aws-sdk-iam 1.74.0 → 1.76.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 772aef53edcb2dcfd825515204fcb855d4c189accf178b15c21949a755bac3d5
-  data.tar.gz: 1d8109abe12a8082ad44f2672d1fd3189dac90dd49cd947992997f80c7f861a5
+  metadata.gz: 4a338135d35d293d96f6adaaff90cc637e1622164c670c215e3ea294f7918abd
+  data.tar.gz: 76d331e00da6de881cfcd70d00f2cc404952d7a3ef98043020f93bcce88cd2bc
 SHA512:
-  metadata.gz: c345d0c8a4cfdc02be9938560f8cb82196176c14fd9822a903e8e032f5aae4423d2af3a99bbf88c2c14be01fc86f3ef2399d9d933ce6ac2333ff97337a239dfb
-  data.tar.gz: f8f21b795a257ece2eda80c18ec9cf8a0b68a1034982243423a12991fa10db563dbfdfdc5d5fc515c3b4d97bd15d23c420d4fd1b63cdf8d92a5dc28f780e3d0e
+  metadata.gz: 181b0658ff859256eb96c0ff80f54a07ba8bf26bfd15569b0e1c7d9deb269138c0fa504e1ba672e04243733a60cfe7ddcf0374aaf5d6439675ba8b7d9ff5832d
+  data.tar.gz: 7a17eb50ab3b44f866011af847ce088b652cc1105a45f8f6cd4ee934b274a6807f5b7201bb33448c140a614739c2b543bf37f0dececc37cc386f856b59787e8a

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.76.0 (2023-03-14)
+------------------
+
+* Feature - Documentation only updates to correct customer-reported issues
+
+1.75.0 (2023-02-01)
+------------------
+
+* Feature - Documentation updates for AWS Identity and Access Management (IAM).
+
 1.74.0 (2023-01-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.74.0
+1.76.0

data/lib/aws-sdk-iam/client.rb

@@ -1289,6 +1289,8 @@ module Aws::IAM
     #   application or applications allowed to authenticate using the OIDC
     #   provider
     #
+    # * A list of tags that are attached to the specified IAM OIDC provider
+    #
     # * A list of thumbprints of one or more server certificates that the
     #   IdP uses
     #
@@ -1298,10 +1300,10 @@ module Aws::IAM
     # <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
     # providers (IdPs) through our library of trusted certificate
     # authorities (CAs) instead of using a certificate thumbprint to verify
-    # your IdP server certificate. These OIDC IdPs include Google, and those
-    # that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)
-    # endpoint. In these cases, your legacy thumbprint remains in your
-    # configuration, but is no longer used for validation.
+    # your IdP server certificate. These OIDC IdPs include Google, Auth0,
+    # and those that use an Amazon S3 bucket to host a JSON Web Key Set
+    # (JWKS) endpoint. In these cases, your legacy thumbprint remains in
+    # your configuration, but is no longer used for validation.
     #
     #  </note>
     #
@@ -1364,7 +1366,7 @@ module Aws::IAM
     #
     #   For more information about obtaining the OIDC provider thumbprint, see
     #   [Obtaining the thumbprint for an OpenID Connect provider][1] in the
-    #   *IAM User Guide*.
+    #   *IAM user Guide*.
     #
     #
     #
@@ -1737,6 +1739,15 @@ module Aws::IAM
     #   account. Names are not distinguished by case. For example, you cannot
     #   create resources named both "MyResource" and "myresource".
     #
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following characters:
+    #   \_+=,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #
     # @option params [required, String] :assume_role_policy_document
     #   The trust relationship policy document that grants an entity
     #   permission to assume the role.
@@ -1790,8 +1801,23 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
     #
     # @option params [String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the role.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the role.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #
     # @option params [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the new role. Each tag
@@ -2183,8 +2209,23 @@ module Aws::IAM
     #   create resources named both "MyResource" and "myresource".
     #
     # @option params [String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #
     # @option params [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the new user. Each tag
@@ -2303,8 +2344,8 @@ module Aws::IAM
     #   [2]: http://wikipedia.org/wiki/regex
     #
     # @option params [required, String] :virtual_mfa_device_name
-    #   The name of the virtual MFA device. Use with path to uniquely identify
-    #   a virtual MFA device.
+    #   The name of the virtual MFA device, which must be unique. Use with
+    #   path to uniquely identify a virtual MFA device.
     #
     #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
@@ -2916,9 +2957,20 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Deletes the specified role. The role must not have any policies
-    # attached. For more information about roles, see [Working with
-    # roles][1].
+    # Deletes the specified role. Unlike the Amazon Web Services Management
+    # Console, when you delete a role programmatically, you must delete the
+    # items attached to the role manually, or the deletion fails. For more
+    # information, see [Deleting an IAM role][1]. Before attempting to
+    # delete a role, remove the following attached items:
+    #
+    # * Inline policies (DeleteRolePolicy)
+    #
+    # * Attached managed policies (DetachRolePolicy)
+    #
+    # * Instance profile (RemoveRoleFromInstanceProfile)
+    #
+    # * Optional – Delete instance profile after detaching from role for
+    #   resource clean up (DeleteInstanceProfile)
     #
     # Make sure that you do not have any Amazon EC2 instances running with
     # the role you are about to delete. Deleting a role or instance profile
@@ -2927,7 +2979,7 @@ module Aws::IAM
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli
     #
     # @option params [required, String] :role_name
     #   The name of the role to delete.
@@ -5038,7 +5090,7 @@ module Aws::IAM
     # operation. For more information, see [Refining permissions using
     # service last accessed data][1] in the *IAM User Guide*.
     #
-    # For each service that principals in an account (root users, IAM users,
+    # For each service that principals in an account (root user, IAM users,
     # or IAM roles) could access using SCPs, the operation returns details
     # about the most recent access attempt. If there was no attempt, the
     # service is listed without details about the most recent attempt to
@@ -9356,8 +9408,23 @@ module Aws::IAM
     #   to set the permissions boundary.
     #
     # @option params [required, String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the role.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the role.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -9509,8 +9576,23 @@ module Aws::IAM
     #   to set the permissions boundary.
     #
     # @option params [required, String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -10071,9 +10153,16 @@ module Aws::IAM
     # If the output is long, you can use `MaxItems` and `Marker` parameters
     # to paginate the results.
     #
-    # For more information about using the policy simulator, see [Testing
-    # IAM policies with the IAM policy simulator ][1]in the *IAM User
-    # Guide*.
+    # <note markdown="1"> The IAM policy simulator evaluates statements in the identity-based
+    # policy and the inputs that you provide during simulation. The policy
+    # simulator results can differ from your live Amazon Web Services
+    # environment. We recommend that you check your policies against your
+    # live Amazon Web Services environment after testing using the policy
+    # simulator to confirm that you have the desired results. For more
+    # information about using the policy simulator, see [Testing IAM
+    # policies with the IAM policy simulator ][1]in the *IAM User Guide*.
+    #
+    #  </note>
     #
     #
     #
@@ -10173,6 +10262,10 @@ module Aws::IAM
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
     #   in the *Amazon Web Services General Reference*.
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
@@ -10200,6 +10293,10 @@ module Aws::IAM
     #   * The special characters tab (`\u0009`), line feed (`\u000A`), and
     #     carriage return (`\u000D`)
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
@@ -10382,7 +10479,8 @@ module Aws::IAM
     # instead.
     #
     # You can also optionally include one resource-based policy to be
-    # evaluated with each of the resources included in the simulation.
+    # evaluated with each of the resources included in the simulation for
+    # IAM users only.
     #
     # The simulation does not perform the API operations; it only checks the
     # authorization to determine if the simulated policies allow or deny the
@@ -10403,9 +10501,16 @@ module Aws::IAM
     # If the output is long, you can use the `MaxItems` and `Marker`
     # parameters to paginate the results.
     #
-    # For more information about using the policy simulator, see [Testing
-    # IAM policies with the IAM policy simulator ][1]in the *IAM User
-    # Guide*.
+    # <note markdown="1"> The IAM policy simulator evaluates statements in the identity-based
+    # policy and the inputs that you provide during simulation. The policy
+    # simulator results can differ from your live Amazon Web Services
+    # environment. We recommend that you check your policies against your
+    # live Amazon Web Services environment after testing using the policy
+    # simulator to confirm that you have the desired results. For more
+    # information about using the policy simulator, see [Testing IAM
+    # policies with the IAM policy simulator ][1]in the *IAM User Guide*.
+    #
+    #  </note>
     #
     #
     #
@@ -10511,6 +10616,10 @@ module Aws::IAM
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
     #   in the *Amazon Web Services General Reference*.
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
@@ -10538,6 +10647,10 @@ module Aws::IAM
     #   * The special characters tab (`\u0009`), line feed (`\u000A`), and
     #     carriage return (`\u000D`)
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
@@ -10884,7 +10997,7 @@ module Aws::IAM
     #   *MyImportantProject*. Or search for all resources with the key name
     #   *Cost Center* and the value *41200*.
     #
-    # * **Access control** - Include tags in IAM user-based and
+    # * **Access control** - Include tags in IAM identity-based and
     #   resource-based policies. You can use tags to restrict access to only
     #   an OIDC provider that has a specified tag attached. For examples of
     #   policies that show how to use tags to control access, see [Control
@@ -11303,7 +11416,7 @@ module Aws::IAM
     #   *MyImportantProject*. Or search for all resources with the key name
     #   *Cost Center* and the value *41200*.
     #
-    # * **Access control** - Include tags in IAM user-based and
+    # * **Access control** - Include tags in IAM identity-based and
     #   resource-based policies. You can use tags to restrict access to only
     #   an IAM requesting user that has a specified tag attached. You can
     #   also restrict access to only those resources that have a certain tag
@@ -12255,10 +12368,10 @@ module Aws::IAM
     # <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
     # providers (IdPs) through our library of trusted certificate
     # authorities (CAs) instead of using a certificate thumbprint to verify
-    # your IdP server certificate. These OIDC IdPs include Google, and those
-    # that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)
-    # endpoint. In these cases, your legacy thumbprint remains in your
-    # configuration, but is no longer used for validation.
+    # your IdP server certificate. These OIDC IdPs include Google, Auth0,
+    # and those that use an Amazon S3 bucket to host a JSON Web Key Set
+    # (JWKS) endpoint. In these cases, your legacy thumbprint remains in
+    # your configuration, but is no longer used for validation.
     #
     #  </note>
     #
@@ -13233,7 +13346,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.74.0'
+      context[:gem_version] = '1.76.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iam/endpoint_provider.rb

@@ -14,144 +14,141 @@ module Aws::IAM
       use_dual_stack = parameters.use_dual_stack
       use_fips = parameters.use_fips
       endpoint = parameters.endpoint
-      if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-        if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
-          end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-            raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
-          end
-          return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+      if Aws::Endpoints::Matchers.set?(endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
-        if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws")
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.aws", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
+        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+        end
+        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+      end
+      if Aws::Endpoints::Matchers.set?(region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
+          if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws")
+            if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.aws", headers: {}, properties: {})
+              end
+              raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
             end
-            raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
-          end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
+            if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-east-1"}]})
+              end
+              raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
             end
-            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
-          end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.aws", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
+            if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.aws", headers: {}, properties: {})
+              end
+              raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
             end
-            raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
-          end
-          return Aws::Endpoints::Endpoint.new(url: "https://iam.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
-        end
-        if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-cn")
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.amazonwebservices.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"cn-north-1", "signingName"=>"iam"}]})
+            return Aws::Endpoints::Endpoint.new(url: "https://iam.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-east-1"}]})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-cn")
+            if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.amazonwebservices.com.cn", headers: {}, properties: {})
+              end
+              raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
             end
-            raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
-          end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.amazonaws.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"cn-north-1", "signingName"=>"iam"}]})
+            if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.amazonaws.com.cn", headers: {}, properties: {})
+              end
+              raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
             end
-            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
-          end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.amazonwebservices.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"cn-north-1", "signingName"=>"iam"}]})
+            if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.amazonwebservices.com.cn", headers: {}, properties: {})
+              end
+              raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
             end
-            raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
+            return Aws::Endpoints::Endpoint.new(url: "https://iam.cn-north-1.amazonaws.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"cn-north-1"}]})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
+            if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.aws", headers: {}, properties: {})
+              end
+              raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+            end
+            if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-gov-west-1"}]})
+              end
+              raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+            end
+            if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.aws", headers: {}, properties: {})
+              end
+              raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
+            end
+            return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-gov-west-1"}]})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-iso")
+            if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.c2s.ic.gov", headers: {}, properties: {})
+              end
+              raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+            end
+            return Aws::Endpoints::Endpoint.new(url: "https://iam.us-iso-east-1.c2s.ic.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-iso-east-1"}]})
+          end
+          if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-iso-b")
+            if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+                return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.sc2s.sgov.gov", headers: {}, properties: {})
+              end
+              raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+            end
+            return Aws::Endpoints::Endpoint.new(url: "https://iam.us-isob-east-1.sc2s.sgov.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-isob-east-1"}]})
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://iam.cn-north-1.amazonaws.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"cn-north-1", "signingName"=>"iam"}]})
-        end
-        if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.aws", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
+              if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
+                return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-east-1"}]})
+              end
+              if Aws::Endpoints::Matchers.string_equals?(region, "aws-us-gov-global")
+                return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-gov-west-1"}]})
+              end
+              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.aws", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
-        end
-        if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-iso")
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.c2s.ic.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-iso-east-1", "signingName"=>"iam"}]})
-            end
-            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
+            return Aws::Endpoints::Endpoint.new(url: "https://iam.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-east-1"}]})
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://iam.us-iso-east-1.c2s.ic.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-iso-east-1", "signingName"=>"iam"}]})
-        end
-        if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-iso-b")
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.sc2s.sgov.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-isob-east-1", "signingName"=>"iam"}]})
-            end
-            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          if Aws::Endpoints::Matchers.string_equals?(region, "aws-cn-global")
+            return Aws::Endpoints::Endpoint.new(url: "https://iam.cn-north-1.amazonaws.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"cn-north-1"}]})
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://iam.us-isob-east-1.sc2s.sgov.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-isob-east-1", "signingName"=>"iam"}]})
-        end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          if Aws::Endpoints::Matchers.string_equals?(region, "aws-us-gov-global")
+            return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-gov-west-1"}]})
           end
-          raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
-        end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-            if Aws::Endpoints::Matchers.string_equals?(region, "iam")
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
-            end
-            if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
-            end
-            if Aws::Endpoints::Matchers.string_equals?(region, "iam-govcloud")
-              return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
-            end
-            if Aws::Endpoints::Matchers.string_equals?(region, "aws-us-gov-global")
-              return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
-            end
-            return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          if Aws::Endpoints::Matchers.string_equals?(region, "aws-iso-global")
+            return Aws::Endpoints::Endpoint.new(url: "https://iam.us-iso-east-1.c2s.ic.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-iso-east-1"}]})
           end
-          raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
-        end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          if Aws::Endpoints::Matchers.string_equals?(region, "aws-iso-b-global")
+            return Aws::Endpoints::Endpoint.new(url: "https://iam.us-isob-east-1.sc2s.sgov.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"iam", "signingRegion"=>"us-isob-east-1"}]})
           end
-          raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
-        end
-        if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
-          return Aws::Endpoints::Endpoint.new(url: "https://iam.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
-        end
-        if Aws::Endpoints::Matchers.string_equals?(region, "aws-cn-global")
-          return Aws::Endpoints::Endpoint.new(url: "https://iam.cn-north-1.amazonaws.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"cn-north-1", "signingName"=>"iam"}]})
-        end
-        if Aws::Endpoints::Matchers.string_equals?(region, "aws-us-gov-global")
-          return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
-        end
-        if Aws::Endpoints::Matchers.string_equals?(region, "aws-iso-global")
-          return Aws::Endpoints::Endpoint.new(url: "https://iam.us-iso-east-1.c2s.ic.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-iso-east-1", "signingName"=>"iam"}]})
-        end
-        if Aws::Endpoints::Matchers.string_equals?(region, "aws-iso-b-global")
-          return Aws::Endpoints::Endpoint.new(url: "https://iam.us-isob-east-1.sc2s.sgov.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-isob-east-1", "signingName"=>"iam"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
-        return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
       end
+      raise ArgumentError, "Invalid Configuration: Missing Region"
       raise ArgumentError, 'No endpoint could be resolved'
 
     end

data/lib/aws-sdk-iam/resource.rb

@@ -455,6 +455,15 @@ module Aws::IAM
     #   IAM user, group, role, and policy names must be unique within the
     #   account. Names are not distinguished by case. For example, you cannot
     #   create resources named both "MyResource" and "myresource".
+    #
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following characters:
+    #   \_+=,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
     # @option options [required, String] :assume_role_policy_document
     #   The trust relationship policy document that grants an entity
     #   permission to assume the role.
@@ -505,8 +514,23 @@ module Aws::IAM
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
     # @option options [String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the role.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the role.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     # @option options [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the new role. Each tag
     #   consists of a key name and an associated value. For more information
@@ -808,8 +832,23 @@ module Aws::IAM
     #   account. Names are not distinguished by case. For example, you cannot
     #   create resources named both "MyResource" and "myresource".
     # @option options [String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     # @option options [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the new user. Each tag
     #   consists of a key name and an associated value. For more information
@@ -866,8 +905,8 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
     #   [2]: http://wikipedia.org/wiki/regex
     # @option options [required, String] :virtual_mfa_device_name
-    #   The name of the virtual MFA device. Use with path to uniquely identify
-    #   a virtual MFA device.
+    #   The name of the virtual MFA device, which must be unique. Use with
+    #   path to uniquely identify a virtual MFA device.
     #
     #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters

data/lib/aws-sdk-iam/role.rb

@@ -133,7 +133,7 @@ module Aws::IAM
     # period can be shorter if your Region began supporting these features
     # within the last year. The role might have been used more than 400 days
     # ago. For more information, see [Regions where data is tracked][1] in
-    # the *IAM User Guide*.
+    # the *IAM user Guide*.
     #
     #
     #

data/lib/aws-sdk-iam/types.rb

@@ -60,7 +60,7 @@ module Aws::IAM
     #   unauthenticated requests.
     #
     #   This field is null if no principals (IAM users, IAM roles, or root
-    #   users) in the reported Organizations entity attempted to access the
+    #   user) in the reported Organizations entity attempted to access the
     #   service within the [tracking period][1].
     #
     #
@@ -85,9 +85,9 @@ module Aws::IAM
     #   @return [Time]
     #
     # @!attribute [rw] total_authenticated_entities
-    #   The number of accounts with authenticated principals (root users,
-    #   IAM users, and IAM roles) that attempted to access the service in
-    #   the tracking period.
+    #   The number of accounts with authenticated principals (root user, IAM
+    #   users, and IAM roles) that attempted to access the service in the
+    #   tracking period.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AccessDetail AWS API Documentation
@@ -891,7 +891,7 @@ module Aws::IAM
     #
     #   For more information about obtaining the OIDC provider thumbprint,
     #   see [Obtaining the thumbprint for an OpenID Connect provider][1] in
-    #   the *IAM User Guide*.
+    #   the *IAM user Guide*.
     #
     #
     #
@@ -1191,6 +1191,15 @@ module Aws::IAM
     #   account. Names are not distinguished by case. For example, you
     #   cannot create resources named both "MyResource" and
     #   "myresource".
+    #
+    #   This parameter allows (through its [regex pattern][1]) a string of
+    #   characters consisting of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following
+    #   characters: \_+=,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
     # @!attribute [rw] assume_role_policy_document
@@ -1250,8 +1259,23 @@ module Aws::IAM
     #   @return [Integer]
     #
     # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary
-    #   for the role.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the role.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in
+    #   the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -1516,8 +1540,23 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary
-    #   for the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in
+    #   the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -1583,8 +1622,8 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] virtual_mfa_device_name
-    #   The name of the virtual MFA device. Use with path to uniquely
-    #   identify a virtual MFA device.
+    #   The name of the virtual MFA device, which must be unique. Use with
+    #   path to uniquely identify a virtual MFA device.
     #
     #   This parameter allows (through its [regex pattern][1]) a string of
     #   characters consisting of upper and lowercase alphanumeric characters
@@ -8130,8 +8169,23 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary
-    #   for the role.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the role.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in
+    #   the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutRolePermissionsBoundaryRequest AWS API Documentation
@@ -8210,8 +8264,23 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary
-    #   for the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in
+    #   the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutUserPermissionsBoundaryRequest AWS API Documentation
@@ -8648,7 +8717,7 @@ module Aws::IAM
     #   period can be shorter if your Region began supporting these features
     #   within the last year. The role might have been used more than 400
     #   days ago. For more information, see [Regions where data is
-    #   tracked][1] in the *IAM User Guide*.
+    #   tracked][1] in the *IAM user Guide*.
     #
     #
     #
@@ -8802,7 +8871,7 @@ module Aws::IAM
     # period can be shorter if your Region began supporting these features
     # within the last year. The role might have been used more than 400 days
     # ago. For more information, see [Regions where data is tracked][1] in
-    # the *IAM User Guide*.
+    # the *IAM user Guide*.
     #
     # This data type is returned as a response element in the GetRole and
     # GetAccountAuthorizationDetails operations.
@@ -9504,6 +9573,11 @@ module Aws::IAM
     #   For more information about ARNs, see [Amazon Resource Names
     #   (ARNs)][1] in the *Amazon Web Services General Reference*.
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM
+    #   roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
@@ -9532,6 +9606,11 @@ module Aws::IAM
     #   * The special characters tab (`\u0009`), line feed (`\u000A`), and
     #     carriage return (`\u000D`)
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM
+    #   roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
@@ -9789,6 +9868,11 @@ module Aws::IAM
     #   For more information about ARNs, see [Amazon Resource Names
     #   (ARNs)][1] in the *Amazon Web Services General Reference*.
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM
+    #   roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
@@ -9817,6 +9901,11 @@ module Aws::IAM
     #   * The special characters tab (`\u0009`), line feed (`\u000A`), and
     #     carriage return (`\u000D`)
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM
+    #   roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length

data/lib/aws-sdk-iam/user.rb

@@ -379,8 +379,23 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
     #   [2]: http://wikipedia.org/wiki/regex
     # @option options [String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     # @option options [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the new user. Each tag
     #   consists of a key name and an associated value. For more information

data/lib/aws-sdk-iam.rb

@@ -74,6 +74,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @!group service
 module Aws::IAM
 
-  GEM_VERSION = '1.74.0'
+  GEM_VERSION = '1.76.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iam
 version: !ruby/object:Gem::Version
-  version: 1.74.0
+  version: 1.76.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-01-18 00:00:00.000000000 Z
+date: 2023-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core