aws-sdk-iam 1.12.0 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 33e6db5ac1dfcc9fe32b87209c2bcbb1f9f63834
4
- data.tar.gz: 18d06676fe19f5bb0e1e52c1bdc56c203f874b6e
3
+ metadata.gz: f72988bbf8f92d16fbf0a8797593c77652a886a6
4
+ data.tar.gz: 35162ef9c23191387bdddd9027069fc9286908b8
5
5
  SHA512:
6
- metadata.gz: bece240099bee6c46da2f6e2676d3c530f8a02b5be3626e084cf9294120f324550eaa87f63cfb5fd60fb2a81758e38bc000b82738ea86b9ce11d00441df87f5d
7
- data.tar.gz: 547467504cd948caff82818db57d090297d6b3201e0663bfc2f263009d87d025f44971192a7eb765aeff0c4b309efb4392c6e0ff83c4fb36864f7a17f722f268
6
+ metadata.gz: c58ab6d2183a08da068100da6d99d0a957c942f19b324886ae939352d08a2020db5bf6c16923e4451115821d12b3b690617ac7cf9aba8a38ac703c076167880a
7
+ data.tar.gz: 20f0904c4db64b442704e384193ea5f8eec1108cbfc527a662988385b30686fe7e3aecba3fb603381325b9cde546b33760da458852d3a4ef7d4002237a58afed
data/lib/aws-sdk-iam.rb CHANGED
@@ -64,6 +64,6 @@ require_relative 'aws-sdk-iam/customizations'
64
64
  # @service
65
65
  module Aws::IAM
66
66
 
67
- GEM_VERSION = '1.12.0'
67
+ GEM_VERSION = '1.13.0'
68
68
 
69
69
  end
@@ -39,8 +39,8 @@ module Aws::IAM
39
39
  end
40
40
  alias :access_key_id :id
41
41
 
42
- # The status of the access key. `Active` means the key is valid for API
43
- # calls; `Inactive` means it is not.
42
+ # The status of the access key. `Active` means that the key is valid for
43
+ # API calls; `Inactive` means it is not.
44
44
  # @return [String]
45
45
  def status
46
46
  data[:status]
@@ -20,7 +20,7 @@ module Aws::IAM
20
20
 
21
21
  # @!group Read-Only Attributes
22
22
 
23
- # A set of key value pairs containing information about IAM entity usage
23
+ # A set of keyvalue pairs containing information about IAM entity usage
24
24
  # and IAM quotas.
25
25
  # @return [Hash<String,Integer>]
26
26
  def summary_map
@@ -260,7 +260,7 @@ module Aws::IAM
260
260
  # instance and then restart it.
261
261
  #
262
262
  # <note markdown="1"> The caller of this API must be granted the `PassRole` permission on
263
- # the IAM role by a permission policy.
263
+ # the IAM role by a permissions policy.
264
264
  #
265
265
  # </note>
266
266
  #
@@ -271,15 +271,15 @@ module Aws::IAM
271
271
  #
272
272
  #
273
273
  # [1]: https://en.wikipedia.org/wiki/Eventual_consistency
274
- # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
275
- # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
274
+ # [2]: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
275
+ # [3]: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
276
276
  # [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
277
277
  # [5]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
278
278
  #
279
279
  # @option params [required, String] :instance_profile_name
280
280
  # The name of the instance profile to update.
281
281
  #
282
- # This parameter allows (per its [regex pattern][1]) a string of
282
+ # This parameter allows (through its [regex pattern][1]) a string of
283
283
  # characters consisting of upper and lowercase alphanumeric characters
284
284
  # with no spaces. You can also include any of the following characters:
285
285
  # \_+=,.@-
@@ -291,7 +291,7 @@ module Aws::IAM
291
291
  # @option params [required, String] :role_name
292
292
  # The name of the role to add.
293
293
  #
294
- # This parameter allows (per its [regex pattern][1]) a string of
294
+ # This parameter allows (through its [regex pattern][1]) a string of
295
295
  # characters consisting of upper and lowercase alphanumeric characters
296
296
  # with no spaces. You can also include any of the following characters:
297
297
  # \_+=,.@-
@@ -333,7 +333,7 @@ module Aws::IAM
333
333
  # @option params [required, String] :group_name
334
334
  # The name of the group to update.
335
335
  #
336
- # This parameter allows (per its [regex pattern][1]) a string of
336
+ # This parameter allows (through its [regex pattern][1]) a string of
337
337
  # characters consisting of upper and lowercase alphanumeric characters
338
338
  # with no spaces. You can also include any of the following characters:
339
339
  # \_+=,.@-
@@ -345,7 +345,7 @@ module Aws::IAM
345
345
  # @option params [required, String] :user_name
346
346
  # The name of the user to add.
347
347
  #
348
- # This parameter allows (per its [regex pattern][1]) a string of
348
+ # This parameter allows (through its [regex pattern][1]) a string of
349
349
  # characters consisting of upper and lowercase alphanumeric characters
350
350
  # with no spaces. You can also include any of the following characters:
351
351
  # \_+=,.@-
@@ -398,7 +398,7 @@ module Aws::IAM
398
398
  # The name (friendly name, not ARN) of the group to attach the policy
399
399
  # to.
400
400
  #
401
- # This parameter allows (per its [regex pattern][1]) a string of
401
+ # This parameter allows (through its [regex pattern][1]) a string of
402
402
  # characters consisting of upper and lowercase alphanumeric characters
403
403
  # with no spaces. You can also include any of the following characters:
404
404
  # \_+=,.@-
@@ -468,7 +468,7 @@ module Aws::IAM
468
468
  # @option params [required, String] :role_name
469
469
  # The name (friendly name, not ARN) of the role to attach the policy to.
470
470
  #
471
- # This parameter allows (per its [regex pattern][1]) a string of
471
+ # This parameter allows (through its [regex pattern][1]) a string of
472
472
  # characters consisting of upper and lowercase alphanumeric characters
473
473
  # with no spaces. You can also include any of the following characters:
474
474
  # \_+=,.@-
@@ -531,7 +531,7 @@ module Aws::IAM
531
531
  # The name (friendly name, not ARN) of the IAM user to attach the policy
532
532
  # to.
533
533
  #
534
- # This parameter allows (per its [regex pattern][1]) a string of
534
+ # This parameter allows (through its [regex pattern][1]) a string of
535
535
  # characters consisting of upper and lowercase alphanumeric characters
536
536
  # with no spaces. You can also include any of the following characters:
537
537
  # \_+=,.@-
@@ -642,10 +642,11 @@ module Aws::IAM
642
642
  # `Active`.
643
643
  #
644
644
  # If you do not specify a user name, IAM determines the user name
645
- # implicitly based on the AWS access key ID signing the request. Because
646
- # this operation works for access keys under the AWS account, you can
647
- # use this operation to manage AWS account root user credentials. This
648
- # is true even if the AWS account has no associated users.
645
+ # implicitly based on the AWS access key ID signing the request. This
646
+ # operation works for access keys under the AWS account. Consequently,
647
+ # you can use this operation to manage AWS account root user
648
+ # credentials. This is true even if the AWS account has no associated
649
+ # users.
649
650
  #
650
651
  # For information about limits on the number of keys you can create, see
651
652
  # [Limitations on IAM Entities][1] in the *IAM User Guide*.
@@ -663,7 +664,7 @@ module Aws::IAM
663
664
  # @option params [String] :user_name
664
665
  # The name of the IAM user that the new key will belong to.
665
666
  #
666
- # This parameter allows (per its [regex pattern][1]) a string of
667
+ # This parameter allows (through its [regex pattern][1]) a string of
667
668
  # characters consisting of upper and lowercase alphanumeric characters
668
669
  # with no spaces. You can also include any of the following characters:
669
670
  # \_+=,.@-
@@ -730,7 +731,7 @@ module Aws::IAM
730
731
  # @option params [required, String] :account_alias
731
732
  # The account alias to create.
732
733
  #
733
- # This parameter allows (per its [regex pattern][1]) a string of
734
+ # This parameter allows (through its [regex pattern][1]) a string of
734
735
  # characters consisting of lowercase letters, digits, and dashes. You
735
736
  # cannot start or finish with a dash, nor can you have two dashes in a
736
737
  # row.
@@ -781,7 +782,7 @@ module Aws::IAM
781
782
  # This parameter is optional. If it is not included, it defaults to a
782
783
  # slash (/).
783
784
  #
784
- # This parameter allows (per its [regex pattern][2]) a string of
785
+ # This parameter allows (through its [regex pattern][2]) a string of
785
786
  # characters consisting of either a forward slash (/) by itself or a
786
787
  # string that must begin and end with forward slashes. In addition, it
787
788
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -797,7 +798,7 @@ module Aws::IAM
797
798
  # The name of the group to create. Do not include the path in this
798
799
  # value.
799
800
  #
800
- # This parameter allows (per its [regex pattern][1]) a string of
801
+ # This parameter allows (through its [regex pattern][1]) a string of
801
802
  # characters consisting of upper and lowercase alphanumeric characters
802
803
  # with no spaces. You can also include any of the following characters:
803
804
  # \_+=,.@-. The group name must be unique within the account. Group
@@ -870,7 +871,7 @@ module Aws::IAM
870
871
  # @option params [required, String] :instance_profile_name
871
872
  # The name of the instance profile to create.
872
873
  #
873
- # This parameter allows (per its [regex pattern][1]) a string of
874
+ # This parameter allows (through its [regex pattern][1]) a string of
874
875
  # characters consisting of upper and lowercase alphanumeric characters
875
876
  # with no spaces. You can also include any of the following characters:
876
877
  # \_+=,.@-
@@ -886,7 +887,7 @@ module Aws::IAM
886
887
  # This parameter is optional. If it is not included, it defaults to a
887
888
  # slash (/).
888
889
  #
889
- # This parameter allows (per its [regex pattern][2]) a string of
890
+ # This parameter allows (through its [regex pattern][2]) a string of
890
891
  # characters consisting of either a forward slash (/) by itself or a
891
892
  # string that must begin and end with forward slashes. In addition, it
892
893
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -947,12 +948,12 @@ module Aws::IAM
947
948
  # resp.instance_profile.roles[0].create_date #=> Time
948
949
  # resp.instance_profile.roles[0].assume_role_policy_document #=> String
949
950
  # resp.instance_profile.roles[0].description #=> String
950
- # resp.instance_profile.roles[0].tags #=> Array
951
- # resp.instance_profile.roles[0].tags[0].key #=> String
952
- # resp.instance_profile.roles[0].tags[0].value #=> String
953
951
  # resp.instance_profile.roles[0].max_session_duration #=> Integer
954
952
  # resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
955
953
  # resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_arn #=> String
954
+ # resp.instance_profile.roles[0].tags #=> Array
955
+ # resp.instance_profile.roles[0].tags[0].key #=> String
956
+ # resp.instance_profile.roles[0].tags[0].value #=> String
956
957
  #
957
958
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation
958
959
  #
@@ -976,7 +977,7 @@ module Aws::IAM
976
977
  # The name of the IAM user to create a password for. The user must
977
978
  # already exist.
978
979
  #
979
- # This parameter allows (per its [regex pattern][1]) a string of
980
+ # This parameter allows (through its [regex pattern][1]) a string of
980
981
  # characters consisting of upper and lowercase alphanumeric characters
981
982
  # with no spaces. You can also include any of the following characters:
982
983
  # \_+=,.@-
@@ -1200,7 +1201,7 @@ module Aws::IAM
1200
1201
  # @option params [required, String] :policy_name
1201
1202
  # The friendly name of the policy.
1202
1203
  #
1203
- # This parameter allows (per its [regex pattern][1]) a string of
1204
+ # This parameter allows (through its [regex pattern][1]) a string of
1204
1205
  # characters consisting of upper and lowercase alphanumeric characters
1205
1206
  # with no spaces. You can also include any of the following characters:
1206
1207
  # \_+=,.@-
@@ -1218,7 +1219,7 @@ module Aws::IAM
1218
1219
  # This parameter is optional. If it is not included, it defaults to a
1219
1220
  # slash (/).
1220
1221
  #
1221
- # This parameter allows (per its [regex pattern][2]) a string of
1222
+ # This parameter allows (through its [regex pattern][2]) a string of
1222
1223
  # characters consisting of either a forward slash (/) by itself or a
1223
1224
  # string that must begin and end with forward slashes. In addition, it
1224
1225
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -1404,7 +1405,7 @@ module Aws::IAM
1404
1405
  # This parameter is optional. If it is not included, it defaults to a
1405
1406
  # slash (/).
1406
1407
  #
1407
- # This parameter allows (per its [regex pattern][2]) a string of
1408
+ # This parameter allows (through its [regex pattern][2]) a string of
1408
1409
  # characters consisting of either a forward slash (/) by itself or a
1409
1410
  # string that must begin and end with forward slashes. In addition, it
1410
1411
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -1419,7 +1420,7 @@ module Aws::IAM
1419
1420
  # @option params [required, String] :role_name
1420
1421
  # The name of the role to create.
1421
1422
  #
1422
- # This parameter allows (per its [regex pattern][1]) a string of
1423
+ # This parameter allows (through its [regex pattern][1]) a string of
1423
1424
  # characters consisting of upper and lowercase alphanumeric characters
1424
1425
  # with no spaces. You can also include any of the following characters:
1425
1426
  # \_+=,.@-
@@ -1454,22 +1455,6 @@ module Aws::IAM
1454
1455
  # @option params [String] :description
1455
1456
  # A description of the role.
1456
1457
  #
1457
- # @option params [Array<Types::Tag>] :tags
1458
- # A list of tags that you want to attach to the newly created role. Each
1459
- # tag consists of a key name and an associated value. For more
1460
- # information about tagging, see [Tagging IAM Identities][1] in the *IAM
1461
- # User Guide*.
1462
- #
1463
- # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1464
- # of tags per role, then the entire request fails and the role is not
1465
- # created.
1466
- #
1467
- # </note>
1468
- #
1469
- #
1470
- #
1471
- # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1472
- #
1473
1458
  # @option params [Integer] :max_session_duration
1474
1459
  # The maximum session duration (in seconds) that you want to set for the
1475
1460
  # specified role. If you do not specify a value for this setting, the
@@ -1495,6 +1480,22 @@ module Aws::IAM
1495
1480
  # The ARN of the policy that is used to set the permissions boundary for
1496
1481
  # the role.
1497
1482
  #
1483
+ # @option params [Array<Types::Tag>] :tags
1484
+ # A list of tags that you want to attach to the newly created role. Each
1485
+ # tag consists of a key name and an associated value. For more
1486
+ # information about tagging, see [Tagging IAM Identities][1] in the *IAM
1487
+ # User Guide*.
1488
+ #
1489
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1490
+ # of tags per role, then the entire request fails and the role is not
1491
+ # created.
1492
+ #
1493
+ # </note>
1494
+ #
1495
+ #
1496
+ #
1497
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1498
+ #
1498
1499
  # @return [Types::CreateRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1499
1500
  #
1500
1501
  # * {Types::CreateRoleResponse#role #role} => Types::Role
@@ -1530,14 +1531,14 @@ module Aws::IAM
1530
1531
  # role_name: "roleNameType", # required
1531
1532
  # assume_role_policy_document: "policyDocumentType", # required
1532
1533
  # description: "roleDescriptionType",
1534
+ # max_session_duration: 1,
1535
+ # permissions_boundary: "arnType",
1533
1536
  # tags: [
1534
1537
  # {
1535
1538
  # key: "tagKeyType", # required
1536
1539
  # value: "tagValueType", # required
1537
1540
  # },
1538
1541
  # ],
1539
- # max_session_duration: 1,
1540
- # permissions_boundary: "arnType",
1541
1542
  # })
1542
1543
  #
1543
1544
  # @example Response structure
@@ -1549,12 +1550,12 @@ module Aws::IAM
1549
1550
  # resp.role.create_date #=> Time
1550
1551
  # resp.role.assume_role_policy_document #=> String
1551
1552
  # resp.role.description #=> String
1552
- # resp.role.tags #=> Array
1553
- # resp.role.tags[0].key #=> String
1554
- # resp.role.tags[0].value #=> String
1555
1553
  # resp.role.max_session_duration #=> Integer
1556
1554
  # resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
1557
1555
  # resp.role.permissions_boundary.permissions_boundary_arn #=> String
1556
+ # resp.role.tags #=> Array
1557
+ # resp.role.tags[0].key #=> String
1558
+ # resp.role.tags[0].value #=> String
1558
1559
  #
1559
1560
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRole AWS API Documentation
1560
1561
  #
@@ -1614,7 +1615,7 @@ module Aws::IAM
1614
1615
  # @option params [required, String] :name
1615
1616
  # The name of the provider to create.
1616
1617
  #
1617
- # This parameter allows (per its [regex pattern][1]) a string of
1618
+ # This parameter allows (through its [regex pattern][1]) a string of
1618
1619
  # characters consisting of upper and lowercase alphanumeric characters
1619
1620
  # with no spaces. You can also include any of the following characters:
1620
1621
  # \_+=,.@-
@@ -1714,12 +1715,12 @@ module Aws::IAM
1714
1715
  # resp.role.create_date #=> Time
1715
1716
  # resp.role.assume_role_policy_document #=> String
1716
1717
  # resp.role.description #=> String
1717
- # resp.role.tags #=> Array
1718
- # resp.role.tags[0].key #=> String
1719
- # resp.role.tags[0].value #=> String
1720
1718
  # resp.role.max_session_duration #=> Integer
1721
1719
  # resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
1722
1720
  # resp.role.permissions_boundary.permissions_boundary_arn #=> String
1721
+ # resp.role.tags #=> Array
1722
+ # resp.role.tags[0].key #=> String
1723
+ # resp.role.tags[0].value #=> String
1723
1724
  #
1724
1725
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRole AWS API Documentation
1725
1726
  #
@@ -1757,7 +1758,7 @@ module Aws::IAM
1757
1758
  # permissions as the associated user except that they can be used only
1758
1759
  # to access the specified service.
1759
1760
  #
1760
- # This parameter allows (per its [regex pattern][1]) a string of
1761
+ # This parameter allows (through its [regex pattern][1]) a string of
1761
1762
  # characters consisting of upper and lowercase alphanumeric characters
1762
1763
  # with no spaces. You can also include any of the following characters:
1763
1764
  # \_+=,.@-
@@ -1817,7 +1818,7 @@ module Aws::IAM
1817
1818
  # This parameter is optional. If it is not included, it defaults to a
1818
1819
  # slash (/).
1819
1820
  #
1820
- # This parameter allows (per its [regex pattern][2]) a string of
1821
+ # This parameter allows (through its [regex pattern][2]) a string of
1821
1822
  # characters consisting of either a forward slash (/) by itself or a
1822
1823
  # string that must begin and end with forward slashes. In addition, it
1823
1824
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -1832,7 +1833,7 @@ module Aws::IAM
1832
1833
  # @option params [required, String] :user_name
1833
1834
  # The name of the user to create.
1834
1835
  #
1835
- # This parameter allows (per its [regex pattern][1]) a string of
1836
+ # This parameter allows (through its [regex pattern][1]) a string of
1836
1837
  # characters consisting of upper and lowercase alphanumeric characters
1837
1838
  # with no spaces. You can also include any of the following characters:
1838
1839
  # \_+=,.@-. User names are not distinguished by case. For example, you
@@ -1842,6 +1843,10 @@ module Aws::IAM
1842
1843
  #
1843
1844
  # [1]: http://wikipedia.org/wiki/regex
1844
1845
  #
1846
+ # @option params [String] :permissions_boundary
1847
+ # The ARN of the policy that is used to set the permissions boundary for
1848
+ # the user.
1849
+ #
1845
1850
  # @option params [Array<Types::Tag>] :tags
1846
1851
  # A list of tags that you want to attach to the newly created user. Each
1847
1852
  # tag consists of a key name and an associated value. For more
@@ -1858,10 +1863,6 @@ module Aws::IAM
1858
1863
  #
1859
1864
  # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1860
1865
  #
1861
- # @option params [String] :permissions_boundary
1862
- # The ARN of the policy that is used to set the permissions boundary for
1863
- # the user.
1864
- #
1865
1866
  # @return [Types::CreateUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1866
1867
  #
1867
1868
  # * {Types::CreateUserResponse#user #user} => Types::User
@@ -1891,13 +1892,13 @@ module Aws::IAM
1891
1892
  # resp = client.create_user({
1892
1893
  # path: "pathType",
1893
1894
  # user_name: "userNameType", # required
1895
+ # permissions_boundary: "arnType",
1894
1896
  # tags: [
1895
1897
  # {
1896
1898
  # key: "tagKeyType", # required
1897
1899
  # value: "tagValueType", # required
1898
1900
  # },
1899
1901
  # ],
1900
- # permissions_boundary: "arnType",
1901
1902
  # })
1902
1903
  #
1903
1904
  # @example Response structure
@@ -1908,11 +1909,11 @@ module Aws::IAM
1908
1909
  # resp.user.arn #=> String
1909
1910
  # resp.user.create_date #=> Time
1910
1911
  # resp.user.password_last_used #=> Time
1912
+ # resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
1913
+ # resp.user.permissions_boundary.permissions_boundary_arn #=> String
1911
1914
  # resp.user.tags #=> Array
1912
1915
  # resp.user.tags[0].key #=> String
1913
1916
  # resp.user.tags[0].value #=> String
1914
- # resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
1915
- # resp.user.permissions_boundary.permissions_boundary_arn #=> String
1916
1917
  #
1917
1918
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateUser AWS API Documentation
1918
1919
  #
@@ -1950,7 +1951,7 @@ module Aws::IAM
1950
1951
  # This parameter is optional. If it is not included, it defaults to a
1951
1952
  # slash (/).
1952
1953
  #
1953
- # This parameter allows (per its [regex pattern][2]) a string of
1954
+ # This parameter allows (through its [regex pattern][2]) a string of
1954
1955
  # characters consisting of either a forward slash (/) by itself or a
1955
1956
  # string that must begin and end with forward slashes. In addition, it
1956
1957
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -1966,7 +1967,7 @@ module Aws::IAM
1966
1967
  # The name of the virtual MFA device. Use with path to uniquely identify
1967
1968
  # a virtual MFA device.
1968
1969
  #
1969
- # This parameter allows (per its [regex pattern][1]) a string of
1970
+ # This parameter allows (through its [regex pattern][1]) a string of
1970
1971
  # characters consisting of upper and lowercase alphanumeric characters
1971
1972
  # with no spaces. You can also include any of the following characters:
1972
1973
  # \_+=,.@-
@@ -1997,11 +1998,11 @@ module Aws::IAM
1997
1998
  # resp.virtual_mfa_device.user.arn #=> String
1998
1999
  # resp.virtual_mfa_device.user.create_date #=> Time
1999
2000
  # resp.virtual_mfa_device.user.password_last_used #=> Time
2001
+ # resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
2002
+ # resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_arn #=> String
2000
2003
  # resp.virtual_mfa_device.user.tags #=> Array
2001
2004
  # resp.virtual_mfa_device.user.tags[0].key #=> String
2002
2005
  # resp.virtual_mfa_device.user.tags[0].value #=> String
2003
- # resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
2004
- # resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_arn #=> String
2005
2006
  # resp.virtual_mfa_device.enable_date #=> Time
2006
2007
  #
2007
2008
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADevice AWS API Documentation
@@ -2017,8 +2018,8 @@ module Aws::IAM
2017
2018
  # with the user name for which it was originally enabled.
2018
2019
  #
2019
2020
  # For more information about creating and working with virtual MFA
2020
- # devices, go to [Using a Virtual MFA Device][1] in the *IAM User
2021
- # Guide*.
2021
+ # devices, go to [Enabling a Virtual Multi-factor Authentication (MFA)
2022
+ # Device][1] in the *IAM User Guide*.
2022
2023
  #
2023
2024
  #
2024
2025
  #
@@ -2027,7 +2028,7 @@ module Aws::IAM
2027
2028
  # @option params [required, String] :user_name
2028
2029
  # The name of the user whose MFA device you want to deactivate.
2029
2030
  #
2030
- # This parameter allows (per its [regex pattern][1]) a string of
2031
+ # This parameter allows (through its [regex pattern][1]) a string of
2031
2032
  # characters consisting of upper and lowercase alphanumeric characters
2032
2033
  # with no spaces. You can also include any of the following characters:
2033
2034
  # \_+=,.@-
@@ -2040,7 +2041,7 @@ module Aws::IAM
2040
2041
  # The serial number that uniquely identifies the MFA device. For virtual
2041
2042
  # MFA devices, the serial number is the device ARN.
2042
2043
  #
2043
- # This parameter allows (per its [regex pattern][1]) a string of
2044
+ # This parameter allows (through its [regex pattern][1]) a string of
2044
2045
  # characters consisting of upper and lowercase alphanumeric characters
2045
2046
  # with no spaces. You can also include any of the following characters:
2046
2047
  # =,.@:/-
@@ -2070,15 +2071,15 @@ module Aws::IAM
2070
2071
  # Deletes the access key pair associated with the specified IAM user.
2071
2072
  #
2072
2073
  # If you do not specify a user name, IAM determines the user name
2073
- # implicitly based on the AWS access key ID signing the request. Because
2074
- # this operation works for access keys under the AWS account, you can
2075
- # use this operation to manage AWS account root user credentials even if
2076
- # the AWS account has no associated users.
2074
+ # implicitly based on the AWS access key ID signing the request. This
2075
+ # operation works for access keys under the AWS account. Consequently,
2076
+ # you can use this operation to manage AWS account root user credentials
2077
+ # even if the AWS account has no associated users.
2077
2078
  #
2078
2079
  # @option params [String] :user_name
2079
2080
  # The name of the user whose access key pair you want to delete.
2080
2081
  #
2081
- # This parameter allows (per its [regex pattern][1]) a string of
2082
+ # This parameter allows (through its [regex pattern][1]) a string of
2082
2083
  # characters consisting of upper and lowercase alphanumeric characters
2083
2084
  # with no spaces. You can also include any of the following characters:
2084
2085
  # \_+=,.@-
@@ -2091,7 +2092,7 @@ module Aws::IAM
2091
2092
  # The access key ID for the access key ID and secret access key you want
2092
2093
  # to delete.
2093
2094
  #
2094
- # This parameter allows (per its [regex pattern][1]) a string of
2095
+ # This parameter allows (through its [regex pattern][1]) a string of
2095
2096
  # characters that can consist of any upper or lowercased letter or
2096
2097
  # digit.
2097
2098
  #
@@ -2138,7 +2139,7 @@ module Aws::IAM
2138
2139
  # @option params [required, String] :account_alias
2139
2140
  # The name of the account alias to delete.
2140
2141
  #
2141
- # This parameter allows (per its [regex pattern][1]) a string of
2142
+ # This parameter allows (through its [regex pattern][1]) a string of
2142
2143
  # characters consisting of lowercase letters, digits, and dashes. You
2143
2144
  # cannot start or finish with a dash, nor can you have two dashes in a
2144
2145
  # row.
@@ -2201,7 +2202,7 @@ module Aws::IAM
2201
2202
  # @option params [required, String] :group_name
2202
2203
  # The name of the IAM group to delete.
2203
2204
  #
2204
- # This parameter allows (per its [regex pattern][1]) a string of
2205
+ # This parameter allows (through its [regex pattern][1]) a string of
2205
2206
  # characters consisting of upper and lowercase alphanumeric characters
2206
2207
  # with no spaces. You can also include any of the following characters:
2207
2208
  # \_+=,.@-
@@ -2243,7 +2244,7 @@ module Aws::IAM
2243
2244
  # The name (friendly name, not ARN) identifying the group that the
2244
2245
  # policy is embedded in.
2245
2246
  #
2246
- # This parameter allows (per its [regex pattern][1]) a string of
2247
+ # This parameter allows (through its [regex pattern][1]) a string of
2247
2248
  # characters consisting of upper and lowercase alphanumeric characters
2248
2249
  # with no spaces. You can also include any of the following characters:
2249
2250
  # \_+=,.@-
@@ -2255,7 +2256,7 @@ module Aws::IAM
2255
2256
  # @option params [required, String] :policy_name
2256
2257
  # The name identifying the policy document to delete.
2257
2258
  #
2258
- # This parameter allows (per its [regex pattern][1]) a string of
2259
+ # This parameter allows (through its [regex pattern][1]) a string of
2259
2260
  # characters consisting of upper and lowercase alphanumeric characters
2260
2261
  # with no spaces. You can also include any of the following characters:
2261
2262
  # \_+=,.@-
@@ -2310,7 +2311,7 @@ module Aws::IAM
2310
2311
  # @option params [required, String] :instance_profile_name
2311
2312
  # The name of the instance profile to delete.
2312
2313
  #
2313
- # This parameter allows (per its [regex pattern][1]) a string of
2314
+ # This parameter allows (through its [regex pattern][1]) a string of
2314
2315
  # characters consisting of upper and lowercase alphanumeric characters
2315
2316
  # with no spaces. You can also include any of the following characters:
2316
2317
  # \_+=,.@-
@@ -2351,14 +2352,14 @@ module Aws::IAM
2351
2352
  #
2352
2353
  # Deleting a user's password does not prevent a user from accessing AWS
2353
2354
  # through the command line interface or the API. To prevent all user
2354
- # access you must also either make any access keys inactive or delete
2355
+ # access, you must also either make any access keys inactive or delete
2355
2356
  # them. For more information about making keys inactive or deleting
2356
2357
  # them, see UpdateAccessKey and DeleteAccessKey.
2357
2358
  #
2358
2359
  # @option params [required, String] :user_name
2359
2360
  # The name of the user whose password you want to delete.
2360
2361
  #
2361
- # This parameter allows (per its [regex pattern][1]) a string of
2362
+ # This parameter allows (through its [regex pattern][1]) a string of
2362
2363
  # characters consisting of upper and lowercase alphanumeric characters
2363
2364
  # with no spaces. You can also include any of the following characters:
2364
2365
  # \_+=,.@-
@@ -2430,7 +2431,7 @@ module Aws::IAM
2430
2431
  #
2431
2432
  # Before you can delete a managed policy, you must first detach the
2432
2433
  # policy from all users, groups, and roles that it is attached to. In
2433
- # addition you must delete all the policy's versions. The following
2434
+ # addition, you must delete all the policy's versions. The following
2434
2435
  # steps describe the process for deleting a managed policy:
2435
2436
  #
2436
2437
  # * Detach the policy from all users, groups, and roles that the policy
@@ -2509,7 +2510,7 @@ module Aws::IAM
2509
2510
  # @option params [required, String] :version_id
2510
2511
  # The policy version to delete.
2511
2512
  #
2512
- # This parameter allows (per its [regex pattern][1]) a string of
2513
+ # This parameter allows (through its [regex pattern][1]) a string of
2513
2514
  # characters that consists of the lowercase letter 'v' followed by one
2514
2515
  # or two digits, and optionally followed by a period '.' and a string
2515
2516
  # of letters and digits.
@@ -2556,7 +2557,7 @@ module Aws::IAM
2556
2557
  # @option params [required, String] :role_name
2557
2558
  # The name of the role to delete.
2558
2559
  #
2559
- # This parameter allows (per its [regex pattern][1]) a string of
2560
+ # This parameter allows (through its [regex pattern][1]) a string of
2560
2561
  # characters consisting of upper and lowercase alphanumeric characters
2561
2562
  # with no spaces. You can also include any of the following characters:
2562
2563
  # \_+=,.@-
@@ -2634,7 +2635,7 @@ module Aws::IAM
2634
2635
  # The name (friendly name, not ARN) identifying the role that the policy
2635
2636
  # is embedded in.
2636
2637
  #
2637
- # This parameter allows (per its [regex pattern][1]) a string of
2638
+ # This parameter allows (through its [regex pattern][1]) a string of
2638
2639
  # characters consisting of upper and lowercase alphanumeric characters
2639
2640
  # with no spaces. You can also include any of the following characters:
2640
2641
  # \_+=,.@-
@@ -2646,7 +2647,7 @@ module Aws::IAM
2646
2647
  # @option params [required, String] :policy_name
2647
2648
  # The name of the inline policy to delete from the specified IAM role.
2648
2649
  #
2649
- # This parameter allows (per its [regex pattern][1]) a string of
2650
+ # This parameter allows (through its [regex pattern][1]) a string of
2650
2651
  # characters consisting of upper and lowercase alphanumeric characters
2651
2652
  # with no spaces. You can also include any of the following characters:
2652
2653
  # \_+=,.@-
@@ -2733,7 +2734,7 @@ module Aws::IAM
2733
2734
  # @option params [required, String] :user_name
2734
2735
  # The name of the IAM user associated with the SSH public key.
2735
2736
  #
2736
- # This parameter allows (per its [regex pattern][1]) a string of
2737
+ # This parameter allows (through its [regex pattern][1]) a string of
2737
2738
  # characters consisting of upper and lowercase alphanumeric characters
2738
2739
  # with no spaces. You can also include any of the following characters:
2739
2740
  # \_+=,.@-
@@ -2745,7 +2746,7 @@ module Aws::IAM
2745
2746
  # @option params [required, String] :ssh_public_key_id
2746
2747
  # The unique identifier for the SSH public key.
2747
2748
  #
2748
- # This parameter allows (per its [regex pattern][1]) a string of
2749
+ # This parameter allows (through its [regex pattern][1]) a string of
2749
2750
  # characters that can consist of any upper or lowercased letter or
2750
2751
  # digit.
2751
2752
  #
@@ -2796,7 +2797,7 @@ module Aws::IAM
2796
2797
  # @option params [required, String] :server_certificate_name
2797
2798
  # The name of the server certificate you want to delete.
2798
2799
  #
2799
- # This parameter allows (per its [regex pattern][1]) a string of
2800
+ # This parameter allows (through its [regex pattern][1]) a string of
2800
2801
  # characters consisting of upper and lowercase alphanumeric characters
2801
2802
  # with no spaces. You can also include any of the following characters:
2802
2803
  # \_+=,.@-
@@ -2882,7 +2883,7 @@ module Aws::IAM
2882
2883
  # credential. If this value is not specified, then the operation assumes
2883
2884
  # the user whose credentials are used to call the operation.
2884
2885
  #
2885
- # This parameter allows (per its [regex pattern][1]) a string of
2886
+ # This parameter allows (through its [regex pattern][1]) a string of
2886
2887
  # characters consisting of upper and lowercase alphanumeric characters
2887
2888
  # with no spaces. You can also include any of the following characters:
2888
2889
  # \_+=,.@-
@@ -2895,7 +2896,7 @@ module Aws::IAM
2895
2896
  # The unique identifier of the service-specific credential. You can get
2896
2897
  # this value by calling ListServiceSpecificCredentials.
2897
2898
  #
2898
- # This parameter allows (per its [regex pattern][1]) a string of
2899
+ # This parameter allows (through its [regex pattern][1]) a string of
2899
2900
  # characters that can consist of any upper or lowercased letter or
2900
2901
  # digit.
2901
2902
  #
@@ -2924,15 +2925,15 @@ module Aws::IAM
2924
2925
  # Deletes a signing certificate associated with the specified IAM user.
2925
2926
  #
2926
2927
  # If you do not specify a user name, IAM determines the user name
2927
- # implicitly based on the AWS access key ID signing the request. Because
2928
- # this operation works for access keys under the AWS account, you can
2929
- # use this operation to manage AWS account root user credentials even if
2930
- # the AWS account has no associated IAM users.
2928
+ # implicitly based on the AWS access key ID signing the request. This
2929
+ # operation works for access keys under the AWS account. Consequently,
2930
+ # you can use this operation to manage AWS account root user credentials
2931
+ # even if the AWS account has no associated IAM users.
2931
2932
  #
2932
2933
  # @option params [String] :user_name
2933
2934
  # The name of the user the signing certificate belongs to.
2934
2935
  #
2935
- # This parameter allows (per its [regex pattern][1]) a string of
2936
+ # This parameter allows (through its [regex pattern][1]) a string of
2936
2937
  # characters consisting of upper and lowercase alphanumeric characters
2937
2938
  # with no spaces. You can also include any of the following characters:
2938
2939
  # \_+=,.@-
@@ -2981,12 +2982,13 @@ module Aws::IAM
2981
2982
  end
2982
2983
 
2983
2984
  # Deletes the specified IAM user. The user must not belong to any groups
2984
- # or have any access keys, signing certificates, or attached policies.
2985
+ # or have any access keys, signing certificates, MFA devices enabled for
2986
+ # AWS, or attached policies.
2985
2987
  #
2986
2988
  # @option params [required, String] :user_name
2987
2989
  # The name of the user to delete.
2988
2990
  #
2989
- # This parameter allows (per its [regex pattern][1]) a string of
2991
+ # This parameter allows (through its [regex pattern][1]) a string of
2990
2992
  # characters consisting of upper and lowercase alphanumeric characters
2991
2993
  # with no spaces. You can also include any of the following characters:
2992
2994
  # \_+=,.@-
@@ -3064,7 +3066,7 @@ module Aws::IAM
3064
3066
  # The name (friendly name, not ARN) identifying the user that the policy
3065
3067
  # is embedded in.
3066
3068
  #
3067
- # This parameter allows (per its [regex pattern][1]) a string of
3069
+ # This parameter allows (through its [regex pattern][1]) a string of
3068
3070
  # characters consisting of upper and lowercase alphanumeric characters
3069
3071
  # with no spaces. You can also include any of the following characters:
3070
3072
  # \_+=,.@-
@@ -3076,7 +3078,7 @@ module Aws::IAM
3076
3078
  # @option params [required, String] :policy_name
3077
3079
  # The name identifying the policy document to delete.
3078
3080
  #
3079
- # This parameter allows (per its [regex pattern][1]) a string of
3081
+ # This parameter allows (through its [regex pattern][1]) a string of
3080
3082
  # characters consisting of upper and lowercase alphanumeric characters
3081
3083
  # with no spaces. You can also include any of the following characters:
3082
3084
  # \_+=,.@-
@@ -3125,7 +3127,7 @@ module Aws::IAM
3125
3127
  # The serial number that uniquely identifies the MFA device. For virtual
3126
3128
  # MFA devices, the serial number is the same as the ARN.
3127
3129
  #
3128
- # This parameter allows (per its [regex pattern][1]) a string of
3130
+ # This parameter allows (through its [regex pattern][1]) a string of
3129
3131
  # characters consisting of upper and lowercase alphanumeric characters
3130
3132
  # with no spaces. You can also include any of the following characters:
3131
3133
  # =,.@:/-
@@ -3175,7 +3177,7 @@ module Aws::IAM
3175
3177
  # The name (friendly name, not ARN) of the IAM group to detach the
3176
3178
  # policy from.
3177
3179
  #
3178
- # This parameter allows (per its [regex pattern][1]) a string of
3180
+ # This parameter allows (through its [regex pattern][1]) a string of
3179
3181
  # characters consisting of upper and lowercase alphanumeric characters
3180
3182
  # with no spaces. You can also include any of the following characters:
3181
3183
  # \_+=,.@-
@@ -3227,7 +3229,7 @@ module Aws::IAM
3227
3229
  # The name (friendly name, not ARN) of the IAM role to detach the policy
3228
3230
  # from.
3229
3231
  #
3230
- # This parameter allows (per its [regex pattern][1]) a string of
3232
+ # This parameter allows (through its [regex pattern][1]) a string of
3231
3233
  # characters consisting of upper and lowercase alphanumeric characters
3232
3234
  # with no spaces. You can also include any of the following characters:
3233
3235
  # \_+=,.@-
@@ -3279,7 +3281,7 @@ module Aws::IAM
3279
3281
  # The name (friendly name, not ARN) of the IAM user to detach the policy
3280
3282
  # from.
3281
3283
  #
3282
- # This parameter allows (per its [regex pattern][1]) a string of
3284
+ # This parameter allows (through its [regex pattern][1]) a string of
3283
3285
  # characters consisting of upper and lowercase alphanumeric characters
3284
3286
  # with no spaces. You can also include any of the following characters:
3285
3287
  # \_+=,.@-
@@ -3323,7 +3325,7 @@ module Aws::IAM
3323
3325
  # @option params [required, String] :user_name
3324
3326
  # The name of the IAM user for whom you want to enable the MFA device.
3325
3327
  #
3326
- # This parameter allows (per its [regex pattern][1]) a string of
3328
+ # This parameter allows (through its [regex pattern][1]) a string of
3327
3329
  # characters consisting of upper and lowercase alphanumeric characters
3328
3330
  # with no spaces. You can also include any of the following characters:
3329
3331
  # \_+=,.@-
@@ -3336,7 +3338,7 @@ module Aws::IAM
3336
3338
  # The serial number that uniquely identifies the MFA device. For virtual
3337
3339
  # MFA devices, the serial number is the device ARN.
3338
3340
  #
3339
- # This parameter allows (per its [regex pattern][1]) a string of
3341
+ # This parameter allows (through its [regex pattern][1]) a string of
3340
3342
  # characters consisting of upper and lowercase alphanumeric characters
3341
3343
  # with no spaces. You can also include any of the following characters:
3342
3344
  # =,.@:/-
@@ -3424,6 +3426,109 @@ module Aws::IAM
3424
3426
  req.send_request(options)
3425
3427
  end
3426
3428
 
3429
+ # Generates a request for a report that includes details about when an
3430
+ # IAM resource (user, group, role, or policy) was last used in an
3431
+ # attempt to access AWS services. Recent activity usually appears within
3432
+ # four hours. IAM reports activity for the last 365 days, or less if
3433
+ # your region began supporting this feature within the last year. For
3434
+ # more information, see [Regions Where Data Is Tracked][1].
3435
+ #
3436
+ # The service last accessed data includes all attempts to access an AWS
3437
+ # API, not just the successful ones. This includes all attempts that
3438
+ # were made using the AWS Management Console, the AWS API through any of
3439
+ # the SDKs, or any of the command line tools. An unexpected entry in the
3440
+ # service last accessed data does not mean that your account has been
3441
+ # compromised, because the request might have been denied. Refer to your
3442
+ # CloudTrail logs as the authoritative source for information about all
3443
+ # API calls and whether they were successful or denied access. For more
3444
+ # information, see [Logging IAM Events with CloudTrail][2] in the *IAM
3445
+ # User Guide*.
3446
+ #
3447
+ # The `GenerateServiceLastAccessedDetails` operation returns a `JobId`.
3448
+ # Use this parameter in the following operations to retrieve the
3449
+ # following details from your report:
3450
+ #
3451
+ # * GetServiceLastAccessedDetails – Use this operation for users,
3452
+ # groups, roles, or policies to list every AWS service that the
3453
+ # resource could access using permissions policies. For each service,
3454
+ # the response includes information about the most recent access
3455
+ # attempt.
3456
+ #
3457
+ # * GetServiceLastAccessedDetailsWithEntities – Use this operation for
3458
+ # groups and policies to list information about the associated
3459
+ # entities (users or roles) that attempted to access a specific AWS
3460
+ # service.
3461
+ #
3462
+ # To check the status of the `GenerateServiceLastAccessedDetails`
3463
+ # request, use the `JobId` parameter in the same operations and test the
3464
+ # `JobStatus` response parameter.
3465
+ #
3466
+ # For additional information about the permissions policies that allow
3467
+ # an identity (user, group, or role) to access specific services, use
3468
+ # the ListPoliciesGrantingServiceAccess operation.
3469
+ #
3470
+ # <note markdown="1"> Service last accessed data does not use other policy types when
3471
+ # determining whether a resource could access a service. These other
3472
+ # policy types include resource-based policies, access control lists,
3473
+ # AWS Organizations policies, IAM permissions boundaries, and AWS STS
3474
+ # assume role policies. It only applies permissions policy logic. For
3475
+ # more about the evaluation of policy types, see [Evaluating
3476
+ # Policies][3] in the *IAM User Guide*.
3477
+ #
3478
+ # </note>
3479
+ #
3480
+ # For more information about service last accessed data, see [Reducing
3481
+ # Policy Scope by Viewing User Activity][4] in the *IAM User Guide*.
3482
+ #
3483
+ #
3484
+ #
3485
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
3486
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
3487
+ # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
3488
+ # [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
3489
+ #
3490
+ # @option params [required, String] :arn
3491
+ # The ARN of the IAM resource (user, group, role, or managed policy)
3492
+ # used to generate information about when the resource was last used in
3493
+ # an attempt to access an AWS service.
3494
+ #
3495
+ # @return [Types::GenerateServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3496
+ #
3497
+ # * {Types::GenerateServiceLastAccessedDetailsResponse#job_id #job_id} => String
3498
+ #
3499
+ #
3500
+ # @example Example: To generate a service last accessed data report for a policy
3501
+ #
3502
+ # # The following operation generates a report for the policy: ExamplePolicy1
3503
+ #
3504
+ # resp = client.generate_service_last_accessed_details({
3505
+ # arn: "arn:aws:iam::123456789012:policy/ExamplePolicy1",
3506
+ # })
3507
+ #
3508
+ # resp.to_h outputs the following:
3509
+ # {
3510
+ # job_id: "examplef-1305-c245-eba4-71fe298bcda7",
3511
+ # }
3512
+ #
3513
+ # @example Request syntax with placeholder values
3514
+ #
3515
+ # resp = client.generate_service_last_accessed_details({
3516
+ # arn: "arnType", # required
3517
+ # })
3518
+ #
3519
+ # @example Response structure
3520
+ #
3521
+ # resp.job_id #=> String
3522
+ #
3523
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateServiceLastAccessedDetails AWS API Documentation
3524
+ #
3525
+ # @overload generate_service_last_accessed_details(params = {})
3526
+ # @param [Hash] params ({})
3527
+ def generate_service_last_accessed_details(params = {}, options = {})
3528
+ req = build_request(:generate_service_last_accessed_details, params)
3529
+ req.send_request(options)
3530
+ end
3531
+
3427
3532
  # Retrieves information about when the specified access key was last
3428
3533
  # used. The information includes the date and time of last use, along
3429
3534
  # with the AWS service and region that were specified in the last
@@ -3432,7 +3537,7 @@ module Aws::IAM
3432
3537
  # @option params [required, String] :access_key_id
3433
3538
  # The identifier of an access key.
3434
3539
  #
3435
- # This parameter allows (per its [regex pattern][1]) a string of
3540
+ # This parameter allows (through its [regex pattern][1]) a string of
3436
3541
  # characters that can consist of any upper or lowercased letter or
3437
3542
  # digit.
3438
3543
  #
@@ -3498,16 +3603,15 @@ module Aws::IAM
3498
3603
  # valid values listed below.
3499
3604
  #
3500
3605
  # @option params [Integer] :max_items
3501
- # (Optional) Use this only when paginating results to indicate the
3502
- # maximum number of items you want in the response. If additional items
3503
- # exist beyond the maximum you specify, the `IsTruncated` response
3504
- # element is `true`.
3606
+ # Use this only when paginating results to indicate the maximum number
3607
+ # of items you want in the response. If additional items exist beyond
3608
+ # the maximum you specify, the `IsTruncated` response element is `true`.
3505
3609
  #
3506
- # If you do not include this parameter, it defaults to 100. Note that
3507
- # IAM might return fewer results, even when there are more results
3508
- # available. In that case, the `IsTruncated` response element returns
3509
- # `true` and `Marker` contains a value to include in the subsequent call
3510
- # that tells the service where to continue from.
3610
+ # If you do not include this parameter, the number of items defaults to
3611
+ # 100. Note that IAM might return fewer results, even when there are
3612
+ # more results available. In that case, the `IsTruncated` response
3613
+ # element returns `true`, and `Marker` contains a value to include in
3614
+ # the subsequent call that tells the service where to continue from.
3511
3615
  #
3512
3616
  # @option params [String] :marker
3513
3617
  # Use this parameter only when paginating results and only after you
@@ -3548,11 +3652,11 @@ module Aws::IAM
3548
3652
  # resp.user_detail_list[0].attached_managed_policies #=> Array
3549
3653
  # resp.user_detail_list[0].attached_managed_policies[0].policy_name #=> String
3550
3654
  # resp.user_detail_list[0].attached_managed_policies[0].policy_arn #=> String
3655
+ # resp.user_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
3656
+ # resp.user_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
3551
3657
  # resp.user_detail_list[0].tags #=> Array
3552
3658
  # resp.user_detail_list[0].tags[0].key #=> String
3553
3659
  # resp.user_detail_list[0].tags[0].value #=> String
3554
- # resp.user_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
3555
- # resp.user_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
3556
3660
  # resp.group_detail_list #=> Array
3557
3661
  # resp.group_detail_list[0].path #=> String
3558
3662
  # resp.group_detail_list[0].group_name #=> String
@@ -3586,23 +3690,23 @@ module Aws::IAM
3586
3690
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].create_date #=> Time
3587
3691
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].assume_role_policy_document #=> String
3588
3692
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].description #=> String
3589
- # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags #=> Array
3590
- # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].key #=> String
3591
- # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String
3592
3693
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].max_session_duration #=> Integer
3593
3694
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
3594
3695
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
3696
+ # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags #=> Array
3697
+ # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].key #=> String
3698
+ # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String
3595
3699
  # resp.role_detail_list[0].role_policy_list #=> Array
3596
3700
  # resp.role_detail_list[0].role_policy_list[0].policy_name #=> String
3597
3701
  # resp.role_detail_list[0].role_policy_list[0].policy_document #=> String
3598
3702
  # resp.role_detail_list[0].attached_managed_policies #=> Array
3599
3703
  # resp.role_detail_list[0].attached_managed_policies[0].policy_name #=> String
3600
3704
  # resp.role_detail_list[0].attached_managed_policies[0].policy_arn #=> String
3705
+ # resp.role_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
3706
+ # resp.role_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
3601
3707
  # resp.role_detail_list[0].tags #=> Array
3602
3708
  # resp.role_detail_list[0].tags[0].key #=> String
3603
3709
  # resp.role_detail_list[0].tags[0].value #=> String
3604
- # resp.role_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
3605
- # resp.role_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
3606
3710
  # resp.policies #=> Array
3607
3711
  # resp.policies[0].policy_name #=> String
3608
3712
  # resp.policies[0].policy_id #=> String
@@ -3934,7 +4038,7 @@ module Aws::IAM
3934
4038
  # @option params [required, String] :group_name
3935
4039
  # The name of the group.
3936
4040
  #
3937
- # This parameter allows (per its [regex pattern][1]) a string of
4041
+ # This parameter allows (through its [regex pattern][1]) a string of
3938
4042
  # characters consisting of upper and lowercase alphanumeric characters
3939
4043
  # with no spaces. You can also include any of the following characters:
3940
4044
  # \_+=,.@-
@@ -3950,16 +4054,15 @@ module Aws::IAM
3950
4054
  # to indicate where the next call should start.
3951
4055
  #
3952
4056
  # @option params [Integer] :max_items
3953
- # (Optional) Use this only when paginating results to indicate the
3954
- # maximum number of items you want in the response. If additional items
3955
- # exist beyond the maximum you specify, the `IsTruncated` response
3956
- # element is `true`.
4057
+ # Use this only when paginating results to indicate the maximum number
4058
+ # of items you want in the response. If additional items exist beyond
4059
+ # the maximum you specify, the `IsTruncated` response element is `true`.
3957
4060
  #
3958
- # If you do not include this parameter, it defaults to 100. Note that
3959
- # IAM might return fewer results, even when there are more results
3960
- # available. In that case, the `IsTruncated` response element returns
3961
- # `true` and `Marker` contains a value to include in the subsequent call
3962
- # that tells the service where to continue from.
4061
+ # If you do not include this parameter, the number of items defaults to
4062
+ # 100. Note that IAM might return fewer results, even when there are
4063
+ # more results available. In that case, the `IsTruncated` response
4064
+ # element returns `true`, and `Marker` contains a value to include in
4065
+ # the subsequent call that tells the service where to continue from.
3963
4066
  #
3964
4067
  # @return [Types::GetGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3965
4068
  #
@@ -3990,11 +4093,11 @@ module Aws::IAM
3990
4093
  # resp.users[0].arn #=> String
3991
4094
  # resp.users[0].create_date #=> Time
3992
4095
  # resp.users[0].password_last_used #=> Time
4096
+ # resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
4097
+ # resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
3993
4098
  # resp.users[0].tags #=> Array
3994
4099
  # resp.users[0].tags[0].key #=> String
3995
4100
  # resp.users[0].tags[0].value #=> String
3996
- # resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
3997
- # resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
3998
4101
  # resp.is_truncated #=> Boolean
3999
4102
  # resp.marker #=> String
4000
4103
  #
@@ -4034,7 +4137,7 @@ module Aws::IAM
4034
4137
  # @option params [required, String] :group_name
4035
4138
  # The name of the group the policy is associated with.
4036
4139
  #
4037
- # This parameter allows (per its [regex pattern][1]) a string of
4140
+ # This parameter allows (through its [regex pattern][1]) a string of
4038
4141
  # characters consisting of upper and lowercase alphanumeric characters
4039
4142
  # with no spaces. You can also include any of the following characters:
4040
4143
  # \_+=,.@-
@@ -4046,7 +4149,7 @@ module Aws::IAM
4046
4149
  # @option params [required, String] :policy_name
4047
4150
  # The name of the policy document to get.
4048
4151
  #
4049
- # This parameter allows (per its [regex pattern][1]) a string of
4152
+ # This parameter allows (through its [regex pattern][1]) a string of
4050
4153
  # characters consisting of upper and lowercase alphanumeric characters
4051
4154
  # with no spaces. You can also include any of the following characters:
4052
4155
  # \_+=,.@-
@@ -4095,7 +4198,7 @@ module Aws::IAM
4095
4198
  # @option params [required, String] :instance_profile_name
4096
4199
  # The name of the instance profile to get information about.
4097
4200
  #
4098
- # This parameter allows (per its [regex pattern][1]) a string of
4201
+ # This parameter allows (through its [regex pattern][1]) a string of
4099
4202
  # characters consisting of upper and lowercase alphanumeric characters
4100
4203
  # with no spaces. You can also include any of the following characters:
4101
4204
  # \_+=,.@-
@@ -4159,12 +4262,12 @@ module Aws::IAM
4159
4262
  # resp.instance_profile.roles[0].create_date #=> Time
4160
4263
  # resp.instance_profile.roles[0].assume_role_policy_document #=> String
4161
4264
  # resp.instance_profile.roles[0].description #=> String
4162
- # resp.instance_profile.roles[0].tags #=> Array
4163
- # resp.instance_profile.roles[0].tags[0].key #=> String
4164
- # resp.instance_profile.roles[0].tags[0].value #=> String
4165
4265
  # resp.instance_profile.roles[0].max_session_duration #=> Integer
4166
4266
  # resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
4167
4267
  # resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_arn #=> String
4268
+ # resp.instance_profile.roles[0].tags #=> Array
4269
+ # resp.instance_profile.roles[0].tags[0].key #=> String
4270
+ # resp.instance_profile.roles[0].tags[0].value #=> String
4168
4271
  #
4169
4272
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetInstanceProfile AWS API Documentation
4170
4273
  #
@@ -4182,7 +4285,7 @@ module Aws::IAM
4182
4285
  # @option params [required, String] :user_name
4183
4286
  # The name of the user whose login profile you want to retrieve.
4184
4287
  #
4185
- # This parameter allows (per its [regex pattern][1]) a string of
4288
+ # This parameter allows (through its [regex pattern][1]) a string of
4186
4289
  # characters consisting of upper and lowercase alphanumeric characters
4187
4290
  # with no spaces. You can also include any of the following characters:
4188
4291
  # \_+=,.@-
@@ -4386,7 +4489,7 @@ module Aws::IAM
4386
4489
  # @option params [required, String] :version_id
4387
4490
  # Identifies the policy version to retrieve.
4388
4491
  #
4389
- # This parameter allows (per its [regex pattern][1]) a string of
4492
+ # This parameter allows (through its [regex pattern][1]) a string of
4390
4493
  # characters that consists of the lowercase letter 'v' followed by one
4391
4494
  # or two digits, and optionally followed by a period '.' and a string
4392
4495
  # of letters and digits.
@@ -4443,7 +4546,7 @@ module Aws::IAM
4443
4546
  # @option params [required, String] :role_name
4444
4547
  # The name of the IAM role to get information about.
4445
4548
  #
4446
- # This parameter allows (per its [regex pattern][1]) a string of
4549
+ # This parameter allows (through its [regex pattern][1]) a string of
4447
4550
  # characters consisting of upper and lowercase alphanumeric characters
4448
4551
  # with no spaces. You can also include any of the following characters:
4449
4552
  # \_+=,.@-
@@ -4492,12 +4595,12 @@ module Aws::IAM
4492
4595
  # resp.role.create_date #=> Time
4493
4596
  # resp.role.assume_role_policy_document #=> String
4494
4597
  # resp.role.description #=> String
4495
- # resp.role.tags #=> Array
4496
- # resp.role.tags[0].key #=> String
4497
- # resp.role.tags[0].value #=> String
4498
4598
  # resp.role.max_session_duration #=> Integer
4499
4599
  # resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
4500
4600
  # resp.role.permissions_boundary.permissions_boundary_arn #=> String
4601
+ # resp.role.tags #=> Array
4602
+ # resp.role.tags[0].key #=> String
4603
+ # resp.role.tags[0].value #=> String
4501
4604
  #
4502
4605
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRole AWS API Documentation
4503
4606
  #
@@ -4539,7 +4642,7 @@ module Aws::IAM
4539
4642
  # @option params [required, String] :role_name
4540
4643
  # The name of the role associated with the policy.
4541
4644
  #
4542
- # This parameter allows (per its [regex pattern][1]) a string of
4645
+ # This parameter allows (through its [regex pattern][1]) a string of
4543
4646
  # characters consisting of upper and lowercase alphanumeric characters
4544
4647
  # with no spaces. You can also include any of the following characters:
4545
4648
  # \_+=,.@-
@@ -4551,7 +4654,7 @@ module Aws::IAM
4551
4654
  # @option params [required, String] :policy_name
4552
4655
  # The name of the policy document to get.
4553
4656
  #
4554
- # This parameter allows (per its [regex pattern][1]) a string of
4657
+ # This parameter allows (through its [regex pattern][1]) a string of
4555
4658
  # characters consisting of upper and lowercase alphanumeric characters
4556
4659
  # with no spaces. You can also include any of the following characters:
4557
4660
  # \_+=,.@-
@@ -4653,7 +4756,7 @@ module Aws::IAM
4653
4756
  # @option params [required, String] :user_name
4654
4757
  # The name of the IAM user associated with the SSH public key.
4655
4758
  #
4656
- # This parameter allows (per its [regex pattern][1]) a string of
4759
+ # This parameter allows (through its [regex pattern][1]) a string of
4657
4760
  # characters consisting of upper and lowercase alphanumeric characters
4658
4761
  # with no spaces. You can also include any of the following characters:
4659
4762
  # \_+=,.@-
@@ -4665,7 +4768,7 @@ module Aws::IAM
4665
4768
  # @option params [required, String] :ssh_public_key_id
4666
4769
  # The unique identifier for the SSH public key.
4667
4770
  #
4668
- # This parameter allows (per its [regex pattern][1]) a string of
4771
+ # This parameter allows (through its [regex pattern][1]) a string of
4669
4772
  # characters that can consist of any upper or lowercased letter or
4670
4773
  # digit.
4671
4774
  #
@@ -4724,7 +4827,7 @@ module Aws::IAM
4724
4827
  # The name of the server certificate you want to retrieve information
4725
4828
  # about.
4726
4829
  #
4727
- # This parameter allows (per its [regex pattern][1]) a string of
4830
+ # This parameter allows (through its [regex pattern][1]) a string of
4728
4831
  # characters consisting of upper and lowercase alphanumeric characters
4729
4832
  # with no spaces. You can also include any of the following characters:
4730
4833
  # \_+=,.@-
@@ -4763,6 +4866,294 @@ module Aws::IAM
4763
4866
  req.send_request(options)
4764
4867
  end
4765
4868
 
4869
+ # After you generate a user, group, role, or policy report using the
4870
+ # `GenerateServiceLastAccessedDetails` operation, you can use the
4871
+ # `JobId` parameter in `GetServiceLastAccessedDetails`. This operation
4872
+ # retrieves the status of your report job and a list of AWS services
4873
+ # that the resource (user, group, role, or managed policy) can access.
4874
+ #
4875
+ # <note markdown="1"> Service last accessed data does not use other policy types when
4876
+ # determining whether a resource could access a service. These other
4877
+ # policy types include resource-based policies, access control lists,
4878
+ # AWS Organizations policies, IAM permissions boundaries, and AWS STS
4879
+ # assume role policies. It only applies permissions policy logic. For
4880
+ # more about the evaluation of policy types, see [Evaluating
4881
+ # Policies][1] in the *IAM User Guide*.
4882
+ #
4883
+ # </note>
4884
+ #
4885
+ # For each service that the resource could access using permissions
4886
+ # policies, the operation returns details about the most recent access
4887
+ # attempt. If there was no attempt, the service is listed without
4888
+ # details about the most recent attempt to access the service. If the
4889
+ # operation fails, the `GetServiceLastAccessedDetails` operation returns
4890
+ # the reason that it failed.
4891
+ #
4892
+ # The `GetServiceLastAccessedDetails` operation returns a list of
4893
+ # services that includes the number of entities that have attempted to
4894
+ # access the service and the date and time of the last attempt. It also
4895
+ # returns the ARN of the following entity, depending on the resource ARN
4896
+ # that you used to generate the report:
4897
+ #
4898
+ # * **User** – Returns the user ARN that you used to generate the report
4899
+ #
4900
+ # * **Group** – Returns the ARN of the group member (user) that last
4901
+ # attempted to access the service
4902
+ #
4903
+ # * **Role** – Returns the role ARN that you used to generate the report
4904
+ #
4905
+ # * **Policy** – Returns the ARN of the user or role that last used the
4906
+ # policy to attempt to access the service
4907
+ #
4908
+ # By default, the list is sorted by service namespace.
4909
+ #
4910
+ #
4911
+ #
4912
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
4913
+ #
4914
+ # @option params [required, String] :job_id
4915
+ # The ID of the request generated by the
4916
+ # GenerateServiceLastAccessedDetails operation.
4917
+ #
4918
+ # @option params [Integer] :max_items
4919
+ # Use this only when paginating results to indicate the maximum number
4920
+ # of items you want in the response. If additional items exist beyond
4921
+ # the maximum you specify, the `IsTruncated` response element is `true`.
4922
+ #
4923
+ # If you do not include this parameter, the number of items defaults to
4924
+ # 100. Note that IAM might return fewer results, even when there are
4925
+ # more results available. In that case, the `IsTruncated` response
4926
+ # element returns `true`, and `Marker` contains a value to include in
4927
+ # the subsequent call that tells the service where to continue from.
4928
+ #
4929
+ # @option params [String] :marker
4930
+ # Use this parameter only when paginating results and only after you
4931
+ # receive a response indicating that the results are truncated. Set it
4932
+ # to the value of the `Marker` element in the response that you received
4933
+ # to indicate where the next call should start.
4934
+ #
4935
+ # @return [Types::GetServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4936
+ #
4937
+ # * {Types::GetServiceLastAccessedDetailsResponse#job_status #job_status} => String
4938
+ # * {Types::GetServiceLastAccessedDetailsResponse#job_creation_date #job_creation_date} => Time
4939
+ # * {Types::GetServiceLastAccessedDetailsResponse#services_last_accessed #services_last_accessed} => Array&lt;Types::ServiceLastAccessed&gt;
4940
+ # * {Types::GetServiceLastAccessedDetailsResponse#job_completion_date #job_completion_date} => Time
4941
+ # * {Types::GetServiceLastAccessedDetailsResponse#is_truncated #is_truncated} => Boolean
4942
+ # * {Types::GetServiceLastAccessedDetailsResponse#marker #marker} => String
4943
+ # * {Types::GetServiceLastAccessedDetailsResponse#error #error} => Types::ErrorDetails
4944
+ #
4945
+ #
4946
+ # @example Example: To get details from a previously-generated report
4947
+ #
4948
+ # # The following operation gets details about the report with the job ID: examplef-1305-c245-eba4-71fe298bcda7
4949
+ #
4950
+ # resp = client.get_service_last_accessed_details({
4951
+ # job_id: "examplef-1305-c245-eba4-71fe298bcda7",
4952
+ # })
4953
+ #
4954
+ # resp.to_h outputs the following:
4955
+ # {
4956
+ # is_truncated: false,
4957
+ # job_completion_date: Time.parse("2018-10-24T19:47:35.241Z"),
4958
+ # job_creation_date: Time.parse("2018-10-24T19:47:31.466Z"),
4959
+ # job_status: "COMPLETED",
4960
+ # services_last_accessed: [
4961
+ # {
4962
+ # last_authenticated: Time.parse("2018-10-24T19:11:00Z"),
4963
+ # last_authenticated_entity: "arn:aws:iam::123456789012:user/AWSExampleUser01",
4964
+ # service_name: "AWS Identity and Access Management",
4965
+ # service_namespace: "iam",
4966
+ # total_authenticated_entities: 2,
4967
+ # },
4968
+ # {
4969
+ # service_name: "Amazon Simple Storage Service",
4970
+ # service_namespace: "s3",
4971
+ # total_authenticated_entities: 0,
4972
+ # },
4973
+ # ],
4974
+ # }
4975
+ #
4976
+ # @example Request syntax with placeholder values
4977
+ #
4978
+ # resp = client.get_service_last_accessed_details({
4979
+ # job_id: "jobIDType", # required
4980
+ # max_items: 1,
4981
+ # marker: "markerType",
4982
+ # })
4983
+ #
4984
+ # @example Response structure
4985
+ #
4986
+ # resp.job_status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
4987
+ # resp.job_creation_date #=> Time
4988
+ # resp.services_last_accessed #=> Array
4989
+ # resp.services_last_accessed[0].service_name #=> String
4990
+ # resp.services_last_accessed[0].last_authenticated #=> Time
4991
+ # resp.services_last_accessed[0].service_namespace #=> String
4992
+ # resp.services_last_accessed[0].last_authenticated_entity #=> String
4993
+ # resp.services_last_accessed[0].total_authenticated_entities #=> Integer
4994
+ # resp.job_completion_date #=> Time
4995
+ # resp.is_truncated #=> Boolean
4996
+ # resp.marker #=> String
4997
+ # resp.error.message #=> String
4998
+ # resp.error.code #=> String
4999
+ #
5000
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetails AWS API Documentation
5001
+ #
5002
+ # @overload get_service_last_accessed_details(params = {})
5003
+ # @param [Hash] params ({})
5004
+ def get_service_last_accessed_details(params = {}, options = {})
5005
+ req = build_request(:get_service_last_accessed_details, params)
5006
+ req.send_request(options)
5007
+ end
5008
+
5009
+ # After you generate a group or policy report using the
5010
+ # `GenerateServiceLastAccessedDetails` operation, you can use the
5011
+ # `JobId` parameter in `GetServiceLastAccessedDetailsWithEntities`. This
5012
+ # operation retrieves the status of your report job and a list of
5013
+ # entities that could have used group or policy permissions to access
5014
+ # the specified service.
5015
+ #
5016
+ # * **Group** – For a group report, this operation returns a list of
5017
+ # users in the group that could have used the group’s policies in an
5018
+ # attempt to access the service.
5019
+ #
5020
+ # * **Policy** – For a policy report, this operation returns a list of
5021
+ # entities (users or roles) that could have used the policy in an
5022
+ # attempt to access the service.
5023
+ #
5024
+ # You can also use this operation for user or role reports to retrieve
5025
+ # details about those entities.
5026
+ #
5027
+ # If the operation fails, the
5028
+ # `GetServiceLastAccessedDetailsWithEntities` operation returns the
5029
+ # reason that it failed.
5030
+ #
5031
+ # By default, the list of associated entities is sorted by date, with
5032
+ # the most recent access listed first.
5033
+ #
5034
+ # @option params [required, String] :job_id
5035
+ # The ID of the request generated by the
5036
+ # `GenerateServiceLastAccessedDetails` operation.
5037
+ #
5038
+ # @option params [required, String] :service_namespace
5039
+ # The service namespace for an AWS service. Provide the service
5040
+ # namespace to learn when the IAM entity last attempted to access the
5041
+ # specified service.
5042
+ #
5043
+ # To learn the service namespace for a service, go to [Actions,
5044
+ # Resources, and Condition Keys for AWS Services][1] in the *IAM User
5045
+ # Guide* and choose the name of the service to view details for that
5046
+ # service. In the first paragraph, find the service prefix. For example,
5047
+ # `(service prefix: a4b)`. For more information about service
5048
+ # namespaces, see [AWS Service Namespaces][2] in the *AWS General
5049
+ # Reference*.
5050
+ #
5051
+ #
5052
+ #
5053
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
5054
+ # [2]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
5055
+ #
5056
+ # @option params [Integer] :max_items
5057
+ # Use this only when paginating results to indicate the maximum number
5058
+ # of items you want in the response. If additional items exist beyond
5059
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5060
+ #
5061
+ # If you do not include this parameter, the number of items defaults to
5062
+ # 100. Note that IAM might return fewer results, even when there are
5063
+ # more results available. In that case, the `IsTruncated` response
5064
+ # element returns `true`, and `Marker` contains a value to include in
5065
+ # the subsequent call that tells the service where to continue from.
5066
+ #
5067
+ # @option params [String] :marker
5068
+ # Use this parameter only when paginating results and only after you
5069
+ # receive a response indicating that the results are truncated. Set it
5070
+ # to the value of the `Marker` element in the response that you received
5071
+ # to indicate where the next call should start.
5072
+ #
5073
+ # @return [Types::GetServiceLastAccessedDetailsWithEntitiesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5074
+ #
5075
+ # * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#job_status #job_status} => String
5076
+ # * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#job_creation_date #job_creation_date} => Time
5077
+ # * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#job_completion_date #job_completion_date} => Time
5078
+ # * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#entity_details_list #entity_details_list} => Array&lt;Types::EntityDetails&gt;
5079
+ # * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#is_truncated #is_truncated} => Boolean
5080
+ # * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#marker #marker} => String
5081
+ # * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#error #error} => Types::ErrorDetails
5082
+ #
5083
+ #
5084
+ # @example Example: To get sntity details from a previously-generated report
5085
+ #
5086
+ # # The following operation returns details about the entities that attempted to access the IAM service.
5087
+ #
5088
+ # resp = client.get_service_last_accessed_details_with_entities({
5089
+ # job_id: "examplef-1305-c245-eba4-71fe298bcda7",
5090
+ # service_namespace: "iam",
5091
+ # })
5092
+ #
5093
+ # resp.to_h outputs the following:
5094
+ # {
5095
+ # entity_details_list: [
5096
+ # {
5097
+ # entity_info: {
5098
+ # arn: "arn:aws:iam::123456789012:user/AWSExampleUser01",
5099
+ # id: "AIDAEX2EXAMPLEB6IGCDC",
5100
+ # name: "AWSExampleUser01",
5101
+ # path: "/",
5102
+ # type: "USER",
5103
+ # },
5104
+ # last_authenticated: Time.parse("2018-10-24T19:10:00Z"),
5105
+ # },
5106
+ # {
5107
+ # entity_info: {
5108
+ # arn: "arn:aws:iam::123456789012:role/AWSExampleRole01",
5109
+ # id: "AROAEAEXAMPLEIANXSIU4",
5110
+ # name: "AWSExampleRole01",
5111
+ # path: "/",
5112
+ # type: "ROLE",
5113
+ # },
5114
+ # },
5115
+ # ],
5116
+ # is_truncated: false,
5117
+ # job_completion_date: Time.parse("2018-10-24T19:47:35.241Z"),
5118
+ # job_creation_date: Time.parse("2018-10-24T19:47:31.466Z"),
5119
+ # job_status: "COMPLETED",
5120
+ # }
5121
+ #
5122
+ # @example Request syntax with placeholder values
5123
+ #
5124
+ # resp = client.get_service_last_accessed_details_with_entities({
5125
+ # job_id: "jobIDType", # required
5126
+ # service_namespace: "serviceNamespaceType", # required
5127
+ # max_items: 1,
5128
+ # marker: "markerType",
5129
+ # })
5130
+ #
5131
+ # @example Response structure
5132
+ #
5133
+ # resp.job_status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
5134
+ # resp.job_creation_date #=> Time
5135
+ # resp.job_completion_date #=> Time
5136
+ # resp.entity_details_list #=> Array
5137
+ # resp.entity_details_list[0].entity_info.arn #=> String
5138
+ # resp.entity_details_list[0].entity_info.name #=> String
5139
+ # resp.entity_details_list[0].entity_info.type #=> String, one of "USER", "ROLE", "GROUP"
5140
+ # resp.entity_details_list[0].entity_info.id #=> String
5141
+ # resp.entity_details_list[0].entity_info.path #=> String
5142
+ # resp.entity_details_list[0].last_authenticated #=> Time
5143
+ # resp.is_truncated #=> Boolean
5144
+ # resp.marker #=> String
5145
+ # resp.error.message #=> String
5146
+ # resp.error.code #=> String
5147
+ #
5148
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetailsWithEntities AWS API Documentation
5149
+ #
5150
+ # @overload get_service_last_accessed_details_with_entities(params = {})
5151
+ # @param [Hash] params ({})
5152
+ def get_service_last_accessed_details_with_entities(params = {}, options = {})
5153
+ req = build_request(:get_service_last_accessed_details_with_entities, params)
5154
+ req.send_request(options)
5155
+ end
5156
+
4766
5157
  # Retrieves the status of your service-linked role deletion. After you
4767
5158
  # use the DeleteServiceLinkedRole API operation to submit a
4768
5159
  # service-linked role for deletion, you can use the `DeletionTaskId`
@@ -4815,7 +5206,7 @@ module Aws::IAM
4815
5206
  # The name of the user to get information about.
4816
5207
  #
4817
5208
  # This parameter is optional. If it is not included, it defaults to the
4818
- # user making the request. This parameter allows (per its [regex
5209
+ # user making the request. This parameter allows (through its [regex
4819
5210
  # pattern][1]) a string of characters consisting of upper and lowercase
4820
5211
  # alphanumeric characters with no spaces. You can also include any of
4821
5212
  # the following characters: \_+=,.@-
@@ -4862,11 +5253,11 @@ module Aws::IAM
4862
5253
  # resp.user.arn #=> String
4863
5254
  # resp.user.create_date #=> Time
4864
5255
  # resp.user.password_last_used #=> Time
5256
+ # resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
5257
+ # resp.user.permissions_boundary.permissions_boundary_arn #=> String
4865
5258
  # resp.user.tags #=> Array
4866
5259
  # resp.user.tags[0].key #=> String
4867
5260
  # resp.user.tags[0].value #=> String
4868
- # resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
4869
- # resp.user.permissions_boundary.permissions_boundary_arn #=> String
4870
5261
  #
4871
5262
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUser AWS API Documentation
4872
5263
  #
@@ -4904,7 +5295,7 @@ module Aws::IAM
4904
5295
  # @option params [required, String] :user_name
4905
5296
  # The name of the user who the policy is associated with.
4906
5297
  #
4907
- # This parameter allows (per its [regex pattern][1]) a string of
5298
+ # This parameter allows (through its [regex pattern][1]) a string of
4908
5299
  # characters consisting of upper and lowercase alphanumeric characters
4909
5300
  # with no spaces. You can also include any of the following characters:
4910
5301
  # \_+=,.@-
@@ -4916,7 +5307,7 @@ module Aws::IAM
4916
5307
  # @option params [required, String] :policy_name
4917
5308
  # The name of the policy document to get.
4918
5309
  #
4919
- # This parameter allows (per its [regex pattern][1]) a string of
5310
+ # This parameter allows (through its [regex pattern][1]) a string of
4920
5311
  # characters consisting of upper and lowercase alphanumeric characters
4921
5312
  # with no spaces. You can also include any of the following characters:
4922
5313
  # \_+=,.@-
@@ -4954,7 +5345,7 @@ module Aws::IAM
4954
5345
  end
4955
5346
 
4956
5347
  # Returns information about the access key IDs associated with the
4957
- # specified IAM user. If there are none, the operation returns an empty
5348
+ # specified IAM user. If there is none, the operation returns an empty
4958
5349
  # list.
4959
5350
  #
4960
5351
  # Although each user is limited to a small number of keys, you can still
@@ -4962,9 +5353,9 @@ module Aws::IAM
4962
5353
  #
4963
5354
  # If the `UserName` field is not specified, the user name is determined
4964
5355
  # implicitly based on the AWS access key ID used to sign the request.
4965
- # Because this operation works for access keys under the AWS account,
4966
- # you can use this operation to manage AWS account root user credentials
4967
- # even if the AWS account has no associated users.
5356
+ # This operation works for access keys under the AWS account.
5357
+ # Consequently, you can use this operation to manage AWS account root
5358
+ # user credentials even if the AWS account has no associated users.
4968
5359
  #
4969
5360
  # <note markdown="1"> To ensure the security of your AWS account, the secret access key is
4970
5361
  # accessible only during key and user creation.
@@ -4974,7 +5365,7 @@ module Aws::IAM
4974
5365
  # @option params [String] :user_name
4975
5366
  # The name of the user.
4976
5367
  #
4977
- # This parameter allows (per its [regex pattern][1]) a string of
5368
+ # This parameter allows (through its [regex pattern][1]) a string of
4978
5369
  # characters consisting of upper and lowercase alphanumeric characters
4979
5370
  # with no spaces. You can also include any of the following characters:
4980
5371
  # \_+=,.@-
@@ -4990,16 +5381,15 @@ module Aws::IAM
4990
5381
  # to indicate where the next call should start.
4991
5382
  #
4992
5383
  # @option params [Integer] :max_items
4993
- # (Optional) Use this only when paginating results to indicate the
4994
- # maximum number of items you want in the response. If additional items
4995
- # exist beyond the maximum you specify, the `IsTruncated` response
4996
- # element is `true`.
5384
+ # Use this only when paginating results to indicate the maximum number
5385
+ # of items you want in the response. If additional items exist beyond
5386
+ # the maximum you specify, the `IsTruncated` response element is `true`.
4997
5387
  #
4998
- # If you do not include this parameter, it defaults to 100. Note that
4999
- # IAM might return fewer results, even when there are more results
5000
- # available. In that case, the `IsTruncated` response element returns
5001
- # `true` and `Marker` contains a value to include in the subsequent call
5002
- # that tells the service where to continue from.
5388
+ # If you do not include this parameter, the number of items defaults to
5389
+ # 100. Note that IAM might return fewer results, even when there are
5390
+ # more results available. In that case, the `IsTruncated` response
5391
+ # element returns `true`, and `Marker` contains a value to include in
5392
+ # the subsequent call that tells the service where to continue from.
5003
5393
  #
5004
5394
  # @return [Types::ListAccessKeysResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5005
5395
  #
@@ -5076,16 +5466,15 @@ module Aws::IAM
5076
5466
  # to indicate where the next call should start.
5077
5467
  #
5078
5468
  # @option params [Integer] :max_items
5079
- # (Optional) Use this only when paginating results to indicate the
5080
- # maximum number of items you want in the response. If additional items
5081
- # exist beyond the maximum you specify, the `IsTruncated` response
5082
- # element is `true`.
5469
+ # Use this only when paginating results to indicate the maximum number
5470
+ # of items you want in the response. If additional items exist beyond
5471
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5083
5472
  #
5084
- # If you do not include this parameter, it defaults to 100. Note that
5085
- # IAM might return fewer results, even when there are more results
5086
- # available. In that case, the `IsTruncated` response element returns
5087
- # `true` and `Marker` contains a value to include in the subsequent call
5088
- # that tells the service where to continue from.
5473
+ # If you do not include this parameter, the number of items defaults to
5474
+ # 100. Note that IAM might return fewer results, even when there are
5475
+ # more results available. In that case, the `IsTruncated` response
5476
+ # element returns `true`, and `Marker` contains a value to include in
5477
+ # the subsequent call that tells the service where to continue from.
5089
5478
  #
5090
5479
  # @return [Types::ListAccountAliasesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5091
5480
  #
@@ -5153,7 +5542,7 @@ module Aws::IAM
5153
5542
  # The name (friendly name, not ARN) of the group to list attached
5154
5543
  # policies for.
5155
5544
  #
5156
- # This parameter allows (per its [regex pattern][1]) a string of
5545
+ # This parameter allows (through its [regex pattern][1]) a string of
5157
5546
  # characters consisting of upper and lowercase alphanumeric characters
5158
5547
  # with no spaces. You can also include any of the following characters:
5159
5548
  # \_+=,.@-
@@ -5167,7 +5556,7 @@ module Aws::IAM
5167
5556
  # If it is not included, it defaults to a slash (/), listing all
5168
5557
  # policies.
5169
5558
  #
5170
- # This parameter allows (per its [regex pattern][1]) a string of
5559
+ # This parameter allows (through its [regex pattern][1]) a string of
5171
5560
  # characters consisting of either a forward slash (/) by itself or a
5172
5561
  # string that must begin and end with forward slashes. In addition, it
5173
5562
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -5185,16 +5574,15 @@ module Aws::IAM
5185
5574
  # to indicate where the next call should start.
5186
5575
  #
5187
5576
  # @option params [Integer] :max_items
5188
- # (Optional) Use this only when paginating results to indicate the
5189
- # maximum number of items you want in the response. If additional items
5190
- # exist beyond the maximum you specify, the `IsTruncated` response
5191
- # element is `true`.
5577
+ # Use this only when paginating results to indicate the maximum number
5578
+ # of items you want in the response. If additional items exist beyond
5579
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5192
5580
  #
5193
- # If you do not include this parameter, it defaults to 100. Note that
5194
- # IAM might return fewer results, even when there are more results
5195
- # available. In that case, the `IsTruncated` response element returns
5196
- # `true` and `Marker` contains a value to include in the subsequent call
5197
- # that tells the service where to continue from.
5581
+ # If you do not include this parameter, the number of items defaults to
5582
+ # 100. Note that IAM might return fewer results, even when there are
5583
+ # more results available. In that case, the `IsTruncated` response
5584
+ # element returns `true`, and `Marker` contains a value to include in
5585
+ # the subsequent call that tells the service where to continue from.
5198
5586
  #
5199
5587
  # @return [Types::ListAttachedGroupPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5200
5588
  #
@@ -5250,7 +5638,7 @@ module Aws::IAM
5250
5638
  # The name (friendly name, not ARN) of the role to list attached
5251
5639
  # policies for.
5252
5640
  #
5253
- # This parameter allows (per its [regex pattern][1]) a string of
5641
+ # This parameter allows (through its [regex pattern][1]) a string of
5254
5642
  # characters consisting of upper and lowercase alphanumeric characters
5255
5643
  # with no spaces. You can also include any of the following characters:
5256
5644
  # \_+=,.@-
@@ -5264,7 +5652,7 @@ module Aws::IAM
5264
5652
  # If it is not included, it defaults to a slash (/), listing all
5265
5653
  # policies.
5266
5654
  #
5267
- # This parameter allows (per its [regex pattern][1]) a string of
5655
+ # This parameter allows (through its [regex pattern][1]) a string of
5268
5656
  # characters consisting of either a forward slash (/) by itself or a
5269
5657
  # string that must begin and end with forward slashes. In addition, it
5270
5658
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -5282,16 +5670,15 @@ module Aws::IAM
5282
5670
  # to indicate where the next call should start.
5283
5671
  #
5284
5672
  # @option params [Integer] :max_items
5285
- # (Optional) Use this only when paginating results to indicate the
5286
- # maximum number of items you want in the response. If additional items
5287
- # exist beyond the maximum you specify, the `IsTruncated` response
5288
- # element is `true`.
5673
+ # Use this only when paginating results to indicate the maximum number
5674
+ # of items you want in the response. If additional items exist beyond
5675
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5289
5676
  #
5290
- # If you do not include this parameter, it defaults to 100. Note that
5291
- # IAM might return fewer results, even when there are more results
5292
- # available. In that case, the `IsTruncated` response element returns
5293
- # `true` and `Marker` contains a value to include in the subsequent call
5294
- # that tells the service where to continue from.
5677
+ # If you do not include this parameter, the number of items defaults to
5678
+ # 100. Note that IAM might return fewer results, even when there are
5679
+ # more results available. In that case, the `IsTruncated` response
5680
+ # element returns `true`, and `Marker` contains a value to include in
5681
+ # the subsequent call that tells the service where to continue from.
5295
5682
  #
5296
5683
  # @return [Types::ListAttachedRolePoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5297
5684
  #
@@ -5347,7 +5734,7 @@ module Aws::IAM
5347
5734
  # The name (friendly name, not ARN) of the user to list attached
5348
5735
  # policies for.
5349
5736
  #
5350
- # This parameter allows (per its [regex pattern][1]) a string of
5737
+ # This parameter allows (through its [regex pattern][1]) a string of
5351
5738
  # characters consisting of upper and lowercase alphanumeric characters
5352
5739
  # with no spaces. You can also include any of the following characters:
5353
5740
  # \_+=,.@-
@@ -5361,7 +5748,7 @@ module Aws::IAM
5361
5748
  # If it is not included, it defaults to a slash (/), listing all
5362
5749
  # policies.
5363
5750
  #
5364
- # This parameter allows (per its [regex pattern][1]) a string of
5751
+ # This parameter allows (through its [regex pattern][1]) a string of
5365
5752
  # characters consisting of either a forward slash (/) by itself or a
5366
5753
  # string that must begin and end with forward slashes. In addition, it
5367
5754
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -5379,16 +5766,15 @@ module Aws::IAM
5379
5766
  # to indicate where the next call should start.
5380
5767
  #
5381
5768
  # @option params [Integer] :max_items
5382
- # (Optional) Use this only when paginating results to indicate the
5383
- # maximum number of items you want in the response. If additional items
5384
- # exist beyond the maximum you specify, the `IsTruncated` response
5385
- # element is `true`.
5769
+ # Use this only when paginating results to indicate the maximum number
5770
+ # of items you want in the response. If additional items exist beyond
5771
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5386
5772
  #
5387
- # If you do not include this parameter, it defaults to 100. Note that
5388
- # IAM might return fewer results, even when there are more results
5389
- # available. In that case, the `IsTruncated` response element returns
5390
- # `true` and `Marker` contains a value to include in the subsequent call
5391
- # that tells the service where to continue from.
5773
+ # If you do not include this parameter, the number of items defaults to
5774
+ # 100. Note that IAM might return fewer results, even when there are
5775
+ # more results available. In that case, the `IsTruncated` response
5776
+ # element returns `true`, and `Marker` contains a value to include in
5777
+ # the subsequent call that tells the service where to continue from.
5392
5778
  #
5393
5779
  # @return [Types::ListAttachedUserPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5394
5780
  #
@@ -5458,7 +5844,7 @@ module Aws::IAM
5458
5844
  # If it is not included, it defaults to a slash (/), listing all
5459
5845
  # entities.
5460
5846
  #
5461
- # This parameter allows (per its [regex pattern][1]) a string of
5847
+ # This parameter allows (through its [regex pattern][1]) a string of
5462
5848
  # characters consisting of either a forward slash (/) by itself or a
5463
5849
  # string that must begin and end with forward slashes. In addition, it
5464
5850
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -5487,16 +5873,15 @@ module Aws::IAM
5487
5873
  # to indicate where the next call should start.
5488
5874
  #
5489
5875
  # @option params [Integer] :max_items
5490
- # (Optional) Use this only when paginating results to indicate the
5491
- # maximum number of items you want in the response. If additional items
5492
- # exist beyond the maximum you specify, the `IsTruncated` response
5493
- # element is `true`.
5876
+ # Use this only when paginating results to indicate the maximum number
5877
+ # of items you want in the response. If additional items exist beyond
5878
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5494
5879
  #
5495
- # If you do not include this parameter, it defaults to 100. Note that
5496
- # IAM might return fewer results, even when there are more results
5497
- # available. In that case, the `IsTruncated` response element returns
5498
- # `true` and `Marker` contains a value to include in the subsequent call
5499
- # that tells the service where to continue from.
5880
+ # If you do not include this parameter, the number of items defaults to
5881
+ # 100. Note that IAM might return fewer results, even when there are
5882
+ # more results available. In that case, the `IsTruncated` response
5883
+ # element returns `true`, and `Marker` contains a value to include in
5884
+ # the subsequent call that tells the service where to continue from.
5500
5885
  #
5501
5886
  # @return [Types::ListEntitiesForPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5502
5887
  #
@@ -5559,7 +5944,7 @@ module Aws::IAM
5559
5944
  # @option params [required, String] :group_name
5560
5945
  # The name of the group to list policies for.
5561
5946
  #
5562
- # This parameter allows (per its [regex pattern][1]) a string of
5947
+ # This parameter allows (through its [regex pattern][1]) a string of
5563
5948
  # characters consisting of upper and lowercase alphanumeric characters
5564
5949
  # with no spaces. You can also include any of the following characters:
5565
5950
  # \_+=,.@-
@@ -5575,16 +5960,15 @@ module Aws::IAM
5575
5960
  # to indicate where the next call should start.
5576
5961
  #
5577
5962
  # @option params [Integer] :max_items
5578
- # (Optional) Use this only when paginating results to indicate the
5579
- # maximum number of items you want in the response. If additional items
5580
- # exist beyond the maximum you specify, the `IsTruncated` response
5581
- # element is `true`.
5963
+ # Use this only when paginating results to indicate the maximum number
5964
+ # of items you want in the response. If additional items exist beyond
5965
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5582
5966
  #
5583
- # If you do not include this parameter, it defaults to 100. Note that
5584
- # IAM might return fewer results, even when there are more results
5585
- # available. In that case, the `IsTruncated` response element returns
5586
- # `true` and `Marker` contains a value to include in the subsequent call
5587
- # that tells the service where to continue from.
5967
+ # If you do not include this parameter, the number of items defaults to
5968
+ # 100. Note that IAM might return fewer results, even when there are
5969
+ # more results available. In that case, the `IsTruncated` response
5970
+ # element returns `true`, and `Marker` contains a value to include in
5971
+ # the subsequent call that tells the service where to continue from.
5588
5972
  #
5589
5973
  # @return [Types::ListGroupPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5590
5974
  #
@@ -5644,11 +6028,11 @@ module Aws::IAM
5644
6028
  # with `/division_abc/subdivision_xyz/`.
5645
6029
  #
5646
6030
  # This parameter is optional. If it is not included, it defaults to a
5647
- # slash (/), listing all groups. This parameter allows (per its [regex
5648
- # pattern][1]) a string of characters consisting of either a forward
5649
- # slash (/) by itself or a string that must begin and end with forward
5650
- # slashes. In addition, it can contain any ASCII character from the !
5651
- # (\\u0021) through the DEL character (\\u007F), including most
6031
+ # slash (/), listing all groups. This parameter allows (through its
6032
+ # [regex pattern][1]) a string of characters consisting of either a
6033
+ # forward slash (/) by itself or a string that must begin and end with
6034
+ # forward slashes. In addition, it can contain any ASCII character from
6035
+ # the ! (\\u0021) through the DEL character (\\u007F), including most
5652
6036
  # punctuation characters, digits, and upper and lowercased letters.
5653
6037
  #
5654
6038
  #
@@ -5662,16 +6046,15 @@ module Aws::IAM
5662
6046
  # to indicate where the next call should start.
5663
6047
  #
5664
6048
  # @option params [Integer] :max_items
5665
- # (Optional) Use this only when paginating results to indicate the
5666
- # maximum number of items you want in the response. If additional items
5667
- # exist beyond the maximum you specify, the `IsTruncated` response
5668
- # element is `true`.
6049
+ # Use this only when paginating results to indicate the maximum number
6050
+ # of items you want in the response. If additional items exist beyond
6051
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5669
6052
  #
5670
- # If you do not include this parameter, it defaults to 100. Note that
5671
- # IAM might return fewer results, even when there are more results
5672
- # available. In that case, the `IsTruncated` response element returns
5673
- # `true` and `Marker` contains a value to include in the subsequent call
5674
- # that tells the service where to continue from.
6053
+ # If you do not include this parameter, the number of items defaults to
6054
+ # 100. Note that IAM might return fewer results, even when there are
6055
+ # more results available. In that case, the `IsTruncated` response
6056
+ # element returns `true`, and `Marker` contains a value to include in
6057
+ # the subsequent call that tells the service where to continue from.
5675
6058
  #
5676
6059
  # @return [Types::ListGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5677
6060
  #
@@ -5750,7 +6133,7 @@ module Aws::IAM
5750
6133
  # @option params [required, String] :user_name
5751
6134
  # The name of the user to list groups for.
5752
6135
  #
5753
- # This parameter allows (per its [regex pattern][1]) a string of
6136
+ # This parameter allows (through its [regex pattern][1]) a string of
5754
6137
  # characters consisting of upper and lowercase alphanumeric characters
5755
6138
  # with no spaces. You can also include any of the following characters:
5756
6139
  # \_+=,.@-
@@ -5766,16 +6149,15 @@ module Aws::IAM
5766
6149
  # to indicate where the next call should start.
5767
6150
  #
5768
6151
  # @option params [Integer] :max_items
5769
- # (Optional) Use this only when paginating results to indicate the
5770
- # maximum number of items you want in the response. If additional items
5771
- # exist beyond the maximum you specify, the `IsTruncated` response
5772
- # element is `true`.
6152
+ # Use this only when paginating results to indicate the maximum number
6153
+ # of items you want in the response. If additional items exist beyond
6154
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5773
6155
  #
5774
- # If you do not include this parameter, it defaults to 100. Note that
5775
- # IAM might return fewer results, even when there are more results
5776
- # available. In that case, the `IsTruncated` response element returns
5777
- # `true` and `Marker` contains a value to include in the subsequent call
5778
- # that tells the service where to continue from.
6156
+ # If you do not include this parameter, the number of items defaults to
6157
+ # 100. Note that IAM might return fewer results, even when there are
6158
+ # more results available. In that case, the `IsTruncated` response
6159
+ # element returns `true`, and `Marker` contains a value to include in
6160
+ # the subsequent call that tells the service where to continue from.
5779
6161
  #
5780
6162
  # @return [Types::ListGroupsForUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5781
6163
  #
@@ -5858,12 +6240,13 @@ module Aws::IAM
5858
6240
  # path starts with `/application_abc/component_xyz/`.
5859
6241
  #
5860
6242
  # This parameter is optional. If it is not included, it defaults to a
5861
- # slash (/), listing all instance profiles. This parameter allows (per
5862
- # its [regex pattern][1]) a string of characters consisting of either a
5863
- # forward slash (/) by itself or a string that must begin and end with
5864
- # forward slashes. In addition, it can contain any ASCII character from
5865
- # the ! (\\u0021) through the DEL character (\\u007F), including most
5866
- # punctuation characters, digits, and upper and lowercased letters.
6243
+ # slash (/), listing all instance profiles. This parameter allows
6244
+ # (through its [regex pattern][1]) a string of characters consisting of
6245
+ # either a forward slash (/) by itself or a string that must begin and
6246
+ # end with forward slashes. In addition, it can contain any ASCII
6247
+ # character from the ! (\\u0021) through the DEL character (\\u007F),
6248
+ # including most punctuation characters, digits, and upper and
6249
+ # lowercased letters.
5867
6250
  #
5868
6251
  #
5869
6252
  #
@@ -5876,16 +6259,15 @@ module Aws::IAM
5876
6259
  # to indicate where the next call should start.
5877
6260
  #
5878
6261
  # @option params [Integer] :max_items
5879
- # (Optional) Use this only when paginating results to indicate the
5880
- # maximum number of items you want in the response. If additional items
5881
- # exist beyond the maximum you specify, the `IsTruncated` response
5882
- # element is `true`.
6262
+ # Use this only when paginating results to indicate the maximum number
6263
+ # of items you want in the response. If additional items exist beyond
6264
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5883
6265
  #
5884
- # If you do not include this parameter, it defaults to 100. Note that
5885
- # IAM might return fewer results, even when there are more results
5886
- # available. In that case, the `IsTruncated` response element returns
5887
- # `true` and `Marker` contains a value to include in the subsequent call
5888
- # that tells the service where to continue from.
6266
+ # If you do not include this parameter, the number of items defaults to
6267
+ # 100. Note that IAM might return fewer results, even when there are
6268
+ # more results available. In that case, the `IsTruncated` response
6269
+ # element returns `true`, and `Marker` contains a value to include in
6270
+ # the subsequent call that tells the service where to continue from.
5889
6271
  #
5890
6272
  # @return [Types::ListInstanceProfilesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5891
6273
  #
@@ -5917,12 +6299,12 @@ module Aws::IAM
5917
6299
  # resp.instance_profiles[0].roles[0].create_date #=> Time
5918
6300
  # resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
5919
6301
  # resp.instance_profiles[0].roles[0].description #=> String
5920
- # resp.instance_profiles[0].roles[0].tags #=> Array
5921
- # resp.instance_profiles[0].roles[0].tags[0].key #=> String
5922
- # resp.instance_profiles[0].roles[0].tags[0].value #=> String
5923
6302
  # resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
5924
6303
  # resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
5925
6304
  # resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
6305
+ # resp.instance_profiles[0].roles[0].tags #=> Array
6306
+ # resp.instance_profiles[0].roles[0].tags[0].key #=> String
6307
+ # resp.instance_profiles[0].roles[0].tags[0].value #=> String
5926
6308
  # resp.is_truncated #=> Boolean
5927
6309
  # resp.marker #=> String
5928
6310
  #
@@ -5950,7 +6332,7 @@ module Aws::IAM
5950
6332
  # @option params [required, String] :role_name
5951
6333
  # The name of the role to list instance profiles for.
5952
6334
  #
5953
- # This parameter allows (per its [regex pattern][1]) a string of
6335
+ # This parameter allows (through its [regex pattern][1]) a string of
5954
6336
  # characters consisting of upper and lowercase alphanumeric characters
5955
6337
  # with no spaces. You can also include any of the following characters:
5956
6338
  # \_+=,.@-
@@ -5966,16 +6348,15 @@ module Aws::IAM
5966
6348
  # to indicate where the next call should start.
5967
6349
  #
5968
6350
  # @option params [Integer] :max_items
5969
- # (Optional) Use this only when paginating results to indicate the
5970
- # maximum number of items you want in the response. If additional items
5971
- # exist beyond the maximum you specify, the `IsTruncated` response
5972
- # element is `true`.
6351
+ # Use this only when paginating results to indicate the maximum number
6352
+ # of items you want in the response. If additional items exist beyond
6353
+ # the maximum you specify, the `IsTruncated` response element is `true`.
5973
6354
  #
5974
- # If you do not include this parameter, it defaults to 100. Note that
5975
- # IAM might return fewer results, even when there are more results
5976
- # available. In that case, the `IsTruncated` response element returns
5977
- # `true` and `Marker` contains a value to include in the subsequent call
5978
- # that tells the service where to continue from.
6355
+ # If you do not include this parameter, the number of items defaults to
6356
+ # 100. Note that IAM might return fewer results, even when there are
6357
+ # more results available. In that case, the `IsTruncated` response
6358
+ # element returns `true`, and `Marker` contains a value to include in
6359
+ # the subsequent call that tells the service where to continue from.
5979
6360
  #
5980
6361
  # @return [Types::ListInstanceProfilesForRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5981
6362
  #
@@ -6007,12 +6388,12 @@ module Aws::IAM
6007
6388
  # resp.instance_profiles[0].roles[0].create_date #=> Time
6008
6389
  # resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
6009
6390
  # resp.instance_profiles[0].roles[0].description #=> String
6010
- # resp.instance_profiles[0].roles[0].tags #=> Array
6011
- # resp.instance_profiles[0].roles[0].tags[0].key #=> String
6012
- # resp.instance_profiles[0].roles[0].tags[0].value #=> String
6013
6391
  # resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
6014
6392
  # resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
6015
6393
  # resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
6394
+ # resp.instance_profiles[0].roles[0].tags #=> Array
6395
+ # resp.instance_profiles[0].roles[0].tags[0].key #=> String
6396
+ # resp.instance_profiles[0].roles[0].tags[0].value #=> String
6016
6397
  # resp.is_truncated #=> Boolean
6017
6398
  # resp.marker #=> String
6018
6399
  #
@@ -6037,7 +6418,7 @@ module Aws::IAM
6037
6418
  # @option params [String] :user_name
6038
6419
  # The name of the user whose MFA devices you want to list.
6039
6420
  #
6040
- # This parameter allows (per its [regex pattern][1]) a string of
6421
+ # This parameter allows (through its [regex pattern][1]) a string of
6041
6422
  # characters consisting of upper and lowercase alphanumeric characters
6042
6423
  # with no spaces. You can also include any of the following characters:
6043
6424
  # \_+=,.@-
@@ -6053,16 +6434,15 @@ module Aws::IAM
6053
6434
  # to indicate where the next call should start.
6054
6435
  #
6055
6436
  # @option params [Integer] :max_items
6056
- # (Optional) Use this only when paginating results to indicate the
6057
- # maximum number of items you want in the response. If additional items
6058
- # exist beyond the maximum you specify, the `IsTruncated` response
6059
- # element is `true`.
6437
+ # Use this only when paginating results to indicate the maximum number
6438
+ # of items you want in the response. If additional items exist beyond
6439
+ # the maximum you specify, the `IsTruncated` response element is `true`.
6060
6440
  #
6061
- # If you do not include this parameter, it defaults to 100. Note that
6062
- # IAM might return fewer results, even when there are more results
6063
- # available. In that case, the `IsTruncated` response element returns
6064
- # `true` and `Marker` contains a value to include in the subsequent call
6065
- # that tells the service where to continue from.
6441
+ # If you do not include this parameter, the number of items defaults to
6442
+ # 100. Note that IAM might return fewer results, even when there are
6443
+ # more results available. In that case, the `IsTruncated` response
6444
+ # element returns `true`, and `Marker` contains a value to include in
6445
+ # the subsequent call that tells the service where to continue from.
6066
6446
  #
6067
6447
  # @return [Types::ListMFADevicesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6068
6448
  #
@@ -6158,12 +6538,12 @@ module Aws::IAM
6158
6538
  # @option params [String] :path_prefix
6159
6539
  # The path prefix for filtering the results. This parameter is optional.
6160
6540
  # If it is not included, it defaults to a slash (/), listing all
6161
- # policies. This parameter allows (per its [regex pattern][1]) a string
6162
- # of characters consisting of either a forward slash (/) by itself or a
6163
- # string that must begin and end with forward slashes. In addition, it
6164
- # can contain any ASCII character from the ! (\\u0021) through the DEL
6165
- # character (\\u007F), including most punctuation characters, digits,
6166
- # and upper and lowercased letters.
6541
+ # policies. This parameter allows (through its [regex pattern][1]) a
6542
+ # string of characters consisting of either a forward slash (/) by
6543
+ # itself or a string that must begin and end with forward slashes. In
6544
+ # addition, it can contain any ASCII character from the ! (\\u0021)
6545
+ # through the DEL character (\\u007F), including most punctuation
6546
+ # characters, digits, and upper and lowercased letters.
6167
6547
  #
6168
6548
  #
6169
6549
  #
@@ -6187,16 +6567,15 @@ module Aws::IAM
6187
6567
  # to indicate where the next call should start.
6188
6568
  #
6189
6569
  # @option params [Integer] :max_items
6190
- # (Optional) Use this only when paginating results to indicate the
6191
- # maximum number of items you want in the response. If additional items
6192
- # exist beyond the maximum you specify, the `IsTruncated` response
6193
- # element is `true`.
6570
+ # Use this only when paginating results to indicate the maximum number
6571
+ # of items you want in the response. If additional items exist beyond
6572
+ # the maximum you specify, the `IsTruncated` response element is `true`.
6194
6573
  #
6195
- # If you do not include this parameter, it defaults to 100. Note that
6196
- # IAM might return fewer results, even when there are more results
6197
- # available. In that case, the `IsTruncated` response element returns
6198
- # `true` and `Marker` contains a value to include in the subsequent call
6199
- # that tells the service where to continue from.
6574
+ # If you do not include this parameter, the number of items defaults to
6575
+ # 100. Note that IAM might return fewer results, even when there are
6576
+ # more results available. In that case, the `IsTruncated` response
6577
+ # element returns `true`, and `Marker` contains a value to include in
6578
+ # the subsequent call that tells the service where to continue from.
6200
6579
  #
6201
6580
  # @return [Types::ListPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6202
6581
  #
@@ -6241,6 +6620,159 @@ module Aws::IAM
6241
6620
  req.send_request(options)
6242
6621
  end
6243
6622
 
6623
+ # Retrieves a list of policies that the IAM identity (user, group, or
6624
+ # role) can use to access each specified service.
6625
+ #
6626
+ # <note markdown="1"> This operation does not use other policy types when determining
6627
+ # whether a resource could access a service. These other policy types
6628
+ # include resource-based policies, access control lists, AWS
6629
+ # Organizations policies, IAM permissions boundaries, and AWS STS assume
6630
+ # role policies. It only applies permissions policy logic. For more
6631
+ # about the evaluation of policy types, see [Evaluating Policies][1] in
6632
+ # the *IAM User Guide*.
6633
+ #
6634
+ # </note>
6635
+ #
6636
+ # The list of policies returned by the operation depends on the ARN of
6637
+ # the identity that you provide.
6638
+ #
6639
+ # * **User** – The list of policies includes the managed and inline
6640
+ # policies that are attached to the user directly. The list also
6641
+ # includes any additional managed and inline policies that are
6642
+ # attached to the group to which the user belongs.
6643
+ #
6644
+ # * **Group** – The list of policies includes only the managed and
6645
+ # inline policies that are attached to the group directly. Policies
6646
+ # that are attached to the group’s user are not included.
6647
+ #
6648
+ # * **Role** – The list of policies includes only the managed and inline
6649
+ # policies that are attached to the role.
6650
+ #
6651
+ # For each managed policy, this operation returns the ARN and policy
6652
+ # name. For each inline policy, it returns the policy name and the
6653
+ # entity to which it is attached. Inline policies do not have an ARN.
6654
+ # For more information about these policy types, see [Managed Policies
6655
+ # and Inline Policies][2] in the *IAM User Guide*.
6656
+ #
6657
+ # Policies that are attached to users and roles as permissions
6658
+ # boundaries are not returned. To view which managed policy is currently
6659
+ # used to set the permissions boundary for a user or role, use the
6660
+ # GetUser or GetRole operations.
6661
+ #
6662
+ #
6663
+ #
6664
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
6665
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
6666
+ #
6667
+ # @option params [String] :marker
6668
+ # Use this parameter only when paginating results and only after you
6669
+ # receive a response indicating that the results are truncated. Set it
6670
+ # to the value of the `Marker` element in the response that you received
6671
+ # to indicate where the next call should start.
6672
+ #
6673
+ # @option params [required, String] :arn
6674
+ # The ARN of the IAM identity (user, group, or role) whose policies you
6675
+ # want to list.
6676
+ #
6677
+ # @option params [required, Array<String>] :service_namespaces
6678
+ # The service namespace for the AWS services whose policies you want to
6679
+ # list.
6680
+ #
6681
+ # To learn the service namespace for a service, go to [Actions,
6682
+ # Resources, and Condition Keys for AWS Services][1] in the *IAM User
6683
+ # Guide*. Choose the name of the service to view details for that
6684
+ # service. In the first paragraph, find the service prefix. For example,
6685
+ # `(service prefix: a4b)`. For more information about service
6686
+ # namespaces, see [AWS Service Namespaces][2] in the *AWS General
6687
+ # Reference*.
6688
+ #
6689
+ #
6690
+ #
6691
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
6692
+ # [2]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
6693
+ #
6694
+ # @return [Types::ListPoliciesGrantingServiceAccessResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6695
+ #
6696
+ # * {Types::ListPoliciesGrantingServiceAccessResponse#policies_granting_service_access #policies_granting_service_access} => Array&lt;Types::ListPoliciesGrantingServiceAccessEntry&gt;
6697
+ # * {Types::ListPoliciesGrantingServiceAccessResponse#is_truncated #is_truncated} => Boolean
6698
+ # * {Types::ListPoliciesGrantingServiceAccessResponse#marker #marker} => String
6699
+ #
6700
+ #
6701
+ # @example Example: To list policies that allow access to a service
6702
+ #
6703
+ # # The following operation lists policies that allow ExampleUser01 to access IAM or EC2.
6704
+ #
6705
+ # resp = client.list_policies_granting_service_access({
6706
+ # arn: "arn:aws:iam::123456789012:user/ExampleUser01",
6707
+ # service_namespaces: [
6708
+ # "iam",
6709
+ # "ec2",
6710
+ # ],
6711
+ # })
6712
+ #
6713
+ # resp.to_h outputs the following:
6714
+ # {
6715
+ # is_truncated: false,
6716
+ # policies_granting_service_access: [
6717
+ # {
6718
+ # policies: [
6719
+ # {
6720
+ # policy_arn: "arn:aws:iam::123456789012:policy/ExampleIamPolicy",
6721
+ # policy_name: "ExampleIamPolicy",
6722
+ # policy_type: "MANAGED",
6723
+ # },
6724
+ # {
6725
+ # entity_name: "AWSExampleGroup1",
6726
+ # entity_type: "GROUP",
6727
+ # policy_name: "ExampleGroup1Policy",
6728
+ # policy_type: "INLINE",
6729
+ # },
6730
+ # ],
6731
+ # service_namespace: "iam",
6732
+ # },
6733
+ # {
6734
+ # policies: [
6735
+ # {
6736
+ # policy_arn: "arn:aws:iam::123456789012:policy/ExampleEc2Policy",
6737
+ # policy_name: "ExampleEc2Policy",
6738
+ # policy_type: "MANAGED",
6739
+ # },
6740
+ # ],
6741
+ # service_namespace: "ec2",
6742
+ # },
6743
+ # ],
6744
+ # }
6745
+ #
6746
+ # @example Request syntax with placeholder values
6747
+ #
6748
+ # resp = client.list_policies_granting_service_access({
6749
+ # marker: "markerType",
6750
+ # arn: "arnType", # required
6751
+ # service_namespaces: ["serviceNamespaceType"], # required
6752
+ # })
6753
+ #
6754
+ # @example Response structure
6755
+ #
6756
+ # resp.policies_granting_service_access #=> Array
6757
+ # resp.policies_granting_service_access[0].service_namespace #=> String
6758
+ # resp.policies_granting_service_access[0].policies #=> Array
6759
+ # resp.policies_granting_service_access[0].policies[0].policy_name #=> String
6760
+ # resp.policies_granting_service_access[0].policies[0].policy_type #=> String, one of "INLINE", "MANAGED"
6761
+ # resp.policies_granting_service_access[0].policies[0].policy_arn #=> String
6762
+ # resp.policies_granting_service_access[0].policies[0].entity_type #=> String, one of "USER", "ROLE", "GROUP"
6763
+ # resp.policies_granting_service_access[0].policies[0].entity_name #=> String
6764
+ # resp.is_truncated #=> Boolean
6765
+ # resp.marker #=> String
6766
+ #
6767
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPoliciesGrantingServiceAccess AWS API Documentation
6768
+ #
6769
+ # @overload list_policies_granting_service_access(params = {})
6770
+ # @param [Hash] params ({})
6771
+ def list_policies_granting_service_access(params = {}, options = {})
6772
+ req = build_request(:list_policies_granting_service_access, params)
6773
+ req.send_request(options)
6774
+ end
6775
+
6244
6776
  # Lists information about the versions of the specified managed policy,
6245
6777
  # including the version that is currently set as the policy's default
6246
6778
  # version.
@@ -6270,16 +6802,15 @@ module Aws::IAM
6270
6802
  # to indicate where the next call should start.
6271
6803
  #
6272
6804
  # @option params [Integer] :max_items
6273
- # (Optional) Use this only when paginating results to indicate the
6274
- # maximum number of items you want in the response. If additional items
6275
- # exist beyond the maximum you specify, the `IsTruncated` response
6276
- # element is `true`.
6805
+ # Use this only when paginating results to indicate the maximum number
6806
+ # of items you want in the response. If additional items exist beyond
6807
+ # the maximum you specify, the `IsTruncated` response element is `true`.
6277
6808
  #
6278
- # If you do not include this parameter, it defaults to 100. Note that
6279
- # IAM might return fewer results, even when there are more results
6280
- # available. In that case, the `IsTruncated` response element returns
6281
- # `true` and `Marker` contains a value to include in the subsequent call
6282
- # that tells the service where to continue from.
6809
+ # If you do not include this parameter, the number of items defaults to
6810
+ # 100. Note that IAM might return fewer results, even when there are
6811
+ # more results available. In that case, the `IsTruncated` response
6812
+ # element returns `true`, and `Marker` contains a value to include in
6813
+ # the subsequent call that tells the service where to continue from.
6283
6814
  #
6284
6815
  # @return [Types::ListPolicyVersionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6285
6816
  #
@@ -6333,7 +6864,7 @@ module Aws::IAM
6333
6864
  # @option params [required, String] :role_name
6334
6865
  # The name of the role to list policies for.
6335
6866
  #
6336
- # This parameter allows (per its [regex pattern][1]) a string of
6867
+ # This parameter allows (through its [regex pattern][1]) a string of
6337
6868
  # characters consisting of upper and lowercase alphanumeric characters
6338
6869
  # with no spaces. You can also include any of the following characters:
6339
6870
  # \_+=,.@-
@@ -6349,16 +6880,15 @@ module Aws::IAM
6349
6880
  # to indicate where the next call should start.
6350
6881
  #
6351
6882
  # @option params [Integer] :max_items
6352
- # (Optional) Use this only when paginating results to indicate the
6353
- # maximum number of items you want in the response. If additional items
6354
- # exist beyond the maximum you specify, the `IsTruncated` response
6355
- # element is `true`.
6883
+ # Use this only when paginating results to indicate the maximum number
6884
+ # of items you want in the response. If additional items exist beyond
6885
+ # the maximum you specify, the `IsTruncated` response element is `true`.
6356
6886
  #
6357
- # If you do not include this parameter, it defaults to 100. Note that
6358
- # IAM might return fewer results, even when there are more results
6359
- # available. In that case, the `IsTruncated` response element returns
6360
- # `true` and `Marker` contains a value to include in the subsequent call
6361
- # that tells the service where to continue from.
6887
+ # If you do not include this parameter, the number of items defaults to
6888
+ # 100. Note that IAM might return fewer results, even when there are
6889
+ # more results available. In that case, the `IsTruncated` response
6890
+ # element returns `true`, and `Marker` contains a value to include in
6891
+ # the subsequent call that tells the service where to continue from.
6362
6892
  #
6363
6893
  # @return [Types::ListRolePoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6364
6894
  #
@@ -6500,11 +7030,11 @@ module Aws::IAM
6500
7030
  # with `/application_abc/component_xyz/`.
6501
7031
  #
6502
7032
  # This parameter is optional. If it is not included, it defaults to a
6503
- # slash (/), listing all roles. This parameter allows (per its [regex
6504
- # pattern][1]) a string of characters consisting of either a forward
6505
- # slash (/) by itself or a string that must begin and end with forward
6506
- # slashes. In addition, it can contain any ASCII character from the !
6507
- # (\\u0021) through the DEL character (\\u007F), including most
7033
+ # slash (/), listing all roles. This parameter allows (through its
7034
+ # [regex pattern][1]) a string of characters consisting of either a
7035
+ # forward slash (/) by itself or a string that must begin and end with
7036
+ # forward slashes. In addition, it can contain any ASCII character from
7037
+ # the ! (\\u0021) through the DEL character (\\u007F), including most
6508
7038
  # punctuation characters, digits, and upper and lowercased letters.
6509
7039
  #
6510
7040
  #
@@ -6518,16 +7048,15 @@ module Aws::IAM
6518
7048
  # to indicate where the next call should start.
6519
7049
  #
6520
7050
  # @option params [Integer] :max_items
6521
- # (Optional) Use this only when paginating results to indicate the
6522
- # maximum number of items you want in the response. If additional items
6523
- # exist beyond the maximum you specify, the `IsTruncated` response
6524
- # element is `true`.
7051
+ # Use this only when paginating results to indicate the maximum number
7052
+ # of items you want in the response. If additional items exist beyond
7053
+ # the maximum you specify, the `IsTruncated` response element is `true`.
6525
7054
  #
6526
- # If you do not include this parameter, it defaults to 100. Note that
6527
- # IAM might return fewer results, even when there are more results
6528
- # available. In that case, the `IsTruncated` response element returns
6529
- # `true` and `Marker` contains a value to include in the subsequent call
6530
- # that tells the service where to continue from.
7055
+ # If you do not include this parameter, the number of items defaults to
7056
+ # 100. Note that IAM might return fewer results, even when there are
7057
+ # more results available. In that case, the `IsTruncated` response
7058
+ # element returns `true`, and `Marker` contains a value to include in
7059
+ # the subsequent call that tells the service where to continue from.
6531
7060
  #
6532
7061
  # @return [Types::ListRolesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6533
7062
  #
@@ -6553,12 +7082,12 @@ module Aws::IAM
6553
7082
  # resp.roles[0].create_date #=> Time
6554
7083
  # resp.roles[0].assume_role_policy_document #=> String
6555
7084
  # resp.roles[0].description #=> String
6556
- # resp.roles[0].tags #=> Array
6557
- # resp.roles[0].tags[0].key #=> String
6558
- # resp.roles[0].tags[0].value #=> String
6559
7085
  # resp.roles[0].max_session_duration #=> Integer
6560
7086
  # resp.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
6561
7087
  # resp.roles[0].permissions_boundary.permissions_boundary_arn #=> String
7088
+ # resp.roles[0].tags #=> Array
7089
+ # resp.roles[0].tags[0].key #=> String
7090
+ # resp.roles[0].tags[0].value #=> String
6562
7091
  # resp.is_truncated #=> Boolean
6563
7092
  # resp.marker #=> String
6564
7093
  #
@@ -6603,8 +7132,8 @@ module Aws::IAM
6603
7132
  end
6604
7133
 
6605
7134
  # Returns information about the SSH public keys associated with the
6606
- # specified IAM user. If there are none, the operation returns an empty
6607
- # list.
7135
+ # specified IAM user. If there none exists, the operation returns an
7136
+ # empty list.
6608
7137
  #
6609
7138
  # The SSH public keys returned by this operation are used only for
6610
7139
  # authenticating the IAM user to an AWS CodeCommit repository. For more
@@ -6624,7 +7153,7 @@ module Aws::IAM
6624
7153
  # specified, the `UserName` field is determined implicitly based on the
6625
7154
  # AWS access key used to sign the request.
6626
7155
  #
6627
- # This parameter allows (per its [regex pattern][1]) a string of
7156
+ # This parameter allows (through its [regex pattern][1]) a string of
6628
7157
  # characters consisting of upper and lowercase alphanumeric characters
6629
7158
  # with no spaces. You can also include any of the following characters:
6630
7159
  # \_+=,.@-
@@ -6640,16 +7169,15 @@ module Aws::IAM
6640
7169
  # to indicate where the next call should start.
6641
7170
  #
6642
7171
  # @option params [Integer] :max_items
6643
- # (Optional) Use this only when paginating results to indicate the
6644
- # maximum number of items you want in the response. If additional items
6645
- # exist beyond the maximum you specify, the `IsTruncated` response
6646
- # element is `true`.
7172
+ # Use this only when paginating results to indicate the maximum number
7173
+ # of items you want in the response. If additional items exist beyond
7174
+ # the maximum you specify, the `IsTruncated` response element is `true`.
6647
7175
  #
6648
- # If you do not include this parameter, it defaults to 100. Note that
6649
- # IAM might return fewer results, even when there are more results
6650
- # available. In that case, the `IsTruncated` response element returns
6651
- # `true` and `Marker` contains a value to include in the subsequent call
6652
- # that tells the service where to continue from.
7176
+ # If you do not include this parameter, the number of items defaults to
7177
+ # 100. Note that IAM might return fewer results, even when there are
7178
+ # more results available. In that case, the `IsTruncated` response
7179
+ # element returns `true`, and `Marker` contains a value to include in
7180
+ # the subsequent call that tells the service where to continue from.
6653
7181
  #
6654
7182
  # @return [Types::ListSSHPublicKeysResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6655
7183
  #
@@ -6705,12 +7233,13 @@ module Aws::IAM
6705
7233
  # path starts with `/company/servercerts`.
6706
7234
  #
6707
7235
  # This parameter is optional. If it is not included, it defaults to a
6708
- # slash (/), listing all server certificates. This parameter allows (per
6709
- # its [regex pattern][1]) a string of characters consisting of either a
6710
- # forward slash (/) by itself or a string that must begin and end with
6711
- # forward slashes. In addition, it can contain any ASCII character from
6712
- # the ! (\\u0021) through the DEL character (\\u007F), including most
6713
- # punctuation characters, digits, and upper and lowercased letters.
7236
+ # slash (/), listing all server certificates. This parameter allows
7237
+ # (through its [regex pattern][1]) a string of characters consisting of
7238
+ # either a forward slash (/) by itself or a string that must begin and
7239
+ # end with forward slashes. In addition, it can contain any ASCII
7240
+ # character from the ! (\\u0021) through the DEL character (\\u007F),
7241
+ # including most punctuation characters, digits, and upper and
7242
+ # lowercased letters.
6714
7243
  #
6715
7244
  #
6716
7245
  #
@@ -6723,16 +7252,15 @@ module Aws::IAM
6723
7252
  # to indicate where the next call should start.
6724
7253
  #
6725
7254
  # @option params [Integer] :max_items
6726
- # (Optional) Use this only when paginating results to indicate the
6727
- # maximum number of items you want in the response. If additional items
6728
- # exist beyond the maximum you specify, the `IsTruncated` response
6729
- # element is `true`.
7255
+ # Use this only when paginating results to indicate the maximum number
7256
+ # of items you want in the response. If additional items exist beyond
7257
+ # the maximum you specify, the `IsTruncated` response element is `true`.
6730
7258
  #
6731
- # If you do not include this parameter, it defaults to 100. Note that
6732
- # IAM might return fewer results, even when there are more results
6733
- # available. In that case, the `IsTruncated` response element returns
6734
- # `true` and `Marker` contains a value to include in the subsequent call
6735
- # that tells the service where to continue from.
7259
+ # If you do not include this parameter, the number of items defaults to
7260
+ # 100. Note that IAM might return fewer results, even when there are
7261
+ # more results available. In that case, the `IsTruncated` response
7262
+ # element returns `true`, and `Marker` contains a value to include in
7263
+ # the subsequent call that tells the service where to continue from.
6736
7264
  #
6737
7265
  # @return [Types::ListServerCertificatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6738
7266
  #
@@ -6770,8 +7298,8 @@ module Aws::IAM
6770
7298
  end
6771
7299
 
6772
7300
  # Returns information about the service-specific credentials associated
6773
- # with the specified IAM user. If there are none, the operation returns
6774
- # an empty list. The service-specific credentials returned by this
7301
+ # with the specified IAM user. If none exists, the operation returns an
7302
+ # empty list. The service-specific credentials returned by this
6775
7303
  # operation are used only for authenticating the IAM user to a specific
6776
7304
  # service. For more information about using service-specific credentials
6777
7305
  # to authenticate to an AWS service, see [Set Up service-specific
@@ -6786,7 +7314,7 @@ module Aws::IAM
6786
7314
  # information about. If this value is not specified, then the operation
6787
7315
  # assumes the user whose credentials are used to call the operation.
6788
7316
  #
6789
- # This parameter allows (per its [regex pattern][1]) a string of
7317
+ # This parameter allows (through its [regex pattern][1]) a string of
6790
7318
  # characters consisting of upper and lowercase alphanumeric characters
6791
7319
  # with no spaces. You can also include any of the following characters:
6792
7320
  # \_+=,.@-
@@ -6831,8 +7359,8 @@ module Aws::IAM
6831
7359
  end
6832
7360
 
6833
7361
  # Returns information about the signing certificates associated with the
6834
- # specified IAM user. If there are none, the operation returns an empty
6835
- # list.
7362
+ # specified IAM user. If there none exists, the operation returns an
7363
+ # empty list.
6836
7364
  #
6837
7365
  # Although each user is limited to a small number of signing
6838
7366
  # certificates, you can still paginate the results using the `MaxItems`
@@ -6840,15 +7368,15 @@ module Aws::IAM
6840
7368
  #
6841
7369
  # If the `UserName` field is not specified, the user name is determined
6842
7370
  # implicitly based on the AWS access key ID used to sign the request for
6843
- # this API. Because this operation works for access keys under the AWS
6844
- # account, you can use this operation to manage AWS account root user
6845
- # credentials even if the AWS account has no associated users.
7371
+ # this API. This operation works for access keys under the AWS account.
7372
+ # Consequently, you can use this operation to manage AWS account root
7373
+ # user credentials even if the AWS account has no associated users.
6846
7374
  #
6847
7375
  # @option params [String] :user_name
6848
7376
  # The name of the IAM user whose signing certificates you want to
6849
7377
  # examine.
6850
7378
  #
6851
- # This parameter allows (per its [regex pattern][1]) a string of
7379
+ # This parameter allows (through its [regex pattern][1]) a string of
6852
7380
  # characters consisting of upper and lowercase alphanumeric characters
6853
7381
  # with no spaces. You can also include any of the following characters:
6854
7382
  # \_+=,.@-
@@ -6864,16 +7392,15 @@ module Aws::IAM
6864
7392
  # to indicate where the next call should start.
6865
7393
  #
6866
7394
  # @option params [Integer] :max_items
6867
- # (Optional) Use this only when paginating results to indicate the
6868
- # maximum number of items you want in the response. If additional items
6869
- # exist beyond the maximum you specify, the `IsTruncated` response
6870
- # element is `true`.
7395
+ # Use this only when paginating results to indicate the maximum number
7396
+ # of items you want in the response. If additional items exist beyond
7397
+ # the maximum you specify, the `IsTruncated` response element is `true`.
6871
7398
  #
6872
- # If you do not include this parameter, it defaults to 100. Note that
6873
- # IAM might return fewer results, even when there are more results
6874
- # available. In that case, the `IsTruncated` response element returns
6875
- # `true` and `Marker` contains a value to include in the subsequent call
6876
- # that tells the service where to continue from.
7399
+ # If you do not include this parameter, the number of items defaults to
7400
+ # 100. Note that IAM might return fewer results, even when there are
7401
+ # more results available. In that case, the `IsTruncated` response
7402
+ # element returns `true`, and `Marker` contains a value to include in
7403
+ # the subsequent call that tells the service where to continue from.
6877
7404
  #
6878
7405
  # @return [Types::ListSigningCertificatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6879
7406
  #
@@ -6950,7 +7477,7 @@ module Aws::IAM
6950
7477
  # @option params [required, String] :user_name
6951
7478
  # The name of the user to list policies for.
6952
7479
  #
6953
- # This parameter allows (per its [regex pattern][1]) a string of
7480
+ # This parameter allows (through its [regex pattern][1]) a string of
6954
7481
  # characters consisting of upper and lowercase alphanumeric characters
6955
7482
  # with no spaces. You can also include any of the following characters:
6956
7483
  # \_+=,.@-
@@ -6966,16 +7493,15 @@ module Aws::IAM
6966
7493
  # to indicate where the next call should start.
6967
7494
  #
6968
7495
  # @option params [Integer] :max_items
6969
- # (Optional) Use this only when paginating results to indicate the
6970
- # maximum number of items you want in the response. If additional items
6971
- # exist beyond the maximum you specify, the `IsTruncated` response
6972
- # element is `true`.
7496
+ # Use this only when paginating results to indicate the maximum number
7497
+ # of items you want in the response. If additional items exist beyond
7498
+ # the maximum you specify, the `IsTruncated` response element is `true`.
6973
7499
  #
6974
- # If you do not include this parameter, it defaults to 100. Note that
6975
- # IAM might return fewer results, even when there are more results
6976
- # available. In that case, the `IsTruncated` response element returns
6977
- # `true` and `Marker` contains a value to include in the subsequent call
6978
- # that tells the service where to continue from.
7500
+ # If you do not include this parameter, the number of items defaults to
7501
+ # 100. Note that IAM might return fewer results, even when there are
7502
+ # more results available. In that case, the `IsTruncated` response
7503
+ # element returns `true`, and `Marker` contains a value to include in
7504
+ # the subsequent call that tells the service where to continue from.
6979
7505
  #
6980
7506
  # @return [Types::ListUserPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6981
7507
  #
@@ -7113,7 +7639,7 @@ module Aws::IAM
7113
7639
  # path starts with `/division_abc/subdivision_xyz/`.
7114
7640
  #
7115
7641
  # This parameter is optional. If it is not included, it defaults to a
7116
- # slash (/), listing all user names. This parameter allows (per its
7642
+ # slash (/), listing all user names. This parameter allows (through its
7117
7643
  # [regex pattern][1]) a string of characters consisting of either a
7118
7644
  # forward slash (/) by itself or a string that must begin and end with
7119
7645
  # forward slashes. In addition, it can contain any ASCII character from
@@ -7131,16 +7657,15 @@ module Aws::IAM
7131
7657
  # to indicate where the next call should start.
7132
7658
  #
7133
7659
  # @option params [Integer] :max_items
7134
- # (Optional) Use this only when paginating results to indicate the
7135
- # maximum number of items you want in the response. If additional items
7136
- # exist beyond the maximum you specify, the `IsTruncated` response
7137
- # element is `true`.
7660
+ # Use this only when paginating results to indicate the maximum number
7661
+ # of items you want in the response. If additional items exist beyond
7662
+ # the maximum you specify, the `IsTruncated` response element is `true`.
7138
7663
  #
7139
- # If you do not include this parameter, it defaults to 100. Note that
7140
- # IAM might return fewer results, even when there are more results
7141
- # available. In that case, the `IsTruncated` response element returns
7142
- # `true` and `Marker` contains a value to include in the subsequent call
7143
- # that tells the service where to continue from.
7664
+ # If you do not include this parameter, the number of items defaults to
7665
+ # 100. Note that IAM might return fewer results, even when there are
7666
+ # more results available. In that case, the `IsTruncated` response
7667
+ # element returns `true`, and `Marker` contains a value to include in
7668
+ # the subsequent call that tells the service where to continue from.
7144
7669
  #
7145
7670
  # @return [Types::ListUsersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7146
7671
  #
@@ -7195,11 +7720,11 @@ module Aws::IAM
7195
7720
  # resp.users[0].arn #=> String
7196
7721
  # resp.users[0].create_date #=> Time
7197
7722
  # resp.users[0].password_last_used #=> Time
7723
+ # resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
7724
+ # resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
7198
7725
  # resp.users[0].tags #=> Array
7199
7726
  # resp.users[0].tags[0].key #=> String
7200
7727
  # resp.users[0].tags[0].value #=> String
7201
- # resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
7202
- # resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
7203
7728
  # resp.is_truncated #=> Boolean
7204
7729
  # resp.marker #=> String
7205
7730
  #
@@ -7222,8 +7747,8 @@ module Aws::IAM
7222
7747
  #
7223
7748
  # @option params [String] :assignment_status
7224
7749
  # The status (`Unassigned` or `Assigned`) of the devices to list. If you
7225
- # do not specify an `AssignmentStatus`, the operation defaults to `Any`
7226
- # which lists both assigned and unassigned virtual MFA devices.
7750
+ # do not specify an `AssignmentStatus`, the operation defaults to `Any`,
7751
+ # which lists both assigned and unassigned virtual MFA devices.,
7227
7752
  #
7228
7753
  # @option params [String] :marker
7229
7754
  # Use this parameter only when paginating results and only after you
@@ -7232,16 +7757,15 @@ module Aws::IAM
7232
7757
  # to indicate where the next call should start.
7233
7758
  #
7234
7759
  # @option params [Integer] :max_items
7235
- # (Optional) Use this only when paginating results to indicate the
7236
- # maximum number of items you want in the response. If additional items
7237
- # exist beyond the maximum you specify, the `IsTruncated` response
7238
- # element is `true`.
7760
+ # Use this only when paginating results to indicate the maximum number
7761
+ # of items you want in the response. If additional items exist beyond
7762
+ # the maximum you specify, the `IsTruncated` response element is `true`.
7239
7763
  #
7240
- # If you do not include this parameter, it defaults to 100. Note that
7241
- # IAM might return fewer results, even when there are more results
7242
- # available. In that case, the `IsTruncated` response element returns
7243
- # `true` and `Marker` contains a value to include in the subsequent call
7244
- # that tells the service where to continue from.
7764
+ # If you do not include this parameter, the number of items defaults to
7765
+ # 100. Note that IAM might return fewer results, even when there are
7766
+ # more results available. In that case, the `IsTruncated` response
7767
+ # element returns `true`, and `Marker` contains a value to include in
7768
+ # the subsequent call that tells the service where to continue from.
7245
7769
  #
7246
7770
  # @return [Types::ListVirtualMFADevicesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7247
7771
  #
@@ -7289,11 +7813,11 @@ module Aws::IAM
7289
7813
  # resp.virtual_mfa_devices[0].user.arn #=> String
7290
7814
  # resp.virtual_mfa_devices[0].user.create_date #=> Time
7291
7815
  # resp.virtual_mfa_devices[0].user.password_last_used #=> Time
7816
+ # resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
7817
+ # resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_arn #=> String
7292
7818
  # resp.virtual_mfa_devices[0].user.tags #=> Array
7293
7819
  # resp.virtual_mfa_devices[0].user.tags[0].key #=> String
7294
7820
  # resp.virtual_mfa_devices[0].user.tags[0].value #=> String
7295
- # resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
7296
- # resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_arn #=> String
7297
7821
  # resp.virtual_mfa_devices[0].enable_date #=> Time
7298
7822
  # resp.is_truncated #=> Boolean
7299
7823
  # resp.marker #=> String
@@ -7335,7 +7859,7 @@ module Aws::IAM
7335
7859
  # @option params [required, String] :group_name
7336
7860
  # The name of the group to associate the policy with.
7337
7861
  #
7338
- # This parameter allows (per its [regex pattern][1]) a string of
7862
+ # This parameter allows (through its [regex pattern][1]) a string of
7339
7863
  # characters consisting of upper and lowercase alphanumeric characters
7340
7864
  # with no spaces. You can also include any of the following characters:
7341
7865
  # \_+=,.@-
@@ -7347,7 +7871,7 @@ module Aws::IAM
7347
7871
  # @option params [required, String] :policy_name
7348
7872
  # The name of the policy document.
7349
7873
  #
7350
- # This parameter allows (per its [regex pattern][1]) a string of
7874
+ # This parameter allows (through its [regex pattern][1]) a string of
7351
7875
  # characters consisting of upper and lowercase alphanumeric characters
7352
7876
  # with no spaces. You can also include any of the following characters:
7353
7877
  # \_+=,.@-
@@ -7421,7 +7945,7 @@ module Aws::IAM
7421
7945
  #
7422
7946
  #
7423
7947
  #
7424
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
7948
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
7425
7949
  #
7426
7950
  # @option params [required, String] :role_name
7427
7951
  # The name (friendly name, not ARN) of the IAM role for which you want
@@ -7485,7 +8009,7 @@ module Aws::IAM
7485
8009
  # @option params [required, String] :role_name
7486
8010
  # The name of the role to associate the policy with.
7487
8011
  #
7488
- # This parameter allows (per its [regex pattern][1]) a string of
8012
+ # This parameter allows (through its [regex pattern][1]) a string of
7489
8013
  # characters consisting of upper and lowercase alphanumeric characters
7490
8014
  # with no spaces. You can also include any of the following characters:
7491
8015
  # \_+=,.@-
@@ -7497,7 +8021,7 @@ module Aws::IAM
7497
8021
  # @option params [required, String] :policy_name
7498
8022
  # The name of the policy document.
7499
8023
  #
7500
- # This parameter allows (per its [regex pattern][1]) a string of
8024
+ # This parameter allows (through its [regex pattern][1]) a string of
7501
8025
  # characters consisting of upper and lowercase alphanumeric characters
7502
8026
  # with no spaces. You can also include any of the following characters:
7503
8027
  # \_+=,.@-
@@ -7569,7 +8093,7 @@ module Aws::IAM
7569
8093
  #
7570
8094
  #
7571
8095
  #
7572
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
8096
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
7573
8097
  #
7574
8098
  # @option params [required, String] :user_name
7575
8099
  # The name (friendly name, not ARN) of the IAM user for which you want
@@ -7625,7 +8149,7 @@ module Aws::IAM
7625
8149
  # @option params [required, String] :user_name
7626
8150
  # The name of the user to associate the policy with.
7627
8151
  #
7628
- # This parameter allows (per its [regex pattern][1]) a string of
8152
+ # This parameter allows (through its [regex pattern][1]) a string of
7629
8153
  # characters consisting of upper and lowercase alphanumeric characters
7630
8154
  # with no spaces. You can also include any of the following characters:
7631
8155
  # \_+=,.@-
@@ -7637,7 +8161,7 @@ module Aws::IAM
7637
8161
  # @option params [required, String] :policy_name
7638
8162
  # The name of the policy document.
7639
8163
  #
7640
- # This parameter allows (per its [regex pattern][1]) a string of
8164
+ # This parameter allows (through its [regex pattern][1]) a string of
7641
8165
  # characters consisting of upper and lowercase alphanumeric characters
7642
8166
  # with no spaces. You can also include any of the following characters:
7643
8167
  # \_+=,.@-
@@ -7757,7 +8281,7 @@ module Aws::IAM
7757
8281
  # @option params [required, String] :instance_profile_name
7758
8282
  # The name of the instance profile to update.
7759
8283
  #
7760
- # This parameter allows (per its [regex pattern][1]) a string of
8284
+ # This parameter allows (through its [regex pattern][1]) a string of
7761
8285
  # characters consisting of upper and lowercase alphanumeric characters
7762
8286
  # with no spaces. You can also include any of the following characters:
7763
8287
  # \_+=,.@-
@@ -7769,7 +8293,7 @@ module Aws::IAM
7769
8293
  # @option params [required, String] :role_name
7770
8294
  # The name of the role to remove.
7771
8295
  #
7772
- # This parameter allows (per its [regex pattern][1]) a string of
8296
+ # This parameter allows (through its [regex pattern][1]) a string of
7773
8297
  # characters consisting of upper and lowercase alphanumeric characters
7774
8298
  # with no spaces. You can also include any of the following characters:
7775
8299
  # \_+=,.@-
@@ -7811,7 +8335,7 @@ module Aws::IAM
7811
8335
  # @option params [required, String] :group_name
7812
8336
  # The name of the group to update.
7813
8337
  #
7814
- # This parameter allows (per its [regex pattern][1]) a string of
8338
+ # This parameter allows (through its [regex pattern][1]) a string of
7815
8339
  # characters consisting of upper and lowercase alphanumeric characters
7816
8340
  # with no spaces. You can also include any of the following characters:
7817
8341
  # \_+=,.@-
@@ -7823,7 +8347,7 @@ module Aws::IAM
7823
8347
  # @option params [required, String] :user_name
7824
8348
  # The name of the user to remove.
7825
8349
  #
7826
- # This parameter allows (per its [regex pattern][1]) a string of
8350
+ # This parameter allows (through its [regex pattern][1]) a string of
7827
8351
  # characters consisting of upper and lowercase alphanumeric characters
7828
8352
  # with no spaces. You can also include any of the following characters:
7829
8353
  # \_+=,.@-
@@ -7870,7 +8394,7 @@ module Aws::IAM
7870
8394
  # credential. If this value is not specified, then the operation assumes
7871
8395
  # the user whose credentials are used to call the operation.
7872
8396
  #
7873
- # This parameter allows (per its [regex pattern][1]) a string of
8397
+ # This parameter allows (through its [regex pattern][1]) a string of
7874
8398
  # characters consisting of upper and lowercase alphanumeric characters
7875
8399
  # with no spaces. You can also include any of the following characters:
7876
8400
  # \_+=,.@-
@@ -7882,7 +8406,7 @@ module Aws::IAM
7882
8406
  # @option params [required, String] :service_specific_credential_id
7883
8407
  # The unique identifier of the service-specific credential.
7884
8408
  #
7885
- # This parameter allows (per its [regex pattern][1]) a string of
8409
+ # This parameter allows (through its [regex pattern][1]) a string of
7886
8410
  # characters that can consist of any upper or lowercased letter or
7887
8411
  # digit.
7888
8412
  #
@@ -7934,7 +8458,7 @@ module Aws::IAM
7934
8458
  # @option params [required, String] :user_name
7935
8459
  # The name of the user whose MFA device you want to resynchronize.
7936
8460
  #
7937
- # This parameter allows (per its [regex pattern][1]) a string of
8461
+ # This parameter allows (through its [regex pattern][1]) a string of
7938
8462
  # characters consisting of upper and lowercase alphanumeric characters
7939
8463
  # with no spaces. You can also include any of the following characters:
7940
8464
  # \_+=,.@-
@@ -7946,7 +8470,7 @@ module Aws::IAM
7946
8470
  # @option params [required, String] :serial_number
7947
8471
  # Serial number that uniquely identifies the MFA device.
7948
8472
  #
7949
- # This parameter allows (per its [regex pattern][1]) a string of
8473
+ # This parameter allows (through its [regex pattern][1]) a string of
7950
8474
  # characters consisting of upper and lowercase alphanumeric characters
7951
8475
  # with no spaces. You can also include any of the following characters:
7952
8476
  # \_+=,.@-
@@ -8095,7 +8619,7 @@ module Aws::IAM
8095
8619
  #
8096
8620
  # @option params [Array<String>] :resource_arns
8097
8621
  # A list of ARNs of AWS resources to include in the simulation. If this
8098
- # parameter is not provided then the value defaults to `*` (all
8622
+ # parameter is not provided, then the value defaults to `*` (all
8099
8623
  # resources). Each API in the `ActionNames` parameter is evaluated for
8100
8624
  # each resource in this list. The simulation determines the access
8101
8625
  # result (allowed or denied) of each combination and reports it in the
@@ -8217,16 +8741,15 @@ module Aws::IAM
8217
8741
  # [1]: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html
8218
8742
  #
8219
8743
  # @option params [Integer] :max_items
8220
- # (Optional) Use this only when paginating results to indicate the
8221
- # maximum number of items you want in the response. If additional items
8222
- # exist beyond the maximum you specify, the `IsTruncated` response
8223
- # element is `true`.
8744
+ # Use this only when paginating results to indicate the maximum number
8745
+ # of items you want in the response. If additional items exist beyond
8746
+ # the maximum you specify, the `IsTruncated` response element is `true`.
8224
8747
  #
8225
- # If you do not include this parameter, it defaults to 100. Note that
8226
- # IAM might return fewer results, even when there are more results
8227
- # available. In that case, the `IsTruncated` response element returns
8228
- # `true` and `Marker` contains a value to include in the subsequent call
8229
- # that tells the service where to continue from.
8748
+ # If you do not include this parameter, the number of items defaults to
8749
+ # 100. Note that IAM might return fewer results, even when there are
8750
+ # more results available. In that case, the `IsTruncated` response
8751
+ # element returns `true`, and `Marker` contains a value to include in
8752
+ # the subsequent call that tells the service where to continue from.
8230
8753
  #
8231
8754
  # @option params [String] :marker
8232
8755
  # Use this parameter only when paginating results and only after you
@@ -8474,52 +8997,51 @@ module Aws::IAM
8474
8997
  # resources that you must define to run the simulation.
8475
8998
  #
8476
8999
  # Each of the EC2 scenarios requires that you specify instance, image,
8477
- # and security-group resources. If your scenario includes an EBS volume,
9000
+ # and security group resources. If your scenario includes an EBS volume,
8478
9001
  # then you must specify that volume as a resource. If the EC2 scenario
8479
- # includes VPC, then you must supply the network-interface resource. If
9002
+ # includes VPC, then you must supply the network interface resource. If
8480
9003
  # it includes an IP subnet, then you must specify the subnet resource.
8481
9004
  # For more information on the EC2 scenario options, see [Supported
8482
9005
  # Platforms][1] in the *Amazon EC2 User Guide*.
8483
9006
  #
8484
9007
  # * **EC2-Classic-InstanceStore**
8485
9008
  #
8486
- # instance, image, security-group
9009
+ # instance, image, security group
8487
9010
  #
8488
9011
  # * **EC2-Classic-EBS**
8489
9012
  #
8490
- # instance, image, security-group, volume
9013
+ # instance, image, security group, volume
8491
9014
  #
8492
9015
  # * **EC2-VPC-InstanceStore**
8493
9016
  #
8494
- # instance, image, security-group, network-interface
9017
+ # instance, image, security group, network interface
8495
9018
  #
8496
9019
  # * **EC2-VPC-InstanceStore-Subnet**
8497
9020
  #
8498
- # instance, image, security-group, network-interface, subnet
9021
+ # instance, image, security group, network interface, subnet
8499
9022
  #
8500
9023
  # * **EC2-VPC-EBS**
8501
9024
  #
8502
- # instance, image, security-group, network-interface, volume
9025
+ # instance, image, security group, network interface, volume
8503
9026
  #
8504
9027
  # * **EC2-VPC-EBS-Subnet**
8505
9028
  #
8506
- # instance, image, security-group, network-interface, subnet, volume
9029
+ # instance, image, security group, network interface, subnet, volume
8507
9030
  #
8508
9031
  #
8509
9032
  #
8510
9033
  # [1]: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html
8511
9034
  #
8512
9035
  # @option params [Integer] :max_items
8513
- # (Optional) Use this only when paginating results to indicate the
8514
- # maximum number of items you want in the response. If additional items
8515
- # exist beyond the maximum you specify, the `IsTruncated` response
8516
- # element is `true`.
9036
+ # Use this only when paginating results to indicate the maximum number
9037
+ # of items you want in the response. If additional items exist beyond
9038
+ # the maximum you specify, the `IsTruncated` response element is `true`.
8517
9039
  #
8518
- # If you do not include this parameter, it defaults to 100. Note that
8519
- # IAM might return fewer results, even when there are more results
8520
- # available. In that case, the `IsTruncated` response element returns
8521
- # `true` and `Marker` contains a value to include in the subsequent call
8522
- # that tells the service where to continue from.
9040
+ # If you do not include this parameter, the number of items defaults to
9041
+ # 100. Note that IAM might return fewer results, even when there are
9042
+ # more results available. In that case, the `IsTruncated` response
9043
+ # element returns `true`, and `Marker` contains a value to include in
9044
+ # the subsequent call that tells the service where to continue from.
8523
9045
  #
8524
9046
  # @option params [String] :marker
8525
9047
  # Use this parameter only when paginating results and only after you
@@ -8911,9 +9433,9 @@ module Aws::IAM
8911
9433
  #
8912
9434
  # If the `UserName` field is not specified, the user name is determined
8913
9435
  # implicitly based on the AWS access key ID used to sign the request.
8914
- # Because this operation works for access keys under the AWS account,
8915
- # you can use this operation to manage AWS account root user credentials
8916
- # even if the AWS account has no associated users.
9436
+ # This operation works for access keys under the AWS account.
9437
+ # Consequently, you can use this operation to manage AWS account root
9438
+ # user credentials even if the AWS account has no associated users.
8917
9439
  #
8918
9440
  # For information about rotating keys, see [Managing Keys and
8919
9441
  # Certificates][1] in the *IAM User Guide*.
@@ -8925,7 +9447,7 @@ module Aws::IAM
8925
9447
  # @option params [String] :user_name
8926
9448
  # The name of the user whose key you want to update.
8927
9449
  #
8928
- # This parameter allows (per its [regex pattern][1]) a string of
9450
+ # This parameter allows (through its [regex pattern][1]) a string of
8929
9451
  # characters consisting of upper and lowercase alphanumeric characters
8930
9452
  # with no spaces. You can also include any of the following characters:
8931
9453
  # \_+=,.@-
@@ -8937,7 +9459,7 @@ module Aws::IAM
8937
9459
  # @option params [required, String] :access_key_id
8938
9460
  # The access key ID of the secret access key you want to update.
8939
9461
  #
8940
- # This parameter allows (per its [regex pattern][1]) a string of
9462
+ # This parameter allows (through its [regex pattern][1]) a string of
8941
9463
  # characters that can consist of any upper or lowercased letter or
8942
9464
  # digit.
8943
9465
  #
@@ -9129,7 +9651,7 @@ module Aws::IAM
9129
9651
  # @option params [required, String] :role_name
9130
9652
  # The name of the role to update with the new policy.
9131
9653
  #
9132
- # This parameter allows (per its [regex pattern][1]) a string of
9654
+ # This parameter allows (through its [regex pattern][1]) a string of
9133
9655
  # characters consisting of upper and lowercase alphanumeric characters
9134
9656
  # with no spaces. You can also include any of the following characters:
9135
9657
  # \_+=,.@-
@@ -9210,7 +9732,7 @@ module Aws::IAM
9210
9732
  # Name of the IAM group to update. If you're changing the name of the
9211
9733
  # group, this is the original name.
9212
9734
  #
9213
- # This parameter allows (per its [regex pattern][1]) a string of
9735
+ # This parameter allows (through its [regex pattern][1]) a string of
9214
9736
  # characters consisting of upper and lowercase alphanumeric characters
9215
9737
  # with no spaces. You can also include any of the following characters:
9216
9738
  # \_+=,.@-
@@ -9223,7 +9745,7 @@ module Aws::IAM
9223
9745
  # New path for the IAM group. Only include this if changing the group's
9224
9746
  # path.
9225
9747
  #
9226
- # This parameter allows (per its [regex pattern][1]) a string of
9748
+ # This parameter allows (through its [regex pattern][1]) a string of
9227
9749
  # characters consisting of either a forward slash (/) by itself or a
9228
9750
  # string that must begin and end with forward slashes. In addition, it
9229
9751
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -9238,7 +9760,7 @@ module Aws::IAM
9238
9760
  # New name for the IAM group. Only include this if changing the group's
9239
9761
  # name.
9240
9762
  #
9241
- # This parameter allows (per its [regex pattern][1]) a string of
9763
+ # This parameter allows (through its [regex pattern][1]) a string of
9242
9764
  # characters consisting of upper and lowercase alphanumeric characters
9243
9765
  # with no spaces. You can also include any of the following characters:
9244
9766
  # \_+=,.@-
@@ -9289,7 +9811,7 @@ module Aws::IAM
9289
9811
  # @option params [required, String] :user_name
9290
9812
  # The name of the user whose password you want to update.
9291
9813
  #
9292
- # This parameter allows (per its [regex pattern][1]) a string of
9814
+ # This parameter allows (through its [regex pattern][1]) a string of
9293
9815
  # characters consisting of upper and lowercase alphanumeric characters
9294
9816
  # with no spaces. You can also include any of the following characters:
9295
9817
  # \_+=,.@-
@@ -9367,10 +9889,10 @@ module Aws::IAM
9367
9889
  # role that specifies the OIDC provider as a principal fails until the
9368
9890
  # certificate thumbprint is updated.
9369
9891
  #
9370
- # <note markdown="1"> Because trust for the OIDC provider is derived from the provider's
9371
- # certificate and is validated by the thumbprint, it is best to limit
9372
- # access to the `UpdateOpenIDConnectProviderThumbprint` operation to
9373
- # highly privileged users.
9892
+ # <note markdown="1"> Trust for the OIDC provider is derived from the provider's
9893
+ # certificate and is validated by the thumbprint. Therefore, it is best
9894
+ # to limit access to the `UpdateOpenIDConnectProviderThumbprint`
9895
+ # operation to highly privileged users.
9374
9896
  #
9375
9897
  # </note>
9376
9898
  #
@@ -9458,7 +9980,7 @@ module Aws::IAM
9458
9980
  req.send_request(options)
9459
9981
  end
9460
9982
 
9461
- # Use instead.
9983
+ # Use UpdateRole instead.
9462
9984
  #
9463
9985
  # Modifies only the description of a role. This operation performs the
9464
9986
  # same function as the `Description` parameter in the `UpdateRole`
@@ -9490,12 +10012,12 @@ module Aws::IAM
9490
10012
  # resp.role.create_date #=> Time
9491
10013
  # resp.role.assume_role_policy_document #=> String
9492
10014
  # resp.role.description #=> String
9493
- # resp.role.tags #=> Array
9494
- # resp.role.tags[0].key #=> String
9495
- # resp.role.tags[0].value #=> String
9496
10015
  # resp.role.max_session_duration #=> Integer
9497
10016
  # resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
9498
10017
  # resp.role.permissions_boundary.permissions_boundary_arn #=> String
10018
+ # resp.role.tags #=> Array
10019
+ # resp.role.tags[0].key #=> String
10020
+ # resp.role.tags[0].value #=> String
9499
10021
  #
9500
10022
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescription AWS API Documentation
9501
10023
  #
@@ -9577,7 +10099,7 @@ module Aws::IAM
9577
10099
  # @option params [required, String] :user_name
9578
10100
  # The name of the IAM user associated with the SSH public key.
9579
10101
  #
9580
- # This parameter allows (per its [regex pattern][1]) a string of
10102
+ # This parameter allows (through its [regex pattern][1]) a string of
9581
10103
  # characters consisting of upper and lowercase alphanumeric characters
9582
10104
  # with no spaces. You can also include any of the following characters:
9583
10105
  # \_+=,.@-
@@ -9589,7 +10111,7 @@ module Aws::IAM
9589
10111
  # @option params [required, String] :ssh_public_key_id
9590
10112
  # The unique identifier for the SSH public key.
9591
10113
  #
9592
- # This parameter allows (per its [regex pattern][1]) a string of
10114
+ # This parameter allows (through its [regex pattern][1]) a string of
9593
10115
  # characters that can consist of any upper or lowercased letter or
9594
10116
  # digit.
9595
10117
  #
@@ -9653,7 +10175,7 @@ module Aws::IAM
9653
10175
  # @option params [required, String] :server_certificate_name
9654
10176
  # The name of the server certificate that you want to update.
9655
10177
  #
9656
- # This parameter allows (per its [regex pattern][1]) a string of
10178
+ # This parameter allows (through its [regex pattern][1]) a string of
9657
10179
  # characters consisting of upper and lowercase alphanumeric characters
9658
10180
  # with no spaces. You can also include any of the following characters:
9659
10181
  # \_+=,.@-
@@ -9666,7 +10188,7 @@ module Aws::IAM
9666
10188
  # The new path for the server certificate. Include this only if you are
9667
10189
  # updating the server certificate's path.
9668
10190
  #
9669
- # This parameter allows (per its [regex pattern][1]) a string of
10191
+ # This parameter allows (through its [regex pattern][1]) a string of
9670
10192
  # characters consisting of either a forward slash (/) by itself or a
9671
10193
  # string that must begin and end with forward slashes. In addition, it
9672
10194
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -9682,7 +10204,7 @@ module Aws::IAM
9682
10204
  # updating the server certificate's name. The name of the certificate
9683
10205
  # cannot contain any spaces.
9684
10206
  #
9685
- # This parameter allows (per its [regex pattern][1]) a string of
10207
+ # This parameter allows (through its [regex pattern][1]) a string of
9686
10208
  # characters consisting of upper and lowercase alphanumeric characters
9687
10209
  # with no spaces. You can also include any of the following characters:
9688
10210
  # \_+=,.@-
@@ -9721,7 +10243,7 @@ module Aws::IAM
9721
10243
  # credential. If you do not specify this value, then the operation
9722
10244
  # assumes the user whose credentials are used to call the operation.
9723
10245
  #
9724
- # This parameter allows (per its [regex pattern][1]) a string of
10246
+ # This parameter allows (through its [regex pattern][1]) a string of
9725
10247
  # characters consisting of upper and lowercase alphanumeric characters
9726
10248
  # with no spaces. You can also include any of the following characters:
9727
10249
  # \_+=,.@-
@@ -9733,7 +10255,7 @@ module Aws::IAM
9733
10255
  # @option params [required, String] :service_specific_credential_id
9734
10256
  # The unique identifier of the service-specific credential.
9735
10257
  #
9736
- # This parameter allows (per its [regex pattern][1]) a string of
10258
+ # This parameter allows (through its [regex pattern][1]) a string of
9737
10259
  # characters that can consist of any upper or lowercased letter or
9738
10260
  # digit.
9739
10261
  #
@@ -9770,14 +10292,14 @@ module Aws::IAM
9770
10292
  #
9771
10293
  # If the `UserName` field is not specified, the user name is determined
9772
10294
  # implicitly based on the AWS access key ID used to sign the request.
9773
- # Because this operation works for access keys under the AWS account,
9774
- # you can use this operation to manage AWS account root user credentials
9775
- # even if the AWS account has no associated users.
10295
+ # This operation works for access keys under the AWS account.
10296
+ # Consequently, you can use this operation to manage AWS account root
10297
+ # user credentials even if the AWS account has no associated users.
9776
10298
  #
9777
10299
  # @option params [String] :user_name
9778
10300
  # The name of the IAM user the signing certificate belongs to.
9779
10301
  #
9780
- # This parameter allows (per its [regex pattern][1]) a string of
10302
+ # This parameter allows (through its [regex pattern][1]) a string of
9781
10303
  # characters consisting of upper and lowercase alphanumeric characters
9782
10304
  # with no spaces. You can also include any of the following characters:
9783
10305
  # \_+=,.@-
@@ -9789,7 +10311,7 @@ module Aws::IAM
9789
10311
  # @option params [required, String] :certificate_id
9790
10312
  # The ID of the signing certificate you want to update.
9791
10313
  #
9792
- # This parameter allows (per its [regex pattern][1]) a string of
10314
+ # This parameter allows (through its [regex pattern][1]) a string of
9793
10315
  # characters that can consist of any upper or lowercased letter or
9794
10316
  # digit.
9795
10317
  #
@@ -9856,7 +10378,7 @@ module Aws::IAM
9856
10378
  # Name of the user to update. If you're changing the name of the user,
9857
10379
  # this is the original user name.
9858
10380
  #
9859
- # This parameter allows (per its [regex pattern][1]) a string of
10381
+ # This parameter allows (through its [regex pattern][1]) a string of
9860
10382
  # characters consisting of upper and lowercase alphanumeric characters
9861
10383
  # with no spaces. You can also include any of the following characters:
9862
10384
  # \_+=,.@-
@@ -9869,7 +10391,7 @@ module Aws::IAM
9869
10391
  # New path for the IAM user. Include this parameter only if you're
9870
10392
  # changing the user's path.
9871
10393
  #
9872
- # This parameter allows (per its [regex pattern][1]) a string of
10394
+ # This parameter allows (through its [regex pattern][1]) a string of
9873
10395
  # characters consisting of either a forward slash (/) by itself or a
9874
10396
  # string that must begin and end with forward slashes. In addition, it
9875
10397
  # can contain any ASCII character from the ! (\\u0021) through the DEL
@@ -9884,7 +10406,7 @@ module Aws::IAM
9884
10406
  # New name for the user. Include this parameter only if you're changing
9885
10407
  # the user's name.
9886
10408
  #
9887
- # This parameter allows (per its [regex pattern][1]) a string of
10409
+ # This parameter allows (through its [regex pattern][1]) a string of
9888
10410
  # characters consisting of upper and lowercase alphanumeric characters
9889
10411
  # with no spaces. You can also include any of the following characters:
9890
10412
  # \_+=,.@-
@@ -9938,7 +10460,7 @@ module Aws::IAM
9938
10460
  # @option params [required, String] :user_name
9939
10461
  # The name of the IAM user to associate the SSH public key with.
9940
10462
  #
9941
- # This parameter allows (per its [regex pattern][1]) a string of
10463
+ # This parameter allows (through its [regex pattern][1]) a string of
9942
10464
  # characters consisting of upper and lowercase alphanumeric characters
9943
10465
  # with no spaces. You can also include any of the following characters:
9944
10466
  # \_+=,.@-
@@ -9949,7 +10471,7 @@ module Aws::IAM
9949
10471
  #
9950
10472
  # @option params [required, String] :ssh_public_key_body
9951
10473
  # The SSH public key. The public key must be encoded in ssh-rsa format
9952
- # or PEM format. The miminum bit-length of the public key is 2048 bits.
10474
+ # or PEM format. The minimum bit-length of the public key is 2048 bits.
9953
10475
  # For example, you can generate a 2048-bit key, and the resulting PEM
9954
10476
  # file is 1679 bytes long.
9955
10477
  #
@@ -10030,7 +10552,7 @@ module Aws::IAM
10030
10552
  #
10031
10553
  #
10032
10554
  #
10033
- # [1]: https://aws.amazon.com/certificate-manager/
10555
+ # [1]: http://docs.aws.amazon.com/certificate-manager/
10034
10556
  # [2]: http://docs.aws.amazon.com/acm/latest/userguide/
10035
10557
  # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
10036
10558
  # [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html
@@ -10042,12 +10564,12 @@ module Aws::IAM
10042
10564
  # see [IAM Identifiers][1] in the *IAM User Guide*.
10043
10565
  #
10044
10566
  # This parameter is optional. If it is not included, it defaults to a
10045
- # slash (/). This parameter allows (per its [regex pattern][2]) a string
10046
- # of characters consisting of either a forward slash (/) by itself or a
10047
- # string that must begin and end with forward slashes. In addition, it
10048
- # can contain any ASCII character from the ! (\\u0021) through the DEL
10049
- # character (\\u007F), including most punctuation characters, digits,
10050
- # and upper and lowercased letters.
10567
+ # slash (/). This parameter allows (through its [regex pattern][2]) a
10568
+ # string of characters consisting of either a forward slash (/) by
10569
+ # itself or a string that must begin and end with forward slashes. In
10570
+ # addition, it can contain any ASCII character from the ! (\\u0021)
10571
+ # through the DEL character (\\u007F), including most punctuation
10572
+ # characters, digits, and upper and lowercased letters.
10051
10573
  #
10052
10574
  # <note markdown="1"> If you are uploading a server certificate specifically for use with
10053
10575
  # Amazon CloudFront distributions, you must specify a path using the
@@ -10065,7 +10587,7 @@ module Aws::IAM
10065
10587
  # The name for the server certificate. Do not include the path in this
10066
10588
  # value. The name of the certificate cannot contain any spaces.
10067
10589
  #
10068
- # This parameter allows (per its [regex pattern][1]) a string of
10590
+ # This parameter allows (through its [regex pattern][1]) a string of
10069
10591
  # characters consisting of upper and lowercase alphanumeric characters
10070
10592
  # with no spaces. You can also include any of the following characters:
10071
10593
  # \_+=,.@-
@@ -10195,9 +10717,9 @@ module Aws::IAM
10195
10717
  #
10196
10718
  # If the `UserName` field is not specified, the IAM user name is
10197
10719
  # determined implicitly based on the AWS access key ID used to sign the
10198
- # request. Because this operation works for access keys under the AWS
10199
- # account, you can use this operation to manage AWS account root user
10200
- # credentials even if the AWS account has no associated users.
10720
+ # request. This operation works for access keys under the AWS account.
10721
+ # Consequently, you can use this operation to manage AWS account root
10722
+ # user credentials even if the AWS account has no associated users.
10201
10723
  #
10202
10724
  # <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
10203
10725
  # POST rather than GET when calling `UploadSigningCertificate`. For
@@ -10216,7 +10738,7 @@ module Aws::IAM
10216
10738
  # @option params [String] :user_name
10217
10739
  # The name of the user the signing certificate is for.
10218
10740
  #
10219
- # This parameter allows (per its [regex pattern][1]) a string of
10741
+ # This parameter allows (through its [regex pattern][1]) a string of
10220
10742
  # characters consisting of upper and lowercase alphanumeric characters
10221
10743
  # with no spaces. You can also include any of the following characters:
10222
10744
  # \_+=,.@-
@@ -10306,7 +10828,7 @@ module Aws::IAM
10306
10828
  params: params,
10307
10829
  config: config)
10308
10830
  context[:gem_name] = 'aws-sdk-iam'
10309
- context[:gem_version] = '1.12.0'
10831
+ context[:gem_version] = '1.13.0'
10310
10832
  Seahorse::Client::Request.new(handlers, context)
10311
10833
  end
10312
10834