aws-sdk-iam 1.53.0 → 1.57.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 722e2b9f7154b9800c969c107df528c1b5c76f4a66538831dd029a7386285c92
-  data.tar.gz: e421c2cf41df4c1f4b50a8ca67ad207411ee12c43a9a9c83e3e4735bc4b2d7bc
+  metadata.gz: 1ae7b51549cceb428fcbe5c1ad94860906ddefa627820cacf546bd7ff1c8ace2
+  data.tar.gz: 49641a153d51518e5974e8f83fc00ee9e355128118ea3b560f66ced338fc166e
 SHA512:
-  metadata.gz: a827795f8899bd57776a3cbd1de6045a2f1fd3eaae4f780c0ca170303d7e1c314d8977d600c11f068833ba728e5870d0efc8d2c0c315a16c1a875f01121301ce
-  data.tar.gz: 00d6ed484a45e5f87f47eb9738ca4174d7cf0b51cb8f26539c3973476e437b4c8880da8392232370df5c79ed864641df648257927481b3b34d353fa31b73761a
+  metadata.gz: ee208cfa74d294f5d3003a586dec4ed63c9e43c3b9e0de00575c86270081bb0e6b182c522425525d40a6350a64cdc789be15fb120d4ee0c83d9dc98b5220556d
+  data.tar.gz: d6d147ac9bbf7dc91e49e8615fd09ebb1d3ce3a01d3d14f092ea40de5cbe1f3e3a068ff92158991b8a208e2c1172e3cd0a8f4e09b7962331684e444082968075

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.57.0 (2021-07-21)
+------------------
+
+* Feature - Documentation updates for AWS Identity and Access Management (IAM).
+
+1.56.0 (2021-07-07)
+------------------
+
+* Feature - Documentation updates for AWS Identity and Access Management (IAM).
+
+1.55.0 (2021-06-02)
+------------------
+
+* Feature - Documentation updates for AWS Identity and Access Management (IAM).
+
+1.54.0 (2021-05-20)
+------------------
+
+* Feature - Documentation updates for AWS Identity and Access Management (IAM).
+
 1.53.0 (2021-05-19)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.53.0
+1.57.0

data/lib/aws-sdk-iam.rb

@@ -70,6 +70,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @!group service
 module Aws::IAM
 
-  GEM_VERSION = '1.53.0'
+  GEM_VERSION = '1.57.0'
 
 end

data/lib/aws-sdk-iam/account_password_policy.rb

@@ -288,8 +288,8 @@ module Aws::IAM
     #   uses the default value of `false`. The result is that passwords do not
     #   require at least one lowercase character.
     # @option options [Boolean] :allow_users_to_change_password
-    #   Allows all IAM users in your account to use the AWS Management Console
-    #   to change their own passwords. For more information, see [Letting IAM
+    #   Allows all IAM users in your account to use the Management Console to
+    #   change their own passwords. For more information, see [Letting IAM
     #   users change their own passwords][1] in the *IAM User Guide*.
     #
     #   If you do not specify a value for this parameter, then the operation

data/lib/aws-sdk-iam/assume_role_policy.rb

@@ -170,10 +170,10 @@ module Aws::IAM
     # @option options [required, String] :policy_document
     #   The policy that grants an entity permission to assume the role.
     #
-    #   You must provide policies in JSON format in IAM. However, for AWS
+    #   You must provide policies in JSON format in IAM. However, for
     #   CloudFormation templates formatted in YAML, you can provide the policy
-    #   in JSON or YAML format. AWS CloudFormation always converts a YAML
-    #   policy to JSON format before submitting it to IAM.
+    #   in JSON or YAML format. CloudFormation always converts a YAML policy
+    #   to JSON format before submitting it to IAM.
     #
     #   The [regex pattern][1] used to validate this parameter is a string of
     #   characters consisting of the following:

data/lib/aws-sdk-iam/client.rb

@@ -376,10 +376,10 @@ module Aws::IAM
     # instance profile can contain only one role, and this quota cannot be
     # increased. You can remove the existing role and then add a different
     # role to an instance profile. You must then wait for the change to
-    # appear across all of AWS because of [eventual consistency][1]. To
-    # force the change, you must [disassociate the instance profile][2] and
-    # then [associate the instance profile][3], or you can stop your
-    # instance and then restart it.
+    # appear across all of Amazon Web Services because of [eventual
+    # consistency][1]. To force the change, you must [disassociate the
+    # instance profile][2] and then [associate the instance profile][3], or
+    # you can stop your instance and then restart it.
     #
     # <note markdown="1"> The caller of this operation must be granted the `PassRole` permission
     # on the IAM role by a permissions policy.
@@ -537,7 +537,7 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy you want to attach.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -611,7 +611,7 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy you want to attach.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -678,7 +678,7 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy you want to attach.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -713,14 +713,15 @@ module Aws::IAM
     end
 
     # Changes the password of the IAM user who is calling this operation.
-    # This operation can be performed using the AWS CLI, the AWS API, or the
-    # **My Security Credentials** page in the AWS Management Console. The
-    # AWS account root user password is not affected by this operation.
+    # This operation can be performed using the CLI, the Amazon Web Services
+    # API, or the **My Security Credentials** page in the Management
+    # Console. The account root user password is not affected by this
+    # operation.
     #
-    # Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the
-    # **Users** page in the IAM console to change the password for any IAM
-    # user. For more information about modifying passwords, see [Managing
-    # passwords][1] in the *IAM User Guide*.
+    # Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or
+    # the **Users** page in the IAM console to change the password for any
+    # IAM user. For more information about modifying passwords, see
+    # [Managing passwords][1] in the *IAM User Guide*.
     #
     #
     #
@@ -730,7 +731,7 @@ module Aws::IAM
     #   The IAM user's current password.
     #
     # @option params [required, String] :new_password
-    #   The new password. The new password must conform to the AWS account's
+    #   The new password. The new password must conform to the account's
     #   password policy, if one exists.
     #
     #   The [regex pattern][1] that is used to validate this parameter is a
@@ -739,8 +740,8 @@ module Aws::IAM
     #   character range (`\u00FF`). You can also include the tab (`\u0009`),
     #   line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
     #   of these characters are valid in a password. However, many tools, such
-    #   as the AWS Management Console, might restrict the ability to type
-    #   certain characters because they have special meaning within that tool.
+    #   as the Management Console, might restrict the ability to type certain
+    #   characters because they have special meaning within that tool.
     #
     #
     #
@@ -774,21 +775,20 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Creates a new AWS secret access key and corresponding AWS access key
-    # ID for the specified user. The default status for new keys is
-    # `Active`.
+    # Creates a new Amazon Web Services secret access key and corresponding
+    # Amazon Web Services access key ID for the specified user. The default
+    # status for new keys is `Active`.
     #
     # If you do not specify a user name, IAM determines the user name
-    # implicitly based on the AWS access key ID signing the request. This
-    # operation works for access keys under the AWS account. Consequently,
-    # you can use this operation to manage AWS account root user
-    # credentials. This is true even if the AWS account has no associated
-    # users.
+    # implicitly based on the Amazon Web Services access key ID signing the
+    # request. This operation works for access keys under the account.
+    # Consequently, you can use this operation to manage account root user
+    # credentials. This is true even if the account has no associated users.
     #
     # For information about quotas on the number of keys you can create, see
     # [IAM and STS quotas][1] in the *IAM User Guide*.
     #
-    # To ensure the security of your AWS account, the secret access key is
+    # To ensure the security of your account, the secret access key is
     # accessible only during key and user creation. You must save the key
     # (for example, in a text file) if you want to be able to access it
     # again. If a secret key is lost, you can delete the access keys for the
@@ -857,9 +857,9 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Creates an alias for your AWS account. For information about using an
-    # AWS account alias, see [Using an alias for your AWS account ID][1] in
-    # the *IAM User Guide*.
+    # Creates an alias for your account. For information about using an
+    # account alias, see [Using an alias for your account ID][1] in the *IAM
+    # User Guide*.
     #
     #
     #
@@ -1125,12 +1125,13 @@ module Aws::IAM
     end
 
     # Creates a password for the specified IAM user. A password allows an
-    # IAM user to access AWS services through the AWS Management Console.
+    # IAM user to access Amazon Web Services services through the Management
+    # Console.
     #
-    # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
-    # console to create a password for any IAM user. Use ChangePassword to
-    # update your own existing password in the **My Security Credentials**
-    # page in the AWS Management Console.
+    # You can use the CLI, the Amazon Web Services API, or the **Users**
+    # page in the IAM console to create a password for any IAM user. Use
+    # ChangePassword to update your own existing password in the **My
+    # Security Credentials** page in the Management Console.
     #
     # For more information about managing passwords, see [Managing
     # passwords][1] in the *IAM User Guide*.
@@ -1161,8 +1162,8 @@ module Aws::IAM
     #   character range (`\u00FF`). You can also include the tab (`\u0009`),
     #   line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
     #   of these characters are valid in a password. However, many tools, such
-    #   as the AWS Management Console, might restrict the ability to type
-    #   certain characters because they have special meaning within that tool.
+    #   as the Management Console, might restrict the ability to type certain
+    #   characters because they have special meaning within that tool.
     #
     #
     #
@@ -1225,21 +1226,39 @@ module Aws::IAM
     #
     # The OIDC provider that you create with this operation can be used as a
     # principal in a role's trust policy. Such a policy establishes a trust
-    # relationship between AWS and the OIDC provider.
+    # relationship between Amazon Web Services and the OIDC provider.
+    #
+    # If you are using an OIDC identity provider from Google, Facebook, or
+    # Amazon Cognito, you don't need to create a separate IAM identity
+    # provider. These OIDC identity providers are already built-in to Amazon
+    # Web Services and are available for your use. Instead, you can move
+    # directly to creating new roles using your identity provider. To learn
+    # more, see [Creating a role for web identity or OpenID connect
+    # federation][2] in the *IAM User Guide*.
     #
     # When you create the IAM OIDC provider, you specify the following:
     #
     # * The URL of the OIDC identity provider (IdP) to trust
     #
     # * A list of client IDs (also known as audiences) that identify the
-    #   application or applications that are allowed to authenticate using
-    #   the OIDC provider
+    #   application or applications allowed to authenticate using the OIDC
+    #   provider
     #
     # * A list of thumbprints of one or more server certificates that the
     #   IdP uses
     #
     # You get all of this information from the OIDC IdP that you want to use
-    # to access AWS.
+    # to access Amazon Web Services.
+    #
+    # <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
+    # providers (IdPs) through our library of trusted certificate
+    # authorities (CAs) instead of using a certificate thumbprint to verify
+    # your IdP server certificate. These OIDC IdPs include Google, and those
+    # that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)
+    # endpoint. In these cases, your legacy thumbprint remains in your
+    # configuration, but is no longer used for validation.
+    #
+    #  </note>
     #
     # <note markdown="1"> The trust for the OIDC provider is derived from the IAM provider that
     # this operation creates. Therefore, it is best to limit access to the
@@ -1250,6 +1269,7 @@ module Aws::IAM
     #
     #
     # [1]: http://openid.net/connect/
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
     #
     # @option params [required, String] :url
     #   The URL of the identity provider. The URL must begin with `https://`
@@ -1258,9 +1278,9 @@ module Aws::IAM
     #   but query parameters are not. Typically the URL consists of only a
     #   hostname, like `https://server.example.org` or `https://example.com`.
     #
-    #   You cannot register the same provider multiple times in a single AWS
+    #   You cannot register the same provider multiple times in a single
     #   account. If you try to submit a URL that has already been used for an
-    #   OpenID Connect provider in the AWS account, you will get an error.
+    #   OpenID Connect provider in the account, you will get an error.
     #
     # @option params [Array<String>] :client_id_list
     #   A list of client IDs (also known as audiences). When a mobile or web
@@ -1375,7 +1395,7 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Creates a new managed policy for your AWS account.
+    # Creates a new managed policy for your account.
     #
     # This operation creates a policy version with a version identifier of
     # `v1` and sets v1 as the policy's default version. For more
@@ -1426,12 +1446,20 @@ module Aws::IAM
     #   The JSON policy document that you want to use as the content for the
     #   new policy.
     #
-    #   You must provide policies in JSON format in IAM. However, for AWS
+    #   You must provide policies in JSON format in IAM. However, for
     #   CloudFormation templates formatted in YAML, you can provide the policy
-    #   in JSON or YAML format. AWS CloudFormation always converts a YAML
-    #   policy to JSON format before submitting it to IAM.
+    #   in JSON or YAML format. CloudFormation always converts a YAML policy
+    #   to JSON format before submitting it to IAM.
     #
-    #   The [regex pattern][1] used to validate this parameter is a string of
+    #   The maximum length of the policy document that you can pass in this
+    #   operation, including whitespace, is listed below. To view the maximum
+    #   character counts of a managed policy with no whitespaces, see [IAM and
+    #   STS character quotas][1].
+    #
+    #   To learn more about JSON policy grammar, see [Grammar of the IAM JSON
+    #   policy language][2] in the *IAM User Guide*.
+    #
+    #   The [regex pattern][3] used to validate this parameter is a string of
     #   characters consisting of the following:
     #
     #   * Any printable ASCII character ranging from the space character
@@ -1445,7 +1473,9 @@ module Aws::IAM
     #
     #
     #
-    #   [1]: http://wikipedia.org/wiki/regex
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
+    #   [3]: http://wikipedia.org/wiki/regex
     #
     # @option params [String] :description
     #   A friendly description of the policy.
@@ -1540,7 +1570,7 @@ module Aws::IAM
     #   add a new version.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -1550,12 +1580,17 @@ module Aws::IAM
     #   The JSON policy document that you want to use as the content for this
     #   new version of the policy.
     #
-    #   You must provide policies in JSON format in IAM. However, for AWS
+    #   You must provide policies in JSON format in IAM. However, for
     #   CloudFormation templates formatted in YAML, you can provide the policy
-    #   in JSON or YAML format. AWS CloudFormation always converts a YAML
-    #   policy to JSON format before submitting it to IAM.
+    #   in JSON or YAML format. CloudFormation always converts a YAML policy
+    #   to JSON format before submitting it to IAM.
     #
-    #   The [regex pattern][1] used to validate this parameter is a string of
+    #   The maximum length of the policy document that you can pass in this
+    #   operation, including whitespace, is listed below. To view the maximum
+    #   character counts of a managed policy with no whitespaces, see [IAM and
+    #   STS character quotas][1].
+    #
+    #   The [regex pattern][2] used to validate this parameter is a string of
     #   characters consisting of the following:
     #
     #   * Any printable ASCII character ranging from the space character
@@ -1569,7 +1604,8 @@ module Aws::IAM
     #
     #
     #
-    #   [1]: http://wikipedia.org/wiki/regex
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
+    #   [2]: http://wikipedia.org/wiki/regex
     #
     # @option params [Boolean] :set_as_default
     #   Specifies whether to set this version as the policy's default
@@ -1614,10 +1650,10 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Creates a new role for your AWS account. For more information about
-    # roles, see [IAM roles][1]. For information about quotas for role names
-    # and the number of roles you can create, see [IAM and STS quotas][2] in
-    # the *IAM User Guide*.
+    # Creates a new role for your account. For more information about roles,
+    # see [IAM roles][1]. For information about quotas for role names and
+    # the number of roles you can create, see [IAM and STS quotas][2] in the
+    # *IAM User Guide*.
     #
     #
     #
@@ -1655,10 +1691,9 @@ module Aws::IAM
     #   permission to assume the role.
     #
     #   In IAM, you must provide a JSON policy that has been converted to a
-    #   string. However, for AWS CloudFormation templates formatted in YAML,
-    #   you can provide the policy in JSON or YAML format. AWS CloudFormation
-    #   always converts a YAML policy to JSON format before submitting it to
-    #   IAM.
+    #   string. However, for CloudFormation templates formatted in YAML, you
+    #   can provide the policy in JSON or YAML format. CloudFormation always
+    #   converts a YAML policy to JSON format before submitting it to IAM.
     #
     #   The [regex pattern][1] used to validate this parameter is a string of
     #   characters consisting of the following:
@@ -1688,7 +1723,7 @@ module Aws::IAM
     #   default maximum of one hour is applied. This setting can have a value
     #   from 1 hour to 12 hours.
     #
-    #   Anyone who assumes the role from the AWS CLI or API can use the
+    #   Anyone who assumes the role from the or API can use the
     #   `DurationSeconds` API parameter or the `duration-seconds` CLI
     #   parameter to request a longer session. The `MaxSessionDuration`
     #   setting determines the maximum duration that can be requested using
@@ -1801,8 +1836,8 @@ module Aws::IAM
     # used as a principal in an IAM role's trust policy. Such a policy can
     # enable federated users who sign in using the SAML IdP to assume the
     # role. You can create an IAM role that supports Web-based single
-    # sign-on (SSO) to the AWS Management Console or one that supports API
-    # access to AWS.
+    # sign-on (SSO) to the Management Console or one that supports API
+    # access to Amazon Web Services.
     #
     # When you create the SAML provider resource, you upload a SAML metadata
     # document that you get from your IdP. That document includes the
@@ -1816,8 +1851,8 @@ module Aws::IAM
     #  </note>
     #
     # For more information, see [Enabling SAML 2.0 federated users to access
-    # the AWS Management Console][2] and [About SAML 2.0-based
-    # federation][3] in the *IAM User Guide*.
+    # the Management Console][2] and [About SAML 2.0-based federation][3] in
+    # the *IAM User Guide*.
     #
     #
     #
@@ -1902,33 +1937,35 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Creates an IAM role that is linked to a specific AWS service. The
-    # service controls the attached policies and when the role can be
-    # deleted. This helps ensure that the service is not broken by an
-    # unexpectedly changed or deleted role, which could put your AWS
-    # resources into an unknown state. Allowing the service to control the
-    # role helps improve service stability and proper cleanup when a service
-    # and its role are no longer needed. For more information, see [Using
-    # service-linked roles][1] in the *IAM User Guide*.
+    # Creates an IAM role that is linked to a specific Amazon Web Services
+    # service. The service controls the attached policies and when the role
+    # can be deleted. This helps ensure that the service is not broken by an
+    # unexpectedly changed or deleted role, which could put your Amazon Web
+    # Services resources into an unknown state. Allowing the service to
+    # control the role helps improve service stability and proper cleanup
+    # when a service and its role are no longer needed. For more
+    # information, see [Using service-linked roles][1] in the *IAM User
+    # Guide*.
     #
     # To attach a policy to this service-linked role, you must make the
-    # request using the AWS service that depends on this role.
+    # request using the Amazon Web Services service that depends on this
+    # role.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
     #
     # @option params [required, String] :aws_service_name
-    #   The service principal for the AWS service to which this role is
-    #   attached. You use a string similar to a URL but without the http:// in
-    #   front. For example: `elasticbeanstalk.amazonaws.com`.
+    #   The service principal for the Amazon Web Services service to which
+    #   this role is attached. You use a string similar to a URL but without
+    #   the http:// in front. For example: `elasticbeanstalk.amazonaws.com`.
     #
     #   Service principals are unique and case-sensitive. To find the exact
-    #   service principal for your service-linked role, see [AWS services that
-    #   work with IAM][1] in the *IAM User Guide*. Look for the services that
-    #   have <b>Yes </b>in the **Service-Linked Role** column. Choose the
-    #   **Yes** link to view the service-linked role documentation for that
-    #   service.
+    #   service principal for your service-linked role, see [Amazon Web
+    #   Services services that work with IAM][1] in the *IAM User Guide*. Look
+    #   for the services that have <b>Yes </b>in the **Service-Linked Role**
+    #   column. Choose the **Yes** link to view the service-linked role
+    #   documentation for that service.
     #
     #
     #
@@ -1995,15 +2032,15 @@ module Aws::IAM
     # You can have a maximum of two sets of service-specific credentials for
     # each supported service per user.
     #
-    # You can create service-specific credentials for AWS CodeCommit and
-    # Amazon Keyspaces (for Apache Cassandra).
+    # You can create service-specific credentials for CodeCommit and Amazon
+    # Keyspaces (for Apache Cassandra).
     #
     # You can reset the password to a new service-generated value by calling
     # ResetServiceSpecificCredential.
     #
     # For more information about service-specific credentials, see [Using
-    # IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access
-    # keys][1] in the *IAM User Guide*.
+    # IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web
+    # Services access keys][1] in the *IAM User Guide*.
     #
     #
     #
@@ -2025,9 +2062,9 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #
     # @option params [required, String] :service_name
-    #   The name of the AWS service that is to be associated with the
-    #   credentials. The service you specify here is the only service that can
-    #   be accessed using these credentials.
+    #   The name of the Amazon Web Services service that is to be associated
+    #   with the credentials. The service you specify here is the only service
+    #   that can be accessed using these credentials.
     #
     # @return [Types::CreateServiceSpecificCredentialResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2059,7 +2096,7 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Creates a new IAM user for your AWS account.
+    # Creates a new IAM user for your account.
     #
     # For information about quotas for the number of IAM users you can
     # create, see [IAM and STS quotas][1] in the *IAM User Guide*.
@@ -2174,20 +2211,20 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Creates a new virtual MFA device for the AWS account. After creating
-    # the virtual MFA, use EnableMFADevice to attach the MFA device to an
-    # IAM user. For more information about creating and working with virtual
-    # MFA devices, see [Using a virtual MFA device][1] in the *IAM User
-    # Guide*.
+    # Creates a new virtual MFA device for the account. After creating the
+    # virtual MFA, use EnableMFADevice to attach the MFA device to an IAM
+    # user. For more information about creating and working with virtual MFA
+    # devices, see [Using a virtual MFA device][1] in the *IAM User Guide*.
     #
     # For information about the maximum number of MFA devices you can
     # create, see [IAM and STS quotas][2] in the *IAM User Guide*.
     #
     # The seed information contained in the QR code and the Base32 string
     # should be treated like any other secret access information. In other
-    # words, protect the seed information as you would your AWS access keys
-    # or your passwords. After you provision your virtual device, you should
-    # ensure that the information is destroyed following secure procedures.
+    # words, protect the seed information as you would your Amazon Web
+    # Services access keys or your passwords. After you provision your
+    # virtual device, you should ensure that the information is destroyed
+    # following secure procedures.
     #
     #
     #
@@ -2346,10 +2383,10 @@ module Aws::IAM
     # Deletes the access key pair associated with the specified IAM user.
     #
     # If you do not specify a user name, IAM determines the user name
-    # implicitly based on the AWS access key ID signing the request. This
-    # operation works for access keys under the AWS account. Consequently,
-    # you can use this operation to manage AWS account root user credentials
-    # even if the AWS account has no associated users.
+    # implicitly based on the Amazon Web Services access key ID signing the
+    # request. This operation works for access keys under the account.
+    # Consequently, you can use this operation to manage account root user
+    # credentials even if the account has no associated users.
     #
     # @option params [String] :user_name
     #   The name of the user whose access key pair you want to delete.
@@ -2403,9 +2440,9 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Deletes the specified AWS account alias. For information about using
-    # an AWS account alias, see [Using an alias for your AWS account ID][1]
-    # in the *IAM User Guide*.
+    # Deletes the specified account alias. For information about using an
+    # Amazon Web Services account alias, see [Using an alias for your
+    # account ID][1] in the *IAM User Guide*.
     #
     #
     #
@@ -2449,8 +2486,7 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Deletes the password policy for the AWS account. There are no
-    # parameters.
+    # Deletes the password policy for the account. There are no parameters.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -2622,19 +2658,19 @@ module Aws::IAM
     end
 
     # Deletes the password for the specified IAM user, which terminates the
-    # user's ability to access AWS services through the AWS Management
-    # Console.
+    # user's ability to access Amazon Web Services services through the
+    # Management Console.
     #
-    # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
-    # console to delete a password for any IAM user. You can use
-    # ChangePassword to update, but not delete, your own password in the
-    # **My Security Credentials** page in the AWS Management Console.
+    # You can use the CLI, the Amazon Web Services API, or the **Users**
+    # page in the IAM console to delete a password for any IAM user. You can
+    # use ChangePassword to update, but not delete, your own password in the
+    # **My Security Credentials** page in the Management Console.
     #
-    # Deleting a user's password does not prevent a user from accessing AWS
-    # through the command line interface or the API. To prevent all user
-    # access, you must also either make any access keys inactive or delete
-    # them. For more information about making keys inactive or deleting
-    # them, see UpdateAccessKey and DeleteAccessKey.
+    # Deleting a user's password does not prevent a user from accessing
+    # Amazon Web Services through the command line interface or the API. To
+    # prevent all user access, you must also either make any access keys
+    # inactive or delete them. For more information about making keys
+    # inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
     #
     # @option params [required, String] :user_name
     #   The name of the user whose password you want to delete.
@@ -2739,7 +2775,7 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy you want to delete.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -2781,7 +2817,7 @@ module Aws::IAM
     #   to delete a version.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -3002,10 +3038,10 @@ module Aws::IAM
     # Deletes the specified SSH public key.
     #
     # The SSH public key deleted by this operation is used only for
-    # authenticating the associated IAM user to an AWS CodeCommit
-    # repository. For more information about using SSH keys to authenticate
-    # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
-    # connections][1] in the *AWS CodeCommit User Guide*.
+    # authenticating the associated IAM user to an CodeCommit repository.
+    # For more information about using SSH keys to authenticate to an
+    # CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
+    # in the *CodeCommit User Guide*.
     #
     #
     #
@@ -3056,8 +3092,8 @@ module Aws::IAM
     #
     # For more information about working with server certificates, see
     # [Working with server certificates][1] in the *IAM User Guide*. This
-    # topic also includes a list of AWS services that can use the server
-    # certificates that you manage with IAM.
+    # topic also includes a list of Amazon Web Services services that can
+    # use the server certificates that you manage with IAM.
     #
     # If you are using a server certificate with Elastic Load Balancing,
     # deleting the certificate could have implications for your application.
@@ -3119,10 +3155,12 @@ module Aws::IAM
     # first remove those resources from the linked service and then submit
     # the deletion request again. Resources are specific to the service that
     # is linked to the role. For more information about removing resources
-    # from a service, see the [AWS documentation][1] for your service.
+    # from a service, see the [Amazon Web Services documentation][1] for
+    # your service.
     #
     # For more information about service-linked roles, see [Roles terms and
-    # concepts: AWS service-linked role][2] in the *IAM User Guide*.
+    # concepts: Amazon Web Services service-linked role][2] in the *IAM User
+    # Guide*.
     #
     #
     #
@@ -3204,10 +3242,10 @@ module Aws::IAM
     # Deletes a signing certificate associated with the specified IAM user.
     #
     # If you do not specify a user name, IAM determines the user name
-    # implicitly based on the AWS access key ID signing the request. This
-    # operation works for access keys under the AWS account. Consequently,
-    # you can use this operation to manage AWS account root user credentials
-    # even if the AWS account has no associated IAM users.
+    # implicitly based on the Amazon Web Services access key ID signing the
+    # request. This operation works for access keys under the account.
+    # Consequently, you can use this operation to manage account root user
+    # credentials even if the account has no associated IAM users.
     #
     # @option params [String] :user_name
     #   The name of the user the signing certificate belongs to.
@@ -3260,11 +3298,11 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Deletes the specified IAM user. Unlike the AWS Management Console,
-    # when you delete a user programmatically, you must delete the items
-    # attached to the user manually, or the deletion fails. For more
-    # information, see [Deleting an IAM user][1]. Before attempting to
-    # delete a user, remove the following items:
+    # Deletes the specified IAM user. Unlike the Management Console, when
+    # you delete a user programmatically, you must delete the items attached
+    # to the user manually, or the deletion fails. For more information, see
+    # [Deleting an IAM user][1]. Before attempting to delete a user, remove
+    # the following items:
     #
     # * Password (DeleteLoginProfile)
     #
@@ -3493,7 +3531,7 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy you want to detach.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -3544,7 +3582,7 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy you want to detach.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -3595,7 +3633,7 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the IAM policy you want to detach.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -3700,9 +3738,9 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Generates a credential report for the AWS account. For more
-    # information about the credential report, see [Getting credential
-    # reports][1] in the *IAM User Guide*.
+    # Generates a credential report for the account. For more information
+    # about the credential report, see [Getting credential reports][1] in
+    # the *IAM User Guide*.
     #
     #
     #
@@ -3727,18 +3765,17 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Generates a report for service last accessed data for AWS
-    # Organizations. You can generate a report for any entities
-    # (organization root, organizational unit, or account) or policies in
-    # your organization.
+    # Generates a report for service last accessed data for Organizations.
+    # You can generate a report for any entities (organization root,
+    # organizational unit, or account) or policies in your organization.
     #
-    # To call this operation, you must be signed in using your AWS
-    # Organizations management account credentials. You can use your
-    # long-term IAM user or root user credentials, or temporary credentials
-    # from assuming an IAM role. SCPs must be enabled for your organization
-    # root. You must have the required IAM and AWS Organizations
-    # permissions. For more information, see [Refining permissions using
-    # service last accessed data][1] in the *IAM User Guide*.
+    # To call this operation, you must be signed in using your Organizations
+    # management account credentials. You can use your long-term IAM user or
+    # root user credentials, or temporary credentials from assuming an IAM
+    # role. SCPs must be enabled for your organization root. You must have
+    # the required IAM and Organizations permissions. For more information,
+    # see [Refining permissions using service last accessed data][1] in the
+    # *IAM User Guide*.
     #
     # You can generate a service last accessed data report for entities by
     # specifying only the entity's path. This data includes a list of
@@ -3746,8 +3783,8 @@ module Aws::IAM
     # apply to the entity.
     #
     # You can generate a service last accessed data report for a policy by
-    # specifying an entity's path and an optional AWS Organizations policy
-    # ID. This data includes a list of services that are allowed by the
+    # specifying an entity's path and an optional Organizations policy ID.
+    # This data includes a list of services that are allowed by the
     # specified SCP.
     #
     # For each service in both report types, the data includes the most
@@ -3757,15 +3794,16 @@ module Aws::IAM
     # troubleshooting, and supported Regions see [Reducing permissions using
     # service last accessed data][1] in the *IAM User Guide*.
     #
-    # The data includes all attempts to access AWS, not just the successful
-    # ones. This includes all attempts that were made using the AWS
-    # Management Console, the AWS API through any of the SDKs, or any of the
-    # command line tools. An unexpected entry in the service last accessed
-    # data does not mean that an account has been compromised, because the
-    # request might have been denied. Refer to your CloudTrail logs as the
-    # authoritative source for information about all API calls and whether
-    # they were successful or denied access. For more information,
-    # see [Logging IAM events with CloudTrail][2] in the *IAM User Guide*.
+    # The data includes all attempts to access Amazon Web Services, not just
+    # the successful ones. This includes all attempts that were made using
+    # the Management Console, the Amazon Web Services API through any of the
+    # SDKs, or any of the command line tools. An unexpected entry in the
+    # service last accessed data does not mean that an account has been
+    # compromised, because the request might have been denied. Refer to your
+    # CloudTrail logs as the authoritative source for information about all
+    # API calls and whether they were successful or denied access. For more
+    # information, see [Logging IAM events with CloudTrail][2] in the *IAM
+    # User Guide*.
     #
     # This operation returns a `JobId`. Use this parameter in the `
     # GetOrganizationsAccessReport ` operation to check the status of the
@@ -3775,9 +3813,9 @@ module Aws::IAM
     # you can retrieve the report.
     #
     # To generate a service last accessed data report for entities, specify
-    # an entity path without specifying the optional AWS Organizations
-    # policy ID. The type of entity that you specify determines the data
-    # returned in the report.
+    # an entity path without specifying the optional Organizations policy
+    # ID. The type of entity that you specify determines the data returned
+    # in the report.
     #
     # * **Root** – When you specify the organizations root as the entity,
     #   the resulting report lists all of the services allowed by SCPs that
@@ -3793,9 +3831,9 @@ module Aws::IAM
     #   not limited by SCPs.
     #
     # * **management account** – When you specify the management account,
-    #   the resulting report lists all AWS services, because the management
-    #   account is not limited by SCPs. For each service, the report
-    #   includes data for only the management account.
+    #   the resulting report lists all Amazon Web Services services, because
+    #   the management account is not limited by SCPs. For each service, the
+    #   report includes data for only the management account.
     #
     # * **Account** – When you specify another account as the entity, the
     #   resulting report lists all of the services allowed by SCPs that are
@@ -3803,9 +3841,8 @@ module Aws::IAM
     #   report includes data for only the specified account.
     #
     # To generate a service last accessed data report for policies, specify
-    # an entity path and the optional AWS Organizations policy ID. The type
-    # of entity that you specify determines the data returned for each
-    # service.
+    # an entity path and the optional Organizations policy ID. The type of
+    # entity that you specify determines the data returned for each service.
     #
     # * **Root** – When you specify the root entity and a policy ID, the
     #   resulting report lists all of the services that are allowed by the
@@ -3827,10 +3864,10 @@ module Aws::IAM
     #   the report will return a list of services with no data.
     #
     # * **management account** – When you specify the management account,
-    #   the resulting report lists all AWS services, because the management
-    #   account is not limited by SCPs. If you specify a policy ID in the
-    #   CLI or API, the policy is ignored. For each service, the report
-    #   includes data for only the management account.
+    #   the resulting report lists all Amazon Web Services services, because
+    #   the management account is not limited by SCPs. If you specify a
+    #   policy ID in the CLI or API, the policy is ignored. For each
+    #   service, the report includes data for only the management account.
     #
     # * **Account** – When you specify another account entity and a policy
     #   ID, the resulting report lists all of the services that are allowed
@@ -3859,21 +3896,21 @@ module Aws::IAM
     # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
     #
     # @option params [required, String] :entity_path
-    #   The path of the AWS Organizations entity (root, OU, or account). You
-    #   can build an entity path using the known structure of your
-    #   organization. For example, assume that your account ID is
-    #   `123456789012` and its parent OU ID is `ou-rge0-awsabcde`. The
-    #   organization root ID is `r-f6g7h8i9j0example` and your organization ID
-    #   is `o-a1b2c3d4e5`. Your entity path is
+    #   The path of the Organizations entity (root, OU, or account). You can
+    #   build an entity path using the known structure of your organization.
+    #   For example, assume that your account ID is `123456789012` and its
+    #   parent OU ID is `ou-rge0-awsabcde`. The organization root ID is
+    #   `r-f6g7h8i9j0example` and your organization ID is `o-a1b2c3d4e5`. Your
+    #   entity path is
     #   `o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012`.
     #
     # @option params [String] :organizations_policy_id
-    #   The identifier of the AWS Organizations service control policy (SCP).
-    #   This parameter is optional.
+    #   The identifier of the Organizations service control policy (SCP). This
+    #   parameter is optional.
     #
     #   This ID is used to generate information about when an account
-    #   principal that is limited by the SCP attempted to access an AWS
-    #   service.
+    #   principal that is limited by the SCP attempted to access an Amazon Web
+    #   Services service.
     #
     # @return [Types::GenerateOrganizationsAccessReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -3915,31 +3952,31 @@ module Aws::IAM
 
     # Generates a report that includes details about when an IAM resource
     # (user, group, role, or policy) was last used in an attempt to access
-    # AWS services. Recent activity usually appears within four hours. IAM
-    # reports activity for the last 365 days, or less if your Region began
-    # supporting this feature within the last year. For more information,
-    # see [Regions where data is tracked][1].
-    #
-    # The service last accessed data includes all attempts to access an AWS
-    # API, not just the successful ones. This includes all attempts that
-    # were made using the AWS Management Console, the AWS API through any of
-    # the SDKs, or any of the command line tools. An unexpected entry in the
-    # service last accessed data does not mean that your account has been
-    # compromised, because the request might have been denied. Refer to your
-    # CloudTrail logs as the authoritative source for information about all
-    # API calls and whether they were successful or denied access. For more
-    # information, see [Logging IAM events with CloudTrail][2] in the *IAM
-    # User Guide*.
+    # Amazon Web Services services. Recent activity usually appears within
+    # four hours. IAM reports activity for the last 365 days, or less if
+    # your Region began supporting this feature within the last year. For
+    # more information, see [Regions where data is tracked][1].
+    #
+    # The service last accessed data includes all attempts to access an
+    # Amazon Web Services API, not just the successful ones. This includes
+    # all attempts that were made using the Management Console, the Amazon
+    # Web Services API through any of the SDKs, or any of the command line
+    # tools. An unexpected entry in the service last accessed data does not
+    # mean that your account has been compromised, because the request might
+    # have been denied. Refer to your CloudTrail logs as the authoritative
+    # source for information about all API calls and whether they were
+    # successful or denied access. For more information, see [Logging IAM
+    # events with CloudTrail][2] in the *IAM User Guide*.
     #
     # The `GenerateServiceLastAccessedDetails` operation returns a `JobId`.
     # Use this parameter in the following operations to retrieve the
     # following details from your report:
     #
     # * GetServiceLastAccessedDetails – Use this operation for users,
-    #   groups, roles, or policies to list every AWS service that the
-    #   resource could access using permissions policies. For each service,
-    #   the response includes information about the most recent access
-    #   attempt.
+    #   groups, roles, or policies to list every Amazon Web Services service
+    #   that the resource could access using permissions policies. For each
+    #   service, the response includes information about the most recent
+    #   access attempt.
     #
     #   The `JobId` returned by `GenerateServiceLastAccessedDetail` must be
     #   used by the same role within a session, or by the same user when
@@ -3947,8 +3984,8 @@ module Aws::IAM
     #
     # * GetServiceLastAccessedDetailsWithEntities – Use this operation for
     #   groups and policies to list information about the associated
-    #   entities (users or roles) that attempted to access a specific AWS
-    #   service.
+    #   entities (users or roles) that attempted to access a specific Amazon
+    #   Web Services service.
     #
     # To check the status of the `GenerateServiceLastAccessedDetails`
     # request, use the `JobId` parameter in the same operations and test the
@@ -3961,10 +3998,10 @@ module Aws::IAM
     # <note markdown="1"> Service last accessed data does not use other policy types when
     # determining whether a resource could access a service. These other
     # policy types include resource-based policies, access control lists,
-    # AWS Organizations policies, IAM permissions boundaries, and AWS STS
-    # assume role policies. It only applies permissions policy logic. For
-    # more about the evaluation of policy types, see [Evaluating
-    # policies][3] in the *IAM User Guide*.
+    # Organizations policies, IAM permissions boundaries, and STS assume
+    # role policies. It only applies permissions policy logic. For more
+    # about the evaluation of policy types, see [Evaluating policies][3] in
+    # the *IAM User Guide*.
     #
     #  </note>
     #
@@ -3982,7 +4019,7 @@ module Aws::IAM
     # @option params [required, String] :arn
     #   The ARN of the IAM resource (user, group, role, or managed policy)
     #   used to generate information about when the resource was last used in
-    #   an attempt to access an AWS service.
+    #   an attempt to access an Amazon Web Services service.
     #
     # @option params [String] :granularity
     #   The level of detail that you want to generate. You can specify whether
@@ -4032,8 +4069,8 @@ module Aws::IAM
 
     # Retrieves information about when the specified access key was last
     # used. The information includes the date and time of last use, along
-    # with the AWS service and Region that were specified in the last
-    # request made with that key.
+    # with the Amazon Web Services service and Region that were specified in
+    # the last request made with that key.
     #
     # @option params [required, String] :access_key_id
     #   The identifier of an access key.
@@ -4074,9 +4111,10 @@ module Aws::IAM
     end
 
     # Retrieves information about all IAM users, groups, roles, and policies
-    # in your AWS account, including their relationships to one another. Use
-    # this operation to obtain a snapshot of the configuration of IAM
-    # permissions (users, groups, roles, and policies) in your account.
+    # in your Amazon Web Services account, including their relationships to
+    # one another. Use this operation to obtain a snapshot of the
+    # configuration of IAM permissions (users, groups, roles, and policies)
+    # in your account.
     #
     # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
     # [RFC 3986][1]. You can use a URL decoding method to convert the policy
@@ -4246,7 +4284,7 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Retrieves the password policy for the AWS account. This tells you the
+    # Retrieves the password policy for the account. This tells you the
     # complexity requirements and mandatory rotation periods for the IAM
     # user passwords in your account. For more information about using a
     # password policy, see [Managing an IAM password policy][1].
@@ -4305,8 +4343,8 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Retrieves information about IAM entity usage and IAM quotas in the AWS
-    # account.
+    # Retrieves information about IAM entity usage and IAM quotas in the
+    # Amazon Web Services account.
     #
     # For information about IAM quotas, see [IAM and STS quotas][1] in the
     # *IAM User Guide*.
@@ -4378,14 +4416,14 @@ module Aws::IAM
     # To get the context keys from policies associated with an IAM user,
     # group, or role, use GetContextKeysForPrincipalPolicy.
     #
-    # Context keys are variables maintained by AWS and its services that
-    # provide details about the context of an API query request. Context
-    # keys can be evaluated by testing against a value specified in an IAM
-    # policy. Use `GetContextKeysForCustomPolicy` to understand what key
-    # names and values you must supply when you call SimulateCustomPolicy.
-    # Note that all parameters are shown in unencoded form here for clarity
-    # but must be URL encoded to be included as a part of a real HTML
-    # request.
+    # Context keys are variables maintained by Amazon Web Services and its
+    # services that provide details about the context of an API query
+    # request. Context keys can be evaluated by testing against a value
+    # specified in an IAM policy. Use `GetContextKeysForCustomPolicy` to
+    # understand what key names and values you must supply when you call
+    # SimulateCustomPolicy. Note that all parameters are shown in unencoded
+    # form here for clarity but must be URL encoded to be included as a part
+    # of a real HTML request.
     #
     # @option params [required, Array<String>] :policy_input_list
     #   A list of policies for which you want the list of context keys
@@ -4447,11 +4485,12 @@ module Aws::IAM
     # permissions, then consider allowing them to use
     # GetContextKeysForCustomPolicy instead.
     #
-    # Context keys are variables maintained by AWS and its services that
-    # provide details about the context of an API query request. Context
-    # keys can be evaluated by testing against a value in an IAM policy. Use
-    # GetContextKeysForPrincipalPolicy to understand what key names and
-    # values you must supply when you call SimulatePrincipalPolicy.
+    # Context keys are variables maintained by Amazon Web Services and its
+    # services that provide details about the context of an API query
+    # request. Context keys can be evaluated by testing against a value in
+    # an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what
+    # key names and values you must supply when you call
+    # SimulatePrincipalPolicy.
     #
     # @option params [required, String] :policy_source_arn
     #   The ARN of a user, group, or role whose policies contain the context
@@ -4464,7 +4503,7 @@ module Aws::IAM
     #   URL encoded to be included as a part of a real HTML request.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -4515,9 +4554,9 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Retrieves a credential report for the AWS account. For more
-    # information about the credential report, see [Getting credential
-    # reports][1] in the *IAM User Guide*.
+    # Retrieves a credential report for the account. For more information
+    # about the credential report, see [Getting credential reports][1] in
+    # the *IAM User Guide*.
     #
     #
     #
@@ -4802,9 +4841,19 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Retrieves the user name and password creation date for the specified
-    # IAM user. If the user has not been assigned a password, the operation
-    # returns a 404 (`NoSuchEntity`) error.
+    # Retrieves the user name for the specified IAM user. A login profile is
+    # created when you create a password for the user to access the
+    # Management Console. If the user does not exist or does not have a
+    # password, the operation returns a 404 (`NoSuchEntity`) error.
+    #
+    # If you create an IAM user with access to the console, the `CreateDate`
+    # reflects the date you created the initial password for the user.
+    #
+    # If you create an IAM user with programmatic access, and then later add
+    # a password for the user to access the Management Console, the
+    # `CreateDate` reflects the initial password creation date. A user with
+    # programmatic access does not have a login profile unless you create a
+    # password for the user to access the Management Console.
     #
     # @option params [required, String] :user_name
     #   The name of the user whose login profile you want to retrieve.
@@ -4869,7 +4918,7 @@ module Aws::IAM
     #   resource ARNs by using the ListOpenIDConnectProviders operation.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -4910,10 +4959,10 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Retrieves the service last accessed data report for AWS Organizations
-    # that was previously generated using the `
-    # GenerateOrganizationsAccessReport ` operation. This operation
-    # retrieves the status of your report job and the report contents.
+    # Retrieves the service last accessed data report for Organizations that
+    # was previously generated using the ` GenerateOrganizationsAccessReport
+    # ` operation. This operation retrieves the status of your report job
+    # and the report contents.
     #
     # Depending on the parameters that you passed when you generated the
     # report, the data returned could include different information. For
@@ -5080,7 +5129,7 @@ module Aws::IAM
     #   information about.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -5162,7 +5211,7 @@ module Aws::IAM
     #   information about.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -5401,7 +5450,7 @@ module Aws::IAM
     #   IAM to get information about.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -5442,10 +5491,10 @@ module Aws::IAM
     # key.
     #
     # The SSH public key retrieved by this operation is used only for
-    # authenticating the associated IAM user to an AWS CodeCommit
-    # repository. For more information about using SSH keys to authenticate
-    # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
-    # connections][1] in the *AWS CodeCommit User Guide*.
+    # authenticating the associated IAM user to an CodeCommit repository.
+    # For more information about using SSH keys to authenticate to an
+    # CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
+    # in the *CodeCommit User Guide*.
     #
     #
     #
@@ -5514,8 +5563,8 @@ module Aws::IAM
     #
     # For more information about working with server certificates, see
     # [Working with server certificates][1] in the *IAM User Guide*. This
-    # topic includes a list of AWS services that can use the server
-    # certificates that you manage with IAM.
+    # topic includes a list of Amazon Web Services services that can use the
+    # server certificates that you manage with IAM.
     #
     #
     #
@@ -5571,17 +5620,17 @@ module Aws::IAM
     # `GenerateServiceLastAccessedDetails` operation. You can use the
     # `JobId` parameter in `GetServiceLastAccessedDetails` to retrieve the
     # status of your report job. When the report is complete, you can
-    # retrieve the generated report. The report includes a list of AWS
-    # services that the resource (user, group, role, or managed policy) can
-    # access.
+    # retrieve the generated report. The report includes a list of Amazon
+    # Web Services services that the resource (user, group, role, or managed
+    # policy) can access.
     #
     # <note markdown="1"> Service last accessed data does not use other policy types when
     # determining whether a resource could access a service. These other
     # policy types include resource-based policies, access control lists,
-    # AWS Organizations policies, IAM permissions boundaries, and AWS STS
-    # assume role policies. It only applies permissions policy logic. For
-    # more about the evaluation of policy types, see [Evaluating
-    # policies][1] in the *IAM User Guide*.
+    # Organizations policies, IAM permissions boundaries, and STS assume
+    # role policies. It only applies permissions policy logic. For more
+    # about the evaluation of policy types, see [Evaluating policies][1] in
+    # the *IAM User Guide*.
     #
     #  </note>
     #
@@ -5760,16 +5809,17 @@ module Aws::IAM
     #   `GenerateServiceLastAccessedDetails` operation.
     #
     # @option params [required, String] :service_namespace
-    #   The service namespace for an AWS service. Provide the service
-    #   namespace to learn when the IAM entity last attempted to access the
-    #   specified service.
+    #   The service namespace for an Amazon Web Services service. Provide the
+    #   service namespace to learn when the IAM entity last attempted to
+    #   access the specified service.
     #
     #   To learn the service namespace for a service, see [Actions, resources,
-    #   and condition keys for AWS services][1] in the *IAM User Guide*.
-    #   Choose the name of the service to view details for that service. In
-    #   the first paragraph, find the service prefix. For example, `(service
-    #   prefix: a4b)`. For more information about service namespaces, see [AWS
-    #   service namespaces][2] in the *AWS General Reference*.
+    #   and condition keys for Amazon Web Services services][1] in the *IAM
+    #   User Guide*. Choose the name of the service to view details for that
+    #   service. In the first paragraph, find the service prefix. For example,
+    #   `(service prefix: a4b)`. For more information about service
+    #   namespaces, see [Amazon Web Services service namespaces][2] in
+    #   the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -5922,8 +5972,8 @@ module Aws::IAM
     # user's creation date, path, unique ID, and ARN.
     #
     # If you do not specify a user name, IAM determines the user name
-    # implicitly based on the AWS access key ID used to sign the request to
-    # this operation.
+    # implicitly based on the Amazon Web Services access key ID used to sign
+    # the request to this operation.
     #
     # @option params [String] :user_name
     #   The name of the user to get information about.
@@ -6080,12 +6130,12 @@ module Aws::IAM
     # paginate the results using the `MaxItems` and `Marker` parameters.
     #
     # If the `UserName` field is not specified, the user name is determined
-    # implicitly based on the AWS access key ID used to sign the request.
-    # This operation works for access keys under the AWS account.
-    # Consequently, you can use this operation to manage AWS account root
-    # user credentials even if the AWS account has no associated users.
+    # implicitly based on the Amazon Web Services access key ID used to sign
+    # the request. This operation works for access keys under the account.
+    # Consequently, you can use this operation to manage account root user
+    # credentials even if the account has no associated users.
     #
-    # <note markdown="1"> To ensure the security of your AWS account, the secret access key is
+    # <note markdown="1"> To ensure the security of your account, the secret access key is
     # accessible only during key and user creation.
     #
     #  </note>
@@ -6181,9 +6231,9 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Lists the account alias associated with the AWS account (Note: you can
-    # have only one). For information about using an AWS account alias, see
-    # [Using an alias for your AWS account ID][1] in the *IAM User Guide*.
+    # Lists the account alias associated with the account (Note: you can
+    # have only one). For information about using an account alias, see
+    # [Using an alias for your account ID][1] in the *IAM User Guide*.
     #
     #
     #
@@ -6562,7 +6612,7 @@ module Aws::IAM
     #   the versions.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -6980,10 +7030,10 @@ module Aws::IAM
     # @option params [required, String] :instance_profile_name
     #   The name of the IAM instance profile whose tags you want to see.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -6996,16 +7046,15 @@ module Aws::IAM
     #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items that you want in the response. If additional
-    #   items exist beyond the maximum that you specify, the `IsTruncated`
-    #   response element is `true`.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is `true`.
     #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when more results are available.
-    #   In that case, the `IsTruncated` response element returns `true`, and
-    #   `Marker` contains a value to include in the subsequent call that tells
-    #   the service where to continue from.
+    #   If you do not include this parameter, the number of items defaults to
+    #   100. Note that IAM might return fewer results, even when there are
+    #   more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #
     # @return [Types::ListInstanceProfileTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -7257,10 +7306,10 @@ module Aws::IAM
     #   want to see. For virtual MFA devices, the serial number is the same as
     #   the ARN.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -7273,16 +7322,15 @@ module Aws::IAM
     #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items that you want in the response. If additional
-    #   items exist beyond the maximum that you specify, the `IsTruncated`
-    #   response element is `true`.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is `true`.
     #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when more results are available.
-    #   In that case, the `IsTruncated` response element returns `true`, and
-    #   `Marker` contains a value to include in the subsequent call that tells
-    #   the service where to continue from.
+    #   If you do not include this parameter, the number of items defaults to
+    #   100. Note that IAM might return fewer results, even when there are
+    #   more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #
     # @return [Types::ListMFADeviceTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -7318,8 +7366,8 @@ module Aws::IAM
     # Lists the MFA devices for an IAM user. If the request includes a IAM
     # user name, then this operation lists all the MFA devices associated
     # with the specified user. If you do not specify a user name, IAM
-    # determines the user name implicitly based on the AWS access key ID
-    # signing the request for this operation.
+    # determines the user name implicitly based on the Amazon Web Services
+    # access key ID signing the request for this operation.
     #
     # You can paginate the results using the `MaxItems` and `Marker`
     # parameters.
@@ -7404,10 +7452,10 @@ module Aws::IAM
     #   The ARN of the OpenID Connect (OIDC) identity provider whose tags you
     #   want to see.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -7420,16 +7468,15 @@ module Aws::IAM
     #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items that you want in the response. If additional
-    #   items exist beyond the maximum that you specify, the `IsTruncated`
-    #   response element is `true`.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is `true`.
     #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when more results are available.
-    #   In that case, the `IsTruncated` response element returns `true`, and
-    #   `Marker` contains a value to include in the subsequent call that tells
-    #   the service where to continue from.
+    #   If you do not include this parameter, the number of items defaults to
+    #   100. Note that IAM might return fewer results, even when there are
+    #   more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #
     # @return [Types::ListOpenIDConnectProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -7463,7 +7510,7 @@ module Aws::IAM
     end
 
     # Lists information about the IAM OpenID Connect (OIDC) provider
-    # resource objects defined in the AWS account.
+    # resource objects defined in the account.
     #
     # <note markdown="1"> IAM resource-listing operations return a subset of the available
     # attributes for the resource. For example, this operation does not
@@ -7491,15 +7538,15 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Lists all the managed policies that are available in your AWS account,
-    # including your own customer-defined managed policies and all AWS
-    # managed policies.
+    # Lists all the managed policies that are available in your account,
+    # including your own customer-defined managed policies and all Amazon
+    # Web Services managed policies.
     #
     # You can filter the list of policies that is returned using the
     # optional `OnlyAttached`, `Scope`, and `PathPrefix` parameters. For
-    # example, to list only the customer managed policies in your AWS
-    # account, set `Scope` to `Local`. To list only AWS managed policies,
-    # set `Scope` to `AWS`.
+    # example, to list only the customer managed policies in your Amazon Web
+    # Services account, set `Scope` to `Local`. To list only Amazon Web
+    # Services managed policies, set `Scope` to `AWS`.
     #
     # You can paginate the results using the `MaxItems` and `Marker`
     # parameters.
@@ -7522,9 +7569,9 @@ module Aws::IAM
     # @option params [String] :scope
     #   The scope to use for filtering the results.
     #
-    #   To list only AWS managed policies, set `Scope` to `AWS`. To list only
-    #   the customer managed policies in your AWS account, set `Scope` to
-    #   `Local`.
+    #   To list only Amazon Web Services managed policies, set `Scope` to
+    #   `AWS`. To list only the customer managed policies in your account, set
+    #   `Scope` to `Local`.
     #
     #   This parameter is optional. If it is not included, or if it is set to
     #   `All`, all policies are returned.
@@ -7632,11 +7679,10 @@ module Aws::IAM
     #
     # <note markdown="1"> This operation does not use other policy types when determining
     # whether a resource could access a service. These other policy types
-    # include resource-based policies, access control lists, AWS
-    # Organizations policies, IAM permissions boundaries, and AWS STS assume
-    # role policies. It only applies permissions policy logic. For more
-    # about the evaluation of policy types, see [Evaluating policies][1] in
-    # the *IAM User Guide*.
+    # include resource-based policies, access control lists, Organizations
+    # policies, IAM permissions boundaries, and STS assume role policies. It
+    # only applies permissions policy logic. For more about the evaluation
+    # of policy types, see [Evaluating policies][1] in the *IAM User Guide*.
     #
     #  </note>
     #
@@ -7682,15 +7728,16 @@ module Aws::IAM
     #   want to list.
     #
     # @option params [required, Array<String>] :service_namespaces
-    #   The service namespace for the AWS services whose policies you want to
-    #   list.
+    #   The service namespace for the Amazon Web Services services whose
+    #   policies you want to list.
     #
     #   To learn the service namespace for a service, see [Actions, resources,
-    #   and condition keys for AWS services][1] in the *IAM User Guide*.
-    #   Choose the name of the service to view details for that service. In
-    #   the first paragraph, find the service prefix. For example, `(service
-    #   prefix: a4b)`. For more information about service namespaces, see [AWS
-    #   service namespaces][2] in the *AWS General Reference*.
+    #   and condition keys for Amazon Web Services services][1] in the *IAM
+    #   User Guide*. Choose the name of the service to view details for that
+    #   service. In the first paragraph, find the service prefix. For example,
+    #   `(service prefix: a4b)`. For more information about service
+    #   namespaces, see [Amazon Web Services service namespaces][2] in
+    #   the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -7791,10 +7838,10 @@ module Aws::IAM
     # @option params [required, String] :policy_arn
     #   The ARN of the IAM customer managed policy whose tags you want to see.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -7807,16 +7854,15 @@ module Aws::IAM
     #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items that you want in the response. If additional
-    #   items exist beyond the maximum that you specify, the `IsTruncated`
-    #   response element is `true`.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is `true`.
     #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when more results are available.
-    #   In that case, the `IsTruncated` response element returns `true`, and
-    #   `Marker` contains a value to include in the subsequent call that tells
-    #   the service where to continue from.
+    #   If you do not include this parameter, the number of items defaults to
+    #   100. Note that IAM might return fewer results, even when there are
+    #   more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #
     # @return [Types::ListPolicyTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -7865,7 +7911,7 @@ module Aws::IAM
     #   the versions.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -8027,16 +8073,15 @@ module Aws::IAM
     #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items that you want in the response. If additional
-    #   items exist beyond the maximum that you specify, the `IsTruncated`
-    #   response element is `true`.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is `true`.
     #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when more results are available.
-    #   In that case, the `IsTruncated` response element returns `true`, and
-    #   `Marker` contains a value to include in the subsequent call that tells
-    #   the service where to continue from.
+    #   If you do not include this parameter, the number of items defaults to
+    #   100. Note that IAM might return fewer results, even when there are
+    #   more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #
     # @return [Types::ListRoleTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -8208,10 +8253,10 @@ module Aws::IAM
     #   The ARN of the Security Assertion Markup Language (SAML) identity
     #   provider whose tags you want to see.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -8224,16 +8269,15 @@ module Aws::IAM
     #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items that you want in the response. If additional
-    #   items exist beyond the maximum that you specify, the `IsTruncated`
-    #   response element is `true`.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is `true`.
     #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when more results are available.
-    #   In that case, the `IsTruncated` response element returns `true`, and
-    #   `Marker` contains a value to include in the subsequent call that tells
-    #   the service where to continue from.
+    #   If you do not include this parameter, the number of items defaults to
+    #   100. Note that IAM might return fewer results, even when there are
+    #   more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #
     # @return [Types::ListSAMLProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -8304,10 +8348,10 @@ module Aws::IAM
     # list.
     #
     # The SSH public keys returned by this operation are used only for
-    # authenticating the IAM user to an AWS CodeCommit repository. For more
-    # information about using SSH keys to authenticate to an AWS CodeCommit
-    # repository, see [Set up AWS CodeCommit for SSH connections][1] in the
-    # *AWS CodeCommit User Guide*.
+    # authenticating the IAM user to an CodeCommit repository. For more
+    # information about using SSH keys to authenticate to an CodeCommit
+    # repository, see [Set up CodeCommit for SSH connections][1] in the
+    # *CodeCommit User Guide*.
     #
     # Although each user is limited to a small number of keys, you can still
     # paginate the results using the `MaxItems` and `Marker` parameters.
@@ -8319,7 +8363,7 @@ module Aws::IAM
     # @option params [String] :user_name
     #   The name of the IAM user to list SSH public keys for. If none is
     #   specified, the `UserName` field is determined implicitly based on the
-    #   AWS access key used to sign the request.
+    #   Amazon Web Services access key used to sign the request.
     #
     #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
@@ -8387,11 +8431,11 @@ module Aws::IAM
     # information about tagging, see [Tagging IAM resources][1] in the *IAM
     # User Guide*.
     #
-    # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
-    # (ACM), we recommend that you don't use IAM server certificates.
-    # Instead, use ACM to provision, manage, and deploy your server
-    # certificates. For more information about IAM server certificates,
-    # [Working with server certificates][2] in the *IAM User Guide*.
+    # <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM),
+    # we recommend that you don't use IAM server certificates. Instead, use
+    # ACM to provision, manage, and deploy your server certificates. For
+    # more information about IAM server certificates, [Working with server
+    # certificates][2] in the *IAM User Guide*.
     #
     #  </note>
     #
@@ -8403,10 +8447,10 @@ module Aws::IAM
     # @option params [required, String] :server_certificate_name
     #   The name of the IAM server certificate whose tags you want to see.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -8419,16 +8463,15 @@ module Aws::IAM
     #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items that you want in the response. If additional
-    #   items exist beyond the maximum that you specify, the `IsTruncated`
-    #   response element is `true`.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is `true`.
     #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when more results are available.
-    #   In that case, the `IsTruncated` response element returns `true`, and
-    #   `Marker` contains a value to include in the subsequent call that tells
-    #   the service where to continue from.
+    #   If you do not include this parameter, the number of items defaults to
+    #   100. Note that IAM might return fewer results, even when there are
+    #   more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #
     # @return [Types::ListServerCertificateTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -8469,8 +8512,8 @@ module Aws::IAM
     #
     # For more information about working with server certificates, see
     # [Working with server certificates][1] in the *IAM User Guide*. This
-    # topic also includes a list of AWS services that can use the server
-    # certificates that you manage with IAM.
+    # topic also includes a list of Amazon Web Services services that can
+    # use the server certificates that you manage with IAM.
     #
     # <note markdown="1"> IAM resource-listing operations return a subset of the available
     # attributes for the resource. For example, this operation does not
@@ -8561,8 +8604,8 @@ module Aws::IAM
     # empty list. The service-specific credentials returned by this
     # operation are used only for authenticating the IAM user to a specific
     # service. For more information about using service-specific credentials
-    # to authenticate to an AWS service, see [Set up service-specific
-    # credentials][1] in the AWS CodeCommit User Guide.
+    # to authenticate to an Amazon Web Services service, see [Set up
+    # service-specific credentials][1] in the CodeCommit User Guide.
     #
     #
     #
@@ -8583,9 +8626,9 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #
     # @option params [String] :service_name
-    #   Filters the returned results to only those for the specified AWS
-    #   service. If not specified, then AWS returns service-specific
-    #   credentials for all services.
+    #   Filters the returned results to only those for the specified Amazon
+    #   Web Services service. If not specified, then Amazon Web Services
+    #   returns service-specific credentials for all services.
     #
     # @return [Types::ListServiceSpecificCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -8626,11 +8669,11 @@ module Aws::IAM
     # and `Marker` parameters.
     #
     # If the `UserName` field is not specified, the user name is determined
-    # implicitly based on the AWS access key ID used to sign the request for
-    # this operation. This operation works for access keys under the AWS
-    # account. Consequently, you can use this operation to manage AWS
-    # account root user credentials even if the AWS account has no
-    # associated users.
+    # implicitly based on the Amazon Web Services access key ID used to sign
+    # the request for this operation. This operation works for access keys
+    # under the account. Consequently, you can use this operation to manage
+    # account root user credentials even if the account has no associated
+    # users.
     #
     # @option params [String] :user_name
     #   The name of the IAM user whose signing certificates you want to
@@ -8808,10 +8851,10 @@ module Aws::IAM
     # @option params [required, String] :user_name
     #   The name of the IAM user whose tags you want to see.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -8824,16 +8867,15 @@ module Aws::IAM
     #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
-    #   (Optional) Use this only when paginating results to indicate the
-    #   maximum number of items that you want in the response. If additional
-    #   items exist beyond the maximum that you specify, the `IsTruncated`
-    #   response element is `true`.
+    #   Use this only when paginating results to indicate the maximum number
+    #   of items you want in the response. If additional items exist beyond
+    #   the maximum you specify, the `IsTruncated` response element is `true`.
     #
-    #   If you do not include this parameter, it defaults to 100. Note that
-    #   IAM might return fewer results, even when more results are available.
-    #   In that case, the `IsTruncated` response element returns `true`, and
-    #   `Marker` contains a value to include in the subsequent call that tells
-    #   the service where to continue from.
+    #   If you do not include this parameter, the number of items defaults to
+    #   100. Note that IAM might return fewer results, even when there are
+    #   more results available. In that case, the `IsTruncated` response
+    #   element returns `true`, and `Marker` contains a value to include in
+    #   the subsequent call that tells the service where to continue from.
     #
     # @return [Types::ListUserTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -8893,8 +8935,8 @@ module Aws::IAM
     end
 
     # Lists the IAM users that have the specified path prefix. If no path
-    # prefix is specified, the operation returns all users in the AWS
-    # account. If there are none, the operation returns an empty list.
+    # prefix is specified, the operation returns all users in the account.
+    # If there are none, the operation returns an empty list.
     #
     # <note markdown="1"> IAM resource-listing operations return a subset of the available
     # attributes for the resource. For example, this operation does not
@@ -9012,7 +9054,7 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Lists the virtual MFA devices defined in the AWS account by assignment
+    # Lists the virtual MFA devices defined in the account by assignment
     # status. If you do not specify an assignment status, the operation
     # returns a list of all virtual MFA devices. Assignment status can be
     # `Assigned`, `Unassigned`, or `Any`.
@@ -9171,10 +9213,10 @@ module Aws::IAM
     # @option params [required, String] :policy_document
     #   The policy document.
     #
-    #   You must provide policies in JSON format in IAM. However, for AWS
+    #   You must provide policies in JSON format in IAM. However, for
     #   CloudFormation templates formatted in YAML, you can provide the policy
-    #   in JSON or YAML format. AWS CloudFormation always converts a YAML
-    #   policy to JSON format before submitting it to IAM.
+    #   in JSON or YAML format. CloudFormation always converts a YAML policy
+    #   to JSON format before submitting it to = IAM.
     #
     #   The [regex pattern][1] used to validate this parameter is a string of
     #   characters consisting of the following:
@@ -9223,11 +9265,11 @@ module Aws::IAM
     end
 
     # Adds or updates the policy that is specified as the IAM role's
-    # permissions boundary. You can use an AWS managed policy or a customer
-    # managed policy to set the boundary for a role. Use the boundary to
-    # control the maximum permissions that the role can have. Setting a
-    # permissions boundary is an advanced feature that can affect the
-    # permissions for the role.
+    # permissions boundary. You can use an Amazon Web Services managed
+    # policy or a customer managed policy to set the boundary for a role.
+    # Use the boundary to control the maximum permissions that the role can
+    # have. Setting a permissions boundary is an advanced feature that can
+    # affect the permissions for the role.
     #
     # You cannot set the boundary for a service-linked role.
     #
@@ -9326,10 +9368,10 @@ module Aws::IAM
     # @option params [required, String] :policy_document
     #   The policy document.
     #
-    #   You must provide policies in JSON format in IAM. However, for AWS
+    #   You must provide policies in JSON format in IAM. However, for
     #   CloudFormation templates formatted in YAML, you can provide the policy
-    #   in JSON or YAML format. AWS CloudFormation always converts a YAML
-    #   policy to JSON format before submitting it to IAM.
+    #   in JSON or YAML format. CloudFormation always converts a YAML policy
+    #   to JSON format before submitting it to IAM.
     #
     #   The [regex pattern][1] used to validate this parameter is a string of
     #   characters consisting of the following:
@@ -9378,11 +9420,11 @@ module Aws::IAM
     end
 
     # Adds or updates the policy that is specified as the IAM user's
-    # permissions boundary. You can use an AWS managed policy or a customer
-    # managed policy to set the boundary for a user. Use the boundary to
-    # control the maximum permissions that the user can have. Setting a
-    # permissions boundary is an advanced feature that can affect the
-    # permissions for the user.
+    # permissions boundary. You can use an Amazon Web Services managed
+    # policy or a customer managed policy to set the boundary for a user.
+    # Use the boundary to control the maximum permissions that the user can
+    # have. Setting a permissions boundary is an advanced feature that can
+    # affect the permissions for the user.
     #
     # Policies that are used as permissions boundaries do not provide
     # permissions. You must also attach a permissions policy to the user. To
@@ -9471,10 +9513,10 @@ module Aws::IAM
     # @option params [required, String] :policy_document
     #   The policy document.
     #
-    #   You must provide policies in JSON format in IAM. However, for AWS
+    #   You must provide policies in JSON format in IAM. However, for
     #   CloudFormation templates formatted in YAML, you can provide the policy
-    #   in JSON or YAML format. AWS CloudFormation always converts a YAML
-    #   policy to JSON format before submitting it to IAM.
+    #   in JSON or YAML format. CloudFormation always converts a YAML policy
+    #   to JSON format before submitting it to IAM.
     #
     #   The [regex pattern][1] used to validate this parameter is a string of
     #   characters consisting of the following:
@@ -9535,7 +9577,7 @@ module Aws::IAM
     #   using the ListOpenIDConnectProviders operation.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -9688,9 +9730,10 @@ module Aws::IAM
     end
 
     # Resets the password for a service-specific credential. The new
-    # password is AWS generated and cryptographically strong. It cannot be
-    # configured by the user. Resetting the password immediately invalidates
-    # the previous password associated with this user.
+    # password is Amazon Web Services generated and cryptographically
+    # strong. It cannot be configured by the user. Resetting the password
+    # immediately invalidates the previous password associated with this
+    # user.
     #
     # @option params [String] :user_name
     #   The name of the IAM user associated with the service-specific
@@ -9748,7 +9791,7 @@ module Aws::IAM
     end
 
     # Synchronizes the specified MFA device with its IAM resource object on
-    # the AWS servers.
+    # the Amazon Web Services servers.
     #
     # For more information about creating and working with virtual MFA
     # devices, see [Using a virtual MFA device][1] in the *IAM User Guide*.
@@ -9830,7 +9873,7 @@ module Aws::IAM
     #   you want to set.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -9865,25 +9908,25 @@ module Aws::IAM
     end
 
     # Sets the specified version of the global endpoint token as the token
-    # version used for the AWS account.
+    # version used for the account.
     #
-    # By default, AWS Security Token Service (STS) is available as a global
+    # By default, Security Token Service (STS) is available as a global
     # service, and all STS requests go to a single endpoint at
-    # `https://sts.amazonaws.com`. AWS recommends using Regional STS
-    # endpoints to reduce latency, build in redundancy, and increase session
-    # token availability. For information about Regional endpoints for STS,
-    # see [AWS AWS Security Token Service endpoints and quotas][1] in the
-    # *AWS General Reference*.
+    # `https://sts.amazonaws.com`. Amazon Web Services recommends using
+    # Regional STS endpoints to reduce latency, build in redundancy, and
+    # increase session token availability. For information about Regional
+    # endpoints for STS, see [Security Token Service endpoints and
+    # quotas][1] in the *Amazon Web Services General Reference*.
     #
     # If you make an STS call to the global endpoint, the resulting session
     # tokens might be valid in some Regions but not others. It depends on
     # the version that is set in this operation. Version 1 tokens are valid
-    # only in AWS Regions that are available by default. These tokens do not
+    # only in Regions that are available by default. These tokens do not
     # work in manually enabled Regions, such as Asia Pacific (Hong Kong).
     # Version 2 tokens are valid in all Regions. However, version 2 tokens
     # are longer and might affect systems where you temporarily store
     # tokens. For information, see [Activating and deactivating STS in an
-    # AWS region][2] in the *IAM User Guide*.
+    # Region][2] in the *IAM User Guide*.
     #
     # To view the current session token version, see the
     # `GlobalEndpointTokenVersion` entry in the response of the
@@ -9896,14 +9939,14 @@ module Aws::IAM
     #
     # @option params [required, String] :global_endpoint_token_version
     #   The version of the global endpoint token. Version 1 tokens are valid
-    #   only in AWS Regions that are available by default. These tokens do not
+    #   only in Regions that are available by default. These tokens do not
     #   work in manually enabled Regions, such as Asia Pacific (Hong Kong).
     #   Version 2 tokens are valid in all Regions. However, version 2 tokens
     #   are longer and might affect systems where you temporarily store
     #   tokens.
     #
-    #   For information, see [Activating and deactivating STS in an AWS
-    #   region][1] in the *IAM User Guide*.
+    #   For information, see [Activating and deactivating STS in an Region][1]
+    #   in the *IAM User Guide*.
     #
     #
     #
@@ -9936,9 +9979,9 @@ module Aws::IAM
     end
 
     # Simulate how a set of IAM policies and optionally a resource-based
-    # policy works with a list of API operations and AWS resources to
-    # determine the policies' effective permissions. The policies are
-    # provided as strings.
+    # policy works with a list of API operations and Amazon Web Services
+    # resources to determine the policies' effective permissions. The
+    # policies are provided as strings.
     #
     # The simulation does not perform the API operations; it only checks the
     # authorization to determine if the simulated policies allow or deny the
@@ -9948,11 +9991,12 @@ module Aws::IAM
     # If you want to simulate existing policies that are attached to an IAM
     # user, group, or role, use SimulatePrincipalPolicy instead.
     #
-    # Context keys are variables that are maintained by AWS and its services
-    # and which provide details about the context of an API query request.
-    # You can use the `Condition` element of an IAM policy to evaluate
-    # context keys. To get the list of context keys that the policies
-    # require for correct simulation, use GetContextKeysForCustomPolicy.
+    # Context keys are variables that are maintained by Amazon Web Services
+    # and its services and which provide details about the context of an API
+    # query request. You can use the `Condition` element of an IAM policy to
+    # evaluate context keys. To get the list of context keys that the
+    # policies require for correct simulation, use
+    # GetContextKeysForCustomPolicy.
     #
     # If the output is long, you can use `MaxItems` and `Marker` parameters
     # to paginate the results.
@@ -9976,7 +10020,12 @@ module Aws::IAM
     #   In other words, do not use policies designed to restrict what a user
     #   can do while using the temporary credentials.
     #
-    #   The [regex pattern][3] used to validate this parameter is a string of
+    #   The maximum length of the policy document that you can pass in this
+    #   operation, including whitespace, is listed below. To view the maximum
+    #   character counts of a managed policy with no whitespaces, see [IAM and
+    #   STS character quotas][3].
+    #
+    #   The [regex pattern][4] used to validate this parameter is a string of
     #   characters consisting of the following:
     #
     #   * Any printable ASCII character ranging from the space character
@@ -9992,7 +10041,8 @@ module Aws::IAM
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html
     #   [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html
-    #   [3]: http://wikipedia.org/wiki/regex
+    #   [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
+    #   [4]: http://wikipedia.org/wiki/regex
     #
     # @option params [Array<String>] :permissions_boundary_policy_input_list
     #   The IAM permissions boundary policy to simulate. The permissions
@@ -10003,7 +10053,12 @@ module Aws::IAM
     #   The policy input is specified as a string that contains the complete,
     #   valid JSON text of a permissions boundary policy.
     #
-    #   The [regex pattern][2] used to validate this parameter is a string of
+    #   The maximum length of the policy document that you can pass in this
+    #   operation, including whitespace, is listed below. To view the maximum
+    #   character counts of a managed policy with no whitespaces, see [IAM and
+    #   STS character quotas][2].
+    #
+    #   The [regex pattern][3] used to validate this parameter is a string of
     #   characters consisting of the following:
     #
     #   * Any printable ASCII character ranging from the space character
@@ -10018,7 +10073,8 @@ module Aws::IAM
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
-    #   [2]: http://wikipedia.org/wiki/regex
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
+    #   [3]: http://wikipedia.org/wiki/regex
     #
     # @option params [required, Array<String>] :action_names
     #   A list of names of API operations to evaluate in the simulation. Each
@@ -10027,13 +10083,13 @@ module Aws::IAM
     #   operation does not support using wildcards (*) in an action name.
     #
     # @option params [Array<String>] :resource_arns
-    #   A list of ARNs of AWS resources to include in the simulation. If this
-    #   parameter is not provided, then the value defaults to `*` (all
-    #   resources). Each API in the `ActionNames` parameter is evaluated for
-    #   each resource in this list. The simulation determines the access
-    #   result (allowed or denied) of each combination and reports it in the
-    #   response. You can simulate resources that don't exist in your
-    #   account.
+    #   A list of ARNs of Amazon Web Services resources to include in the
+    #   simulation. If this parameter is not provided, then the value defaults
+    #   to `*` (all resources). Each API in the `ActionNames` parameter is
+    #   evaluated for each resource in this list. The simulation determines
+    #   the access result (allowed or denied) of each combination and reports
+    #   it in the response. You can simulate resources that don't exist in
+    #   your account.
     #
     #   The simulation does not automatically retrieve policies for the
     #   specified resources. If you want to include a resource policy in the
@@ -10045,7 +10101,7 @@ module Aws::IAM
     #   input error.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -10057,7 +10113,12 @@ module Aws::IAM
     #   policy attached. You can include only one resource-based policy in a
     #   simulation.
     #
-    #   The [regex pattern][1] used to validate this parameter is a string of
+    #   The maximum length of the policy document that you can pass in this
+    #   operation, including whitespace, is listed below. To view the maximum
+    #   character counts of a managed policy with no whitespaces, see [IAM and
+    #   STS character quotas][1].
+    #
+    #   The [regex pattern][2] used to validate this parameter is a string of
     #   characters consisting of the following:
     #
     #   * Any printable ASCII character ranging from the space character
@@ -10071,10 +10132,11 @@ module Aws::IAM
     #
     #
     #
-    #   [1]: http://wikipedia.org/wiki/regex
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
+    #   [2]: http://wikipedia.org/wiki/regex
     #
     # @option params [String] :resource_owner
-    #   An ARN representing the AWS account ID that specifies the owner of any
+    #   An ARN representing the account ID that specifies the owner of any
     #   simulated resource that does not identify its owner in the resource
     #   ARN. Examples of resource ARNs include an S3 bucket or object. If
     #   `ResourceOwner` is specified, it is also used as the account owner of
@@ -10245,11 +10307,11 @@ module Aws::IAM
     end
 
     # Simulate how a set of IAM policies attached to an IAM entity works
-    # with a list of API operations and AWS resources to determine the
-    # policies' effective permissions. The entity can be an IAM user,
-    # group, or role. If you specify a user, then the simulation also
-    # includes all of the policies that are attached to groups that the user
-    # belongs to. You can simulate resources that don't exist in your
+    # with a list of API operations and Amazon Web Services resources to
+    # determine the policies' effective permissions. The entity can be an
+    # IAM user, group, or role. If you specify a user, then the simulation
+    # also includes all of the policies that are attached to groups that the
+    # user belongs to. You can simulate resources that don't exist in your
     # account.
     #
     # You can optionally include a list of one or more additional policies
@@ -10269,11 +10331,12 @@ module Aws::IAM
     # permissions, then consider allowing them to use SimulateCustomPolicy
     # instead.
     #
-    # Context keys are variables maintained by AWS and its services that
-    # provide details about the context of an API query request. You can use
-    # the `Condition` element of an IAM policy to evaluate context keys. To
-    # get the list of context keys that the policies require for correct
-    # simulation, use GetContextKeysForPrincipalPolicy.
+    # Context keys are variables maintained by Amazon Web Services and its
+    # services that provide details about the context of an API query
+    # request. You can use the `Condition` element of an IAM policy to
+    # evaluate context keys. To get the list of context keys that the
+    # policies require for correct simulation, use
+    # GetContextKeysForPrincipalPolicy.
     #
     # If the output is long, you can use the `MaxItems` and `Marker`
     # parameters to paginate the results.
@@ -10294,12 +10357,18 @@ module Aws::IAM
     #   also includes all policies that are attached to any groups the user
     #   belongs to.
     #
-    #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   The maximum length of the policy document that you can pass in this
+    #   operation, including whitespace, is listed below. To view the maximum
+    #   character counts of a managed policy with no whitespaces, see [IAM and
+    #   STS character quotas][1].
     #
+    #   For more information about ARNs, see [Amazon Resource Names (ARNs)][2]
+    #   in the *Amazon Web Services General Reference*.
     #
     #
-    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
+    #   [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
     #
     # @option params [Array<String>] :policy_input_list
     #   An optional list of additional policy documents to include in the
@@ -10335,7 +10404,12 @@ module Aws::IAM
     #   Guide*. The policy input is specified as a string containing the
     #   complete, valid JSON text of a permissions boundary policy.
     #
-    #   The [regex pattern][2] used to validate this parameter is a string of
+    #   The maximum length of the policy document that you can pass in this
+    #   operation, including whitespace, is listed below. To view the maximum
+    #   character counts of a managed policy with no whitespaces, see [IAM and
+    #   STS character quotas][2].
+    #
+    #   The [regex pattern][3] used to validate this parameter is a string of
     #   characters consisting of the following:
     #
     #   * Any printable ASCII character ranging from the space character
@@ -10350,7 +10424,8 @@ module Aws::IAM
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
-    #   [2]: http://wikipedia.org/wiki/regex
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
+    #   [3]: http://wikipedia.org/wiki/regex
     #
     # @option params [required, Array<String>] :action_names
     #   A list of names of API operations to evaluate in the simulation. Each
@@ -10358,13 +10433,13 @@ module Aws::IAM
     #   the service identifier, such as `iam:CreateUser`.
     #
     # @option params [Array<String>] :resource_arns
-    #   A list of ARNs of AWS resources to include in the simulation. If this
-    #   parameter is not provided, then the value defaults to `*` (all
-    #   resources). Each API in the `ActionNames` parameter is evaluated for
-    #   each resource in this list. The simulation determines the access
-    #   result (allowed or denied) of each combination and reports it in the
-    #   response. You can simulate resources that don't exist in your
-    #   account.
+    #   A list of ARNs of Amazon Web Services resources to include in the
+    #   simulation. If this parameter is not provided, then the value defaults
+    #   to `*` (all resources). Each API in the `ActionNames` parameter is
+    #   evaluated for each resource in this list. The simulation determines
+    #   the access result (allowed or denied) of each combination and reports
+    #   it in the response. You can simulate resources that don't exist in
+    #   your account.
     #
     #   The simulation does not automatically retrieve policies for the
     #   specified resources. If you want to include a resource policy in the
@@ -10372,7 +10447,7 @@ module Aws::IAM
     #   `ResourcePolicy` parameter.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -10384,7 +10459,12 @@ module Aws::IAM
     #   policy attached. You can include only one resource-based policy in a
     #   simulation.
     #
-    #   The [regex pattern][1] used to validate this parameter is a string of
+    #   The maximum length of the policy document that you can pass in this
+    #   operation, including whitespace, is listed below. To view the maximum
+    #   character counts of a managed policy with no whitespaces, see [IAM and
+    #   STS character quotas][1].
+    #
+    #   The [regex pattern][2] used to validate this parameter is a string of
     #   characters consisting of the following:
     #
     #   * Any printable ASCII character ranging from the space character
@@ -10398,19 +10478,20 @@ module Aws::IAM
     #
     #
     #
-    #   [1]: http://wikipedia.org/wiki/regex
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
+    #   [2]: http://wikipedia.org/wiki/regex
     #
     # @option params [String] :resource_owner
-    #   An AWS account ID that specifies the owner of any simulated resource
-    #   that does not identify its owner in the resource ARN. Examples of
-    #   resource ARNs include an S3 bucket or object. If `ResourceOwner` is
-    #   specified, it is also used as the account owner of any
-    #   `ResourcePolicy` included in the simulation. If the `ResourceOwner`
-    #   parameter is not specified, then the owner of the resources and the
-    #   resource policy defaults to the account of the identity provided in
-    #   `CallerArn`. This parameter is required only if you specify a
-    #   resource-based policy and account that owns the resource is different
-    #   from the account that owns the simulated calling user `CallerArn`.
+    #   An account ID that specifies the owner of any simulated resource that
+    #   does not identify its owner in the resource ARN. Examples of resource
+    #   ARNs include an S3 bucket or object. If `ResourceOwner` is specified,
+    #   it is also used as the account owner of any `ResourcePolicy` included
+    #   in the simulation. If the `ResourceOwner` parameter is not specified,
+    #   then the owner of the resources and the resource policy defaults to
+    #   the account of the identity provided in `CallerArn`. This parameter is
+    #   required only if you specify a resource-based policy and account that
+    #   owns the resource is different from the account that owns the
+    #   simulated calling user `CallerArn`.
     #
     # @option params [String] :caller_arn
     #   The ARN of the IAM user that you want to specify as the simulated
@@ -10431,7 +10512,7 @@ module Aws::IAM
     #   use in evaluating the policy.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -10606,9 +10687,10 @@ module Aws::IAM
     #   resource is not created. For more information about tagging, see
     #   [Tagging IAM resources][2] in the *IAM User Guide*.
     #
-    # * AWS always interprets the tag `Value` as a single string. If you
-    #   need to store an array, you can store comma-separated values in the
-    #   string. However, you must interpret the value in your code.
+    # * Amazon Web Services always interprets the tag `Value` as a single
+    #   string. If you need to store an array, you can store comma-separated
+    #   values in the string. However, you must interpret the value in your
+    #   code.
     #
     #  </note>
     #
@@ -10620,10 +10702,10 @@ module Aws::IAM
     # @option params [required, String] :instance_profile_name
     #   The name of the IAM instance profile to which you want to add tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -10680,9 +10762,10 @@ module Aws::IAM
     #   resource is not created. For more information about tagging, see
     #   [Tagging IAM resources][2] in the *IAM User Guide*.
     #
-    # * AWS always interprets the tag `Value` as a single string. If you
-    #   need to store an array, you can store comma-separated values in the
-    #   string. However, you must interpret the value in your code.
+    # * Amazon Web Services always interprets the tag `Value` as a single
+    #   string. If you need to store an array, you can store comma-separated
+    #   values in the string. However, you must interpret the value in your
+    #   code.
     #
     #  </note>
     #
@@ -10696,10 +10779,10 @@ module Aws::IAM
     #   to add tags. For virtual MFA devices, the serial number is the same as
     #   the ARN.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -10757,9 +10840,10 @@ module Aws::IAM
     #   resource is not created. For more information about tagging, see
     #   [Tagging IAM resources][3] in the *IAM User Guide*.
     #
-    # * AWS always interprets the tag `Value` as a single string. If you
-    #   need to store an array, you can store comma-separated values in the
-    #   string. However, you must interpret the value in your code.
+    # * Amazon Web Services always interprets the tag `Value` as a single
+    #   string. If you need to store an array, you can store comma-separated
+    #   values in the string. However, you must interpret the value in your
+    #   code.
     #
     #  </note>
     #
@@ -10773,10 +10857,10 @@ module Aws::IAM
     #   The ARN of the OIDC identity provider in IAM to which you want to add
     #   tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -10834,9 +10918,10 @@ module Aws::IAM
     #   resource is not created. For more information about tagging, see
     #   [Tagging IAM resources][2] in the *IAM User Guide*.
     #
-    # * AWS always interprets the tag `Value` as a single string. If you
-    #   need to store an array, you can store comma-separated values in the
-    #   string. However, you must interpret the value in your code.
+    # * Amazon Web Services always interprets the tag `Value` as a single
+    #   string. If you need to store an array, you can store comma-separated
+    #   values in the string. However, you must interpret the value in your
+    #   code.
     #
     #  </note>
     #
@@ -10849,10 +10934,10 @@ module Aws::IAM
     #   The ARN of the IAM customer managed policy to which you want to add
     #   tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -10906,16 +10991,17 @@ module Aws::IAM
     #   see [Control access using IAM tags][1] in the *IAM User Guide*.
     #
     # * **Cost allocation** - Use tags to help track which individuals and
-    #   teams are using which AWS resources.
+    #   teams are using which Amazon Web Services resources.
     #
     # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
     #   maximum number of tags, then the entire request fails and the
     #   resource is not created. For more information about tagging, see
     #   [Tagging IAM resources][2] in the *IAM User Guide*.
     #
-    # * AWS always interprets the tag `Value` as a single string. If you
-    #   need to store an array, you can store comma-separated values in the
-    #   string. However, you must interpret the value in your code.
+    # * Amazon Web Services always interprets the tag `Value` as a single
+    #   string. If you need to store an array, you can store comma-separated
+    #   values in the string. However, you must interpret the value in your
+    #   code.
     #
     #  </note>
     #
@@ -11010,9 +11096,10 @@ module Aws::IAM
     #   resource is not created. For more information about tagging, see
     #   [Tagging IAM resources][3] in the *IAM User Guide*.
     #
-    # * AWS always interprets the tag `Value` as a single string. If you
-    #   need to store an array, you can store comma-separated values in the
-    #   string. However, you must interpret the value in your code.
+    # * Amazon Web Services always interprets the tag `Value` as a single
+    #   string. If you need to store an array, you can store comma-separated
+    #   values in the string. However, you must interpret the value in your
+    #   code.
     #
     #  </note>
     #
@@ -11026,10 +11113,10 @@ module Aws::IAM
     #   The ARN of the SAML identity provider in IAM to which you want to add
     #   tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -11066,11 +11153,11 @@ module Aws::IAM
     # same key name already exists, then that tag is overwritten with the
     # new value.
     #
-    # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
-    # (ACM), we recommend that you don't use IAM server certificates.
-    # Instead, use ACM to provision, manage, and deploy your server
-    # certificates. For more information about IAM server certificates,
-    # [Working with server certificates][1] in the *IAM User Guide*.
+    # <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM),
+    # we recommend that you don't use IAM server certificates. Instead, use
+    # ACM to provision, manage, and deploy your server certificates. For
+    # more information about IAM server certificates, [Working with server
+    # certificates][1] in the *IAM User Guide*.
     #
     #  </note>
     #
@@ -11090,16 +11177,17 @@ module Aws::IAM
     #   [Control access using IAM tags][2] in the *IAM User Guide*.
     #
     # * **Cost allocation** - Use tags to help track which individuals and
-    #   teams are using which AWS resources.
+    #   teams are using which Amazon Web Services resources.
     #
     # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
     #   maximum number of tags, then the entire request fails and the
     #   resource is not created. For more information about tagging, see
     #   [Tagging IAM resources][3] in the *IAM User Guide*.
     #
-    # * AWS always interprets the tag `Value` as a single string. If you
-    #   need to store an array, you can store comma-separated values in the
-    #   string. However, you must interpret the value in your code.
+    # * Amazon Web Services always interprets the tag `Value` as a single
+    #   string. If you need to store an array, you can store comma-separated
+    #   values in the string. However, you must interpret the value in your
+    #   code.
     #
     #  </note>
     #
@@ -11112,10 +11200,10 @@ module Aws::IAM
     # @option params [required, String] :server_certificate_name
     #   The name of the IAM server certificate to which you want to add tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -11169,16 +11257,17 @@ module Aws::IAM
     #   User Guide*.
     #
     # * **Cost allocation** - Use tags to help track which individuals and
-    #   teams are using which AWS resources.
+    #   teams are using which Amazon Web Services resources.
     #
     # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
     #   maximum number of tags, then the entire request fails and the
     #   resource is not created. For more information about tagging, see
     #   [Tagging IAM resources][2] in the *IAM User Guide*.
     #
-    # * AWS always interprets the tag `Value` as a single string. If you
-    #   need to store an array, you can store comma-separated values in the
-    #   string. However, you must interpret the value in your code.
+    # * Amazon Web Services always interprets the tag `Value` as a single
+    #   string. If you need to store an array, you can store comma-separated
+    #   values in the string. However, you must interpret the value in your
+    #   code.
     #
     #  </note>
     #
@@ -11193,10 +11282,10 @@ module Aws::IAM
     # @option params [required, String] :user_name
     #   The name of the IAM user to which you want to add tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -11260,10 +11349,10 @@ module Aws::IAM
     #   The name of the IAM instance profile from which you want to remove
     #   tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -11304,10 +11393,10 @@ module Aws::IAM
     #   want to remove tags. For virtual MFA devices, the serial number is the
     #   same as the ARN.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -11350,10 +11439,10 @@ module Aws::IAM
     #   The ARN of the OIDC provider in IAM from which you want to remove
     #   tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -11393,10 +11482,10 @@ module Aws::IAM
     #   The ARN of the IAM customer managed policy from which you want to
     #   remove tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -11492,10 +11581,10 @@ module Aws::IAM
     #   The ARN of the SAML identity provider in IAM from which you want to
     #   remove tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -11527,11 +11616,11 @@ module Aws::IAM
     # information about tagging, see [Tagging IAM resources][1] in the *IAM
     # User Guide*.
     #
-    # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
-    # (ACM), we recommend that you don't use IAM server certificates.
-    # Instead, use ACM to provision, manage, and deploy your server
-    # certificates. For more information about IAM server certificates,
-    # [Working with server certificates][2] in the *IAM User Guide*.
+    # <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM),
+    # we recommend that you don't use IAM server certificates. Instead, use
+    # ACM to provision, manage, and deploy your server certificates. For
+    # more information about IAM server certificates, [Working with server
+    # certificates][2] in the *IAM User Guide*.
     #
     #  </note>
     #
@@ -11544,10 +11633,10 @@ module Aws::IAM
     #   The name of the IAM server certificate from which you want to remove
     #   tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -11585,10 +11674,10 @@ module Aws::IAM
     # @option params [required, String] :user_name
     #   The name of the IAM user from which you want to remove tags.
     #
-    #   This parameter accepts (through its [regex pattern][1]) a string of
-    #   characters that consist of upper and lowercase alphanumeric characters
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
     #   with no spaces. You can also include any of the following characters:
-    #   =,.@-
+    #   \_+=,.@-
     #
     #
     #
@@ -11633,10 +11722,10 @@ module Aws::IAM
     # user's key as part of a key rotation workflow.
     #
     # If the `UserName` is not specified, the user name is determined
-    # implicitly based on the AWS access key ID used to sign the request.
-    # This operation works for access keys under the AWS account.
-    # Consequently, you can use this operation to manage AWS account root
-    # user credentials even if the AWS account has no associated users.
+    # implicitly based on the Amazon Web Services access key ID used to sign
+    # the request. This operation works for access keys under the account.
+    # Consequently, you can use this operation to manage account root user
+    # credentials even if the account has no associated users.
     #
     # For information about rotating keys, see [Managing keys and
     # certificates][1] in the *IAM User Guide*.
@@ -11670,8 +11759,8 @@ module Aws::IAM
     #
     # @option params [required, String] :status
     #   The status you want to assign to the secret access key. `Active` means
-    #   that the key can be used for programmatic calls to AWS, while
-    #   `Inactive` means that the key cannot be used.
+    #   that the key can be used for programmatic calls to Amazon Web
+    #   Services, while `Inactive` means that the key cannot be used.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -11704,7 +11793,7 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Updates the password policy settings for the AWS account.
+    # Updates the password policy settings for the account.
     #
     # <note markdown="1"> * This operation does not support partial updates. No parameters are
     #   required, but if you do not specify a parameter, that parameter's
@@ -11766,8 +11855,8 @@ module Aws::IAM
     #   require at least one lowercase character.
     #
     # @option params [Boolean] :allow_users_to_change_password
-    #   Allows all IAM users in your account to use the AWS Management Console
-    #   to change their own passwords. For more information, see [Letting IAM
+    #   Allows all IAM users in your account to use the Management Console to
+    #   change their own passwords. For more information, see [Letting IAM
     #   users change their own passwords][1] in the *IAM User Guide*.
     #
     #   If you do not specify a value for this parameter, then the operation
@@ -11864,10 +11953,10 @@ module Aws::IAM
     # @option params [required, String] :policy_document
     #   The policy that grants an entity permission to assume the role.
     #
-    #   You must provide policies in JSON format in IAM. However, for AWS
+    #   You must provide policies in JSON format in IAM. However, for
     #   CloudFormation templates formatted in YAML, you can provide the policy
-    #   in JSON or YAML format. AWS CloudFormation always converts a YAML
-    #   policy to JSON format before submitting it to IAM.
+    #   in JSON or YAML format. CloudFormation always converts a YAML policy
+    #   to JSON format before submitting it to IAM.
     #
     #   The [regex pattern][1] used to validate this parameter is a string of
     #   characters consisting of the following:
@@ -11999,11 +12088,11 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Changes the password for the specified IAM user. You can use the AWS
-    # CLI, the AWS API, or the **Users** page in the IAM console to change
-    # the password for any IAM user. Use ChangePassword to change your own
-    # password in the **My Security Credentials** page in the AWS Management
-    # Console.
+    # Changes the password for the specified IAM user. You can use the CLI,
+    # the Amazon Web Services API, or the **Users** page in the IAM console
+    # to change the password for any IAM user. Use ChangePassword to change
+    # your own password in the **My Security Credentials** page in the
+    # Management Console.
     #
     # For more information about modifying passwords, see [Managing
     # passwords][1] in the *IAM User Guide*.
@@ -12040,8 +12129,8 @@ module Aws::IAM
     #     carriage return (`\u000D`)
     #
     #   However, the format can be further restricted by the account
-    #   administrator by setting a password policy on the AWS account. For
-    #   more information, see UpdateAccountPasswordPolicy.
+    #   administrator by setting a password policy on the account. For more
+    #   information, see UpdateAccountPasswordPolicy.
     #
     #
     #
@@ -12088,15 +12177,25 @@ module Aws::IAM
     # existing list of thumbprints. (The lists are not merged.)
     #
     # Typically, you need to update a thumbprint only when the identity
-    # provider's certificate changes, which occurs rarely. However, if the
+    # provider certificate changes, which occurs rarely. However, if the
     # provider's certificate *does* change, any attempt to assume an IAM
     # role that specifies the OIDC provider as a principal fails until the
     # certificate thumbprint is updated.
     #
-    # <note markdown="1"> Trust for the OIDC provider is derived from the provider's
-    # certificate and is validated by the thumbprint. Therefore, it is best
-    # to limit access to the `UpdateOpenIDConnectProviderThumbprint`
-    # operation to highly privileged users.
+    # <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
+    # providers (IdPs) through our library of trusted certificate
+    # authorities (CAs) instead of using a certificate thumbprint to verify
+    # your IdP server certificate. These OIDC IdPs include Google, and those
+    # that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)
+    # endpoint. In these cases, your legacy thumbprint remains in your
+    # configuration, but is no longer used for validation.
+    #
+    #  </note>
+    #
+    # <note markdown="1"> Trust for the OIDC provider is derived from the provider certificate
+    # and is validated by the thumbprint. Therefore, it is best to limit
+    # access to the `UpdateOpenIDConnectProviderThumbprint` operation to
+    # highly privileged users.
     #
     #  </note>
     #
@@ -12107,7 +12206,7 @@ module Aws::IAM
     #   operation.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -12150,7 +12249,7 @@ module Aws::IAM
     #   default maximum of one hour is applied. This setting can have a value
     #   from 1 hour to 12 hours.
     #
-    #   Anyone who assumes the role from the AWS CLI or API can use the
+    #   Anyone who assumes the role from the CLI or API can use the
     #   `DurationSeconds` API parameter or the `duration-seconds` CLI
     #   parameter to request a longer session. The `MaxSessionDuration`
     #   setting determines the maximum duration that can be requested using
@@ -12257,7 +12356,7 @@ module Aws::IAM
     #   The Amazon Resource Name (ARN) of the SAML provider to update.
     #
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
-    #   in the *AWS General Reference*.
+    #   in the *Amazon Web Services General Reference*.
     #
     #
     #
@@ -12293,10 +12392,10 @@ module Aws::IAM
     # public key as part of a key rotation work flow.
     #
     # The SSH public key affected by this operation is used only for
-    # authenticating the associated IAM user to an AWS CodeCommit
-    # repository. For more information about using SSH keys to authenticate
-    # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
-    # connections][1] in the *AWS CodeCommit User Guide*.
+    # authenticating the associated IAM user to an CodeCommit repository.
+    # For more information about using SSH keys to authenticate to an
+    # CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
+    # in the *CodeCommit User Guide*.
     #
     #
     #
@@ -12327,7 +12426,7 @@ module Aws::IAM
     #
     # @option params [required, String] :status
     #   The status to assign to the SSH public key. `Active` means that the
-    #   key can be used for authentication with an AWS CodeCommit repository.
+    #   key can be used for authentication with an CodeCommit repository.
     #   `Inactive` means that the key cannot be used.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -12354,8 +12453,8 @@ module Aws::IAM
     #
     # For more information about working with server certificates, see
     # [Working with server certificates][1] in the *IAM User Guide*. This
-    # topic also includes a list of AWS services that can use the server
-    # certificates that you manage with IAM.
+    # topic also includes a list of Amazon Web Services services that can
+    # use the server certificates that you manage with IAM.
     #
     # You should understand the implications of changing a server
     # certificate's path or name. For more information, see [Renaming a
@@ -12497,10 +12596,10 @@ module Aws::IAM
     # rotation work flow.
     #
     # If the `UserName` field is not specified, the user name is determined
-    # implicitly based on the AWS access key ID used to sign the request.
-    # This operation works for access keys under the AWS account.
-    # Consequently, you can use this operation to manage AWS account root
-    # user credentials even if the AWS account has no associated users.
+    # implicitly based on the Amazon Web Services access key ID used to sign
+    # the request. This operation works for access keys under the account.
+    # Consequently, you can use this operation to manage account root user
+    # credentials even if the account has no associated users.
     #
     # @option params [String] :user_name
     #   The name of the IAM user the signing certificate belongs to.
@@ -12527,8 +12626,8 @@ module Aws::IAM
     #
     # @option params [required, String] :status
     #   The status you want to assign to the certificate. `Active` means that
-    #   the certificate can be used for programmatic calls to AWS `Inactive`
-    #   means that the certificate cannot be used.
+    #   the certificate can be used for programmatic calls to Amazon Web
+    #   Services `Inactive` means that the certificate cannot be used.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -12649,10 +12748,10 @@ module Aws::IAM
     # user.
     #
     # The SSH public key uploaded by this operation can be used only for
-    # authenticating the associated IAM user to an AWS CodeCommit
-    # repository. For more information about using SSH keys to authenticate
-    # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
-    # connections][1] in the *AWS CodeCommit User Guide*.
+    # authenticating the associated IAM user to an CodeCommit repository.
+    # For more information about using SSH keys to authenticate to an
+    # CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
+    # in the *CodeCommit User Guide*.
     #
     #
     #
@@ -12721,21 +12820,21 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Uploads a server certificate entity for the AWS account. The server
+    # Uploads a server certificate entity for the account. The server
     # certificate entity includes a public key certificate, a private key,
     # and an optional certificate chain, which should all be PEM-encoded.
     #
-    # We recommend that you use [AWS Certificate Manager][1] to provision,
+    # We recommend that you use [Certificate Manager][1] to provision,
     # manage, and deploy your server certificates. With ACM you can request
-    # a certificate, deploy it to AWS resources, and let ACM handle
-    # certificate renewals for you. Certificates provided by ACM are free.
-    # For more information about using ACM, see the [AWS Certificate Manager
-    # User Guide][2].
+    # a certificate, deploy it to Amazon Web Services resources, and let ACM
+    # handle certificate renewals for you. Certificates provided by ACM are
+    # free. For more information about using ACM, see the [Certificate
+    # Manager User Guide][2].
     #
     # For more information about working with server certificates, see
     # [Working with server certificates][3] in the *IAM User Guide*. This
-    # topic includes a list of AWS services that can use the server
-    # certificates that you manage with IAM.
+    # topic includes a list of Amazon Web Services services that can use the
+    # server certificates that you manage with IAM.
     #
     # For information about the number of server certificates you can
     # upload, see [IAM and STS quotas][4] in the *IAM User Guide*.
@@ -12743,10 +12842,11 @@ module Aws::IAM
     # <note markdown="1"> Because the body of the public key certificate, private key, and the
     # certificate chain can be large, you should use POST rather than GET
     # when calling `UploadServerCertificate`. For information about setting
-    # up signatures and authorization through the API, see [Signing AWS API
-    # requests][5] in the *AWS General Reference*. For general information
-    # about using the Query API with IAM, see [Calling the API by making
-    # HTTP query requests][6] in the *IAM User Guide*.
+    # up signatures and authorization through the API, see [Signing Amazon
+    # Web Services API requests][5] in the *Amazon Web Services General
+    # Reference*. For general information about using the Query API with
+    # IAM, see [Calling the API by making HTTP query requests][6] in the
+    # *IAM User Guide*.
     #
     #  </note>
     #
@@ -12937,25 +13037,27 @@ module Aws::IAM
     end
 
     # Uploads an X.509 signing certificate and associates it with the
-    # specified IAM user. Some AWS services require you to use certificates
-    # to validate requests that are signed with a corresponding private key.
-    # When you upload the certificate, its default status is `Active`.
+    # specified IAM user. Some Amazon Web Services services require you to
+    # use certificates to validate requests that are signed with a
+    # corresponding private key. When you upload the certificate, its
+    # default status is `Active`.
     #
     # For information about when you would use an X.509 signing certificate,
     # see [Managing server certificates in IAM][1] in the *IAM User Guide*.
     #
     # If the `UserName` is not specified, the IAM user name is determined
-    # implicitly based on the AWS access key ID used to sign the request.
-    # This operation works for access keys under the AWS account.
-    # Consequently, you can use this operation to manage AWS account root
-    # user credentials even if the AWS account has no associated users.
+    # implicitly based on the Amazon Web Services access key ID used to sign
+    # the request. This operation works for access keys under the account.
+    # Consequently, you can use this operation to manage account root user
+    # credentials even if the account has no associated users.
     #
     # <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
     # POST rather than GET when calling `UploadSigningCertificate`. For
     # information about setting up signatures and authorization through the
-    # API, see [Signing AWS API requests][2] in the *AWS General Reference*.
-    # For general information about using the Query API with IAM, see
-    # [Making query requests][3] in the *IAM User Guide*.
+    # API, see [Signing Amazon Web Services API requests][2] in the *Amazon
+    # Web Services General Reference*. For general information about using
+    # the Query API with IAM, see [Making query requests][3] in the *IAM
+    # User Guide*.
     #
     #  </note>
     #
@@ -13058,7 +13160,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.53.0'
+      context[:gem_version] = '1.57.0'
       Seahorse::Client::Request.new(handlers, context)
     end