ # maximum number of items that you want in the response. If additional
7422
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7423
+ # response element is `true`.
7424
+ #
7425
+ # If you do not include this parameter, it defaults to 100. Note that
7426
+ # IAM might return fewer results, even when more results are available.
7427
+ # In that case, the `IsTruncated` response element returns `true`, and
7428
+ # `Marker` contains a value to include in the subsequent call that tells
7429
+ # the service where to continue from.
7430
+ #
7431
+ # @return [Types::ListOpenIDConnectProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7432
+ #
7433
+ # * {Types::ListOpenIDConnectProviderTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7434
+ # * {Types::ListOpenIDConnectProviderTagsResponse#is_truncated #is_truncated} => Boolean
7435
+ # * {Types::ListOpenIDConnectProviderTagsResponse#marker #marker} => String
7436
+ #
7437
+ # @example Request syntax with placeholder values
7438
+ #
7439
+ # resp = client.list_open_id_connect_provider_tags({
7440
+ # open_id_connect_provider_arn: "arnType", # required
7441
+ # marker: "markerType",
7442
+ # max_items: 1,
7443
+ # })
7444
+ #
7445
+ # @example Response structure
7446
+ #
7447
+ # resp.tags #=> Array
7448
+ # resp.tags[0].key #=> String
7449
+ # resp.tags[0].value #=> String
7450
+ # resp.is_truncated #=> Boolean
7451
+ # resp.marker #=> String
7452
+ #
7453
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviderTags AWS API Documentation
7454
+ #
7455
+ # @overload list_open_id_connect_provider_tags(params = {})
7456
+ # @param [Hash] params ({})
7457
+ def list_open_id_connect_provider_tags(params = {}, options = {})
7458
+ req = build_request(:list_open_id_connect_provider_tags, params)
7459
+ req.send_request(options)
7460
+ end
7461
+
7462
+ # Lists information about the IAM OpenID Connect (OIDC) provider
7463
+ # resource objects defined in the AWS account.
7464
+ #
7465
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
7466
+ # attributes for the resource. For example, this operation does not
7467
+ # return tags, even though they are an attribute of the returned object.
7468
+ # To view all of the information for an OIDC provider, see
7469
+ # GetOpenIDConnectProvider.
7470
+ #
7471
+ # </note>
7472
+ #
7473
+ # @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7474
+ #
7475
+ # * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array&lt;Types::OpenIDConnectProviderListEntry&gt;
7476
+ #
7477
+ # @example Response structure
7478
+ #
7479
+ # resp.open_id_connect_provider_list #=> Array
7480
+ # resp.open_id_connect_provider_list[0].arn #=> String
7481
+ #
7482
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviders AWS API Documentation
7483
+ #
7484
+ # @overload list_open_id_connect_providers(params = {})
7083
7485
  # @param [Hash] params ({})
7084
7486
  def list_open_id_connect_providers(params = {}, options = {})
7085
7487
  req = build_request(:list_open_id_connect_providers, params)
@@ -7099,8 +7501,16 @@ module Aws::IAM
7099
7501
  # You can paginate the results using the `MaxItems` and `Marker`
7100
7502
  # parameters.
7101
7503
  #
7102
- # For more information about managed policies, see [Managed Policies and
7103
- # Inline Policies][1] in the *IAM User Guide*.
7504
+ # For more information about managed policies, see [Managed policies and
7505
+ # inline policies][1] in the *IAM User Guide*.
7506
+ #
7507
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
7508
+ # attributes for the resource. For example, this operation does not
7509
+ # return tags, even though they are an attribute of the returned object.
7510
+ # To view all of the information for a customer manged policy, see
7511
+ # GetPolicy.
7512
+ #
7513
+ # </note>
7104
7514
  #
7105
7515
  #
7106
7516
  #
@@ -7199,6 +7609,9 @@ module Aws::IAM
7199
7609
  # resp.policies[0].description #=> String
7200
7610
  # resp.policies[0].create_date #=> Time
7201
7611
  # resp.policies[0].update_date #=> Time
7612
+ # resp.policies[0].tags #=> Array
7613
+ # resp.policies[0].tags[0].key #=> String
7614
+ # resp.policies[0].tags[0].value #=> String
7202
7615
  # resp.is_truncated #=> Boolean
7203
7616
  # resp.marker #=> String
7204
7617
  #
@@ -7219,7 +7632,7 @@ module Aws::IAM
7219
7632
  # include resource-based policies, access control lists, AWS
7220
7633
  # Organizations policies, IAM permissions boundaries, and AWS STS assume
7221
7634
  # role policies. It only applies permissions policy logic. For more
7222
- # about the evaluation of policy types, see [Evaluating Policies][1] in
7635
+ # about the evaluation of policy types, see [Evaluating policies][1] in
7223
7636
  # the *IAM User Guide*.
7224
7637
  #
7225
7638
  # </note>
@@ -7242,8 +7655,8 @@ module Aws::IAM
7242
7655
  # For each managed policy, this operation returns the ARN and policy
7243
7656
  # name. For each inline policy, it returns the policy name and the
7244
7657
  # entity to which it is attached. Inline policies do not have an ARN.
7245
- # For more information about these policy types, see [Managed Policies
7246
- # and Inline Policies][2] in the *IAM User Guide*.
7658
+ # For more information about these policy types, see [Managed policies
7659
+ # and inline policies][2] in the *IAM User Guide*.
7247
7660
  #
7248
7661
  # Policies that are attached to users and roles as permissions
7249
7662
  # boundaries are not returned. To view which managed policy is currently
@@ -7269,17 +7682,16 @@ module Aws::IAM
7269
7682
  # The service namespace for the AWS services whose policies you want to
7270
7683
  # list.
7271
7684
  #
7272
- # To learn the service namespace for a service, go to [Actions,
7273
- # Resources, and Condition Keys for AWS Services][1] in the *IAM User
7274
- # Guide*. Choose the name of the service to view details for that
7275
- # service. In the first paragraph, find the service prefix. For example,
7276
- # `(service prefix: a4b)`. For more information about service
7277
- # namespaces, see [AWS Service Namespaces][2] in the *AWS General
7278
- # Reference*.
7685
+ # To learn the service namespace for a service, see [Actions, resources,
7686
+ # and condition keys for AWS services][1] in the *IAM User Guide*.
7687
+ # Choose the name of the service to view details for that service. In
7688
+ # the first paragraph, find the service prefix. For example, `(service
7689
+ # prefix: a4b)`. For more information about service namespaces, see [AWS
7690
+ # service namespaces][2] in the *AWS General Reference*.
7279
7691
  #
7280
7692
  #
7281
7693
  #
7282
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
7694
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
7283
7695
  # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
7284
7696
  #
7285
7697
  # @return [Types::ListPoliciesGrantingServiceAccessResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -7364,12 +7776,82 @@ module Aws::IAM
7364
7776
  req.send_request(options)
7365
7777
  end
7366
7778
 
7779
+ # Lists the tags that are attached to the specified IAM customer managed
7780
+ # policy. The returned list of tags is sorted by tag key. For more
7781
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
7782
+ # User Guide*.
7783
+ #
7784
+ #
7785
+ #
7786
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
7787
+ #
7788
+ # @option params [required, String] :policy_arn
7789
+ # The ARN of the IAM customer managed policy whose tags you want to see.
7790
+ #
7791
+ # This parameter accepts (through its [regex pattern][1]) a string of
7792
+ # characters that consist of upper and lowercase alphanumeric characters
7793
+ # with no spaces. You can also include any of the following characters:
7794
+ # =,.@-
7795
+ #
7796
+ #
7797
+ #
7798
+ # [1]: http://wikipedia.org/wiki/regex
7799
+ #
7800
+ # @option params [String] :marker
7801
+ # Use this parameter only when paginating results and only after you
7802
+ # receive a response indicating that the results are truncated. Set it
7803
+ # to the value of the `Marker` element in the response that you received
7804
+ # to indicate where the next call should start.
7805
+ #
7806
+ # @option params [Integer] :max_items
7807
+ # (Optional) Use this only when paginating results to indicate the
7808
+ # maximum number of items that you want in the response. If additional
7809
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7810
+ # response element is `true`.
7811
+ #
7812
+ # If you do not include this parameter, it defaults to 100. Note that
7813
+ # IAM might return fewer results, even when more results are available.
7814
+ # In that case, the `IsTruncated` response element returns `true`, and
7815
+ # `Marker` contains a value to include in the subsequent call that tells
7816
+ # the service where to continue from.
7817
+ #
7818
+ # @return [Types::ListPolicyTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7819
+ #
7820
+ # * {Types::ListPolicyTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7821
+ # * {Types::ListPolicyTagsResponse#is_truncated #is_truncated} => Boolean
7822
+ # * {Types::ListPolicyTagsResponse#marker #marker} => String
7823
+ #
7824
+ # @example Request syntax with placeholder values
7825
+ #
7826
+ # resp = client.list_policy_tags({
7827
+ # policy_arn: "arnType", # required
7828
+ # marker: "markerType",
7829
+ # max_items: 1,
7830
+ # })
7831
+ #
7832
+ # @example Response structure
7833
+ #
7834
+ # resp.tags #=> Array
7835
+ # resp.tags[0].key #=> String
7836
+ # resp.tags[0].value #=> String
7837
+ # resp.is_truncated #=> Boolean
7838
+ # resp.marker #=> String
7839
+ #
7840
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyTags AWS API Documentation
7841
+ #
7842
+ # @overload list_policy_tags(params = {})
7843
+ # @param [Hash] params ({})
7844
+ def list_policy_tags(params = {}, options = {})
7845
+ req = build_request(:list_policy_tags, params)
7846
+ req.send_request(options)
7847
+ end
7848
+
7367
7849
  # Lists information about the versions of the specified managed policy,
7368
7850
  # including the version that is currently set as the policy's default
7369
7851
  # version.
7370
7852
  #
7371
- # For more information about managed policies, see [Managed Policies and
7372
- # Inline Policies][1] in the *IAM User Guide*.
7853
+ # For more information about managed policies, see [Managed policies and
7854
+ # inline policies][1] in the *IAM User Guide*.
7373
7855
  #
7374
7856
  #
7375
7857
  #
@@ -7379,8 +7861,8 @@ module Aws::IAM
7379
7861
  # The Amazon Resource Name (ARN) of the IAM policy for which you want
7380
7862
  # the versions.
7381
7863
  #
7382
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
7383
- # AWS Service Namespaces][1] in the *AWS General Reference*.
7864
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
7865
+ # in the *AWS General Reference*.
7384
7866
  #
7385
7867
  #
7386
7868
  #
@@ -7444,7 +7926,7 @@ module Aws::IAM
7444
7926
  # An IAM role can also have managed policies attached to it. To list the
7445
7927
  # managed policies that are attached to a role, use
7446
7928
  # ListAttachedRolePolicies. For more information about policies, see
7447
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
7929
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
7448
7930
  #
7449
7931
  # You can paginate the results using the `MaxItems` and `Marker`
7450
7932
  # parameters. If there are no inline policies embedded with the
@@ -7517,7 +7999,7 @@ module Aws::IAM
7517
7999
 
7518
8000
  # Lists the tags that are attached to the specified role. The returned
7519
8001
  # list of tags is sorted by tag key. For more information about tagging,
7520
- # see [Tagging IAM Identities][1] in the *IAM User Guide*.
8002
+ # see [Tagging IAM resources][1] in the *IAM User Guide*.
7521
8003
  #
7522
8004
  #
7523
8005
  #
@@ -7610,7 +8092,14 @@ module Aws::IAM
7610
8092
 
7611
8093
  # Lists the IAM roles that have the specified path prefix. If there are
7612
8094
  # none, the operation returns an empty list. For more information about
7613
- # roles, go to [Working with Roles][1].
8095
+ # roles, see [Working with roles][1].
8096
+ #
8097
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
8098
+ # attributes for the resource. For example, this operation does not
8099
+ # return tags, even though they are an attribute of the returned object.
8100
+ # To view all of the information for a role, see GetRole.
8101
+ #
8102
+ # </note>
7614
8103
  #
7615
8104
  # You can paginate the results using the `MaxItems` and `Marker`
7616
8105
  # parameters.
@@ -7699,12 +8188,89 @@ module Aws::IAM
7699
8188
  req.send_request(options)
7700
8189
  end
7701
8190
 
7702
- # Lists the SAML provider resource objects defined in IAM in the
7703
- # account.
8191
+ # Lists the tags that are attached to the specified Security Assertion
8192
+ # Markup Language (SAML) identity provider. The returned list of tags is
8193
+ # sorted by tag key. For more information, see [About SAML 2.0-based
8194
+ # federation][1].
7704
8195
  #
7705
- # <note markdown="1"> This operation requires [Signature Version 4][1].
8196
+ # For more information about tagging, see [Tagging IAM resources][2] in
8197
+ # the *IAM User Guide*.
7706
8198
  #
7707
- # </note>
8199
+ #
8200
+ #
8201
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
8202
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
8203
+ #
8204
+ # @option params [required, String] :saml_provider_arn
8205
+ # The ARN of the Security Assertion Markup Language (SAML) identity
8206
+ # provider whose tags you want to see.
8207
+ #
8208
+ # This parameter accepts (through its [regex pattern][1]) a string of
8209
+ # characters that consist of upper and lowercase alphanumeric characters
8210
+ # with no spaces. You can also include any of the following characters:
8211
+ # =,.@-
8212
+ #
8213
+ #
8214
+ #
8215
+ # [1]: http://wikipedia.org/wiki/regex
8216
+ #
8217
+ # @option params [String] :marker
8218
+ # Use this parameter only when paginating results and only after you
8219
+ # receive a response indicating that the results are truncated. Set it
8220
+ # to the value of the `Marker` element in the response that you received
8221
+ # to indicate where the next call should start.
8222
+ #
8223
+ # @option params [Integer] :max_items
8224
+ # (Optional) Use this only when paginating results to indicate the
8225
+ # maximum number of items that you want in the response. If additional
8226
+ # items exist beyond the maximum that you specify, the `IsTruncated`
8227
+ # response element is `true`.
8228
+ #
8229
+ # If you do not include this parameter, it defaults to 100. Note that
8230
+ # IAM might return fewer results, even when more results are available.
8231
+ # In that case, the `IsTruncated` response element returns `true`, and
8232
+ # `Marker` contains a value to include in the subsequent call that tells
8233
+ # the service where to continue from.
8234
+ #
8235
+ # @return [Types::ListSAMLProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8236
+ #
8237
+ # * {Types::ListSAMLProviderTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
8238
+ # * {Types::ListSAMLProviderTagsResponse#is_truncated #is_truncated} => Boolean
8239
+ # * {Types::ListSAMLProviderTagsResponse#marker #marker} => String
8240
+ #
8241
+ # @example Request syntax with placeholder values
8242
+ #
8243
+ # resp = client.list_saml_provider_tags({
8244
+ # saml_provider_arn: "arnType", # required
8245
+ # marker: "markerType",
8246
+ # max_items: 1,
8247
+ # })
8248
+ #
8249
+ # @example Response structure
8250
+ #
8251
+ # resp.tags #=> Array
8252
+ # resp.tags[0].key #=> String
8253
+ # resp.tags[0].value #=> String
8254
+ # resp.is_truncated #=> Boolean
8255
+ # resp.marker #=> String
8256
+ #
8257
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviderTags AWS API Documentation
8258
+ #
8259
+ # @overload list_saml_provider_tags(params = {})
8260
+ # @param [Hash] params ({})
8261
+ def list_saml_provider_tags(params = {}, options = {})
8262
+ req = build_request(:list_saml_provider_tags, params)
8263
+ req.send_request(options)
8264
+ end
8265
+
8266
+ # Lists the SAML provider resource objects defined in IAM in the
8267
+ # account. IAM resource-listing operations return a subset of the
8268
+ # available attributes for the resource. For example, this operation
8269
+ # does not return tags, even though they are an attribute of the
8270
+ # returned object. To view all of the information for a SAML provider,
8271
+ # see GetSAMLProvider.
8272
+ #
8273
+ # This operation requires [Signature Version 4][1].
7708
8274
  #
7709
8275
  #
7710
8276
  #
@@ -7737,7 +8303,7 @@ module Aws::IAM
7737
8303
  # The SSH public keys returned by this operation are used only for
7738
8304
  # authenticating the IAM user to an AWS CodeCommit repository. For more
7739
8305
  # information about using SSH keys to authenticate to an AWS CodeCommit
7740
- # repository, see [Set up AWS CodeCommit for SSH Connections][1] in the
8306
+ # repository, see [Set up AWS CodeCommit for SSH connections][1] in the
7741
8307
  # *AWS CodeCommit User Guide*.
7742
8308
  #
7743
8309
  # Although each user is limited to a small number of keys, you can still
@@ -7813,6 +8379,85 @@ module Aws::IAM
7813
8379
  req.send_request(options)
7814
8380
  end
7815
8381
 
8382
+ # Lists the tags that are attached to the specified IAM server
8383
+ # certificate. The returned list of tags is sorted by tag key. For more
8384
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
8385
+ # User Guide*.
8386
+ #
8387
+ # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
8388
+ # (ACM), we recommend that you don't use IAM server certificates.
8389
+ # Instead, use ACM to provision, manage, and deploy your server
8390
+ # certificates. For more information about IAM server certificates,
8391
+ # [Working with server certificates][2] in the *IAM User Guide*.
8392
+ #
8393
+ # </note>
8394
+ #
8395
+ #
8396
+ #
8397
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
8398
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
8399
+ #
8400
+ # @option params [required, String] :server_certificate_name
8401
+ # The name of the IAM server certificate whose tags you want to see.
8402
+ #
8403
+ # This parameter accepts (through its [regex pattern][1]) a string of
8404
+ # characters that consist of upper and lowercase alphanumeric characters
8405
+ # with no spaces. You can also include any of the following characters:
8406
+ # =,.@-
8407
+ #
8408
+ #
8409
+ #
8410
+ # [1]: http://wikipedia.org/wiki/regex
8411
+ #
8412
+ # @option params [String] :marker
8413
+ # Use this parameter only when paginating results and only after you
8414
+ # receive a response indicating that the results are truncated. Set it
8415
+ # to the value of the `Marker` element in the response that you received
8416
+ # to indicate where the next call should start.
8417
+ #
8418
+ # @option params [Integer] :max_items
8419
+ # (Optional) Use this only when paginating results to indicate the
8420
+ # maximum number of items that you want in the response. If additional
8421
+ # items exist beyond the maximum that you specify, the `IsTruncated`
8422
+ # response element is `true`.
8423
+ #
8424
+ # If you do not include this parameter, it defaults to 100. Note that
8425
+ # IAM might return fewer results, even when more results are available.
8426
+ # In that case, the `IsTruncated` response element returns `true`, and
8427
+ # `Marker` contains a value to include in the subsequent call that tells
8428
+ # the service where to continue from.
8429
+ #
8430
+ # @return [Types::ListServerCertificateTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8431
+ #
8432
+ # * {Types::ListServerCertificateTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
8433
+ # * {Types::ListServerCertificateTagsResponse#is_truncated #is_truncated} => Boolean
8434
+ # * {Types::ListServerCertificateTagsResponse#marker #marker} => String
8435
+ #
8436
+ # @example Request syntax with placeholder values
8437
+ #
8438
+ # resp = client.list_server_certificate_tags({
8439
+ # server_certificate_name: "serverCertificateNameType", # required
8440
+ # marker: "markerType",
8441
+ # max_items: 1,
8442
+ # })
8443
+ #
8444
+ # @example Response structure
8445
+ #
8446
+ # resp.tags #=> Array
8447
+ # resp.tags[0].key #=> String
8448
+ # resp.tags[0].value #=> String
8449
+ # resp.is_truncated #=> Boolean
8450
+ # resp.marker #=> String
8451
+ #
8452
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificateTags AWS API Documentation
8453
+ #
8454
+ # @overload list_server_certificate_tags(params = {})
8455
+ # @param [Hash] params ({})
8456
+ def list_server_certificate_tags(params = {}, options = {})
8457
+ req = build_request(:list_server_certificate_tags, params)
8458
+ req.send_request(options)
8459
+ end
8460
+
7816
8461
  # Lists the server certificates stored in IAM that have the specified
7817
8462
  # path prefix. If none exist, the operation returns an empty list.
7818
8463
  #
@@ -7820,10 +8465,18 @@ module Aws::IAM
7820
8465
  # parameters.
7821
8466
  #
7822
8467
  # For more information about working with server certificates, see
7823
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
8468
+ # [Working with server certificates][1] in the *IAM User Guide*. This
7824
8469
  # topic also includes a list of AWS services that can use the server
7825
8470
  # certificates that you manage with IAM.
7826
8471
  #
8472
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
8473
+ # attributes for the resource. For example, this operation does not
8474
+ # return tags, even though they are an attribute of the returned object.
8475
+ # To view all of the information for a servercertificate, see
8476
+ # GetServerCertificate.
8477
+ #
8478
+ # </note>
8479
+ #
7827
8480
  #
7828
8481
  #
7829
8482
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
@@ -7905,7 +8558,7 @@ module Aws::IAM
7905
8558
  # empty list. The service-specific credentials returned by this
7906
8559
  # operation are used only for authenticating the IAM user to a specific
7907
8560
  # service. For more information about using service-specific credentials
7908
- # to authenticate to an AWS service, see [Set Up service-specific
8561
+ # to authenticate to an AWS service, see [Set up service-specific
7909
8562
  # credentials][1] in the AWS CodeCommit User Guide.
7910
8563
  #
7911
8564
  #
@@ -7971,9 +8624,10 @@ module Aws::IAM
7971
8624
  #
7972
8625
  # If the `UserName` field is not specified, the user name is determined
7973
8626
  # implicitly based on the AWS access key ID used to sign the request for
7974
- # this API. This operation works for access keys under the AWS account.
7975
- # Consequently, you can use this operation to manage AWS account root
7976
- # user credentials even if the AWS account has no associated users.
8627
+ # this operation. This operation works for access keys under the AWS
8628
+ # account. Consequently, you can use this operation to manage AWS
8629
+ # account root user credentials even if the AWS account has no
8630
+ # associated users.
7977
8631
  #
7978
8632
  # @option params [String] :user_name
7979
8633
  # The name of the IAM user whose signing certificates you want to
@@ -8069,7 +8723,7 @@ module Aws::IAM
8069
8723
  # An IAM user can also have managed policies attached to it. To list the
8070
8724
  # managed policies that are attached to a user, use
8071
8725
  # ListAttachedUserPolicies. For more information about policies, see
8072
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
8726
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
8073
8727
  #
8074
8728
  # You can paginate the results using the `MaxItems` and `Marker`
8075
8729
  # parameters. If there are no inline policies embedded with the
@@ -8140,9 +8794,9 @@ module Aws::IAM
8140
8794
  req.send_request(options)
8141
8795
  end
8142
8796
 
8143
- # Lists the tags that are attached to the specified user. The returned
8144
- # list of tags is sorted by tag key. For more information about tagging,
8145
- # see [Tagging IAM Identities][1] in the *IAM User Guide*.
8797
+ # Lists the tags that are attached to the specified IAM user. The
8798
+ # returned list of tags is sorted by tag key. For more information about
8799
+ # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
8146
8800
  #
8147
8801
  #
8148
8802
  #
@@ -8237,6 +8891,13 @@ module Aws::IAM
8237
8891
  # prefix is specified, the operation returns all users in the AWS
8238
8892
  # account. If there are none, the operation returns an empty list.
8239
8893
  #
8894
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
8895
+ # attributes for the resource. For example, this operation does not
8896
+ # return tags, even though they are an attribute of the returned object.
8897
+ # To view all of the information for a user, see GetUser.
8898
+ #
8899
+ # </note>
8900
+ #
8240
8901
  # You can paginate the results using the `MaxItems` and `Marker`
8241
8902
  # parameters.
8242
8903
  #
@@ -8351,6 +9012,14 @@ module Aws::IAM
8351
9012
  # returns a list of all virtual MFA devices. Assignment status can be
8352
9013
  # `Assigned`, `Unassigned`, or `Any`.
8353
9014
  #
9015
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
9016
+ # attributes for the resource. For example, this operation does not
9017
+ # return tags, even though they are an attribute of the returned object.
9018
+ # To view all of the information for a virtual MFA device, see
9019
+ # ListVirtualMFADevices.
9020
+ #
9021
+ # </note>
9022
+ #
8354
9023
  # You can paginate the results using the `MaxItems` and `Marker`
8355
9024
  # parameters.
8356
9025
  #
@@ -8430,6 +9099,9 @@ module Aws::IAM
8430
9099
  # resp.virtual_mfa_devices[0].user.tags[0].key #=> String
8431
9100
  # resp.virtual_mfa_devices[0].user.tags[0].value #=> String
8432
9101
  # resp.virtual_mfa_devices[0].enable_date #=> Time
9102
+ # resp.virtual_mfa_devices[0].tags #=> Array
9103
+ # resp.virtual_mfa_devices[0].tags[0].key #=> String
9104
+ # resp.virtual_mfa_devices[0].tags[0].value #=> String
8433
9105
  # resp.is_truncated #=> Boolean
8434
9106
  # resp.marker #=> String
8435
9107
  #
@@ -8448,15 +9120,15 @@ module Aws::IAM
8448
9120
  # A user can also have managed policies attached to it. To attach a
8449
9121
  # managed policy to a group, use AttachGroupPolicy. To create a new
8450
9122
  # managed policy, use CreatePolicy. For information about policies, see
8451
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
9123
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
8452
9124
  #
8453
- # For information about limits on the number of inline policies that you
8454
- # can embed in a group, see [Limitations on IAM Entities][2] in the *IAM
8455
- # User Guide*.
9125
+ # For information about the maximum number of inline policies that you
9126
+ # can embed in a group, see [IAM and STS quotas][2] in the *IAM User
9127
+ # Guide*.
8456
9128
  #
8457
9129
  # <note markdown="1"> Because policy documents can be large, you should use POST rather than
8458
9130
  # GET when calling `PutGroupPolicy`. For general information about using
8459
- # the Query API with IAM, go to [Making Query Requests][3] in the *IAM
9131
+ # the Query API with IAM, see [Making query requests][3] in the *IAM
8460
9132
  # User Guide*.
8461
9133
  #
8462
9134
  # </note>
@@ -8464,7 +9136,7 @@ module Aws::IAM
8464
9136
  #
8465
9137
  #
8466
9138
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8467
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
9139
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
8468
9140
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
8469
9141
  #
8470
9142
  # @option params [required, String] :group_name
@@ -8557,7 +9229,7 @@ module Aws::IAM
8557
9229
  # Policies used as permissions boundaries do not provide permissions.
8558
9230
  # You must also attach a permissions policy to the role. To learn how
8559
9231
  # the effective permissions for a role are evaluated, see [IAM JSON
8560
- # Policy Evaluation Logic][1] in the IAM User Guide.
9232
+ # policy evaluation logic][1] in the IAM User Guide.
8561
9233
  #
8562
9234
  #
8563
9235
  #
@@ -8596,21 +9268,21 @@ module Aws::IAM
8596
9268
  # as part of the role's access (permissions) policy. The role's trust
8597
9269
  # policy is created at the same time as the role, using CreateRole. You
8598
9270
  # can update a role's trust policy using UpdateAssumeRolePolicy. For
8599
- # more information about IAM roles, go to [Using Roles to Delegate
8600
- # Permissions and Federate Identities][1].
9271
+ # more information about IAM roles, see [Using roles to delegate
9272
+ # permissions and federate identities][1].
8601
9273
  #
8602
9274
  # A role can also have a managed policy attached to it. To attach a
8603
9275
  # managed policy to a role, use AttachRolePolicy. To create a new
8604
9276
  # managed policy, use CreatePolicy. For information about policies, see
8605
- # [Managed Policies and Inline Policies][2] in the *IAM User Guide*.
9277
+ # [Managed policies and inline policies][2] in the *IAM User Guide*.
8606
9278
  #
8607
- # For information about limits on the number of inline policies that you
8608
- # can embed with a role, see [Limitations on IAM Entities][3] in the
8609
- # *IAM User Guide*.
9279
+ # For information about the maximum number of inline policies that you
9280
+ # can embed with a role, see [IAM and STS quotas][3] in the *IAM User
9281
+ # Guide*.
8610
9282
  #
8611
9283
  # <note markdown="1"> Because policy documents can be large, you should use POST rather than
8612
9284
  # GET when calling `PutRolePolicy`. For general information about using
8613
- # the Query API with IAM, go to [Making Query Requests][4] in the *IAM
9285
+ # the Query API with IAM, see [Making query requests][4] in the *IAM
8614
9286
  # User Guide*.
8615
9287
  #
8616
9288
  # </note>
@@ -8619,7 +9291,7 @@ module Aws::IAM
8619
9291
  #
8620
9292
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
8621
9293
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8622
- # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
9294
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
8623
9295
  # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
8624
9296
  #
8625
9297
  # @option params [required, String] :role_name
@@ -8710,7 +9382,7 @@ module Aws::IAM
8710
9382
  # Policies that are used as permissions boundaries do not provide
8711
9383
  # permissions. You must also attach a permissions policy to the user. To
8712
9384
  # learn how the effective permissions for a user are evaluated, see [IAM
8713
- # JSON Policy Evaluation Logic][1] in the IAM User Guide.
9385
+ # JSON policy evaluation logic][1] in the IAM User Guide.
8714
9386
  #
8715
9387
  #
8716
9388
  #
@@ -8748,15 +9420,15 @@ module Aws::IAM
8748
9420
  # An IAM user can also have a managed policy attached to it. To attach a
8749
9421
  # managed policy to a user, use AttachUserPolicy. To create a new
8750
9422
  # managed policy, use CreatePolicy. For information about policies, see
8751
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
9423
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
8752
9424
  #
8753
- # For information about limits on the number of inline policies that you
8754
- # can embed in a user, see [Limitations on IAM Entities][2] in the *IAM
8755
- # User Guide*.
9425
+ # For information about the maximum number of inline policies that you
9426
+ # can embed in a user, see [IAM and STS quotas][2] in the *IAM User
9427
+ # Guide*.
8756
9428
  #
8757
9429
  # <note markdown="1"> Because policy documents can be large, you should use POST rather than
8758
9430
  # GET when calling `PutUserPolicy`. For general information about using
8759
- # the Query API with IAM, go to [Making Query Requests][3] in the *IAM
9431
+ # the Query API with IAM, see [Making query requests][3] in the *IAM
8760
9432
  # User Guide*.
8761
9433
  #
8762
9434
  # </note>
@@ -8764,7 +9436,7 @@ module Aws::IAM
8764
9436
  #
8765
9437
  #
8766
9438
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8767
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
9439
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
8768
9440
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
8769
9441
  #
8770
9442
  # @option params [required, String] :user_name
@@ -8857,8 +9529,8 @@ module Aws::IAM
8857
9529
  # remove the client ID from. You can get a list of OIDC provider ARNs by
8858
9530
  # using the ListOpenIDConnectProviders operation.
8859
9531
  #
8860
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
8861
- # AWS Service Namespaces][1] in the *AWS General Reference*.
9532
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
9533
+ # in the *AWS General Reference*.
8862
9534
  #
8863
9535
  #
8864
9536
  #
@@ -8895,9 +9567,9 @@ module Aws::IAM
8895
9567
  # role from an instance profile that is associated with a running
8896
9568
  # instance might break any applications running on the instance.
8897
9569
  #
8898
- # For more information about IAM roles, go to [Working with Roles][1].
8899
- # For more information about instance profiles, go to [About Instance
8900
- # Profiles][2].
9570
+ # For more information about IAM roles, see [Working with roles][1]. For
9571
+ # more information about instance profiles, see [About instance
9572
+ # profiles][2].
8901
9573
  #
8902
9574
  #
8903
9575
  #
@@ -9074,8 +9746,7 @@ module Aws::IAM
9074
9746
  # the AWS servers.
9075
9747
  #
9076
9748
  # For more information about creating and working with virtual MFA
9077
- # devices, go to [Using a Virtual MFA Device][1] in the *IAM User
9078
- # Guide*.
9749
+ # devices, see [Using a virtual MFA device][1] in the *IAM User Guide*.
9079
9750
  #
9080
9751
  #
9081
9752
  #
@@ -9140,10 +9811,10 @@ module Aws::IAM
9140
9811
  #
9141
9812
  # This operation affects all users, groups, and roles that the policy is
9142
9813
  # attached to. To list the users, groups, and roles that the policy is
9143
- # attached to, use the ListEntitiesForPolicy API.
9814
+ # attached to, use ListEntitiesForPolicy.
9144
9815
  #
9145
- # For information about managed policies, see [Managed Policies and
9146
- # Inline Policies][1] in the *IAM User Guide*.
9816
+ # For information about managed policies, see [Managed policies and
9817
+ # inline policies][1] in the *IAM User Guide*.
9147
9818
  #
9148
9819
  #
9149
9820
  #
@@ -9153,8 +9824,8 @@ module Aws::IAM
9153
9824
  # The Amazon Resource Name (ARN) of the IAM policy whose default version
9154
9825
  # you want to set.
9155
9826
  #
9156
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9157
- # AWS Service Namespaces][1] in the *AWS General Reference*.
9827
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
9828
+ # in the *AWS General Reference*.
9158
9829
  #
9159
9830
  #
9160
9831
  #
@@ -9164,7 +9835,7 @@ module Aws::IAM
9164
9835
  # The version of the policy to set as the default (operative) version.
9165
9836
  #
9166
9837
  # For more information about managed policy versions, see [Versioning
9167
- # for Managed Policies][1] in the *IAM User Guide*.
9838
+ # for managed policies][1] in the *IAM User Guide*.
9168
9839
  #
9169
9840
  #
9170
9841
  #
@@ -9196,7 +9867,8 @@ module Aws::IAM
9196
9867
  # `https://sts.amazonaws.com`. AWS recommends using Regional STS
9197
9868
  # endpoints to reduce latency, build in redundancy, and increase session
9198
9869
  # token availability. For information about Regional endpoints for STS,
9199
- # see [AWS Regions and Endpoints][1] in the *AWS General Reference*.
9870
+ # see [AWS AWS Security Token Service endpoints and quotas][1] in the
9871
+ # *AWS General Reference*.
9200
9872
  #
9201
9873
  # If you make an STS call to the global endpoint, the resulting session
9202
9874
  # tokens might be valid in some Regions but not others. It depends on
@@ -9205,8 +9877,8 @@ module Aws::IAM
9205
9877
  # work in manually enabled Regions, such as Asia Pacific (Hong Kong).
9206
9878
  # Version 2 tokens are valid in all Regions. However, version 2 tokens
9207
9879
  # are longer and might affect systems where you temporarily store
9208
- # tokens. For information, see [Activating and Deactivating STS in an
9209
- # AWS Region][2] in the *IAM User Guide*.
9880
+ # tokens. For information, see [Activating and deactivating STS in an
9881
+ # AWS region][2] in the *IAM User Guide*.
9210
9882
  #
9211
9883
  # To view the current session token version, see the
9212
9884
  # `GlobalEndpointTokenVersion` entry in the response of the
@@ -9214,7 +9886,7 @@ module Aws::IAM
9214
9886
  #
9215
9887
  #
9216
9888
  #
9217
- # [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region
9889
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/sts.html
9218
9890
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
9219
9891
  #
9220
9892
  # @option params [required, String] :global_endpoint_token_version
@@ -9225,8 +9897,8 @@ module Aws::IAM
9225
9897
  # are longer and might affect systems where you temporarily store
9226
9898
  # tokens.
9227
9899
  #
9228
- # For information, see [Activating and Deactivating STS in an AWS
9229
- # Region][1] in the *IAM User Guide*.
9900
+ # For information, see [Activating and deactivating STS in an AWS
9901
+ # region][1] in the *IAM User Guide*.
9230
9902
  #
9231
9903
  #
9232
9904
  #
@@ -9265,7 +9937,8 @@ module Aws::IAM
9265
9937
  #
9266
9938
  # The simulation does not perform the API operations; it only checks the
9267
9939
  # authorization to determine if the simulated policies allow or deny the
9268
- # operations.
9940
+ # operations. You can simulate resources that don't exist in your
9941
+ # account.
9269
9942
  #
9270
9943
  # If you want to simulate existing policies that are attached to an IAM
9271
9944
  # user, group, or role, use SimulatePrincipalPolicy instead.
@@ -9279,6 +9952,14 @@ module Aws::IAM
9279
9952
  # If the output is long, you can use `MaxItems` and `Marker` parameters
9280
9953
  # to paginate the results.
9281
9954
  #
9955
+ # For more information about using the policy simulator, see [Testing
9956
+ # IAM policies with the IAM policy simulator ][1]in the *IAM User
9957
+ # Guide*.
9958
+ #
9959
+ #
9960
+ #
9961
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
9962
+ #
9282
9963
  # @option params [required, Array<String>] :policy_input_list
9283
9964
  # A list of policy documents to include in the simulation. Each document
9284
9965
  # is specified as a string containing the complete, valid JSON text of
@@ -9313,7 +9994,7 @@ module Aws::IAM
9313
9994
  # boundary sets the maximum permissions that an IAM entity can have. You
9314
9995
  # can input only one permissions boundary when you pass a policy to this
9315
9996
  # operation. For more information about permissions boundaries, see
9316
- # [Permissions Boundaries for IAM Entities][1] in the *IAM User Guide*.
9997
+ # [Permissions boundaries for IAM entities][1] in the *IAM User Guide*.
9317
9998
  # The policy input is specified as a string that contains the complete,
9318
9999
  # valid JSON text of a permissions boundary policy.
9319
10000
  #
@@ -9346,7 +10027,8 @@ module Aws::IAM
9346
10027
  # resources). Each API in the `ActionNames` parameter is evaluated for
9347
10028
  # each resource in this list. The simulation determines the access
9348
10029
  # result (allowed or denied) of each combination and reports it in the
9349
- # response.
10030
+ # response. You can simulate resources that don't exist in your
10031
+ # account.
9350
10032
  #
9351
10033
  # The simulation does not automatically retrieve policies for the
9352
10034
  # specified resources. If you want to include a resource policy in the
@@ -9357,8 +10039,8 @@ module Aws::IAM
9357
10039
  # of the resources included in the simulation or you receive an invalid
9358
10040
  # input error.
9359
10041
  #
9360
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9361
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10042
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10043
+ # in the *AWS General Reference*.
9362
10044
  #
9363
10045
  #
9364
10046
  #
@@ -9434,7 +10116,7 @@ module Aws::IAM
9434
10116
  # includes VPC, then you must supply the network-interface resource. If
9435
10117
  # it includes an IP subnet, then you must specify the subnet resource.
9436
10118
  # For more information on the EC2 scenario options, see [Supported
9437
- # Platforms][1] in the *Amazon EC2 User Guide*.
10119
+ # platforms][1] in the *Amazon EC2 User Guide*.
9438
10120
  #
9439
10121
  # * **EC2-Classic-InstanceStore**
9440
10122
  #
@@ -9562,7 +10244,8 @@ module Aws::IAM
9562
10244
  # policies' effective permissions. The entity can be an IAM user,
9563
10245
  # group, or role. If you specify a user, then the simulation also
9564
10246
  # includes all of the policies that are attached to groups that the user
9565
- # belongs to.
10247
+ # belongs to. You can simulate resources that don't exist in your
10248
+ # account.
9566
10249
  #
9567
10250
  # You can optionally include a list of one or more additional policies
9568
10251
  # specified as strings to include in the simulation. If you want to
@@ -9576,8 +10259,8 @@ module Aws::IAM
9576
10259
  # authorization to determine if the simulated policies allow or deny the
9577
10260
  # operations.
9578
10261
  #
9579
- # **Note:** This API discloses information about the permissions granted
9580
- # to other users. If you do not want users to see other user's
10262
+ # **Note:** This operation discloses information about the permissions
10263
+ # granted to other users. If you do not want users to see other user's
9581
10264
  # permissions, then consider allowing them to use SimulateCustomPolicy
9582
10265
  # instead.
9583
10266
  #
@@ -9590,6 +10273,14 @@ module Aws::IAM
9590
10273
  # If the output is long, you can use the `MaxItems` and `Marker`
9591
10274
  # parameters to paginate the results.
9592
10275
  #
10276
+ # For more information about using the policy simulator, see [Testing
10277
+ # IAM policies with the IAM policy simulator ][1]in the *IAM User
10278
+ # Guide*.
10279
+ #
10280
+ #
10281
+ #
10282
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
10283
+ #
9593
10284
  # @option params [required, String] :policy_source_arn
9594
10285
  # The Amazon Resource Name (ARN) of a user, group, or role whose
9595
10286
  # policies you want to include in the simulation. If you specify a user,
@@ -9598,8 +10289,8 @@ module Aws::IAM
9598
10289
  # also includes all policies that are attached to any groups the user
9599
10290
  # belongs to.
9600
10291
  #
9601
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9602
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10292
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10293
+ # in the *AWS General Reference*.
9603
10294
  #
9604
10295
  #
9605
10296
  #
@@ -9635,7 +10326,7 @@ module Aws::IAM
9635
10326
  # to an entity and you pass in a different permissions boundary policy
9636
10327
  # using this parameter, then the new permissions boundary policy is used
9637
10328
  # for the simulation. For more information about permissions boundaries,
9638
- # see [Permissions Boundaries for IAM Entities][1] in the *IAM User
10329
+ # see [Permissions boundaries for IAM entities][1] in the *IAM User
9639
10330
  # Guide*. The policy input is specified as a string containing the
9640
10331
  # complete, valid JSON text of a permissions boundary policy.
9641
10332
  #
@@ -9667,15 +10358,16 @@ module Aws::IAM
9667
10358
  # resources). Each API in the `ActionNames` parameter is evaluated for
9668
10359
  # each resource in this list. The simulation determines the access
9669
10360
  # result (allowed or denied) of each combination and reports it in the
9670
- # response.
10361
+ # response. You can simulate resources that don't exist in your
10362
+ # account.
9671
10363
  #
9672
10364
  # The simulation does not automatically retrieve policies for the
9673
10365
  # specified resources. If you want to include a resource policy in the
9674
10366
  # simulation, then you must include the policy as a string in the
9675
10367
  # `ResourcePolicy` parameter.
9676
10368
  #
9677
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9678
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10369
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10370
+ # in the *AWS General Reference*.
9679
10371
  #
9680
10372
  #
9681
10373
  #
@@ -9733,8 +10425,8 @@ module Aws::IAM
9733
10425
  # that the resource-based policy's `Principal` element has a value to
9734
10426
  # use in evaluating the policy.
9735
10427
  #
9736
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9737
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10428
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10429
+ # in the *AWS General Reference*.
9738
10430
  #
9739
10431
  #
9740
10432
  #
@@ -9761,7 +10453,7 @@ module Aws::IAM
9761
10453
  # includes VPC, then you must supply the network interface resource. If
9762
10454
  # it includes an IP subnet, then you must specify the subnet resource.
9763
10455
  # For more information on the EC2 scenario options, see [Supported
9764
- # Platforms][1] in the *Amazon EC2 User Guide*.
10456
+ # platforms][1] in the *Amazon EC2 User Guide*.
9765
10457
  #
9766
10458
  # * **EC2-Classic-InstanceStore**
9767
10459
  #
@@ -9885,6 +10577,309 @@ module Aws::IAM
9885
10577
  req.send_request(options)
9886
10578
  end
9887
10579
 
10580
+ # Adds one or more tags to an IAM instance profile. If a tag with the
10581
+ # same key name already exists, then that tag is overwritten with the
10582
+ # new value.
10583
+ #
10584
+ # Each tag consists of a key name and an associated value. By assigning
10585
+ # tags to your resources, you can do the following:
10586
+ #
10587
+ # * **Administrative grouping and discovery** - Attach tags to resources
10588
+ # to aid in organization and search. For example, you could search for
10589
+ # all resources with the key name *Project* and the value
10590
+ # *MyImportantProject*. Or search for all resources with the key name
10591
+ # *Cost Center* and the value *41200*.
10592
+ #
10593
+ # * **Access control** - Include tags in IAM user-based and
10594
+ # resource-based policies. You can use tags to restrict access to only
10595
+ # an IAM instance profile that has a specified tag attached. For
10596
+ # examples of policies that show how to use tags to control access,
10597
+ # see [Control access using IAM tags][1] in the *IAM User Guide*.
10598
+ #
10599
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10600
+ # maximum number of tags, then the entire request fails and the
10601
+ # resource is not created. For more information about tagging, see
10602
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10603
+ #
10604
+ # * AWS always interprets the tag `Value` as a single string. If you
10605
+ # need to store an array, you can store comma-separated values in the
10606
+ # string. However, you must interpret the value in your code.
10607
+ #
10608
+ # </note>
10609
+ #
10610
+ #
10611
+ #
10612
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10613
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10614
+ #
10615
+ # @option params [required, String] :instance_profile_name
10616
+ # The name of the IAM instance profile to which you want to add tags.
10617
+ #
10618
+ # This parameter accepts (through its [regex pattern][1]) a string of
10619
+ # characters that consist of upper and lowercase alphanumeric characters
10620
+ # with no spaces. You can also include any of the following characters:
10621
+ # =,.@-
10622
+ #
10623
+ #
10624
+ #
10625
+ # [1]: http://wikipedia.org/wiki/regex
10626
+ #
10627
+ # @option params [required, Array<Types::Tag>] :tags
10628
+ # The list of tags that you want to attach to the IAM instance profile.
10629
+ # Each tag consists of a key name and an associated value.
10630
+ #
10631
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10632
+ #
10633
+ # @example Request syntax with placeholder values
10634
+ #
10635
+ # resp = client.tag_instance_profile({
10636
+ # instance_profile_name: "instanceProfileNameType", # required
10637
+ # tags: [ # required
10638
+ # {
10639
+ # key: "tagKeyType", # required
10640
+ # value: "tagValueType", # required
10641
+ # },
10642
+ # ],
10643
+ # })
10644
+ #
10645
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagInstanceProfile AWS API Documentation
10646
+ #
10647
+ # @overload tag_instance_profile(params = {})
10648
+ # @param [Hash] params ({})
10649
+ def tag_instance_profile(params = {}, options = {})
10650
+ req = build_request(:tag_instance_profile, params)
10651
+ req.send_request(options)
10652
+ end
10653
+
10654
+ # Adds one or more tags to an IAM virtual multi-factor authentication
10655
+ # (MFA) device. If a tag with the same key name already exists, then
10656
+ # that tag is overwritten with the new value.
10657
+ #
10658
+ # A tag consists of a key name and an associated value. By assigning
10659
+ # tags to your resources, you can do the following:
10660
+ #
10661
+ # * **Administrative grouping and discovery** - Attach tags to resources
10662
+ # to aid in organization and search. For example, you could search for
10663
+ # all resources with the key name *Project* and the value
10664
+ # *MyImportantProject*. Or search for all resources with the key name
10665
+ # *Cost Center* and the value *41200*.
10666
+ #
10667
+ # * **Access control** - Include tags in IAM user-based and
10668
+ # resource-based policies. You can use tags to restrict access to only
10669
+ # an IAM virtual MFA device that has a specified tag attached. For
10670
+ # examples of policies that show how to use tags to control access,
10671
+ # see [Control access using IAM tags][1] in the *IAM User Guide*.
10672
+ #
10673
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10674
+ # maximum number of tags, then the entire request fails and the
10675
+ # resource is not created. For more information about tagging, see
10676
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10677
+ #
10678
+ # * AWS always interprets the tag `Value` as a single string. If you
10679
+ # need to store an array, you can store comma-separated values in the
10680
+ # string. However, you must interpret the value in your code.
10681
+ #
10682
+ # </note>
10683
+ #
10684
+ #
10685
+ #
10686
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10687
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10688
+ #
10689
+ # @option params [required, String] :serial_number
10690
+ # The unique identifier for the IAM virtual MFA device to which you want
10691
+ # to add tags. For virtual MFA devices, the serial number is the same as
10692
+ # the ARN.
10693
+ #
10694
+ # This parameter accepts (through its [regex pattern][1]) a string of
10695
+ # characters that consist of upper and lowercase alphanumeric characters
10696
+ # with no spaces. You can also include any of the following characters:
10697
+ # =,.@-
10698
+ #
10699
+ #
10700
+ #
10701
+ # [1]: http://wikipedia.org/wiki/regex
10702
+ #
10703
+ # @option params [required, Array<Types::Tag>] :tags
10704
+ # The list of tags that you want to attach to the IAM virtual MFA
10705
+ # device. Each tag consists of a key name and an associated value.
10706
+ #
10707
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10708
+ #
10709
+ # @example Request syntax with placeholder values
10710
+ #
10711
+ # resp = client.tag_mfa_device({
10712
+ # serial_number: "serialNumberType", # required
10713
+ # tags: [ # required
10714
+ # {
10715
+ # key: "tagKeyType", # required
10716
+ # value: "tagValueType", # required
10717
+ # },
10718
+ # ],
10719
+ # })
10720
+ #
10721
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagMFADevice AWS API Documentation
10722
+ #
10723
+ # @overload tag_mfa_device(params = {})
10724
+ # @param [Hash] params ({})
10725
+ def tag_mfa_device(params = {}, options = {})
10726
+ req = build_request(:tag_mfa_device, params)
10727
+ req.send_request(options)
10728
+ end
10729
+
10730
+ # Adds one or more tags to an OpenID Connect (OIDC)-compatible identity
10731
+ # provider. For more information about these providers, see [About web
10732
+ # identity federation][1]. If a tag with the same key name already
10733
+ # exists, then that tag is overwritten with the new value.
10734
+ #
10735
+ # A tag consists of a key name and an associated value. By assigning
10736
+ # tags to your resources, you can do the following:
10737
+ #
10738
+ # * **Administrative grouping and discovery** - Attach tags to resources
10739
+ # to aid in organization and search. For example, you could search for
10740
+ # all resources with the key name *Project* and the value
10741
+ # *MyImportantProject*. Or search for all resources with the key name
10742
+ # *Cost Center* and the value *41200*.
10743
+ #
10744
+ # * **Access control** - Include tags in IAM user-based and
10745
+ # resource-based policies. You can use tags to restrict access to only
10746
+ # an OIDC provider that has a specified tag attached. For examples of
10747
+ # policies that show how to use tags to control access, see [Control
10748
+ # access using IAM tags][2] in the *IAM User Guide*.
10749
+ #
10750
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10751
+ # maximum number of tags, then the entire request fails and the
10752
+ # resource is not created. For more information about tagging, see
10753
+ # [Tagging IAM resources][3] in the *IAM User Guide*.
10754
+ #
10755
+ # * AWS always interprets the tag `Value` as a single string. If you
10756
+ # need to store an array, you can store comma-separated values in the
10757
+ # string. However, you must interpret the value in your code.
10758
+ #
10759
+ # </note>
10760
+ #
10761
+ #
10762
+ #
10763
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
10764
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10765
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10766
+ #
10767
+ # @option params [required, String] :open_id_connect_provider_arn
10768
+ # The ARN of the OIDC identity provider in IAM to which you want to add
10769
+ # tags.
10770
+ #
10771
+ # This parameter accepts (through its [regex pattern][1]) a string of
10772
+ # characters that consist of upper and lowercase alphanumeric characters
10773
+ # with no spaces. You can also include any of the following characters:
10774
+ # =,.@-
10775
+ #
10776
+ #
10777
+ #
10778
+ # [1]: http://wikipedia.org/wiki/regex
10779
+ #
10780
+ # @option params [required, Array<Types::Tag>] :tags
10781
+ # The list of tags that you want to attach to the OIDC identity provider
10782
+ # in IAM. Each tag consists of a key name and an associated value.
10783
+ #
10784
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10785
+ #
10786
+ # @example Request syntax with placeholder values
10787
+ #
10788
+ # resp = client.tag_open_id_connect_provider({
10789
+ # open_id_connect_provider_arn: "arnType", # required
10790
+ # tags: [ # required
10791
+ # {
10792
+ # key: "tagKeyType", # required
10793
+ # value: "tagValueType", # required
10794
+ # },
10795
+ # ],
10796
+ # })
10797
+ #
10798
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagOpenIDConnectProvider AWS API Documentation
10799
+ #
10800
+ # @overload tag_open_id_connect_provider(params = {})
10801
+ # @param [Hash] params ({})
10802
+ def tag_open_id_connect_provider(params = {}, options = {})
10803
+ req = build_request(:tag_open_id_connect_provider, params)
10804
+ req.send_request(options)
10805
+ end
10806
+
10807
+ # Adds one or more tags to an IAM customer managed policy. If a tag with
10808
+ # the same key name already exists, then that tag is overwritten with
10809
+ # the new value.
10810
+ #
10811
+ # A tag consists of a key name and an associated value. By assigning
10812
+ # tags to your resources, you can do the following:
10813
+ #
10814
+ # * **Administrative grouping and discovery** - Attach tags to resources
10815
+ # to aid in organization and search. For example, you could search for
10816
+ # all resources with the key name *Project* and the value
10817
+ # *MyImportantProject*. Or search for all resources with the key name
10818
+ # *Cost Center* and the value *41200*.
10819
+ #
10820
+ # * **Access control** - Include tags in IAM user-based and
10821
+ # resource-based policies. You can use tags to restrict access to only
10822
+ # an IAM customer managed policy that has a specified tag attached.
10823
+ # For examples of policies that show how to use tags to control
10824
+ # access, see [Control access using IAM tags][1] in the *IAM User
10825
+ # Guide*.
10826
+ #
10827
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10828
+ # maximum number of tags, then the entire request fails and the
10829
+ # resource is not created. For more information about tagging, see
10830
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10831
+ #
10832
+ # * AWS always interprets the tag `Value` as a single string. If you
10833
+ # need to store an array, you can store comma-separated values in the
10834
+ # string. However, you must interpret the value in your code.
10835
+ #
10836
+ # </note>
10837
+ #
10838
+ #
10839
+ #
10840
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10841
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10842
+ #
10843
+ # @option params [required, String] :policy_arn
10844
+ # The ARN of the IAM customer managed policy to which you want to add
10845
+ # tags.
10846
+ #
10847
+ # This parameter accepts (through its [regex pattern][1]) a string of
10848
+ # characters that consist of upper and lowercase alphanumeric characters
10849
+ # with no spaces. You can also include any of the following characters:
10850
+ # =,.@-
10851
+ #
10852
+ #
10853
+ #
10854
+ # [1]: http://wikipedia.org/wiki/regex
10855
+ #
10856
+ # @option params [required, Array<Types::Tag>] :tags
10857
+ # The list of tags that you want to attach to the IAM customer managed
10858
+ # policy. Each tag consists of a key name and an associated value.
10859
+ #
10860
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10861
+ #
10862
+ # @example Request syntax with placeholder values
10863
+ #
10864
+ # resp = client.tag_policy({
10865
+ # policy_arn: "arnType", # required
10866
+ # tags: [ # required
10867
+ # {
10868
+ # key: "tagKeyType", # required
10869
+ # value: "tagValueType", # required
10870
+ # },
10871
+ # ],
10872
+ # })
10873
+ #
10874
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagPolicy AWS API Documentation
10875
+ #
10876
+ # @overload tag_policy(params = {})
10877
+ # @param [Hash] params ({})
10878
+ def tag_policy(params = {}, options = {})
10879
+ req = build_request(:tag_policy, params)
10880
+ req.send_request(options)
10881
+ end
10882
+
9888
10883
  # Adds one or more tags to an IAM role. The role can be a regular role
9889
10884
  # or a service-linked role. If a tag with the same key name already
9890
10885
  # exists, then that tag is overwritten with the new value.
@@ -9898,20 +10893,20 @@ module Aws::IAM
9898
10893
  # *MyImportantProject*. Or search for all resources with the key name
9899
10894
  # *Cost Center* and the value *41200*.
9900
10895
  #
9901
- # * **Access control** - Reference tags in IAM user-based and
10896
+ # * **Access control** - Include tags in IAM user-based and
9902
10897
  # resource-based policies. You can use tags to restrict access to only
9903
- # an IAM user or role that has a specified tag attached. You can also
9904
- # restrict access to only those resources that have a certain tag
9905
- # attached. For examples of policies that show how to use tags to
9906
- # control access, see [Control Access Using IAM Tags][1] in the *IAM
9907
- # User Guide*.
10898
+ # an IAM role that has a specified tag attached. You can also restrict
10899
+ # access to only those resources that have a certain tag attached. For
10900
+ # examples of policies that show how to use tags to control access,
10901
+ # see [Control access using IAM tags][1] in the *IAM User Guide*.
9908
10902
  #
9909
10903
  # * **Cost allocation** - Use tags to help track which individuals and
9910
10904
  # teams are using which AWS resources.
9911
10905
  #
9912
- # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed
9913
- # the allowed number of tags per role. In either case, the entire
9914
- # request fails and *no* tags are added to the role.
10906
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10907
+ # maximum number of tags, then the entire request fails and the
10908
+ # resource is not created. For more information about tagging, see
10909
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
9915
10910
  #
9916
10911
  # * AWS always interprets the tag `Value` as a single string. If you
9917
10912
  # need to store an array, you can store comma-separated values in the
@@ -9919,7 +10914,7 @@ module Aws::IAM
9919
10914
  #
9920
10915
  # </note>
9921
10916
  #
9922
- # For more information about tagging, see [Tagging IAM Identities][2] in
10917
+ # For more information about tagging, see [Tagging IAM identities][2] in
9923
10918
  # the *IAM User Guide*.
9924
10919
  #
9925
10920
  #
@@ -9928,47 +10923,209 @@ module Aws::IAM
9928
10923
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
9929
10924
  #
9930
10925
  # @option params [required, String] :role_name
9931
- # The name of the role that you want to add tags to.
10926
+ # The name of the IAM role to which you want to add tags.
10927
+ #
10928
+ # This parameter accepts (through its [regex pattern][1]) a string of
10929
+ # characters that consist of upper and lowercase alphanumeric characters
10930
+ # with no spaces. You can also include any of the following characters:
10931
+ # \_+=,.@-
10932
+ #
10933
+ #
10934
+ #
10935
+ # [1]: http://wikipedia.org/wiki/regex
10936
+ #
10937
+ # @option params [required, Array<Types::Tag>] :tags
10938
+ # The list of tags that you want to attach to the IAM role. Each tag
10939
+ # consists of a key name and an associated value.
10940
+ #
10941
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10942
+ #
10943
+ #
10944
+ # @example Example: To add a tag key and value to an IAM role
10945
+ #
10946
+ # # The following example shows how to add tags to an existing role.
10947
+ #
10948
+ # resp = client.tag_role({
10949
+ # role_name: "taggedrole",
10950
+ # tags: [
10951
+ # {
10952
+ # key: "Dept",
10953
+ # value: "Accounting",
10954
+ # },
10955
+ # {
10956
+ # key: "CostCenter",
10957
+ # value: "12345",
10958
+ # },
10959
+ # ],
10960
+ # })
10961
+ #
10962
+ # @example Request syntax with placeholder values
10963
+ #
10964
+ # resp = client.tag_role({
10965
+ # role_name: "roleNameType", # required
10966
+ # tags: [ # required
10967
+ # {
10968
+ # key: "tagKeyType", # required
10969
+ # value: "tagValueType", # required
10970
+ # },
10971
+ # ],
10972
+ # })
10973
+ #
10974
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole AWS API Documentation
10975
+ #
10976
+ # @overload tag_role(params = {})
10977
+ # @param [Hash] params ({})
10978
+ def tag_role(params = {}, options = {})
10979
+ req = build_request(:tag_role, params)
10980
+ req.send_request(options)
10981
+ end
10982
+
10983
+ # Adds one or more tags to a Security Assertion Markup Language (SAML)
10984
+ # identity provider. For more information about these providers, see
10985
+ # [About SAML 2.0-based federation ][1]. If a tag with the same key name
10986
+ # already exists, then that tag is overwritten with the new value.
10987
+ #
10988
+ # A tag consists of a key name and an associated value. By assigning
10989
+ # tags to your resources, you can do the following:
10990
+ #
10991
+ # * **Administrative grouping and discovery** - Attach tags to resources
10992
+ # to aid in organization and search. For example, you could search for
10993
+ # all resources with the key name *Project* and the value
10994
+ # *MyImportantProject*. Or search for all resources with the key name
10995
+ # *Cost Center* and the value *41200*.
10996
+ #
10997
+ # * **Access control** - Include tags in IAM user-based and
10998
+ # resource-based policies. You can use tags to restrict access to only
10999
+ # a SAML identity provider that has a specified tag attached. For
11000
+ # examples of policies that show how to use tags to control access,
11001
+ # see [Control access using IAM tags][2] in the *IAM User Guide*.
11002
+ #
11003
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
11004
+ # maximum number of tags, then the entire request fails and the
11005
+ # resource is not created. For more information about tagging, see
11006
+ # [Tagging IAM resources][3] in the *IAM User Guide*.
11007
+ #
11008
+ # * AWS always interprets the tag `Value` as a single string. If you
11009
+ # need to store an array, you can store comma-separated values in the
11010
+ # string. However, you must interpret the value in your code.
11011
+ #
11012
+ # </note>
11013
+ #
11014
+ #
11015
+ #
11016
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
11017
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
11018
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11019
+ #
11020
+ # @option params [required, String] :saml_provider_arn
11021
+ # The ARN of the SAML identity provider in IAM to which you want to add
11022
+ # tags.
11023
+ #
11024
+ # This parameter accepts (through its [regex pattern][1]) a string of
11025
+ # characters that consist of upper and lowercase alphanumeric characters
11026
+ # with no spaces. You can also include any of the following characters:
11027
+ # =,.@-
11028
+ #
11029
+ #
11030
+ #
11031
+ # [1]: http://wikipedia.org/wiki/regex
11032
+ #
11033
+ # @option params [required, Array<Types::Tag>] :tags
11034
+ # The list of tags that you want to attach to the SAML identity provider
11035
+ # in IAM. Each tag consists of a key name and an associated value.
11036
+ #
11037
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11038
+ #
11039
+ # @example Request syntax with placeholder values
11040
+ #
11041
+ # resp = client.tag_saml_provider({
11042
+ # saml_provider_arn: "arnType", # required
11043
+ # tags: [ # required
11044
+ # {
11045
+ # key: "tagKeyType", # required
11046
+ # value: "tagValueType", # required
11047
+ # },
11048
+ # ],
11049
+ # })
11050
+ #
11051
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagSAMLProvider AWS API Documentation
11052
+ #
11053
+ # @overload tag_saml_provider(params = {})
11054
+ # @param [Hash] params ({})
11055
+ def tag_saml_provider(params = {}, options = {})
11056
+ req = build_request(:tag_saml_provider, params)
11057
+ req.send_request(options)
11058
+ end
11059
+
11060
+ # Adds one or more tags to an IAM server certificate. If a tag with the
11061
+ # same key name already exists, then that tag is overwritten with the
11062
+ # new value.
11063
+ #
11064
+ # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
11065
+ # (ACM), we recommend that you don't use IAM server certificates.
11066
+ # Instead, use ACM to provision, manage, and deploy your server
11067
+ # certificates. For more information about IAM server certificates,
11068
+ # [Working with server certificates][1] in the *IAM User Guide*.
11069
+ #
11070
+ # </note>
11071
+ #
11072
+ # A tag consists of a key name and an associated value. By assigning
11073
+ # tags to your resources, you can do the following:
11074
+ #
11075
+ # * **Administrative grouping and discovery** - Attach tags to resources
11076
+ # to aid in organization and search. For example, you could search for
11077
+ # all resources with the key name *Project* and the value
11078
+ # *MyImportantProject*. Or search for all resources with the key name
11079
+ # *Cost Center* and the value *41200*.
11080
+ #
11081
+ # * **Access control** - Include tags in IAM user-based and
11082
+ # resource-based policies. You can use tags to restrict access to only
11083
+ # a server certificate that has a specified tag attached. For examples
11084
+ # of policies that show how to use tags to control access, see
11085
+ # [Control access using IAM tags][2] in the *IAM User Guide*.
11086
+ #
11087
+ # * **Cost allocation** - Use tags to help track which individuals and
11088
+ # teams are using which AWS resources.
11089
+ #
11090
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
11091
+ # maximum number of tags, then the entire request fails and the
11092
+ # resource is not created. For more information about tagging, see
11093
+ # [Tagging IAM resources][3] in the *IAM User Guide*.
11094
+ #
11095
+ # * AWS always interprets the tag `Value` as a single string. If you
11096
+ # need to store an array, you can store comma-separated values in the
11097
+ # string. However, you must interpret the value in your code.
11098
+ #
11099
+ # </note>
11100
+ #
11101
+ #
11102
+ #
11103
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
11104
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
11105
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11106
+ #
11107
+ # @option params [required, String] :server_certificate_name
11108
+ # The name of the IAM server certificate to which you want to add tags.
9932
11109
  #
9933
11110
  # This parameter accepts (through its [regex pattern][1]) a string of
9934
11111
  # characters that consist of upper and lowercase alphanumeric characters
9935
11112
  # with no spaces. You can also include any of the following characters:
9936
- # \_+=,.@-
11113
+ # =,.@-
9937
11114
  #
9938
11115
  #
9939
11116
  #
9940
11117
  # [1]: http://wikipedia.org/wiki/regex
9941
11118
  #
9942
11119
  # @option params [required, Array<Types::Tag>] :tags
9943
- # The list of tags that you want to attach to the role. Each tag
9944
- # consists of a key name and an associated value. You can specify this
9945
- # with a JSON string.
11120
+ # The list of tags that you want to attach to the IAM server
11121
+ # certificate. Each tag consists of a key name and an associated value.
9946
11122
  #
9947
11123
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
9948
11124
  #
9949
- #
9950
- # @example Example: To add a tag key and value to an IAM role
9951
- #
9952
- # # The following example shows how to add tags to an existing role.
9953
- #
9954
- # resp = client.tag_role({
9955
- # role_name: "taggedrole",
9956
- # tags: [
9957
- # {
9958
- # key: "Dept",
9959
- # value: "Accounting",
9960
- # },
9961
- # {
9962
- # key: "CostCenter",
9963
- # value: "12345",
9964
- # },
9965
- # ],
9966
- # })
9967
- #
9968
11125
  # @example Request syntax with placeholder values
9969
11126
  #
9970
- # resp = client.tag_role({
9971
- # role_name: "roleNameType", # required
11127
+ # resp = client.tag_server_certificate({
11128
+ # server_certificate_name: "serverCertificateNameType", # required
9972
11129
  # tags: [ # required
9973
11130
  # {
9974
11131
  # key: "tagKeyType", # required
@@ -9977,12 +11134,12 @@ module Aws::IAM
9977
11134
  # ],
9978
11135
  # })
9979
11136
  #
9980
- # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole AWS API Documentation
11137
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagServerCertificate AWS API Documentation
9981
11138
  #
9982
- # @overload tag_role(params = {})
11139
+ # @overload tag_server_certificate(params = {})
9983
11140
  # @param [Hash] params ({})
9984
- def tag_role(params = {}, options = {})
9985
- req = build_request(:tag_role, params)
11141
+ def tag_server_certificate(params = {}, options = {})
11142
+ req = build_request(:tag_server_certificate, params)
9986
11143
  req.send_request(options)
9987
11144
  end
9988
11145
 
@@ -9998,20 +11155,21 @@ module Aws::IAM
9998
11155
  # *MyImportantProject*. Or search for all resources with the key name
9999
11156
  # *Cost Center* and the value *41200*.
10000
11157
  #
10001
- # * **Access control** - Reference tags in IAM user-based and
11158
+ # * **Access control** - Include tags in IAM user-based and
10002
11159
  # resource-based policies. You can use tags to restrict access to only
10003
- # an IAM requesting user or to a role that has a specified tag
10004
- # attached. You can also restrict access to only those resources that
10005
- # have a certain tag attached. For examples of policies that show how
10006
- # to use tags to control access, see [Control Access Using IAM
10007
- # Tags][1] in the *IAM User Guide*.
11160
+ # an IAM requesting user that has a specified tag attached. You can
11161
+ # also restrict access to only those resources that have a certain tag
11162
+ # attached. For examples of policies that show how to use tags to
11163
+ # control access, see [Control access using IAM tags][1] in the *IAM
11164
+ # User Guide*.
10008
11165
  #
10009
11166
  # * **Cost allocation** - Use tags to help track which individuals and
10010
11167
  # teams are using which AWS resources.
10011
11168
  #
10012
- # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed
10013
- # the allowed number of tags per role. In either case, the entire
10014
- # request fails and *no* tags are added to the role.
11169
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
11170
+ # maximum number of tags, then the entire request fails and the
11171
+ # resource is not created. For more information about tagging, see
11172
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10015
11173
  #
10016
11174
  # * AWS always interprets the tag `Value` as a single string. If you
10017
11175
  # need to store an array, you can store comma-separated values in the
@@ -10019,7 +11177,7 @@ module Aws::IAM
10019
11177
  #
10020
11178
  # </note>
10021
11179
  #
10022
- # For more information about tagging, see [Tagging IAM Identities][2] in
11180
+ # For more information about tagging, see [Tagging IAM identities][2] in
10023
11181
  # the *IAM User Guide*.
10024
11182
  #
10025
11183
  #
@@ -10028,7 +11186,7 @@ module Aws::IAM
10028
11186
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10029
11187
  #
10030
11188
  # @option params [required, String] :user_name
10031
- # The name of the user that you want to add tags to.
11189
+ # The name of the IAM user to which you want to add tags.
10032
11190
  #
10033
11191
  # This parameter accepts (through its [regex pattern][1]) a string of
10034
11192
  # characters that consist of upper and lowercase alphanumeric characters
@@ -10040,7 +11198,7 @@ module Aws::IAM
10040
11198
  # [1]: http://wikipedia.org/wiki/regex
10041
11199
  #
10042
11200
  # @option params [required, Array<Types::Tag>] :tags
10043
- # The list of tags that you want to attach to the user. Each tag
11201
+ # The list of tags that you want to attach to the IAM user. Each tag
10044
11202
  # consists of a key name and an associated value.
10045
11203
  #
10046
11204
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -10085,8 +11243,184 @@ module Aws::IAM
10085
11243
  req.send_request(options)
10086
11244
  end
10087
11245
 
11246
+ # Removes the specified tags from the IAM instance profile. For more
11247
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
11248
+ # User Guide*.
11249
+ #
11250
+ #
11251
+ #
11252
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11253
+ #
11254
+ # @option params [required, String] :instance_profile_name
11255
+ # The name of the IAM instance profile from which you want to remove
11256
+ # tags.
11257
+ #
11258
+ # This parameter accepts (through its [regex pattern][1]) a string of
11259
+ # characters that consist of upper and lowercase alphanumeric characters
11260
+ # with no spaces. You can also include any of the following characters:
11261
+ # =,.@-
11262
+ #
11263
+ #
11264
+ #
11265
+ # [1]: http://wikipedia.org/wiki/regex
11266
+ #
11267
+ # @option params [required, Array<String>] :tag_keys
11268
+ # A list of key names as a simple array of strings. The tags with
11269
+ # matching keys are removed from the specified instance profile.
11270
+ #
11271
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11272
+ #
11273
+ # @example Request syntax with placeholder values
11274
+ #
11275
+ # resp = client.untag_instance_profile({
11276
+ # instance_profile_name: "instanceProfileNameType", # required
11277
+ # tag_keys: ["tagKeyType"], # required
11278
+ # })
11279
+ #
11280
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagInstanceProfile AWS API Documentation
11281
+ #
11282
+ # @overload untag_instance_profile(params = {})
11283
+ # @param [Hash] params ({})
11284
+ def untag_instance_profile(params = {}, options = {})
11285
+ req = build_request(:untag_instance_profile, params)
11286
+ req.send_request(options)
11287
+ end
11288
+
11289
+ # Removes the specified tags from the IAM virtual multi-factor
11290
+ # authentication (MFA) device. For more information about tagging, see
11291
+ # [Tagging IAM resources][1] in the *IAM User Guide*.
11292
+ #
11293
+ #
11294
+ #
11295
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11296
+ #
11297
+ # @option params [required, String] :serial_number
11298
+ # The unique identifier for the IAM virtual MFA device from which you
11299
+ # want to remove tags. For virtual MFA devices, the serial number is the
11300
+ # same as the ARN.
11301
+ #
11302
+ # This parameter accepts (through its [regex pattern][1]) a string of
11303
+ # characters that consist of upper and lowercase alphanumeric characters
11304
+ # with no spaces. You can also include any of the following characters:
11305
+ # =,.@-
11306
+ #
11307
+ #
11308
+ #
11309
+ # [1]: http://wikipedia.org/wiki/regex
11310
+ #
11311
+ # @option params [required, Array<String>] :tag_keys
11312
+ # A list of key names as a simple array of strings. The tags with
11313
+ # matching keys are removed from the specified instance profile.
11314
+ #
11315
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11316
+ #
11317
+ # @example Request syntax with placeholder values
11318
+ #
11319
+ # resp = client.untag_mfa_device({
11320
+ # serial_number: "serialNumberType", # required
11321
+ # tag_keys: ["tagKeyType"], # required
11322
+ # })
11323
+ #
11324
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagMFADevice AWS API Documentation
11325
+ #
11326
+ # @overload untag_mfa_device(params = {})
11327
+ # @param [Hash] params ({})
11328
+ def untag_mfa_device(params = {}, options = {})
11329
+ req = build_request(:untag_mfa_device, params)
11330
+ req.send_request(options)
11331
+ end
11332
+
11333
+ # Removes the specified tags from the specified OpenID Connect
11334
+ # (OIDC)-compatible identity provider in IAM. For more information about
11335
+ # OIDC providers, see [About web identity federation][1]. For more
11336
+ # information about tagging, see [Tagging IAM resources][2] in the *IAM
11337
+ # User Guide*.
11338
+ #
11339
+ #
11340
+ #
11341
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
11342
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11343
+ #
11344
+ # @option params [required, String] :open_id_connect_provider_arn
11345
+ # The ARN of the OIDC provider in IAM from which you want to remove
11346
+ # tags.
11347
+ #
11348
+ # This parameter accepts (through its [regex pattern][1]) a string of
11349
+ # characters that consist of upper and lowercase alphanumeric characters
11350
+ # with no spaces. You can also include any of the following characters:
11351
+ # =,.@-
11352
+ #
11353
+ #
11354
+ #
11355
+ # [1]: http://wikipedia.org/wiki/regex
11356
+ #
11357
+ # @option params [required, Array<String>] :tag_keys
11358
+ # A list of key names as a simple array of strings. The tags with
11359
+ # matching keys are removed from the specified OIDC provider.
11360
+ #
11361
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11362
+ #
11363
+ # @example Request syntax with placeholder values
11364
+ #
11365
+ # resp = client.untag_open_id_connect_provider({
11366
+ # open_id_connect_provider_arn: "arnType", # required
11367
+ # tag_keys: ["tagKeyType"], # required
11368
+ # })
11369
+ #
11370
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagOpenIDConnectProvider AWS API Documentation
11371
+ #
11372
+ # @overload untag_open_id_connect_provider(params = {})
11373
+ # @param [Hash] params ({})
11374
+ def untag_open_id_connect_provider(params = {}, options = {})
11375
+ req = build_request(:untag_open_id_connect_provider, params)
11376
+ req.send_request(options)
11377
+ end
11378
+
11379
+ # Removes the specified tags from the customer managed policy. For more
11380
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
11381
+ # User Guide*.
11382
+ #
11383
+ #
11384
+ #
11385
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11386
+ #
11387
+ # @option params [required, String] :policy_arn
11388
+ # The ARN of the IAM customer managed policy from which you want to
11389
+ # remove tags.
11390
+ #
11391
+ # This parameter accepts (through its [regex pattern][1]) a string of
11392
+ # characters that consist of upper and lowercase alphanumeric characters
11393
+ # with no spaces. You can also include any of the following characters:
11394
+ # =,.@-
11395
+ #
11396
+ #
11397
+ #
11398
+ # [1]: http://wikipedia.org/wiki/regex
11399
+ #
11400
+ # @option params [required, Array<String>] :tag_keys
11401
+ # A list of key names as a simple array of strings. The tags with
11402
+ # matching keys are removed from the specified policy.
11403
+ #
11404
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11405
+ #
11406
+ # @example Request syntax with placeholder values
11407
+ #
11408
+ # resp = client.untag_policy({
11409
+ # policy_arn: "arnType", # required
11410
+ # tag_keys: ["tagKeyType"], # required
11411
+ # })
11412
+ #
11413
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagPolicy AWS API Documentation
11414
+ #
11415
+ # @overload untag_policy(params = {})
11416
+ # @param [Hash] params ({})
11417
+ def untag_policy(params = {}, options = {})
11418
+ req = build_request(:untag_policy, params)
11419
+ req.send_request(options)
11420
+ end
11421
+
10088
11422
  # Removes the specified tags from the role. For more information about
10089
- # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*.
11423
+ # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
10090
11424
  #
10091
11425
  #
10092
11426
  #
@@ -10138,8 +11472,106 @@ module Aws::IAM
10138
11472
  req.send_request(options)
10139
11473
  end
10140
11474
 
11475
+ # Removes the specified tags from the specified Security Assertion
11476
+ # Markup Language (SAML) identity provider in IAM. For more information
11477
+ # about these providers, see [About web identity federation][1]. For
11478
+ # more information about tagging, see [Tagging IAM resources][2] in the
11479
+ # *IAM User Guide*.
11480
+ #
11481
+ #
11482
+ #
11483
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
11484
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11485
+ #
11486
+ # @option params [required, String] :saml_provider_arn
11487
+ # The ARN of the SAML identity provider in IAM from which you want to
11488
+ # remove tags.
11489
+ #
11490
+ # This parameter accepts (through its [regex pattern][1]) a string of
11491
+ # characters that consist of upper and lowercase alphanumeric characters
11492
+ # with no spaces. You can also include any of the following characters:
11493
+ # =,.@-
11494
+ #
11495
+ #
11496
+ #
11497
+ # [1]: http://wikipedia.org/wiki/regex
11498
+ #
11499
+ # @option params [required, Array<String>] :tag_keys
11500
+ # A list of key names as a simple array of strings. The tags with
11501
+ # matching keys are removed from the specified SAML identity provider.
11502
+ #
11503
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11504
+ #
11505
+ # @example Request syntax with placeholder values
11506
+ #
11507
+ # resp = client.untag_saml_provider({
11508
+ # saml_provider_arn: "arnType", # required
11509
+ # tag_keys: ["tagKeyType"], # required
11510
+ # })
11511
+ #
11512
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagSAMLProvider AWS API Documentation
11513
+ #
11514
+ # @overload untag_saml_provider(params = {})
11515
+ # @param [Hash] params ({})
11516
+ def untag_saml_provider(params = {}, options = {})
11517
+ req = build_request(:untag_saml_provider, params)
11518
+ req.send_request(options)
11519
+ end
11520
+
11521
+ # Removes the specified tags from the IAM server certificate. For more
11522
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
11523
+ # User Guide*.
11524
+ #
11525
+ # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
11526
+ # (ACM), we recommend that you don't use IAM server certificates.
11527
+ # Instead, use ACM to provision, manage, and deploy your server
11528
+ # certificates. For more information about IAM server certificates,
11529
+ # [Working with server certificates][2] in the *IAM User Guide*.
11530
+ #
11531
+ # </note>
11532
+ #
11533
+ #
11534
+ #
11535
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11536
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
11537
+ #
11538
+ # @option params [required, String] :server_certificate_name
11539
+ # The name of the IAM server certificate from which you want to remove
11540
+ # tags.
11541
+ #
11542
+ # This parameter accepts (through its [regex pattern][1]) a string of
11543
+ # characters that consist of upper and lowercase alphanumeric characters
11544
+ # with no spaces. You can also include any of the following characters:
11545
+ # =,.@-
11546
+ #
11547
+ #
11548
+ #
11549
+ # [1]: http://wikipedia.org/wiki/regex
11550
+ #
11551
+ # @option params [required, Array<String>] :tag_keys
11552
+ # A list of key names as a simple array of strings. The tags with
11553
+ # matching keys are removed from the specified IAM server certificate.
11554
+ #
11555
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11556
+ #
11557
+ # @example Request syntax with placeholder values
11558
+ #
11559
+ # resp = client.untag_server_certificate({
11560
+ # server_certificate_name: "serverCertificateNameType", # required
11561
+ # tag_keys: ["tagKeyType"], # required
11562
+ # })
11563
+ #
11564
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagServerCertificate AWS API Documentation
11565
+ #
11566
+ # @overload untag_server_certificate(params = {})
11567
+ # @param [Hash] params ({})
11568
+ def untag_server_certificate(params = {}, options = {})
11569
+ req = build_request(:untag_server_certificate, params)
11570
+ req.send_request(options)
11571
+ end
11572
+
10141
11573
  # Removes the specified tags from the user. For more information about
10142
- # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*.
11574
+ # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
10143
11575
  #
10144
11576
  #
10145
11577
  #
@@ -10201,8 +11633,8 @@ module Aws::IAM
10201
11633
  # Consequently, you can use this operation to manage AWS account root
10202
11634
  # user credentials even if the AWS account has no associated users.
10203
11635
  #
10204
- # For information about rotating keys, see [Managing Keys and
10205
- # Certificates][1] in the *IAM User Guide*.
11636
+ # For information about rotating keys, see [Managing keys and
11637
+ # certificates][1] in the *IAM User Guide*.
10206
11638
  #
10207
11639
  #
10208
11640
  #
@@ -10233,8 +11665,8 @@ module Aws::IAM
10233
11665
  #
10234
11666
  # @option params [required, String] :status
10235
11667
  # The status you want to assign to the secret access key. `Active` means
10236
- # that the key can be used for API calls to AWS, while `Inactive` means
10237
- # that the key cannot be used.
11668
+ # that the key can be used for programmatic calls to AWS, while
11669
+ # `Inactive` means that the key cannot be used.
10238
11670
  #
10239
11671
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10240
11672
  #
@@ -10282,7 +11714,7 @@ module Aws::IAM
10282
11714
  # </note>
10283
11715
  #
10284
11716
  # For more information about using a password policy, see [Managing an
10285
- # IAM Password Policy][1] in the *IAM User Guide*.
11717
+ # IAM password policy][1] in the *IAM User Guide*.
10286
11718
  #
10287
11719
  #
10288
11720
  #
@@ -10331,7 +11763,7 @@ module Aws::IAM
10331
11763
  # @option params [Boolean] :allow_users_to_change_password
10332
11764
  # Allows all IAM users in your account to use the AWS Management Console
10333
11765
  # to change their own passwords. For more information, see [Letting IAM
10334
- # Users Change Their Own Passwords][1] in the *IAM User Guide*.
11766
+ # users change their own passwords][1] in the *IAM User Guide*.
10335
11767
  #
10336
11768
  # If you do not specify a value for this parameter, then the operation
10337
11769
  # uses the default value of `false`. The result is that IAM users in the
@@ -10405,8 +11837,8 @@ module Aws::IAM
10405
11837
 
10406
11838
  # Updates the policy that grants an IAM entity permission to assume a
10407
11839
  # role. This is typically referred to as the "role trust policy". For
10408
- # more information about roles, go to [Using Roles to Delegate
10409
- # Permissions and Federate Identities][1].
11840
+ # more information about roles, see [Using roles to delegate permissions
11841
+ # and federate identities][1].
10410
11842
  #
10411
11843
  #
10412
11844
  #
@@ -10479,7 +11911,7 @@ module Aws::IAM
10479
11911
  # Updates the name and/or the path of the specified IAM group.
10480
11912
  #
10481
11913
  # You should understand the implications of changing a group's path or
10482
- # name. For more information, see [Renaming Users and Groups][1] in the
11914
+ # name. For more information, see [Renaming users and groups][1] in the
10483
11915
  # *IAM User Guide*.
10484
11916
  #
10485
11917
  # <note markdown="1"> The person making the request (the principal), must have permission to
@@ -10488,7 +11920,7 @@ module Aws::IAM
10488
11920
  # have a policy that allows them to update both groups. If the principal
10489
11921
  # has permission to update the `Managers` group, but not the `MGRs`
10490
11922
  # group, then the update fails. For more information about permissions,
10491
- # see [Access Management][2].
11923
+ # see [Access management][2].
10492
11924
  #
10493
11925
  # </note>
10494
11926
  #
@@ -10562,11 +11994,14 @@ module Aws::IAM
10562
11994
  req.send_request(options)
10563
11995
  end
10564
11996
 
10565
- # Changes the password for the specified IAM user.
11997
+ # Changes the password for the specified IAM user. You can use the AWS
11998
+ # CLI, the AWS API, or the **Users** page in the IAM console to change
11999
+ # the password for any IAM user. Use ChangePassword to change your own
12000
+ # password in the **My Security Credentials** page in the AWS Management
12001
+ # Console.
10566
12002
  #
10567
- # IAM users can change their own passwords by calling ChangePassword.
10568
12003
  # For more information about modifying passwords, see [Managing
10569
- # Passwords][1] in the *IAM User Guide*.
12004
+ # passwords][1] in the *IAM User Guide*.
10570
12005
  #
10571
12006
  #
10572
12007
  #
@@ -10666,8 +12101,8 @@ module Aws::IAM
10666
12101
  # of OIDC provider ARNs by using the ListOpenIDConnectProviders
10667
12102
  # operation.
10668
12103
  #
10669
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
10670
- # AWS Service Namespaces][1] in the *AWS General Reference*.
12104
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
12105
+ # in the *AWS General Reference*.
10671
12106
  #
10672
12107
  #
10673
12108
  #
@@ -10719,7 +12154,7 @@ module Aws::IAM
10719
12154
  # for one hour by default. This applies when you use the `AssumeRole*`
10720
12155
  # API operations or the `assume-role*` CLI operations but does not apply
10721
12156
  # when you use those operations to create a console URL. For more
10722
- # information, see [Using IAM Roles][1] in the *IAM User Guide*.
12157
+ # information, see [Using IAM roles][1] in the *IAM User Guide*.
10723
12158
  #
10724
12159
  #
10725
12160
  #
@@ -10816,8 +12251,8 @@ module Aws::IAM
10816
12251
  # @option params [required, String] :saml_provider_arn
10817
12252
  # The Amazon Resource Name (ARN) of the SAML provider to update.
10818
12253
  #
10819
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
10820
- # AWS Service Namespaces][1] in the *AWS General Reference*.
12254
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
12255
+ # in the *AWS General Reference*.
10821
12256
  #
10822
12257
  #
10823
12258
  #
@@ -10856,7 +12291,7 @@ module Aws::IAM
10856
12291
  # authenticating the associated IAM user to an AWS CodeCommit
10857
12292
  # repository. For more information about using SSH keys to authenticate
10858
12293
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
10859
- # Connections][1] in the *AWS CodeCommit User Guide*.
12294
+ # connections][1] in the *AWS CodeCommit User Guide*.
10860
12295
  #
10861
12296
  #
10862
12297
  #
@@ -10913,13 +12348,13 @@ module Aws::IAM
10913
12348
  # stored in IAM.
10914
12349
  #
10915
12350
  # For more information about working with server certificates, see
10916
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
12351
+ # [Working with server certificates][1] in the *IAM User Guide*. This
10917
12352
  # topic also includes a list of AWS services that can use the server
10918
12353
  # certificates that you manage with IAM.
10919
12354
  #
10920
12355
  # You should understand the implications of changing a server
10921
12356
  # certificate's path or name. For more information, see [Renaming a
10922
- # Server Certificate][2] in the *IAM User Guide*.
12357
+ # server certificate][2] in the *IAM User Guide*.
10923
12358
  #
10924
12359
  # <note markdown="1"> The person making the request (the principal), must have permission to
10925
12360
  # change the server certificate with the old name and the new name. For
@@ -10928,7 +12363,7 @@ module Aws::IAM
10928
12363
  # update both certificates. If the principal has permission to update
10929
12364
  # the `ProductionCert` group, but not the `ProdCert` certificate, then
10930
12365
  # the update fails. For more information about permissions, see [Access
10931
- # Management][3] in the *IAM User Guide*.
12366
+ # management][3] in the *IAM User Guide*.
10932
12367
  #
10933
12368
  # </note>
10934
12369
  #
@@ -11087,8 +12522,8 @@ module Aws::IAM
11087
12522
  #
11088
12523
  # @option params [required, String] :status
11089
12524
  # The status you want to assign to the certificate. `Active` means that
11090
- # the certificate can be used for API calls to AWS `Inactive` means that
11091
- # the certificate cannot be used.
12525
+ # the certificate can be used for programmatic calls to AWS `Inactive`
12526
+ # means that the certificate cannot be used.
11092
12527
  #
11093
12528
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11094
12529
  #
@@ -11123,14 +12558,14 @@ module Aws::IAM
11123
12558
  # Updates the name and/or the path of the specified IAM user.
11124
12559
  #
11125
12560
  # You should understand the implications of changing an IAM user's path
11126
- # or name. For more information, see [Renaming an IAM User][1] and
11127
- # [Renaming an IAM Group][2] in the *IAM User Guide*.
12561
+ # or name. For more information, see [Renaming an IAM user][1] and
12562
+ # [Renaming an IAM group][2] in the *IAM User Guide*.
11128
12563
  #
11129
12564
  # <note markdown="1"> To change a user name, the requester must have appropriate permissions
11130
12565
  # on both the source object and the target object. For example, to
11131
12566
  # change Bob to Robert, the entity making the request must have
11132
12567
  # permission on Bob and Robert, or must have permission on all (*). For
11133
- # more information about permissions, see [Permissions and Policies][3].
12568
+ # more information about permissions, see [Permissions and policies][3].
11134
12569
  #
11135
12570
  # </note>
11136
12571
  #
@@ -11212,7 +12647,7 @@ module Aws::IAM
11212
12647
  # authenticating the associated IAM user to an AWS CodeCommit
11213
12648
  # repository. For more information about using SSH keys to authenticate
11214
12649
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
11215
- # Connections][1] in the *AWS CodeCommit User Guide*.
12650
+ # connections][1] in the *AWS CodeCommit User Guide*.
11216
12651
  #
11217
12652
  #
11218
12653
  #
@@ -11293,21 +12728,20 @@ module Aws::IAM
11293
12728
  # User Guide][2].
11294
12729
  #
11295
12730
  # For more information about working with server certificates, see
11296
- # [Working with Server Certificates][3] in the *IAM User Guide*. This
12731
+ # [Working with server certificates][3] in the *IAM User Guide*. This
11297
12732
  # topic includes a list of AWS services that can use the server
11298
12733
  # certificates that you manage with IAM.
11299
12734
  #
11300
12735
  # For information about the number of server certificates you can
11301
- # upload, see [Limitations on IAM Entities and Objects][4] in the *IAM
11302
- # User Guide*.
12736
+ # upload, see [IAM and STS quotas][4] in the *IAM User Guide*.
11303
12737
  #
11304
12738
  # <note markdown="1"> Because the body of the public key certificate, private key, and the
11305
12739
  # certificate chain can be large, you should use POST rather than GET
11306
12740
  # when calling `UploadServerCertificate`. For information about setting
11307
- # up signatures and authorization through the API, go to [Signing AWS
11308
- # API Requests][5] in the *AWS General Reference*. For general
11309
- # information about using the Query API with IAM, go to [Calling the API
11310
- # by Making HTTP Query Requests][6] in the *IAM User Guide*.
12741
+ # up signatures and authorization through the API, see [Signing AWS API
12742
+ # requests][5] in the *AWS General Reference*. For general information
12743
+ # about using the Query API with IAM, see [Calling the API by making
12744
+ # HTTP query requests][6] in the *IAM User Guide*.
11311
12745
  #
11312
12746
  # </note>
11313
12747
  #
@@ -11316,13 +12750,13 @@ module Aws::IAM
11316
12750
  # [1]: https://docs.aws.amazon.com/acm/
11317
12751
  # [2]: https://docs.aws.amazon.com/acm/latest/userguide/
11318
12752
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
11319
- # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html
12753
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
11320
12754
  # [5]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
11321
12755
  # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html
11322
12756
  #
11323
12757
  # @option params [String] :path
11324
12758
  # The path for the server certificate. For more information about paths,
11325
- # see [IAM Identifiers][1] in the *IAM User Guide*.
12759
+ # see [IAM identifiers][1] in the *IAM User Guide*.
11326
12760
  #
11327
12761
  # This parameter is optional. If it is not included, it defaults to a
11328
12762
  # slash (/). This parameter allows (through its [regex pattern][2]) a
@@ -11415,9 +12849,26 @@ module Aws::IAM
11415
12849
  #
11416
12850
  # [1]: http://wikipedia.org/wiki/regex
11417
12851
  #
12852
+ # @option params [Array<Types::Tag>] :tags
12853
+ # A list of tags that you want to attach to the new IAM server
12854
+ # certificate resource. Each tag consists of a key name and an
12855
+ # associated value. For more information about tagging, see [Tagging IAM
12856
+ # resources][1] in the *IAM User Guide*.
12857
+ #
12858
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
12859
+ # number of tags, then the entire request fails and the resource is not
12860
+ # created.
12861
+ #
12862
+ # </note>
12863
+ #
12864
+ #
12865
+ #
12866
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
12867
+ #
11418
12868
  # @return [Types::UploadServerCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
11419
12869
  #
11420
12870
  # * {Types::UploadServerCertificateResponse#server_certificate_metadata #server_certificate_metadata} => Types::ServerCertificateMetadata
12871
+ # * {Types::UploadServerCertificateResponse#tags #tags} => Array&lt;Types::Tag&gt;
11421
12872
  #
11422
12873
  #
11423
12874
  # @example Example: To upload a server certificate to your AWS account
@@ -11451,6 +12902,12 @@ module Aws::IAM
11451
12902
  # certificate_body: "certificateBodyType", # required
11452
12903
  # private_key: "privateKeyType", # required
11453
12904
  # certificate_chain: "certificateChainType",
12905
+ # tags: [
12906
+ # {
12907
+ # key: "tagKeyType", # required
12908
+ # value: "tagValueType", # required
12909
+ # },
12910
+ # ],
11454
12911
  # })
11455
12912
  #
11456
12913
  # @example Response structure
@@ -11461,6 +12918,9 @@ module Aws::IAM
11461
12918
  # resp.server_certificate_metadata.arn #=> String
11462
12919
  # resp.server_certificate_metadata.upload_date #=> Time
11463
12920
  # resp.server_certificate_metadata.expiration #=> Time
12921
+ # resp.tags #=> Array
12922
+ # resp.tags[0].key #=> String
12923
+ # resp.tags[0].value #=> String
11464
12924
  #
11465
12925
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificate AWS API Documentation
11466
12926
  #
@@ -11472,10 +12932,13 @@ module Aws::IAM
11472
12932
  end
11473
12933
 
11474
12934
  # Uploads an X.509 signing certificate and associates it with the
11475
- # specified IAM user. Some AWS services use X.509 signing certificates
12935
+ # specified IAM user. Some AWS services require you to use certificates
11476
12936
  # to validate requests that are signed with a corresponding private key.
11477
12937
  # When you upload the certificate, its default status is `Active`.
11478
12938
  #
12939
+ # For information about when you would use an X.509 signing certificate,
12940
+ # see [Managing server certificates in IAM][1] in the *IAM User Guide*.
12941
+ #
11479
12942
  # If the `UserName` is not specified, the IAM user name is determined
11480
12943
  # implicitly based on the AWS access key ID used to sign the request.
11481
12944
  # This operation works for access keys under the AWS account.
@@ -11485,16 +12948,17 @@ module Aws::IAM
11485
12948
  # <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
11486
12949
  # POST rather than GET when calling `UploadSigningCertificate`. For
11487
12950
  # information about setting up signatures and authorization through the
11488
- # API, go to [Signing AWS API Requests][1] in the *AWS General
11489
- # Reference*. For general information about using the Query API with
11490
- # IAM, go to [Making Query Requests][2] in the *IAM User Guide*.
12951
+ # API, see [Signing AWS API requests][2] in the *AWS General Reference*.
12952
+ # For general information about using the Query API with IAM, see
12953
+ # [Making query requests][3] in the *IAM User Guide*.
11491
12954
  #
11492
12955
  # </note>
11493
12956
  #
11494
12957
  #
11495
12958
  #
11496
- # [1]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
11497
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
12959
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
12960
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
12961
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
11498
12962
  #
11499
12963
  # @option params [String] :user_name
11500
12964
  # The name of the user the signing certificate is for.
@@ -11589,7 +13053,7 @@ module Aws::IAM
11589
13053
  params: params,
11590
13054
  config: config)
11591
13055
  context[:gem_name] = 'aws-sdk-iam'
11592
- context[:gem_version] = '1.45.0'
13056
+ context[:gem_version] = '1.50.0'
11593
13057
  Seahorse::Client::Request.new(handlers, context)
11594
13058
  end
11595
13059