aws-sdk-iam 1.10.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 958c05c1bb1e37c89e695adcb92742fd0843f35e
-  data.tar.gz: fe856b8258a9b93b9a92475fed11fbf7ad78df54
+  metadata.gz: 4744dfe1bca94b95032f113163089b81706e426e
+  data.tar.gz: ff31885be187936a36f8dba1bf86eef03fc389b9
 SHA512:
-  metadata.gz: 3d7ab49b1b198bc7481b836abc925616864a1adce6953a338c35fbd222edd3a69c02e5839fefed2bb0c4dfca0408f86896e59a5a2a4ffd24be0d92aa32de0404
-  data.tar.gz: 6702568b6971f9128c420f3dae8e11cbcde6449d0aea366e1a98b0239b90bf3783bda47cfc09709fa1d2ad8a406b1302c7d3a209e198ba456f9c3b5687c6de66
+  metadata.gz: 2000feb782df8cf6a6c0b24a144a49c8ed9574d18650bde44cd5bc21ba7020da743e0728ad0561bc6092ec4555e139da9a8b65f1ffd1cd9eb9defd76f78223c1
+  data.tar.gz: d3511f784ab7b8b0d06839660fd106ab3537ba9513bd9ebc3051ed0ed970cb19484eef131789975196bac4fdc9c3e2b1bb16540a696aa916c0f37132ede687a7

data/lib/aws-sdk-iam.rb

@@ -64,6 +64,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @service
 module Aws::IAM
 
-  GEM_VERSION = '1.10.0'
+  GEM_VERSION = '1.11.0'
 
 end

data/lib/aws-sdk-iam/client.rb

@@ -15,6 +15,7 @@ require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
 require 'aws-sdk-core/plugins/retry_errors.rb'
 require 'aws-sdk-core/plugins/global_configuration.rb'
 require 'aws-sdk-core/plugins/regional_endpoint.rb'
+require 'aws-sdk-core/plugins/endpoint_discovery.rb'
 require 'aws-sdk-core/plugins/response_paging.rb'
 require 'aws-sdk-core/plugins/stub_responses.rb'
 require 'aws-sdk-core/plugins/idempotency_token.rb'
@@ -45,6 +46,7 @@ module Aws::IAM
     add_plugin(Aws::Plugins::RetryErrors)
     add_plugin(Aws::Plugins::GlobalConfiguration)
     add_plugin(Aws::Plugins::RegionalEndpoint)
+    add_plugin(Aws::Plugins::EndpointDiscovery)
     add_plugin(Aws::Plugins::ResponsePaging)
     add_plugin(Aws::Plugins::StubResponses)
     add_plugin(Aws::Plugins::IdempotencyToken)
@@ -98,6 +100,10 @@ module Aws::IAM
     #
     #   @option options [String] :access_key_id
     #
+    #   @option options [Boolean] :active_endpoint_cache (false)
+    #     When set to `true`, a thread polling for endpoints will be running in
+    #     the background every 60 secs (default). Defaults to `false`.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -123,6 +129,21 @@ module Aws::IAM
     #     option. You should only configure an `:endpoint` when connecting
     #     to test endpoints. This should be avalid HTTP(S) URI.
     #
+    #   @option options [Integer] :endpoint_cache_max_entries (1000)
+    #     Used for the maximum size limit of the LRU cache storing endpoints data
+    #     for endpoint discovery enabled operations. Defaults to 1000.
+    #
+    #   @option options [Integer] :endpoint_cache_max_threads (10)
+    #     Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.
+    #
+    #   @option options [Integer] :endpoint_cache_poll_interval (60)
+    #     When :endpoint_discovery and :active_endpoint_cache is enabled,
+    #     Use this option to config the time interval in seconds for making
+    #     requests fetching endpoints information. Defaults to 60 sec.
+    #
+    #   @option options [Boolean] :endpoint_discovery (false)
+    #     When set to `true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.
+    #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
     #
@@ -920,6 +941,9 @@ module Aws::IAM
     #   resp.instance_profile.roles[0].create_date #=> Time
     #   resp.instance_profile.roles[0].assume_role_policy_document #=> String
     #   resp.instance_profile.roles[0].description #=> String
+    #   resp.instance_profile.roles[0].tags #=> Array
+    #   resp.instance_profile.roles[0].tags[0].key #=> String
+    #   resp.instance_profile.roles[0].tags[0].value #=> String
     #   resp.instance_profile.roles[0].max_session_duration #=> Integer
     #   resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -1424,6 +1448,22 @@ module Aws::IAM
     # @option params [String] :description
     #   A description of the role.
     #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of tags that you want to attach to the newly created role. Each
+    #   tag consists of a key name and an associated value. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the *IAM
+    #   User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
+    #   of tags per role, then the entire request fails and the role is not
+    #   created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #
     # @option params [Integer] :max_session_duration
     #   The maximum session duration (in seconds) that you want to set for the
     #   specified role. If you do not specify a value for this setting, the
@@ -1484,6 +1524,12 @@ module Aws::IAM
     #     role_name: "roleNameType", # required
     #     assume_role_policy_document: "policyDocumentType", # required
     #     description: "roleDescriptionType",
+    #     tags: [
+    #       {
+    #         key: "tagKeyType", # required
+    #         value: "tagValueType", # required
+    #       },
+    #     ],
     #     max_session_duration: 1,
     #     permissions_boundary: "arnType",
     #   })
@@ -1497,6 +1543,9 @@ module Aws::IAM
     #   resp.role.create_date #=> Time
     #   resp.role.assume_role_policy_document #=> String
     #   resp.role.description #=> String
+    #   resp.role.tags #=> Array
+    #   resp.role.tags[0].key #=> String
+    #   resp.role.tags[0].value #=> String
     #   resp.role.max_session_duration #=> Integer
     #   resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.role.permissions_boundary.permissions_boundary_arn #=> String
@@ -1598,30 +1647,45 @@ module Aws::IAM
     # unexpectedly changed or deleted role, which could put your AWS
     # resources into an unknown state. Allowing the service to control the
     # role helps improve service stability and proper cleanup when a service
-    # and its role are no longer needed.
-    #
-    # The name of the role is generated by combining the string that you
-    # specify for the `AWSServiceName` parameter with the string that you
-    # specify for the `CustomSuffix` parameter. The resulting name must be
-    # unique in your account or the request fails.
+    # and its role are no longer needed. For more information, see [Using
+    # Service-Linked Roles][1] in the *IAM User Guide*.
     #
     # To attach a policy to this service-linked role, you must make the
     # request using the AWS service that depends on this role.
     #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
+    #
     # @option params [required, String] :aws_service_name
-    #   The AWS service to which this role is attached. You use a string
-    #   similar to a URL but without the http:// in front. For example:
-    #   `elasticbeanstalk.amazonaws.com`
+    #   The service principal for the AWS service to which this role is
+    #   attached. You use a string similar to a URL but without the http:// in
+    #   front. For example: `elasticbeanstalk.amazonaws.com`.
+    #
+    #   Service principals are unique and case-sensitive. To find the exact
+    #   service principal for your service-linked role, see [AWS Services That
+    #   Work with IAM][1] in the *IAM User Guide* and look for the services
+    #   that have <b>Yes </b>in the **Service-Linked Role** column. Choose the
+    #   **Yes** link to view the service-linked role documentation for that
+    #   service.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html
     #
     # @option params [String] :description
     #   The description of the role.
     #
     # @option params [String] :custom_suffix
-    #   A string that you provide, which is combined with the service name to
-    #   form the complete role name. If you make multiple requests for the
-    #   same service, then you must supply a different `CustomSuffix` for each
-    #   request. Otherwise the request fails with a duplicate role name error.
-    #   For example, you could add `-1` or `-debug` to the suffix.
+    #   A string that you provide, which is combined with the service-provided
+    #   prefix to form the complete role name. If you make multiple requests
+    #   for the same service, then you must supply a different `CustomSuffix`
+    #   for each request. Otherwise the request fails with a duplicate role
+    #   name error. For example, you could add `-1` or `-debug` to the suffix.
+    #
+    #   Some services do not support the `CustomSuffix` parameter. If you
+    #   provide an optional suffix and the operation fails, try the operation
+    #   again without the suffix.
     #
     # @return [Types::CreateServiceLinkedRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1644,6 +1708,9 @@ module Aws::IAM
     #   resp.role.create_date #=> Time
     #   resp.role.assume_role_policy_document #=> String
     #   resp.role.description #=> String
+    #   resp.role.tags #=> Array
+    #   resp.role.tags[0].key #=> String
+    #   resp.role.tags[0].value #=> String
     #   resp.role.max_session_duration #=> Integer
     #   resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.role.permissions_boundary.permissions_boundary_arn #=> String
@@ -1769,6 +1836,22 @@ module Aws::IAM
     #
     #   [1]: http://wikipedia.org/wiki/regex
     #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of tags that you want to attach to the newly created user. Each
+    #   tag consists of a key name and an associated value. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the *IAM
+    #   User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
+    #   of tags per user, then the entire request fails and the user is not
+    #   created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #
     # @option params [String] :permissions_boundary
     #   The ARN of the policy that is used to set the permissions boundary for
     #   the user.
@@ -1802,6 +1885,12 @@ module Aws::IAM
     #   resp = client.create_user({
     #     path: "pathType",
     #     user_name: "userNameType", # required
+    #     tags: [
+    #       {
+    #         key: "tagKeyType", # required
+    #         value: "tagValueType", # required
+    #       },
+    #     ],
     #     permissions_boundary: "arnType",
     #   })
     #
@@ -1813,6 +1902,9 @@ module Aws::IAM
     #   resp.user.arn #=> String
     #   resp.user.create_date #=> Time
     #   resp.user.password_last_used #=> Time
+    #   resp.user.tags #=> Array
+    #   resp.user.tags[0].key #=> String
+    #   resp.user.tags[0].value #=> String
     #   resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.user.permissions_boundary.permissions_boundary_arn #=> String
     #
@@ -1899,6 +1991,9 @@ module Aws::IAM
     #   resp.virtual_mfa_device.user.arn #=> String
     #   resp.virtual_mfa_device.user.create_date #=> Time
     #   resp.virtual_mfa_device.user.password_last_used #=> Time
+    #   resp.virtual_mfa_device.user.tags #=> Array
+    #   resp.virtual_mfa_device.user.tags[0].key #=> String
+    #   resp.virtual_mfa_device.user.tags[0].value #=> String
     #   resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_arn #=> String
     #   resp.virtual_mfa_device.enable_date #=> Time
@@ -3447,6 +3542,9 @@ module Aws::IAM
     #   resp.user_detail_list[0].attached_managed_policies #=> Array
     #   resp.user_detail_list[0].attached_managed_policies[0].policy_name #=> String
     #   resp.user_detail_list[0].attached_managed_policies[0].policy_arn #=> String
+    #   resp.user_detail_list[0].tags #=> Array
+    #   resp.user_detail_list[0].tags[0].key #=> String
+    #   resp.user_detail_list[0].tags[0].value #=> String
     #   resp.user_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.user_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
     #   resp.group_detail_list #=> Array
@@ -3482,6 +3580,9 @@ module Aws::IAM
     #   resp.role_detail_list[0].instance_profile_list[0].roles[0].create_date #=> Time
     #   resp.role_detail_list[0].instance_profile_list[0].roles[0].assume_role_policy_document #=> String
     #   resp.role_detail_list[0].instance_profile_list[0].roles[0].description #=> String
+    #   resp.role_detail_list[0].instance_profile_list[0].roles[0].tags #=> Array
+    #   resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].key #=> String
+    #   resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String
     #   resp.role_detail_list[0].instance_profile_list[0].roles[0].max_session_duration #=> Integer
     #   resp.role_detail_list[0].instance_profile_list[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.role_detail_list[0].instance_profile_list[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -3491,6 +3592,9 @@ module Aws::IAM
     #   resp.role_detail_list[0].attached_managed_policies #=> Array
     #   resp.role_detail_list[0].attached_managed_policies[0].policy_name #=> String
     #   resp.role_detail_list[0].attached_managed_policies[0].policy_arn #=> String
+    #   resp.role_detail_list[0].tags #=> Array
+    #   resp.role_detail_list[0].tags[0].key #=> String
+    #   resp.role_detail_list[0].tags[0].value #=> String
     #   resp.role_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.role_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
     #   resp.policies #=> Array
@@ -3880,6 +3984,9 @@ module Aws::IAM
     #   resp.users[0].arn #=> String
     #   resp.users[0].create_date #=> Time
     #   resp.users[0].password_last_used #=> Time
+    #   resp.users[0].tags #=> Array
+    #   resp.users[0].tags[0].key #=> String
+    #   resp.users[0].tags[0].value #=> String
     #   resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
     #   resp.is_truncated #=> Boolean
@@ -4046,6 +4153,9 @@ module Aws::IAM
     #   resp.instance_profile.roles[0].create_date #=> Time
     #   resp.instance_profile.roles[0].assume_role_policy_document #=> String
     #   resp.instance_profile.roles[0].description #=> String
+    #   resp.instance_profile.roles[0].tags #=> Array
+    #   resp.instance_profile.roles[0].tags[0].key #=> String
+    #   resp.instance_profile.roles[0].tags[0].value #=> String
     #   resp.instance_profile.roles[0].max_session_duration #=> Integer
     #   resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -4376,6 +4486,9 @@ module Aws::IAM
     #   resp.role.create_date #=> Time
     #   resp.role.assume_role_policy_document #=> String
     #   resp.role.description #=> String
+    #   resp.role.tags #=> Array
+    #   resp.role.tags[0].key #=> String
+    #   resp.role.tags[0].value #=> String
     #   resp.role.max_session_duration #=> Integer
     #   resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.role.permissions_boundary.permissions_boundary_arn #=> String
@@ -4743,6 +4856,9 @@ module Aws::IAM
     #   resp.user.arn #=> String
     #   resp.user.create_date #=> Time
     #   resp.user.password_last_used #=> Time
+    #   resp.user.tags #=> Array
+    #   resp.user.tags[0].key #=> String
+    #   resp.user.tags[0].value #=> String
     #   resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.user.permissions_boundary.permissions_boundary_arn #=> String
     #
@@ -5795,6 +5911,9 @@ module Aws::IAM
     #   resp.instance_profiles[0].roles[0].create_date #=> Time
     #   resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
     #   resp.instance_profiles[0].roles[0].description #=> String
+    #   resp.instance_profiles[0].roles[0].tags #=> Array
+    #   resp.instance_profiles[0].roles[0].tags[0].key #=> String
+    #   resp.instance_profiles[0].roles[0].tags[0].value #=> String
     #   resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
     #   resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -5882,6 +6001,9 @@ module Aws::IAM
     #   resp.instance_profiles[0].roles[0].create_date #=> Time
     #   resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
     #   resp.instance_profiles[0].roles[0].description #=> String
+    #   resp.instance_profiles[0].roles[0].tags #=> Array
+    #   resp.instance_profiles[0].roles[0].tags[0].key #=> String
+    #   resp.instance_profiles[0].roles[0].tags[0].value #=> String
     #   resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
     #   resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -6262,6 +6384,99 @@ module Aws::IAM
       req.send_request(options)
     end
 
+    # Lists the tags that are attached to the specified role. The returned
+    # list of tags is sorted by tag key. For more information about tagging,
+    # see [Tagging IAM Identities][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #
+    # @option params [required, String] :role_name
+    #   The name of the IAM role for which you want to see the list of tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following characters:
+    #   \_+=,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #
+    # @option params [String] :marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response to indicate where
+    #   the next call should start.
+    #
+    # @option params [Integer] :max_items
+    #   (Optional) Use this only when paginating results to indicate the
+    #   maximum number of items that you want in the response. If additional
+    #   items exist beyond the maximum that you specify, the `IsTruncated`
+    #   response element is `true`.
+    #
+    #   If you do not include this parameter, it defaults to 100. Note that
+    #   IAM might return fewer results, even when more results are available.
+    #   In that case, the `IsTruncated` response element returns `true`, and
+    #   `Marker` contains a value to include in the subsequent call that tells
+    #   the service where to continue from.
+    #
+    # @return [Types::ListRoleTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListRoleTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
+    #   * {Types::ListRoleTagsResponse#is_truncated #is_truncated} => Boolean
+    #   * {Types::ListRoleTagsResponse#marker #marker} => String
+    #
+    #
+    # @example Example: To list the tags attached to an IAM role
+    #
+    #   # The following example shows how to list the tags attached to a role.
+    #
+    #   resp = client.list_role_tags({
+    #     role_name: "taggedrole1", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     is_truncated: false, 
+    #     tags: [
+    #       {
+    #         key: "Dept", 
+    #         value: "12345", 
+    #       }, 
+    #       {
+    #         key: "Team", 
+    #         value: "Accounting", 
+    #       }, 
+    #     ], 
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_role_tags({
+    #     role_name: "roleNameType", # required
+    #     marker: "markerType",
+    #     max_items: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tags #=> Array
+    #   resp.tags[0].key #=> String
+    #   resp.tags[0].value #=> String
+    #   resp.is_truncated #=> Boolean
+    #   resp.marker #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRoleTags AWS API Documentation
+    #
+    # @overload list_role_tags(params = {})
+    # @param [Hash] params ({})
+    def list_role_tags(params = {}, options = {})
+      req = build_request(:list_role_tags, params)
+      req.send_request(options)
+    end
+
     # Lists the IAM roles that have the specified path prefix. If there are
     # none, the operation returns an empty list. For more information about
     # roles, go to [Working with Roles][1].
@@ -6332,6 +6547,9 @@ module Aws::IAM
     #   resp.roles[0].create_date #=> Time
     #   resp.roles[0].assume_role_policy_document #=> String
     #   resp.roles[0].description #=> String
+    #   resp.roles[0].tags #=> Array
+    #   resp.roles[0].tags[0].key #=> String
+    #   resp.roles[0].tags[0].value #=> String
     #   resp.roles[0].max_session_duration #=> Integer
     #   resp.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -6783,6 +7001,99 @@ module Aws::IAM
       req.send_request(options)
     end
 
+    # Lists the tags that are attached to the specified user. The returned
+    # list of tags is sorted by tag key. For more information about tagging,
+    # see [Tagging IAM Identities][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #
+    # @option params [required, String] :user_name
+    #   The name of the IAM user whose tags you want to see.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following characters:
+    #   =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #
+    # @option params [String] :marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response to indicate where
+    #   the next call should start.
+    #
+    # @option params [Integer] :max_items
+    #   (Optional) Use this only when paginating results to indicate the
+    #   maximum number of items that you want in the response. If additional
+    #   items exist beyond the maximum that you specify, the `IsTruncated`
+    #   response element is `true`.
+    #
+    #   If you do not include this parameter, it defaults to 100. Note that
+    #   IAM might return fewer results, even when more results are available.
+    #   In that case, the `IsTruncated` response element returns `true`, and
+    #   `Marker` contains a value to include in the subsequent call that tells
+    #   the service where to continue from.
+    #
+    # @return [Types::ListUserTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListUserTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
+    #   * {Types::ListUserTagsResponse#is_truncated #is_truncated} => Boolean
+    #   * {Types::ListUserTagsResponse#marker #marker} => String
+    #
+    #
+    # @example Example: To list the tags attached to an IAM user
+    #
+    #   # The following example shows how to list the tags attached to a user.
+    #
+    #   resp = client.list_user_tags({
+    #     user_name: "anika", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     is_truncated: false, 
+    #     tags: [
+    #       {
+    #         key: "Dept", 
+    #         value: "12345", 
+    #       }, 
+    #       {
+    #         key: "Team", 
+    #         value: "Accounting", 
+    #       }, 
+    #     ], 
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_user_tags({
+    #     user_name: "existingUserNameType", # required
+    #     marker: "markerType",
+    #     max_items: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tags #=> Array
+    #   resp.tags[0].key #=> String
+    #   resp.tags[0].value #=> String
+    #   resp.is_truncated #=> Boolean
+    #   resp.marker #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserTags AWS API Documentation
+    #
+    # @overload list_user_tags(params = {})
+    # @param [Hash] params ({})
+    def list_user_tags(params = {}, options = {})
+      req = build_request(:list_user_tags, params)
+      req.send_request(options)
+    end
+
     # Lists the IAM users that have the specified path prefix. If no path
     # prefix is specified, the operation returns all users in the AWS
     # account. If there are none, the operation returns an empty list.
@@ -6878,6 +7189,9 @@ module Aws::IAM
     #   resp.users[0].arn #=> String
     #   resp.users[0].create_date #=> Time
     #   resp.users[0].password_last_used #=> Time
+    #   resp.users[0].tags #=> Array
+    #   resp.users[0].tags[0].key #=> String
+    #   resp.users[0].tags[0].value #=> String
     #   resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
     #   resp.is_truncated #=> Boolean
@@ -6969,6 +7283,9 @@ module Aws::IAM
     #   resp.virtual_mfa_devices[0].user.arn #=> String
     #   resp.virtual_mfa_devices[0].user.create_date #=> Time
     #   resp.virtual_mfa_devices[0].user.password_last_used #=> Time
+    #   resp.virtual_mfa_devices[0].user.tags #=> Array
+    #   resp.virtual_mfa_devices[0].user.tags[0].key #=> String
+    #   resp.virtual_mfa_devices[0].user.tags[0].value #=> String
     #   resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_arn #=> String
     #   resp.virtual_mfa_devices[0].enable_date #=> Time
@@ -8276,6 +8593,312 @@ module Aws::IAM
       req.send_request(options)
     end
 
+    # Adds one or more tags to an IAM role. The role can be a regular role
+    # or a service-linked role. If a tag with the same key name already
+    # exists, then that tag is overwritten with the new value.
+    #
+    # A tag consists of a key name and an associated value. By assigning
+    # tags to your resources, you can do the following:
+    #
+    # * **Administrative grouping and discovery** - Attach tags to resources
+    #   to aid in organization and search. For example, you could search for
+    #   all resources with the key name *Project* and the value
+    #   *MyImportantProject*. Or search for all resources with the key name
+    #   *Cost Center* and the value *41200*.
+    #
+    # * **Access control** - Reference tags in IAM user-based and
+    #   resource-based policies. You can use tags to restrict access to only
+    #   an IAM user or role that has a specified tag attached. You can also
+    #   restrict access to only those resources that have a certain tag
+    #   attached. For examples of policies that show how to use tags to
+    #   control access, see [Control Access Using IAM Tags][1] in the *IAM
+    #   User Guide*.
+    #
+    # * **Cost allocation** - Use tags to help track which individuals and
+    #   teams are using which AWS resources.
+    #
+    # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed
+    #   the allowed number of tags per role. In either case, the entire
+    #   request fails and *no* tags are added to the role.
+    #
+    # * AWS always interprets the tag `Value` as a single string. If you
+    #   need to store an array, you can store comma-separated values in the
+    #   string. However, you must interpret the value in your code.
+    #
+    #  </note>
+    #
+    # For more information about tagging, see [Tagging IAM Identities][2] in
+    # the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
+    # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #
+    # @option params [required, String] :role_name
+    #   The name of the role that you want to add tags to.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following characters:
+    #   \_+=,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #
+    # @option params [required, Array<Types::Tag>] :tags
+    #   The list of tags that you want to attach to the role. Each tag
+    #   consists of a key name and an associated value. You can specify this
+    #   with a JSON string.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: To add a tag key and value to an IAM role
+    #
+    #   # The following example shows how to add tags to an existing role.
+    #
+    #   resp = client.tag_role({
+    #     role_name: "taggedrole", 
+    #     tags: [
+    #       {
+    #         key: "Dept", 
+    #         value: "Accounting", 
+    #       }, 
+    #       {
+    #         key: "CostCenter", 
+    #         value: "12345", 
+    #       }, 
+    #     ], 
+    #   })
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.tag_role({
+    #     role_name: "roleNameType", # required
+    #     tags: [ # required
+    #       {
+    #         key: "tagKeyType", # required
+    #         value: "tagValueType", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole AWS API Documentation
+    #
+    # @overload tag_role(params = {})
+    # @param [Hash] params ({})
+    def tag_role(params = {}, options = {})
+      req = build_request(:tag_role, params)
+      req.send_request(options)
+    end
+
+    # Adds one or more tags to an IAM user. If a tag with the same key name
+    # already exists, then that tag is overwritten with the new value.
+    #
+    # A tag consists of a key name and an associated value. By assigning
+    # tags to your resources, you can do the following:
+    #
+    # * **Administrative grouping and discovery** - Attach tags to resources
+    #   to aid in organization and search. For example, you could search for
+    #   all resources with the key name *Project* and the value
+    #   *MyImportantProject*. Or search for all resources with the key name
+    #   *Cost Center* and the value *41200*.
+    #
+    # * **Access control** - Reference tags in IAM user-based and
+    #   resource-based policies. You can use tags to restrict access to only
+    #   an IAM requesting user or to a role that has a specified tag
+    #   attached. You can also restrict access to only those resources that
+    #   have a certain tag attached. For examples of policies that show how
+    #   to use tags to control access, see [Control Access Using IAM
+    #   Tags][1] in the *IAM User Guide*.
+    #
+    # * **Cost allocation** - Use tags to help track which individuals and
+    #   teams are using which AWS resources.
+    #
+    # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed
+    #   the allowed number of tags per role. In either case, the entire
+    #   request fails and *no* tags are added to the role.
+    #
+    # * AWS always interprets the tag `Value` as a single string. If you
+    #   need to store an array, you can store comma-separated values in the
+    #   string. However, you must interpret the value in your code.
+    #
+    #  </note>
+    #
+    # For more information about tagging, see [Tagging IAM Identities][2] in
+    # the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
+    # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #
+    # @option params [required, String] :user_name
+    #   The name of the user that you want to add tags to.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following characters:
+    #   =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #
+    # @option params [required, Array<Types::Tag>] :tags
+    #   The list of tags that you want to attach to the user. Each tag
+    #   consists of a key name and an associated value.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: To add a tag key and value to an IAM user
+    #
+    #   # The following example shows how to add tags to an existing user.
+    #
+    #   resp = client.tag_user({
+    #     tags: [
+    #       {
+    #         key: "Dept", 
+    #         value: "Accounting", 
+    #       }, 
+    #       {
+    #         key: "CostCenter", 
+    #         value: "12345", 
+    #       }, 
+    #     ], 
+    #     user_name: "anika", 
+    #   })
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.tag_user({
+    #     user_name: "existingUserNameType", # required
+    #     tags: [ # required
+    #       {
+    #         key: "tagKeyType", # required
+    #         value: "tagValueType", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagUser AWS API Documentation
+    #
+    # @overload tag_user(params = {})
+    # @param [Hash] params ({})
+    def tag_user(params = {}, options = {})
+      req = build_request(:tag_user, params)
+      req.send_request(options)
+    end
+
+    # Removes the specified tags from the role. For more information about
+    # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #
+    # @option params [required, String] :role_name
+    #   The name of the IAM role from which you want to remove tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following characters:
+    #   \_+=,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #
+    # @option params [required, Array<String>] :tag_keys
+    #   A list of key names as a simple array of strings. The tags with
+    #   matching keys are removed from the specified role.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: To remove a tag from an IAM role
+    #
+    #   # The following example shows how to remove a tag with the key 'Dept' from a role named 'taggedrole'.
+    #
+    #   resp = client.untag_role({
+    #     role_name: "taggedrole", 
+    #     tag_keys: [
+    #       "Dept", 
+    #     ], 
+    #   })
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.untag_role({
+    #     role_name: "roleNameType", # required
+    #     tag_keys: ["tagKeyType"], # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagRole AWS API Documentation
+    #
+    # @overload untag_role(params = {})
+    # @param [Hash] params ({})
+    def untag_role(params = {}, options = {})
+      req = build_request(:untag_role, params)
+      req.send_request(options)
+    end
+
+    # Removes the specified tags from the user. For more information about
+    # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #
+    # @option params [required, String] :user_name
+    #   The name of the IAM user from which you want to remove tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric characters
+    #   with no spaces. You can also include any of the following characters:
+    #   =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #
+    # @option params [required, Array<String>] :tag_keys
+    #   A list of key names as a simple array of strings. The tags with
+    #   matching keys are removed from the specified user.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: To remove a tag from an IAM user
+    #
+    #   # The following example shows how to remove tags that are attached to a user named 'anika'.
+    #
+    #   resp = client.untag_user({
+    #     tag_keys: [
+    #       "Dept", 
+    #     ], 
+    #     user_name: "anika", 
+    #   })
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.untag_user({
+    #     user_name: "existingUserNameType", # required
+    #     tag_keys: ["tagKeyType"], # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagUser AWS API Documentation
+    #
+    # @overload untag_user(params = {})
+    # @param [Hash] params ({})
+    def untag_user(params = {}, options = {})
+      req = build_request(:untag_user, params)
+      req.send_request(options)
+    end
+
     # Changes the status of the specified access key from Active to
     # Inactive, or vice versa. This operation can be used to disable a
     # user's key as part of a key rotation workflow.
@@ -8861,6 +9484,9 @@ module Aws::IAM
     #   resp.role.create_date #=> Time
     #   resp.role.assume_role_policy_document #=> String
     #   resp.role.description #=> String
+    #   resp.role.tags #=> Array
+    #   resp.role.tags[0].key #=> String
+    #   resp.role.tags[0].value #=> String
     #   resp.role.max_session_duration #=> Integer
     #   resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
     #   resp.role.permissions_boundary.permissions_boundary_arn #=> String
@@ -9674,7 +10300,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.10.0'
+      context[:gem_version] = '1.11.0'
       Seahorse::Client::Request.new(handlers, context)
     end