aws-sdk-iam 1.5.0 → 1.6.0

data/lib/aws-sdk-iam/client_api.rb

@@ -23,6 +23,7 @@ module Aws::IAM
     AttachGroupPolicyRequest = Shapes::StructureShape.new(name: 'AttachGroupPolicyRequest')
     AttachRolePolicyRequest = Shapes::StructureShape.new(name: 'AttachRolePolicyRequest')
     AttachUserPolicyRequest = Shapes::StructureShape.new(name: 'AttachUserPolicyRequest')
+    AttachedPermissionsBoundary = Shapes::StructureShape.new(name: 'AttachedPermissionsBoundary')
     AttachedPolicy = Shapes::StructureShape.new(name: 'AttachedPolicy')
     BootstrapDatum = Shapes::BlobShape.new(name: 'BootstrapDatum')
     ChangePasswordRequest = Shapes::StructureShape.new(name: 'ChangePasswordRequest')
@@ -75,6 +76,7 @@ module Aws::IAM
     DeleteOpenIDConnectProviderRequest = Shapes::StructureShape.new(name: 'DeleteOpenIDConnectProviderRequest')
     DeletePolicyRequest = Shapes::StructureShape.new(name: 'DeletePolicyRequest')
     DeletePolicyVersionRequest = Shapes::StructureShape.new(name: 'DeletePolicyVersionRequest')
+    DeleteRolePermissionsBoundaryRequest = Shapes::StructureShape.new(name: 'DeleteRolePermissionsBoundaryRequest')
     DeleteRolePolicyRequest = Shapes::StructureShape.new(name: 'DeleteRolePolicyRequest')
     DeleteRoleRequest = Shapes::StructureShape.new(name: 'DeleteRoleRequest')
     DeleteSAMLProviderRequest = Shapes::StructureShape.new(name: 'DeleteSAMLProviderRequest')
@@ -84,6 +86,7 @@ module Aws::IAM
     DeleteServiceLinkedRoleResponse = Shapes::StructureShape.new(name: 'DeleteServiceLinkedRoleResponse')
     DeleteServiceSpecificCredentialRequest = Shapes::StructureShape.new(name: 'DeleteServiceSpecificCredentialRequest')
     DeleteSigningCertificateRequest = Shapes::StructureShape.new(name: 'DeleteSigningCertificateRequest')
+    DeleteUserPermissionsBoundaryRequest = Shapes::StructureShape.new(name: 'DeleteUserPermissionsBoundaryRequest')
     DeleteUserPolicyRequest = Shapes::StructureShape.new(name: 'DeleteUserPolicyRequest')
     DeleteUserRequest = Shapes::StructureShape.new(name: 'DeleteUserRequest')
     DeleteVirtualMFADeviceRequest = Shapes::StructureShape.new(name: 'DeleteVirtualMFADeviceRequest')
@@ -218,6 +221,7 @@ module Aws::IAM
     OrganizationsDecisionDetail = Shapes::StructureShape.new(name: 'OrganizationsDecisionDetail')
     PasswordPolicy = Shapes::StructureShape.new(name: 'PasswordPolicy')
     PasswordPolicyViolationException = Shapes::StructureShape.new(name: 'PasswordPolicyViolationException')
+    PermissionsBoundaryAttachmentType = Shapes::StringShape.new(name: 'PermissionsBoundaryAttachmentType')
     Policy = Shapes::StructureShape.new(name: 'Policy')
     PolicyDetail = Shapes::StructureShape.new(name: 'PolicyDetail')
     PolicyEvaluationDecisionType = Shapes::StringShape.new(name: 'PolicyEvaluationDecisionType')
@@ -229,12 +233,15 @@ module Aws::IAM
     PolicyRole = Shapes::StructureShape.new(name: 'PolicyRole')
     PolicyRoleListType = Shapes::ListShape.new(name: 'PolicyRoleListType')
     PolicySourceType = Shapes::StringShape.new(name: 'PolicySourceType')
+    PolicyUsageType = Shapes::StringShape.new(name: 'PolicyUsageType')
     PolicyUser = Shapes::StructureShape.new(name: 'PolicyUser')
     PolicyUserListType = Shapes::ListShape.new(name: 'PolicyUserListType')
     PolicyVersion = Shapes::StructureShape.new(name: 'PolicyVersion')
     Position = Shapes::StructureShape.new(name: 'Position')
     PutGroupPolicyRequest = Shapes::StructureShape.new(name: 'PutGroupPolicyRequest')
+    PutRolePermissionsBoundaryRequest = Shapes::StructureShape.new(name: 'PutRolePermissionsBoundaryRequest')
     PutRolePolicyRequest = Shapes::StructureShape.new(name: 'PutRolePolicyRequest')
+    PutUserPermissionsBoundaryRequest = Shapes::StructureShape.new(name: 'PutUserPermissionsBoundaryRequest')
     PutUserPolicyRequest = Shapes::StructureShape.new(name: 'PutUserPolicyRequest')
     ReasonType = Shapes::StringShape.new(name: 'ReasonType')
     RegionNameType = Shapes::StringShape.new(name: 'RegionNameType')
@@ -456,6 +463,10 @@ module Aws::IAM
     AttachUserPolicyRequest.add_member(:policy_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PolicyArn"))
     AttachUserPolicyRequest.struct_class = Types::AttachUserPolicyRequest
 
+    AttachedPermissionsBoundary.add_member(:permissions_boundary_type, Shapes::ShapeRef.new(shape: PermissionsBoundaryAttachmentType, location_name: "PermissionsBoundaryType"))
+    AttachedPermissionsBoundary.add_member(:permissions_boundary_arn, Shapes::ShapeRef.new(shape: arnType, location_name: "PermissionsBoundaryArn"))
+    AttachedPermissionsBoundary.struct_class = Types::AttachedPermissionsBoundary
+
     AttachedPolicy.add_member(:policy_name, Shapes::ShapeRef.new(shape: policyNameType, location_name: "PolicyName"))
     AttachedPolicy.add_member(:policy_arn, Shapes::ShapeRef.new(shape: arnType, location_name: "PolicyArn"))
     AttachedPolicy.struct_class = Types::AttachedPolicy
@@ -536,6 +547,7 @@ module Aws::IAM
     CreateRoleRequest.add_member(:assume_role_policy_document, Shapes::ShapeRef.new(shape: policyDocumentType, required: true, location_name: "AssumeRolePolicyDocument"))
     CreateRoleRequest.add_member(:description, Shapes::ShapeRef.new(shape: roleDescriptionType, location_name: "Description"))
     CreateRoleRequest.add_member(:max_session_duration, Shapes::ShapeRef.new(shape: roleMaxSessionDurationType, location_name: "MaxSessionDuration"))
+    CreateRoleRequest.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: arnType, location_name: "PermissionsBoundary"))
     CreateRoleRequest.struct_class = Types::CreateRoleRequest
 
     CreateRoleResponse.add_member(:role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "Role"))
@@ -565,6 +577,7 @@ module Aws::IAM
 
     CreateUserRequest.add_member(:path, Shapes::ShapeRef.new(shape: pathType, location_name: "Path"))
     CreateUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
+    CreateUserRequest.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: arnType, location_name: "PermissionsBoundary"))
     CreateUserRequest.struct_class = Types::CreateUserRequest
 
     CreateUserResponse.add_member(:user, Shapes::ShapeRef.new(shape: User, location_name: "User"))
@@ -611,6 +624,9 @@ module Aws::IAM
     DeletePolicyVersionRequest.add_member(:version_id, Shapes::ShapeRef.new(shape: policyVersionIdType, required: true, location_name: "VersionId"))
     DeletePolicyVersionRequest.struct_class = Types::DeletePolicyVersionRequest
 
+    DeleteRolePermissionsBoundaryRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
+    DeleteRolePermissionsBoundaryRequest.struct_class = Types::DeleteRolePermissionsBoundaryRequest
+
     DeleteRolePolicyRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
     DeleteRolePolicyRequest.add_member(:policy_name, Shapes::ShapeRef.new(shape: policyNameType, required: true, location_name: "PolicyName"))
     DeleteRolePolicyRequest.struct_class = Types::DeleteRolePolicyRequest
@@ -642,6 +658,9 @@ module Aws::IAM
     DeleteSigningCertificateRequest.add_member(:certificate_id, Shapes::ShapeRef.new(shape: certificateIdType, required: true, location_name: "CertificateId"))
     DeleteSigningCertificateRequest.struct_class = Types::DeleteSigningCertificateRequest
 
+    DeleteUserPermissionsBoundaryRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
+    DeleteUserPermissionsBoundaryRequest.struct_class = Types::DeleteUserPermissionsBoundaryRequest
+
     DeleteUserPolicyRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
     DeleteUserPolicyRequest.add_member(:policy_name, Shapes::ShapeRef.new(shape: policyNameType, required: true, location_name: "PolicyName"))
     DeleteUserPolicyRequest.struct_class = Types::DeleteUserPolicyRequest
@@ -926,6 +945,7 @@ module Aws::IAM
     ListEntitiesForPolicyRequest.add_member(:policy_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PolicyArn"))
     ListEntitiesForPolicyRequest.add_member(:entity_filter, Shapes::ShapeRef.new(shape: EntityType, location_name: "EntityFilter"))
     ListEntitiesForPolicyRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathType, location_name: "PathPrefix"))
+    ListEntitiesForPolicyRequest.add_member(:policy_usage_filter, Shapes::ShapeRef.new(shape: PolicyUsageType, location_name: "PolicyUsageFilter"))
     ListEntitiesForPolicyRequest.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
     ListEntitiesForPolicyRequest.add_member(:max_items, Shapes::ShapeRef.new(shape: maxItemsType, location_name: "MaxItems"))
     ListEntitiesForPolicyRequest.struct_class = Types::ListEntitiesForPolicyRequest
@@ -1005,6 +1025,7 @@ module Aws::IAM
     ListPoliciesRequest.add_member(:scope, Shapes::ShapeRef.new(shape: policyScopeType, location_name: "Scope"))
     ListPoliciesRequest.add_member(:only_attached, Shapes::ShapeRef.new(shape: booleanType, location_name: "OnlyAttached"))
     ListPoliciesRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: policyPathType, location_name: "PathPrefix"))
+    ListPoliciesRequest.add_member(:policy_usage_filter, Shapes::ShapeRef.new(shape: PolicyUsageType, location_name: "PolicyUsageFilter"))
     ListPoliciesRequest.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
     ListPoliciesRequest.add_member(:max_items, Shapes::ShapeRef.new(shape: maxItemsType, location_name: "MaxItems"))
     ListPoliciesRequest.struct_class = Types::ListPoliciesRequest
@@ -1132,6 +1153,7 @@ module Aws::IAM
     ManagedPolicyDetail.add_member(:path, Shapes::ShapeRef.new(shape: policyPathType, location_name: "Path"))
     ManagedPolicyDetail.add_member(:default_version_id, Shapes::ShapeRef.new(shape: policyVersionIdType, location_name: "DefaultVersionId"))
     ManagedPolicyDetail.add_member(:attachment_count, Shapes::ShapeRef.new(shape: attachmentCountType, location_name: "AttachmentCount"))
+    ManagedPolicyDetail.add_member(:permissions_boundary_usage_count, Shapes::ShapeRef.new(shape: attachmentCountType, location_name: "PermissionsBoundaryUsageCount"))
     ManagedPolicyDetail.add_member(:is_attachable, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsAttachable"))
     ManagedPolicyDetail.add_member(:description, Shapes::ShapeRef.new(shape: policyDescriptionType, location_name: "Description"))
     ManagedPolicyDetail.add_member(:create_date, Shapes::ShapeRef.new(shape: dateType, location_name: "CreateDate"))
@@ -1167,6 +1189,7 @@ module Aws::IAM
     Policy.add_member(:path, Shapes::ShapeRef.new(shape: policyPathType, location_name: "Path"))
     Policy.add_member(:default_version_id, Shapes::ShapeRef.new(shape: policyVersionIdType, location_name: "DefaultVersionId"))
     Policy.add_member(:attachment_count, Shapes::ShapeRef.new(shape: attachmentCountType, location_name: "AttachmentCount"))
+    Policy.add_member(:permissions_boundary_usage_count, Shapes::ShapeRef.new(shape: attachmentCountType, location_name: "PermissionsBoundaryUsageCount"))
     Policy.add_member(:is_attachable, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsAttachable"))
     Policy.add_member(:description, Shapes::ShapeRef.new(shape: policyDescriptionType, location_name: "Description"))
     Policy.add_member(:create_date, Shapes::ShapeRef.new(shape: dateType, location_name: "CreateDate"))
@@ -1210,11 +1233,19 @@ module Aws::IAM
     PutGroupPolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: policyDocumentType, required: true, location_name: "PolicyDocument"))
     PutGroupPolicyRequest.struct_class = Types::PutGroupPolicyRequest
 
+    PutRolePermissionsBoundaryRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
+    PutRolePermissionsBoundaryRequest.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PermissionsBoundary"))
+    PutRolePermissionsBoundaryRequest.struct_class = Types::PutRolePermissionsBoundaryRequest
+
     PutRolePolicyRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
     PutRolePolicyRequest.add_member(:policy_name, Shapes::ShapeRef.new(shape: policyNameType, required: true, location_name: "PolicyName"))
     PutRolePolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: policyDocumentType, required: true, location_name: "PolicyDocument"))
     PutRolePolicyRequest.struct_class = Types::PutRolePolicyRequest
 
+    PutUserPermissionsBoundaryRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
+    PutUserPermissionsBoundaryRequest.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PermissionsBoundary"))
+    PutUserPermissionsBoundaryRequest.struct_class = Types::PutUserPermissionsBoundaryRequest
+
     PutUserPolicyRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
     PutUserPolicyRequest.add_member(:policy_name, Shapes::ShapeRef.new(shape: policyNameType, required: true, location_name: "PolicyName"))
     PutUserPolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: policyDocumentType, required: true, location_name: "PolicyDocument"))
@@ -1264,6 +1295,7 @@ module Aws::IAM
     Role.add_member(:assume_role_policy_document, Shapes::ShapeRef.new(shape: policyDocumentType, location_name: "AssumeRolePolicyDocument"))
     Role.add_member(:description, Shapes::ShapeRef.new(shape: roleDescriptionType, location_name: "Description"))
     Role.add_member(:max_session_duration, Shapes::ShapeRef.new(shape: roleMaxSessionDurationType, location_name: "MaxSessionDuration"))
+    Role.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: AttachedPermissionsBoundary, location_name: "PermissionsBoundary"))
     Role.struct_class = Types::Role
 
     RoleDetail.add_member(:path, Shapes::ShapeRef.new(shape: pathType, location_name: "Path"))
@@ -1275,6 +1307,7 @@ module Aws::IAM
     RoleDetail.add_member(:instance_profile_list, Shapes::ShapeRef.new(shape: instanceProfileListType, location_name: "InstanceProfileList"))
     RoleDetail.add_member(:role_policy_list, Shapes::ShapeRef.new(shape: policyDetailListType, location_name: "RolePolicyList"))
     RoleDetail.add_member(:attached_managed_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedManagedPolicies"))
+    RoleDetail.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: AttachedPermissionsBoundary, location_name: "PermissionsBoundary"))
     RoleDetail.struct_class = Types::RoleDetail
 
     RoleUsageListType.member = Shapes::ShapeRef.new(shape: RoleUsageType)
@@ -1499,6 +1532,7 @@ module Aws::IAM
     User.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
     User.add_member(:create_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "CreateDate"))
     User.add_member(:password_last_used, Shapes::ShapeRef.new(shape: dateType, location_name: "PasswordLastUsed"))
+    User.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: AttachedPermissionsBoundary, location_name: "PermissionsBoundary"))
     User.struct_class = Types::User
 
     UserDetail.add_member(:path, Shapes::ShapeRef.new(shape: pathType, location_name: "Path"))
@@ -1509,6 +1543,7 @@ module Aws::IAM
     UserDetail.add_member(:user_policy_list, Shapes::ShapeRef.new(shape: policyDetailListType, location_name: "UserPolicyList"))
     UserDetail.add_member(:group_list, Shapes::ShapeRef.new(shape: groupNameListType, location_name: "GroupList"))
     UserDetail.add_member(:attached_managed_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedManagedPolicies"))
+    UserDetail.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: AttachedPermissionsBoundary, location_name: "PermissionsBoundary"))
     UserDetail.struct_class = Types::UserDetail
 
     VirtualMFADevice.add_member(:serial_number, Shapes::ShapeRef.new(shape: serialNumberType, required: true, location_name: "SerialNumber"))
@@ -1978,6 +2013,17 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
+      api.add_operation(:delete_role_permissions_boundary, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteRolePermissionsBoundary"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DeleteRolePermissionsBoundaryRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:delete_role_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteRolePolicy"
         o.http_method = "POST"
@@ -2066,6 +2112,16 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
+      api.add_operation(:delete_user_permissions_boundary, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteUserPermissionsBoundary"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DeleteUserPermissionsBoundaryRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:delete_user_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteUserPolicy"
         o.http_method = "POST"
@@ -2796,6 +2852,19 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
+      api.add_operation(:put_role_permissions_boundary, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutRolePermissionsBoundary"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: PutRolePermissionsBoundaryRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: PolicyNotAttachableException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:put_role_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutRolePolicy"
         o.http_method = "POST"
@@ -2809,6 +2878,18 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
+      api.add_operation(:put_user_permissions_boundary, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutUserPermissionsBoundary"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: PutUserPermissionsBoundaryRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: PolicyNotAttachableException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:put_user_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutUserPolicy"
         o.http_method = "POST"

data/lib/aws-sdk-iam/current_user.rb

@@ -101,6 +101,20 @@ module Aws::IAM
       data[:password_last_used]
     end
 
+    # The ARN of the policy used to set the permissions boundary for the
+    # user.
+    #
+    # For more information about permissions boundaries, see [Permissions
+    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    # @return [Types::AttachedPermissionsBoundary]
+    def permissions_boundary
+      data[:permissions_boundary]
+    end
+
     # @!endgroup
 
     # @return [Client]

data/lib/aws-sdk-iam/policy.rb

@@ -76,6 +76,20 @@ module Aws::IAM
       data[:attachment_count]
     end
 
+    # The number of entities (users and roles) for which the policy is used
+    # to set the permissions boundary.
+    #
+    # For more information about permissions boundaries, see [Permissions
+    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    # @return [Integer]
+    def permissions_boundary_usage_count
+      data[:permissions_boundary_usage_count]
+    end
+
     # Specifies whether the policy can be attached to an IAM user, group, or
     # role.
     # @return [Boolean]
@@ -468,6 +482,7 @@ module Aws::IAM
     #
     #   attached_groups = policy.attached_groups({
     #     path_prefix: "pathType",
+    #     policy_usage_filter: "PermissionsPolicy", # accepts PermissionsPolicy, PermissionsBoundary
     #   })
     # @param [Hash] options ({})
     # @option options [String] :path_prefix
@@ -485,6 +500,16 @@ module Aws::IAM
     #
     #
     #   [1]: http://wikipedia.org/wiki/regex
+    # @option options [String] :policy_usage_filter
+    #   The policy usage method to use for filtering the results.
+    #
+    #   To list only permissions policies,
+    #   set `PolicyUsageFilter` to `PermissionsPolicy`. To list only the
+    #   policies used to set permissions boundaries, set the value
+    #   to `PermissionsBoundary`.
+    #
+    #   This parameter is optional. If it is not included, all policies are
+    #   returned.
     # @return [Group::Collection]
     def attached_groups(options = {})
       batches = Enumerator.new do |y|
@@ -512,6 +537,7 @@ module Aws::IAM
     #
     #   attached_roles = policy.attached_roles({
     #     path_prefix: "pathType",
+    #     policy_usage_filter: "PermissionsPolicy", # accepts PermissionsPolicy, PermissionsBoundary
     #   })
     # @param [Hash] options ({})
     # @option options [String] :path_prefix
@@ -529,6 +555,16 @@ module Aws::IAM
     #
     #
     #   [1]: http://wikipedia.org/wiki/regex
+    # @option options [String] :policy_usage_filter
+    #   The policy usage method to use for filtering the results.
+    #
+    #   To list only permissions policies,
+    #   set `PolicyUsageFilter` to `PermissionsPolicy`. To list only the
+    #   policies used to set permissions boundaries, set the value
+    #   to `PermissionsBoundary`.
+    #
+    #   This parameter is optional. If it is not included, all policies are
+    #   returned.
     # @return [Role::Collection]
     def attached_roles(options = {})
       batches = Enumerator.new do |y|
@@ -556,6 +592,7 @@ module Aws::IAM
     #
     #   attached_users = policy.attached_users({
     #     path_prefix: "pathType",
+    #     policy_usage_filter: "PermissionsPolicy", # accepts PermissionsPolicy, PermissionsBoundary
     #   })
     # @param [Hash] options ({})
     # @option options [String] :path_prefix
@@ -573,6 +610,16 @@ module Aws::IAM
     #
     #
     #   [1]: http://wikipedia.org/wiki/regex
+    # @option options [String] :policy_usage_filter
+    #   The policy usage method to use for filtering the results.
+    #
+    #   To list only permissions policies,
+    #   set `PolicyUsageFilter` to `PermissionsPolicy`. To list only the
+    #   policies used to set permissions boundaries, set the value
+    #   to `PermissionsBoundary`.
+    #
+    #   This parameter is optional. If it is not included, all policies are
+    #   returned.
     # @return [User::Collection]
     def attached_users(options = {})
       batches = Enumerator.new do |y|

data/lib/aws-sdk-iam/resource.rb

@@ -98,7 +98,7 @@ module Aws::IAM
     #   Specifies whether IAM user passwords must contain at least one of the
     #   following non-alphanumeric characters:
     #
-    #   ! @ # $ % ^ & * ( ) \_ + - = \[ \] \\\{ \\} \| '
+    #   ! @ # $ % ^ & * ( ) \_ + - = \[ \] \\\{ \\} \| '
     #
     #   If you do not specify a value for this parameter, then the operation
     #   uses the default value of `false`. The result is that passwords do not
@@ -345,6 +345,7 @@ module Aws::IAM
     #     assume_role_policy_document: "policyDocumentType", # required
     #     description: "roleDescriptionType",
     #     max_session_duration: 1,
+    #     permissions_boundary: "arnType",
     #   })
     # @param [Hash] options ({})
     # @option options [String] :path
@@ -420,6 +421,9 @@ module Aws::IAM
     #
     #
     #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
+    # @option options [String] :permissions_boundary
+    #   The ARN of the policy that is used to set the permissions boundary for
+    #   the role.
     # @return [Role]
     def create_role(options = {})
       resp = @client.create_role(options)
@@ -631,6 +635,7 @@ module Aws::IAM
     #   user = iam.create_user({
     #     path: "pathType",
     #     user_name: "userNameType", # required
+    #     permissions_boundary: "arnType",
     #   })
     # @param [Hash] options ({})
     # @option options [String] :path
@@ -663,6 +668,9 @@ module Aws::IAM
     #
     #
     #   [1]: http://wikipedia.org/wiki/regex
+    # @option options [String] :permissions_boundary
+    #   The ARN of the policy that is used to set the permissions boundary for
+    #   the user.
     # @return [User]
     def create_user(options = {})
       resp = @client.create_user(options)
@@ -843,6 +851,7 @@ module Aws::IAM
     #     scope: "All", # accepts All, AWS, Local
     #     only_attached: false,
     #     path_prefix: "policyPathType",
+    #     policy_usage_filter: "PermissionsPolicy", # accepts PermissionsPolicy, PermissionsBoundary
     #   })
     # @param [Hash] options ({})
     # @option options [String] :scope
@@ -874,6 +883,16 @@ module Aws::IAM
     #
     #
     #   [1]: http://wikipedia.org/wiki/regex
+    # @option options [String] :policy_usage_filter
+    #   The policy usage method to use for filtering the results.
+    #
+    #   To list only permissions policies,
+    #   set `PolicyUsageFilter` to `PermissionsPolicy`. To list only the
+    #   policies used to set permissions boundaries, set the value
+    #   to `PermissionsBoundary`.
+    #
+    #   This parameter is optional. If it is not included, all policies are
+    #   returned.
     # @return [Policy::Collection]
     def policies(options = {})
       batches = Enumerator.new do |y|

data/lib/aws-sdk-iam/role.rb

@@ -98,6 +98,20 @@ module Aws::IAM
       data[:max_session_duration]
     end
 
+    # The ARN of the policy used to set the permissions boundary for the
+    # role.
+    #
+    # For more information about permissions boundaries, see [Permissions
+    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    # @return [Types::AttachedPermissionsBoundary]
+    def permissions_boundary
+      data[:permissions_boundary]
+    end
+
     # @!endgroup
 
     # @return [Client]

data/lib/aws-sdk-iam/types.rb

@@ -382,6 +382,37 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # Contains information about an attached permissions boundary.
+    #
+    # An attached permissions boundary is a managed policy that has been
+    # attached to a user or role to set the permissions boundary.
+    #
+    # For more information about permissions boundaries, see [Permissions
+    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #
+    # @!attribute [rw] permissions_boundary_type
+    #   The permissions boundary usage type that indicates what type of IAM
+    #   resource is used as the permissions boundary for an entity. This
+    #   data type can only have a value of `Policy`.
+    #   @return [String]
+    #
+    # @!attribute [rw] permissions_boundary_arn
+    #   The ARN of the policy used to set the permissions boundary for the
+    #   user or role.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachedPermissionsBoundary AWS API Documentation
+    #
+    class AttachedPermissionsBoundary < Struct.new(
+      :permissions_boundary_type,
+      :permissions_boundary_arn)
+      include Aws::Structure
+    end
+
     # Contains information about an attached policy.
     #
     # An attached policy is a managed policy that has been attached to a
@@ -1046,6 +1077,7 @@ module Aws::IAM
     #         assume_role_policy_document: "policyDocumentType", # required
     #         description: "roleDescriptionType",
     #         max_session_duration: 1,
+    #         permissions_boundary: "arnType",
     #       }
     #
     # @!attribute [rw] path
@@ -1132,6 +1164,11 @@ module Aws::IAM
     #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
     #   @return [Integer]
     #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy that is used to set the permissions boundary
+    #   for the role.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRoleRequest AWS API Documentation
     #
     class CreateRoleRequest < Struct.new(
@@ -1139,7 +1176,8 @@ module Aws::IAM
       :role_name,
       :assume_role_policy_document,
       :description,
-      :max_session_duration)
+      :max_session_duration,
+      :permissions_boundary)
       include Aws::Structure
     end
 
@@ -1323,6 +1361,7 @@ module Aws::IAM
     #       {
     #         path: "pathType",
     #         user_name: "userNameType", # required
+    #         permissions_boundary: "arnType",
     #       }
     #
     # @!attribute [rw] path
@@ -1360,11 +1399,17 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy that is used to set the permissions boundary
+    #   for the user.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateUserRequest AWS API Documentation
     #
     class CreateUserRequest < Struct.new(
       :path,
-      :user_name)
+      :user_name,
+      :permissions_boundary)
       include Aws::Structure
     end
 
@@ -1771,6 +1816,25 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteRolePermissionsBoundaryRequest
+    #   data as a hash:
+    #
+    #       {
+    #         role_name: "roleNameType", # required
+    #       }
+    #
+    # @!attribute [rw] role_name
+    #   The name (friendly name, not ARN) of the IAM role from which you
+    #   want to remove the permissions boundary.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRolePermissionsBoundaryRequest AWS API Documentation
+    #
+    class DeleteRolePermissionsBoundaryRequest < Struct.new(
+      :role_name)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteRolePolicyRequest
     #   data as a hash:
     #
@@ -2043,6 +2107,25 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteUserPermissionsBoundaryRequest
+    #   data as a hash:
+    #
+    #       {
+    #         user_name: "userNameType", # required
+    #       }
+    #
+    # @!attribute [rw] user_name
+    #   The name (friendly name, not ARN) of the IAM user from which you
+    #   want to remove the permissions boundary.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUserPermissionsBoundaryRequest AWS API Documentation
+    #
+    class DeleteUserPermissionsBoundaryRequest < Struct.new(
+      :user_name)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteUserPolicyRequest
     #   data as a hash:
     #
@@ -3552,6 +3635,29 @@ module Aws::IAM
     #
     # @!attribute [rw] user
     #   A structure containing details about the IAM user.
+    #
+    #   Due to a service issue, password last used data does not include
+    #   password use from May 3rd 2018 22:50 PDT to May 23rd 2018 14:08 PDT.
+    #   This affects [last sign-in][1] dates shown in the IAM console and
+    #   password last used dates in the [IAM credential report][2], and
+    #   returned by this GetUser API. If users signed in during the affected
+    #   time, the password last used date that is returned is the date the
+    #   user last signed in before May 3rd 2018. For users that signed in
+    #   after May 23rd 2018 14:08 PDT, the returned password last used date
+    #   is accurate.
+    #
+    #    If you use password last used information to identify unused
+    #   credentials for deletion, such as deleting users who did not sign in
+    #   to AWS in the last 90 days, we recommend that you adjust your
+    #   evaluation window to include dates after May 23rd 2018.
+    #   Alternatively, if your users use access keys to access AWS
+    #   programmatically you can refer to access key last used information
+    #   because it is accurate for all dates.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html
+    #   [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
     #   @return [Types::User]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUserResponse AWS API Documentation
@@ -4228,6 +4334,7 @@ module Aws::IAM
     #         policy_arn: "arnType", # required
     #         entity_filter: "User", # accepts User, Role, Group, LocalManagedPolicy, AWSManagedPolicy
     #         path_prefix: "pathType",
+    #         policy_usage_filter: "PermissionsPolicy", # accepts PermissionsPolicy, PermissionsBoundary
     #         marker: "markerType",
     #         max_items: 1,
     #       }
@@ -4271,6 +4378,18 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
+    # @!attribute [rw] policy_usage_filter
+    #   The policy usage method to use for filtering the results.
+    #
+    #   To list only permissions policies,
+    #   set `PolicyUsageFilter` to `PermissionsPolicy`. To list only the
+    #   policies used to set permissions boundaries, set the value
+    #   to `PermissionsBoundary`.
+    #
+    #   This parameter is optional. If it is not included, all policies are
+    #   returned.
+    #   @return [String]
+    #
     # @!attribute [rw] marker
     #   Use this parameter only when paginating results and only after you
     #   receive a response indicating that the results are truncated. Set it
@@ -4297,6 +4416,7 @@ module Aws::IAM
       :policy_arn,
       :entity_filter,
       :path_prefix,
+      :policy_usage_filter,
       :marker,
       :max_items)
       include Aws::Structure
@@ -4884,6 +5004,7 @@ module Aws::IAM
     #         scope: "All", # accepts All, AWS, Local
     #         only_attached: false,
     #         path_prefix: "policyPathType",
+    #         policy_usage_filter: "PermissionsPolicy", # accepts PermissionsPolicy, PermissionsBoundary
     #         marker: "markerType",
     #         max_items: 1,
     #       }
@@ -4923,6 +5044,18 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
+    # @!attribute [rw] policy_usage_filter
+    #   The policy usage method to use for filtering the results.
+    #
+    #   To list only permissions policies,
+    #   set `PolicyUsageFilter` to `PermissionsPolicy`. To list only the
+    #   policies used to set permissions boundaries, set the value
+    #   to `PermissionsBoundary`.
+    #
+    #   This parameter is optional. If it is not included, all policies are
+    #   returned.
+    #   @return [String]
+    #
     # @!attribute [rw] marker
     #   Use this parameter only when paginating results and only after you
     #   receive a response indicating that the results are truncated. Set it
@@ -4949,6 +5082,7 @@ module Aws::IAM
       :scope,
       :only_attached,
       :path_prefix,
+      :policy_usage_filter,
       :marker,
       :max_items)
       include Aws::Structure
@@ -5937,6 +6071,18 @@ module Aws::IAM
     #   policy is attached to.
     #   @return [Integer]
     #
+    # @!attribute [rw] permissions_boundary_usage_count
+    #   The number of entities (users and roles) for which the policy is
+    #   used as the permissions boundary.
+    #
+    #   For more information about permissions boundaries, see [Permissions
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   @return [Integer]
+    #
     # @!attribute [rw] is_attachable
     #   Specifies whether the policy can be attached to an IAM user, group,
     #   or role.
@@ -5982,6 +6128,7 @@ module Aws::IAM
       :path,
       :default_version_id,
       :attachment_count,
+      :permissions_boundary_usage_count,
       :is_attachable,
       :description,
       :create_date,
@@ -6156,6 +6303,18 @@ module Aws::IAM
     #   attached to.
     #   @return [Integer]
     #
+    # @!attribute [rw] permissions_boundary_usage_count
+    #   The number of entities (users and roles) for which the policy is
+    #   used to set the permissions boundary.
+    #
+    #   For more information about permissions boundaries, see [Permissions
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   @return [Integer]
+    #
     # @!attribute [rw] is_attachable
     #   Specifies whether the policy can be attached to an IAM user, group,
     #   or role.
@@ -6200,6 +6359,7 @@ module Aws::IAM
       :path,
       :default_version_id,
       :attachment_count,
+      :permissions_boundary_usage_count,
       :is_attachable,
       :description,
       :create_date,
@@ -6484,6 +6644,32 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutRolePermissionsBoundaryRequest
+    #   data as a hash:
+    #
+    #       {
+    #         role_name: "roleNameType", # required
+    #         permissions_boundary: "arnType", # required
+    #       }
+    #
+    # @!attribute [rw] role_name
+    #   The name (friendly name, not ARN) of the IAM role for which you want
+    #   to set the permissions boundary.
+    #   @return [String]
+    #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy that is used to set the permissions boundary
+    #   for the role.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutRolePermissionsBoundaryRequest AWS API Documentation
+    #
+    class PutRolePermissionsBoundaryRequest < Struct.new(
+      :role_name,
+      :permissions_boundary)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutRolePolicyRequest
     #   data as a hash:
     #
@@ -6548,6 +6734,32 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutUserPermissionsBoundaryRequest
+    #   data as a hash:
+    #
+    #       {
+    #         user_name: "userNameType", # required
+    #         permissions_boundary: "arnType", # required
+    #       }
+    #
+    # @!attribute [rw] user_name
+    #   The name (friendly name, not ARN) of the IAM user for which you want
+    #   to set the permissions boundary.
+    #   @return [String]
+    #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy that is used to set the permissions boundary
+    #   for the user.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutUserPermissionsBoundaryRequest AWS API Documentation
+    #
+    class PutUserPermissionsBoundaryRequest < Struct.new(
+      :user_name,
+      :permissions_boundary)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutUserPolicyRequest
     #   data as a hash:
     #
@@ -6963,6 +7175,18 @@ module Aws::IAM
     #   `duration-seconds` CLI parameter.
     #   @return [Integer]
     #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy used to set the permissions boundary for the
+    #   role.
+    #
+    #   For more information about permissions boundaries, see [Permissions
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   @return [Types::AttachedPermissionsBoundary]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Role AWS API Documentation
     #
     class Role < Struct.new(
@@ -6973,7 +7197,8 @@ module Aws::IAM
       :create_date,
       :assume_role_policy_document,
       :description,
-      :max_session_duration)
+      :max_session_duration,
+      :permissions_boundary)
       include Aws::Structure
     end
 
@@ -7045,6 +7270,18 @@ module Aws::IAM
     #   the role's access (permissions) policies.
     #   @return [Array<Types::AttachedPolicy>]
     #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy used to set the permissions boundary for the
+    #   role.
+    #
+    #   For more information about permissions boundaries, see [Permissions
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   @return [Types::AttachedPermissionsBoundary]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RoleDetail AWS API Documentation
     #
     class RoleDetail < Struct.new(
@@ -7056,7 +7293,8 @@ module Aws::IAM
       :assume_role_policy_document,
       :instance_profile_list,
       :role_policy_list,
-      :attached_managed_policies)
+      :attached_managed_policies,
+      :permissions_boundary)
       include Aws::Structure
     end
 
@@ -7561,16 +7799,22 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] resource_owner
-    #   An AWS account ID that specifies the owner of any simulated resource
-    #   that does not identify its owner in the resource ARN, such as an S3
-    #   bucket or object. If `ResourceOwner` is specified, it is also used
-    #   as the account owner of any `ResourcePolicy` included in the
-    #   simulation. If the `ResourceOwner` parameter is not specified, then
-    #   the owner of the resources and the resource policy defaults to the
-    #   account of the identity provided in `CallerArn`. This parameter is
-    #   required only if you specify a resource-based policy and account
-    #   that owns the resource is different from the account that owns the
-    #   simulated calling user `CallerArn`.
+    #   An ARN representing the AWS account ID that specifies the owner of
+    #   any simulated resource that does not identify its owner in the
+    #   resource ARN, such as an S3 bucket or object. If `ResourceOwner` is
+    #   specified, it is also used as the account owner of any
+    #   `ResourcePolicy` included in the simulation. If the `ResourceOwner`
+    #   parameter is not specified, then the owner of the resources and the
+    #   resource policy defaults to the account of the identity provided in
+    #   `CallerArn`. This parameter is required only if you specify a
+    #   resource-based policy and account that owns the resource is
+    #   different from the account that owns the simulated calling user
+    #   `CallerArn`.
+    #
+    #   The ARN for an account uses the following syntax:
+    #   `arn:aws:iam::AWS-account-ID:root`. For example, to represent the
+    #   account with the 112233445566 ID, use the following ARN:
+    #   `arn:aws:iam::112233445566-ID:root`.
     #   @return [String]
     #
     # @!attribute [rw] caller_arn
@@ -8055,7 +8299,7 @@ module Aws::IAM
     #   Specifies whether IAM user passwords must contain at least one of
     #   the following non-alphanumeric characters:
     #
-    #   ! @ # $ % ^ &amp;amp; * ( ) \_ + - = \[ \] \\\{ \\} \| '
+    #   ! @ # $ % ^ &amp; * ( ) \_ + - = \[ \] \\\{ \\} \| '
     #
     #   If you do not specify a value for this parameter, then the operation
     #   uses the default value of `false`. The result is that passwords do
@@ -8787,7 +9031,9 @@ module Aws::IAM
     #
     # @!attribute [rw] ssh_public_key_body
     #   The SSH public key. The public key must be encoded in ssh-rsa format
-    #   or PEM format.
+    #   or PEM format. The miminum bit-length of the public key is 2048
+    #   bits. For example, you can generate a 2048-bit key, and the
+    #   resulting PEM file is 1679 bytes long.
     #
     #   The [regex pattern][1] used to validate this parameter is a string
     #   of characters consisting of the following:
@@ -9108,6 +9354,18 @@ module Aws::IAM
     #   [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
     #   @return [Time]
     #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy used to set the permissions boundary for the
+    #   user.
+    #
+    #   For more information about permissions boundaries, see [Permissions
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   @return [Types::AttachedPermissionsBoundary]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/User AWS API Documentation
     #
     class User < Struct.new(
@@ -9116,7 +9374,8 @@ module Aws::IAM
       :user_id,
       :arn,
       :create_date,
-      :password_last_used)
+      :password_last_used,
+      :permissions_boundary)
       include Aws::Structure
     end
 
@@ -9182,6 +9441,18 @@ module Aws::IAM
     #   A list of the managed policies attached to the user.
     #   @return [Array<Types::AttachedPolicy>]
     #
+    # @!attribute [rw] permissions_boundary
+    #   The ARN of the policy used to set the permissions boundary for the
+    #   user.
+    #
+    #   For more information about permissions boundaries, see [Permissions
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   @return [Types::AttachedPermissionsBoundary]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UserDetail AWS API Documentation
     #
     class UserDetail < Struct.new(
@@ -9192,7 +9463,8 @@ module Aws::IAM
       :create_date,
       :user_policy_list,
       :group_list,
-      :attached_managed_policies)
+      :attached_managed_policies,
+      :permissions_boundary)
       include Aws::Structure
     end