aws-sdk-iam 1.47.0 → 1.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 1.52.0
data/lib/aws-sdk-iam.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -70,6 +70,6 @@ require_relative 'aws-sdk-iam/customizations'
70
70
  # @!group service
71
71
  module Aws::IAM
72
72
 
73
- GEM_VERSION = '1.47.0'
73
+ GEM_VERSION = '1.52.0'
74
74
 
75
75
  end
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -30,27 +30,31 @@ module Aws::IAM
30
30
  data[:minimum_password_length]
31
31
  end
32
32
 
33
- # Specifies whether to require symbols for IAM user passwords.
33
+ # Specifies whether IAM user passwords must contain at least one of the
34
+ # following symbols:
35
+ #
36
+ # ! @ # $ % ^ & * ( ) \_ + - = \[ \] \\\{ \\} \| '
34
37
  # @return [Boolean]
35
38
  def require_symbols
36
39
  data[:require_symbols]
37
40
  end
38
41
 
39
- # Specifies whether to require numbers for IAM user passwords.
42
+ # Specifies whether IAM user passwords must contain at least one numeric
43
+ # character (0 to 9).
40
44
  # @return [Boolean]
41
45
  def require_numbers
42
46
  data[:require_numbers]
43
47
  end
44
48
 
45
- # Specifies whether to require uppercase characters for IAM user
46
- # passwords.
49
+ # Specifies whether IAM user passwords must contain at least one
50
+ # uppercase character (A to Z).
47
51
  # @return [Boolean]
48
52
  def require_uppercase_characters
49
53
  data[:require_uppercase_characters]
50
54
  end
51
55
 
52
- # Specifies whether to require lowercase characters for IAM user
53
- # passwords.
56
+ # Specifies whether IAM user passwords must contain at least one
57
+ # lowercase character (a to z).
54
58
  # @return [Boolean]
55
59
  def require_lowercase_characters
56
60
  data[:require_lowercase_characters]
@@ -286,7 +290,7 @@ module Aws::IAM
286
290
  # @option options [Boolean] :allow_users_to_change_password
287
291
  # Allows all IAM users in your account to use the AWS Management Console
288
292
  # to change their own passwords. For more information, see [Letting IAM
289
- # Users Change Their Own Passwords][1] in the *IAM User Guide*.
293
+ # users change their own passwords][1] in the *IAM User Guide*.
290
294
  #
291
295
  # If you do not specify a value for this parameter, then the operation
292
296
  # uses the default value of `false`. The result is that IAM users in the
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -373,33 +373,30 @@ module Aws::IAM
373
373
  end
374
374
 
375
375
  # Adds the specified IAM role to the specified instance profile. An
376
- # instance profile can contain only one role. (The number and size of
377
- # IAM resources in an AWS account are limited. For more information, see
378
- # [IAM and STS Quotas][1] in the *IAM User Guide*.) You can remove the
379
- # existing role and then add a different role to an instance profile.
380
- # You must then wait for the change to appear across all of AWS because
381
- # of [eventual consistency][2]. To force the change, you must
382
- # [disassociate the instance profile][3] and then [associate the
383
- # instance profile][4], or you can stop your instance and then restart
384
- # it.
385
- #
386
- # <note markdown="1"> The caller of this API must be granted the `PassRole` permission on
387
- # the IAM role by a permissions policy.
376
+ # instance profile can contain only one role, and this quota cannot be
377
+ # increased. You can remove the existing role and then add a different
378
+ # role to an instance profile. You must then wait for the change to
379
+ # appear across all of AWS because of [eventual consistency][1]. To
380
+ # force the change, you must [disassociate the instance profile][2] and
381
+ # then [associate the instance profile][3], or you can stop your
382
+ # instance and then restart it.
383
+ #
384
+ # <note markdown="1"> The caller of this operation must be granted the `PassRole` permission
385
+ # on the IAM role by a permissions policy.
388
386
  #
389
387
  # </note>
390
388
  #
391
- # For more information about roles, go to [Working with Roles][5]. For
392
- # more information about instance profiles, go to [About Instance
393
- # Profiles][6].
389
+ # For more information about roles, see [Working with roles][4]. For
390
+ # more information about instance profiles, see [About instance
391
+ # profiles][5].
394
392
  #
395
393
  #
396
394
  #
397
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
398
- # [2]: https://en.wikipedia.org/wiki/Eventual_consistency
399
- # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
400
- # [4]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
401
- # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
402
- # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
395
+ # [1]: https://en.wikipedia.org/wiki/Eventual_consistency
396
+ # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
397
+ # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
398
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
399
+ # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
403
400
  #
404
401
  # @option params [required, String] :instance_profile_name
405
402
  # The name of the instance profile to update.
@@ -509,15 +506,19 @@ module Aws::IAM
509
506
 
510
507
  # Attaches the specified managed policy to the specified IAM group.
511
508
  #
512
- # You use this API to attach a managed policy to a group. To embed an
513
- # inline policy in a group, use PutGroupPolicy.
509
+ # You use this operation to attach a managed policy to a group. To embed
510
+ # an inline policy in a group, use PutGroupPolicy.
514
511
  #
515
- # For more information about policies, see [Managed Policies and Inline
516
- # Policies][1] in the *IAM User Guide*.
512
+ # As a best practice, you can validate your IAM policies. To learn more,
513
+ # see [Validating IAM policies][1] in the *IAM User Guide*.
517
514
  #
515
+ # For more information about policies, see [Managed policies and inline
516
+ # policies][2] in the *IAM User Guide*.
518
517
  #
519
518
  #
520
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
519
+ #
520
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
521
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
521
522
  #
522
523
  # @option params [required, String] :group_name
523
524
  # The name (friendly name, not ARN) of the group to attach the policy
@@ -535,8 +536,8 @@ module Aws::IAM
535
536
  # @option params [required, String] :policy_arn
536
537
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
537
538
  #
538
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
539
- # AWS Service Namespaces][1] in the *AWS General Reference*.
539
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
540
+ # in the *AWS General Reference*.
540
541
  #
541
542
  #
542
543
  #
@@ -581,14 +582,18 @@ module Aws::IAM
581
582
  #
582
583
  # </note>
583
584
  #
584
- # Use this API to attach a *managed* policy to a role. To embed an
585
+ # Use this operation to attach a *managed* policy to a role. To embed an
585
586
  # inline policy in a role, use PutRolePolicy. For more information about
586
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
587
+ # policies, see [Managed policies and inline policies][1] in the *IAM
587
588
  # User Guide*.
588
589
  #
590
+ # As a best practice, you can validate your IAM policies. To learn more,
591
+ # see [Validating IAM policies][2] in the *IAM User Guide*.
592
+ #
589
593
  #
590
594
  #
591
595
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
596
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
592
597
  #
593
598
  # @option params [required, String] :role_name
594
599
  # The name (friendly name, not ARN) of the role to attach the policy to.
@@ -605,8 +610,8 @@ module Aws::IAM
605
610
  # @option params [required, String] :policy_arn
606
611
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
607
612
  #
608
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
609
- # AWS Service Namespaces][1] in the *AWS General Reference*.
613
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
614
+ # in the *AWS General Reference*.
610
615
  #
611
616
  #
612
617
  #
@@ -642,15 +647,19 @@ module Aws::IAM
642
647
 
643
648
  # Attaches the specified managed policy to the specified user.
644
649
  #
645
- # You use this API to attach a *managed* policy to a user. To embed an
646
- # inline policy in a user, use PutUserPolicy.
650
+ # You use this operation to attach a *managed* policy to a user. To
651
+ # embed an inline policy in a user, use PutUserPolicy.
647
652
  #
648
- # For more information about policies, see [Managed Policies and Inline
649
- # Policies][1] in the *IAM User Guide*.
653
+ # As a best practice, you can validate your IAM policies. To learn more,
654
+ # see [Validating IAM policies][1] in the *IAM User Guide*.
650
655
  #
656
+ # For more information about policies, see [Managed policies and inline
657
+ # policies][2] in the *IAM User Guide*.
651
658
  #
652
659
  #
653
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
660
+ #
661
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
662
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
654
663
  #
655
664
  # @option params [required, String] :user_name
656
665
  # The name (friendly name, not ARN) of the IAM user to attach the policy
@@ -668,8 +677,8 @@ module Aws::IAM
668
677
  # @option params [required, String] :policy_arn
669
678
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
670
679
  #
671
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
672
- # AWS Service Namespaces][1] in the *AWS General Reference*.
680
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
681
+ # in the *AWS General Reference*.
673
682
  #
674
683
  #
675
684
  #
@@ -704,11 +713,14 @@ module Aws::IAM
704
713
  end
705
714
 
706
715
  # Changes the password of the IAM user who is calling this operation.
707
- # The AWS account root user password is not affected by this operation.
716
+ # This operation can be performed using the AWS CLI, the AWS API, or the
717
+ # **My Security Credentials** page in the AWS Management Console. The
718
+ # AWS account root user password is not affected by this operation.
708
719
  #
709
- # To change the password for a different user, see UpdateLoginProfile.
710
- # For more information about modifying passwords, see [Managing
711
- # Passwords][1] in the *IAM User Guide*.
720
+ # Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the
721
+ # **Users** page in the IAM console to change the password for any IAM
722
+ # user. For more information about modifying passwords, see [Managing
723
+ # passwords][1] in the *IAM User Guide*.
712
724
  #
713
725
  #
714
726
  #
@@ -773,9 +785,8 @@ module Aws::IAM
773
785
  # credentials. This is true even if the AWS account has no associated
774
786
  # users.
775
787
  #
776
- # The number and size of IAM resources in an AWS account are limited.
777
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
778
- # Guide*.
788
+ # For information about quotas on the number of keys you can create, see
789
+ # [IAM and STS quotas][1] in the *IAM User Guide*.
779
790
  #
780
791
  # To ensure the security of your AWS account, the secret access key is
781
792
  # accessible only during key and user creation. You must save the key
@@ -847,7 +858,7 @@ module Aws::IAM
847
858
  end
848
859
 
849
860
  # Creates an alias for your AWS account. For information about using an
850
- # AWS account alias, see [Using an Alias for Your AWS Account ID][1] in
861
+ # AWS account alias, see [Using an alias for your AWS account ID][1] in
851
862
  # the *IAM User Guide*.
852
863
  #
853
864
  #
@@ -894,9 +905,8 @@ module Aws::IAM
894
905
 
895
906
  # Creates a new group.
896
907
  #
897
- # The number and size of IAM resources in an AWS account are limited.
898
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
899
- # Guide*.
908
+ # For information about the number of groups you can create, see [IAM
909
+ # and STS quotas][1] in the *IAM User Guide*.
900
910
  #
901
911
  #
902
912
  #
@@ -904,7 +914,7 @@ module Aws::IAM
904
914
  #
905
915
  # @option params [String] :path
906
916
  # The path to the group. For more information about paths, see [IAM
907
- # Identifiers][1] in the *IAM User Guide*.
917
+ # identifiers][1] in the *IAM User Guide*.
908
918
  #
909
919
  # This parameter is optional. If it is not included, it defaults to a
910
920
  # slash (/).
@@ -978,16 +988,18 @@ module Aws::IAM
978
988
  end
979
989
 
980
990
  # Creates a new instance profile. For information about instance
981
- # profiles, go to [About Instance Profiles][1].
982
- #
983
- # The number and size of IAM resources in an AWS account are limited.
984
- # For more information, see [IAM and STS Quotas][2] in the *IAM User
991
+ # profiles, see [Using roles for applications on Amazon EC2][1] in the
992
+ # *IAM User Guide*, and [Instance profiles][2] in the *Amazon EC2 User
985
993
  # Guide*.
986
994
  #
995
+ # For information about the number of instance profiles you can create,
996
+ # see [IAM object quotas][3] in the *IAM User Guide*.
987
997
  #
988
998
  #
989
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
990
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
999
+ #
1000
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
1001
+ # [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile
1002
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
991
1003
  #
992
1004
  # @option params [required, String] :instance_profile_name
993
1005
  # The name of the instance profile to create.
@@ -1020,6 +1032,22 @@ module Aws::IAM
1020
1032
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
1021
1033
  # [2]: http://wikipedia.org/wiki/regex
1022
1034
  #
1035
+ # @option params [Array<Types::Tag>] :tags
1036
+ # A list of tags that you want to attach to the newly created IAM
1037
+ # instance profile. Each tag consists of a key name and an associated
1038
+ # value. For more information about tagging, see [Tagging IAM
1039
+ # resources][1] in the *IAM User Guide*.
1040
+ #
1041
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1042
+ # number of tags, then the entire request fails and the resource is not
1043
+ # created.
1044
+ #
1045
+ # </note>
1046
+ #
1047
+ #
1048
+ #
1049
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1050
+ #
1023
1051
  # @return [Types::CreateInstanceProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1024
1052
  #
1025
1053
  # * {Types::CreateInstanceProfileResponse#instance_profile #instance_profile} => Types::InstanceProfile
@@ -1052,6 +1080,12 @@ module Aws::IAM
1052
1080
  # resp = client.create_instance_profile({
1053
1081
  # instance_profile_name: "instanceProfileNameType", # required
1054
1082
  # path: "pathType",
1083
+ # tags: [
1084
+ # {
1085
+ # key: "tagKeyType", # required
1086
+ # value: "tagValueType", # required
1087
+ # },
1088
+ # ],
1055
1089
  # })
1056
1090
  #
1057
1091
  # @example Response structure
@@ -1077,6 +1111,9 @@ module Aws::IAM
1077
1111
  # resp.instance_profile.roles[0].tags[0].value #=> String
1078
1112
  # resp.instance_profile.roles[0].role_last_used.last_used_date #=> Time
1079
1113
  # resp.instance_profile.roles[0].role_last_used.region #=> String
1114
+ # resp.instance_profile.tags #=> Array
1115
+ # resp.instance_profile.tags[0].key #=> String
1116
+ # resp.instance_profile.tags[0].value #=> String
1080
1117
  #
1081
1118
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation
1082
1119
  #
@@ -1087,10 +1124,16 @@ module Aws::IAM
1087
1124
  req.send_request(options)
1088
1125
  end
1089
1126
 
1090
- # Creates a password for the specified user, giving the user the ability
1091
- # to access AWS services through the AWS Management Console. For more
1092
- # information about managing passwords, see [Managing Passwords][1] in
1093
- # the *IAM User Guide*.
1127
+ # Creates a password for the specified IAM user. A password allows an
1128
+ # IAM user to access AWS services through the AWS Management Console.
1129
+ #
1130
+ # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
1131
+ # console to create a password for any IAM user. Use ChangePassword to
1132
+ # update your own existing password in the **My Security Credentials**
1133
+ # page in the AWS Management Console.
1134
+ #
1135
+ # For more information about managing passwords, see [Managing
1136
+ # passwords][1] in the *IAM User Guide*.
1094
1137
  #
1095
1138
  #
1096
1139
  #
@@ -1253,16 +1296,33 @@ module Aws::IAM
1253
1296
  # certificate used by https://keys.server.example.com.
1254
1297
  #
1255
1298
  # For more information about obtaining the OIDC provider's thumbprint,
1256
- # see [Obtaining the Thumbprint for an OpenID Connect Provider][1] in
1299
+ # see [Obtaining the thumbprint for an OpenID Connect provider][1] in
1257
1300
  # the *IAM User Guide*.
1258
1301
  #
1259
1302
  #
1260
1303
  #
1261
1304
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html
1262
1305
  #
1306
+ # @option params [Array<Types::Tag>] :tags
1307
+ # A list of tags that you want to attach to the new IAM OpenID Connect
1308
+ # (OIDC) provider. Each tag consists of a key name and an associated
1309
+ # value. For more information about tagging, see [Tagging IAM
1310
+ # resources][1] in the *IAM User Guide*.
1311
+ #
1312
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1313
+ # number of tags, then the entire request fails and the resource is not
1314
+ # created.
1315
+ #
1316
+ # </note>
1317
+ #
1318
+ #
1319
+ #
1320
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1321
+ #
1263
1322
  # @return [Types::CreateOpenIDConnectProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1264
1323
  #
1265
1324
  # * {Types::CreateOpenIDConnectProviderResponse#open_id_connect_provider_arn #open_id_connect_provider_arn} => String
1325
+ # * {Types::CreateOpenIDConnectProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
1266
1326
  #
1267
1327
  #
1268
1328
  # @example Example: To create an instance profile
@@ -1291,11 +1351,20 @@ module Aws::IAM
1291
1351
  # url: "OpenIDConnectProviderUrlType", # required
1292
1352
  # client_id_list: ["clientIDType"],
1293
1353
  # thumbprint_list: ["thumbprintType"], # required
1354
+ # tags: [
1355
+ # {
1356
+ # key: "tagKeyType", # required
1357
+ # value: "tagValueType", # required
1358
+ # },
1359
+ # ],
1294
1360
  # })
1295
1361
  #
1296
1362
  # @example Response structure
1297
1363
  #
1298
1364
  # resp.open_id_connect_provider_arn #=> String
1365
+ # resp.tags #=> Array
1366
+ # resp.tags[0].key #=> String
1367
+ # resp.tags[0].value #=> String
1299
1368
  #
1300
1369
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProvider AWS API Documentation
1301
1370
  #
@@ -1310,16 +1379,20 @@ module Aws::IAM
1310
1379
  #
1311
1380
  # This operation creates a policy version with a version identifier of
1312
1381
  # `v1` and sets v1 as the policy's default version. For more
1313
- # information about policy versions, see [Versioning for Managed
1314
- # Policies][1] in the *IAM User Guide*.
1382
+ # information about policy versions, see [Versioning for managed
1383
+ # policies][1] in the *IAM User Guide*.
1384
+ #
1385
+ # As a best practice, you can validate your IAM policies. To learn more,
1386
+ # see [Validating IAM policies][2] in the *IAM User Guide*.
1315
1387
  #
1316
1388
  # For more information about managed policies in general, see [Managed
1317
- # Policies and Inline Policies][2] in the *IAM User Guide*.
1389
+ # policies and inline policies][3] in the *IAM User Guide*.
1318
1390
  #
1319
1391
  #
1320
1392
  #
1321
1393
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
1322
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
1394
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
1395
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
1323
1396
  #
1324
1397
  # @option params [required, String] :policy_name
1325
1398
  # The friendly name of the policy.
@@ -1331,7 +1404,7 @@ module Aws::IAM
1331
1404
  # @option params [String] :path
1332
1405
  # The path for the policy.
1333
1406
  #
1334
- # For more information about paths, see [IAM Identifiers][1] in the *IAM
1407
+ # For more information about paths, see [IAM identifiers][1] in the *IAM
1335
1408
  # User Guide*.
1336
1409
  #
1337
1410
  # This parameter is optional. If it is not included, it defaults to a
@@ -1384,6 +1457,22 @@ module Aws::IAM
1384
1457
  # The policy description is immutable. After a value is assigned, it
1385
1458
  # cannot be changed.
1386
1459
  #
1460
+ # @option params [Array<Types::Tag>] :tags
1461
+ # A list of tags that you want to attach to the new IAM customer managed
1462
+ # policy. Each tag consists of a key name and an associated value. For
1463
+ # more information about tagging, see [Tagging IAM resources][1] in the
1464
+ # *IAM User Guide*.
1465
+ #
1466
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1467
+ # number of tags, then the entire request fails and the resource is not
1468
+ # created.
1469
+ #
1470
+ # </note>
1471
+ #
1472
+ #
1473
+ #
1474
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1475
+ #
1387
1476
  # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1388
1477
  #
1389
1478
  # * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
@@ -1395,6 +1484,12 @@ module Aws::IAM
1395
1484
  # path: "policyPathType",
1396
1485
  # policy_document: "policyDocumentType", # required
1397
1486
  # description: "policyDescriptionType",
1487
+ # tags: [
1488
+ # {
1489
+ # key: "tagKeyType", # required
1490
+ # value: "tagValueType", # required
1491
+ # },
1492
+ # ],
1398
1493
  # })
1399
1494
  #
1400
1495
  # @example Response structure
@@ -1410,6 +1505,9 @@ module Aws::IAM
1410
1505
  # resp.policy.description #=> String
1411
1506
  # resp.policy.create_date #=> Time
1412
1507
  # resp.policy.update_date #=> Time
1508
+ # resp.policy.tags #=> Array
1509
+ # resp.policy.tags[0].key #=> String
1510
+ # resp.policy.tags[0].value #=> String
1413
1511
  #
1414
1512
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicy AWS API Documentation
1415
1513
  #
@@ -1431,7 +1529,7 @@ module Aws::IAM
1431
1529
  # IAM users, groups, and roles to which the policy is attached.
1432
1530
  #
1433
1531
  # For more information about managed policy versions, see [Versioning
1434
- # for Managed Policies][1] in the *IAM User Guide*.
1532
+ # for managed policies][1] in the *IAM User Guide*.
1435
1533
  #
1436
1534
  #
1437
1535
  #
@@ -1441,8 +1539,8 @@ module Aws::IAM
1441
1539
  # The Amazon Resource Name (ARN) of the IAM policy to which you want to
1442
1540
  # add a new version.
1443
1541
  #
1444
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
1445
- # AWS Service Namespaces][1] in the *AWS General Reference*.
1542
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
1543
+ # in the *AWS General Reference*.
1446
1544
  #
1447
1545
  #
1448
1546
  #
@@ -1482,7 +1580,7 @@ module Aws::IAM
1482
1580
  # for the IAM users, groups, and roles that the policy is attached to.
1483
1581
  #
1484
1582
  # For more information about managed policy versions, see [Versioning
1485
- # for Managed Policies][1] in the *IAM User Guide*.
1583
+ # for managed policies][1] in the *IAM User Guide*.
1486
1584
  #
1487
1585
  #
1488
1586
  #
@@ -1517,9 +1615,9 @@ module Aws::IAM
1517
1615
  end
1518
1616
 
1519
1617
  # Creates a new role for your AWS account. For more information about
1520
- # roles, go to [IAM Roles][1]. The number and size of IAM resources in
1521
- # an AWS account are limited. For more information, see [IAM and STS
1522
- # Quotas][2] in the *IAM User Guide*.
1618
+ # roles, see [IAM roles][1]. For information about quotas for role names
1619
+ # and the number of roles you can create, see [IAM and STS quotas][2] in
1620
+ # the *IAM User Guide*.
1523
1621
  #
1524
1622
  #
1525
1623
  #
@@ -1599,7 +1697,7 @@ module Aws::IAM
1599
1697
  # for one hour by default. This applies when you use the `AssumeRole*`
1600
1698
  # API operations or the `assume-role*` CLI operations but does not apply
1601
1699
  # when you use those operations to create a console URL. For more
1602
- # information, see [Using IAM Roles][1] in the *IAM User Guide*.
1700
+ # information, see [Using IAM roles][1] in the *IAM User Guide*.
1603
1701
  #
1604
1702
  #
1605
1703
  #
@@ -1610,13 +1708,12 @@ module Aws::IAM
1610
1708
  # the role.
1611
1709
  #
1612
1710
  # @option params [Array<Types::Tag>] :tags
1613
- # A list of tags that you want to attach to the newly created role. Each
1614
- # tag consists of a key name and an associated value. For more
1615
- # information about tagging, see [Tagging IAM Identities][1] in the *IAM
1616
- # User Guide*.
1711
+ # A list of tags that you want to attach to the new role. Each tag
1712
+ # consists of a key name and an associated value. For more information
1713
+ # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
1617
1714
  #
1618
- # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1619
- # of tags per role, then the entire request fails and the role is not
1715
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1716
+ # number of tags, then the entire request fails and the resource is not
1620
1717
  # created.
1621
1718
  #
1622
1719
  # </note>
@@ -1718,9 +1815,9 @@ module Aws::IAM
1718
1815
  #
1719
1816
  # </note>
1720
1817
  #
1721
- # For more information, see [Enabling SAML 2.0 Federated Users to Access
1818
+ # For more information, see [Enabling SAML 2.0 federated users to access
1722
1819
  # the AWS Management Console][2] and [About SAML 2.0-based
1723
- # Federation][3] in the *IAM User Guide*.
1820
+ # federation][3] in the *IAM User Guide*.
1724
1821
  #
1725
1822
  #
1726
1823
  #
@@ -1736,7 +1833,7 @@ module Aws::IAM
1736
1833
  # You must generate the metadata document using the identity management
1737
1834
  # software that is used as your organization's IdP.
1738
1835
  #
1739
- # For more information, see [About SAML 2.0-based Federation][1] in the
1836
+ # For more information, see [About SAML 2.0-based federation][1] in the
1740
1837
  # *IAM User Guide*
1741
1838
  #
1742
1839
  #
@@ -1755,20 +1852,46 @@ module Aws::IAM
1755
1852
  #
1756
1853
  # [1]: http://wikipedia.org/wiki/regex
1757
1854
  #
1855
+ # @option params [Array<Types::Tag>] :tags
1856
+ # A list of tags that you want to attach to the new IAM SAML provider.
1857
+ # Each tag consists of a key name and an associated value. For more
1858
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
1859
+ # User Guide*.
1860
+ #
1861
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
1862
+ # number of tags, then the entire request fails and the resource is not
1863
+ # created.
1864
+ #
1865
+ # </note>
1866
+ #
1867
+ #
1868
+ #
1869
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1870
+ #
1758
1871
  # @return [Types::CreateSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1759
1872
  #
1760
1873
  # * {Types::CreateSAMLProviderResponse#saml_provider_arn #saml_provider_arn} => String
1874
+ # * {Types::CreateSAMLProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
1761
1875
  #
1762
1876
  # @example Request syntax with placeholder values
1763
1877
  #
1764
1878
  # resp = client.create_saml_provider({
1765
1879
  # saml_metadata_document: "SAMLMetadataDocumentType", # required
1766
1880
  # name: "SAMLProviderNameType", # required
1881
+ # tags: [
1882
+ # {
1883
+ # key: "tagKeyType", # required
1884
+ # value: "tagValueType", # required
1885
+ # },
1886
+ # ],
1767
1887
  # })
1768
1888
  #
1769
1889
  # @example Response structure
1770
1890
  #
1771
1891
  # resp.saml_provider_arn #=> String
1892
+ # resp.tags #=> Array
1893
+ # resp.tags[0].key #=> String
1894
+ # resp.tags[0].value #=> String
1772
1895
  #
1773
1896
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProvider AWS API Documentation
1774
1897
  #
@@ -1786,7 +1909,7 @@ module Aws::IAM
1786
1909
  # resources into an unknown state. Allowing the service to control the
1787
1910
  # role helps improve service stability and proper cleanup when a service
1788
1911
  # and its role are no longer needed. For more information, see [Using
1789
- # Service-Linked Roles][1] in the *IAM User Guide*.
1912
+ # service-linked roles][1] in the *IAM User Guide*.
1790
1913
  #
1791
1914
  # To attach a policy to this service-linked role, you must make the
1792
1915
  # request using the AWS service that depends on this role.
@@ -1801,8 +1924,8 @@ module Aws::IAM
1801
1924
  # front. For example: `elasticbeanstalk.amazonaws.com`.
1802
1925
  #
1803
1926
  # Service principals are unique and case-sensitive. To find the exact
1804
- # service principal for your service-linked role, see [AWS Services That
1805
- # Work with IAM][1] in the *IAM User Guide*. Look for the services that
1927
+ # service principal for your service-linked role, see [AWS services that
1928
+ # work with IAM][1] in the *IAM User Guide*. Look for the services that
1806
1929
  # have <b>Yes </b>in the **Service-Linked Role** column. Choose the
1807
1930
  # **Yes** link to view the service-linked role documentation for that
1808
1931
  # service.
@@ -1872,14 +1995,15 @@ module Aws::IAM
1872
1995
  # You can have a maximum of two sets of service-specific credentials for
1873
1996
  # each supported service per user.
1874
1997
  #
1875
- # The only supported service at this time is AWS CodeCommit.
1998
+ # You can create service-specific credentials for AWS CodeCommit and
1999
+ # Amazon Keyspaces (for Apache Cassandra).
1876
2000
  #
1877
2001
  # You can reset the password to a new service-generated value by calling
1878
2002
  # ResetServiceSpecificCredential.
1879
2003
  #
1880
2004
  # For more information about service-specific credentials, see [Using
1881
- # IAM with AWS CodeCommit: Git Credentials, SSH Keys, and AWS Access
1882
- # Keys][1] in the *IAM User Guide*.
2005
+ # IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access
2006
+ # keys][1] in the *IAM User Guide*.
1883
2007
  #
1884
2008
  #
1885
2009
  #
@@ -1937,9 +2061,8 @@ module Aws::IAM
1937
2061
 
1938
2062
  # Creates a new IAM user for your AWS account.
1939
2063
  #
1940
- # The number and size of IAM resources in an AWS account are limited.
1941
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
1942
- # Guide*.
2064
+ # For information about quotas for the number of IAM users you can
2065
+ # create, see [IAM and STS quotas][1] in the *IAM User Guide*.
1943
2066
  #
1944
2067
  #
1945
2068
  #
@@ -1947,7 +2070,7 @@ module Aws::IAM
1947
2070
  #
1948
2071
  # @option params [String] :path
1949
2072
  # The path for the user name. For more information about paths, see [IAM
1950
- # Identifiers][1] in the *IAM User Guide*.
2073
+ # identifiers][1] in the *IAM User Guide*.
1951
2074
  #
1952
2075
  # This parameter is optional. If it is not included, it defaults to a
1953
2076
  # slash (/).
@@ -1976,13 +2099,12 @@ module Aws::IAM
1976
2099
  # the user.
1977
2100
  #
1978
2101
  # @option params [Array<Types::Tag>] :tags
1979
- # A list of tags that you want to attach to the newly created user. Each
1980
- # tag consists of a key name and an associated value. For more
1981
- # information about tagging, see [Tagging IAM Identities][1] in the *IAM
1982
- # User Guide*.
2102
+ # A list of tags that you want to attach to the new user. Each tag
2103
+ # consists of a key name and an associated value. For more information
2104
+ # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
1983
2105
  #
1984
- # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1985
- # of tags per user, then the entire request fails and the user is not
2106
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
2107
+ # number of tags, then the entire request fails and the resource is not
1986
2108
  # created.
1987
2109
  #
1988
2110
  # </note>
@@ -2055,12 +2177,11 @@ module Aws::IAM
2055
2177
  # Creates a new virtual MFA device for the AWS account. After creating
2056
2178
  # the virtual MFA, use EnableMFADevice to attach the MFA device to an
2057
2179
  # IAM user. For more information about creating and working with virtual
2058
- # MFA devices, go to [Using a Virtual MFA Device][1] in the *IAM User
2180
+ # MFA devices, see [Using a virtual MFA device][1] in the *IAM User
2059
2181
  # Guide*.
2060
2182
  #
2061
- # The number and size of IAM resources in an AWS account are limited.
2062
- # For more information, see [IAM and STS Quotas][2] in the *IAM User
2063
- # Guide*.
2183
+ # For information about the maximum number of MFA devices you can
2184
+ # create, see [IAM and STS quotas][2] in the *IAM User Guide*.
2064
2185
  #
2065
2186
  # The seed information contained in the QR code and the Base32 string
2066
2187
  # should be treated like any other secret access information. In other
@@ -2075,7 +2196,7 @@ module Aws::IAM
2075
2196
  #
2076
2197
  # @option params [String] :path
2077
2198
  # The path for the virtual MFA device. For more information about paths,
2078
- # see [IAM Identifiers][1] in the *IAM User Guide*.
2199
+ # see [IAM identifiers][1] in the *IAM User Guide*.
2079
2200
  #
2080
2201
  # This parameter is optional. If it is not included, it defaults to a
2081
2202
  # slash (/).
@@ -2105,6 +2226,22 @@ module Aws::IAM
2105
2226
  #
2106
2227
  # [1]: http://wikipedia.org/wiki/regex
2107
2228
  #
2229
+ # @option params [Array<Types::Tag>] :tags
2230
+ # A list of tags that you want to attach to the new IAM virtual MFA
2231
+ # device. Each tag consists of a key name and an associated value. For
2232
+ # more information about tagging, see [Tagging IAM resources][1] in the
2233
+ # *IAM User Guide*.
2234
+ #
2235
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
2236
+ # number of tags, then the entire request fails and the resource is not
2237
+ # created.
2238
+ #
2239
+ # </note>
2240
+ #
2241
+ #
2242
+ #
2243
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
2244
+ #
2108
2245
  # @return [Types::CreateVirtualMFADeviceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2109
2246
  #
2110
2247
  # * {Types::CreateVirtualMFADeviceResponse#virtual_mfa_device #virtual_mfa_device} => Types::VirtualMFADevice
@@ -2114,6 +2251,12 @@ module Aws::IAM
2114
2251
  # resp = client.create_virtual_mfa_device({
2115
2252
  # path: "pathType",
2116
2253
  # virtual_mfa_device_name: "virtualMFADeviceName", # required
2254
+ # tags: [
2255
+ # {
2256
+ # key: "tagKeyType", # required
2257
+ # value: "tagValueType", # required
2258
+ # },
2259
+ # ],
2117
2260
  # })
2118
2261
  #
2119
2262
  # @example Response structure
@@ -2133,6 +2276,9 @@ module Aws::IAM
2133
2276
  # resp.virtual_mfa_device.user.tags[0].key #=> String
2134
2277
  # resp.virtual_mfa_device.user.tags[0].value #=> String
2135
2278
  # resp.virtual_mfa_device.enable_date #=> Time
2279
+ # resp.virtual_mfa_device.tags #=> Array
2280
+ # resp.virtual_mfa_device.tags[0].key #=> String
2281
+ # resp.virtual_mfa_device.tags[0].value #=> String
2136
2282
  #
2137
2283
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADevice AWS API Documentation
2138
2284
  #
@@ -2147,8 +2293,8 @@ module Aws::IAM
2147
2293
  # with the user name for which it was originally enabled.
2148
2294
  #
2149
2295
  # For more information about creating and working with virtual MFA
2150
- # devices, go to [Enabling a Virtual Multi-factor Authentication (MFA)
2151
- # Device][1] in the *IAM User Guide*.
2296
+ # devices, see [Enabling a virtual multi-factor authentication (MFA)
2297
+ # device][1] in the *IAM User Guide*.
2152
2298
  #
2153
2299
  #
2154
2300
  #
@@ -2258,7 +2404,7 @@ module Aws::IAM
2258
2404
  end
2259
2405
 
2260
2406
  # Deletes the specified AWS account alias. For information about using
2261
- # an AWS account alias, see [Using an Alias for Your AWS Account ID][1]
2407
+ # an AWS account alias, see [Using an alias for your AWS account ID][1]
2262
2408
  # in the *IAM User Guide*.
2263
2409
  #
2264
2410
  #
@@ -2362,8 +2508,8 @@ module Aws::IAM
2362
2508
  #
2363
2509
  # A group can also have managed policies attached to it. To detach a
2364
2510
  # managed policy from a group, use DetachGroupPolicy. For more
2365
- # information about policies, refer to [Managed Policies and Inline
2366
- # Policies][1] in the *IAM User Guide*.
2511
+ # information about policies, refer to [Managed policies and inline
2512
+ # policies][1] in the *IAM User Guide*.
2367
2513
  #
2368
2514
  #
2369
2515
  #
@@ -2430,8 +2576,8 @@ module Aws::IAM
2430
2576
  # instance profile that is associated with a running instance will break
2431
2577
  # any applications running on the instance.
2432
2578
  #
2433
- # For more information about instance profiles, go to [About Instance
2434
- # Profiles][1].
2579
+ # For more information about instance profiles, see [About instance
2580
+ # profiles][1].
2435
2581
  #
2436
2582
  #
2437
2583
  #
@@ -2479,6 +2625,11 @@ module Aws::IAM
2479
2625
  # user's ability to access AWS services through the AWS Management
2480
2626
  # Console.
2481
2627
  #
2628
+ # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
2629
+ # console to delete a password for any IAM user. You can use
2630
+ # ChangePassword to update, but not delete, your own password in the
2631
+ # **My Security Credentials** page in the AWS Management Console.
2632
+ #
2482
2633
  # Deleting a user's password does not prevent a user from accessing AWS
2483
2634
  # through the command line interface or the API. To prevent all user
2484
2635
  # access, you must also either make any access keys inactive or delete
@@ -2564,9 +2715,9 @@ module Aws::IAM
2564
2715
  # steps describe the process for deleting a managed policy:
2565
2716
  #
2566
2717
  # * Detach the policy from all users, groups, and roles that the policy
2567
- # is attached to, using the DetachUserPolicy, DetachGroupPolicy, or
2568
- # DetachRolePolicy API operations. To list all the users, groups, and
2569
- # roles that a policy is attached to, use ListEntitiesForPolicy.
2718
+ # is attached to, using DetachUserPolicy, DetachGroupPolicy, or
2719
+ # DetachRolePolicy. To list all the users, groups, and roles that a
2720
+ # policy is attached to, use ListEntitiesForPolicy.
2570
2721
  #
2571
2722
  # * Delete all versions of the policy using DeletePolicyVersion. To list
2572
2723
  # the policy's versions, use ListPolicyVersions. You cannot use
@@ -2575,10 +2726,10 @@ module Aws::IAM
2575
2726
  # next step of the process.
2576
2727
  #
2577
2728
  # * Delete the policy (this automatically deletes the policy's default
2578
- # version) using this API.
2729
+ # version) using this operation.
2579
2730
  #
2580
- # For information about managed policies, see [Managed Policies and
2581
- # Inline Policies][1] in the *IAM User Guide*.
2731
+ # For information about managed policies, see [Managed policies and
2732
+ # inline policies][1] in the *IAM User Guide*.
2582
2733
  #
2583
2734
  #
2584
2735
  #
@@ -2587,8 +2738,8 @@ module Aws::IAM
2587
2738
  # @option params [required, String] :policy_arn
2588
2739
  # The Amazon Resource Name (ARN) of the IAM policy you want to delete.
2589
2740
  #
2590
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
2591
- # AWS Service Namespaces][1] in the *AWS General Reference*.
2741
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
2742
+ # in the *AWS General Reference*.
2592
2743
  #
2593
2744
  #
2594
2745
  #
@@ -2613,13 +2764,13 @@ module Aws::IAM
2613
2764
 
2614
2765
  # Deletes the specified version from the specified managed policy.
2615
2766
  #
2616
- # You cannot delete the default version from a policy using this API. To
2617
- # delete the default version from a policy, use DeletePolicy. To find
2618
- # out which version of a policy is marked as the default version, use
2619
- # ListPolicyVersions.
2767
+ # You cannot delete the default version from a policy using this
2768
+ # operation. To delete the default version from a policy, use
2769
+ # DeletePolicy. To find out which version of a policy is marked as the
2770
+ # default version, use ListPolicyVersions.
2620
2771
  #
2621
2772
  # For information about versions for managed policies, see [Versioning
2622
- # for Managed Policies][1] in the *IAM User Guide*.
2773
+ # for managed policies][1] in the *IAM User Guide*.
2623
2774
  #
2624
2775
  #
2625
2776
  #
@@ -2629,8 +2780,8 @@ module Aws::IAM
2629
2780
  # The Amazon Resource Name (ARN) of the IAM policy from which you want
2630
2781
  # to delete a version.
2631
2782
  #
2632
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
2633
- # AWS Service Namespaces][1] in the *AWS General Reference*.
2783
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
2784
+ # in the *AWS General Reference*.
2634
2785
  #
2635
2786
  #
2636
2787
  #
@@ -2645,7 +2796,7 @@ module Aws::IAM
2645
2796
  # of letters and digits.
2646
2797
  #
2647
2798
  # For more information about managed policy versions, see [Versioning
2648
- # for Managed Policies][2] in the *IAM User Guide*.
2799
+ # for managed policies][2] in the *IAM User Guide*.
2649
2800
  #
2650
2801
  #
2651
2802
  #
@@ -2671,8 +2822,8 @@ module Aws::IAM
2671
2822
  end
2672
2823
 
2673
2824
  # Deletes the specified role. The role must not have any policies
2674
- # attached. For more information about roles, go to [Working with
2675
- # Roles][1].
2825
+ # attached. For more information about roles, see [Working with
2826
+ # roles][1].
2676
2827
  #
2677
2828
  # Make sure that you do not have any Amazon EC2 instances running with
2678
2829
  # the role you are about to delete. Deleting a role or instance profile
@@ -2753,7 +2904,7 @@ module Aws::IAM
2753
2904
  #
2754
2905
  # A role can also have managed policies attached to it. To detach a
2755
2906
  # managed policy from a role, use DetachRolePolicy. For more information
2756
- # about policies, refer to [Managed Policies and Inline Policies][1] in
2907
+ # about policies, refer to [Managed policies and inline policies][1] in
2757
2908
  # the *IAM User Guide*.
2758
2909
  #
2759
2910
  #
@@ -2854,7 +3005,7 @@ module Aws::IAM
2854
3005
  # authenticating the associated IAM user to an AWS CodeCommit
2855
3006
  # repository. For more information about using SSH keys to authenticate
2856
3007
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
2857
- # Connections][1] in the *AWS CodeCommit User Guide*.
3008
+ # connections][1] in the *AWS CodeCommit User Guide*.
2858
3009
  #
2859
3010
  #
2860
3011
  #
@@ -2904,7 +3055,7 @@ module Aws::IAM
2904
3055
  # Deletes the specified server certificate.
2905
3056
  #
2906
3057
  # For more information about working with server certificates, see
2907
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
3058
+ # [Working with server certificates][1] in the *IAM User Guide*. This
2908
3059
  # topic also includes a list of AWS services that can use the server
2909
3060
  # certificates that you manage with IAM.
2910
3061
  #
@@ -2915,8 +3066,8 @@ module Aws::IAM
2915
3066
  # cause Elastic Load Balancing to stop accepting traffic. We recommend
2916
3067
  # that you remove the reference to the certificate from Elastic Load
2917
3068
  # Balancing before using this command to delete the certificate. For
2918
- # more information, go to [DeleteLoadBalancerListeners][2] in the
2919
- # *Elastic Load Balancing API Reference*.
3069
+ # more information, see [DeleteLoadBalancerListeners][2] in the *Elastic
3070
+ # Load Balancing API Reference*.
2920
3071
  #
2921
3072
  #
2922
3073
  #
@@ -2962,17 +3113,16 @@ module Aws::IAM
2962
3113
  #
2963
3114
  # If you submit a deletion request for a service-linked role whose
2964
3115
  # linked service is still accessing a resource, then the deletion task
2965
- # fails. If it fails, the GetServiceLinkedRoleDeletionStatus API
2966
- # operation returns the reason for the failure, usually including the
2967
- # resources that must be deleted. To delete the service-linked role, you
2968
- # must first remove those resources from the linked service and then
2969
- # submit the deletion request again. Resources are specific to the
2970
- # service that is linked to the role. For more information about
2971
- # removing resources from a service, see the [AWS documentation][1] for
2972
- # your service.
3116
+ # fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation
3117
+ # returns the reason for the failure, usually including the resources
3118
+ # that must be deleted. To delete the service-linked role, you must
3119
+ # first remove those resources from the linked service and then submit
3120
+ # the deletion request again. Resources are specific to the service that
3121
+ # is linked to the role. For more information about removing resources
3122
+ # from a service, see the [AWS documentation][1] for your service.
2973
3123
  #
2974
- # For more information about service-linked roles, see [Roles Terms and
2975
- # Concepts: AWS Service-Linked Role][2] in the *IAM User Guide*.
3124
+ # For more information about service-linked roles, see [Roles terms and
3125
+ # concepts: AWS service-linked role][2] in the *IAM User Guide*.
2976
3126
  #
2977
3127
  #
2978
3128
  #
@@ -3113,7 +3263,7 @@ module Aws::IAM
3113
3263
  # Deletes the specified IAM user. Unlike the AWS Management Console,
3114
3264
  # when you delete a user programmatically, you must delete the items
3115
3265
  # attached to the user manually, or the deletion fails. For more
3116
- # information, see [Deleting an IAM User][1]. Before attempting to
3266
+ # information, see [Deleting an IAM user][1]. Before attempting to
3117
3267
  # delete a user, remove the following items:
3118
3268
  #
3119
3269
  # * Password (DeleteLoginProfile)
@@ -3209,7 +3359,7 @@ module Aws::IAM
3209
3359
  #
3210
3360
  # A user can also have managed policies attached to it. To detach a
3211
3361
  # managed policy from a user, use DetachUserPolicy. For more information
3212
- # about policies, refer to [Managed Policies and Inline Policies][1] in
3362
+ # about policies, refer to [Managed policies and inline policies][1] in
3213
3363
  # the *IAM User Guide*.
3214
3364
  #
3215
3365
  #
@@ -3319,9 +3469,8 @@ module Aws::IAM
3319
3469
  # Removes the specified managed policy from the specified IAM group.
3320
3470
  #
3321
3471
  # A group can also have inline policies embedded with it. To delete an
3322
- # inline policy, use the DeleteGroupPolicy API. For information about
3323
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
3324
- # User Guide*.
3472
+ # inline policy, use DeleteGroupPolicy. For information about policies,
3473
+ # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3325
3474
  #
3326
3475
  #
3327
3476
  #
@@ -3343,8 +3492,8 @@ module Aws::IAM
3343
3492
  # @option params [required, String] :policy_arn
3344
3493
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3345
3494
  #
3346
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3347
- # AWS Service Namespaces][1] in the *AWS General Reference*.
3495
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3496
+ # in the *AWS General Reference*.
3348
3497
  #
3349
3498
  #
3350
3499
  #
@@ -3371,9 +3520,8 @@ module Aws::IAM
3371
3520
  # Removes the specified managed policy from the specified role.
3372
3521
  #
3373
3522
  # A role can also have inline policies embedded with it. To delete an
3374
- # inline policy, use the DeleteRolePolicy API. For information about
3375
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
3376
- # User Guide*.
3523
+ # inline policy, use DeleteRolePolicy. For information about policies,
3524
+ # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3377
3525
  #
3378
3526
  #
3379
3527
  #
@@ -3395,8 +3543,8 @@ module Aws::IAM
3395
3543
  # @option params [required, String] :policy_arn
3396
3544
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3397
3545
  #
3398
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3399
- # AWS Service Namespaces][1] in the *AWS General Reference*.
3546
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3547
+ # in the *AWS General Reference*.
3400
3548
  #
3401
3549
  #
3402
3550
  #
@@ -3423,9 +3571,8 @@ module Aws::IAM
3423
3571
  # Removes the specified managed policy from the specified user.
3424
3572
  #
3425
3573
  # A user can also have inline policies embedded with it. To delete an
3426
- # inline policy, use the DeleteUserPolicy API. For information about
3427
- # policies, see [Managed Policies and Inline Policies][1] in the *IAM
3428
- # User Guide*.
3574
+ # inline policy, use DeleteUserPolicy. For information about policies,
3575
+ # see [Managed policies and inline policies][1] in the *IAM User Guide*.
3429
3576
  #
3430
3577
  #
3431
3578
  #
@@ -3447,8 +3594,8 @@ module Aws::IAM
3447
3594
  # @option params [required, String] :policy_arn
3448
3595
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3449
3596
  #
3450
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
3451
- # AWS Service Namespaces][1] in the *AWS General Reference*.
3597
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3598
+ # in the *AWS General Reference*.
3452
3599
  #
3453
3600
  #
3454
3601
  #
@@ -3554,8 +3701,8 @@ module Aws::IAM
3554
3701
  end
3555
3702
 
3556
3703
  # Generates a credential report for the AWS account. For more
3557
- # information about the credential report, see [Getting Credential
3558
- # Reports][1] in the *IAM User Guide*.
3704
+ # information about the credential report, see [Getting credential
3705
+ # reports][1] in the *IAM User Guide*.
3559
3706
  #
3560
3707
  #
3561
3708
  #
@@ -3586,12 +3733,12 @@ module Aws::IAM
3586
3733
  # your organization.
3587
3734
  #
3588
3735
  # To call this operation, you must be signed in using your AWS
3589
- # Organizations master account credentials. You can use your long-term
3590
- # IAM user or root user credentials, or temporary credentials from
3591
- # assuming an IAM role. SCPs must be enabled for your organization root.
3592
- # You must have the required IAM and AWS Organizations permissions. For
3593
- # more information, see [Refining Permissions Using Service Last
3594
- # Accessed Data][1] in the *IAM User Guide*.
3736
+ # Organizations management account credentials. You can use your
3737
+ # long-term IAM user or root user credentials, or temporary credentials
3738
+ # from assuming an IAM role. SCPs must be enabled for your organization
3739
+ # root. You must have the required IAM and AWS Organizations
3740
+ # permissions. For more information, see [Refining permissions using
3741
+ # service last accessed data][1] in the *IAM User Guide*.
3595
3742
  #
3596
3743
  # You can generate a service last accessed data report for entities by
3597
3744
  # specifying only the entity's path. This data includes a list of
@@ -3607,8 +3754,8 @@ module Aws::IAM
3607
3754
  # recent account activity that the policy allows to account principals
3608
3755
  # in the entity or the entity's children. For important information
3609
3756
  # about the data, reporting period, permissions required,
3610
- # troubleshooting, and supported Regions see [Reducing Permissions Using
3611
- # Service Last Accessed Data][1] in the *IAM User Guide*.
3757
+ # troubleshooting, and supported Regions see [Reducing permissions using
3758
+ # service last accessed data][1] in the *IAM User Guide*.
3612
3759
  #
3613
3760
  # The data includes all attempts to access AWS, not just the successful
3614
3761
  # ones. This includes all attempts that were made using the AWS
@@ -3618,7 +3765,7 @@ module Aws::IAM
3618
3765
  # request might have been denied. Refer to your CloudTrail logs as the
3619
3766
  # authoritative source for information about all API calls and whether
3620
3767
  # they were successful or denied access. For more information,
3621
- # see [Logging IAM Events with CloudTrail][2] in the *IAM User Guide*.
3768
+ # see [Logging IAM events with CloudTrail][2] in the *IAM User Guide*.
3622
3769
  #
3623
3770
  # This operation returns a `JobId`. Use this parameter in the `
3624
3771
  # GetOrganizationsAccessReport ` operation to check the status of the
@@ -3635,20 +3782,20 @@ module Aws::IAM
3635
3782
  # * **Root** – When you specify the organizations root as the entity,
3636
3783
  # the resulting report lists all of the services allowed by SCPs that
3637
3784
  # are attached to your root. For each service, the report includes
3638
- # data for all accounts in your organization except the master
3639
- # account, because the master account is not limited by SCPs.
3785
+ # data for all accounts in your organization except the management
3786
+ # account, because the management account is not limited by SCPs.
3640
3787
  #
3641
3788
  # * **OU** – When you specify an organizational unit (OU) as the entity,
3642
3789
  # the resulting report lists all of the services allowed by SCPs that
3643
3790
  # are attached to the OU and its parents. For each service, the report
3644
3791
  # includes data for all accounts in the OU or its children. This data
3645
- # excludes the master account, because the master account is not
3646
- # limited by SCPs.
3792
+ # excludes the management account, because the management account is
3793
+ # not limited by SCPs.
3647
3794
  #
3648
- # * **Master account** – When you specify the master account, the
3649
- # resulting report lists all AWS services, because the master account
3650
- # is not limited by SCPs. For each service, the report includes data
3651
- # for only the master account.
3795
+ # * **management account** – When you specify the management account,
3796
+ # the resulting report lists all AWS services, because the management
3797
+ # account is not limited by SCPs. For each service, the report
3798
+ # includes data for only the management account.
3652
3799
  #
3653
3800
  # * **Account** – When you specify another account as the entity, the
3654
3801
  # resulting report lists all of the services allowed by SCPs that are
@@ -3664,26 +3811,26 @@ module Aws::IAM
3664
3811
  # resulting report lists all of the services that are allowed by the
3665
3812
  # specified SCP. For each service, the report includes data for all
3666
3813
  # accounts in your organization to which the SCP applies. This data
3667
- # excludes the master account, because the master account is not
3668
- # limited by SCPs. If the SCP is not attached to any entities in the
3669
- # organization, then the report will return a list of services with no
3670
- # data.
3814
+ # excludes the management account, because the management account is
3815
+ # not limited by SCPs. If the SCP is not attached to any entities in
3816
+ # the organization, then the report will return a list of services
3817
+ # with no data.
3671
3818
  #
3672
3819
  # * **OU** – When you specify an OU entity and a policy ID, the
3673
3820
  # resulting report lists all of the services that are allowed by the
3674
3821
  # specified SCP. For each service, the report includes data for all
3675
3822
  # accounts in the OU or its children to which the SCP applies. This
3676
3823
  # means that other accounts outside the OU that are affected by the
3677
- # SCP might not be included in the data. This data excludes the master
3678
- # account, because the master account is not limited by SCPs. If the
3679
- # SCP is not attached to the OU or one of its children, the report
3680
- # will return a list of services with no data.
3824
+ # SCP might not be included in the data. This data excludes the
3825
+ # management account, because the management account is not limited by
3826
+ # SCPs. If the SCP is not attached to the OU or one of its children,
3827
+ # the report will return a list of services with no data.
3681
3828
  #
3682
- # * **Master account** – When you specify the master account, the
3683
- # resulting report lists all AWS services, because the master account
3684
- # is not limited by SCPs. If you specify a policy ID in the CLI or
3685
- # API, the policy is ignored. For each service, the report includes
3686
- # data for only the master account.
3829
+ # * **management account** – When you specify the management account,
3830
+ # the resulting report lists all AWS services, because the management
3831
+ # account is not limited by SCPs. If you specify a policy ID in the
3832
+ # CLI or API, the policy is ignored. For each service, the report
3833
+ # includes data for only the management account.
3687
3834
  #
3688
3835
  # * **Account** – When you specify another account entity and a policy
3689
3836
  # ID, the resulting report lists all of the services that are allowed
@@ -3698,12 +3845,12 @@ module Aws::IAM
3698
3845
  # policy types include identity-based policies, resource-based policies,
3699
3846
  # access control lists, IAM permissions boundaries, and STS assume role
3700
3847
  # policies. It only applies SCP logic. For more about the evaluation of
3701
- # policy types, see [Evaluating Policies][3] in the *IAM User Guide*.
3848
+ # policy types, see [Evaluating policies][3] in the *IAM User Guide*.
3702
3849
  #
3703
3850
  # </note>
3704
3851
  #
3705
3852
  # For more information about service last accessed data, see [Reducing
3706
- # Policy Scope by Viewing User Activity][1] in the *IAM User Guide*.
3853
+ # policy scope by viewing user activity][1] in the *IAM User Guide*.
3707
3854
  #
3708
3855
  #
3709
3856
  #
@@ -3771,7 +3918,7 @@ module Aws::IAM
3771
3918
  # AWS services. Recent activity usually appears within four hours. IAM
3772
3919
  # reports activity for the last 365 days, or less if your Region began
3773
3920
  # supporting this feature within the last year. For more information,
3774
- # see [Regions Where Data Is Tracked][1].
3921
+ # see [Regions where data is tracked][1].
3775
3922
  #
3776
3923
  # The service last accessed data includes all attempts to access an AWS
3777
3924
  # API, not just the successful ones. This includes all attempts that
@@ -3781,7 +3928,7 @@ module Aws::IAM
3781
3928
  # compromised, because the request might have been denied. Refer to your
3782
3929
  # CloudTrail logs as the authoritative source for information about all
3783
3930
  # API calls and whether they were successful or denied access. For more
3784
- # information, see [Logging IAM Events with CloudTrail][2] in the *IAM
3931
+ # information, see [Logging IAM events with CloudTrail][2] in the *IAM
3785
3932
  # User Guide*.
3786
3933
  #
3787
3934
  # The `GenerateServiceLastAccessedDetails` operation returns a `JobId`.
@@ -3817,12 +3964,12 @@ module Aws::IAM
3817
3964
  # AWS Organizations policies, IAM permissions boundaries, and AWS STS
3818
3965
  # assume role policies. It only applies permissions policy logic. For
3819
3966
  # more about the evaluation of policy types, see [Evaluating
3820
- # Policies][3] in the *IAM User Guide*.
3967
+ # policies][3] in the *IAM User Guide*.
3821
3968
  #
3822
3969
  # </note>
3823
3970
  #
3824
3971
  # For more information about service and action last accessed data, see
3825
- # [Reducing Permissions Using Service Last Accessed Data][4] in the *IAM
3972
+ # [Reducing permissions using service last accessed data][4] in the *IAM
3826
3973
  # User Guide*.
3827
3974
  #
3828
3975
  #
@@ -3928,12 +4075,12 @@ module Aws::IAM
3928
4075
 
3929
4076
  # Retrieves information about all IAM users, groups, roles, and policies
3930
4077
  # in your AWS account, including their relationships to one another. Use
3931
- # this API to obtain a snapshot of the configuration of IAM permissions
3932
- # (users, groups, roles, and policies) in your account.
4078
+ # this operation to obtain a snapshot of the configuration of IAM
4079
+ # permissions (users, groups, roles, and policies) in your account.
3933
4080
  #
3934
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
3935
- # 3986][1]. You can use a URL decoding method to convert the policy back
3936
- # to plain JSON text. For example, if you use Java, you can use the
4081
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
4082
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
4083
+ # back to plain JSON text. For example, if you use Java, you can use the
3937
4084
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
3938
4085
  # SDK. Other languages and SDKs provide similar functionality.
3939
4086
  #
@@ -4054,6 +4201,9 @@ module Aws::IAM
4054
4201
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String
4055
4202
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].role_last_used.last_used_date #=> Time
4056
4203
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].role_last_used.region #=> String
4204
+ # resp.role_detail_list[0].instance_profile_list[0].tags #=> Array
4205
+ # resp.role_detail_list[0].instance_profile_list[0].tags[0].key #=> String
4206
+ # resp.role_detail_list[0].instance_profile_list[0].tags[0].value #=> String
4057
4207
  # resp.role_detail_list[0].role_policy_list #=> Array
4058
4208
  # resp.role_detail_list[0].role_policy_list[0].policy_name #=> String
4059
4209
  # resp.role_detail_list[0].role_policy_list[0].policy_document #=> String
@@ -4096,9 +4246,10 @@ module Aws::IAM
4096
4246
  req.send_request(options)
4097
4247
  end
4098
4248
 
4099
- # Retrieves the password policy for the AWS account. For more
4100
- # information about using a password policy, go to [Managing an IAM
4101
- # Password Policy][1].
4249
+ # Retrieves the password policy for the AWS account. This tells you the
4250
+ # complexity requirements and mandatory rotation periods for the IAM
4251
+ # user passwords in your account. For more information about using a
4252
+ # password policy, see [Managing an IAM password policy][1].
4102
4253
  #
4103
4254
  #
4104
4255
  #
@@ -4157,9 +4308,8 @@ module Aws::IAM
4157
4308
  # Retrieves information about IAM entity usage and IAM quotas in the AWS
4158
4309
  # account.
4159
4310
  #
4160
- # The number and size of IAM resources in an AWS account are limited.
4161
- # For more information, see [IAM and STS Quotas][1] in the *IAM User
4162
- # Guide*.
4311
+ # For information about IAM quotas, see [IAM and STS quotas][1] in the
4312
+ # *IAM User Guide*.
4163
4313
  #
4164
4314
  #
4165
4315
  #
@@ -4292,8 +4442,8 @@ module Aws::IAM
4292
4442
  # specified as strings. If you want to include *only* a list of policies
4293
4443
  # by string, use GetContextKeysForCustomPolicy instead.
4294
4444
  #
4295
- # **Note:** This API discloses information about the permissions granted
4296
- # to other users. If you do not want users to see other user's
4445
+ # **Note:** This operation discloses information about the permissions
4446
+ # granted to other users. If you do not want users to see other user's
4297
4447
  # permissions, then consider allowing them to use
4298
4448
  # GetContextKeysForCustomPolicy instead.
4299
4449
  #
@@ -4313,8 +4463,8 @@ module Aws::IAM
4313
4463
  # parameters are shown in unencoded form here for clarity, but must be
4314
4464
  # URL encoded to be included as a part of a real HTML request.
4315
4465
  #
4316
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
4317
- # AWS Service Namespaces][1] in the *AWS General Reference*.
4466
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
4467
+ # in the *AWS General Reference*.
4318
4468
  #
4319
4469
  #
4320
4470
  #
@@ -4366,8 +4516,8 @@ module Aws::IAM
4366
4516
  end
4367
4517
 
4368
4518
  # Retrieves a credential report for the AWS account. For more
4369
- # information about the credential report, see [Getting Credential
4370
- # Reports][1] in the *IAM User Guide*.
4519
+ # information about the credential report, see [Getting credential
4520
+ # reports][1] in the *IAM User Guide*.
4371
4521
  #
4372
4522
  #
4373
4523
  #
@@ -4477,9 +4627,9 @@ module Aws::IAM
4477
4627
  # Retrieves the specified inline policy document that is embedded in the
4478
4628
  # specified IAM group.
4479
4629
  #
4480
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
4481
- # 3986][1]. You can use a URL decoding method to convert the policy back
4482
- # to plain JSON text. For example, if you use Java, you can use the
4630
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
4631
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
4632
+ # back to plain JSON text. For example, if you use Java, you can use the
4483
4633
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
4484
4634
  # SDK. Other languages and SDKs provide similar functionality.
4485
4635
  #
@@ -4490,8 +4640,8 @@ module Aws::IAM
4490
4640
  # GetPolicy to determine the policy's default version, then use
4491
4641
  # GetPolicyVersion to retrieve the policy document.
4492
4642
  #
4493
- # For more information about policies, see [Managed Policies and Inline
4494
- # Policies][2] in the *IAM User Guide*.
4643
+ # For more information about policies, see [Managed policies and inline
4644
+ # policies][2] in the *IAM User Guide*.
4495
4645
  #
4496
4646
  #
4497
4647
  #
@@ -4552,7 +4702,7 @@ module Aws::IAM
4552
4702
 
4553
4703
  # Retrieves information about the specified instance profile, including
4554
4704
  # the instance profile's path, GUID, ARN, and role. For more
4555
- # information about instance profiles, see [About Instance Profiles][1]
4705
+ # information about instance profiles, see [About instance profiles][1]
4556
4706
  # in the *IAM User Guide*.
4557
4707
  #
4558
4708
  #
@@ -4634,6 +4784,9 @@ module Aws::IAM
4634
4784
  # resp.instance_profile.roles[0].tags[0].value #=> String
4635
4785
  # resp.instance_profile.roles[0].role_last_used.last_used_date #=> Time
4636
4786
  # resp.instance_profile.roles[0].role_last_used.region #=> String
4787
+ # resp.instance_profile.tags #=> Array
4788
+ # resp.instance_profile.tags[0].key #=> String
4789
+ # resp.instance_profile.tags[0].value #=> String
4637
4790
  #
4638
4791
  #
4639
4792
  # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -4649,7 +4802,7 @@ module Aws::IAM
4649
4802
  req.send_request(options)
4650
4803
  end
4651
4804
 
4652
- # Retrieves the user name and password-creation date for the specified
4805
+ # Retrieves the user name and password creation date for the specified
4653
4806
  # IAM user. If the user has not been assigned a password, the operation
4654
4807
  # returns a 404 (`NoSuchEntity`) error.
4655
4808
  #
@@ -4715,8 +4868,8 @@ module Aws::IAM
4715
4868
  # IAM to get information for. You can get a list of OIDC provider
4716
4869
  # resource ARNs by using the ListOpenIDConnectProviders operation.
4717
4870
  #
4718
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
4719
- # AWS Service Namespaces][1] in the *AWS General Reference*.
4871
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
4872
+ # in the *AWS General Reference*.
4720
4873
  #
4721
4874
  #
4722
4875
  #
@@ -4728,6 +4881,7 @@ module Aws::IAM
4728
4881
  # * {Types::GetOpenIDConnectProviderResponse#client_id_list #client_id_list} => Array&lt;String&gt;
4729
4882
  # * {Types::GetOpenIDConnectProviderResponse#thumbprint_list #thumbprint_list} => Array&lt;String&gt;
4730
4883
  # * {Types::GetOpenIDConnectProviderResponse#create_date #create_date} => Time
4884
+ # * {Types::GetOpenIDConnectProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
4731
4885
  #
4732
4886
  # @example Request syntax with placeholder values
4733
4887
  #
@@ -4743,6 +4897,9 @@ module Aws::IAM
4743
4897
  # resp.thumbprint_list #=> Array
4744
4898
  # resp.thumbprint_list[0] #=> String
4745
4899
  # resp.create_date #=> Time
4900
+ # resp.tags #=> Array
4901
+ # resp.tags[0].key #=> String
4902
+ # resp.tags[0].value #=> String
4746
4903
  #
4747
4904
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProvider AWS API Documentation
4748
4905
  #
@@ -4762,11 +4919,11 @@ module Aws::IAM
4762
4919
  # report, the data returned could include different information. For
4763
4920
  # details, see GenerateOrganizationsAccessReport.
4764
4921
  #
4765
- # To call this operation, you must be signed in to the master account in
4766
- # your organization. SCPs must be enabled for your organization root.
4767
- # You must have permissions to perform this operation. For more
4768
- # information, see [Refining Permissions Using Service Last Accessed
4769
- # Data][1] in the *IAM User Guide*.
4922
+ # To call this operation, you must be signed in to the management
4923
+ # account in your organization. SCPs must be enabled for your
4924
+ # organization root. You must have permissions to perform this
4925
+ # operation. For more information, see [Refining permissions using
4926
+ # service last accessed data][1] in the *IAM User Guide*.
4770
4927
  #
4771
4928
  # For each service that principals in an account (root users, IAM users,
4772
4929
  # or IAM roles) could access using SCPs, the operation returns details
@@ -4902,17 +5059,17 @@ module Aws::IAM
4902
5059
  # the policy's default version and the total number of IAM users,
4903
5060
  # groups, and roles to which the policy is attached. To retrieve the
4904
5061
  # list of the specific users, groups, and roles that the policy is
4905
- # attached to, use the ListEntitiesForPolicy API. This API returns
5062
+ # attached to, use ListEntitiesForPolicy. This operation returns
4906
5063
  # metadata about the policy. To retrieve the actual policy document for
4907
5064
  # a specific version of the policy, use GetPolicyVersion.
4908
5065
  #
4909
- # This API retrieves information about managed policies. To retrieve
4910
- # information about an inline policy that is embedded with an IAM user,
4911
- # group, or role, use the GetUserPolicy, GetGroupPolicy, or
4912
- # GetRolePolicy API.
5066
+ # This operation retrieves information about managed policies. To
5067
+ # retrieve information about an inline policy that is embedded with an
5068
+ # IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or
5069
+ # GetRolePolicy.
4913
5070
  #
4914
- # For more information about policies, see [Managed Policies and Inline
4915
- # Policies][1] in the *IAM User Guide*.
5071
+ # For more information about policies, see [Managed policies and inline
5072
+ # policies][1] in the *IAM User Guide*.
4916
5073
  #
4917
5074
  #
4918
5075
  #
@@ -4922,8 +5079,8 @@ module Aws::IAM
4922
5079
  # The Amazon Resource Name (ARN) of the managed policy that you want
4923
5080
  # information about.
4924
5081
  #
4925
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
4926
- # AWS Service Namespaces][1] in the *AWS General Reference*.
5082
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5083
+ # in the *AWS General Reference*.
4927
5084
  #
4928
5085
  #
4929
5086
  #
@@ -4952,6 +5109,9 @@ module Aws::IAM
4952
5109
  # resp.policy.description #=> String
4953
5110
  # resp.policy.create_date #=> Time
4954
5111
  # resp.policy.update_date #=> Time
5112
+ # resp.policy.tags #=> Array
5113
+ # resp.policy.tags[0].key #=> String
5114
+ # resp.policy.tags[0].value #=> String
4955
5115
  #
4956
5116
  #
4957
5117
  # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -4970,9 +5130,9 @@ module Aws::IAM
4970
5130
  # Retrieves information about the specified version of the specified
4971
5131
  # managed policy, including the policy document.
4972
5132
  #
4973
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
4974
- # 3986][1]. You can use a URL decoding method to convert the policy back
4975
- # to plain JSON text. For example, if you use Java, you can use the
5133
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
5134
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
5135
+ # back to plain JSON text. For example, if you use Java, you can use the
4976
5136
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
4977
5137
  # SDK. Other languages and SDKs provide similar functionality.
4978
5138
  #
@@ -4980,15 +5140,16 @@ module Aws::IAM
4980
5140
  #
4981
5141
  # To list the available versions for a policy, use ListPolicyVersions.
4982
5142
  #
4983
- # This API retrieves information about managed policies. To retrieve
4984
- # information about an inline policy that is embedded in a user, group,
4985
- # or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.
5143
+ # This operation retrieves information about managed policies. To
5144
+ # retrieve information about an inline policy that is embedded in a
5145
+ # user, group, or role, use GetUserPolicy, GetGroupPolicy, or
5146
+ # GetRolePolicy.
4986
5147
  #
4987
5148
  # For more information about the types of policies, see [Managed
4988
- # Policies and Inline Policies][2] in the *IAM User Guide*.
5149
+ # policies and inline policies][2] in the *IAM User Guide*.
4989
5150
  #
4990
5151
  # For more information about managed policy versions, see [Versioning
4991
- # for Managed Policies][3] in the *IAM User Guide*.
5152
+ # for managed policies][3] in the *IAM User Guide*.
4992
5153
  #
4993
5154
  #
4994
5155
  #
@@ -5000,8 +5161,8 @@ module Aws::IAM
5000
5161
  # The Amazon Resource Name (ARN) of the managed policy that you want
5001
5162
  # information about.
5002
5163
  #
5003
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
5004
- # AWS Service Namespaces][1] in the *AWS General Reference*.
5164
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5165
+ # in the *AWS General Reference*.
5005
5166
  #
5006
5167
  #
5007
5168
  #
@@ -5049,11 +5210,11 @@ module Aws::IAM
5049
5210
  # Retrieves information about the specified role, including the role's
5050
5211
  # path, GUID, ARN, and the role's trust policy that grants permission
5051
5212
  # to assume the role. For more information about roles, see [Working
5052
- # with Roles][1].
5213
+ # with roles][1].
5053
5214
  #
5054
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
5055
- # 3986][2]. You can use a URL decoding method to convert the policy back
5056
- # to plain JSON text. For example, if you use Java, you can use the
5215
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
5216
+ # [RFC 3986][2]. You can use a URL decoding method to convert the policy
5217
+ # back to plain JSON text. For example, if you use Java, you can use the
5057
5218
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5058
5219
  # SDK. Other languages and SDKs provide similar functionality.
5059
5220
  #
@@ -5147,9 +5308,9 @@ module Aws::IAM
5147
5308
  # Retrieves the specified inline policy document that is embedded with
5148
5309
  # the specified IAM role.
5149
5310
  #
5150
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
5151
- # 3986][1]. You can use a URL decoding method to convert the policy back
5152
- # to plain JSON text. For example, if you use Java, you can use the
5311
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
5312
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
5313
+ # back to plain JSON text. For example, if you use Java, you can use the
5153
5314
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5154
5315
  # SDK. Other languages and SDKs provide similar functionality.
5155
5316
  #
@@ -5160,11 +5321,11 @@ module Aws::IAM
5160
5321
  # determine the policy's default version, then use GetPolicyVersion to
5161
5322
  # retrieve the policy document.
5162
5323
  #
5163
- # For more information about policies, see [Managed Policies and Inline
5164
- # Policies][2] in the *IAM User Guide*.
5324
+ # For more information about policies, see [Managed policies and inline
5325
+ # policies][2] in the *IAM User Guide*.
5165
5326
  #
5166
- # For more information about roles, see [Using Roles to Delegate
5167
- # Permissions and Federate Identities][3].
5327
+ # For more information about roles, see [Using roles to delegate
5328
+ # permissions and federate identities][3].
5168
5329
  #
5169
5330
  #
5170
5331
  #
@@ -5239,8 +5400,8 @@ module Aws::IAM
5239
5400
  # The Amazon Resource Name (ARN) of the SAML provider resource object in
5240
5401
  # IAM to get information about.
5241
5402
  #
5242
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
5243
- # AWS Service Namespaces][1] in the *AWS General Reference*.
5403
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5404
+ # in the *AWS General Reference*.
5244
5405
  #
5245
5406
  #
5246
5407
  #
@@ -5251,6 +5412,7 @@ module Aws::IAM
5251
5412
  # * {Types::GetSAMLProviderResponse#saml_metadata_document #saml_metadata_document} => String
5252
5413
  # * {Types::GetSAMLProviderResponse#create_date #create_date} => Time
5253
5414
  # * {Types::GetSAMLProviderResponse#valid_until #valid_until} => Time
5415
+ # * {Types::GetSAMLProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
5254
5416
  #
5255
5417
  # @example Request syntax with placeholder values
5256
5418
  #
@@ -5263,6 +5425,9 @@ module Aws::IAM
5263
5425
  # resp.saml_metadata_document #=> String
5264
5426
  # resp.create_date #=> Time
5265
5427
  # resp.valid_until #=> Time
5428
+ # resp.tags #=> Array
5429
+ # resp.tags[0].key #=> String
5430
+ # resp.tags[0].value #=> String
5266
5431
  #
5267
5432
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProvider AWS API Documentation
5268
5433
  #
@@ -5280,7 +5445,7 @@ module Aws::IAM
5280
5445
  # authenticating the associated IAM user to an AWS CodeCommit
5281
5446
  # repository. For more information about using SSH keys to authenticate
5282
5447
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
5283
- # Connections][1] in the *AWS CodeCommit User Guide*.
5448
+ # connections][1] in the *AWS CodeCommit User Guide*.
5284
5449
  #
5285
5450
  #
5286
5451
  #
@@ -5348,7 +5513,7 @@ module Aws::IAM
5348
5513
  # IAM.
5349
5514
  #
5350
5515
  # For more information about working with server certificates, see
5351
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
5516
+ # [Working with server certificates][1] in the *IAM User Guide*. This
5352
5517
  # topic includes a list of AWS services that can use the server
5353
5518
  # certificates that you manage with IAM.
5354
5519
  #
@@ -5389,6 +5554,9 @@ module Aws::IAM
5389
5554
  # resp.server_certificate.server_certificate_metadata.expiration #=> Time
5390
5555
  # resp.server_certificate.certificate_body #=> String
5391
5556
  # resp.server_certificate.certificate_chain #=> String
5557
+ # resp.server_certificate.tags #=> Array
5558
+ # resp.server_certificate.tags[0].key #=> String
5559
+ # resp.server_certificate.tags[0].value #=> String
5392
5560
  #
5393
5561
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServerCertificate AWS API Documentation
5394
5562
  #
@@ -5413,7 +5581,7 @@ module Aws::IAM
5413
5581
  # AWS Organizations policies, IAM permissions boundaries, and AWS STS
5414
5582
  # assume role policies. It only applies permissions policy logic. For
5415
5583
  # more about the evaluation of policy types, see [Evaluating
5416
- # Policies][1] in the *IAM User Guide*.
5584
+ # policies][1] in the *IAM User Guide*.
5417
5585
  #
5418
5586
  # </note>
5419
5587
  #
@@ -5448,7 +5616,7 @@ module Aws::IAM
5448
5616
  # within a service. Otherwise, this operation returns only service data.
5449
5617
  #
5450
5618
  # For more information about service and action last accessed data, see
5451
- # [Reducing Permissions Using Service Last Accessed Data][2] in the *IAM
5619
+ # [Reducing permissions using service last accessed data][2] in the *IAM
5452
5620
  # User Guide*.
5453
5621
  #
5454
5622
  #
@@ -5596,17 +5764,16 @@ module Aws::IAM
5596
5764
  # namespace to learn when the IAM entity last attempted to access the
5597
5765
  # specified service.
5598
5766
  #
5599
- # To learn the service namespace for a service, go to [Actions,
5600
- # Resources, and Condition Keys for AWS Services][1] in the *IAM User
5601
- # Guide*. Choose the name of the service to view details for that
5602
- # service. In the first paragraph, find the service prefix. For example,
5603
- # `(service prefix: a4b)`. For more information about service
5604
- # namespaces, see [AWS Service Namespaces][2] in the *AWS General
5605
- # Reference*.
5767
+ # To learn the service namespace for a service, see [Actions, resources,
5768
+ # and condition keys for AWS services][1] in the *IAM User Guide*.
5769
+ # Choose the name of the service to view details for that service. In
5770
+ # the first paragraph, find the service prefix. For example, `(service
5771
+ # prefix: a4b)`. For more information about service namespaces, see [AWS
5772
+ # service namespaces][2] in the *AWS General Reference*.
5606
5773
  #
5607
5774
  #
5608
5775
  #
5609
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
5776
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
5610
5777
  # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
5611
5778
  #
5612
5779
  # @option params [Integer] :max_items
@@ -5711,11 +5878,11 @@ module Aws::IAM
5711
5878
  end
5712
5879
 
5713
5880
  # Retrieves the status of your service-linked role deletion. After you
5714
- # use the DeleteServiceLinkedRole API operation to submit a
5715
- # service-linked role for deletion, you can use the `DeletionTaskId`
5716
- # parameter in `GetServiceLinkedRoleDeletionStatus` to check the status
5717
- # of the deletion. If the deletion fails, this operation returns the
5718
- # reason that it failed, if that information is returned by the service.
5881
+ # use DeleteServiceLinkedRole to submit a service-linked role for
5882
+ # deletion, you can use the `DeletionTaskId` parameter in
5883
+ # `GetServiceLinkedRoleDeletionStatus` to check the status of the
5884
+ # deletion. If the deletion fails, this operation returns the reason
5885
+ # that it failed, if that information is returned by the service.
5719
5886
  #
5720
5887
  # @option params [required, String] :deletion_task_id
5721
5888
  # The deletion task identifier. This identifier is returned by the
@@ -5756,7 +5923,7 @@ module Aws::IAM
5756
5923
  #
5757
5924
  # If you do not specify a user name, IAM determines the user name
5758
5925
  # implicitly based on the AWS access key ID used to sign the request to
5759
- # this API.
5926
+ # this operation.
5760
5927
  #
5761
5928
  # @option params [String] :user_name
5762
5929
  # The name of the user to get information about.
@@ -5832,9 +5999,9 @@ module Aws::IAM
5832
5999
  # Retrieves the specified inline policy document that is embedded in the
5833
6000
  # specified IAM user.
5834
6001
  #
5835
- # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
5836
- # 3986][1]. You can use a URL decoding method to convert the policy back
5837
- # to plain JSON text. For example, if you use Java, you can use the
6002
+ # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
6003
+ # [RFC 3986][1]. You can use a URL decoding method to convert the policy
6004
+ # back to plain JSON text. For example, if you use Java, you can use the
5838
6005
  # `decode` method of the `java.net.URLDecoder` utility class in the Java
5839
6006
  # SDK. Other languages and SDKs provide similar functionality.
5840
6007
  #
@@ -5845,8 +6012,8 @@ module Aws::IAM
5845
6012
  # determine the policy's default version. Then use GetPolicyVersion to
5846
6013
  # retrieve the policy document.
5847
6014
  #
5848
- # For more information about policies, see [Managed Policies and Inline
5849
- # Policies][2] in the *IAM User Guide*.
6015
+ # For more information about policies, see [Managed policies and inline
6016
+ # policies][2] in the *IAM User Guide*.
5850
6017
  #
5851
6018
  #
5852
6019
  #
@@ -6016,7 +6183,7 @@ module Aws::IAM
6016
6183
 
6017
6184
  # Lists the account alias associated with the AWS account (Note: you can
6018
6185
  # have only one). For information about using an AWS account alias, see
6019
- # [Using an Alias for Your AWS Account ID][1] in the *IAM User Guide*.
6186
+ # [Using an alias for your AWS account ID][1] in the *IAM User Guide*.
6020
6187
  #
6021
6188
  #
6022
6189
  #
@@ -6089,9 +6256,9 @@ module Aws::IAM
6089
6256
  # group.
6090
6257
  #
6091
6258
  # An IAM group can also have inline policies embedded with it. To list
6092
- # the inline policies for a group, use the ListGroupPolicies API. For
6093
- # information about policies, see [Managed Policies and Inline
6094
- # Policies][1] in the *IAM User Guide*.
6259
+ # the inline policies for a group, use ListGroupPolicies. For
6260
+ # information about policies, see [Managed policies and inline
6261
+ # policies][1] in the *IAM User Guide*.
6095
6262
  #
6096
6263
  # You can paginate the results using the `MaxItems` and `Marker`
6097
6264
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6187,9 +6354,9 @@ module Aws::IAM
6187
6354
  # role.
6188
6355
  #
6189
6356
  # An IAM role can also have inline policies embedded with it. To list
6190
- # the inline policies for a role, use the ListRolePolicies API. For
6191
- # information about policies, see [Managed Policies and Inline
6192
- # Policies][1] in the *IAM User Guide*.
6357
+ # the inline policies for a role, use ListRolePolicies. For information
6358
+ # about policies, see [Managed policies and inline policies][1] in the
6359
+ # *IAM User Guide*.
6193
6360
  #
6194
6361
  # You can paginate the results using the `MaxItems` and `Marker`
6195
6362
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6285,9 +6452,9 @@ module Aws::IAM
6285
6452
  # user.
6286
6453
  #
6287
6454
  # An IAM user can also have inline policies embedded with it. To list
6288
- # the inline policies for a user, use the ListUserPolicies API. For
6289
- # information about policies, see [Managed Policies and Inline
6290
- # Policies][1] in the *IAM User Guide*.
6455
+ # the inline policies for a user, use ListUserPolicies. For information
6456
+ # about policies, see [Managed policies and inline policies][1] in the
6457
+ # *IAM User Guide*.
6291
6458
  #
6292
6459
  # You can paginate the results using the `MaxItems` and `Marker`
6293
6460
  # parameters. You can use the `PathPrefix` parameter to limit the list
@@ -6394,8 +6561,8 @@ module Aws::IAM
6394
6561
  # The Amazon Resource Name (ARN) of the IAM policy for which you want
6395
6562
  # the versions.
6396
6563
  #
6397
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
6398
- # AWS Service Namespaces][1] in the *AWS General Reference*.
6564
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
6565
+ # in the *AWS General Reference*.
6399
6566
  #
6400
6567
  #
6401
6568
  #
@@ -6504,7 +6671,7 @@ module Aws::IAM
6504
6671
  # An IAM group can also have managed policies attached to it. To list
6505
6672
  # the managed policies that are attached to a group, use
6506
6673
  # ListAttachedGroupPolicies. For more information about policies, see
6507
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
6674
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
6508
6675
  #
6509
6676
  # You can paginate the results using the `MaxItems` and `Marker`
6510
6677
  # parameters. If there are no inline policies embedded with the
@@ -6801,10 +6968,87 @@ module Aws::IAM
6801
6968
  req.send_request(options)
6802
6969
  end
6803
6970
 
6971
+ # Lists the tags that are attached to the specified IAM instance
6972
+ # profile. The returned list of tags is sorted by tag key. For more
6973
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
6974
+ # User Guide*.
6975
+ #
6976
+ #
6977
+ #
6978
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
6979
+ #
6980
+ # @option params [required, String] :instance_profile_name
6981
+ # The name of the IAM instance profile whose tags you want to see.
6982
+ #
6983
+ # This parameter accepts (through its [regex pattern][1]) a string of
6984
+ # characters that consist of upper and lowercase alphanumeric characters
6985
+ # with no spaces. You can also include any of the following characters:
6986
+ # =,.@-
6987
+ #
6988
+ #
6989
+ #
6990
+ # [1]: http://wikipedia.org/wiki/regex
6991
+ #
6992
+ # @option params [String] :marker
6993
+ # Use this parameter only when paginating results and only after you
6994
+ # receive a response indicating that the results are truncated. Set it
6995
+ # to the value of the `Marker` element in the response that you received
6996
+ # to indicate where the next call should start.
6997
+ #
6998
+ # @option params [Integer] :max_items
6999
+ # (Optional) Use this only when paginating results to indicate the
7000
+ # maximum number of items that you want in the response. If additional
7001
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7002
+ # response element is `true`.
7003
+ #
7004
+ # If you do not include this parameter, it defaults to 100. Note that
7005
+ # IAM might return fewer results, even when more results are available.
7006
+ # In that case, the `IsTruncated` response element returns `true`, and
7007
+ # `Marker` contains a value to include in the subsequent call that tells
7008
+ # the service where to continue from.
7009
+ #
7010
+ # @return [Types::ListInstanceProfileTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7011
+ #
7012
+ # * {Types::ListInstanceProfileTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7013
+ # * {Types::ListInstanceProfileTagsResponse#is_truncated #is_truncated} => Boolean
7014
+ # * {Types::ListInstanceProfileTagsResponse#marker #marker} => String
7015
+ #
7016
+ # @example Request syntax with placeholder values
7017
+ #
7018
+ # resp = client.list_instance_profile_tags({
7019
+ # instance_profile_name: "instanceProfileNameType", # required
7020
+ # marker: "markerType",
7021
+ # max_items: 1,
7022
+ # })
7023
+ #
7024
+ # @example Response structure
7025
+ #
7026
+ # resp.tags #=> Array
7027
+ # resp.tags[0].key #=> String
7028
+ # resp.tags[0].value #=> String
7029
+ # resp.is_truncated #=> Boolean
7030
+ # resp.marker #=> String
7031
+ #
7032
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfileTags AWS API Documentation
7033
+ #
7034
+ # @overload list_instance_profile_tags(params = {})
7035
+ # @param [Hash] params ({})
7036
+ def list_instance_profile_tags(params = {}, options = {})
7037
+ req = build_request(:list_instance_profile_tags, params)
7038
+ req.send_request(options)
7039
+ end
7040
+
6804
7041
  # Lists the instance profiles that have the specified path prefix. If
6805
7042
  # there are none, the operation returns an empty list. For more
6806
- # information about instance profiles, go to [About Instance
6807
- # Profiles][1].
7043
+ # information about instance profiles, see [About instance profiles][1].
7044
+ #
7045
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
7046
+ # attributes for the resource. For example, this operation does not
7047
+ # return tags, even though they are an attribute of the returned object.
7048
+ # To view all of the information for an instance profile, see
7049
+ # GetInstanceProfile.
7050
+ #
7051
+ # </note>
6808
7052
  #
6809
7053
  # You can paginate the results using the `MaxItems` and `Marker`
6810
7054
  # parameters.
@@ -6888,6 +7132,9 @@ module Aws::IAM
6888
7132
  # resp.instance_profiles[0].roles[0].tags[0].value #=> String
6889
7133
  # resp.instance_profiles[0].roles[0].role_last_used.last_used_date #=> Time
6890
7134
  # resp.instance_profiles[0].roles[0].role_last_used.region #=> String
7135
+ # resp.instance_profiles[0].tags #=> Array
7136
+ # resp.instance_profiles[0].tags[0].key #=> String
7137
+ # resp.instance_profiles[0].tags[0].value #=> String
6891
7138
  # resp.is_truncated #=> Boolean
6892
7139
  # resp.marker #=> String
6893
7140
  #
@@ -6902,8 +7149,8 @@ module Aws::IAM
6902
7149
 
6903
7150
  # Lists the instance profiles that have the specified associated IAM
6904
7151
  # role. If there are none, the operation returns an empty list. For more
6905
- # information about instance profiles, go to [About Instance
6906
- # Profiles][1].
7152
+ # information about instance profiles, go to [About instance
7153
+ # profiles][1].
6907
7154
  #
6908
7155
  # You can paginate the results using the `MaxItems` and `Marker`
6909
7156
  # parameters.
@@ -6981,6 +7228,9 @@ module Aws::IAM
6981
7228
  # resp.instance_profiles[0].roles[0].tags[0].value #=> String
6982
7229
  # resp.instance_profiles[0].roles[0].role_last_used.last_used_date #=> Time
6983
7230
  # resp.instance_profiles[0].roles[0].role_last_used.region #=> String
7231
+ # resp.instance_profiles[0].tags #=> Array
7232
+ # resp.instance_profiles[0].tags[0].key #=> String
7233
+ # resp.instance_profiles[0].tags[0].value #=> String
6984
7234
  # resp.is_truncated #=> Boolean
6985
7235
  # resp.marker #=> String
6986
7236
  #
@@ -6993,11 +7243,83 @@ module Aws::IAM
6993
7243
  req.send_request(options)
6994
7244
  end
6995
7245
 
7246
+ # Lists the tags that are attached to the specified IAM virtual
7247
+ # multi-factor authentication (MFA) device. The returned list of tags is
7248
+ # sorted by tag key. For more information about tagging, see [Tagging
7249
+ # IAM resources][1] in the *IAM User Guide*.
7250
+ #
7251
+ #
7252
+ #
7253
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
7254
+ #
7255
+ # @option params [required, String] :serial_number
7256
+ # The unique identifier for the IAM virtual MFA device whose tags you
7257
+ # want to see. For virtual MFA devices, the serial number is the same as
7258
+ # the ARN.
7259
+ #
7260
+ # This parameter accepts (through its [regex pattern][1]) a string of
7261
+ # characters that consist of upper and lowercase alphanumeric characters
7262
+ # with no spaces. You can also include any of the following characters:
7263
+ # =,.@-
7264
+ #
7265
+ #
7266
+ #
7267
+ # [1]: http://wikipedia.org/wiki/regex
7268
+ #
7269
+ # @option params [String] :marker
7270
+ # Use this parameter only when paginating results and only after you
7271
+ # receive a response indicating that the results are truncated. Set it
7272
+ # to the value of the `Marker` element in the response that you received
7273
+ # to indicate where the next call should start.
7274
+ #
7275
+ # @option params [Integer] :max_items
7276
+ # (Optional) Use this only when paginating results to indicate the
7277
+ # maximum number of items that you want in the response. If additional
7278
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7279
+ # response element is `true`.
7280
+ #
7281
+ # If you do not include this parameter, it defaults to 100. Note that
7282
+ # IAM might return fewer results, even when more results are available.
7283
+ # In that case, the `IsTruncated` response element returns `true`, and
7284
+ # `Marker` contains a value to include in the subsequent call that tells
7285
+ # the service where to continue from.
7286
+ #
7287
+ # @return [Types::ListMFADeviceTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7288
+ #
7289
+ # * {Types::ListMFADeviceTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7290
+ # * {Types::ListMFADeviceTagsResponse#is_truncated #is_truncated} => Boolean
7291
+ # * {Types::ListMFADeviceTagsResponse#marker #marker} => String
7292
+ #
7293
+ # @example Request syntax with placeholder values
7294
+ #
7295
+ # resp = client.list_mfa_device_tags({
7296
+ # serial_number: "serialNumberType", # required
7297
+ # marker: "markerType",
7298
+ # max_items: 1,
7299
+ # })
7300
+ #
7301
+ # @example Response structure
7302
+ #
7303
+ # resp.tags #=> Array
7304
+ # resp.tags[0].key #=> String
7305
+ # resp.tags[0].value #=> String
7306
+ # resp.is_truncated #=> Boolean
7307
+ # resp.marker #=> String
7308
+ #
7309
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADeviceTags AWS API Documentation
7310
+ #
7311
+ # @overload list_mfa_device_tags(params = {})
7312
+ # @param [Hash] params ({})
7313
+ def list_mfa_device_tags(params = {}, options = {})
7314
+ req = build_request(:list_mfa_device_tags, params)
7315
+ req.send_request(options)
7316
+ end
7317
+
6996
7318
  # Lists the MFA devices for an IAM user. If the request includes a IAM
6997
7319
  # user name, then this operation lists all the MFA devices associated
6998
7320
  # with the specified user. If you do not specify a user name, IAM
6999
7321
  # determines the user name implicitly based on the AWS access key ID
7000
- # signing the request for this API.
7322
+ # signing the request for this operation.
7001
7323
  #
7002
7324
  # You can paginate the results using the `MaxItems` and `Marker`
7003
7325
  # parameters.
@@ -7065,19 +7387,102 @@ module Aws::IAM
7065
7387
  req.send_request(options)
7066
7388
  end
7067
7389
 
7068
- # Lists information about the IAM OpenID Connect (OIDC) provider
7069
- # resource objects defined in the AWS account.
7390
+ # Lists the tags that are attached to the specified OpenID Connect
7391
+ # (OIDC)-compatible identity provider. The returned list of tags is
7392
+ # sorted by tag key. For more information, see [About web identity
7393
+ # federation][1].
7070
7394
  #
7071
- # @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7395
+ # For more information about tagging, see [Tagging IAM resources][2] in
7396
+ # the *IAM User Guide*.
7072
7397
  #
7073
- # * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array&lt;Types::OpenIDConnectProviderListEntry&gt;
7074
7398
  #
7075
- # @example Response structure
7076
7399
  #
7077
- # resp.open_id_connect_provider_list #=> Array
7078
- # resp.open_id_connect_provider_list[0].arn #=> String
7400
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
7401
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
7079
7402
  #
7080
- # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviders AWS API Documentation
7403
+ # @option params [required, String] :open_id_connect_provider_arn
7404
+ # The ARN of the OpenID Connect (OIDC) identity provider whose tags you
7405
+ # want to see.
7406
+ #
7407
+ # This parameter accepts (through its [regex pattern][1]) a string of
7408
+ # characters that consist of upper and lowercase alphanumeric characters
7409
+ # with no spaces. You can also include any of the following characters:
7410
+ # =,.@-
7411
+ #
7412
+ #
7413
+ #
7414
+ # [1]: http://wikipedia.org/wiki/regex
7415
+ #
7416
+ # @option params [String] :marker
7417
+ # Use this parameter only when paginating results and only after you
7418
+ # receive a response indicating that the results are truncated. Set it
7419
+ # to the value of the `Marker` element in the response that you received
7420
+ # to indicate where the next call should start.
7421
+ #
7422
+ # @option params [Integer] :max_items
7423
+ # (Optional) Use this only when paginating results to indicate the
7424
+ # maximum number of items that you want in the response. If additional
7425
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7426
+ # response element is `true`.
7427
+ #
7428
+ # If you do not include this parameter, it defaults to 100. Note that
7429
+ # IAM might return fewer results, even when more results are available.
7430
+ # In that case, the `IsTruncated` response element returns `true`, and
7431
+ # `Marker` contains a value to include in the subsequent call that tells
7432
+ # the service where to continue from.
7433
+ #
7434
+ # @return [Types::ListOpenIDConnectProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7435
+ #
7436
+ # * {Types::ListOpenIDConnectProviderTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7437
+ # * {Types::ListOpenIDConnectProviderTagsResponse#is_truncated #is_truncated} => Boolean
7438
+ # * {Types::ListOpenIDConnectProviderTagsResponse#marker #marker} => String
7439
+ #
7440
+ # @example Request syntax with placeholder values
7441
+ #
7442
+ # resp = client.list_open_id_connect_provider_tags({
7443
+ # open_id_connect_provider_arn: "arnType", # required
7444
+ # marker: "markerType",
7445
+ # max_items: 1,
7446
+ # })
7447
+ #
7448
+ # @example Response structure
7449
+ #
7450
+ # resp.tags #=> Array
7451
+ # resp.tags[0].key #=> String
7452
+ # resp.tags[0].value #=> String
7453
+ # resp.is_truncated #=> Boolean
7454
+ # resp.marker #=> String
7455
+ #
7456
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviderTags AWS API Documentation
7457
+ #
7458
+ # @overload list_open_id_connect_provider_tags(params = {})
7459
+ # @param [Hash] params ({})
7460
+ def list_open_id_connect_provider_tags(params = {}, options = {})
7461
+ req = build_request(:list_open_id_connect_provider_tags, params)
7462
+ req.send_request(options)
7463
+ end
7464
+
7465
+ # Lists information about the IAM OpenID Connect (OIDC) provider
7466
+ # resource objects defined in the AWS account.
7467
+ #
7468
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
7469
+ # attributes for the resource. For example, this operation does not
7470
+ # return tags, even though they are an attribute of the returned object.
7471
+ # To view all of the information for an OIDC provider, see
7472
+ # GetOpenIDConnectProvider.
7473
+ #
7474
+ # </note>
7475
+ #
7476
+ # @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7477
+ #
7478
+ # * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array&lt;Types::OpenIDConnectProviderListEntry&gt;
7479
+ #
7480
+ # @example Response structure
7481
+ #
7482
+ # resp.open_id_connect_provider_list #=> Array
7483
+ # resp.open_id_connect_provider_list[0].arn #=> String
7484
+ #
7485
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviders AWS API Documentation
7081
7486
  #
7082
7487
  # @overload list_open_id_connect_providers(params = {})
7083
7488
  # @param [Hash] params ({})
@@ -7099,8 +7504,16 @@ module Aws::IAM
7099
7504
  # You can paginate the results using the `MaxItems` and `Marker`
7100
7505
  # parameters.
7101
7506
  #
7102
- # For more information about managed policies, see [Managed Policies and
7103
- # Inline Policies][1] in the *IAM User Guide*.
7507
+ # For more information about managed policies, see [Managed policies and
7508
+ # inline policies][1] in the *IAM User Guide*.
7509
+ #
7510
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
7511
+ # attributes for the resource. For example, this operation does not
7512
+ # return tags, even though they are an attribute of the returned object.
7513
+ # To view all of the information for a customer manged policy, see
7514
+ # GetPolicy.
7515
+ #
7516
+ # </note>
7104
7517
  #
7105
7518
  #
7106
7519
  #
@@ -7199,6 +7612,9 @@ module Aws::IAM
7199
7612
  # resp.policies[0].description #=> String
7200
7613
  # resp.policies[0].create_date #=> Time
7201
7614
  # resp.policies[0].update_date #=> Time
7615
+ # resp.policies[0].tags #=> Array
7616
+ # resp.policies[0].tags[0].key #=> String
7617
+ # resp.policies[0].tags[0].value #=> String
7202
7618
  # resp.is_truncated #=> Boolean
7203
7619
  # resp.marker #=> String
7204
7620
  #
@@ -7219,7 +7635,7 @@ module Aws::IAM
7219
7635
  # include resource-based policies, access control lists, AWS
7220
7636
  # Organizations policies, IAM permissions boundaries, and AWS STS assume
7221
7637
  # role policies. It only applies permissions policy logic. For more
7222
- # about the evaluation of policy types, see [Evaluating Policies][1] in
7638
+ # about the evaluation of policy types, see [Evaluating policies][1] in
7223
7639
  # the *IAM User Guide*.
7224
7640
  #
7225
7641
  # </note>
@@ -7242,8 +7658,8 @@ module Aws::IAM
7242
7658
  # For each managed policy, this operation returns the ARN and policy
7243
7659
  # name. For each inline policy, it returns the policy name and the
7244
7660
  # entity to which it is attached. Inline policies do not have an ARN.
7245
- # For more information about these policy types, see [Managed Policies
7246
- # and Inline Policies][2] in the *IAM User Guide*.
7661
+ # For more information about these policy types, see [Managed policies
7662
+ # and inline policies][2] in the *IAM User Guide*.
7247
7663
  #
7248
7664
  # Policies that are attached to users and roles as permissions
7249
7665
  # boundaries are not returned. To view which managed policy is currently
@@ -7269,17 +7685,16 @@ module Aws::IAM
7269
7685
  # The service namespace for the AWS services whose policies you want to
7270
7686
  # list.
7271
7687
  #
7272
- # To learn the service namespace for a service, go to [Actions,
7273
- # Resources, and Condition Keys for AWS Services][1] in the *IAM User
7274
- # Guide*. Choose the name of the service to view details for that
7275
- # service. In the first paragraph, find the service prefix. For example,
7276
- # `(service prefix: a4b)`. For more information about service
7277
- # namespaces, see [AWS Service Namespaces][2] in the *AWS General
7278
- # Reference*.
7688
+ # To learn the service namespace for a service, see [Actions, resources,
7689
+ # and condition keys for AWS services][1] in the *IAM User Guide*.
7690
+ # Choose the name of the service to view details for that service. In
7691
+ # the first paragraph, find the service prefix. For example, `(service
7692
+ # prefix: a4b)`. For more information about service namespaces, see [AWS
7693
+ # service namespaces][2] in the *AWS General Reference*.
7279
7694
  #
7280
7695
  #
7281
7696
  #
7282
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
7697
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
7283
7698
  # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
7284
7699
  #
7285
7700
  # @return [Types::ListPoliciesGrantingServiceAccessResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -7364,12 +7779,82 @@ module Aws::IAM
7364
7779
  req.send_request(options)
7365
7780
  end
7366
7781
 
7782
+ # Lists the tags that are attached to the specified IAM customer managed
7783
+ # policy. The returned list of tags is sorted by tag key. For more
7784
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
7785
+ # User Guide*.
7786
+ #
7787
+ #
7788
+ #
7789
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
7790
+ #
7791
+ # @option params [required, String] :policy_arn
7792
+ # The ARN of the IAM customer managed policy whose tags you want to see.
7793
+ #
7794
+ # This parameter accepts (through its [regex pattern][1]) a string of
7795
+ # characters that consist of upper and lowercase alphanumeric characters
7796
+ # with no spaces. You can also include any of the following characters:
7797
+ # =,.@-
7798
+ #
7799
+ #
7800
+ #
7801
+ # [1]: http://wikipedia.org/wiki/regex
7802
+ #
7803
+ # @option params [String] :marker
7804
+ # Use this parameter only when paginating results and only after you
7805
+ # receive a response indicating that the results are truncated. Set it
7806
+ # to the value of the `Marker` element in the response that you received
7807
+ # to indicate where the next call should start.
7808
+ #
7809
+ # @option params [Integer] :max_items
7810
+ # (Optional) Use this only when paginating results to indicate the
7811
+ # maximum number of items that you want in the response. If additional
7812
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7813
+ # response element is `true`.
7814
+ #
7815
+ # If you do not include this parameter, it defaults to 100. Note that
7816
+ # IAM might return fewer results, even when more results are available.
7817
+ # In that case, the `IsTruncated` response element returns `true`, and
7818
+ # `Marker` contains a value to include in the subsequent call that tells
7819
+ # the service where to continue from.
7820
+ #
7821
+ # @return [Types::ListPolicyTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7822
+ #
7823
+ # * {Types::ListPolicyTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7824
+ # * {Types::ListPolicyTagsResponse#is_truncated #is_truncated} => Boolean
7825
+ # * {Types::ListPolicyTagsResponse#marker #marker} => String
7826
+ #
7827
+ # @example Request syntax with placeholder values
7828
+ #
7829
+ # resp = client.list_policy_tags({
7830
+ # policy_arn: "arnType", # required
7831
+ # marker: "markerType",
7832
+ # max_items: 1,
7833
+ # })
7834
+ #
7835
+ # @example Response structure
7836
+ #
7837
+ # resp.tags #=> Array
7838
+ # resp.tags[0].key #=> String
7839
+ # resp.tags[0].value #=> String
7840
+ # resp.is_truncated #=> Boolean
7841
+ # resp.marker #=> String
7842
+ #
7843
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyTags AWS API Documentation
7844
+ #
7845
+ # @overload list_policy_tags(params = {})
7846
+ # @param [Hash] params ({})
7847
+ def list_policy_tags(params = {}, options = {})
7848
+ req = build_request(:list_policy_tags, params)
7849
+ req.send_request(options)
7850
+ end
7851
+
7367
7852
  # Lists information about the versions of the specified managed policy,
7368
7853
  # including the version that is currently set as the policy's default
7369
7854
  # version.
7370
7855
  #
7371
- # For more information about managed policies, see [Managed Policies and
7372
- # Inline Policies][1] in the *IAM User Guide*.
7856
+ # For more information about managed policies, see [Managed policies and
7857
+ # inline policies][1] in the *IAM User Guide*.
7373
7858
  #
7374
7859
  #
7375
7860
  #
@@ -7379,8 +7864,8 @@ module Aws::IAM
7379
7864
  # The Amazon Resource Name (ARN) of the IAM policy for which you want
7380
7865
  # the versions.
7381
7866
  #
7382
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
7383
- # AWS Service Namespaces][1] in the *AWS General Reference*.
7867
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
7868
+ # in the *AWS General Reference*.
7384
7869
  #
7385
7870
  #
7386
7871
  #
@@ -7444,7 +7929,7 @@ module Aws::IAM
7444
7929
  # An IAM role can also have managed policies attached to it. To list the
7445
7930
  # managed policies that are attached to a role, use
7446
7931
  # ListAttachedRolePolicies. For more information about policies, see
7447
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
7932
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
7448
7933
  #
7449
7934
  # You can paginate the results using the `MaxItems` and `Marker`
7450
7935
  # parameters. If there are no inline policies embedded with the
@@ -7517,7 +8002,7 @@ module Aws::IAM
7517
8002
 
7518
8003
  # Lists the tags that are attached to the specified role. The returned
7519
8004
  # list of tags is sorted by tag key. For more information about tagging,
7520
- # see [Tagging IAM Identities][1] in the *IAM User Guide*.
8005
+ # see [Tagging IAM resources][1] in the *IAM User Guide*.
7521
8006
  #
7522
8007
  #
7523
8008
  #
@@ -7610,7 +8095,14 @@ module Aws::IAM
7610
8095
 
7611
8096
  # Lists the IAM roles that have the specified path prefix. If there are
7612
8097
  # none, the operation returns an empty list. For more information about
7613
- # roles, go to [Working with Roles][1].
8098
+ # roles, see [Working with roles][1].
8099
+ #
8100
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
8101
+ # attributes for the resource. For example, this operation does not
8102
+ # return tags, even though they are an attribute of the returned object.
8103
+ # To view all of the information for a role, see GetRole.
8104
+ #
8105
+ # </note>
7614
8106
  #
7615
8107
  # You can paginate the results using the `MaxItems` and `Marker`
7616
8108
  # parameters.
@@ -7699,12 +8191,89 @@ module Aws::IAM
7699
8191
  req.send_request(options)
7700
8192
  end
7701
8193
 
7702
- # Lists the SAML provider resource objects defined in IAM in the
7703
- # account.
8194
+ # Lists the tags that are attached to the specified Security Assertion
8195
+ # Markup Language (SAML) identity provider. The returned list of tags is
8196
+ # sorted by tag key. For more information, see [About SAML 2.0-based
8197
+ # federation][1].
7704
8198
  #
7705
- # <note markdown="1"> This operation requires [Signature Version 4][1].
8199
+ # For more information about tagging, see [Tagging IAM resources][2] in
8200
+ # the *IAM User Guide*.
7706
8201
  #
7707
- # </note>
8202
+ #
8203
+ #
8204
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
8205
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
8206
+ #
8207
+ # @option params [required, String] :saml_provider_arn
8208
+ # The ARN of the Security Assertion Markup Language (SAML) identity
8209
+ # provider whose tags you want to see.
8210
+ #
8211
+ # This parameter accepts (through its [regex pattern][1]) a string of
8212
+ # characters that consist of upper and lowercase alphanumeric characters
8213
+ # with no spaces. You can also include any of the following characters:
8214
+ # =,.@-
8215
+ #
8216
+ #
8217
+ #
8218
+ # [1]: http://wikipedia.org/wiki/regex
8219
+ #
8220
+ # @option params [String] :marker
8221
+ # Use this parameter only when paginating results and only after you
8222
+ # receive a response indicating that the results are truncated. Set it
8223
+ # to the value of the `Marker` element in the response that you received
8224
+ # to indicate where the next call should start.
8225
+ #
8226
+ # @option params [Integer] :max_items
8227
+ # (Optional) Use this only when paginating results to indicate the
8228
+ # maximum number of items that you want in the response. If additional
8229
+ # items exist beyond the maximum that you specify, the `IsTruncated`
8230
+ # response element is `true`.
8231
+ #
8232
+ # If you do not include this parameter, it defaults to 100. Note that
8233
+ # IAM might return fewer results, even when more results are available.
8234
+ # In that case, the `IsTruncated` response element returns `true`, and
8235
+ # `Marker` contains a value to include in the subsequent call that tells
8236
+ # the service where to continue from.
8237
+ #
8238
+ # @return [Types::ListSAMLProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8239
+ #
8240
+ # * {Types::ListSAMLProviderTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
8241
+ # * {Types::ListSAMLProviderTagsResponse#is_truncated #is_truncated} => Boolean
8242
+ # * {Types::ListSAMLProviderTagsResponse#marker #marker} => String
8243
+ #
8244
+ # @example Request syntax with placeholder values
8245
+ #
8246
+ # resp = client.list_saml_provider_tags({
8247
+ # saml_provider_arn: "arnType", # required
8248
+ # marker: "markerType",
8249
+ # max_items: 1,
8250
+ # })
8251
+ #
8252
+ # @example Response structure
8253
+ #
8254
+ # resp.tags #=> Array
8255
+ # resp.tags[0].key #=> String
8256
+ # resp.tags[0].value #=> String
8257
+ # resp.is_truncated #=> Boolean
8258
+ # resp.marker #=> String
8259
+ #
8260
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviderTags AWS API Documentation
8261
+ #
8262
+ # @overload list_saml_provider_tags(params = {})
8263
+ # @param [Hash] params ({})
8264
+ def list_saml_provider_tags(params = {}, options = {})
8265
+ req = build_request(:list_saml_provider_tags, params)
8266
+ req.send_request(options)
8267
+ end
8268
+
8269
+ # Lists the SAML provider resource objects defined in IAM in the
8270
+ # account. IAM resource-listing operations return a subset of the
8271
+ # available attributes for the resource. For example, this operation
8272
+ # does not return tags, even though they are an attribute of the
8273
+ # returned object. To view all of the information for a SAML provider,
8274
+ # see GetSAMLProvider.
8275
+ #
8276
+ # This operation requires [Signature Version 4][1].
7708
8277
  #
7709
8278
  #
7710
8279
  #
@@ -7737,7 +8306,7 @@ module Aws::IAM
7737
8306
  # The SSH public keys returned by this operation are used only for
7738
8307
  # authenticating the IAM user to an AWS CodeCommit repository. For more
7739
8308
  # information about using SSH keys to authenticate to an AWS CodeCommit
7740
- # repository, see [Set up AWS CodeCommit for SSH Connections][1] in the
8309
+ # repository, see [Set up AWS CodeCommit for SSH connections][1] in the
7741
8310
  # *AWS CodeCommit User Guide*.
7742
8311
  #
7743
8312
  # Although each user is limited to a small number of keys, you can still
@@ -7813,6 +8382,85 @@ module Aws::IAM
7813
8382
  req.send_request(options)
7814
8383
  end
7815
8384
 
8385
+ # Lists the tags that are attached to the specified IAM server
8386
+ # certificate. The returned list of tags is sorted by tag key. For more
8387
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
8388
+ # User Guide*.
8389
+ #
8390
+ # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
8391
+ # (ACM), we recommend that you don't use IAM server certificates.
8392
+ # Instead, use ACM to provision, manage, and deploy your server
8393
+ # certificates. For more information about IAM server certificates,
8394
+ # [Working with server certificates][2] in the *IAM User Guide*.
8395
+ #
8396
+ # </note>
8397
+ #
8398
+ #
8399
+ #
8400
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
8401
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
8402
+ #
8403
+ # @option params [required, String] :server_certificate_name
8404
+ # The name of the IAM server certificate whose tags you want to see.
8405
+ #
8406
+ # This parameter accepts (through its [regex pattern][1]) a string of
8407
+ # characters that consist of upper and lowercase alphanumeric characters
8408
+ # with no spaces. You can also include any of the following characters:
8409
+ # =,.@-
8410
+ #
8411
+ #
8412
+ #
8413
+ # [1]: http://wikipedia.org/wiki/regex
8414
+ #
8415
+ # @option params [String] :marker
8416
+ # Use this parameter only when paginating results and only after you
8417
+ # receive a response indicating that the results are truncated. Set it
8418
+ # to the value of the `Marker` element in the response that you received
8419
+ # to indicate where the next call should start.
8420
+ #
8421
+ # @option params [Integer] :max_items
8422
+ # (Optional) Use this only when paginating results to indicate the
8423
+ # maximum number of items that you want in the response. If additional
8424
+ # items exist beyond the maximum that you specify, the `IsTruncated`
8425
+ # response element is `true`.
8426
+ #
8427
+ # If you do not include this parameter, it defaults to 100. Note that
8428
+ # IAM might return fewer results, even when more results are available.
8429
+ # In that case, the `IsTruncated` response element returns `true`, and
8430
+ # `Marker` contains a value to include in the subsequent call that tells
8431
+ # the service where to continue from.
8432
+ #
8433
+ # @return [Types::ListServerCertificateTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8434
+ #
8435
+ # * {Types::ListServerCertificateTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
8436
+ # * {Types::ListServerCertificateTagsResponse#is_truncated #is_truncated} => Boolean
8437
+ # * {Types::ListServerCertificateTagsResponse#marker #marker} => String
8438
+ #
8439
+ # @example Request syntax with placeholder values
8440
+ #
8441
+ # resp = client.list_server_certificate_tags({
8442
+ # server_certificate_name: "serverCertificateNameType", # required
8443
+ # marker: "markerType",
8444
+ # max_items: 1,
8445
+ # })
8446
+ #
8447
+ # @example Response structure
8448
+ #
8449
+ # resp.tags #=> Array
8450
+ # resp.tags[0].key #=> String
8451
+ # resp.tags[0].value #=> String
8452
+ # resp.is_truncated #=> Boolean
8453
+ # resp.marker #=> String
8454
+ #
8455
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificateTags AWS API Documentation
8456
+ #
8457
+ # @overload list_server_certificate_tags(params = {})
8458
+ # @param [Hash] params ({})
8459
+ def list_server_certificate_tags(params = {}, options = {})
8460
+ req = build_request(:list_server_certificate_tags, params)
8461
+ req.send_request(options)
8462
+ end
8463
+
7816
8464
  # Lists the server certificates stored in IAM that have the specified
7817
8465
  # path prefix. If none exist, the operation returns an empty list.
7818
8466
  #
@@ -7820,10 +8468,18 @@ module Aws::IAM
7820
8468
  # parameters.
7821
8469
  #
7822
8470
  # For more information about working with server certificates, see
7823
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
8471
+ # [Working with server certificates][1] in the *IAM User Guide*. This
7824
8472
  # topic also includes a list of AWS services that can use the server
7825
8473
  # certificates that you manage with IAM.
7826
8474
  #
8475
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
8476
+ # attributes for the resource. For example, this operation does not
8477
+ # return tags, even though they are an attribute of the returned object.
8478
+ # To view all of the information for a servercertificate, see
8479
+ # GetServerCertificate.
8480
+ #
8481
+ # </note>
8482
+ #
7827
8483
  #
7828
8484
  #
7829
8485
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
@@ -7905,7 +8561,7 @@ module Aws::IAM
7905
8561
  # empty list. The service-specific credentials returned by this
7906
8562
  # operation are used only for authenticating the IAM user to a specific
7907
8563
  # service. For more information about using service-specific credentials
7908
- # to authenticate to an AWS service, see [Set Up service-specific
8564
+ # to authenticate to an AWS service, see [Set up service-specific
7909
8565
  # credentials][1] in the AWS CodeCommit User Guide.
7910
8566
  #
7911
8567
  #
@@ -7971,9 +8627,10 @@ module Aws::IAM
7971
8627
  #
7972
8628
  # If the `UserName` field is not specified, the user name is determined
7973
8629
  # implicitly based on the AWS access key ID used to sign the request for
7974
- # this API. This operation works for access keys under the AWS account.
7975
- # Consequently, you can use this operation to manage AWS account root
7976
- # user credentials even if the AWS account has no associated users.
8630
+ # this operation. This operation works for access keys under the AWS
8631
+ # account. Consequently, you can use this operation to manage AWS
8632
+ # account root user credentials even if the AWS account has no
8633
+ # associated users.
7977
8634
  #
7978
8635
  # @option params [String] :user_name
7979
8636
  # The name of the IAM user whose signing certificates you want to
@@ -8069,7 +8726,7 @@ module Aws::IAM
8069
8726
  # An IAM user can also have managed policies attached to it. To list the
8070
8727
  # managed policies that are attached to a user, use
8071
8728
  # ListAttachedUserPolicies. For more information about policies, see
8072
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
8729
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
8073
8730
  #
8074
8731
  # You can paginate the results using the `MaxItems` and `Marker`
8075
8732
  # parameters. If there are no inline policies embedded with the
@@ -8140,9 +8797,9 @@ module Aws::IAM
8140
8797
  req.send_request(options)
8141
8798
  end
8142
8799
 
8143
- # Lists the tags that are attached to the specified user. The returned
8144
- # list of tags is sorted by tag key. For more information about tagging,
8145
- # see [Tagging IAM Identities][1] in the *IAM User Guide*.
8800
+ # Lists the tags that are attached to the specified IAM user. The
8801
+ # returned list of tags is sorted by tag key. For more information about
8802
+ # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
8146
8803
  #
8147
8804
  #
8148
8805
  #
@@ -8237,6 +8894,13 @@ module Aws::IAM
8237
8894
  # prefix is specified, the operation returns all users in the AWS
8238
8895
  # account. If there are none, the operation returns an empty list.
8239
8896
  #
8897
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
8898
+ # attributes for the resource. For example, this operation does not
8899
+ # return tags, even though they are an attribute of the returned object.
8900
+ # To view all of the information for a user, see GetUser.
8901
+ #
8902
+ # </note>
8903
+ #
8240
8904
  # You can paginate the results using the `MaxItems` and `Marker`
8241
8905
  # parameters.
8242
8906
  #
@@ -8351,6 +9015,14 @@ module Aws::IAM
8351
9015
  # returns a list of all virtual MFA devices. Assignment status can be
8352
9016
  # `Assigned`, `Unassigned`, or `Any`.
8353
9017
  #
9018
+ # <note markdown="1"> IAM resource-listing operations return a subset of the available
9019
+ # attributes for the resource. For example, this operation does not
9020
+ # return tags, even though they are an attribute of the returned object.
9021
+ # To view all of the information for a virtual MFA device, see
9022
+ # ListVirtualMFADevices.
9023
+ #
9024
+ # </note>
9025
+ #
8354
9026
  # You can paginate the results using the `MaxItems` and `Marker`
8355
9027
  # parameters.
8356
9028
  #
@@ -8430,6 +9102,9 @@ module Aws::IAM
8430
9102
  # resp.virtual_mfa_devices[0].user.tags[0].key #=> String
8431
9103
  # resp.virtual_mfa_devices[0].user.tags[0].value #=> String
8432
9104
  # resp.virtual_mfa_devices[0].enable_date #=> Time
9105
+ # resp.virtual_mfa_devices[0].tags #=> Array
9106
+ # resp.virtual_mfa_devices[0].tags[0].key #=> String
9107
+ # resp.virtual_mfa_devices[0].tags[0].value #=> String
8433
9108
  # resp.is_truncated #=> Boolean
8434
9109
  # resp.marker #=> String
8435
9110
  #
@@ -8448,15 +9123,15 @@ module Aws::IAM
8448
9123
  # A user can also have managed policies attached to it. To attach a
8449
9124
  # managed policy to a group, use AttachGroupPolicy. To create a new
8450
9125
  # managed policy, use CreatePolicy. For information about policies, see
8451
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
9126
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
8452
9127
  #
8453
- # For information about limits on the number of inline policies that you
8454
- # can embed in a group, see [Limitations on IAM Entities][2] in the *IAM
8455
- # User Guide*.
9128
+ # For information about the maximum number of inline policies that you
9129
+ # can embed in a group, see [IAM and STS quotas][2] in the *IAM User
9130
+ # Guide*.
8456
9131
  #
8457
9132
  # <note markdown="1"> Because policy documents can be large, you should use POST rather than
8458
9133
  # GET when calling `PutGroupPolicy`. For general information about using
8459
- # the Query API with IAM, go to [Making Query Requests][3] in the *IAM
9134
+ # the Query API with IAM, see [Making query requests][3] in the *IAM
8460
9135
  # User Guide*.
8461
9136
  #
8462
9137
  # </note>
@@ -8464,7 +9139,7 @@ module Aws::IAM
8464
9139
  #
8465
9140
  #
8466
9141
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8467
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
9142
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
8468
9143
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
8469
9144
  #
8470
9145
  # @option params [required, String] :group_name
@@ -8557,7 +9232,7 @@ module Aws::IAM
8557
9232
  # Policies used as permissions boundaries do not provide permissions.
8558
9233
  # You must also attach a permissions policy to the role. To learn how
8559
9234
  # the effective permissions for a role are evaluated, see [IAM JSON
8560
- # Policy Evaluation Logic][1] in the IAM User Guide.
9235
+ # policy evaluation logic][1] in the IAM User Guide.
8561
9236
  #
8562
9237
  #
8563
9238
  #
@@ -8596,21 +9271,21 @@ module Aws::IAM
8596
9271
  # as part of the role's access (permissions) policy. The role's trust
8597
9272
  # policy is created at the same time as the role, using CreateRole. You
8598
9273
  # can update a role's trust policy using UpdateAssumeRolePolicy. For
8599
- # more information about IAM roles, go to [Using Roles to Delegate
8600
- # Permissions and Federate Identities][1].
9274
+ # more information about IAM roles, see [Using roles to delegate
9275
+ # permissions and federate identities][1].
8601
9276
  #
8602
9277
  # A role can also have a managed policy attached to it. To attach a
8603
9278
  # managed policy to a role, use AttachRolePolicy. To create a new
8604
9279
  # managed policy, use CreatePolicy. For information about policies, see
8605
- # [Managed Policies and Inline Policies][2] in the *IAM User Guide*.
9280
+ # [Managed policies and inline policies][2] in the *IAM User Guide*.
8606
9281
  #
8607
- # For information about limits on the number of inline policies that you
8608
- # can embed with a role, see [Limitations on IAM Entities][3] in the
8609
- # *IAM User Guide*.
9282
+ # For information about the maximum number of inline policies that you
9283
+ # can embed with a role, see [IAM and STS quotas][3] in the *IAM User
9284
+ # Guide*.
8610
9285
  #
8611
9286
  # <note markdown="1"> Because policy documents can be large, you should use POST rather than
8612
9287
  # GET when calling `PutRolePolicy`. For general information about using
8613
- # the Query API with IAM, go to [Making Query Requests][4] in the *IAM
9288
+ # the Query API with IAM, see [Making query requests][4] in the *IAM
8614
9289
  # User Guide*.
8615
9290
  #
8616
9291
  # </note>
@@ -8619,7 +9294,7 @@ module Aws::IAM
8619
9294
  #
8620
9295
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
8621
9296
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8622
- # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
9297
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
8623
9298
  # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
8624
9299
  #
8625
9300
  # @option params [required, String] :role_name
@@ -8710,7 +9385,7 @@ module Aws::IAM
8710
9385
  # Policies that are used as permissions boundaries do not provide
8711
9386
  # permissions. You must also attach a permissions policy to the user. To
8712
9387
  # learn how the effective permissions for a user are evaluated, see [IAM
8713
- # JSON Policy Evaluation Logic][1] in the IAM User Guide.
9388
+ # JSON policy evaluation logic][1] in the IAM User Guide.
8714
9389
  #
8715
9390
  #
8716
9391
  #
@@ -8748,15 +9423,15 @@ module Aws::IAM
8748
9423
  # An IAM user can also have a managed policy attached to it. To attach a
8749
9424
  # managed policy to a user, use AttachUserPolicy. To create a new
8750
9425
  # managed policy, use CreatePolicy. For information about policies, see
8751
- # [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
9426
+ # [Managed policies and inline policies][1] in the *IAM User Guide*.
8752
9427
  #
8753
- # For information about limits on the number of inline policies that you
8754
- # can embed in a user, see [Limitations on IAM Entities][2] in the *IAM
8755
- # User Guide*.
9428
+ # For information about the maximum number of inline policies that you
9429
+ # can embed in a user, see [IAM and STS quotas][2] in the *IAM User
9430
+ # Guide*.
8756
9431
  #
8757
9432
  # <note markdown="1"> Because policy documents can be large, you should use POST rather than
8758
9433
  # GET when calling `PutUserPolicy`. For general information about using
8759
- # the Query API with IAM, go to [Making Query Requests][3] in the *IAM
9434
+ # the Query API with IAM, see [Making query requests][3] in the *IAM
8760
9435
  # User Guide*.
8761
9436
  #
8762
9437
  # </note>
@@ -8764,7 +9439,7 @@ module Aws::IAM
8764
9439
  #
8765
9440
  #
8766
9441
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
8767
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
9442
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
8768
9443
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
8769
9444
  #
8770
9445
  # @option params [required, String] :user_name
@@ -8857,8 +9532,8 @@ module Aws::IAM
8857
9532
  # remove the client ID from. You can get a list of OIDC provider ARNs by
8858
9533
  # using the ListOpenIDConnectProviders operation.
8859
9534
  #
8860
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
8861
- # AWS Service Namespaces][1] in the *AWS General Reference*.
9535
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
9536
+ # in the *AWS General Reference*.
8862
9537
  #
8863
9538
  #
8864
9539
  #
@@ -8895,9 +9570,9 @@ module Aws::IAM
8895
9570
  # role from an instance profile that is associated with a running
8896
9571
  # instance might break any applications running on the instance.
8897
9572
  #
8898
- # For more information about IAM roles, go to [Working with Roles][1].
8899
- # For more information about instance profiles, go to [About Instance
8900
- # Profiles][2].
9573
+ # For more information about IAM roles, see [Working with roles][1]. For
9574
+ # more information about instance profiles, see [About instance
9575
+ # profiles][2].
8901
9576
  #
8902
9577
  #
8903
9578
  #
@@ -9074,8 +9749,7 @@ module Aws::IAM
9074
9749
  # the AWS servers.
9075
9750
  #
9076
9751
  # For more information about creating and working with virtual MFA
9077
- # devices, go to [Using a Virtual MFA Device][1] in the *IAM User
9078
- # Guide*.
9752
+ # devices, see [Using a virtual MFA device][1] in the *IAM User Guide*.
9079
9753
  #
9080
9754
  #
9081
9755
  #
@@ -9140,10 +9814,10 @@ module Aws::IAM
9140
9814
  #
9141
9815
  # This operation affects all users, groups, and roles that the policy is
9142
9816
  # attached to. To list the users, groups, and roles that the policy is
9143
- # attached to, use the ListEntitiesForPolicy API.
9817
+ # attached to, use ListEntitiesForPolicy.
9144
9818
  #
9145
- # For information about managed policies, see [Managed Policies and
9146
- # Inline Policies][1] in the *IAM User Guide*.
9819
+ # For information about managed policies, see [Managed policies and
9820
+ # inline policies][1] in the *IAM User Guide*.
9147
9821
  #
9148
9822
  #
9149
9823
  #
@@ -9153,8 +9827,8 @@ module Aws::IAM
9153
9827
  # The Amazon Resource Name (ARN) of the IAM policy whose default version
9154
9828
  # you want to set.
9155
9829
  #
9156
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9157
- # AWS Service Namespaces][1] in the *AWS General Reference*.
9830
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
9831
+ # in the *AWS General Reference*.
9158
9832
  #
9159
9833
  #
9160
9834
  #
@@ -9164,7 +9838,7 @@ module Aws::IAM
9164
9838
  # The version of the policy to set as the default (operative) version.
9165
9839
  #
9166
9840
  # For more information about managed policy versions, see [Versioning
9167
- # for Managed Policies][1] in the *IAM User Guide*.
9841
+ # for managed policies][1] in the *IAM User Guide*.
9168
9842
  #
9169
9843
  #
9170
9844
  #
@@ -9196,7 +9870,8 @@ module Aws::IAM
9196
9870
  # `https://sts.amazonaws.com`. AWS recommends using Regional STS
9197
9871
  # endpoints to reduce latency, build in redundancy, and increase session
9198
9872
  # token availability. For information about Regional endpoints for STS,
9199
- # see [AWS Regions and Endpoints][1] in the *AWS General Reference*.
9873
+ # see [AWS AWS Security Token Service endpoints and quotas][1] in the
9874
+ # *AWS General Reference*.
9200
9875
  #
9201
9876
  # If you make an STS call to the global endpoint, the resulting session
9202
9877
  # tokens might be valid in some Regions but not others. It depends on
@@ -9205,8 +9880,8 @@ module Aws::IAM
9205
9880
  # work in manually enabled Regions, such as Asia Pacific (Hong Kong).
9206
9881
  # Version 2 tokens are valid in all Regions. However, version 2 tokens
9207
9882
  # are longer and might affect systems where you temporarily store
9208
- # tokens. For information, see [Activating and Deactivating STS in an
9209
- # AWS Region][2] in the *IAM User Guide*.
9883
+ # tokens. For information, see [Activating and deactivating STS in an
9884
+ # AWS region][2] in the *IAM User Guide*.
9210
9885
  #
9211
9886
  # To view the current session token version, see the
9212
9887
  # `GlobalEndpointTokenVersion` entry in the response of the
@@ -9214,7 +9889,7 @@ module Aws::IAM
9214
9889
  #
9215
9890
  #
9216
9891
  #
9217
- # [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region
9892
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/sts.html
9218
9893
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
9219
9894
  #
9220
9895
  # @option params [required, String] :global_endpoint_token_version
@@ -9225,8 +9900,8 @@ module Aws::IAM
9225
9900
  # are longer and might affect systems where you temporarily store
9226
9901
  # tokens.
9227
9902
  #
9228
- # For information, see [Activating and Deactivating STS in an AWS
9229
- # Region][1] in the *IAM User Guide*.
9903
+ # For information, see [Activating and deactivating STS in an AWS
9904
+ # region][1] in the *IAM User Guide*.
9230
9905
  #
9231
9906
  #
9232
9907
  #
@@ -9265,7 +9940,8 @@ module Aws::IAM
9265
9940
  #
9266
9941
  # The simulation does not perform the API operations; it only checks the
9267
9942
  # authorization to determine if the simulated policies allow or deny the
9268
- # operations.
9943
+ # operations. You can simulate resources that don't exist in your
9944
+ # account.
9269
9945
  #
9270
9946
  # If you want to simulate existing policies that are attached to an IAM
9271
9947
  # user, group, or role, use SimulatePrincipalPolicy instead.
@@ -9279,6 +9955,14 @@ module Aws::IAM
9279
9955
  # If the output is long, you can use `MaxItems` and `Marker` parameters
9280
9956
  # to paginate the results.
9281
9957
  #
9958
+ # For more information about using the policy simulator, see [Testing
9959
+ # IAM policies with the IAM policy simulator ][1]in the *IAM User
9960
+ # Guide*.
9961
+ #
9962
+ #
9963
+ #
9964
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
9965
+ #
9282
9966
  # @option params [required, Array<String>] :policy_input_list
9283
9967
  # A list of policy documents to include in the simulation. Each document
9284
9968
  # is specified as a string containing the complete, valid JSON text of
@@ -9313,7 +9997,7 @@ module Aws::IAM
9313
9997
  # boundary sets the maximum permissions that an IAM entity can have. You
9314
9998
  # can input only one permissions boundary when you pass a policy to this
9315
9999
  # operation. For more information about permissions boundaries, see
9316
- # [Permissions Boundaries for IAM Entities][1] in the *IAM User Guide*.
10000
+ # [Permissions boundaries for IAM entities][1] in the *IAM User Guide*.
9317
10001
  # The policy input is specified as a string that contains the complete,
9318
10002
  # valid JSON text of a permissions boundary policy.
9319
10003
  #
@@ -9346,7 +10030,8 @@ module Aws::IAM
9346
10030
  # resources). Each API in the `ActionNames` parameter is evaluated for
9347
10031
  # each resource in this list. The simulation determines the access
9348
10032
  # result (allowed or denied) of each combination and reports it in the
9349
- # response.
10033
+ # response. You can simulate resources that don't exist in your
10034
+ # account.
9350
10035
  #
9351
10036
  # The simulation does not automatically retrieve policies for the
9352
10037
  # specified resources. If you want to include a resource policy in the
@@ -9357,8 +10042,8 @@ module Aws::IAM
9357
10042
  # of the resources included in the simulation or you receive an invalid
9358
10043
  # input error.
9359
10044
  #
9360
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9361
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10045
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10046
+ # in the *AWS General Reference*.
9362
10047
  #
9363
10048
  #
9364
10049
  #
@@ -9434,7 +10119,7 @@ module Aws::IAM
9434
10119
  # includes VPC, then you must supply the network-interface resource. If
9435
10120
  # it includes an IP subnet, then you must specify the subnet resource.
9436
10121
  # For more information on the EC2 scenario options, see [Supported
9437
- # Platforms][1] in the *Amazon EC2 User Guide*.
10122
+ # platforms][1] in the *Amazon EC2 User Guide*.
9438
10123
  #
9439
10124
  # * **EC2-Classic-InstanceStore**
9440
10125
  #
@@ -9562,7 +10247,8 @@ module Aws::IAM
9562
10247
  # policies' effective permissions. The entity can be an IAM user,
9563
10248
  # group, or role. If you specify a user, then the simulation also
9564
10249
  # includes all of the policies that are attached to groups that the user
9565
- # belongs to.
10250
+ # belongs to. You can simulate resources that don't exist in your
10251
+ # account.
9566
10252
  #
9567
10253
  # You can optionally include a list of one or more additional policies
9568
10254
  # specified as strings to include in the simulation. If you want to
@@ -9576,8 +10262,8 @@ module Aws::IAM
9576
10262
  # authorization to determine if the simulated policies allow or deny the
9577
10263
  # operations.
9578
10264
  #
9579
- # **Note:** This API discloses information about the permissions granted
9580
- # to other users. If you do not want users to see other user's
10265
+ # **Note:** This operation discloses information about the permissions
10266
+ # granted to other users. If you do not want users to see other user's
9581
10267
  # permissions, then consider allowing them to use SimulateCustomPolicy
9582
10268
  # instead.
9583
10269
  #
@@ -9590,6 +10276,14 @@ module Aws::IAM
9590
10276
  # If the output is long, you can use the `MaxItems` and `Marker`
9591
10277
  # parameters to paginate the results.
9592
10278
  #
10279
+ # For more information about using the policy simulator, see [Testing
10280
+ # IAM policies with the IAM policy simulator ][1]in the *IAM User
10281
+ # Guide*.
10282
+ #
10283
+ #
10284
+ #
10285
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
10286
+ #
9593
10287
  # @option params [required, String] :policy_source_arn
9594
10288
  # The Amazon Resource Name (ARN) of a user, group, or role whose
9595
10289
  # policies you want to include in the simulation. If you specify a user,
@@ -9598,8 +10292,8 @@ module Aws::IAM
9598
10292
  # also includes all policies that are attached to any groups the user
9599
10293
  # belongs to.
9600
10294
  #
9601
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9602
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10295
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10296
+ # in the *AWS General Reference*.
9603
10297
  #
9604
10298
  #
9605
10299
  #
@@ -9635,7 +10329,7 @@ module Aws::IAM
9635
10329
  # to an entity and you pass in a different permissions boundary policy
9636
10330
  # using this parameter, then the new permissions boundary policy is used
9637
10331
  # for the simulation. For more information about permissions boundaries,
9638
- # see [Permissions Boundaries for IAM Entities][1] in the *IAM User
10332
+ # see [Permissions boundaries for IAM entities][1] in the *IAM User
9639
10333
  # Guide*. The policy input is specified as a string containing the
9640
10334
  # complete, valid JSON text of a permissions boundary policy.
9641
10335
  #
@@ -9667,15 +10361,16 @@ module Aws::IAM
9667
10361
  # resources). Each API in the `ActionNames` parameter is evaluated for
9668
10362
  # each resource in this list. The simulation determines the access
9669
10363
  # result (allowed or denied) of each combination and reports it in the
9670
- # response.
10364
+ # response. You can simulate resources that don't exist in your
10365
+ # account.
9671
10366
  #
9672
10367
  # The simulation does not automatically retrieve policies for the
9673
10368
  # specified resources. If you want to include a resource policy in the
9674
10369
  # simulation, then you must include the policy as a string in the
9675
10370
  # `ResourcePolicy` parameter.
9676
10371
  #
9677
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9678
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10372
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10373
+ # in the *AWS General Reference*.
9679
10374
  #
9680
10375
  #
9681
10376
  #
@@ -9733,8 +10428,8 @@ module Aws::IAM
9733
10428
  # that the resource-based policy's `Principal` element has a value to
9734
10429
  # use in evaluating the policy.
9735
10430
  #
9736
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
9737
- # AWS Service Namespaces][1] in the *AWS General Reference*.
10431
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10432
+ # in the *AWS General Reference*.
9738
10433
  #
9739
10434
  #
9740
10435
  #
@@ -9761,7 +10456,7 @@ module Aws::IAM
9761
10456
  # includes VPC, then you must supply the network interface resource. If
9762
10457
  # it includes an IP subnet, then you must specify the subnet resource.
9763
10458
  # For more information on the EC2 scenario options, see [Supported
9764
- # Platforms][1] in the *Amazon EC2 User Guide*.
10459
+ # platforms][1] in the *Amazon EC2 User Guide*.
9765
10460
  #
9766
10461
  # * **EC2-Classic-InstanceStore**
9767
10462
  #
@@ -9885,6 +10580,309 @@ module Aws::IAM
9885
10580
  req.send_request(options)
9886
10581
  end
9887
10582
 
10583
+ # Adds one or more tags to an IAM instance profile. If a tag with the
10584
+ # same key name already exists, then that tag is overwritten with the
10585
+ # new value.
10586
+ #
10587
+ # Each tag consists of a key name and an associated value. By assigning
10588
+ # tags to your resources, you can do the following:
10589
+ #
10590
+ # * **Administrative grouping and discovery** - Attach tags to resources
10591
+ # to aid in organization and search. For example, you could search for
10592
+ # all resources with the key name *Project* and the value
10593
+ # *MyImportantProject*. Or search for all resources with the key name
10594
+ # *Cost Center* and the value *41200*.
10595
+ #
10596
+ # * **Access control** - Include tags in IAM user-based and
10597
+ # resource-based policies. You can use tags to restrict access to only
10598
+ # an IAM instance profile that has a specified tag attached. For
10599
+ # examples of policies that show how to use tags to control access,
10600
+ # see [Control access using IAM tags][1] in the *IAM User Guide*.
10601
+ #
10602
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10603
+ # maximum number of tags, then the entire request fails and the
10604
+ # resource is not created. For more information about tagging, see
10605
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10606
+ #
10607
+ # * AWS always interprets the tag `Value` as a single string. If you
10608
+ # need to store an array, you can store comma-separated values in the
10609
+ # string. However, you must interpret the value in your code.
10610
+ #
10611
+ # </note>
10612
+ #
10613
+ #
10614
+ #
10615
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10616
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10617
+ #
10618
+ # @option params [required, String] :instance_profile_name
10619
+ # The name of the IAM instance profile to which you want to add tags.
10620
+ #
10621
+ # This parameter accepts (through its [regex pattern][1]) a string of
10622
+ # characters that consist of upper and lowercase alphanumeric characters
10623
+ # with no spaces. You can also include any of the following characters:
10624
+ # =,.@-
10625
+ #
10626
+ #
10627
+ #
10628
+ # [1]: http://wikipedia.org/wiki/regex
10629
+ #
10630
+ # @option params [required, Array<Types::Tag>] :tags
10631
+ # The list of tags that you want to attach to the IAM instance profile.
10632
+ # Each tag consists of a key name and an associated value.
10633
+ #
10634
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10635
+ #
10636
+ # @example Request syntax with placeholder values
10637
+ #
10638
+ # resp = client.tag_instance_profile({
10639
+ # instance_profile_name: "instanceProfileNameType", # required
10640
+ # tags: [ # required
10641
+ # {
10642
+ # key: "tagKeyType", # required
10643
+ # value: "tagValueType", # required
10644
+ # },
10645
+ # ],
10646
+ # })
10647
+ #
10648
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagInstanceProfile AWS API Documentation
10649
+ #
10650
+ # @overload tag_instance_profile(params = {})
10651
+ # @param [Hash] params ({})
10652
+ def tag_instance_profile(params = {}, options = {})
10653
+ req = build_request(:tag_instance_profile, params)
10654
+ req.send_request(options)
10655
+ end
10656
+
10657
+ # Adds one or more tags to an IAM virtual multi-factor authentication
10658
+ # (MFA) device. If a tag with the same key name already exists, then
10659
+ # that tag is overwritten with the new value.
10660
+ #
10661
+ # A tag consists of a key name and an associated value. By assigning
10662
+ # tags to your resources, you can do the following:
10663
+ #
10664
+ # * **Administrative grouping and discovery** - Attach tags to resources
10665
+ # to aid in organization and search. For example, you could search for
10666
+ # all resources with the key name *Project* and the value
10667
+ # *MyImportantProject*. Or search for all resources with the key name
10668
+ # *Cost Center* and the value *41200*.
10669
+ #
10670
+ # * **Access control** - Include tags in IAM user-based and
10671
+ # resource-based policies. You can use tags to restrict access to only
10672
+ # an IAM virtual MFA device that has a specified tag attached. For
10673
+ # examples of policies that show how to use tags to control access,
10674
+ # see [Control access using IAM tags][1] in the *IAM User Guide*.
10675
+ #
10676
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10677
+ # maximum number of tags, then the entire request fails and the
10678
+ # resource is not created. For more information about tagging, see
10679
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10680
+ #
10681
+ # * AWS always interprets the tag `Value` as a single string. If you
10682
+ # need to store an array, you can store comma-separated values in the
10683
+ # string. However, you must interpret the value in your code.
10684
+ #
10685
+ # </note>
10686
+ #
10687
+ #
10688
+ #
10689
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10690
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10691
+ #
10692
+ # @option params [required, String] :serial_number
10693
+ # The unique identifier for the IAM virtual MFA device to which you want
10694
+ # to add tags. For virtual MFA devices, the serial number is the same as
10695
+ # the ARN.
10696
+ #
10697
+ # This parameter accepts (through its [regex pattern][1]) a string of
10698
+ # characters that consist of upper and lowercase alphanumeric characters
10699
+ # with no spaces. You can also include any of the following characters:
10700
+ # =,.@-
10701
+ #
10702
+ #
10703
+ #
10704
+ # [1]: http://wikipedia.org/wiki/regex
10705
+ #
10706
+ # @option params [required, Array<Types::Tag>] :tags
10707
+ # The list of tags that you want to attach to the IAM virtual MFA
10708
+ # device. Each tag consists of a key name and an associated value.
10709
+ #
10710
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10711
+ #
10712
+ # @example Request syntax with placeholder values
10713
+ #
10714
+ # resp = client.tag_mfa_device({
10715
+ # serial_number: "serialNumberType", # required
10716
+ # tags: [ # required
10717
+ # {
10718
+ # key: "tagKeyType", # required
10719
+ # value: "tagValueType", # required
10720
+ # },
10721
+ # ],
10722
+ # })
10723
+ #
10724
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagMFADevice AWS API Documentation
10725
+ #
10726
+ # @overload tag_mfa_device(params = {})
10727
+ # @param [Hash] params ({})
10728
+ def tag_mfa_device(params = {}, options = {})
10729
+ req = build_request(:tag_mfa_device, params)
10730
+ req.send_request(options)
10731
+ end
10732
+
10733
+ # Adds one or more tags to an OpenID Connect (OIDC)-compatible identity
10734
+ # provider. For more information about these providers, see [About web
10735
+ # identity federation][1]. If a tag with the same key name already
10736
+ # exists, then that tag is overwritten with the new value.
10737
+ #
10738
+ # A tag consists of a key name and an associated value. By assigning
10739
+ # tags to your resources, you can do the following:
10740
+ #
10741
+ # * **Administrative grouping and discovery** - Attach tags to resources
10742
+ # to aid in organization and search. For example, you could search for
10743
+ # all resources with the key name *Project* and the value
10744
+ # *MyImportantProject*. Or search for all resources with the key name
10745
+ # *Cost Center* and the value *41200*.
10746
+ #
10747
+ # * **Access control** - Include tags in IAM user-based and
10748
+ # resource-based policies. You can use tags to restrict access to only
10749
+ # an OIDC provider that has a specified tag attached. For examples of
10750
+ # policies that show how to use tags to control access, see [Control
10751
+ # access using IAM tags][2] in the *IAM User Guide*.
10752
+ #
10753
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10754
+ # maximum number of tags, then the entire request fails and the
10755
+ # resource is not created. For more information about tagging, see
10756
+ # [Tagging IAM resources][3] in the *IAM User Guide*.
10757
+ #
10758
+ # * AWS always interprets the tag `Value` as a single string. If you
10759
+ # need to store an array, you can store comma-separated values in the
10760
+ # string. However, you must interpret the value in your code.
10761
+ #
10762
+ # </note>
10763
+ #
10764
+ #
10765
+ #
10766
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
10767
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10768
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10769
+ #
10770
+ # @option params [required, String] :open_id_connect_provider_arn
10771
+ # The ARN of the OIDC identity provider in IAM to which you want to add
10772
+ # tags.
10773
+ #
10774
+ # This parameter accepts (through its [regex pattern][1]) a string of
10775
+ # characters that consist of upper and lowercase alphanumeric characters
10776
+ # with no spaces. You can also include any of the following characters:
10777
+ # =,.@-
10778
+ #
10779
+ #
10780
+ #
10781
+ # [1]: http://wikipedia.org/wiki/regex
10782
+ #
10783
+ # @option params [required, Array<Types::Tag>] :tags
10784
+ # The list of tags that you want to attach to the OIDC identity provider
10785
+ # in IAM. Each tag consists of a key name and an associated value.
10786
+ #
10787
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10788
+ #
10789
+ # @example Request syntax with placeholder values
10790
+ #
10791
+ # resp = client.tag_open_id_connect_provider({
10792
+ # open_id_connect_provider_arn: "arnType", # required
10793
+ # tags: [ # required
10794
+ # {
10795
+ # key: "tagKeyType", # required
10796
+ # value: "tagValueType", # required
10797
+ # },
10798
+ # ],
10799
+ # })
10800
+ #
10801
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagOpenIDConnectProvider AWS API Documentation
10802
+ #
10803
+ # @overload tag_open_id_connect_provider(params = {})
10804
+ # @param [Hash] params ({})
10805
+ def tag_open_id_connect_provider(params = {}, options = {})
10806
+ req = build_request(:tag_open_id_connect_provider, params)
10807
+ req.send_request(options)
10808
+ end
10809
+
10810
+ # Adds one or more tags to an IAM customer managed policy. If a tag with
10811
+ # the same key name already exists, then that tag is overwritten with
10812
+ # the new value.
10813
+ #
10814
+ # A tag consists of a key name and an associated value. By assigning
10815
+ # tags to your resources, you can do the following:
10816
+ #
10817
+ # * **Administrative grouping and discovery** - Attach tags to resources
10818
+ # to aid in organization and search. For example, you could search for
10819
+ # all resources with the key name *Project* and the value
10820
+ # *MyImportantProject*. Or search for all resources with the key name
10821
+ # *Cost Center* and the value *41200*.
10822
+ #
10823
+ # * **Access control** - Include tags in IAM user-based and
10824
+ # resource-based policies. You can use tags to restrict access to only
10825
+ # an IAM customer managed policy that has a specified tag attached.
10826
+ # For examples of policies that show how to use tags to control
10827
+ # access, see [Control access using IAM tags][1] in the *IAM User
10828
+ # Guide*.
10829
+ #
10830
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10831
+ # maximum number of tags, then the entire request fails and the
10832
+ # resource is not created. For more information about tagging, see
10833
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10834
+ #
10835
+ # * AWS always interprets the tag `Value` as a single string. If you
10836
+ # need to store an array, you can store comma-separated values in the
10837
+ # string. However, you must interpret the value in your code.
10838
+ #
10839
+ # </note>
10840
+ #
10841
+ #
10842
+ #
10843
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
10844
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10845
+ #
10846
+ # @option params [required, String] :policy_arn
10847
+ # The ARN of the IAM customer managed policy to which you want to add
10848
+ # tags.
10849
+ #
10850
+ # This parameter accepts (through its [regex pattern][1]) a string of
10851
+ # characters that consist of upper and lowercase alphanumeric characters
10852
+ # with no spaces. You can also include any of the following characters:
10853
+ # =,.@-
10854
+ #
10855
+ #
10856
+ #
10857
+ # [1]: http://wikipedia.org/wiki/regex
10858
+ #
10859
+ # @option params [required, Array<Types::Tag>] :tags
10860
+ # The list of tags that you want to attach to the IAM customer managed
10861
+ # policy. Each tag consists of a key name and an associated value.
10862
+ #
10863
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10864
+ #
10865
+ # @example Request syntax with placeholder values
10866
+ #
10867
+ # resp = client.tag_policy({
10868
+ # policy_arn: "arnType", # required
10869
+ # tags: [ # required
10870
+ # {
10871
+ # key: "tagKeyType", # required
10872
+ # value: "tagValueType", # required
10873
+ # },
10874
+ # ],
10875
+ # })
10876
+ #
10877
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagPolicy AWS API Documentation
10878
+ #
10879
+ # @overload tag_policy(params = {})
10880
+ # @param [Hash] params ({})
10881
+ def tag_policy(params = {}, options = {})
10882
+ req = build_request(:tag_policy, params)
10883
+ req.send_request(options)
10884
+ end
10885
+
9888
10886
  # Adds one or more tags to an IAM role. The role can be a regular role
9889
10887
  # or a service-linked role. If a tag with the same key name already
9890
10888
  # exists, then that tag is overwritten with the new value.
@@ -9898,20 +10896,20 @@ module Aws::IAM
9898
10896
  # *MyImportantProject*. Or search for all resources with the key name
9899
10897
  # *Cost Center* and the value *41200*.
9900
10898
  #
9901
- # * **Access control** - Reference tags in IAM user-based and
10899
+ # * **Access control** - Include tags in IAM user-based and
9902
10900
  # resource-based policies. You can use tags to restrict access to only
9903
- # an IAM user or role that has a specified tag attached. You can also
9904
- # restrict access to only those resources that have a certain tag
9905
- # attached. For examples of policies that show how to use tags to
9906
- # control access, see [Control Access Using IAM Tags][1] in the *IAM
9907
- # User Guide*.
10901
+ # an IAM role that has a specified tag attached. You can also restrict
10902
+ # access to only those resources that have a certain tag attached. For
10903
+ # examples of policies that show how to use tags to control access,
10904
+ # see [Control access using IAM tags][1] in the *IAM User Guide*.
9908
10905
  #
9909
10906
  # * **Cost allocation** - Use tags to help track which individuals and
9910
10907
  # teams are using which AWS resources.
9911
10908
  #
9912
- # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed
9913
- # the allowed number of tags per role. In either case, the entire
9914
- # request fails and *no* tags are added to the role.
10909
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10910
+ # maximum number of tags, then the entire request fails and the
10911
+ # resource is not created. For more information about tagging, see
10912
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
9915
10913
  #
9916
10914
  # * AWS always interprets the tag `Value` as a single string. If you
9917
10915
  # need to store an array, you can store comma-separated values in the
@@ -9919,7 +10917,7 @@ module Aws::IAM
9919
10917
  #
9920
10918
  # </note>
9921
10919
  #
9922
- # For more information about tagging, see [Tagging IAM Identities][2] in
10920
+ # For more information about tagging, see [Tagging IAM identities][2] in
9923
10921
  # the *IAM User Guide*.
9924
10922
  #
9925
10923
  #
@@ -9928,47 +10926,209 @@ module Aws::IAM
9928
10926
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
9929
10927
  #
9930
10928
  # @option params [required, String] :role_name
9931
- # The name of the role that you want to add tags to.
10929
+ # The name of the IAM role to which you want to add tags.
10930
+ #
10931
+ # This parameter accepts (through its [regex pattern][1]) a string of
10932
+ # characters that consist of upper and lowercase alphanumeric characters
10933
+ # with no spaces. You can also include any of the following characters:
10934
+ # \_+=,.@-
10935
+ #
10936
+ #
10937
+ #
10938
+ # [1]: http://wikipedia.org/wiki/regex
10939
+ #
10940
+ # @option params [required, Array<Types::Tag>] :tags
10941
+ # The list of tags that you want to attach to the IAM role. Each tag
10942
+ # consists of a key name and an associated value.
10943
+ #
10944
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10945
+ #
10946
+ #
10947
+ # @example Example: To add a tag key and value to an IAM role
10948
+ #
10949
+ # # The following example shows how to add tags to an existing role.
10950
+ #
10951
+ # resp = client.tag_role({
10952
+ # role_name: "taggedrole",
10953
+ # tags: [
10954
+ # {
10955
+ # key: "Dept",
10956
+ # value: "Accounting",
10957
+ # },
10958
+ # {
10959
+ # key: "CostCenter",
10960
+ # value: "12345",
10961
+ # },
10962
+ # ],
10963
+ # })
10964
+ #
10965
+ # @example Request syntax with placeholder values
10966
+ #
10967
+ # resp = client.tag_role({
10968
+ # role_name: "roleNameType", # required
10969
+ # tags: [ # required
10970
+ # {
10971
+ # key: "tagKeyType", # required
10972
+ # value: "tagValueType", # required
10973
+ # },
10974
+ # ],
10975
+ # })
10976
+ #
10977
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole AWS API Documentation
10978
+ #
10979
+ # @overload tag_role(params = {})
10980
+ # @param [Hash] params ({})
10981
+ def tag_role(params = {}, options = {})
10982
+ req = build_request(:tag_role, params)
10983
+ req.send_request(options)
10984
+ end
10985
+
10986
+ # Adds one or more tags to a Security Assertion Markup Language (SAML)
10987
+ # identity provider. For more information about these providers, see
10988
+ # [About SAML 2.0-based federation ][1]. If a tag with the same key name
10989
+ # already exists, then that tag is overwritten with the new value.
10990
+ #
10991
+ # A tag consists of a key name and an associated value. By assigning
10992
+ # tags to your resources, you can do the following:
10993
+ #
10994
+ # * **Administrative grouping and discovery** - Attach tags to resources
10995
+ # to aid in organization and search. For example, you could search for
10996
+ # all resources with the key name *Project* and the value
10997
+ # *MyImportantProject*. Or search for all resources with the key name
10998
+ # *Cost Center* and the value *41200*.
10999
+ #
11000
+ # * **Access control** - Include tags in IAM user-based and
11001
+ # resource-based policies. You can use tags to restrict access to only
11002
+ # a SAML identity provider that has a specified tag attached. For
11003
+ # examples of policies that show how to use tags to control access,
11004
+ # see [Control access using IAM tags][2] in the *IAM User Guide*.
11005
+ #
11006
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
11007
+ # maximum number of tags, then the entire request fails and the
11008
+ # resource is not created. For more information about tagging, see
11009
+ # [Tagging IAM resources][3] in the *IAM User Guide*.
11010
+ #
11011
+ # * AWS always interprets the tag `Value` as a single string. If you
11012
+ # need to store an array, you can store comma-separated values in the
11013
+ # string. However, you must interpret the value in your code.
11014
+ #
11015
+ # </note>
11016
+ #
11017
+ #
11018
+ #
11019
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
11020
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
11021
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11022
+ #
11023
+ # @option params [required, String] :saml_provider_arn
11024
+ # The ARN of the SAML identity provider in IAM to which you want to add
11025
+ # tags.
11026
+ #
11027
+ # This parameter accepts (through its [regex pattern][1]) a string of
11028
+ # characters that consist of upper and lowercase alphanumeric characters
11029
+ # with no spaces. You can also include any of the following characters:
11030
+ # =,.@-
11031
+ #
11032
+ #
11033
+ #
11034
+ # [1]: http://wikipedia.org/wiki/regex
11035
+ #
11036
+ # @option params [required, Array<Types::Tag>] :tags
11037
+ # The list of tags that you want to attach to the SAML identity provider
11038
+ # in IAM. Each tag consists of a key name and an associated value.
11039
+ #
11040
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11041
+ #
11042
+ # @example Request syntax with placeholder values
11043
+ #
11044
+ # resp = client.tag_saml_provider({
11045
+ # saml_provider_arn: "arnType", # required
11046
+ # tags: [ # required
11047
+ # {
11048
+ # key: "tagKeyType", # required
11049
+ # value: "tagValueType", # required
11050
+ # },
11051
+ # ],
11052
+ # })
11053
+ #
11054
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagSAMLProvider AWS API Documentation
11055
+ #
11056
+ # @overload tag_saml_provider(params = {})
11057
+ # @param [Hash] params ({})
11058
+ def tag_saml_provider(params = {}, options = {})
11059
+ req = build_request(:tag_saml_provider, params)
11060
+ req.send_request(options)
11061
+ end
11062
+
11063
+ # Adds one or more tags to an IAM server certificate. If a tag with the
11064
+ # same key name already exists, then that tag is overwritten with the
11065
+ # new value.
11066
+ #
11067
+ # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
11068
+ # (ACM), we recommend that you don't use IAM server certificates.
11069
+ # Instead, use ACM to provision, manage, and deploy your server
11070
+ # certificates. For more information about IAM server certificates,
11071
+ # [Working with server certificates][1] in the *IAM User Guide*.
11072
+ #
11073
+ # </note>
11074
+ #
11075
+ # A tag consists of a key name and an associated value. By assigning
11076
+ # tags to your resources, you can do the following:
11077
+ #
11078
+ # * **Administrative grouping and discovery** - Attach tags to resources
11079
+ # to aid in organization and search. For example, you could search for
11080
+ # all resources with the key name *Project* and the value
11081
+ # *MyImportantProject*. Or search for all resources with the key name
11082
+ # *Cost Center* and the value *41200*.
11083
+ #
11084
+ # * **Access control** - Include tags in IAM user-based and
11085
+ # resource-based policies. You can use tags to restrict access to only
11086
+ # a server certificate that has a specified tag attached. For examples
11087
+ # of policies that show how to use tags to control access, see
11088
+ # [Control access using IAM tags][2] in the *IAM User Guide*.
11089
+ #
11090
+ # * **Cost allocation** - Use tags to help track which individuals and
11091
+ # teams are using which AWS resources.
11092
+ #
11093
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
11094
+ # maximum number of tags, then the entire request fails and the
11095
+ # resource is not created. For more information about tagging, see
11096
+ # [Tagging IAM resources][3] in the *IAM User Guide*.
11097
+ #
11098
+ # * AWS always interprets the tag `Value` as a single string. If you
11099
+ # need to store an array, you can store comma-separated values in the
11100
+ # string. However, you must interpret the value in your code.
11101
+ #
11102
+ # </note>
11103
+ #
11104
+ #
11105
+ #
11106
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
11107
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
11108
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11109
+ #
11110
+ # @option params [required, String] :server_certificate_name
11111
+ # The name of the IAM server certificate to which you want to add tags.
9932
11112
  #
9933
11113
  # This parameter accepts (through its [regex pattern][1]) a string of
9934
11114
  # characters that consist of upper and lowercase alphanumeric characters
9935
11115
  # with no spaces. You can also include any of the following characters:
9936
- # \_+=,.@-
11116
+ # =,.@-
9937
11117
  #
9938
11118
  #
9939
11119
  #
9940
11120
  # [1]: http://wikipedia.org/wiki/regex
9941
11121
  #
9942
11122
  # @option params [required, Array<Types::Tag>] :tags
9943
- # The list of tags that you want to attach to the role. Each tag
9944
- # consists of a key name and an associated value. You can specify this
9945
- # with a JSON string.
11123
+ # The list of tags that you want to attach to the IAM server
11124
+ # certificate. Each tag consists of a key name and an associated value.
9946
11125
  #
9947
11126
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
9948
11127
  #
9949
- #
9950
- # @example Example: To add a tag key and value to an IAM role
9951
- #
9952
- # # The following example shows how to add tags to an existing role.
9953
- #
9954
- # resp = client.tag_role({
9955
- # role_name: "taggedrole",
9956
- # tags: [
9957
- # {
9958
- # key: "Dept",
9959
- # value: "Accounting",
9960
- # },
9961
- # {
9962
- # key: "CostCenter",
9963
- # value: "12345",
9964
- # },
9965
- # ],
9966
- # })
9967
- #
9968
11128
  # @example Request syntax with placeholder values
9969
11129
  #
9970
- # resp = client.tag_role({
9971
- # role_name: "roleNameType", # required
11130
+ # resp = client.tag_server_certificate({
11131
+ # server_certificate_name: "serverCertificateNameType", # required
9972
11132
  # tags: [ # required
9973
11133
  # {
9974
11134
  # key: "tagKeyType", # required
@@ -9977,12 +11137,12 @@ module Aws::IAM
9977
11137
  # ],
9978
11138
  # })
9979
11139
  #
9980
- # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole AWS API Documentation
11140
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagServerCertificate AWS API Documentation
9981
11141
  #
9982
- # @overload tag_role(params = {})
11142
+ # @overload tag_server_certificate(params = {})
9983
11143
  # @param [Hash] params ({})
9984
- def tag_role(params = {}, options = {})
9985
- req = build_request(:tag_role, params)
11144
+ def tag_server_certificate(params = {}, options = {})
11145
+ req = build_request(:tag_server_certificate, params)
9986
11146
  req.send_request(options)
9987
11147
  end
9988
11148
 
@@ -9998,20 +11158,21 @@ module Aws::IAM
9998
11158
  # *MyImportantProject*. Or search for all resources with the key name
9999
11159
  # *Cost Center* and the value *41200*.
10000
11160
  #
10001
- # * **Access control** - Reference tags in IAM user-based and
11161
+ # * **Access control** - Include tags in IAM user-based and
10002
11162
  # resource-based policies. You can use tags to restrict access to only
10003
- # an IAM requesting user or to a role that has a specified tag
10004
- # attached. You can also restrict access to only those resources that
10005
- # have a certain tag attached. For examples of policies that show how
10006
- # to use tags to control access, see [Control Access Using IAM
10007
- # Tags][1] in the *IAM User Guide*.
11163
+ # an IAM requesting user that has a specified tag attached. You can
11164
+ # also restrict access to only those resources that have a certain tag
11165
+ # attached. For examples of policies that show how to use tags to
11166
+ # control access, see [Control access using IAM tags][1] in the *IAM
11167
+ # User Guide*.
10008
11168
  #
10009
11169
  # * **Cost allocation** - Use tags to help track which individuals and
10010
11170
  # teams are using which AWS resources.
10011
11171
  #
10012
- # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed
10013
- # the allowed number of tags per role. In either case, the entire
10014
- # request fails and *no* tags are added to the role.
11172
+ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
11173
+ # maximum number of tags, then the entire request fails and the
11174
+ # resource is not created. For more information about tagging, see
11175
+ # [Tagging IAM resources][2] in the *IAM User Guide*.
10015
11176
  #
10016
11177
  # * AWS always interprets the tag `Value` as a single string. If you
10017
11178
  # need to store an array, you can store comma-separated values in the
@@ -10019,7 +11180,7 @@ module Aws::IAM
10019
11180
  #
10020
11181
  # </note>
10021
11182
  #
10022
- # For more information about tagging, see [Tagging IAM Identities][2] in
11183
+ # For more information about tagging, see [Tagging IAM identities][2] in
10023
11184
  # the *IAM User Guide*.
10024
11185
  #
10025
11186
  #
@@ -10028,7 +11189,7 @@ module Aws::IAM
10028
11189
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
10029
11190
  #
10030
11191
  # @option params [required, String] :user_name
10031
- # The name of the user that you want to add tags to.
11192
+ # The name of the IAM user to which you want to add tags.
10032
11193
  #
10033
11194
  # This parameter accepts (through its [regex pattern][1]) a string of
10034
11195
  # characters that consist of upper and lowercase alphanumeric characters
@@ -10040,7 +11201,7 @@ module Aws::IAM
10040
11201
  # [1]: http://wikipedia.org/wiki/regex
10041
11202
  #
10042
11203
  # @option params [required, Array<Types::Tag>] :tags
10043
- # The list of tags that you want to attach to the user. Each tag
11204
+ # The list of tags that you want to attach to the IAM user. Each tag
10044
11205
  # consists of a key name and an associated value.
10045
11206
  #
10046
11207
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -10085,8 +11246,184 @@ module Aws::IAM
10085
11246
  req.send_request(options)
10086
11247
  end
10087
11248
 
11249
+ # Removes the specified tags from the IAM instance profile. For more
11250
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
11251
+ # User Guide*.
11252
+ #
11253
+ #
11254
+ #
11255
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11256
+ #
11257
+ # @option params [required, String] :instance_profile_name
11258
+ # The name of the IAM instance profile from which you want to remove
11259
+ # tags.
11260
+ #
11261
+ # This parameter accepts (through its [regex pattern][1]) a string of
11262
+ # characters that consist of upper and lowercase alphanumeric characters
11263
+ # with no spaces. You can also include any of the following characters:
11264
+ # =,.@-
11265
+ #
11266
+ #
11267
+ #
11268
+ # [1]: http://wikipedia.org/wiki/regex
11269
+ #
11270
+ # @option params [required, Array<String>] :tag_keys
11271
+ # A list of key names as a simple array of strings. The tags with
11272
+ # matching keys are removed from the specified instance profile.
11273
+ #
11274
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11275
+ #
11276
+ # @example Request syntax with placeholder values
11277
+ #
11278
+ # resp = client.untag_instance_profile({
11279
+ # instance_profile_name: "instanceProfileNameType", # required
11280
+ # tag_keys: ["tagKeyType"], # required
11281
+ # })
11282
+ #
11283
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagInstanceProfile AWS API Documentation
11284
+ #
11285
+ # @overload untag_instance_profile(params = {})
11286
+ # @param [Hash] params ({})
11287
+ def untag_instance_profile(params = {}, options = {})
11288
+ req = build_request(:untag_instance_profile, params)
11289
+ req.send_request(options)
11290
+ end
11291
+
11292
+ # Removes the specified tags from the IAM virtual multi-factor
11293
+ # authentication (MFA) device. For more information about tagging, see
11294
+ # [Tagging IAM resources][1] in the *IAM User Guide*.
11295
+ #
11296
+ #
11297
+ #
11298
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11299
+ #
11300
+ # @option params [required, String] :serial_number
11301
+ # The unique identifier for the IAM virtual MFA device from which you
11302
+ # want to remove tags. For virtual MFA devices, the serial number is the
11303
+ # same as the ARN.
11304
+ #
11305
+ # This parameter accepts (through its [regex pattern][1]) a string of
11306
+ # characters that consist of upper and lowercase alphanumeric characters
11307
+ # with no spaces. You can also include any of the following characters:
11308
+ # =,.@-
11309
+ #
11310
+ #
11311
+ #
11312
+ # [1]: http://wikipedia.org/wiki/regex
11313
+ #
11314
+ # @option params [required, Array<String>] :tag_keys
11315
+ # A list of key names as a simple array of strings. The tags with
11316
+ # matching keys are removed from the specified instance profile.
11317
+ #
11318
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11319
+ #
11320
+ # @example Request syntax with placeholder values
11321
+ #
11322
+ # resp = client.untag_mfa_device({
11323
+ # serial_number: "serialNumberType", # required
11324
+ # tag_keys: ["tagKeyType"], # required
11325
+ # })
11326
+ #
11327
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagMFADevice AWS API Documentation
11328
+ #
11329
+ # @overload untag_mfa_device(params = {})
11330
+ # @param [Hash] params ({})
11331
+ def untag_mfa_device(params = {}, options = {})
11332
+ req = build_request(:untag_mfa_device, params)
11333
+ req.send_request(options)
11334
+ end
11335
+
11336
+ # Removes the specified tags from the specified OpenID Connect
11337
+ # (OIDC)-compatible identity provider in IAM. For more information about
11338
+ # OIDC providers, see [About web identity federation][1]. For more
11339
+ # information about tagging, see [Tagging IAM resources][2] in the *IAM
11340
+ # User Guide*.
11341
+ #
11342
+ #
11343
+ #
11344
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
11345
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11346
+ #
11347
+ # @option params [required, String] :open_id_connect_provider_arn
11348
+ # The ARN of the OIDC provider in IAM from which you want to remove
11349
+ # tags.
11350
+ #
11351
+ # This parameter accepts (through its [regex pattern][1]) a string of
11352
+ # characters that consist of upper and lowercase alphanumeric characters
11353
+ # with no spaces. You can also include any of the following characters:
11354
+ # =,.@-
11355
+ #
11356
+ #
11357
+ #
11358
+ # [1]: http://wikipedia.org/wiki/regex
11359
+ #
11360
+ # @option params [required, Array<String>] :tag_keys
11361
+ # A list of key names as a simple array of strings. The tags with
11362
+ # matching keys are removed from the specified OIDC provider.
11363
+ #
11364
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11365
+ #
11366
+ # @example Request syntax with placeholder values
11367
+ #
11368
+ # resp = client.untag_open_id_connect_provider({
11369
+ # open_id_connect_provider_arn: "arnType", # required
11370
+ # tag_keys: ["tagKeyType"], # required
11371
+ # })
11372
+ #
11373
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagOpenIDConnectProvider AWS API Documentation
11374
+ #
11375
+ # @overload untag_open_id_connect_provider(params = {})
11376
+ # @param [Hash] params ({})
11377
+ def untag_open_id_connect_provider(params = {}, options = {})
11378
+ req = build_request(:untag_open_id_connect_provider, params)
11379
+ req.send_request(options)
11380
+ end
11381
+
11382
+ # Removes the specified tags from the customer managed policy. For more
11383
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
11384
+ # User Guide*.
11385
+ #
11386
+ #
11387
+ #
11388
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11389
+ #
11390
+ # @option params [required, String] :policy_arn
11391
+ # The ARN of the IAM customer managed policy from which you want to
11392
+ # remove tags.
11393
+ #
11394
+ # This parameter accepts (through its [regex pattern][1]) a string of
11395
+ # characters that consist of upper and lowercase alphanumeric characters
11396
+ # with no spaces. You can also include any of the following characters:
11397
+ # =,.@-
11398
+ #
11399
+ #
11400
+ #
11401
+ # [1]: http://wikipedia.org/wiki/regex
11402
+ #
11403
+ # @option params [required, Array<String>] :tag_keys
11404
+ # A list of key names as a simple array of strings. The tags with
11405
+ # matching keys are removed from the specified policy.
11406
+ #
11407
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11408
+ #
11409
+ # @example Request syntax with placeholder values
11410
+ #
11411
+ # resp = client.untag_policy({
11412
+ # policy_arn: "arnType", # required
11413
+ # tag_keys: ["tagKeyType"], # required
11414
+ # })
11415
+ #
11416
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagPolicy AWS API Documentation
11417
+ #
11418
+ # @overload untag_policy(params = {})
11419
+ # @param [Hash] params ({})
11420
+ def untag_policy(params = {}, options = {})
11421
+ req = build_request(:untag_policy, params)
11422
+ req.send_request(options)
11423
+ end
11424
+
10088
11425
  # Removes the specified tags from the role. For more information about
10089
- # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*.
11426
+ # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
10090
11427
  #
10091
11428
  #
10092
11429
  #
@@ -10138,8 +11475,106 @@ module Aws::IAM
10138
11475
  req.send_request(options)
10139
11476
  end
10140
11477
 
11478
+ # Removes the specified tags from the specified Security Assertion
11479
+ # Markup Language (SAML) identity provider in IAM. For more information
11480
+ # about these providers, see [About web identity federation][1]. For
11481
+ # more information about tagging, see [Tagging IAM resources][2] in the
11482
+ # *IAM User Guide*.
11483
+ #
11484
+ #
11485
+ #
11486
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
11487
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11488
+ #
11489
+ # @option params [required, String] :saml_provider_arn
11490
+ # The ARN of the SAML identity provider in IAM from which you want to
11491
+ # remove tags.
11492
+ #
11493
+ # This parameter accepts (through its [regex pattern][1]) a string of
11494
+ # characters that consist of upper and lowercase alphanumeric characters
11495
+ # with no spaces. You can also include any of the following characters:
11496
+ # =,.@-
11497
+ #
11498
+ #
11499
+ #
11500
+ # [1]: http://wikipedia.org/wiki/regex
11501
+ #
11502
+ # @option params [required, Array<String>] :tag_keys
11503
+ # A list of key names as a simple array of strings. The tags with
11504
+ # matching keys are removed from the specified SAML identity provider.
11505
+ #
11506
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11507
+ #
11508
+ # @example Request syntax with placeholder values
11509
+ #
11510
+ # resp = client.untag_saml_provider({
11511
+ # saml_provider_arn: "arnType", # required
11512
+ # tag_keys: ["tagKeyType"], # required
11513
+ # })
11514
+ #
11515
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagSAMLProvider AWS API Documentation
11516
+ #
11517
+ # @overload untag_saml_provider(params = {})
11518
+ # @param [Hash] params ({})
11519
+ def untag_saml_provider(params = {}, options = {})
11520
+ req = build_request(:untag_saml_provider, params)
11521
+ req.send_request(options)
11522
+ end
11523
+
11524
+ # Removes the specified tags from the IAM server certificate. For more
11525
+ # information about tagging, see [Tagging IAM resources][1] in the *IAM
11526
+ # User Guide*.
11527
+ #
11528
+ # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
11529
+ # (ACM), we recommend that you don't use IAM server certificates.
11530
+ # Instead, use ACM to provision, manage, and deploy your server
11531
+ # certificates. For more information about IAM server certificates,
11532
+ # [Working with server certificates][2] in the *IAM User Guide*.
11533
+ #
11534
+ # </note>
11535
+ #
11536
+ #
11537
+ #
11538
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
11539
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
11540
+ #
11541
+ # @option params [required, String] :server_certificate_name
11542
+ # The name of the IAM server certificate from which you want to remove
11543
+ # tags.
11544
+ #
11545
+ # This parameter accepts (through its [regex pattern][1]) a string of
11546
+ # characters that consist of upper and lowercase alphanumeric characters
11547
+ # with no spaces. You can also include any of the following characters:
11548
+ # =,.@-
11549
+ #
11550
+ #
11551
+ #
11552
+ # [1]: http://wikipedia.org/wiki/regex
11553
+ #
11554
+ # @option params [required, Array<String>] :tag_keys
11555
+ # A list of key names as a simple array of strings. The tags with
11556
+ # matching keys are removed from the specified IAM server certificate.
11557
+ #
11558
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11559
+ #
11560
+ # @example Request syntax with placeholder values
11561
+ #
11562
+ # resp = client.untag_server_certificate({
11563
+ # server_certificate_name: "serverCertificateNameType", # required
11564
+ # tag_keys: ["tagKeyType"], # required
11565
+ # })
11566
+ #
11567
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagServerCertificate AWS API Documentation
11568
+ #
11569
+ # @overload untag_server_certificate(params = {})
11570
+ # @param [Hash] params ({})
11571
+ def untag_server_certificate(params = {}, options = {})
11572
+ req = build_request(:untag_server_certificate, params)
11573
+ req.send_request(options)
11574
+ end
11575
+
10141
11576
  # Removes the specified tags from the user. For more information about
10142
- # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*.
11577
+ # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
10143
11578
  #
10144
11579
  #
10145
11580
  #
@@ -10201,8 +11636,8 @@ module Aws::IAM
10201
11636
  # Consequently, you can use this operation to manage AWS account root
10202
11637
  # user credentials even if the AWS account has no associated users.
10203
11638
  #
10204
- # For information about rotating keys, see [Managing Keys and
10205
- # Certificates][1] in the *IAM User Guide*.
11639
+ # For information about rotating keys, see [Managing keys and
11640
+ # certificates][1] in the *IAM User Guide*.
10206
11641
  #
10207
11642
  #
10208
11643
  #
@@ -10233,8 +11668,8 @@ module Aws::IAM
10233
11668
  #
10234
11669
  # @option params [required, String] :status
10235
11670
  # The status you want to assign to the secret access key. `Active` means
10236
- # that the key can be used for API calls to AWS, while `Inactive` means
10237
- # that the key cannot be used.
11671
+ # that the key can be used for programmatic calls to AWS, while
11672
+ # `Inactive` means that the key cannot be used.
10238
11673
  #
10239
11674
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
10240
11675
  #
@@ -10282,7 +11717,7 @@ module Aws::IAM
10282
11717
  # </note>
10283
11718
  #
10284
11719
  # For more information about using a password policy, see [Managing an
10285
- # IAM Password Policy][1] in the *IAM User Guide*.
11720
+ # IAM password policy][1] in the *IAM User Guide*.
10286
11721
  #
10287
11722
  #
10288
11723
  #
@@ -10331,7 +11766,7 @@ module Aws::IAM
10331
11766
  # @option params [Boolean] :allow_users_to_change_password
10332
11767
  # Allows all IAM users in your account to use the AWS Management Console
10333
11768
  # to change their own passwords. For more information, see [Letting IAM
10334
- # Users Change Their Own Passwords][1] in the *IAM User Guide*.
11769
+ # users change their own passwords][1] in the *IAM User Guide*.
10335
11770
  #
10336
11771
  # If you do not specify a value for this parameter, then the operation
10337
11772
  # uses the default value of `false`. The result is that IAM users in the
@@ -10405,8 +11840,8 @@ module Aws::IAM
10405
11840
 
10406
11841
  # Updates the policy that grants an IAM entity permission to assume a
10407
11842
  # role. This is typically referred to as the "role trust policy". For
10408
- # more information about roles, go to [Using Roles to Delegate
10409
- # Permissions and Federate Identities][1].
11843
+ # more information about roles, see [Using roles to delegate permissions
11844
+ # and federate identities][1].
10410
11845
  #
10411
11846
  #
10412
11847
  #
@@ -10479,7 +11914,7 @@ module Aws::IAM
10479
11914
  # Updates the name and/or the path of the specified IAM group.
10480
11915
  #
10481
11916
  # You should understand the implications of changing a group's path or
10482
- # name. For more information, see [Renaming Users and Groups][1] in the
11917
+ # name. For more information, see [Renaming users and groups][1] in the
10483
11918
  # *IAM User Guide*.
10484
11919
  #
10485
11920
  # <note markdown="1"> The person making the request (the principal), must have permission to
@@ -10488,7 +11923,7 @@ module Aws::IAM
10488
11923
  # have a policy that allows them to update both groups. If the principal
10489
11924
  # has permission to update the `Managers` group, but not the `MGRs`
10490
11925
  # group, then the update fails. For more information about permissions,
10491
- # see [Access Management][2].
11926
+ # see [Access management][2].
10492
11927
  #
10493
11928
  # </note>
10494
11929
  #
@@ -10562,11 +11997,14 @@ module Aws::IAM
10562
11997
  req.send_request(options)
10563
11998
  end
10564
11999
 
10565
- # Changes the password for the specified IAM user.
12000
+ # Changes the password for the specified IAM user. You can use the AWS
12001
+ # CLI, the AWS API, or the **Users** page in the IAM console to change
12002
+ # the password for any IAM user. Use ChangePassword to change your own
12003
+ # password in the **My Security Credentials** page in the AWS Management
12004
+ # Console.
10566
12005
  #
10567
- # IAM users can change their own passwords by calling ChangePassword.
10568
12006
  # For more information about modifying passwords, see [Managing
10569
- # Passwords][1] in the *IAM User Guide*.
12007
+ # passwords][1] in the *IAM User Guide*.
10570
12008
  #
10571
12009
  #
10572
12010
  #
@@ -10666,8 +12104,8 @@ module Aws::IAM
10666
12104
  # of OIDC provider ARNs by using the ListOpenIDConnectProviders
10667
12105
  # operation.
10668
12106
  #
10669
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
10670
- # AWS Service Namespaces][1] in the *AWS General Reference*.
12107
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
12108
+ # in the *AWS General Reference*.
10671
12109
  #
10672
12110
  #
10673
12111
  #
@@ -10719,7 +12157,7 @@ module Aws::IAM
10719
12157
  # for one hour by default. This applies when you use the `AssumeRole*`
10720
12158
  # API operations or the `assume-role*` CLI operations but does not apply
10721
12159
  # when you use those operations to create a console URL. For more
10722
- # information, see [Using IAM Roles][1] in the *IAM User Guide*.
12160
+ # information, see [Using IAM roles][1] in the *IAM User Guide*.
10723
12161
  #
10724
12162
  #
10725
12163
  #
@@ -10816,8 +12254,8 @@ module Aws::IAM
10816
12254
  # @option params [required, String] :saml_provider_arn
10817
12255
  # The Amazon Resource Name (ARN) of the SAML provider to update.
10818
12256
  #
10819
- # For more information about ARNs, see [Amazon Resource Names (ARNs) and
10820
- # AWS Service Namespaces][1] in the *AWS General Reference*.
12257
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
12258
+ # in the *AWS General Reference*.
10821
12259
  #
10822
12260
  #
10823
12261
  #
@@ -10856,7 +12294,7 @@ module Aws::IAM
10856
12294
  # authenticating the associated IAM user to an AWS CodeCommit
10857
12295
  # repository. For more information about using SSH keys to authenticate
10858
12296
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
10859
- # Connections][1] in the *AWS CodeCommit User Guide*.
12297
+ # connections][1] in the *AWS CodeCommit User Guide*.
10860
12298
  #
10861
12299
  #
10862
12300
  #
@@ -10913,13 +12351,13 @@ module Aws::IAM
10913
12351
  # stored in IAM.
10914
12352
  #
10915
12353
  # For more information about working with server certificates, see
10916
- # [Working with Server Certificates][1] in the *IAM User Guide*. This
12354
+ # [Working with server certificates][1] in the *IAM User Guide*. This
10917
12355
  # topic also includes a list of AWS services that can use the server
10918
12356
  # certificates that you manage with IAM.
10919
12357
  #
10920
12358
  # You should understand the implications of changing a server
10921
12359
  # certificate's path or name. For more information, see [Renaming a
10922
- # Server Certificate][2] in the *IAM User Guide*.
12360
+ # server certificate][2] in the *IAM User Guide*.
10923
12361
  #
10924
12362
  # <note markdown="1"> The person making the request (the principal), must have permission to
10925
12363
  # change the server certificate with the old name and the new name. For
@@ -10928,7 +12366,7 @@ module Aws::IAM
10928
12366
  # update both certificates. If the principal has permission to update
10929
12367
  # the `ProductionCert` group, but not the `ProdCert` certificate, then
10930
12368
  # the update fails. For more information about permissions, see [Access
10931
- # Management][3] in the *IAM User Guide*.
12369
+ # management][3] in the *IAM User Guide*.
10932
12370
  #
10933
12371
  # </note>
10934
12372
  #
@@ -11087,8 +12525,8 @@ module Aws::IAM
11087
12525
  #
11088
12526
  # @option params [required, String] :status
11089
12527
  # The status you want to assign to the certificate. `Active` means that
11090
- # the certificate can be used for API calls to AWS `Inactive` means that
11091
- # the certificate cannot be used.
12528
+ # the certificate can be used for programmatic calls to AWS `Inactive`
12529
+ # means that the certificate cannot be used.
11092
12530
  #
11093
12531
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11094
12532
  #
@@ -11123,14 +12561,14 @@ module Aws::IAM
11123
12561
  # Updates the name and/or the path of the specified IAM user.
11124
12562
  #
11125
12563
  # You should understand the implications of changing an IAM user's path
11126
- # or name. For more information, see [Renaming an IAM User][1] and
11127
- # [Renaming an IAM Group][2] in the *IAM User Guide*.
12564
+ # or name. For more information, see [Renaming an IAM user][1] and
12565
+ # [Renaming an IAM group][2] in the *IAM User Guide*.
11128
12566
  #
11129
12567
  # <note markdown="1"> To change a user name, the requester must have appropriate permissions
11130
12568
  # on both the source object and the target object. For example, to
11131
12569
  # change Bob to Robert, the entity making the request must have
11132
12570
  # permission on Bob and Robert, or must have permission on all (*). For
11133
- # more information about permissions, see [Permissions and Policies][3].
12571
+ # more information about permissions, see [Permissions and policies][3].
11134
12572
  #
11135
12573
  # </note>
11136
12574
  #
@@ -11212,7 +12650,7 @@ module Aws::IAM
11212
12650
  # authenticating the associated IAM user to an AWS CodeCommit
11213
12651
  # repository. For more information about using SSH keys to authenticate
11214
12652
  # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
11215
- # Connections][1] in the *AWS CodeCommit User Guide*.
12653
+ # connections][1] in the *AWS CodeCommit User Guide*.
11216
12654
  #
11217
12655
  #
11218
12656
  #
@@ -11293,21 +12731,20 @@ module Aws::IAM
11293
12731
  # User Guide][2].
11294
12732
  #
11295
12733
  # For more information about working with server certificates, see
11296
- # [Working with Server Certificates][3] in the *IAM User Guide*. This
12734
+ # [Working with server certificates][3] in the *IAM User Guide*. This
11297
12735
  # topic includes a list of AWS services that can use the server
11298
12736
  # certificates that you manage with IAM.
11299
12737
  #
11300
12738
  # For information about the number of server certificates you can
11301
- # upload, see [Limitations on IAM Entities and Objects][4] in the *IAM
11302
- # User Guide*.
12739
+ # upload, see [IAM and STS quotas][4] in the *IAM User Guide*.
11303
12740
  #
11304
12741
  # <note markdown="1"> Because the body of the public key certificate, private key, and the
11305
12742
  # certificate chain can be large, you should use POST rather than GET
11306
12743
  # when calling `UploadServerCertificate`. For information about setting
11307
- # up signatures and authorization through the API, go to [Signing AWS
11308
- # API Requests][5] in the *AWS General Reference*. For general
11309
- # information about using the Query API with IAM, go to [Calling the API
11310
- # by Making HTTP Query Requests][6] in the *IAM User Guide*.
12744
+ # up signatures and authorization through the API, see [Signing AWS API
12745
+ # requests][5] in the *AWS General Reference*. For general information
12746
+ # about using the Query API with IAM, see [Calling the API by making
12747
+ # HTTP query requests][6] in the *IAM User Guide*.
11311
12748
  #
11312
12749
  # </note>
11313
12750
  #
@@ -11316,13 +12753,13 @@ module Aws::IAM
11316
12753
  # [1]: https://docs.aws.amazon.com/acm/
11317
12754
  # [2]: https://docs.aws.amazon.com/acm/latest/userguide/
11318
12755
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
11319
- # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html
12756
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
11320
12757
  # [5]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
11321
12758
  # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html
11322
12759
  #
11323
12760
  # @option params [String] :path
11324
12761
  # The path for the server certificate. For more information about paths,
11325
- # see [IAM Identifiers][1] in the *IAM User Guide*.
12762
+ # see [IAM identifiers][1] in the *IAM User Guide*.
11326
12763
  #
11327
12764
  # This parameter is optional. If it is not included, it defaults to a
11328
12765
  # slash (/). This parameter allows (through its [regex pattern][2]) a
@@ -11415,9 +12852,26 @@ module Aws::IAM
11415
12852
  #
11416
12853
  # [1]: http://wikipedia.org/wiki/regex
11417
12854
  #
12855
+ # @option params [Array<Types::Tag>] :tags
12856
+ # A list of tags that you want to attach to the new IAM server
12857
+ # certificate resource. Each tag consists of a key name and an
12858
+ # associated value. For more information about tagging, see [Tagging IAM
12859
+ # resources][1] in the *IAM User Guide*.
12860
+ #
12861
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
12862
+ # number of tags, then the entire request fails and the resource is not
12863
+ # created.
12864
+ #
12865
+ # </note>
12866
+ #
12867
+ #
12868
+ #
12869
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
12870
+ #
11418
12871
  # @return [Types::UploadServerCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
11419
12872
  #
11420
12873
  # * {Types::UploadServerCertificateResponse#server_certificate_metadata #server_certificate_metadata} => Types::ServerCertificateMetadata
12874
+ # * {Types::UploadServerCertificateResponse#tags #tags} => Array&lt;Types::Tag&gt;
11421
12875
  #
11422
12876
  #
11423
12877
  # @example Example: To upload a server certificate to your AWS account
@@ -11451,6 +12905,12 @@ module Aws::IAM
11451
12905
  # certificate_body: "certificateBodyType", # required
11452
12906
  # private_key: "privateKeyType", # required
11453
12907
  # certificate_chain: "certificateChainType",
12908
+ # tags: [
12909
+ # {
12910
+ # key: "tagKeyType", # required
12911
+ # value: "tagValueType", # required
12912
+ # },
12913
+ # ],
11454
12914
  # })
11455
12915
  #
11456
12916
  # @example Response structure
@@ -11461,6 +12921,9 @@ module Aws::IAM
11461
12921
  # resp.server_certificate_metadata.arn #=> String
11462
12922
  # resp.server_certificate_metadata.upload_date #=> Time
11463
12923
  # resp.server_certificate_metadata.expiration #=> Time
12924
+ # resp.tags #=> Array
12925
+ # resp.tags[0].key #=> String
12926
+ # resp.tags[0].value #=> String
11464
12927
  #
11465
12928
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificate AWS API Documentation
11466
12929
  #
@@ -11472,10 +12935,13 @@ module Aws::IAM
11472
12935
  end
11473
12936
 
11474
12937
  # Uploads an X.509 signing certificate and associates it with the
11475
- # specified IAM user. Some AWS services use X.509 signing certificates
12938
+ # specified IAM user. Some AWS services require you to use certificates
11476
12939
  # to validate requests that are signed with a corresponding private key.
11477
12940
  # When you upload the certificate, its default status is `Active`.
11478
12941
  #
12942
+ # For information about when you would use an X.509 signing certificate,
12943
+ # see [Managing server certificates in IAM][1] in the *IAM User Guide*.
12944
+ #
11479
12945
  # If the `UserName` is not specified, the IAM user name is determined
11480
12946
  # implicitly based on the AWS access key ID used to sign the request.
11481
12947
  # This operation works for access keys under the AWS account.
@@ -11485,16 +12951,17 @@ module Aws::IAM
11485
12951
  # <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
11486
12952
  # POST rather than GET when calling `UploadSigningCertificate`. For
11487
12953
  # information about setting up signatures and authorization through the
11488
- # API, go to [Signing AWS API Requests][1] in the *AWS General
11489
- # Reference*. For general information about using the Query API with
11490
- # IAM, go to [Making Query Requests][2] in the *IAM User Guide*.
12954
+ # API, see [Signing AWS API requests][2] in the *AWS General Reference*.
12955
+ # For general information about using the Query API with IAM, see
12956
+ # [Making query requests][3] in the *IAM User Guide*.
11491
12957
  #
11492
12958
  # </note>
11493
12959
  #
11494
12960
  #
11495
12961
  #
11496
- # [1]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
11497
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
12962
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
12963
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
12964
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
11498
12965
  #
11499
12966
  # @option params [String] :user_name
11500
12967
  # The name of the user the signing certificate is for.
@@ -11589,7 +13056,7 @@ module Aws::IAM
11589
13056
  params: params,
11590
13057
  config: config)
11591
13058
  context[:gem_name] = 'aws-sdk-iam'
11592
- context[:gem_version] = '1.47.0'
13059
+ context[:gem_version] = '1.52.0'
11593
13060
  Seahorse::Client::Request.new(handlers, context)
11594
13061
  end
11595
13062