RubyGems - aws-sdk-iam - Versions diffs - 1.18.0 → 1.19.0 - Mend

aws-sdk-iam 1.18.0 → 1.19.0

Files changed (10) hide show

checksums.yaml +4 -4
data/lib/aws-sdk-iam.rb +1 -1
data/lib/aws-sdk-iam/client.rb +159 -58
data/lib/aws-sdk-iam/client_api.rb +45 -30
data/lib/aws-sdk-iam/current_user.rb +5 -3
data/lib/aws-sdk-iam/role.rb +5 -3
data/lib/aws-sdk-iam/types.rb +80 -40
data/lib/aws-sdk-iam/user.rb +5 -3
data/lib/aws-sdk-iam/waiters.rb +84 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9a2a7a134a2e009e746e17c4d2ae3df29c568b8e
-  data.tar.gz: a34ec7b5e4a99be770088485a4dc7eb66b72e353
+  metadata.gz: 1457de0111415e588e2e32acb8ab467046c2cf63
+  data.tar.gz: 573c6f1ff4a8edd600f7a10f7f689f063a072a09
 SHA512:
-  metadata.gz: 57fd8e9a24f3ccf237175f680fdd6ec391c743573714a8aebe12f9d3ceb4aa0463d17a31fa97d32acb582c706f21a0d8f2520b057410faa47ee3e485011f58e2
-  data.tar.gz: 2945ee431bb18eb7fb94ed36b1931dda941abae06ad6c01e4a1525e3af03773878a65f18454cddac2b1ed8c570f0b1fe79b58c62a25f7e9831e0477c74dc8c03
+  metadata.gz: eba4de99198ab8afdccdf5b3c2828d475d490529419c0fdabb4e1616efb4081b1546d4543f546cfd9fe1b6786805c98b8cab63026fab149a306c88d485f9a2cf
+  data.tar.gz: 9c3a35387fb0838eafe48630829bc7d38af64f8ff84f65bdc6f9d054fd3c34723da436134b044f51e844c7fd0f4bb4f7cbb4ea6144956f4897cb0f8fba0762bd

data/lib/aws-sdk-iam.rb CHANGED Viewed

@@ -64,6 +64,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @service
 module Aws::IAM
-  GEM_VERSION = '1.18.0'
+  GEM_VERSION = '1.19.0'
 end

data/lib/aws-sdk-iam/client.rb CHANGED Viewed

@@ -1112,14 +1112,13 @@ module Aws::IAM
     #   application or applications that are allowed to authenticate using
     #   the OIDC provider
     #
-    # * A list of thumbprints of the server certificate(s) that the IdP
-    #   uses.
+    # * A list of thumbprints of the server certificate(s) that the IdP uses
     #
     # You get all of this information from the OIDC IdP that you want to use
     # to access AWS.
     #
-    # <note markdown="1"> Because trust for the OIDC provider is derived from the IAM provider
-    # that this operation creates, it is best to limit access to the
+    # <note markdown="1"> The trust for the OIDC provider is derived from the IAM provider that
+    # this operation creates. Therefore, it is best to limit access to the
     # CreateOpenIDConnectProvider operation to highly privileged users.
     #
     #  </note>
@@ -1614,7 +1613,7 @@ module Aws::IAM
     #
     # The SAML provider resource that you create with this operation can be
     # used as a principal in an IAM role's trust policy. Such a policy can
-    # enable federated users who sign-in using the SAML IdP to assume the
+    # enable federated users who sign in using the SAML IdP to assume the
     # role. You can create an IAM role that supports Web-based single
     # sign-on (SSO) to the AWS Management Console or one that supports API
     # access to AWS.
@@ -1714,8 +1713,8 @@ module Aws::IAM
     #
     #   Service principals are unique and case-sensitive. To find the exact
     #   service principal for your service-linked role, see [AWS Services That
-    #   Work with IAM][1] in the *IAM User Guide* and look for the services
-    #   that have <b>Yes </b>in the **Service-Linked Role** column. Choose the
+    #   Work with IAM][1] in the *IAM User Guide*. Look for the services that
+    #   have <b>Yes </b>in the **Service-Linked Role** column. Choose the
     #   **Yes** link to view the service-linked role documentation for that
     #   service.
     #
@@ -1977,10 +1976,10 @@ module Aws::IAM
     # create, see [Limitations on Entities][2] in the *IAM User Guide*.
     #
     # The seed information contained in the QR code and the Base32 string
-    # should be treated like any other secret access information, such as
-    # your AWS access keys or your passwords. After you provision your
-    # virtual device, you should ensure that the information is destroyed
-    # following secure procedures.
+    # should be treated like any other secret access information. In other
+    # words, protect the seed information as you would your AWS access keys
+    # or your passwords. After you provision your virtual device, you should
+    # ensure that the information is destroyed following secure procedures.
     #
     #
     #
@@ -2638,8 +2637,8 @@ module Aws::IAM
     # Deletes the permissions boundary for the specified IAM role.
     #
     # Deleting the permissions boundary for a role might increase its
-    # permissions by allowing anyone who assumes the role to perform all the
-    # actions granted in its permissions policies.
+    # permissions. For example, it might allow anyone who assumes the role
+    # to perform all the actions granted in its permissions policies.
     #
     # @option params [required, String] :role_name
     #   The name (friendly name, not ARN) of the IAM role from which you want
@@ -3024,9 +3023,34 @@ module Aws::IAM
       req.send_request(options)
     end
-    # Deletes the specified IAM user. The user must not belong to any groups
-    # or have any access keys, signing certificates, MFA devices enabled for
-    # AWS, or attached policies.
+    # Deletes the specified IAM user. Unlike the AWS Management Console,
+    # when you delete a user programmatically, you must delete the items
+    # attached to the user manually, or the deletion fails. For more
+    # information, see [Deleting an IAM User][1]. Before attempting to
+    # delete a user, remove the following items:
+    #
+    # * Password (DeleteLoginProfile)
+    #
+    # * Access keys (DeleteAccessKey)
+    #
+    # * Signing certificate (DeleteSigningCertificate)
+    #
+    # * SSH public key (DeleteSSHPublicKey)
+    #
+    # * Git credentials (DeleteServiceSpecificCredential)
+    #
+    # * Multi-factor authentication (MFA) device (DeactivateMFADevice,
+    #   DeleteVirtualMFADevice)
+    #
+    # * Inline policies (DeleteUserPolicy)
+    #
+    # * Attached managed policies (DetachUserPolicy)
+    #
+    # * Group memberships (RemoveUserFromGroup)
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli
     #
     # @option params [required, String] :user_name
     #   The name of the user to delete.
@@ -3473,7 +3497,7 @@ module Aws::IAM
     # IAM resource (user, group, role, or policy) was last used in an
     # attempt to access AWS services. Recent activity usually appears within
     # four hours. IAM reports activity for the last 365 days, or less if
-    # your region began supporting this feature within the last year. For
+    # your Region began supporting this feature within the last year. For
     # more information, see [Regions Where Data Is Tracked][1].
     #
     # The service last accessed data includes all attempts to access an AWS
@@ -3574,7 +3598,7 @@ module Aws::IAM
     # Retrieves information about when the specified access key was last
     # used. The information includes the date and time of last use, along
-    # with the AWS service and region that were specified in the last
+    # with the AWS service and Region that were specified in the last
     # request made with that key.
     #
     # @option params [required, String] :access_key_id
@@ -3869,6 +3893,7 @@ module Aws::IAM
     #       "AttachedPoliciesPerGroupQuota" => 10,
     #       "AttachedPoliciesPerRoleQuota" => 10,
     #       "AttachedPoliciesPerUserQuota" => 10,
+    #       "GlobalEndpointTokenVersion" => 2,
     #       "GroupPolicySizeQuota" => 5120,
     #       "Groups" => 15,
     #       "GroupsPerUserQuota" => 10,
@@ -4933,10 +4958,10 @@ module Aws::IAM
     # the reason that it failed.
     #
     # The `GetServiceLastAccessedDetails` operation returns a list of
-    # services that includes the number of entities that have attempted to
-    # access the service and the date and time of the last attempt. It also
-    # returns the ARN of the following entity, depending on the resource ARN
-    # that you used to generate the report:
+    # services. This list includes the number of entities that have
+    # attempted to access the service and the date and time of the last
+    # attempt. It also returns the ARN of the following entity, depending on
+    # the resource ARN that you used to generate the report:
     #
     # * **User** – Returns the user ARN that you used to generate the report
     #
@@ -5085,7 +5110,7 @@ module Aws::IAM
     #
     #   To learn the service namespace for a service, go to [Actions,
     #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
-    #   Guide* and choose the name of the service to view details for that
+    #   Guide*. Choose the name of the service to view details for that
     #   service. In the first paragraph, find the service prefix. For example,
     #   `(service prefix: a4b)`. For more information about service
     #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
@@ -5324,7 +5349,7 @@ module Aws::IAM
     #
     # An IAM user can also have managed policies attached to it. To retrieve
     # a managed policy document that is attached to a user, use GetPolicy to
-    # determine the policy's default version, then use GetPolicyVersion to
+    # determine the policy's default version. Then use GetPolicyVersion to
     # retrieve the policy document.
     #
     # For more information about policies, see [Managed Policies and Inline
@@ -6986,8 +7011,8 @@ module Aws::IAM
     # @option params [String] :marker
     #   Use this parameter only when paginating results and only after you
     #   receive a response indicating that the results are truncated. Set it
-    #   to the value of the `Marker` element in the response to indicate where
-    #   the next call should start.
+    #   to the value of the `Marker` element in the response that you received
+    #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
     #   (Optional) Use this only when paginating results to indicate the
@@ -7175,8 +7200,8 @@ module Aws::IAM
     end
     # Returns information about the SSH public keys associated with the
-    # specified IAM user. If there none exists, the operation returns an
-    # empty list.
+    # specified IAM user. If none exists, the operation returns an empty
+    # list.
     #
     # The SSH public keys returned by this operation are used only for
     # authenticating the IAM user to an AWS CodeCommit repository. For more
@@ -7402,8 +7427,8 @@ module Aws::IAM
     end
     # Returns information about the signing certificates associated with the
-    # specified IAM user. If there none exists, the operation returns an
-    # empty list.
+    # specified IAM user. If none exists, the operation returns an empty
+    # list.
     #
     # Although each user is limited to a small number of signing
     # certificates, you can still paginate the results using the `MaxItems`
@@ -7599,8 +7624,8 @@ module Aws::IAM
     # @option params [String] :marker
     #   Use this parameter only when paginating results and only after you
     #   receive a response indicating that the results are truncated. Set it
-    #   to the value of the `Marker` element in the response to indicate where
-    #   the next call should start.
+    #   to the value of the `Marker` element in the response that you received
+    #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
     #   (Optional) Use this only when paginating results to indicate the
@@ -8605,6 +8630,76 @@ module Aws::IAM
       req.send_request(options)
     end
+    # Sets the specified version of the global endpoint token as the token
+    # version used for the AWS account.
+    #
+    # By default, AWS Security Token Service (STS) is available as a global
+    # service, and all STS requests go to a single endpoint at
+    # `https://sts.amazonaws.com`. AWS recommends using Regional STS
+    # endpoints to reduce latency, build in redundancy, and increase session
+    # token availability. For information about Regional endpoints for STS,
+    # see [AWS Regions and Endpoints][1] in the *AWS General Reference*.
+    #
+    # If you make an STS call to the global endpoint, the resulting session
+    # tokens might be valid in some Regions but not others. It depends on
+    # the version that is set in this operation. Version 1 tokens are valid
+    # only in AWS Regions that are available by default. These tokens do not
+    # work in manually enabled Regions, such as Asia Pacific (Hong Kong).
+    # Version 2 tokens are valid in all Regions. However, version 2 tokens
+    # are longer and might affect systems where you temporarily store
+    # tokens. For information, see [Activating and Deactivating STS in an
+    # AWS Region][2] in the *IAM User Guide*.
+    #
+    # To view the current session token version, see the
+    # `GlobalEndpointTokenVersion` entry in the response of the
+    # GetAccountSummary operation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
+    #
+    # @option params [required, String] :global_endpoint_token_version
+    #   The version of the global endpoint token. Version 1 tokens are valid
+    #   only in AWS Regions that are available by default. These tokens do not
+    #   work in manually enabled Regions, such as Asia Pacific (Hong Kong).
+    #   Version 2 tokens are valid in all Regions. However, version 2 tokens
+    #   are longer and might affect systems where you temporarily store
+    #   tokens.
+    #
+    #   For information, see [Activating and Deactivating STS in an AWS
+    #   Region][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: To delete an access key for an IAM user
+    #
+    #   # The following command sets the STS global endpoint token to version 2. Version 2 tokens are valid in all Regions.
+    #
+    #   resp = client.set_security_token_service_preferences({
+    #     global_endpoint_token_version: "v2Token",
+    #   })
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.set_security_token_service_preferences({
+    #     global_endpoint_token_version: "v1Token", # required, accepts v1Token, v2Token
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetSecurityTokenServicePreferences AWS API Documentation
+    #
+    # @overload set_security_token_service_preferences(params = {})
+    # @param [Hash] params ({})
+    def set_security_token_service_preferences(params = {}, options = {})
+      req = build_request(:set_security_token_service_preferences, params)
+      req.send_request(options)
+    end
     # Simulate how a set of IAM policies and optionally a resource-based
     # policy works with a list of API operations and AWS resources to
     # determine the policies' effective permissions. The policies are
@@ -8658,7 +8753,8 @@ module Aws::IAM
     # @option params [required, Array<String>] :action_names
     #   A list of names of API operations to evaluate in the simulation. Each
     #   operation is evaluated against each resource. Each operation must
-    #   include the service identifier, such as `iam:CreateUser`.
+    #   include the service identifier, such as `iam:CreateUser`. This
+    #   operation does not support using wildcards (*) in an action name.
     #
     # @option params [Array<String>] :resource_arns
     #   A list of ARNs of AWS resources to include in the simulation. If this
@@ -8709,14 +8805,15 @@ module Aws::IAM
     # @option params [String] :resource_owner
     #   An ARN representing the AWS account ID that specifies the owner of any
     #   simulated resource that does not identify its owner in the resource
-    #   ARN, such as an S3 bucket or object. If `ResourceOwner` is specified,
-    #   it is also used as the account owner of any `ResourcePolicy` included
-    #   in the simulation. If the `ResourceOwner` parameter is not specified,
-    #   then the owner of the resources and the resource policy defaults to
-    #   the account of the identity provided in `CallerArn`. This parameter is
-    #   required only if you specify a resource-based policy and account that
-    #   owns the resource is different from the account that owns the
-    #   simulated calling user `CallerArn`.
+    #   ARN. Examples of resource ARNs include an S3 bucket or object. If
+    #   `ResourceOwner` is specified, it is also used as the account owner of
+    #   any `ResourcePolicy` included in the simulation. If the
+    #   `ResourceOwner` parameter is not specified, then the owner of the
+    #   resources and the resource policy defaults to the account of the
+    #   identity provided in `CallerArn`. This parameter is required only if
+    #   you specify a resource-based policy and account that owns the resource
+    #   is different from the account that owns the simulated calling user
+    #   `CallerArn`.
     #
     #   The ARN for an account uses the following syntax:
     #   `arn:aws:iam::AWS-account-ID:root`. For example, to represent the
@@ -8735,7 +8832,7 @@ module Aws::IAM
     # @option params [Array<Types::ContextEntry>] :context_entries
     #   A list of context keys and corresponding values for the simulation to
     #   use. Whenever a context key is evaluated in one of the simulated IAM
-    #   permission policies, the corresponding value is supplied.
+    #   permissions policies, the corresponding value is supplied.
     #
     # @option params [String] :resource_handling_option
     #   Specifies the type of simulation to run. Different API operations that
@@ -8886,7 +8983,7 @@ module Aws::IAM
     # You can also optionally include one resource-based policy to be
     # evaluated with each of the resources included in the simulation.
     #
-    # The simulation does not perform the API operations, it only checks the
+    # The simulation does not perform the API operations; it only checks the
     # authorization to determine if the simulated policies allow or deny the
     # operations.
     #
@@ -8989,15 +9086,15 @@ module Aws::IAM
     #
     # @option params [String] :resource_owner
     #   An AWS account ID that specifies the owner of any simulated resource
-    #   that does not identify its owner in the resource ARN, such as an S3
-    #   bucket or object. If `ResourceOwner` is specified, it is also used as
-    #   the account owner of any `ResourcePolicy` included in the simulation.
-    #   If the `ResourceOwner` parameter is not specified, then the owner of
-    #   the resources and the resource policy defaults to the account of the
-    #   identity provided in `CallerArn`. This parameter is required only if
-    #   you specify a resource-based policy and account that owns the resource
-    #   is different from the account that owns the simulated calling user
-    #   `CallerArn`.
+    #   that does not identify its owner in the resource ARN. Examples of
+    #   resource ARNs include an S3 bucket or object. If `ResourceOwner` is
+    #   specified, it is also used as the account owner of any
+    #   `ResourcePolicy` included in the simulation. If the `ResourceOwner`
+    #   parameter is not specified, then the owner of the resources and the
+    #   resource policy defaults to the account of the identity provided in
+    #   `CallerArn`. This parameter is required only if you specify a
+    #   resource-based policy and account that owns the resource is different
+    #   from the account that owns the simulated calling user `CallerArn`.
     #
     # @option params [String] :caller_arn
     #   The ARN of the IAM user that you want to specify as the simulated
@@ -9474,7 +9571,7 @@ module Aws::IAM
     # Inactive, or vice versa. This operation can be used to disable a
     # user's key as part of a key rotation workflow.
     #
-    # If the `UserName` field is not specified, the user name is determined
+    # If the `UserName` is not specified, the user name is determined
     # implicitly based on the AWS access key ID used to sign the request.
     # This operation works for access keys under the AWS account.
     # Consequently, you can use this operation to manage AWS account root
@@ -10595,7 +10692,7 @@ module Aws::IAM
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/certificate-manager/
+    # [1]: https://docs.aws.amazon.com/acm/
     # [2]: https://docs.aws.amazon.com/acm/latest/userguide/
     # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
     # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html
@@ -10758,9 +10855,9 @@ module Aws::IAM
     # to validate requests that are signed with a corresponding private key.
     # When you upload the certificate, its default status is `Active`.
     #
-    # If the `UserName` field is not specified, the IAM user name is
-    # determined implicitly based on the AWS access key ID used to sign the
-    # request. This operation works for access keys under the AWS account.
+    # If the `UserName` is not specified, the IAM user name is determined
+    # implicitly based on the AWS access key ID used to sign the request.
+    # This operation works for access keys under the AWS account.
     # Consequently, you can use this operation to manage AWS account root
     # user credentials even if the AWS account has no associated users.
     #
@@ -10871,7 +10968,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.18.0'
+      context[:gem_version] = '1.19.0'
       Seahorse::Client::Request.new(handlers, context)
     end
@@ -10940,6 +11037,8 @@ module Aws::IAM
     # | waiter_name             | params                  | :delay   | :max_attempts |
     # | ----------------------- | ----------------------- | -------- | ------------- |
     # | instance_profile_exists | {#get_instance_profile} | 1        | 40            |
+    # | policy_exists           | {#get_policy}           | 1        | 20            |
+    # | role_exists             | {#get_role}             | 1        | 20            |
     # | user_exists             | {#get_user}             | 1        | 20            |
     #
     # @raise [Errors::FailureStateError] Raised when the waiter terminates
@@ -10992,6 +11091,8 @@ module Aws::IAM
     def waiters
       {
         instance_profile_exists: Waiters::InstanceProfileExists,
+        policy_exists: Waiters::PolicyExists,
+        role_exists: Waiters::RoleExists,
         user_exists: Waiters::UserExists
       }
     end

data/lib/aws-sdk-iam/client_api.rb CHANGED Viewed

@@ -300,6 +300,7 @@ module Aws::IAM
     ServiceSpecificCredentialsListType = Shapes::ListShape.new(name: 'ServiceSpecificCredentialsListType')
     ServicesLastAccessed = Shapes::ListShape.new(name: 'ServicesLastAccessed')
     SetDefaultPolicyVersionRequest = Shapes::StructureShape.new(name: 'SetDefaultPolicyVersionRequest')
+    SetSecurityTokenServicePreferencesRequest = Shapes::StructureShape.new(name: 'SetSecurityTokenServicePreferencesRequest')
     SigningCertificate = Shapes::StructureShape.new(name: 'SigningCertificate')
     SimulateCustomPolicyRequest = Shapes::StructureShape.new(name: 'SimulateCustomPolicyRequest')
     SimulatePolicyResponse = Shapes::StructureShape.new(name: 'SimulatePolicyResponse')
@@ -373,6 +374,7 @@ module Aws::IAM
     entityNameType = Shapes::StringShape.new(name: 'entityNameType')
     entityTemporarilyUnmodifiableMessage = Shapes::StringShape.new(name: 'entityTemporarilyUnmodifiableMessage')
     existingUserNameType = Shapes::StringShape.new(name: 'existingUserNameType')
+    globalEndpointTokenVersion = Shapes::StringShape.new(name: 'globalEndpointTokenVersion')
     groupDetailListType = Shapes::ListShape.new(name: 'groupDetailListType')
     groupListType = Shapes::ListShape.new(name: 'groupListType')
     groupNameListType = Shapes::ListShape.new(name: 'groupNameListType')
@@ -423,6 +425,7 @@ module Aws::IAM
     publicKeyFingerprintType = Shapes::StringShape.new(name: 'publicKeyFingerprintType')
     publicKeyIdType = Shapes::StringShape.new(name: 'publicKeyIdType')
     publicKeyMaterialType = Shapes::StringShape.new(name: 'publicKeyMaterialType')
+    responseMarkerType = Shapes::StringShape.new(name: 'responseMarkerType')
     roleDescriptionType = Shapes::StringShape.new(name: 'roleDescriptionType')
     roleDetailListType = Shapes::ListShape.new(name: 'roleDetailListType')
     roleListType = Shapes::ListShape.new(name: 'roleListType')
@@ -794,7 +797,7 @@ module Aws::IAM
     GetAccountAuthorizationDetailsResponse.add_member(:role_detail_list, Shapes::ShapeRef.new(shape: roleDetailListType, location_name: "RoleDetailList"))
     GetAccountAuthorizationDetailsResponse.add_member(:policies, Shapes::ShapeRef.new(shape: ManagedPolicyDetailListType, location_name: "Policies"))
     GetAccountAuthorizationDetailsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    GetAccountAuthorizationDetailsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    GetAccountAuthorizationDetailsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     GetAccountAuthorizationDetailsResponse.struct_class = Types::GetAccountAuthorizationDetailsResponse
     GetAccountPasswordPolicyResponse.add_member(:password_policy, Shapes::ShapeRef.new(shape: PasswordPolicy, required: true, location_name: "PasswordPolicy"))
@@ -835,7 +838,7 @@ module Aws::IAM
     GetGroupResponse.add_member(:group, Shapes::ShapeRef.new(shape: Group, required: true, location_name: "Group"))
     GetGroupResponse.add_member(:users, Shapes::ShapeRef.new(shape: userListType, required: true, location_name: "Users"))
     GetGroupResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    GetGroupResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    GetGroupResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     GetGroupResponse.struct_class = Types::GetGroupResponse
     GetInstanceProfileRequest.add_member(:instance_profile_name, Shapes::ShapeRef.new(shape: instanceProfileNameType, required: true, location_name: "InstanceProfileName"))
@@ -919,7 +922,7 @@ module Aws::IAM
     GetServiceLastAccessedDetailsResponse.add_member(:services_last_accessed, Shapes::ShapeRef.new(shape: ServicesLastAccessed, required: true, location_name: "ServicesLastAccessed"))
     GetServiceLastAccessedDetailsResponse.add_member(:job_completion_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "JobCompletionDate"))
     GetServiceLastAccessedDetailsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    GetServiceLastAccessedDetailsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    GetServiceLastAccessedDetailsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     GetServiceLastAccessedDetailsResponse.add_member(:error, Shapes::ShapeRef.new(shape: ErrorDetails, location_name: "Error"))
     GetServiceLastAccessedDetailsResponse.struct_class = Types::GetServiceLastAccessedDetailsResponse
@@ -934,7 +937,7 @@ module Aws::IAM
     GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:job_completion_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "JobCompletionDate"))
     GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:entity_details_list, Shapes::ShapeRef.new(shape: entityDetailsListType, required: true, location_name: "EntityDetailsList"))
     GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:error, Shapes::ShapeRef.new(shape: ErrorDetails, location_name: "Error"))
     GetServiceLastAccessedDetailsWithEntitiesResponse.struct_class = Types::GetServiceLastAccessedDetailsWithEntitiesResponse
@@ -991,7 +994,7 @@ module Aws::IAM
     ListAccessKeysResponse.add_member(:access_key_metadata, Shapes::ShapeRef.new(shape: accessKeyMetadataListType, required: true, location_name: "AccessKeyMetadata"))
     ListAccessKeysResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListAccessKeysResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListAccessKeysResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListAccessKeysResponse.struct_class = Types::ListAccessKeysResponse
     ListAccountAliasesRequest.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
@@ -1000,7 +1003,7 @@ module Aws::IAM
     ListAccountAliasesResponse.add_member(:account_aliases, Shapes::ShapeRef.new(shape: accountAliasListType, required: true, location_name: "AccountAliases"))
     ListAccountAliasesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListAccountAliasesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListAccountAliasesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListAccountAliasesResponse.struct_class = Types::ListAccountAliasesResponse
     ListAttachedGroupPoliciesRequest.add_member(:group_name, Shapes::ShapeRef.new(shape: groupNameType, required: true, location_name: "GroupName"))
@@ -1011,7 +1014,7 @@ module Aws::IAM
     ListAttachedGroupPoliciesResponse.add_member(:attached_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedPolicies"))
     ListAttachedGroupPoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListAttachedGroupPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListAttachedGroupPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListAttachedGroupPoliciesResponse.struct_class = Types::ListAttachedGroupPoliciesResponse
     ListAttachedRolePoliciesRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
@@ -1022,7 +1025,7 @@ module Aws::IAM
     ListAttachedRolePoliciesResponse.add_member(:attached_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedPolicies"))
     ListAttachedRolePoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListAttachedRolePoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListAttachedRolePoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListAttachedRolePoliciesResponse.struct_class = Types::ListAttachedRolePoliciesResponse
     ListAttachedUserPoliciesRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
@@ -1033,7 +1036,7 @@ module Aws::IAM
     ListAttachedUserPoliciesResponse.add_member(:attached_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedPolicies"))
     ListAttachedUserPoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListAttachedUserPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListAttachedUserPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListAttachedUserPoliciesResponse.struct_class = Types::ListAttachedUserPoliciesResponse
     ListEntitiesForPolicyRequest.add_member(:policy_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PolicyArn"))
@@ -1048,7 +1051,7 @@ module Aws::IAM
     ListEntitiesForPolicyResponse.add_member(:policy_users, Shapes::ShapeRef.new(shape: PolicyUserListType, location_name: "PolicyUsers"))
     ListEntitiesForPolicyResponse.add_member(:policy_roles, Shapes::ShapeRef.new(shape: PolicyRoleListType, location_name: "PolicyRoles"))
     ListEntitiesForPolicyResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListEntitiesForPolicyResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListEntitiesForPolicyResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListEntitiesForPolicyResponse.struct_class = Types::ListEntitiesForPolicyResponse
     ListGroupPoliciesRequest.add_member(:group_name, Shapes::ShapeRef.new(shape: groupNameType, required: true, location_name: "GroupName"))
@@ -1058,7 +1061,7 @@ module Aws::IAM
     ListGroupPoliciesResponse.add_member(:policy_names, Shapes::ShapeRef.new(shape: policyNameListType, required: true, location_name: "PolicyNames"))
     ListGroupPoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListGroupPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListGroupPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListGroupPoliciesResponse.struct_class = Types::ListGroupPoliciesResponse
     ListGroupsForUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
@@ -1068,7 +1071,7 @@ module Aws::IAM
     ListGroupsForUserResponse.add_member(:groups, Shapes::ShapeRef.new(shape: groupListType, required: true, location_name: "Groups"))
     ListGroupsForUserResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListGroupsForUserResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListGroupsForUserResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListGroupsForUserResponse.struct_class = Types::ListGroupsForUserResponse
     ListGroupsRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
@@ -1078,7 +1081,7 @@ module Aws::IAM
     ListGroupsResponse.add_member(:groups, Shapes::ShapeRef.new(shape: groupListType, required: true, location_name: "Groups"))
     ListGroupsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListGroupsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListGroupsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListGroupsResponse.struct_class = Types::ListGroupsResponse
     ListInstanceProfilesForRoleRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
@@ -1088,7 +1091,7 @@ module Aws::IAM
     ListInstanceProfilesForRoleResponse.add_member(:instance_profiles, Shapes::ShapeRef.new(shape: instanceProfileListType, required: true, location_name: "InstanceProfiles"))
     ListInstanceProfilesForRoleResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListInstanceProfilesForRoleResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListInstanceProfilesForRoleResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListInstanceProfilesForRoleResponse.struct_class = Types::ListInstanceProfilesForRoleResponse
     ListInstanceProfilesRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
@@ -1098,7 +1101,7 @@ module Aws::IAM
     ListInstanceProfilesResponse.add_member(:instance_profiles, Shapes::ShapeRef.new(shape: instanceProfileListType, required: true, location_name: "InstanceProfiles"))
     ListInstanceProfilesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListInstanceProfilesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListInstanceProfilesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListInstanceProfilesResponse.struct_class = Types::ListInstanceProfilesResponse
     ListMFADevicesRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, location_name: "UserName"))
@@ -1108,7 +1111,7 @@ module Aws::IAM
     ListMFADevicesResponse.add_member(:mfa_devices, Shapes::ShapeRef.new(shape: mfaDeviceListType, required: true, location_name: "MFADevices"))
     ListMFADevicesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListMFADevicesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListMFADevicesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListMFADevicesResponse.struct_class = Types::ListMFADevicesResponse
     ListOpenIDConnectProvidersRequest.struct_class = Types::ListOpenIDConnectProvidersRequest
@@ -1127,7 +1130,7 @@ module Aws::IAM
     ListPoliciesGrantingServiceAccessResponse.add_member(:policies_granting_service_access, Shapes::ShapeRef.new(shape: listPolicyGrantingServiceAccessResponseListType, required: true, location_name: "PoliciesGrantingServiceAccess"))
     ListPoliciesGrantingServiceAccessResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListPoliciesGrantingServiceAccessResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListPoliciesGrantingServiceAccessResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListPoliciesGrantingServiceAccessResponse.struct_class = Types::ListPoliciesGrantingServiceAccessResponse
     ListPoliciesRequest.add_member(:scope, Shapes::ShapeRef.new(shape: policyScopeType, location_name: "Scope"))
@@ -1140,7 +1143,7 @@ module Aws::IAM
     ListPoliciesResponse.add_member(:policies, Shapes::ShapeRef.new(shape: policyListType, location_name: "Policies"))
     ListPoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListPoliciesResponse.struct_class = Types::ListPoliciesResponse
     ListPolicyVersionsRequest.add_member(:policy_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PolicyArn"))
@@ -1150,7 +1153,7 @@ module Aws::IAM
     ListPolicyVersionsResponse.add_member(:versions, Shapes::ShapeRef.new(shape: policyDocumentVersionListType, location_name: "Versions"))
     ListPolicyVersionsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListPolicyVersionsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListPolicyVersionsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListPolicyVersionsResponse.struct_class = Types::ListPolicyVersionsResponse
     ListRolePoliciesRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
@@ -1160,7 +1163,7 @@ module Aws::IAM
     ListRolePoliciesResponse.add_member(:policy_names, Shapes::ShapeRef.new(shape: policyNameListType, required: true, location_name: "PolicyNames"))
     ListRolePoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListRolePoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListRolePoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListRolePoliciesResponse.struct_class = Types::ListRolePoliciesResponse
     ListRoleTagsRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
@@ -1170,7 +1173,7 @@ module Aws::IAM
     ListRoleTagsResponse.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
     ListRoleTagsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListRoleTagsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListRoleTagsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListRoleTagsResponse.struct_class = Types::ListRoleTagsResponse
     ListRolesRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
@@ -1180,7 +1183,7 @@ module Aws::IAM
     ListRolesResponse.add_member(:roles, Shapes::ShapeRef.new(shape: roleListType, required: true, location_name: "Roles"))
     ListRolesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListRolesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListRolesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListRolesResponse.struct_class = Types::ListRolesResponse
     ListSAMLProvidersRequest.struct_class = Types::ListSAMLProvidersRequest
@@ -1195,7 +1198,7 @@ module Aws::IAM
     ListSSHPublicKeysResponse.add_member(:ssh_public_keys, Shapes::ShapeRef.new(shape: SSHPublicKeyListType, location_name: "SSHPublicKeys"))
     ListSSHPublicKeysResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListSSHPublicKeysResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListSSHPublicKeysResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListSSHPublicKeysResponse.struct_class = Types::ListSSHPublicKeysResponse
     ListServerCertificatesRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
@@ -1205,7 +1208,7 @@ module Aws::IAM
     ListServerCertificatesResponse.add_member(:server_certificate_metadata_list, Shapes::ShapeRef.new(shape: serverCertificateMetadataListType, required: true, location_name: "ServerCertificateMetadataList"))
     ListServerCertificatesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListServerCertificatesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListServerCertificatesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListServerCertificatesResponse.struct_class = Types::ListServerCertificatesResponse
     ListServiceSpecificCredentialsRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, location_name: "UserName"))
@@ -1222,7 +1225,7 @@ module Aws::IAM
     ListSigningCertificatesResponse.add_member(:certificates, Shapes::ShapeRef.new(shape: certificateListType, required: true, location_name: "Certificates"))
     ListSigningCertificatesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListSigningCertificatesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListSigningCertificatesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListSigningCertificatesResponse.struct_class = Types::ListSigningCertificatesResponse
     ListUserPoliciesRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
@@ -1232,7 +1235,7 @@ module Aws::IAM
     ListUserPoliciesResponse.add_member(:policy_names, Shapes::ShapeRef.new(shape: policyNameListType, required: true, location_name: "PolicyNames"))
     ListUserPoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListUserPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListUserPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListUserPoliciesResponse.struct_class = Types::ListUserPoliciesResponse
     ListUserTagsRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
@@ -1242,7 +1245,7 @@ module Aws::IAM
     ListUserTagsResponse.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
     ListUserTagsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListUserTagsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListUserTagsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListUserTagsResponse.struct_class = Types::ListUserTagsResponse
     ListUsersRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
@@ -1252,7 +1255,7 @@ module Aws::IAM
     ListUsersResponse.add_member(:users, Shapes::ShapeRef.new(shape: userListType, required: true, location_name: "Users"))
     ListUsersResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListUsersResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListUsersResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListUsersResponse.struct_class = Types::ListUsersResponse
     ListVirtualMFADevicesRequest.add_member(:assignment_status, Shapes::ShapeRef.new(shape: assignmentStatusType, location_name: "AssignmentStatus"))
@@ -1262,7 +1265,7 @@ module Aws::IAM
     ListVirtualMFADevicesResponse.add_member(:virtual_mfa_devices, Shapes::ShapeRef.new(shape: virtualMFADeviceListType, required: true, location_name: "VirtualMFADevices"))
     ListVirtualMFADevicesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListVirtualMFADevicesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListVirtualMFADevicesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListVirtualMFADevicesResponse.struct_class = Types::ListVirtualMFADevicesResponse
     LoginProfile.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
@@ -1521,6 +1524,9 @@ module Aws::IAM
     SetDefaultPolicyVersionRequest.add_member(:version_id, Shapes::ShapeRef.new(shape: policyVersionIdType, required: true, location_name: "VersionId"))
     SetDefaultPolicyVersionRequest.struct_class = Types::SetDefaultPolicyVersionRequest
+    SetSecurityTokenServicePreferencesRequest.add_member(:global_endpoint_token_version, Shapes::ShapeRef.new(shape: globalEndpointTokenVersion, required: true, location_name: "GlobalEndpointTokenVersion"))
+    SetSecurityTokenServicePreferencesRequest.struct_class = Types::SetSecurityTokenServicePreferencesRequest
     SigningCertificate.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
     SigningCertificate.add_member(:certificate_id, Shapes::ShapeRef.new(shape: certificateIdType, required: true, location_name: "CertificateId"))
     SigningCertificate.add_member(:certificate_body, Shapes::ShapeRef.new(shape: certificateBodyType, required: true, location_name: "CertificateBody"))
@@ -1542,7 +1548,7 @@ module Aws::IAM
     SimulatePolicyResponse.add_member(:evaluation_results, Shapes::ShapeRef.new(shape: EvaluationResultsListType, location_name: "EvaluationResults"))
     SimulatePolicyResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    SimulatePolicyResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    SimulatePolicyResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     SimulatePolicyResponse.struct_class = Types::SimulatePolicyResponse
     SimulatePrincipalPolicyRequest.add_member(:policy_source_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PolicySourceArn"))
@@ -3219,6 +3225,15 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
+      api.add_operation(:set_security_token_service_preferences, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "SetSecurityTokenServicePreferences"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: SetSecurityTokenServicePreferencesRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
       api.add_operation(:simulate_custom_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "SimulateCustomPolicy"
         o.http_method = "POST"

data/lib/aws-sdk-iam/current_user.rb CHANGED Viewed

@@ -105,9 +105,11 @@ module Aws::IAM
     # user.
     #
     # For more information about permissions boundaries, see [Permissions
-    # Boundaries for IAM Identities
-    # ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    # User Guide*.
+    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     # @return [Types::AttachedPermissionsBoundary]
     def permissions_boundary
       data[:permissions_boundary]

data/lib/aws-sdk-iam/role.rb CHANGED Viewed

@@ -102,9 +102,11 @@ module Aws::IAM
     # role.
     #
     # For more information about permissions boundaries, see [Permissions
-    # Boundaries for IAM Identities
-    # ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    # User Guide*.
+    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     # @return [Types::AttachedPermissionsBoundary]
     def permissions_boundary
       data[:permissions_boundary]

data/lib/aws-sdk-iam/types.rb CHANGED Viewed

@@ -1294,7 +1294,7 @@ module Aws::IAM
     #
     #   Service principals are unique and case-sensitive. To find the exact
     #   service principal for your service-linked role, see [AWS Services
-    #   That Work with IAM][1] in the *IAM User Guide* and look for the
+    #   That Work with IAM][1] in the *IAM User Guide*. Look for the
     #   services that have <b>Yes </b>in the **Service-Linked Role** column.
     #   Choose the **Yes** link to view the service-linked role
     #   documentation for that service.
@@ -1384,8 +1384,8 @@ module Aws::IAM
     #   service-specific credential.
     #
     #   This is the only time that the password for this credential set is
-    #   available. It cannot be recovered later. Instead, you will have to
-    #   reset the password with ResetServiceSpecificCredential.
+    #   available. It cannot be recovered later. Instead, you must reset the
+    #   password with ResetServiceSpecificCredential.
     #   @return [Types::ServiceSpecificCredential]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceSpecificCredentialResponse AWS API Documentation
@@ -3831,7 +3831,7 @@ module Aws::IAM
     #
     #   To learn the service namespace for a service, go to [Actions,
     #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
-    #   Guide* and choose the name of the service to view details for that
+    #   Guide*. Choose the name of the service to view details for that
     #   service. In the first paragraph, find the service prefix. For
     #   example, `(service prefix: a4b)`. For more information about service
     #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
@@ -5862,8 +5862,8 @@ module Aws::IAM
     # @!attribute [rw] marker
     #   Use this parameter only when paginating results and only after you
     #   receive a response indicating that the results are truncated. Set it
-    #   to the value of the `Marker` element in the response to indicate
-    #   where the next call should start.
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
     #   @return [String]
     #
     # @!attribute [rw] max_items
@@ -6439,8 +6439,8 @@ module Aws::IAM
     # @!attribute [rw] marker
     #   Use this parameter only when paginating results and only after you
     #   receive a response indicating that the results are truncated. Set it
-    #   to the value of the `Marker` element in the response to indicate
-    #   where the next call should start.
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
     #   @return [String]
     #
     # @!attribute [rw] max_items
@@ -7962,9 +7962,11 @@ module Aws::IAM
     #   role.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities
-    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    #   User Guide*.
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags
@@ -8066,9 +8068,11 @@ module Aws::IAM
     #   role.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities
-    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    #   User Guide*.
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags
@@ -8531,6 +8535,36 @@ module Aws::IAM
       include Aws::Structure
     end
+    # @note When making an API call, you may pass SetSecurityTokenServicePreferencesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         global_endpoint_token_version: "v1Token", # required, accepts v1Token, v2Token
+    #       }
+    #
+    # @!attribute [rw] global_endpoint_token_version
+    #   The version of the global endpoint token. Version 1 tokens are valid
+    #   only in AWS Regions that are available by default. These tokens do
+    #   not work in manually enabled Regions, such as Asia Pacific (Hong
+    #   Kong). Version 2 tokens are valid in all Regions. However, version 2
+    #   tokens are longer and might affect systems where you temporarily
+    #   store tokens.
+    #
+    #   For information, see [Activating and Deactivating STS in an AWS
+    #   Region][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetSecurityTokenServicePreferencesRequest AWS API Documentation
+    #
+    class SetSecurityTokenServicePreferencesRequest < Struct.new(
+      :global_endpoint_token_version)
+      include Aws::Structure
+    end
     # Contains information about an X.509 signing certificate.
     #
     # This data type is used as a response element in the
@@ -8623,7 +8657,8 @@ module Aws::IAM
     # @!attribute [rw] action_names
     #   A list of names of API operations to evaluate in the simulation.
     #   Each operation is evaluated against each resource. Each operation
-    #   must include the service identifier, such as `iam:CreateUser`.
+    #   must include the service identifier, such as `iam:CreateUser`. This
+    #   operation does not support using wildcards (*) in an action name.
     #   @return [Array<String>]
     #
     # @!attribute [rw] resource_arns
@@ -8677,15 +8712,15 @@ module Aws::IAM
     # @!attribute [rw] resource_owner
     #   An ARN representing the AWS account ID that specifies the owner of
     #   any simulated resource that does not identify its owner in the
-    #   resource ARN, such as an S3 bucket or object. If `ResourceOwner` is
-    #   specified, it is also used as the account owner of any
-    #   `ResourcePolicy` included in the simulation. If the `ResourceOwner`
-    #   parameter is not specified, then the owner of the resources and the
-    #   resource policy defaults to the account of the identity provided in
-    #   `CallerArn`. This parameter is required only if you specify a
-    #   resource-based policy and account that owns the resource is
-    #   different from the account that owns the simulated calling user
-    #   `CallerArn`.
+    #   resource ARN. Examples of resource ARNs include an S3 bucket or
+    #   object. If `ResourceOwner` is specified, it is also used as the
+    #   account owner of any `ResourcePolicy` included in the simulation. If
+    #   the `ResourceOwner` parameter is not specified, then the owner of
+    #   the resources and the resource policy defaults to the account of the
+    #   identity provided in `CallerArn`. This parameter is required only if
+    #   you specify a resource-based policy and account that owns the
+    #   resource is different from the account that owns the simulated
+    #   calling user `CallerArn`.
     #
     #   The ARN for an account uses the following syntax:
     #   `arn:aws:iam::AWS-account-ID:root`. For example, to represent the
@@ -8706,7 +8741,7 @@ module Aws::IAM
     # @!attribute [rw] context_entries
     #   A list of context keys and corresponding values for the simulation
     #   to use. Whenever a context key is evaluated in one of the simulated
-    #   IAM permission policies, the corresponding value is supplied.
+    #   IAM permissions policies, the corresponding value is supplied.
     #   @return [Array<Types::ContextEntry>]
     #
     # @!attribute [rw] resource_handling_option
@@ -8938,15 +8973,16 @@ module Aws::IAM
     #
     # @!attribute [rw] resource_owner
     #   An AWS account ID that specifies the owner of any simulated resource
-    #   that does not identify its owner in the resource ARN, such as an S3
-    #   bucket or object. If `ResourceOwner` is specified, it is also used
-    #   as the account owner of any `ResourcePolicy` included in the
-    #   simulation. If the `ResourceOwner` parameter is not specified, then
-    #   the owner of the resources and the resource policy defaults to the
-    #   account of the identity provided in `CallerArn`. This parameter is
-    #   required only if you specify a resource-based policy and account
-    #   that owns the resource is different from the account that owns the
-    #   simulated calling user `CallerArn`.
+    #   that does not identify its owner in the resource ARN. Examples of
+    #   resource ARNs include an S3 bucket or object. If `ResourceOwner` is
+    #   specified, it is also used as the account owner of any
+    #   `ResourcePolicy` included in the simulation. If the `ResourceOwner`
+    #   parameter is not specified, then the owner of the resources and the
+    #   resource policy defaults to the account of the identity provided in
+    #   `CallerArn`. This parameter is required only if you specify a
+    #   resource-based policy and account that owns the resource is
+    #   different from the account that owns the simulated calling user
+    #   `CallerArn`.
     #   @return [String]
     #
     # @!attribute [rw] caller_arn
@@ -10428,9 +10464,11 @@ module Aws::IAM
     #   user.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities
-    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    #   User Guide*.
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags
@@ -10524,9 +10562,11 @@ module Aws::IAM
     #   user.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities
-    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    #   User Guide*.
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags

data/lib/aws-sdk-iam/user.rb CHANGED Viewed

@@ -110,9 +110,11 @@ module Aws::IAM
     # user.
     #
     # For more information about permissions boundaries, see [Permissions
-    # Boundaries for IAM Identities
-    # ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    # User Guide*.
+    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     # @return [Types::AttachedPermissionsBoundary]
     def permissions_boundary
       data[:permissions_boundary]

data/lib/aws-sdk-iam/waiters.rb CHANGED Viewed

@@ -52,6 +52,90 @@ module Aws::IAM
     end
+    class PolicyExists
+      # @param [Hash] options
+      # @option options [required, Client] :client
+      # @option options [Integer] :max_attempts (20)
+      # @option options [Integer] :delay (1)
+      # @option options [Proc] :before_attempt
+      # @option options [Proc] :before_wait
+      def initialize(options)
+        @client = options.fetch(:client)
+        @waiter = Aws::Waiters::Waiter.new({
+          max_attempts: 20,
+          delay: 1,
+          poller: Aws::Waiters::Poller.new(
+            operation_name: :get_policy,
+            acceptors: [
+              {
+                "state" => "success",
+                "matcher" => "status",
+                "expected" => 200
+              },
+              {
+                "state" => "retry",
+                "matcher" => "error",
+                "expected" => "NoSuchEntity"
+              }
+            ]
+          )
+        }.merge(options))
+      end
+      # @option (see Client#get_policy)
+      # @return (see Client#get_policy)
+      def wait(params = {})
+        @waiter.wait(client: @client, params: params)
+      end
+      # @api private
+      attr_reader :waiter
+    end
+    class RoleExists
+      # @param [Hash] options
+      # @option options [required, Client] :client
+      # @option options [Integer] :max_attempts (20)
+      # @option options [Integer] :delay (1)
+      # @option options [Proc] :before_attempt
+      # @option options [Proc] :before_wait
+      def initialize(options)
+        @client = options.fetch(:client)
+        @waiter = Aws::Waiters::Waiter.new({
+          max_attempts: 20,
+          delay: 1,
+          poller: Aws::Waiters::Poller.new(
+            operation_name: :get_role,
+            acceptors: [
+              {
+                "state" => "success",
+                "matcher" => "status",
+                "expected" => 200
+              },
+              {
+                "state" => "retry",
+                "matcher" => "error",
+                "expected" => "NoSuchEntity"
+              }
+            ]
+          )
+        }.merge(options))
+      end
+      # @option (see Client#get_role)
+      # @return (see Client#get_role)
+      def wait(params = {})
+        @waiter.wait(client: @client, params: params)
+      end
+      # @api private
+      attr_reader :waiter
+    end
     class UserExists
       # @param [Hash] options

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iam
 version: !ruby/object:Gem::Version
-  version: 1.18.0
+  version: 1.19.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-04-04 00:00:00.000000000 Z
+date: 2019-04-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -82,7 +82,7 @@ files:
 - lib/aws-sdk-iam/user_policy.rb
 - lib/aws-sdk-iam/virtual_mfa_device.rb
 - lib/aws-sdk-iam/waiters.rb
-homepage: http://github.com/aws/aws-sdk-ruby
+homepage: https://github.com/aws/aws-sdk-ruby
 licenses:
 - Apache-2.0
 metadata: