RubyGems - aws-sdk-iam - Versions diffs - 1.18.0 → 1.19.0 - Mend

aws-sdk-iam 1.18.0 → 1.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/lib/aws-sdk-iam.rb +1 -1
data/lib/aws-sdk-iam/client.rb +159 -58
data/lib/aws-sdk-iam/client_api.rb +45 -30
data/lib/aws-sdk-iam/current_user.rb +5 -3
data/lib/aws-sdk-iam/role.rb +5 -3
data/lib/aws-sdk-iam/types.rb +80 -40
data/lib/aws-sdk-iam/user.rb +5 -3
data/lib/aws-sdk-iam/waiters.rb +84 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9a2a7a134a2e009e746e17c4d2ae3df29c568b8e
-  data.tar.gz: a34ec7b5e4a99be770088485a4dc7eb66b72e353
+  metadata.gz: 1457de0111415e588e2e32acb8ab467046c2cf63
+  data.tar.gz: 573c6f1ff4a8edd600f7a10f7f689f063a072a09
 SHA512:
-  metadata.gz: 57fd8e9a24f3ccf237175f680fdd6ec391c743573714a8aebe12f9d3ceb4aa0463d17a31fa97d32acb582c706f21a0d8f2520b057410faa47ee3e485011f58e2
-  data.tar.gz: 2945ee431bb18eb7fb94ed36b1931dda941abae06ad6c01e4a1525e3af03773878a65f18454cddac2b1ed8c570f0b1fe79b58c62a25f7e9831e0477c74dc8c03
+  metadata.gz: eba4de99198ab8afdccdf5b3c2828d475d490529419c0fdabb4e1616efb4081b1546d4543f546cfd9fe1b6786805c98b8cab63026fab149a306c88d485f9a2cf
+  data.tar.gz: 9c3a35387fb0838eafe48630829bc7d38af64f8ff84f65bdc6f9d054fd3c34723da436134b044f51e844c7fd0f4bb4f7cbb4ea6144956f4897cb0f8fba0762bd

data/lib/aws-sdk-iam.rb CHANGED Viewed

@@ -64,6 +64,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @service
 module Aws::IAM
-  GEM_VERSION = '1.18.0'
+  GEM_VERSION = '1.19.0'
 end

data/lib/aws-sdk-iam/client.rb CHANGED Viewed

@@ -1112,14 +1112,13 @@ module Aws::IAM
     #   application or applications that are allowed to authenticate using
     #   the OIDC provider
     #
-    # * A list of thumbprints of the server certificate(s) that the IdP
-    #   uses.
+    # * A list of thumbprints of the server certificate(s) that the IdP uses
     #
     # You get all of this information from the OIDC IdP that you want to use
     # to access AWS.
     #
-    # <note markdown="1"> Because trust for the OIDC provider is derived from the IAM provider
-    # that this operation creates, it is best to limit access to the
+    # <note markdown="1"> The trust for the OIDC provider is derived from the IAM provider that
+    # this operation creates. Therefore, it is best to limit access to the
     # CreateOpenIDConnectProvider operation to highly privileged users.
     #
     #  </note>
@@ -1614,7 +1613,7 @@ module Aws::IAM
     #
     # The SAML provider resource that you create with this operation can be
     # used as a principal in an IAM role's trust policy. Such a policy can
-    # enable federated users who sign-in using the SAML IdP to assume the
+    # enable federated users who sign in using the SAML IdP to assume the
     # role. You can create an IAM role that supports Web-based single
     # sign-on (SSO) to the AWS Management Console or one that supports API
     # access to AWS.
@@ -1714,8 +1713,8 @@ module Aws::IAM
     #
     #   Service principals are unique and case-sensitive. To find the exact
     #   service principal for your service-linked role, see [AWS Services That
-    #   Work with IAM][1] in the *IAM User Guide* and look for the services
-    #   that have <b>Yes </b>in the **Service-Linked Role** column. Choose the
+    #   Work with IAM][1] in the *IAM User Guide*. Look for the services that
+    #   have <b>Yes </b>in the **Service-Linked Role** column. Choose the
     #   **Yes** link to view the service-linked role documentation for that
     #   service.
     #
@@ -1977,10 +1976,10 @@ module Aws::IAM
     # create, see [Limitations on Entities][2] in the *IAM User Guide*.
     #
     # The seed information contained in the QR code and the Base32 string
-    # should be treated like any other secret access information, such as
-    # your AWS access keys or your passwords. After you provision your
-    # virtual device, you should ensure that the information is destroyed
-    # following secure procedures.
+    # should be treated like any other secret access information. In other
+    # words, protect the seed information as you would your AWS access keys
+    # or your passwords. After you provision your virtual device, you should
+    # ensure that the information is destroyed following secure procedures.
     #
     #
     #
@@ -2638,8 +2637,8 @@ module Aws::IAM
     # Deletes the permissions boundary for the specified IAM role.
     #
     # Deleting the permissions boundary for a role might increase its
-    # permissions by allowing anyone who assumes the role to perform all the
-    # actions granted in its permissions policies.
+    # permissions. For example, it might allow anyone who assumes the role
+    # to perform all the actions granted in its permissions policies.
     #
     # @option params [required, String] :role_name
     #   The name (friendly name, not ARN) of the IAM role from which you want
@@ -3024,9 +3023,34 @@ module Aws::IAM
       req.send_request(options)
     end
-    # Deletes the specified IAM user. The user must not belong to any groups
-    # or have any access keys, signing certificates, MFA devices enabled for
-    # AWS, or attached policies.
+    # Deletes the specified IAM user. Unlike the AWS Management Console,
+    # when you delete a user programmatically, you must delete the items
+    # attached to the user manually, or the deletion fails. For more
+    # information, see [Deleting an IAM User][1]. Before attempting to
+    # delete a user, remove the following items:
+    #
+    # * Password (DeleteLoginProfile)
+    #
+    # * Access keys (DeleteAccessKey)
+    #
+    # * Signing certificate (DeleteSigningCertificate)
+    #
+    # * SSH public key (DeleteSSHPublicKey)
+    #
+    # * Git credentials (DeleteServiceSpecificCredential)
+    #
+    # * Multi-factor authentication (MFA) device (DeactivateMFADevice,
+    #   DeleteVirtualMFADevice)
+    #
+    # * Inline policies (DeleteUserPolicy)
+    #
+    # * Attached managed policies (DetachUserPolicy)
+    #
+    # * Group memberships (RemoveUserFromGroup)
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli
     #
     # @option params [required, String] :user_name
     #   The name of the user to delete.
@@ -3473,7 +3497,7 @@ module Aws::IAM
     # IAM resource (user, group, role, or policy) was last used in an
     # attempt to access AWS services. Recent activity usually appears within
     # four hours. IAM reports activity for the last 365 days, or less if
-    # your region began supporting this feature within the last year. For
+    # your Region began supporting this feature within the last year. For
     # more information, see [Regions Where Data Is Tracked][1].
     #
     # The service last accessed data includes all attempts to access an AWS
@@ -3574,7 +3598,7 @@ module Aws::IAM
     # Retrieves information about when the specified access key was last
     # used. The information includes the date and time of last use, along
-    # with the AWS service and region that were specified in the last
+    # with the AWS service and Region that were specified in the last
     # request made with that key.
     #
     # @option params [required, String] :access_key_id
@@ -3869,6 +3893,7 @@ module Aws::IAM
     #       "AttachedPoliciesPerGroupQuota" => 10,
     #       "AttachedPoliciesPerRoleQuota" => 10,
     #       "AttachedPoliciesPerUserQuota" => 10,
+    #       "GlobalEndpointTokenVersion" => 2,
     #       "GroupPolicySizeQuota" => 5120,
     #       "Groups" => 15,
     #       "GroupsPerUserQuota" => 10,
@@ -4933,10 +4958,10 @@ module Aws::IAM
     # the reason that it failed.
     #
     # The `GetServiceLastAccessedDetails` operation returns a list of
-    # services that includes the number of entities that have attempted to
-    # access the service and the date and time of the last attempt. It also
-    # returns the ARN of the following entity, depending on the resource ARN
-    # that you used to generate the report:
+    # services. This list includes the number of entities that have
+    # attempted to access the service and the date and time of the last
+    # attempt. It also returns the ARN of the following entity, depending on
+    # the resource ARN that you used to generate the report:
     #
     # * **User** – Returns the user ARN that you used to generate the report
     #
@@ -5085,7 +5110,7 @@ module Aws::IAM
     #
     #   To learn the service namespace for a service, go to [Actions,
     #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
-    #   Guide* and choose the name of the service to view details for that
+    #   Guide*. Choose the name of the service to view details for that
     #   service. In the first paragraph, find the service prefix. For example,
     #   `(service prefix: a4b)`. For more information about service
     #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
@@ -5324,7 +5349,7 @@ module Aws::IAM
     #
     # An IAM user can also have managed policies attached to it. To retrieve
     # a managed policy document that is attached to a user, use GetPolicy to
-    # determine the policy's default version, then use GetPolicyVersion to
+    # determine the policy's default version. Then use GetPolicyVersion to
     # retrieve the policy document.
     #
     # For more information about policies, see [Managed Policies and Inline
@@ -6986,8 +7011,8 @@ module Aws::IAM
     # @option params [String] :marker
     #   Use this parameter only when paginating results and only after you
     #   receive a response indicating that the results are truncated. Set it
-    #   to the value of the `Marker` element in the response to indicate where
-    #   the next call should start.
+    #   to the value of the `Marker` element in the response that you received
+    #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
     #   (Optional) Use this only when paginating results to indicate the
@@ -7175,8 +7200,8 @@ module Aws::IAM
     end
     # Returns information about the SSH public keys associated with the
-    # specified IAM user. If there none exists, the operation returns an
-    # empty list.
+    # specified IAM user. If none exists, the operation returns an empty
+    # list.
     #
     # The SSH public keys returned by this operation are used only for
     # authenticating the IAM user to an AWS CodeCommit repository. For more
@@ -7402,8 +7427,8 @@ module Aws::IAM
     end
     # Returns information about the signing certificates associated with the
-    # specified IAM user. If there none exists, the operation returns an
-    # empty list.
+    # specified IAM user. If none exists, the operation returns an empty
+    # list.
     #
     # Although each user is limited to a small number of signing
     # certificates, you can still paginate the results using the `MaxItems`
@@ -7599,8 +7624,8 @@ module Aws::IAM
     # @option params [String] :marker
     #   Use this parameter only when paginating results and only after you
     #   receive a response indicating that the results are truncated. Set it
-    #   to the value of the `Marker` element in the response to indicate where
-    #   the next call should start.
+    #   to the value of the `Marker` element in the response that you received
+    #   to indicate where the next call should start.
     #
     # @option params [Integer] :max_items
     #   (Optional) Use this only when paginating results to indicate the
@@ -8605,6 +8630,76 @@ module Aws::IAM
       req.send_request(options)
     end
+    # Sets the specified version of the global endpoint token as the token
+    # version used for the AWS account.
+    #
+    # By default, AWS Security Token Service (STS) is available as a global
+    # service, and all STS requests go to a single endpoint at
+    # `https://sts.amazonaws.com`. AWS recommends using Regional STS
+    # endpoints to reduce latency, build in redundancy, and increase session
+    # token availability. For information about Regional endpoints for STS,
+    # see [AWS Regions and Endpoints][1] in the *AWS General Reference*.
+    #
+    # If you make an STS call to the global endpoint, the resulting session
+    # tokens might be valid in some Regions but not others. It depends on
+    # the version that is set in this operation. Version 1 tokens are valid
+    # only in AWS Regions that are available by default. These tokens do not
+    # work in manually enabled Regions, such as Asia Pacific (Hong Kong).
+    # Version 2 tokens are valid in all Regions. However, version 2 tokens
+    # are longer and might affect systems where you temporarily store
+    # tokens. For information, see [Activating and Deactivating STS in an
+    # AWS Region][2] in the *IAM User Guide*.
+    #
+    # To view the current session token version, see the
+    # `GlobalEndpointTokenVersion` entry in the response of the
+    # GetAccountSummary operation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
+    #
+    # @option params [required, String] :global_endpoint_token_version
+    #   The version of the global endpoint token. Version 1 tokens are valid
+    #   only in AWS Regions that are available by default. These tokens do not
+    #   work in manually enabled Regions, such as Asia Pacific (Hong Kong).
+    #   Version 2 tokens are valid in all Regions. However, version 2 tokens
+    #   are longer and might affect systems where you temporarily store
+    #   tokens.
+    #
+    #   For information, see [Activating and Deactivating STS in an AWS
+    #   Region][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: To delete an access key for an IAM user
+    #
+    #   # The following command sets the STS global endpoint token to version 2. Version 2 tokens are valid in all Regions.
+    #
+    #   resp = client.set_security_token_service_preferences({
+    #     global_endpoint_token_version: "v2Token",
+    #   })
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.set_security_token_service_preferences({
+    #     global_endpoint_token_version: "v1Token", # required, accepts v1Token, v2Token
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetSecurityTokenServicePreferences AWS API Documentation
+    #
+    # @overload set_security_token_service_preferences(params = {})
+    # @param [Hash] params ({})
+    def set_security_token_service_preferences(params = {}, options = {})
+      req = build_request(:set_security_token_service_preferences, params)
+      req.send_request(options)
+    end
     # Simulate how a set of IAM policies and optionally a resource-based
     # policy works with a list of API operations and AWS resources to
     # determine the policies' effective permissions. The policies are
@@ -8658,7 +8753,8 @@ module Aws::IAM
     # @option params [required, Array<String>] :action_names
     #   A list of names of API operations to evaluate in the simulation. Each
     #   operation is evaluated against each resource. Each operation must
-    #   include the service identifier, such as `iam:CreateUser`.
+    #   include the service identifier, such as `iam:CreateUser`. This
+    #   operation does not support using wildcards (*) in an action name.
     #
     # @option params [Array<String>] :resource_arns
     #   A list of ARNs of AWS resources to include in the simulation. If this
@@ -8709,14 +8805,15 @@ module Aws::IAM
     # @option params [String] :resource_owner
     #   An ARN representing the AWS account ID that specifies the owner of any
     #   simulated resource that does not identify its owner in the resource
-    #   ARN, such as an S3 bucket or object. If `ResourceOwner` is specified,
-    #   it is also used as the account owner of any `ResourcePolicy` included
-    #   in the simulation. If the `ResourceOwner` parameter is not specified,
-    #   then the owner of the resources and the resource policy defaults to
-    #   the account of the identity provided in `CallerArn`. This parameter is
-    #   required only if you specify a resource-based policy and account that
-    #   owns the resource is different from the account that owns the
-    #   simulated calling user `CallerArn`.
+    #   ARN. Examples of resource ARNs include an S3 bucket or object. If
+    #   `ResourceOwner` is specified, it is also used as the account owner of
+    #   any `ResourcePolicy` included in the simulation. If the
+    #   `ResourceOwner` parameter is not specified, then the owner of the
+    #   resources and the resource policy defaults to the account of the
+    #   identity provided in `CallerArn`. This parameter is required only if
+    #   you specify a resource-based policy and account that owns the resource
+    #   is different from the account that owns the simulated calling user
+    #   `CallerArn`.
     #
     #   The ARN for an account uses the following syntax:
     #   `arn:aws:iam::AWS-account-ID:root`. For example, to represent the
@@ -8735,7 +8832,7 @@ module Aws::IAM
     # @option params [Array<Types::ContextEntry>] :context_entries
     #   A list of context keys and corresponding values for the simulation to
     #   use. Whenever a context key is evaluated in one of the simulated IAM
-    #   permission policies, the corresponding value is supplied.
+    #   permissions policies, the corresponding value is supplied.
     #
     # @option params [String] :resource_handling_option
     #   Specifies the type of simulation to run. Different API operations that
@@ -8886,7 +8983,7 @@ module Aws::IAM
     # You can also optionally include one resource-based policy to be
     # evaluated with each of the resources included in the simulation.
     #
-    # The simulation does not perform the API operations, it only checks the
+    # The simulation does not perform the API operations; it only checks the
     # authorization to determine if the simulated policies allow or deny the
     # operations.
     #
@@ -8989,15 +9086,15 @@ module Aws::IAM
     #
     # @option params [String] :resource_owner
     #   An AWS account ID that specifies the owner of any simulated resource
-    #   that does not identify its owner in the resource ARN, such as an S3
-    #   bucket or object. If `ResourceOwner` is specified, it is also used as
-    #   the account owner of any `ResourcePolicy` included in the simulation.
-    #   If the `ResourceOwner` parameter is not specified, then the owner of
-    #   the resources and the resource policy defaults to the account of the
-    #   identity provided in `CallerArn`. This parameter is required only if
-    #   you specify a resource-based policy and account that owns the resource
-    #   is different from the account that owns the simulated calling user
-    #   `CallerArn`.
+    #   that does not identify its owner in the resource ARN. Examples of
+    #   resource ARNs include an S3 bucket or object. If `ResourceOwner` is
+    #   specified, it is also used as the account owner of any
+    #   `ResourcePolicy` included in the simulation. If the `ResourceOwner`
+    #   parameter is not specified, then the owner of the resources and the
+    #   resource policy defaults to the account of the identity provided in
+    #   `CallerArn`. This parameter is required only if you specify a
+    #   resource-based policy and account that owns the resource is different
+    #   from the account that owns the simulated calling user `CallerArn`.
     #
     # @option params [String] :caller_arn
     #   The ARN of the IAM user that you want to specify as the simulated
@@ -9474,7 +9571,7 @@ module Aws::IAM
     # Inactive, or vice versa. This operation can be used to disable a
     # user's key as part of a key rotation workflow.
     #
-    # If the `UserName` field is not specified, the user name is determined
+    # If the `UserName` is not specified, the user name is determined
     # implicitly based on the AWS access key ID used to sign the request.
     # This operation works for access keys under the AWS account.
     # Consequently, you can use this operation to manage AWS account root
@@ -10595,7 +10692,7 @@ module Aws::IAM
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/certificate-manager/
+    # [1]: https://docs.aws.amazon.com/acm/
     # [2]: https://docs.aws.amazon.com/acm/latest/userguide/
     # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
     # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html
@@ -10758,9 +10855,9 @@ module Aws::IAM
     # to validate requests that are signed with a corresponding private key.
     # When you upload the certificate, its default status is `Active`.
     #
-    # If the `UserName` field is not specified, the IAM user name is
-    # determined implicitly based on the AWS access key ID used to sign the
-    # request. This operation works for access keys under the AWS account.
+    # If the `UserName` is not specified, the IAM user name is determined
+    # implicitly based on the AWS access key ID used to sign the request.
+    # This operation works for access keys under the AWS account.
     # Consequently, you can use this operation to manage AWS account root
     # user credentials even if the AWS account has no associated users.
     #
@@ -10871,7 +10968,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.18.0'
+      context[:gem_version] = '1.19.0'
       Seahorse::Client::Request.new(handlers, context)
     end
@@ -10940,6 +11037,8 @@ module Aws::IAM
     # | waiter_name             | params                  | :delay   | :max_attempts |
     # | ----------------------- | ----------------------- | -------- | ------------- |
     # | instance_profile_exists | {#get_instance_profile} | 1        | 40            |
+    # | policy_exists           | {#get_policy}           | 1        | 20            |
+    # | role_exists             | {#get_role}             | 1        | 20            |
     # | user_exists             | {#get_user}             | 1        | 20            |
     #
     # @raise [Errors::FailureStateError] Raised when the waiter terminates
@@ -10992,6 +11091,8 @@ module Aws::IAM
     def waiters
       {
         instance_profile_exists: Waiters::InstanceProfileExists,
+        policy_exists: Waiters::PolicyExists,
+        role_exists: Waiters::RoleExists,
         user_exists: Waiters::UserExists
       }
     end

data/lib/aws-sdk-iam/client_api.rb CHANGED Viewed

@@ -300,6 +300,7 @@ module Aws::IAM
     ServiceSpecificCredentialsListType = Shapes::ListShape.new(name: 'ServiceSpecificCredentialsListType')
     ServicesLastAccessed = Shapes::ListShape.new(name: 'ServicesLastAccessed')
     SetDefaultPolicyVersionRequest = Shapes::StructureShape.new(name: 'SetDefaultPolicyVersionRequest')
+    SetSecurityTokenServicePreferencesRequest = Shapes::StructureShape.new(name: 'SetSecurityTokenServicePreferencesRequest')
     SigningCertificate = Shapes::StructureShape.new(name: 'SigningCertificate')
     SimulateCustomPolicyRequest = Shapes::StructureShape.new(name: 'SimulateCustomPolicyRequest')
     SimulatePolicyResponse = Shapes::StructureShape.new(name: 'SimulatePolicyResponse')
@@ -373,6 +374,7 @@ module Aws::IAM
     entityNameType = Shapes::StringShape.new(name: 'entityNameType')
     entityTemporarilyUnmodifiableMessage = Shapes::StringShape.new(name: 'entityTemporarilyUnmodifiableMessage')
     existingUserNameType = Shapes::StringShape.new(name: 'existingUserNameType')
+    globalEndpointTokenVersion = Shapes::StringShape.new(name: 'globalEndpointTokenVersion')
     groupDetailListType = Shapes::ListShape.new(name: 'groupDetailListType')
     groupListType = Shapes::ListShape.new(name: 'groupListType')
     groupNameListType = Shapes::ListShape.new(name: 'groupNameListType')
@@ -423,6 +425,7 @@ module Aws::IAM
     publicKeyFingerprintType = Shapes::StringShape.new(name: 'publicKeyFingerprintType')
     publicKeyIdType = Shapes::StringShape.new(name: 'publicKeyIdType')
     publicKeyMaterialType = Shapes::StringShape.new(name: 'publicKeyMaterialType')
+    responseMarkerType = Shapes::StringShape.new(name: 'responseMarkerType')
     roleDescriptionType = Shapes::StringShape.new(name: 'roleDescriptionType')
     roleDetailListType = Shapes::ListShape.new(name: 'roleDetailListType')
     roleListType = Shapes::ListShape.new(name: 'roleListType')
@@ -794,7 +797,7 @@ module Aws::IAM
     GetAccountAuthorizationDetailsResponse.add_member(:role_detail_list, Shapes::ShapeRef.new(shape: roleDetailListType, location_name: "RoleDetailList"))
     GetAccountAuthorizationDetailsResponse.add_member(:policies, Shapes::ShapeRef.new(shape: ManagedPolicyDetailListType, location_name: "Policies"))
     GetAccountAuthorizationDetailsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    GetAccountAuthorizationDetailsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    GetAccountAuthorizationDetailsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     GetAccountAuthorizationDetailsResponse.struct_class = Types::GetAccountAuthorizationDetailsResponse
     GetAccountPasswordPolicyResponse.add_member(:password_policy, Shapes::ShapeRef.new(shape: PasswordPolicy, required: true, location_name: "PasswordPolicy"))
@@ -835,7 +838,7 @@ module Aws::IAM
     GetGroupResponse.add_member(:group, Shapes::ShapeRef.new(shape: Group, required: true, location_name: "Group"))
     GetGroupResponse.add_member(:users, Shapes::ShapeRef.new(shape: userListType, required: true, location_name: "Users"))
     GetGroupResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    GetGroupResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    GetGroupResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     GetGroupResponse.struct_class = Types::GetGroupResponse
     GetInstanceProfileRequest.add_member(:instance_profile_name, Shapes::ShapeRef.new(shape: instanceProfileNameType, required: true, location_name: "InstanceProfileName"))
@@ -919,7 +922,7 @@ module Aws::IAM
     GetServiceLastAccessedDetailsResponse.add_member(:services_last_accessed, Shapes::ShapeRef.new(shape: ServicesLastAccessed, required: true, location_name: "ServicesLastAccessed"))
     GetServiceLastAccessedDetailsResponse.add_member(:job_completion_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "JobCompletionDate"))
     GetServiceLastAccessedDetailsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    GetServiceLastAccessedDetailsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    GetServiceLastAccessedDetailsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     GetServiceLastAccessedDetailsResponse.add_member(:error, Shapes::ShapeRef.new(shape: ErrorDetails, location_name: "Error"))
     GetServiceLastAccessedDetailsResponse.struct_class = Types::GetServiceLastAccessedDetailsResponse
@@ -934,7 +937,7 @@ module Aws::IAM
     GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:job_completion_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "JobCompletionDate"))
     GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:entity_details_list, Shapes::ShapeRef.new(shape: entityDetailsListType, required: true, location_name: "EntityDetailsList"))
     GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     GetServiceLastAccessedDetailsWithEntitiesResponse.add_member(:error, Shapes::ShapeRef.new(shape: ErrorDetails, location_name: "Error"))
     GetServiceLastAccessedDetailsWithEntitiesResponse.struct_class = Types::GetServiceLastAccessedDetailsWithEntitiesResponse
@@ -991,7 +994,7 @@ module Aws::IAM
     ListAccessKeysResponse.add_member(:access_key_metadata, Shapes::ShapeRef.new(shape: accessKeyMetadataListType, required: true, location_name: "AccessKeyMetadata"))
     ListAccessKeysResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListAccessKeysResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListAccessKeysResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListAccessKeysResponse.struct_class = Types::ListAccessKeysResponse
     ListAccountAliasesRequest.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
@@ -1000,7 +1003,7 @@ module Aws::IAM
     ListAccountAliasesResponse.add_member(:account_aliases, Shapes::ShapeRef.new(shape: accountAliasListType, required: true, location_name: "AccountAliases"))
     ListAccountAliasesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListAccountAliasesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListAccountAliasesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListAccountAliasesResponse.struct_class = Types::ListAccountAliasesResponse
     ListAttachedGroupPoliciesRequest.add_member(:group_name, Shapes::ShapeRef.new(shape: groupNameType, required: true, location_name: "GroupName"))
@@ -1011,7 +1014,7 @@ module Aws::IAM
     ListAttachedGroupPoliciesResponse.add_member(:attached_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedPolicies"))
     ListAttachedGroupPoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListAttachedGroupPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListAttachedGroupPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListAttachedGroupPoliciesResponse.struct_class = Types::ListAttachedGroupPoliciesResponse
     ListAttachedRolePoliciesRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
@@ -1022,7 +1025,7 @@ module Aws::IAM
     ListAttachedRolePoliciesResponse.add_member(:attached_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedPolicies"))
     ListAttachedRolePoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListAttachedRolePoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListAttachedRolePoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListAttachedRolePoliciesResponse.struct_class = Types::ListAttachedRolePoliciesResponse
     ListAttachedUserPoliciesRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
@@ -1033,7 +1036,7 @@ module Aws::IAM
     ListAttachedUserPoliciesResponse.add_member(:attached_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedPolicies"))
     ListAttachedUserPoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListAttachedUserPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListAttachedUserPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListAttachedUserPoliciesResponse.struct_class = Types::ListAttachedUserPoliciesResponse
     ListEntitiesForPolicyRequest.add_member(:policy_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PolicyArn"))
@@ -1048,7 +1051,7 @@ module Aws::IAM
     ListEntitiesForPolicyResponse.add_member(:policy_users, Shapes::ShapeRef.new(shape: PolicyUserListType, location_name: "PolicyUsers"))
     ListEntitiesForPolicyResponse.add_member(:policy_roles, Shapes::ShapeRef.new(shape: PolicyRoleListType, location_name: "PolicyRoles"))
     ListEntitiesForPolicyResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListEntitiesForPolicyResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListEntitiesForPolicyResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListEntitiesForPolicyResponse.struct_class = Types::ListEntitiesForPolicyResponse
     ListGroupPoliciesRequest.add_member(:group_name, Shapes::ShapeRef.new(shape: groupNameType, required: true, location_name: "GroupName"))
@@ -1058,7 +1061,7 @@ module Aws::IAM
     ListGroupPoliciesResponse.add_member(:policy_names, Shapes::ShapeRef.new(shape: policyNameListType, required: true, location_name: "PolicyNames"))
     ListGroupPoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListGroupPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListGroupPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListGroupPoliciesResponse.struct_class = Types::ListGroupPoliciesResponse
     ListGroupsForUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
@@ -1068,7 +1071,7 @@ module Aws::IAM
     ListGroupsForUserResponse.add_member(:groups, Shapes::ShapeRef.new(shape: groupListType, required: true, location_name: "Groups"))
     ListGroupsForUserResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListGroupsForUserResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListGroupsForUserResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListGroupsForUserResponse.struct_class = Types::ListGroupsForUserResponse
     ListGroupsRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
@@ -1078,7 +1081,7 @@ module Aws::IAM
     ListGroupsResponse.add_member(:groups, Shapes::ShapeRef.new(shape: groupListType, required: true, location_name: "Groups"))
     ListGroupsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListGroupsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListGroupsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListGroupsResponse.struct_class = Types::ListGroupsResponse
     ListInstanceProfilesForRoleRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
@@ -1088,7 +1091,7 @@ module Aws::IAM
     ListInstanceProfilesForRoleResponse.add_member(:instance_profiles, Shapes::ShapeRef.new(shape: instanceProfileListType, required: true, location_name: "InstanceProfiles"))
     ListInstanceProfilesForRoleResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListInstanceProfilesForRoleResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListInstanceProfilesForRoleResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListInstanceProfilesForRoleResponse.struct_class = Types::ListInstanceProfilesForRoleResponse
     ListInstanceProfilesRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
@@ -1098,7 +1101,7 @@ module Aws::IAM
     ListInstanceProfilesResponse.add_member(:instance_profiles, Shapes::ShapeRef.new(shape: instanceProfileListType, required: true, location_name: "InstanceProfiles"))
     ListInstanceProfilesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListInstanceProfilesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListInstanceProfilesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListInstanceProfilesResponse.struct_class = Types::ListInstanceProfilesResponse
     ListMFADevicesRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, location_name: "UserName"))
@@ -1108,7 +1111,7 @@ module Aws::IAM
     ListMFADevicesResponse.add_member(:mfa_devices, Shapes::ShapeRef.new(shape: mfaDeviceListType, required: true, location_name: "MFADevices"))
     ListMFADevicesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListMFADevicesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListMFADevicesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListMFADevicesResponse.struct_class = Types::ListMFADevicesResponse
     ListOpenIDConnectProvidersRequest.struct_class = Types::ListOpenIDConnectProvidersRequest
@@ -1127,7 +1130,7 @@ module Aws::IAM
     ListPoliciesGrantingServiceAccessResponse.add_member(:policies_granting_service_access, Shapes::ShapeRef.new(shape: listPolicyGrantingServiceAccessResponseListType, required: true, location_name: "PoliciesGrantingServiceAccess"))
     ListPoliciesGrantingServiceAccessResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListPoliciesGrantingServiceAccessResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListPoliciesGrantingServiceAccessResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListPoliciesGrantingServiceAccessResponse.struct_class = Types::ListPoliciesGrantingServiceAccessResponse
     ListPoliciesRequest.add_member(:scope, Shapes::ShapeRef.new(shape: policyScopeType, location_name: "Scope"))
@@ -1140,7 +1143,7 @@ module Aws::IAM
     ListPoliciesResponse.add_member(:policies, Shapes::ShapeRef.new(shape: policyListType, location_name: "Policies"))
     ListPoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListPoliciesResponse.struct_class = Types::ListPoliciesResponse
     ListPolicyVersionsRequest.add_member(:policy_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PolicyArn"))
@@ -1150,7 +1153,7 @@ module Aws::IAM
     ListPolicyVersionsResponse.add_member(:versions, Shapes::ShapeRef.new(shape: policyDocumentVersionListType, location_name: "Versions"))
     ListPolicyVersionsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListPolicyVersionsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListPolicyVersionsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListPolicyVersionsResponse.struct_class = Types::ListPolicyVersionsResponse
     ListRolePoliciesRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
@@ -1160,7 +1163,7 @@ module Aws::IAM
     ListRolePoliciesResponse.add_member(:policy_names, Shapes::ShapeRef.new(shape: policyNameListType, required: true, location_name: "PolicyNames"))
     ListRolePoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListRolePoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListRolePoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListRolePoliciesResponse.struct_class = Types::ListRolePoliciesResponse
     ListRoleTagsRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
@@ -1170,7 +1173,7 @@ module Aws::IAM
     ListRoleTagsResponse.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
     ListRoleTagsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListRoleTagsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListRoleTagsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListRoleTagsResponse.struct_class = Types::ListRoleTagsResponse
     ListRolesRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
@@ -1180,7 +1183,7 @@ module Aws::IAM
     ListRolesResponse.add_member(:roles, Shapes::ShapeRef.new(shape: roleListType, required: true, location_name: "Roles"))
     ListRolesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListRolesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListRolesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListRolesResponse.struct_class = Types::ListRolesResponse
     ListSAMLProvidersRequest.struct_class = Types::ListSAMLProvidersRequest
@@ -1195,7 +1198,7 @@ module Aws::IAM
     ListSSHPublicKeysResponse.add_member(:ssh_public_keys, Shapes::ShapeRef.new(shape: SSHPublicKeyListType, location_name: "SSHPublicKeys"))
     ListSSHPublicKeysResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListSSHPublicKeysResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListSSHPublicKeysResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListSSHPublicKeysResponse.struct_class = Types::ListSSHPublicKeysResponse
     ListServerCertificatesRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
@@ -1205,7 +1208,7 @@ module Aws::IAM
     ListServerCertificatesResponse.add_member(:server_certificate_metadata_list, Shapes::ShapeRef.new(shape: serverCertificateMetadataListType, required: true, location_name: "ServerCertificateMetadataList"))
     ListServerCertificatesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListServerCertificatesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListServerCertificatesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListServerCertificatesResponse.struct_class = Types::ListServerCertificatesResponse
     ListServiceSpecificCredentialsRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, location_name: "UserName"))
@@ -1222,7 +1225,7 @@ module Aws::IAM
     ListSigningCertificatesResponse.add_member(:certificates, Shapes::ShapeRef.new(shape: certificateListType, required: true, location_name: "Certificates"))
     ListSigningCertificatesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListSigningCertificatesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListSigningCertificatesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListSigningCertificatesResponse.struct_class = Types::ListSigningCertificatesResponse
     ListUserPoliciesRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
@@ -1232,7 +1235,7 @@ module Aws::IAM
     ListUserPoliciesResponse.add_member(:policy_names, Shapes::ShapeRef.new(shape: policyNameListType, required: true, location_name: "PolicyNames"))
     ListUserPoliciesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListUserPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListUserPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListUserPoliciesResponse.struct_class = Types::ListUserPoliciesResponse
     ListUserTagsRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
@@ -1242,7 +1245,7 @@ module Aws::IAM
     ListUserTagsResponse.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
     ListUserTagsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListUserTagsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListUserTagsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListUserTagsResponse.struct_class = Types::ListUserTagsResponse
     ListUsersRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
@@ -1252,7 +1255,7 @@ module Aws::IAM
     ListUsersResponse.add_member(:users, Shapes::ShapeRef.new(shape: userListType, required: true, location_name: "Users"))
     ListUsersResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListUsersResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListUsersResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListUsersResponse.struct_class = Types::ListUsersResponse
     ListVirtualMFADevicesRequest.add_member(:assignment_status, Shapes::ShapeRef.new(shape: assignmentStatusType, location_name: "AssignmentStatus"))
@@ -1262,7 +1265,7 @@ module Aws::IAM
     ListVirtualMFADevicesResponse.add_member(:virtual_mfa_devices, Shapes::ShapeRef.new(shape: virtualMFADeviceListType, required: true, location_name: "VirtualMFADevices"))
     ListVirtualMFADevicesResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    ListVirtualMFADevicesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListVirtualMFADevicesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     ListVirtualMFADevicesResponse.struct_class = Types::ListVirtualMFADevicesResponse
     LoginProfile.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
@@ -1521,6 +1524,9 @@ module Aws::IAM
     SetDefaultPolicyVersionRequest.add_member(:version_id, Shapes::ShapeRef.new(shape: policyVersionIdType, required: true, location_name: "VersionId"))
     SetDefaultPolicyVersionRequest.struct_class = Types::SetDefaultPolicyVersionRequest
+    SetSecurityTokenServicePreferencesRequest.add_member(:global_endpoint_token_version, Shapes::ShapeRef.new(shape: globalEndpointTokenVersion, required: true, location_name: "GlobalEndpointTokenVersion"))
+    SetSecurityTokenServicePreferencesRequest.struct_class = Types::SetSecurityTokenServicePreferencesRequest
     SigningCertificate.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
     SigningCertificate.add_member(:certificate_id, Shapes::ShapeRef.new(shape: certificateIdType, required: true, location_name: "CertificateId"))
     SigningCertificate.add_member(:certificate_body, Shapes::ShapeRef.new(shape: certificateBodyType, required: true, location_name: "CertificateBody"))
@@ -1542,7 +1548,7 @@ module Aws::IAM
     SimulatePolicyResponse.add_member(:evaluation_results, Shapes::ShapeRef.new(shape: EvaluationResultsListType, location_name: "EvaluationResults"))
     SimulatePolicyResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
-    SimulatePolicyResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    SimulatePolicyResponse.add_member(:marker, Shapes::ShapeRef.new(shape: responseMarkerType, location_name: "Marker"))
     SimulatePolicyResponse.struct_class = Types::SimulatePolicyResponse
     SimulatePrincipalPolicyRequest.add_member(:policy_source_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "PolicySourceArn"))
@@ -3219,6 +3225,15 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
+      api.add_operation(:set_security_token_service_preferences, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "SetSecurityTokenServicePreferences"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: SetSecurityTokenServicePreferencesRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
       api.add_operation(:simulate_custom_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "SimulateCustomPolicy"
         o.http_method = "POST"

data/lib/aws-sdk-iam/current_user.rb CHANGED Viewed

@@ -105,9 +105,11 @@ module Aws::IAM
     # user.
     #
     # For more information about permissions boundaries, see [Permissions
-    # Boundaries for IAM Identities
-    # ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    # User Guide*.
+    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     # @return [Types::AttachedPermissionsBoundary]
     def permissions_boundary
       data[:permissions_boundary]

data/lib/aws-sdk-iam/role.rb CHANGED Viewed

@@ -102,9 +102,11 @@ module Aws::IAM
     # role.
     #
     # For more information about permissions boundaries, see [Permissions
-    # Boundaries for IAM Identities
-    # ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    # User Guide*.
+    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     # @return [Types::AttachedPermissionsBoundary]
     def permissions_boundary
       data[:permissions_boundary]

data/lib/aws-sdk-iam/types.rb CHANGED Viewed

@@ -1294,7 +1294,7 @@ module Aws::IAM
     #
     #   Service principals are unique and case-sensitive. To find the exact
     #   service principal for your service-linked role, see [AWS Services
-    #   That Work with IAM][1] in the *IAM User Guide* and look for the
+    #   That Work with IAM][1] in the *IAM User Guide*. Look for the
     #   services that have <b>Yes </b>in the **Service-Linked Role** column.
     #   Choose the **Yes** link to view the service-linked role
     #   documentation for that service.
@@ -1384,8 +1384,8 @@ module Aws::IAM
     #   service-specific credential.
     #
     #   This is the only time that the password for this credential set is
-    #   available. It cannot be recovered later. Instead, you will have to
-    #   reset the password with ResetServiceSpecificCredential.
+    #   available. It cannot be recovered later. Instead, you must reset the
+    #   password with ResetServiceSpecificCredential.
     #   @return [Types::ServiceSpecificCredential]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceSpecificCredentialResponse AWS API Documentation
@@ -3831,7 +3831,7 @@ module Aws::IAM
     #
     #   To learn the service namespace for a service, go to [Actions,
     #   Resources, and Condition Keys for AWS Services][1] in the *IAM User
-    #   Guide* and choose the name of the service to view details for that
+    #   Guide*. Choose the name of the service to view details for that
     #   service. In the first paragraph, find the service prefix. For
     #   example, `(service prefix: a4b)`. For more information about service
     #   namespaces, see [AWS Service Namespaces][2] in the *AWS General
@@ -5862,8 +5862,8 @@ module Aws::IAM
     # @!attribute [rw] marker
     #   Use this parameter only when paginating results and only after you
     #   receive a response indicating that the results are truncated. Set it
-    #   to the value of the `Marker` element in the response to indicate
-    #   where the next call should start.
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
     #   @return [String]
     #
     # @!attribute [rw] max_items
@@ -6439,8 +6439,8 @@ module Aws::IAM
     # @!attribute [rw] marker
     #   Use this parameter only when paginating results and only after you
     #   receive a response indicating that the results are truncated. Set it
-    #   to the value of the `Marker` element in the response to indicate
-    #   where the next call should start.
+    #   to the value of the `Marker` element in the response that you
+    #   received to indicate where the next call should start.
     #   @return [String]
     #
     # @!attribute [rw] max_items
@@ -7962,9 +7962,11 @@ module Aws::IAM
     #   role.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities
-    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    #   User Guide*.
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags
@@ -8066,9 +8068,11 @@ module Aws::IAM
     #   role.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities
-    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    #   User Guide*.
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags
@@ -8531,6 +8535,36 @@ module Aws::IAM
       include Aws::Structure
     end
+    # @note When making an API call, you may pass SetSecurityTokenServicePreferencesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         global_endpoint_token_version: "v1Token", # required, accepts v1Token, v2Token
+    #       }
+    #
+    # @!attribute [rw] global_endpoint_token_version
+    #   The version of the global endpoint token. Version 1 tokens are valid
+    #   only in AWS Regions that are available by default. These tokens do
+    #   not work in manually enabled Regions, such as Asia Pacific (Hong
+    #   Kong). Version 2 tokens are valid in all Regions. However, version 2
+    #   tokens are longer and might affect systems where you temporarily
+    #   store tokens.
+    #
+    #   For information, see [Activating and Deactivating STS in an AWS
+    #   Region][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetSecurityTokenServicePreferencesRequest AWS API Documentation
+    #
+    class SetSecurityTokenServicePreferencesRequest < Struct.new(
+      :global_endpoint_token_version)
+      include Aws::Structure
+    end
     # Contains information about an X.509 signing certificate.
     #
     # This data type is used as a response element in the
@@ -8623,7 +8657,8 @@ module Aws::IAM
     # @!attribute [rw] action_names
     #   A list of names of API operations to evaluate in the simulation.
     #   Each operation is evaluated against each resource. Each operation
-    #   must include the service identifier, such as `iam:CreateUser`.
+    #   must include the service identifier, such as `iam:CreateUser`. This
+    #   operation does not support using wildcards (*) in an action name.
     #   @return [Array<String>]
     #
     # @!attribute [rw] resource_arns
@@ -8677,15 +8712,15 @@ module Aws::IAM
     # @!attribute [rw] resource_owner
     #   An ARN representing the AWS account ID that specifies the owner of
     #   any simulated resource that does not identify its owner in the
-    #   resource ARN, such as an S3 bucket or object. If `ResourceOwner` is
-    #   specified, it is also used as the account owner of any
-    #   `ResourcePolicy` included in the simulation. If the `ResourceOwner`
-    #   parameter is not specified, then the owner of the resources and the
-    #   resource policy defaults to the account of the identity provided in
-    #   `CallerArn`. This parameter is required only if you specify a
-    #   resource-based policy and account that owns the resource is
-    #   different from the account that owns the simulated calling user
-    #   `CallerArn`.
+    #   resource ARN. Examples of resource ARNs include an S3 bucket or
+    #   object. If `ResourceOwner` is specified, it is also used as the
+    #   account owner of any `ResourcePolicy` included in the simulation. If
+    #   the `ResourceOwner` parameter is not specified, then the owner of
+    #   the resources and the resource policy defaults to the account of the
+    #   identity provided in `CallerArn`. This parameter is required only if
+    #   you specify a resource-based policy and account that owns the
+    #   resource is different from the account that owns the simulated
+    #   calling user `CallerArn`.
     #
     #   The ARN for an account uses the following syntax:
     #   `arn:aws:iam::AWS-account-ID:root`. For example, to represent the
@@ -8706,7 +8741,7 @@ module Aws::IAM
     # @!attribute [rw] context_entries
     #   A list of context keys and corresponding values for the simulation
     #   to use. Whenever a context key is evaluated in one of the simulated
-    #   IAM permission policies, the corresponding value is supplied.
+    #   IAM permissions policies, the corresponding value is supplied.
     #   @return [Array<Types::ContextEntry>]
     #
     # @!attribute [rw] resource_handling_option
@@ -8938,15 +8973,16 @@ module Aws::IAM
     #
     # @!attribute [rw] resource_owner
     #   An AWS account ID that specifies the owner of any simulated resource
-    #   that does not identify its owner in the resource ARN, such as an S3
-    #   bucket or object. If `ResourceOwner` is specified, it is also used
-    #   as the account owner of any `ResourcePolicy` included in the
-    #   simulation. If the `ResourceOwner` parameter is not specified, then
-    #   the owner of the resources and the resource policy defaults to the
-    #   account of the identity provided in `CallerArn`. This parameter is
-    #   required only if you specify a resource-based policy and account
-    #   that owns the resource is different from the account that owns the
-    #   simulated calling user `CallerArn`.
+    #   that does not identify its owner in the resource ARN. Examples of
+    #   resource ARNs include an S3 bucket or object. If `ResourceOwner` is
+    #   specified, it is also used as the account owner of any
+    #   `ResourcePolicy` included in the simulation. If the `ResourceOwner`
+    #   parameter is not specified, then the owner of the resources and the
+    #   resource policy defaults to the account of the identity provided in
+    #   `CallerArn`. This parameter is required only if you specify a
+    #   resource-based policy and account that owns the resource is
+    #   different from the account that owns the simulated calling user
+    #   `CallerArn`.
     #   @return [String]
     #
     # @!attribute [rw] caller_arn
@@ -10428,9 +10464,11 @@ module Aws::IAM
     #   user.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities
-    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    #   User Guide*.
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags
@@ -10524,9 +10562,11 @@ module Aws::IAM
     #   user.
     #
     #   For more information about permissions boundaries, see [Permissions
-    #   Boundaries for IAM Identities
-    #   ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    #   User Guide*.
+    #   Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     #   @return [Types::AttachedPermissionsBoundary]
     #
     # @!attribute [rw] tags

data/lib/aws-sdk-iam/user.rb CHANGED Viewed

@@ -110,9 +110,11 @@ module Aws::IAM
     # user.
     #
     # For more information about permissions boundaries, see [Permissions
-    # Boundaries for IAM Identities
-    # ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM
-    # User Guide*.
+    # Boundaries for IAM Identities ][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     # @return [Types::AttachedPermissionsBoundary]
     def permissions_boundary
       data[:permissions_boundary]

data/lib/aws-sdk-iam/waiters.rb CHANGED Viewed

@@ -52,6 +52,90 @@ module Aws::IAM
     end
+    class PolicyExists
+      # @param [Hash] options
+      # @option options [required, Client] :client
+      # @option options [Integer] :max_attempts (20)
+      # @option options [Integer] :delay (1)
+      # @option options [Proc] :before_attempt
+      # @option options [Proc] :before_wait
+      def initialize(options)
+        @client = options.fetch(:client)
+        @waiter = Aws::Waiters::Waiter.new({
+          max_attempts: 20,
+          delay: 1,
+          poller: Aws::Waiters::Poller.new(
+            operation_name: :get_policy,
+            acceptors: [
+              {
+                "state" => "success",
+                "matcher" => "status",
+                "expected" => 200
+              },
+              {
+                "state" => "retry",
+                "matcher" => "error",
+                "expected" => "NoSuchEntity"
+              }
+            ]
+          )
+        }.merge(options))
+      end
+      # @option (see Client#get_policy)
+      # @return (see Client#get_policy)
+      def wait(params = {})
+        @waiter.wait(client: @client, params: params)
+      end
+      # @api private
+      attr_reader :waiter
+    end
+    class RoleExists
+      # @param [Hash] options
+      # @option options [required, Client] :client
+      # @option options [Integer] :max_attempts (20)
+      # @option options [Integer] :delay (1)
+      # @option options [Proc] :before_attempt
+      # @option options [Proc] :before_wait
+      def initialize(options)
+        @client = options.fetch(:client)
+        @waiter = Aws::Waiters::Waiter.new({
+          max_attempts: 20,
+          delay: 1,
+          poller: Aws::Waiters::Poller.new(
+            operation_name: :get_role,
+            acceptors: [
+              {
+                "state" => "success",
+                "matcher" => "status",
+                "expected" => 200
+              },
+              {
+                "state" => "retry",
+                "matcher" => "error",
+                "expected" => "NoSuchEntity"
+              }
+            ]
+          )
+        }.merge(options))
+      end
+      # @option (see Client#get_role)
+      # @return (see Client#get_role)
+      def wait(params = {})
+        @waiter.wait(client: @client, params: params)
+      end
+      # @api private
+      attr_reader :waiter
+    end
     class UserExists
       # @param [Hash] options

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iam
 version: !ruby/object:Gem::Version
-  version: 1.18.0
+  version: 1.19.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-04-04 00:00:00.000000000 Z
+date: 2019-04-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -82,7 +82,7 @@ files:
 - lib/aws-sdk-iam/user_policy.rb
 - lib/aws-sdk-iam/virtual_mfa_device.rb
 - lib/aws-sdk-iam/waiters.rb
-homepage: http://github.com/aws/aws-sdk-ruby
+homepage: https://github.com/aws/aws-sdk-ruby
 licenses:
 - Apache-2.0
 metadata: