aws-sdk-iam 1.55.0 → 1.56.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dadc73fbe7c30cca34f990084326e01e4a4a498895c81d8ea08b87f58f661667
4
- data.tar.gz: a93f3731f19626e42c785d3f86c17895b5ef7235676d80f8ee690e87596d0854
3
+ metadata.gz: fdd198170d0f5626641dcd25f8a82d637e8c4c11028343988606faaf11693ea9
4
+ data.tar.gz: 989d01979086f4fb77dd71871115dc67df957fe116ef92a1d6ca1bf83dd581e8
5
5
  SHA512:
6
- metadata.gz: 3c2ffa24bc71daa8e623befcfbb345daf662f512763ee110b362903d138f0cc9081f7cd3af7636ee45fce10140b2bc45c5d826024151c6b8e868592fa93875c3
7
- data.tar.gz: 9a4056d98ae14c10a2c76e4bdc54abe7c16068d5194e975a25eeae8368e1b49b351103e81212a26405769eacf1f39323b79e42b851729844814ae351f5ba91c4
6
+ metadata.gz: e294ca45b3716bbaa3b8af307c7ca0cfe4b4bcb7e408011d8fcca2aae7875d3e1ad2835fb6f959f6b96637db0984e80537656befd6ea5e2350965f0adb600c2c
7
+ data.tar.gz: fcb1a3aeae751893ba38720fcbf97bedd8e9cd63efdf3e8efb199941b4a3929402022ac328ca72c13062b2066f354516f50217bbca3061d7f3ec925280a0a0fe
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.56.0 (2021-07-07)
5
+ ------------------
6
+
7
+ * Feature - Documentation updates for AWS Identity and Access Management (IAM).
8
+
4
9
  1.55.0 (2021-06-02)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.55.0
1
+ 1.56.0
data/lib/aws-sdk-iam.rb CHANGED
@@ -70,6 +70,6 @@ require_relative 'aws-sdk-iam/customizations'
70
70
  # @!group service
71
71
  module Aws::IAM
72
72
 
73
- GEM_VERSION = '1.55.0'
73
+ GEM_VERSION = '1.56.0'
74
74
 
75
75
  end
@@ -288,8 +288,8 @@ module Aws::IAM
288
288
  # uses the default value of `false`. The result is that passwords do not
289
289
  # require at least one lowercase character.
290
290
  # @option options [Boolean] :allow_users_to_change_password
291
- # Allows all IAM users in your account to use the AWS Management Console
292
- # to change their own passwords. For more information, see [Letting IAM
291
+ # Allows all IAM users in your account to use the Management Console to
292
+ # change their own passwords. For more information, see [Letting IAM
293
293
  # users change their own passwords][1] in the *IAM User Guide*.
294
294
  #
295
295
  # If you do not specify a value for this parameter, then the operation
@@ -170,10 +170,10 @@ module Aws::IAM
170
170
  # @option options [required, String] :policy_document
171
171
  # The policy that grants an entity permission to assume the role.
172
172
  #
173
- # You must provide policies in JSON format in IAM. However, for AWS
173
+ # You must provide policies in JSON format in IAM. However, for
174
174
  # CloudFormation templates formatted in YAML, you can provide the policy
175
- # in JSON or YAML format. AWS CloudFormation always converts a YAML
176
- # policy to JSON format before submitting it to IAM.
175
+ # in JSON or YAML format. CloudFormation always converts a YAML policy
176
+ # to JSON format before submitting it to IAM.
177
177
  #
178
178
  # The [regex pattern][1] used to validate this parameter is a string of
179
179
  # characters consisting of the following:
@@ -376,10 +376,10 @@ module Aws::IAM
376
376
  # instance profile can contain only one role, and this quota cannot be
377
377
  # increased. You can remove the existing role and then add a different
378
378
  # role to an instance profile. You must then wait for the change to
379
- # appear across all of AWS because of [eventual consistency][1]. To
380
- # force the change, you must [disassociate the instance profile][2] and
381
- # then [associate the instance profile][3], or you can stop your
382
- # instance and then restart it.
379
+ # appear across all of Amazon Web Services because of [eventual
380
+ # consistency][1]. To force the change, you must [disassociate the
381
+ # instance profile][2] and then [associate the instance profile][3], or
382
+ # you can stop your instance and then restart it.
383
383
  #
384
384
  # <note markdown="1"> The caller of this operation must be granted the `PassRole` permission
385
385
  # on the IAM role by a permissions policy.
@@ -537,7 +537,7 @@ module Aws::IAM
537
537
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
538
538
  #
539
539
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
540
- # in the *AWS General Reference*.
540
+ # in the *Amazon Web Services General Reference*.
541
541
  #
542
542
  #
543
543
  #
@@ -611,7 +611,7 @@ module Aws::IAM
611
611
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
612
612
  #
613
613
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
614
- # in the *AWS General Reference*.
614
+ # in the *Amazon Web Services General Reference*.
615
615
  #
616
616
  #
617
617
  #
@@ -678,7 +678,7 @@ module Aws::IAM
678
678
  # The Amazon Resource Name (ARN) of the IAM policy you want to attach.
679
679
  #
680
680
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
681
- # in the *AWS General Reference*.
681
+ # in the *Amazon Web Services General Reference*.
682
682
  #
683
683
  #
684
684
  #
@@ -713,14 +713,15 @@ module Aws::IAM
713
713
  end
714
714
 
715
715
  # Changes the password of the IAM user who is calling this operation.
716
- # This operation can be performed using the AWS CLI, the AWS API, or the
717
- # **My Security Credentials** page in the AWS Management Console. The
718
- # AWS account root user password is not affected by this operation.
716
+ # This operation can be performed using the CLI, the Amazon Web Services
717
+ # API, or the **My Security Credentials** page in the Management
718
+ # Console. The account root user password is not affected by this
719
+ # operation.
719
720
  #
720
- # Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the
721
- # **Users** page in the IAM console to change the password for any IAM
722
- # user. For more information about modifying passwords, see [Managing
723
- # passwords][1] in the *IAM User Guide*.
721
+ # Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or
722
+ # the **Users** page in the IAM console to change the password for any
723
+ # IAM user. For more information about modifying passwords, see
724
+ # [Managing passwords][1] in the *IAM User Guide*.
724
725
  #
725
726
  #
726
727
  #
@@ -730,7 +731,7 @@ module Aws::IAM
730
731
  # The IAM user's current password.
731
732
  #
732
733
  # @option params [required, String] :new_password
733
- # The new password. The new password must conform to the AWS account's
734
+ # The new password. The new password must conform to the account's
734
735
  # password policy, if one exists.
735
736
  #
736
737
  # The [regex pattern][1] that is used to validate this parameter is a
@@ -739,8 +740,8 @@ module Aws::IAM
739
740
  # character range (`\u00FF`). You can also include the tab (`\u0009`),
740
741
  # line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
741
742
  # of these characters are valid in a password. However, many tools, such
742
- # as the AWS Management Console, might restrict the ability to type
743
- # certain characters because they have special meaning within that tool.
743
+ # as the Management Console, might restrict the ability to type certain
744
+ # characters because they have special meaning within that tool.
744
745
  #
745
746
  #
746
747
  #
@@ -774,21 +775,20 @@ module Aws::IAM
774
775
  req.send_request(options)
775
776
  end
776
777
 
777
- # Creates a new AWS secret access key and corresponding AWS access key
778
- # ID for the specified user. The default status for new keys is
779
- # `Active`.
778
+ # Creates a new Amazon Web Services secret access key and corresponding
779
+ # Amazon Web Services access key ID for the specified user. The default
780
+ # status for new keys is `Active`.
780
781
  #
781
782
  # If you do not specify a user name, IAM determines the user name
782
- # implicitly based on the AWS access key ID signing the request. This
783
- # operation works for access keys under the AWS account. Consequently,
784
- # you can use this operation to manage AWS account root user
785
- # credentials. This is true even if the AWS account has no associated
786
- # users.
783
+ # implicitly based on the Amazon Web Services access key ID signing the
784
+ # request. This operation works for access keys under the account.
785
+ # Consequently, you can use this operation to manage account root user
786
+ # credentials. This is true even if the account has no associated users.
787
787
  #
788
788
  # For information about quotas on the number of keys you can create, see
789
789
  # [IAM and STS quotas][1] in the *IAM User Guide*.
790
790
  #
791
- # To ensure the security of your AWS account, the secret access key is
791
+ # To ensure the security of your account, the secret access key is
792
792
  # accessible only during key and user creation. You must save the key
793
793
  # (for example, in a text file) if you want to be able to access it
794
794
  # again. If a secret key is lost, you can delete the access keys for the
@@ -857,9 +857,9 @@ module Aws::IAM
857
857
  req.send_request(options)
858
858
  end
859
859
 
860
- # Creates an alias for your AWS account. For information about using an
861
- # AWS account alias, see [Using an alias for your AWS account ID][1] in
862
- # the *IAM User Guide*.
860
+ # Creates an alias for your account. For information about using an
861
+ # account alias, see [Using an alias for your account ID][1] in the *IAM
862
+ # User Guide*.
863
863
  #
864
864
  #
865
865
  #
@@ -1125,12 +1125,13 @@ module Aws::IAM
1125
1125
  end
1126
1126
 
1127
1127
  # Creates a password for the specified IAM user. A password allows an
1128
- # IAM user to access AWS services through the AWS Management Console.
1128
+ # IAM user to access Amazon Web Services services through the Management
1129
+ # Console.
1129
1130
  #
1130
- # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
1131
- # console to create a password for any IAM user. Use ChangePassword to
1132
- # update your own existing password in the **My Security Credentials**
1133
- # page in the AWS Management Console.
1131
+ # You can use the CLI, the Amazon Web Services API, or the **Users**
1132
+ # page in the IAM console to create a password for any IAM user. Use
1133
+ # ChangePassword to update your own existing password in the **My
1134
+ # Security Credentials** page in the Management Console.
1134
1135
  #
1135
1136
  # For more information about managing passwords, see [Managing
1136
1137
  # passwords][1] in the *IAM User Guide*.
@@ -1161,8 +1162,8 @@ module Aws::IAM
1161
1162
  # character range (`\u00FF`). You can also include the tab (`\u0009`),
1162
1163
  # line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
1163
1164
  # of these characters are valid in a password. However, many tools, such
1164
- # as the AWS Management Console, might restrict the ability to type
1165
- # certain characters because they have special meaning within that tool.
1165
+ # as the Management Console, might restrict the ability to type certain
1166
+ # characters because they have special meaning within that tool.
1166
1167
  #
1167
1168
  #
1168
1169
  #
@@ -1225,29 +1226,29 @@ module Aws::IAM
1225
1226
  #
1226
1227
  # The OIDC provider that you create with this operation can be used as a
1227
1228
  # principal in a role's trust policy. Such a policy establishes a trust
1228
- # relationship between AWS and the OIDC provider.
1229
+ # relationship between Amazon Web Services and the OIDC provider.
1229
1230
  #
1230
1231
  # If you are using an OIDC identity provider from Google, Facebook, or
1231
1232
  # Amazon Cognito, you don't need to create a separate IAM identity
1232
- # provider. These OIDC identity providers are already built-in to AWS
1233
- # and are available for your use. Instead, you can move directly to
1234
- # creating new roles using your identity provider. To learn more, see
1235
- # [Creating a role for web identity or OpenID connect federation][2] in
1236
- # the *IAM User Guide*.
1233
+ # provider. These OIDC identity providers are already built-in to Amazon
1234
+ # Web Services and are available for your use. Instead, you can move
1235
+ # directly to creating new roles using your identity provider. To learn
1236
+ # more, see [Creating a role for web identity or OpenID connect
1237
+ # federation][2] in the *IAM User Guide*.
1237
1238
  #
1238
1239
  # When you create the IAM OIDC provider, you specify the following:
1239
1240
  #
1240
1241
  # * The URL of the OIDC identity provider (IdP) to trust
1241
1242
  #
1242
1243
  # * A list of client IDs (also known as audiences) that identify the
1243
- # application or applications that are allowed to authenticate using
1244
- # the OIDC provider
1244
+ # application or applications allowed to authenticate using the OIDC
1245
+ # provider
1245
1246
  #
1246
1247
  # * A list of thumbprints of one or more server certificates that the
1247
1248
  # IdP uses
1248
1249
  #
1249
1250
  # You get all of this information from the OIDC IdP that you want to use
1250
- # to access AWS.
1251
+ # to access Amazon Web Services.
1251
1252
  #
1252
1253
  # <note markdown="1"> The trust for the OIDC provider is derived from the IAM provider that
1253
1254
  # this operation creates. Therefore, it is best to limit access to the
@@ -1267,9 +1268,9 @@ module Aws::IAM
1267
1268
  # but query parameters are not. Typically the URL consists of only a
1268
1269
  # hostname, like `https://server.example.org` or `https://example.com`.
1269
1270
  #
1270
- # You cannot register the same provider multiple times in a single AWS
1271
+ # You cannot register the same provider multiple times in a single
1271
1272
  # account. If you try to submit a URL that has already been used for an
1272
- # OpenID Connect provider in the AWS account, you will get an error.
1273
+ # OpenID Connect provider in the account, you will get an error.
1273
1274
  #
1274
1275
  # @option params [Array<String>] :client_id_list
1275
1276
  # A list of client IDs (also known as audiences). When a mobile or web
@@ -1384,7 +1385,7 @@ module Aws::IAM
1384
1385
  req.send_request(options)
1385
1386
  end
1386
1387
 
1387
- # Creates a new managed policy for your AWS account.
1388
+ # Creates a new managed policy for your account.
1388
1389
  #
1389
1390
  # This operation creates a policy version with a version identifier of
1390
1391
  # `v1` and sets v1 as the policy's default version. For more
@@ -1435,15 +1436,20 @@ module Aws::IAM
1435
1436
  # The JSON policy document that you want to use as the content for the
1436
1437
  # new policy.
1437
1438
  #
1438
- # You must provide policies in JSON format in IAM. However, for AWS
1439
+ # You must provide policies in JSON format in IAM. However, for
1439
1440
  # CloudFormation templates formatted in YAML, you can provide the policy
1440
- # in JSON or YAML format. AWS CloudFormation always converts a YAML
1441
- # policy to JSON format before submitting it to IAM.
1441
+ # in JSON or YAML format. CloudFormation always converts a YAML policy
1442
+ # to JSON format before submitting it to IAM.
1443
+ #
1444
+ # The maximum length of the policy document that you can pass in this
1445
+ # operation, including whitespace, is listed below. To view the maximum
1446
+ # character counts of a managed policy with no whitespaces, see [IAM and
1447
+ # STS character quotas][1].
1442
1448
  #
1443
1449
  # To learn more about JSON policy grammar, see [Grammar of the IAM JSON
1444
- # policy language][1] in the *IAM User Guide*.
1450
+ # policy language][2] in the *IAM User Guide*.
1445
1451
  #
1446
- # The [regex pattern][2] used to validate this parameter is a string of
1452
+ # The [regex pattern][3] used to validate this parameter is a string of
1447
1453
  # characters consisting of the following:
1448
1454
  #
1449
1455
  # * Any printable ASCII character ranging from the space character
@@ -1457,8 +1463,9 @@ module Aws::IAM
1457
1463
  #
1458
1464
  #
1459
1465
  #
1460
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
1461
- # [2]: http://wikipedia.org/wiki/regex
1466
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
1467
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
1468
+ # [3]: http://wikipedia.org/wiki/regex
1462
1469
  #
1463
1470
  # @option params [String] :description
1464
1471
  # A friendly description of the policy.
@@ -1553,7 +1560,7 @@ module Aws::IAM
1553
1560
  # add a new version.
1554
1561
  #
1555
1562
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
1556
- # in the *AWS General Reference*.
1563
+ # in the *Amazon Web Services General Reference*.
1557
1564
  #
1558
1565
  #
1559
1566
  #
@@ -1563,12 +1570,17 @@ module Aws::IAM
1563
1570
  # The JSON policy document that you want to use as the content for this
1564
1571
  # new version of the policy.
1565
1572
  #
1566
- # You must provide policies in JSON format in IAM. However, for AWS
1573
+ # You must provide policies in JSON format in IAM. However, for
1567
1574
  # CloudFormation templates formatted in YAML, you can provide the policy
1568
- # in JSON or YAML format. AWS CloudFormation always converts a YAML
1569
- # policy to JSON format before submitting it to IAM.
1575
+ # in JSON or YAML format. CloudFormation always converts a YAML policy
1576
+ # to JSON format before submitting it to IAM.
1570
1577
  #
1571
- # The [regex pattern][1] used to validate this parameter is a string of
1578
+ # The maximum length of the policy document that you can pass in this
1579
+ # operation, including whitespace, is listed below. To view the maximum
1580
+ # character counts of a managed policy with no whitespaces, see [IAM and
1581
+ # STS character quotas][1].
1582
+ #
1583
+ # The [regex pattern][2] used to validate this parameter is a string of
1572
1584
  # characters consisting of the following:
1573
1585
  #
1574
1586
  # * Any printable ASCII character ranging from the space character
@@ -1582,7 +1594,8 @@ module Aws::IAM
1582
1594
  #
1583
1595
  #
1584
1596
  #
1585
- # [1]: http://wikipedia.org/wiki/regex
1597
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
1598
+ # [2]: http://wikipedia.org/wiki/regex
1586
1599
  #
1587
1600
  # @option params [Boolean] :set_as_default
1588
1601
  # Specifies whether to set this version as the policy's default
@@ -1627,10 +1640,10 @@ module Aws::IAM
1627
1640
  req.send_request(options)
1628
1641
  end
1629
1642
 
1630
- # Creates a new role for your AWS account. For more information about
1631
- # roles, see [IAM roles][1]. For information about quotas for role names
1632
- # and the number of roles you can create, see [IAM and STS quotas][2] in
1633
- # the *IAM User Guide*.
1643
+ # Creates a new role for your account. For more information about roles,
1644
+ # see [IAM roles][1]. For information about quotas for role names and
1645
+ # the number of roles you can create, see [IAM and STS quotas][2] in the
1646
+ # *IAM User Guide*.
1634
1647
  #
1635
1648
  #
1636
1649
  #
@@ -1668,10 +1681,9 @@ module Aws::IAM
1668
1681
  # permission to assume the role.
1669
1682
  #
1670
1683
  # In IAM, you must provide a JSON policy that has been converted to a
1671
- # string. However, for AWS CloudFormation templates formatted in YAML,
1672
- # you can provide the policy in JSON or YAML format. AWS CloudFormation
1673
- # always converts a YAML policy to JSON format before submitting it to
1674
- # IAM.
1684
+ # string. However, for CloudFormation templates formatted in YAML, you
1685
+ # can provide the policy in JSON or YAML format. CloudFormation always
1686
+ # converts a YAML policy to JSON format before submitting it to IAM.
1675
1687
  #
1676
1688
  # The [regex pattern][1] used to validate this parameter is a string of
1677
1689
  # characters consisting of the following:
@@ -1701,7 +1713,7 @@ module Aws::IAM
1701
1713
  # default maximum of one hour is applied. This setting can have a value
1702
1714
  # from 1 hour to 12 hours.
1703
1715
  #
1704
- # Anyone who assumes the role from the AWS CLI or API can use the
1716
+ # Anyone who assumes the role from the or API can use the
1705
1717
  # `DurationSeconds` API parameter or the `duration-seconds` CLI
1706
1718
  # parameter to request a longer session. The `MaxSessionDuration`
1707
1719
  # setting determines the maximum duration that can be requested using
@@ -1814,8 +1826,8 @@ module Aws::IAM
1814
1826
  # used as a principal in an IAM role's trust policy. Such a policy can
1815
1827
  # enable federated users who sign in using the SAML IdP to assume the
1816
1828
  # role. You can create an IAM role that supports Web-based single
1817
- # sign-on (SSO) to the AWS Management Console or one that supports API
1818
- # access to AWS.
1829
+ # sign-on (SSO) to the Management Console or one that supports API
1830
+ # access to Amazon Web Services.
1819
1831
  #
1820
1832
  # When you create the SAML provider resource, you upload a SAML metadata
1821
1833
  # document that you get from your IdP. That document includes the
@@ -1829,8 +1841,8 @@ module Aws::IAM
1829
1841
  # </note>
1830
1842
  #
1831
1843
  # For more information, see [Enabling SAML 2.0 federated users to access
1832
- # the AWS Management Console][2] and [About SAML 2.0-based
1833
- # federation][3] in the *IAM User Guide*.
1844
+ # the Management Console][2] and [About SAML 2.0-based federation][3] in
1845
+ # the *IAM User Guide*.
1834
1846
  #
1835
1847
  #
1836
1848
  #
@@ -1915,33 +1927,35 @@ module Aws::IAM
1915
1927
  req.send_request(options)
1916
1928
  end
1917
1929
 
1918
- # Creates an IAM role that is linked to a specific AWS service. The
1919
- # service controls the attached policies and when the role can be
1920
- # deleted. This helps ensure that the service is not broken by an
1921
- # unexpectedly changed or deleted role, which could put your AWS
1922
- # resources into an unknown state. Allowing the service to control the
1923
- # role helps improve service stability and proper cleanup when a service
1924
- # and its role are no longer needed. For more information, see [Using
1925
- # service-linked roles][1] in the *IAM User Guide*.
1930
+ # Creates an IAM role that is linked to a specific Amazon Web Services
1931
+ # service. The service controls the attached policies and when the role
1932
+ # can be deleted. This helps ensure that the service is not broken by an
1933
+ # unexpectedly changed or deleted role, which could put your Amazon Web
1934
+ # Services resources into an unknown state. Allowing the service to
1935
+ # control the role helps improve service stability and proper cleanup
1936
+ # when a service and its role are no longer needed. For more
1937
+ # information, see [Using service-linked roles][1] in the *IAM User
1938
+ # Guide*.
1926
1939
  #
1927
1940
  # To attach a policy to this service-linked role, you must make the
1928
- # request using the AWS service that depends on this role.
1941
+ # request using the Amazon Web Services service that depends on this
1942
+ # role.
1929
1943
  #
1930
1944
  #
1931
1945
  #
1932
1946
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
1933
1947
  #
1934
1948
  # @option params [required, String] :aws_service_name
1935
- # The service principal for the AWS service to which this role is
1936
- # attached. You use a string similar to a URL but without the http:// in
1937
- # front. For example: `elasticbeanstalk.amazonaws.com`.
1949
+ # The service principal for the Amazon Web Services service to which
1950
+ # this role is attached. You use a string similar to a URL but without
1951
+ # the http:// in front. For example: `elasticbeanstalk.amazonaws.com`.
1938
1952
  #
1939
1953
  # Service principals are unique and case-sensitive. To find the exact
1940
- # service principal for your service-linked role, see [AWS services that
1941
- # work with IAM][1] in the *IAM User Guide*. Look for the services that
1942
- # have <b>Yes </b>in the **Service-Linked Role** column. Choose the
1943
- # **Yes** link to view the service-linked role documentation for that
1944
- # service.
1954
+ # service principal for your service-linked role, see [Amazon Web
1955
+ # Services services that work with IAM][1] in the *IAM User Guide*. Look
1956
+ # for the services that have <b>Yes </b>in the **Service-Linked Role**
1957
+ # column. Choose the **Yes** link to view the service-linked role
1958
+ # documentation for that service.
1945
1959
  #
1946
1960
  #
1947
1961
  #
@@ -2008,15 +2022,15 @@ module Aws::IAM
2008
2022
  # You can have a maximum of two sets of service-specific credentials for
2009
2023
  # each supported service per user.
2010
2024
  #
2011
- # You can create service-specific credentials for AWS CodeCommit and
2012
- # Amazon Keyspaces (for Apache Cassandra).
2025
+ # You can create service-specific credentials for CodeCommit and Amazon
2026
+ # Keyspaces (for Apache Cassandra).
2013
2027
  #
2014
2028
  # You can reset the password to a new service-generated value by calling
2015
2029
  # ResetServiceSpecificCredential.
2016
2030
  #
2017
2031
  # For more information about service-specific credentials, see [Using
2018
- # IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access
2019
- # keys][1] in the *IAM User Guide*.
2032
+ # IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web
2033
+ # Services access keys][1] in the *IAM User Guide*.
2020
2034
  #
2021
2035
  #
2022
2036
  #
@@ -2038,9 +2052,9 @@ module Aws::IAM
2038
2052
  # [1]: http://wikipedia.org/wiki/regex
2039
2053
  #
2040
2054
  # @option params [required, String] :service_name
2041
- # The name of the AWS service that is to be associated with the
2042
- # credentials. The service you specify here is the only service that can
2043
- # be accessed using these credentials.
2055
+ # The name of the Amazon Web Services service that is to be associated
2056
+ # with the credentials. The service you specify here is the only service
2057
+ # that can be accessed using these credentials.
2044
2058
  #
2045
2059
  # @return [Types::CreateServiceSpecificCredentialResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2046
2060
  #
@@ -2072,7 +2086,7 @@ module Aws::IAM
2072
2086
  req.send_request(options)
2073
2087
  end
2074
2088
 
2075
- # Creates a new IAM user for your AWS account.
2089
+ # Creates a new IAM user for your account.
2076
2090
  #
2077
2091
  # For information about quotas for the number of IAM users you can
2078
2092
  # create, see [IAM and STS quotas][1] in the *IAM User Guide*.
@@ -2187,20 +2201,20 @@ module Aws::IAM
2187
2201
  req.send_request(options)
2188
2202
  end
2189
2203
 
2190
- # Creates a new virtual MFA device for the AWS account. After creating
2191
- # the virtual MFA, use EnableMFADevice to attach the MFA device to an
2192
- # IAM user. For more information about creating and working with virtual
2193
- # MFA devices, see [Using a virtual MFA device][1] in the *IAM User
2194
- # Guide*.
2204
+ # Creates a new virtual MFA device for the account. After creating the
2205
+ # virtual MFA, use EnableMFADevice to attach the MFA device to an IAM
2206
+ # user. For more information about creating and working with virtual MFA
2207
+ # devices, see [Using a virtual MFA device][1] in the *IAM User Guide*.
2195
2208
  #
2196
2209
  # For information about the maximum number of MFA devices you can
2197
2210
  # create, see [IAM and STS quotas][2] in the *IAM User Guide*.
2198
2211
  #
2199
2212
  # The seed information contained in the QR code and the Base32 string
2200
2213
  # should be treated like any other secret access information. In other
2201
- # words, protect the seed information as you would your AWS access keys
2202
- # or your passwords. After you provision your virtual device, you should
2203
- # ensure that the information is destroyed following secure procedures.
2214
+ # words, protect the seed information as you would your Amazon Web
2215
+ # Services access keys or your passwords. After you provision your
2216
+ # virtual device, you should ensure that the information is destroyed
2217
+ # following secure procedures.
2204
2218
  #
2205
2219
  #
2206
2220
  #
@@ -2359,10 +2373,10 @@ module Aws::IAM
2359
2373
  # Deletes the access key pair associated with the specified IAM user.
2360
2374
  #
2361
2375
  # If you do not specify a user name, IAM determines the user name
2362
- # implicitly based on the AWS access key ID signing the request. This
2363
- # operation works for access keys under the AWS account. Consequently,
2364
- # you can use this operation to manage AWS account root user credentials
2365
- # even if the AWS account has no associated users.
2376
+ # implicitly based on the Amazon Web Services access key ID signing the
2377
+ # request. This operation works for access keys under the account.
2378
+ # Consequently, you can use this operation to manage account root user
2379
+ # credentials even if the account has no associated users.
2366
2380
  #
2367
2381
  # @option params [String] :user_name
2368
2382
  # The name of the user whose access key pair you want to delete.
@@ -2416,9 +2430,9 @@ module Aws::IAM
2416
2430
  req.send_request(options)
2417
2431
  end
2418
2432
 
2419
- # Deletes the specified AWS account alias. For information about using
2420
- # an AWS account alias, see [Using an alias for your AWS account ID][1]
2421
- # in the *IAM User Guide*.
2433
+ # Deletes the specified account alias. For information about using an
2434
+ # Amazon Web Services account alias, see [Using an alias for your
2435
+ # account ID][1] in the *IAM User Guide*.
2422
2436
  #
2423
2437
  #
2424
2438
  #
@@ -2462,8 +2476,7 @@ module Aws::IAM
2462
2476
  req.send_request(options)
2463
2477
  end
2464
2478
 
2465
- # Deletes the password policy for the AWS account. There are no
2466
- # parameters.
2479
+ # Deletes the password policy for the account. There are no parameters.
2467
2480
  #
2468
2481
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2469
2482
  #
@@ -2635,19 +2648,19 @@ module Aws::IAM
2635
2648
  end
2636
2649
 
2637
2650
  # Deletes the password for the specified IAM user, which terminates the
2638
- # user's ability to access AWS services through the AWS Management
2639
- # Console.
2651
+ # user's ability to access Amazon Web Services services through the
2652
+ # Management Console.
2640
2653
  #
2641
- # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
2642
- # console to delete a password for any IAM user. You can use
2643
- # ChangePassword to update, but not delete, your own password in the
2644
- # **My Security Credentials** page in the AWS Management Console.
2654
+ # You can use the CLI, the Amazon Web Services API, or the **Users**
2655
+ # page in the IAM console to delete a password for any IAM user. You can
2656
+ # use ChangePassword to update, but not delete, your own password in the
2657
+ # **My Security Credentials** page in the Management Console.
2645
2658
  #
2646
- # Deleting a user's password does not prevent a user from accessing AWS
2647
- # through the command line interface or the API. To prevent all user
2648
- # access, you must also either make any access keys inactive or delete
2649
- # them. For more information about making keys inactive or deleting
2650
- # them, see UpdateAccessKey and DeleteAccessKey.
2659
+ # Deleting a user's password does not prevent a user from accessing
2660
+ # Amazon Web Services through the command line interface or the API. To
2661
+ # prevent all user access, you must also either make any access keys
2662
+ # inactive or delete them. For more information about making keys
2663
+ # inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
2651
2664
  #
2652
2665
  # @option params [required, String] :user_name
2653
2666
  # The name of the user whose password you want to delete.
@@ -2752,7 +2765,7 @@ module Aws::IAM
2752
2765
  # The Amazon Resource Name (ARN) of the IAM policy you want to delete.
2753
2766
  #
2754
2767
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
2755
- # in the *AWS General Reference*.
2768
+ # in the *Amazon Web Services General Reference*.
2756
2769
  #
2757
2770
  #
2758
2771
  #
@@ -2794,7 +2807,7 @@ module Aws::IAM
2794
2807
  # to delete a version.
2795
2808
  #
2796
2809
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
2797
- # in the *AWS General Reference*.
2810
+ # in the *Amazon Web Services General Reference*.
2798
2811
  #
2799
2812
  #
2800
2813
  #
@@ -3015,10 +3028,10 @@ module Aws::IAM
3015
3028
  # Deletes the specified SSH public key.
3016
3029
  #
3017
3030
  # The SSH public key deleted by this operation is used only for
3018
- # authenticating the associated IAM user to an AWS CodeCommit
3019
- # repository. For more information about using SSH keys to authenticate
3020
- # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
3021
- # connections][1] in the *AWS CodeCommit User Guide*.
3031
+ # authenticating the associated IAM user to an CodeCommit repository.
3032
+ # For more information about using SSH keys to authenticate to an
3033
+ # CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
3034
+ # in the *CodeCommit User Guide*.
3022
3035
  #
3023
3036
  #
3024
3037
  #
@@ -3069,8 +3082,8 @@ module Aws::IAM
3069
3082
  #
3070
3083
  # For more information about working with server certificates, see
3071
3084
  # [Working with server certificates][1] in the *IAM User Guide*. This
3072
- # topic also includes a list of AWS services that can use the server
3073
- # certificates that you manage with IAM.
3085
+ # topic also includes a list of Amazon Web Services services that can
3086
+ # use the server certificates that you manage with IAM.
3074
3087
  #
3075
3088
  # If you are using a server certificate with Elastic Load Balancing,
3076
3089
  # deleting the certificate could have implications for your application.
@@ -3132,10 +3145,12 @@ module Aws::IAM
3132
3145
  # first remove those resources from the linked service and then submit
3133
3146
  # the deletion request again. Resources are specific to the service that
3134
3147
  # is linked to the role. For more information about removing resources
3135
- # from a service, see the [AWS documentation][1] for your service.
3148
+ # from a service, see the [Amazon Web Services documentation][1] for
3149
+ # your service.
3136
3150
  #
3137
3151
  # For more information about service-linked roles, see [Roles terms and
3138
- # concepts: AWS service-linked role][2] in the *IAM User Guide*.
3152
+ # concepts: Amazon Web Services service-linked role][2] in the *IAM User
3153
+ # Guide*.
3139
3154
  #
3140
3155
  #
3141
3156
  #
@@ -3217,10 +3232,10 @@ module Aws::IAM
3217
3232
  # Deletes a signing certificate associated with the specified IAM user.
3218
3233
  #
3219
3234
  # If you do not specify a user name, IAM determines the user name
3220
- # implicitly based on the AWS access key ID signing the request. This
3221
- # operation works for access keys under the AWS account. Consequently,
3222
- # you can use this operation to manage AWS account root user credentials
3223
- # even if the AWS account has no associated IAM users.
3235
+ # implicitly based on the Amazon Web Services access key ID signing the
3236
+ # request. This operation works for access keys under the account.
3237
+ # Consequently, you can use this operation to manage account root user
3238
+ # credentials even if the account has no associated IAM users.
3224
3239
  #
3225
3240
  # @option params [String] :user_name
3226
3241
  # The name of the user the signing certificate belongs to.
@@ -3273,11 +3288,11 @@ module Aws::IAM
3273
3288
  req.send_request(options)
3274
3289
  end
3275
3290
 
3276
- # Deletes the specified IAM user. Unlike the AWS Management Console,
3277
- # when you delete a user programmatically, you must delete the items
3278
- # attached to the user manually, or the deletion fails. For more
3279
- # information, see [Deleting an IAM user][1]. Before attempting to
3280
- # delete a user, remove the following items:
3291
+ # Deletes the specified IAM user. Unlike the Management Console, when
3292
+ # you delete a user programmatically, you must delete the items attached
3293
+ # to the user manually, or the deletion fails. For more information, see
3294
+ # [Deleting an IAM user][1]. Before attempting to delete a user, remove
3295
+ # the following items:
3281
3296
  #
3282
3297
  # * Password (DeleteLoginProfile)
3283
3298
  #
@@ -3506,7 +3521,7 @@ module Aws::IAM
3506
3521
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3507
3522
  #
3508
3523
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3509
- # in the *AWS General Reference*.
3524
+ # in the *Amazon Web Services General Reference*.
3510
3525
  #
3511
3526
  #
3512
3527
  #
@@ -3557,7 +3572,7 @@ module Aws::IAM
3557
3572
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3558
3573
  #
3559
3574
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3560
- # in the *AWS General Reference*.
3575
+ # in the *Amazon Web Services General Reference*.
3561
3576
  #
3562
3577
  #
3563
3578
  #
@@ -3608,7 +3623,7 @@ module Aws::IAM
3608
3623
  # The Amazon Resource Name (ARN) of the IAM policy you want to detach.
3609
3624
  #
3610
3625
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
3611
- # in the *AWS General Reference*.
3626
+ # in the *Amazon Web Services General Reference*.
3612
3627
  #
3613
3628
  #
3614
3629
  #
@@ -3713,9 +3728,9 @@ module Aws::IAM
3713
3728
  req.send_request(options)
3714
3729
  end
3715
3730
 
3716
- # Generates a credential report for the AWS account. For more
3717
- # information about the credential report, see [Getting credential
3718
- # reports][1] in the *IAM User Guide*.
3731
+ # Generates a credential report for the account. For more information
3732
+ # about the credential report, see [Getting credential reports][1] in
3733
+ # the *IAM User Guide*.
3719
3734
  #
3720
3735
  #
3721
3736
  #
@@ -3740,18 +3755,17 @@ module Aws::IAM
3740
3755
  req.send_request(options)
3741
3756
  end
3742
3757
 
3743
- # Generates a report for service last accessed data for AWS
3744
- # Organizations. You can generate a report for any entities
3745
- # (organization root, organizational unit, or account) or policies in
3746
- # your organization.
3758
+ # Generates a report for service last accessed data for Organizations.
3759
+ # You can generate a report for any entities (organization root,
3760
+ # organizational unit, or account) or policies in your organization.
3747
3761
  #
3748
- # To call this operation, you must be signed in using your AWS
3749
- # Organizations management account credentials. You can use your
3750
- # long-term IAM user or root user credentials, or temporary credentials
3751
- # from assuming an IAM role. SCPs must be enabled for your organization
3752
- # root. You must have the required IAM and AWS Organizations
3753
- # permissions. For more information, see [Refining permissions using
3754
- # service last accessed data][1] in the *IAM User Guide*.
3762
+ # To call this operation, you must be signed in using your Organizations
3763
+ # management account credentials. You can use your long-term IAM user or
3764
+ # root user credentials, or temporary credentials from assuming an IAM
3765
+ # role. SCPs must be enabled for your organization root. You must have
3766
+ # the required IAM and Organizations permissions. For more information,
3767
+ # see [Refining permissions using service last accessed data][1] in the
3768
+ # *IAM User Guide*.
3755
3769
  #
3756
3770
  # You can generate a service last accessed data report for entities by
3757
3771
  # specifying only the entity's path. This data includes a list of
@@ -3759,8 +3773,8 @@ module Aws::IAM
3759
3773
  # apply to the entity.
3760
3774
  #
3761
3775
  # You can generate a service last accessed data report for a policy by
3762
- # specifying an entity's path and an optional AWS Organizations policy
3763
- # ID. This data includes a list of services that are allowed by the
3776
+ # specifying an entity's path and an optional Organizations policy ID.
3777
+ # This data includes a list of services that are allowed by the
3764
3778
  # specified SCP.
3765
3779
  #
3766
3780
  # For each service in both report types, the data includes the most
@@ -3770,15 +3784,16 @@ module Aws::IAM
3770
3784
  # troubleshooting, and supported Regions see [Reducing permissions using
3771
3785
  # service last accessed data][1] in the *IAM User Guide*.
3772
3786
  #
3773
- # The data includes all attempts to access AWS, not just the successful
3774
- # ones. This includes all attempts that were made using the AWS
3775
- # Management Console, the AWS API through any of the SDKs, or any of the
3776
- # command line tools. An unexpected entry in the service last accessed
3777
- # data does not mean that an account has been compromised, because the
3778
- # request might have been denied. Refer to your CloudTrail logs as the
3779
- # authoritative source for information about all API calls and whether
3780
- # they were successful or denied access. For more information,
3781
- # see [Logging IAM events with CloudTrail][2] in the *IAM User Guide*.
3787
+ # The data includes all attempts to access Amazon Web Services, not just
3788
+ # the successful ones. This includes all attempts that were made using
3789
+ # the Management Console, the Amazon Web Services API through any of the
3790
+ # SDKs, or any of the command line tools. An unexpected entry in the
3791
+ # service last accessed data does not mean that an account has been
3792
+ # compromised, because the request might have been denied. Refer to your
3793
+ # CloudTrail logs as the authoritative source for information about all
3794
+ # API calls and whether they were successful or denied access. For more
3795
+ # information, see [Logging IAM events with CloudTrail][2] in the *IAM
3796
+ # User Guide*.
3782
3797
  #
3783
3798
  # This operation returns a `JobId`. Use this parameter in the `
3784
3799
  # GetOrganizationsAccessReport ` operation to check the status of the
@@ -3788,9 +3803,9 @@ module Aws::IAM
3788
3803
  # you can retrieve the report.
3789
3804
  #
3790
3805
  # To generate a service last accessed data report for entities, specify
3791
- # an entity path without specifying the optional AWS Organizations
3792
- # policy ID. The type of entity that you specify determines the data
3793
- # returned in the report.
3806
+ # an entity path without specifying the optional Organizations policy
3807
+ # ID. The type of entity that you specify determines the data returned
3808
+ # in the report.
3794
3809
  #
3795
3810
  # * **Root** – When you specify the organizations root as the entity,
3796
3811
  # the resulting report lists all of the services allowed by SCPs that
@@ -3806,9 +3821,9 @@ module Aws::IAM
3806
3821
  # not limited by SCPs.
3807
3822
  #
3808
3823
  # * **management account** – When you specify the management account,
3809
- # the resulting report lists all AWS services, because the management
3810
- # account is not limited by SCPs. For each service, the report
3811
- # includes data for only the management account.
3824
+ # the resulting report lists all Amazon Web Services services, because
3825
+ # the management account is not limited by SCPs. For each service, the
3826
+ # report includes data for only the management account.
3812
3827
  #
3813
3828
  # * **Account** – When you specify another account as the entity, the
3814
3829
  # resulting report lists all of the services allowed by SCPs that are
@@ -3816,9 +3831,8 @@ module Aws::IAM
3816
3831
  # report includes data for only the specified account.
3817
3832
  #
3818
3833
  # To generate a service last accessed data report for policies, specify
3819
- # an entity path and the optional AWS Organizations policy ID. The type
3820
- # of entity that you specify determines the data returned for each
3821
- # service.
3834
+ # an entity path and the optional Organizations policy ID. The type of
3835
+ # entity that you specify determines the data returned for each service.
3822
3836
  #
3823
3837
  # * **Root** – When you specify the root entity and a policy ID, the
3824
3838
  # resulting report lists all of the services that are allowed by the
@@ -3840,10 +3854,10 @@ module Aws::IAM
3840
3854
  # the report will return a list of services with no data.
3841
3855
  #
3842
3856
  # * **management account** – When you specify the management account,
3843
- # the resulting report lists all AWS services, because the management
3844
- # account is not limited by SCPs. If you specify a policy ID in the
3845
- # CLI or API, the policy is ignored. For each service, the report
3846
- # includes data for only the management account.
3857
+ # the resulting report lists all Amazon Web Services services, because
3858
+ # the management account is not limited by SCPs. If you specify a
3859
+ # policy ID in the CLI or API, the policy is ignored. For each
3860
+ # service, the report includes data for only the management account.
3847
3861
  #
3848
3862
  # * **Account** – When you specify another account entity and a policy
3849
3863
  # ID, the resulting report lists all of the services that are allowed
@@ -3872,21 +3886,21 @@ module Aws::IAM
3872
3886
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
3873
3887
  #
3874
3888
  # @option params [required, String] :entity_path
3875
- # The path of the AWS Organizations entity (root, OU, or account). You
3876
- # can build an entity path using the known structure of your
3877
- # organization. For example, assume that your account ID is
3878
- # `123456789012` and its parent OU ID is `ou-rge0-awsabcde`. The
3879
- # organization root ID is `r-f6g7h8i9j0example` and your organization ID
3880
- # is `o-a1b2c3d4e5`. Your entity path is
3889
+ # The path of the Organizations entity (root, OU, or account). You can
3890
+ # build an entity path using the known structure of your organization.
3891
+ # For example, assume that your account ID is `123456789012` and its
3892
+ # parent OU ID is `ou-rge0-awsabcde`. The organization root ID is
3893
+ # `r-f6g7h8i9j0example` and your organization ID is `o-a1b2c3d4e5`. Your
3894
+ # entity path is
3881
3895
  # `o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012`.
3882
3896
  #
3883
3897
  # @option params [String] :organizations_policy_id
3884
- # The identifier of the AWS Organizations service control policy (SCP).
3885
- # This parameter is optional.
3898
+ # The identifier of the Organizations service control policy (SCP). This
3899
+ # parameter is optional.
3886
3900
  #
3887
3901
  # This ID is used to generate information about when an account
3888
- # principal that is limited by the SCP attempted to access an AWS
3889
- # service.
3902
+ # principal that is limited by the SCP attempted to access an Amazon Web
3903
+ # Services service.
3890
3904
  #
3891
3905
  # @return [Types::GenerateOrganizationsAccessReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3892
3906
  #
@@ -3928,31 +3942,31 @@ module Aws::IAM
3928
3942
 
3929
3943
  # Generates a report that includes details about when an IAM resource
3930
3944
  # (user, group, role, or policy) was last used in an attempt to access
3931
- # AWS services. Recent activity usually appears within four hours. IAM
3932
- # reports activity for the last 365 days, or less if your Region began
3933
- # supporting this feature within the last year. For more information,
3934
- # see [Regions where data is tracked][1].
3935
- #
3936
- # The service last accessed data includes all attempts to access an AWS
3937
- # API, not just the successful ones. This includes all attempts that
3938
- # were made using the AWS Management Console, the AWS API through any of
3939
- # the SDKs, or any of the command line tools. An unexpected entry in the
3940
- # service last accessed data does not mean that your account has been
3941
- # compromised, because the request might have been denied. Refer to your
3942
- # CloudTrail logs as the authoritative source for information about all
3943
- # API calls and whether they were successful or denied access. For more
3944
- # information, see [Logging IAM events with CloudTrail][2] in the *IAM
3945
- # User Guide*.
3945
+ # Amazon Web Services services. Recent activity usually appears within
3946
+ # four hours. IAM reports activity for the last 365 days, or less if
3947
+ # your Region began supporting this feature within the last year. For
3948
+ # more information, see [Regions where data is tracked][1].
3949
+ #
3950
+ # The service last accessed data includes all attempts to access an
3951
+ # Amazon Web Services API, not just the successful ones. This includes
3952
+ # all attempts that were made using the Management Console, the Amazon
3953
+ # Web Services API through any of the SDKs, or any of the command line
3954
+ # tools. An unexpected entry in the service last accessed data does not
3955
+ # mean that your account has been compromised, because the request might
3956
+ # have been denied. Refer to your CloudTrail logs as the authoritative
3957
+ # source for information about all API calls and whether they were
3958
+ # successful or denied access. For more information, see [Logging IAM
3959
+ # events with CloudTrail][2] in the *IAM User Guide*.
3946
3960
  #
3947
3961
  # The `GenerateServiceLastAccessedDetails` operation returns a `JobId`.
3948
3962
  # Use this parameter in the following operations to retrieve the
3949
3963
  # following details from your report:
3950
3964
  #
3951
3965
  # * GetServiceLastAccessedDetails – Use this operation for users,
3952
- # groups, roles, or policies to list every AWS service that the
3953
- # resource could access using permissions policies. For each service,
3954
- # the response includes information about the most recent access
3955
- # attempt.
3966
+ # groups, roles, or policies to list every Amazon Web Services service
3967
+ # that the resource could access using permissions policies. For each
3968
+ # service, the response includes information about the most recent
3969
+ # access attempt.
3956
3970
  #
3957
3971
  # The `JobId` returned by `GenerateServiceLastAccessedDetail` must be
3958
3972
  # used by the same role within a session, or by the same user when
@@ -3960,8 +3974,8 @@ module Aws::IAM
3960
3974
  #
3961
3975
  # * GetServiceLastAccessedDetailsWithEntities – Use this operation for
3962
3976
  # groups and policies to list information about the associated
3963
- # entities (users or roles) that attempted to access a specific AWS
3964
- # service.
3977
+ # entities (users or roles) that attempted to access a specific Amazon
3978
+ # Web Services service.
3965
3979
  #
3966
3980
  # To check the status of the `GenerateServiceLastAccessedDetails`
3967
3981
  # request, use the `JobId` parameter in the same operations and test the
@@ -3974,10 +3988,10 @@ module Aws::IAM
3974
3988
  # <note markdown="1"> Service last accessed data does not use other policy types when
3975
3989
  # determining whether a resource could access a service. These other
3976
3990
  # policy types include resource-based policies, access control lists,
3977
- # AWS Organizations policies, IAM permissions boundaries, and AWS STS
3978
- # assume role policies. It only applies permissions policy logic. For
3979
- # more about the evaluation of policy types, see [Evaluating
3980
- # policies][3] in the *IAM User Guide*.
3991
+ # Organizations policies, IAM permissions boundaries, and STS assume
3992
+ # role policies. It only applies permissions policy logic. For more
3993
+ # about the evaluation of policy types, see [Evaluating policies][3] in
3994
+ # the *IAM User Guide*.
3981
3995
  #
3982
3996
  # </note>
3983
3997
  #
@@ -3995,7 +4009,7 @@ module Aws::IAM
3995
4009
  # @option params [required, String] :arn
3996
4010
  # The ARN of the IAM resource (user, group, role, or managed policy)
3997
4011
  # used to generate information about when the resource was last used in
3998
- # an attempt to access an AWS service.
4012
+ # an attempt to access an Amazon Web Services service.
3999
4013
  #
4000
4014
  # @option params [String] :granularity
4001
4015
  # The level of detail that you want to generate. You can specify whether
@@ -4045,8 +4059,8 @@ module Aws::IAM
4045
4059
 
4046
4060
  # Retrieves information about when the specified access key was last
4047
4061
  # used. The information includes the date and time of last use, along
4048
- # with the AWS service and Region that were specified in the last
4049
- # request made with that key.
4062
+ # with the Amazon Web Services service and Region that were specified in
4063
+ # the last request made with that key.
4050
4064
  #
4051
4065
  # @option params [required, String] :access_key_id
4052
4066
  # The identifier of an access key.
@@ -4087,9 +4101,10 @@ module Aws::IAM
4087
4101
  end
4088
4102
 
4089
4103
  # Retrieves information about all IAM users, groups, roles, and policies
4090
- # in your AWS account, including their relationships to one another. Use
4091
- # this operation to obtain a snapshot of the configuration of IAM
4092
- # permissions (users, groups, roles, and policies) in your account.
4104
+ # in your Amazon Web Services account, including their relationships to
4105
+ # one another. Use this operation to obtain a snapshot of the
4106
+ # configuration of IAM permissions (users, groups, roles, and policies)
4107
+ # in your account.
4093
4108
  #
4094
4109
  # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
4095
4110
  # [RFC 3986][1]. You can use a URL decoding method to convert the policy
@@ -4259,7 +4274,7 @@ module Aws::IAM
4259
4274
  req.send_request(options)
4260
4275
  end
4261
4276
 
4262
- # Retrieves the password policy for the AWS account. This tells you the
4277
+ # Retrieves the password policy for the account. This tells you the
4263
4278
  # complexity requirements and mandatory rotation periods for the IAM
4264
4279
  # user passwords in your account. For more information about using a
4265
4280
  # password policy, see [Managing an IAM password policy][1].
@@ -4318,8 +4333,8 @@ module Aws::IAM
4318
4333
  req.send_request(options)
4319
4334
  end
4320
4335
 
4321
- # Retrieves information about IAM entity usage and IAM quotas in the AWS
4322
- # account.
4336
+ # Retrieves information about IAM entity usage and IAM quotas in the
4337
+ # Amazon Web Services account.
4323
4338
  #
4324
4339
  # For information about IAM quotas, see [IAM and STS quotas][1] in the
4325
4340
  # *IAM User Guide*.
@@ -4391,14 +4406,14 @@ module Aws::IAM
4391
4406
  # To get the context keys from policies associated with an IAM user,
4392
4407
  # group, or role, use GetContextKeysForPrincipalPolicy.
4393
4408
  #
4394
- # Context keys are variables maintained by AWS and its services that
4395
- # provide details about the context of an API query request. Context
4396
- # keys can be evaluated by testing against a value specified in an IAM
4397
- # policy. Use `GetContextKeysForCustomPolicy` to understand what key
4398
- # names and values you must supply when you call SimulateCustomPolicy.
4399
- # Note that all parameters are shown in unencoded form here for clarity
4400
- # but must be URL encoded to be included as a part of a real HTML
4401
- # request.
4409
+ # Context keys are variables maintained by Amazon Web Services and its
4410
+ # services that provide details about the context of an API query
4411
+ # request. Context keys can be evaluated by testing against a value
4412
+ # specified in an IAM policy. Use `GetContextKeysForCustomPolicy` to
4413
+ # understand what key names and values you must supply when you call
4414
+ # SimulateCustomPolicy. Note that all parameters are shown in unencoded
4415
+ # form here for clarity but must be URL encoded to be included as a part
4416
+ # of a real HTML request.
4402
4417
  #
4403
4418
  # @option params [required, Array<String>] :policy_input_list
4404
4419
  # A list of policies for which you want the list of context keys
@@ -4460,11 +4475,12 @@ module Aws::IAM
4460
4475
  # permissions, then consider allowing them to use
4461
4476
  # GetContextKeysForCustomPolicy instead.
4462
4477
  #
4463
- # Context keys are variables maintained by AWS and its services that
4464
- # provide details about the context of an API query request. Context
4465
- # keys can be evaluated by testing against a value in an IAM policy. Use
4466
- # GetContextKeysForPrincipalPolicy to understand what key names and
4467
- # values you must supply when you call SimulatePrincipalPolicy.
4478
+ # Context keys are variables maintained by Amazon Web Services and its
4479
+ # services that provide details about the context of an API query
4480
+ # request. Context keys can be evaluated by testing against a value in
4481
+ # an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what
4482
+ # key names and values you must supply when you call
4483
+ # SimulatePrincipalPolicy.
4468
4484
  #
4469
4485
  # @option params [required, String] :policy_source_arn
4470
4486
  # The ARN of a user, group, or role whose policies contain the context
@@ -4477,7 +4493,7 @@ module Aws::IAM
4477
4493
  # URL encoded to be included as a part of a real HTML request.
4478
4494
  #
4479
4495
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
4480
- # in the *AWS General Reference*.
4496
+ # in the *Amazon Web Services General Reference*.
4481
4497
  #
4482
4498
  #
4483
4499
  #
@@ -4528,9 +4544,9 @@ module Aws::IAM
4528
4544
  req.send_request(options)
4529
4545
  end
4530
4546
 
4531
- # Retrieves a credential report for the AWS account. For more
4532
- # information about the credential report, see [Getting credential
4533
- # reports][1] in the *IAM User Guide*.
4547
+ # Retrieves a credential report for the account. For more information
4548
+ # about the credential report, see [Getting credential reports][1] in
4549
+ # the *IAM User Guide*.
4534
4550
  #
4535
4551
  #
4536
4552
  #
@@ -4815,9 +4831,19 @@ module Aws::IAM
4815
4831
  req.send_request(options)
4816
4832
  end
4817
4833
 
4818
- # Retrieves the user name and password creation date for the specified
4819
- # IAM user. If the user has not been assigned a password, the operation
4820
- # returns a 404 (`NoSuchEntity`) error.
4834
+ # Retrieves the user name for the specified IAM user. A login profile is
4835
+ # created when you create a password for the user to access the
4836
+ # Management Console. If the user does not exist or does not have a
4837
+ # password, the operation returns a 404 (`NoSuchEntity`) error.
4838
+ #
4839
+ # If you create an IAM user with access to the console, the `CreateDate`
4840
+ # reflects the date you created the initial password for the user.
4841
+ #
4842
+ # If you create an IAM user with programmatic access, and then later add
4843
+ # a password for the user to access the Management Console, the
4844
+ # `CreateDate` reflects the initial password creation date. A user with
4845
+ # programmatic access does not have a login profile unless you create a
4846
+ # password for the user to access the Management Console.
4821
4847
  #
4822
4848
  # @option params [required, String] :user_name
4823
4849
  # The name of the user whose login profile you want to retrieve.
@@ -4882,7 +4908,7 @@ module Aws::IAM
4882
4908
  # resource ARNs by using the ListOpenIDConnectProviders operation.
4883
4909
  #
4884
4910
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
4885
- # in the *AWS General Reference*.
4911
+ # in the *Amazon Web Services General Reference*.
4886
4912
  #
4887
4913
  #
4888
4914
  #
@@ -4923,10 +4949,10 @@ module Aws::IAM
4923
4949
  req.send_request(options)
4924
4950
  end
4925
4951
 
4926
- # Retrieves the service last accessed data report for AWS Organizations
4927
- # that was previously generated using the `
4928
- # GenerateOrganizationsAccessReport ` operation. This operation
4929
- # retrieves the status of your report job and the report contents.
4952
+ # Retrieves the service last accessed data report for Organizations that
4953
+ # was previously generated using the ` GenerateOrganizationsAccessReport
4954
+ # ` operation. This operation retrieves the status of your report job
4955
+ # and the report contents.
4930
4956
  #
4931
4957
  # Depending on the parameters that you passed when you generated the
4932
4958
  # report, the data returned could include different information. For
@@ -5093,7 +5119,7 @@ module Aws::IAM
5093
5119
  # information about.
5094
5120
  #
5095
5121
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5096
- # in the *AWS General Reference*.
5122
+ # in the *Amazon Web Services General Reference*.
5097
5123
  #
5098
5124
  #
5099
5125
  #
@@ -5175,7 +5201,7 @@ module Aws::IAM
5175
5201
  # information about.
5176
5202
  #
5177
5203
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5178
- # in the *AWS General Reference*.
5204
+ # in the *Amazon Web Services General Reference*.
5179
5205
  #
5180
5206
  #
5181
5207
  #
@@ -5414,7 +5440,7 @@ module Aws::IAM
5414
5440
  # IAM to get information about.
5415
5441
  #
5416
5442
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
5417
- # in the *AWS General Reference*.
5443
+ # in the *Amazon Web Services General Reference*.
5418
5444
  #
5419
5445
  #
5420
5446
  #
@@ -5455,10 +5481,10 @@ module Aws::IAM
5455
5481
  # key.
5456
5482
  #
5457
5483
  # The SSH public key retrieved by this operation is used only for
5458
- # authenticating the associated IAM user to an AWS CodeCommit
5459
- # repository. For more information about using SSH keys to authenticate
5460
- # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
5461
- # connections][1] in the *AWS CodeCommit User Guide*.
5484
+ # authenticating the associated IAM user to an CodeCommit repository.
5485
+ # For more information about using SSH keys to authenticate to an
5486
+ # CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
5487
+ # in the *CodeCommit User Guide*.
5462
5488
  #
5463
5489
  #
5464
5490
  #
@@ -5527,8 +5553,8 @@ module Aws::IAM
5527
5553
  #
5528
5554
  # For more information about working with server certificates, see
5529
5555
  # [Working with server certificates][1] in the *IAM User Guide*. This
5530
- # topic includes a list of AWS services that can use the server
5531
- # certificates that you manage with IAM.
5556
+ # topic includes a list of Amazon Web Services services that can use the
5557
+ # server certificates that you manage with IAM.
5532
5558
  #
5533
5559
  #
5534
5560
  #
@@ -5584,17 +5610,17 @@ module Aws::IAM
5584
5610
  # `GenerateServiceLastAccessedDetails` operation. You can use the
5585
5611
  # `JobId` parameter in `GetServiceLastAccessedDetails` to retrieve the
5586
5612
  # status of your report job. When the report is complete, you can
5587
- # retrieve the generated report. The report includes a list of AWS
5588
- # services that the resource (user, group, role, or managed policy) can
5589
- # access.
5613
+ # retrieve the generated report. The report includes a list of Amazon
5614
+ # Web Services services that the resource (user, group, role, or managed
5615
+ # policy) can access.
5590
5616
  #
5591
5617
  # <note markdown="1"> Service last accessed data does not use other policy types when
5592
5618
  # determining whether a resource could access a service. These other
5593
5619
  # policy types include resource-based policies, access control lists,
5594
- # AWS Organizations policies, IAM permissions boundaries, and AWS STS
5595
- # assume role policies. It only applies permissions policy logic. For
5596
- # more about the evaluation of policy types, see [Evaluating
5597
- # policies][1] in the *IAM User Guide*.
5620
+ # Organizations policies, IAM permissions boundaries, and STS assume
5621
+ # role policies. It only applies permissions policy logic. For more
5622
+ # about the evaluation of policy types, see [Evaluating policies][1] in
5623
+ # the *IAM User Guide*.
5598
5624
  #
5599
5625
  # </note>
5600
5626
  #
@@ -5773,16 +5799,17 @@ module Aws::IAM
5773
5799
  # `GenerateServiceLastAccessedDetails` operation.
5774
5800
  #
5775
5801
  # @option params [required, String] :service_namespace
5776
- # The service namespace for an AWS service. Provide the service
5777
- # namespace to learn when the IAM entity last attempted to access the
5778
- # specified service.
5802
+ # The service namespace for an Amazon Web Services service. Provide the
5803
+ # service namespace to learn when the IAM entity last attempted to
5804
+ # access the specified service.
5779
5805
  #
5780
5806
  # To learn the service namespace for a service, see [Actions, resources,
5781
- # and condition keys for AWS services][1] in the *IAM User Guide*.
5782
- # Choose the name of the service to view details for that service. In
5783
- # the first paragraph, find the service prefix. For example, `(service
5784
- # prefix: a4b)`. For more information about service namespaces, see [AWS
5785
- # service namespaces][2] in the *AWS General Reference*.
5807
+ # and condition keys for Amazon Web Services services][1] in the *IAM
5808
+ # User Guide*. Choose the name of the service to view details for that
5809
+ # service. In the first paragraph, find the service prefix. For example,
5810
+ # `(service prefix: a4b)`. For more information about service
5811
+ # namespaces, see [Amazon Web Services service namespaces][2] in
5812
+ # the *Amazon Web Services General Reference*.
5786
5813
  #
5787
5814
  #
5788
5815
  #
@@ -5935,8 +5962,8 @@ module Aws::IAM
5935
5962
  # user's creation date, path, unique ID, and ARN.
5936
5963
  #
5937
5964
  # If you do not specify a user name, IAM determines the user name
5938
- # implicitly based on the AWS access key ID used to sign the request to
5939
- # this operation.
5965
+ # implicitly based on the Amazon Web Services access key ID used to sign
5966
+ # the request to this operation.
5940
5967
  #
5941
5968
  # @option params [String] :user_name
5942
5969
  # The name of the user to get information about.
@@ -6093,12 +6120,12 @@ module Aws::IAM
6093
6120
  # paginate the results using the `MaxItems` and `Marker` parameters.
6094
6121
  #
6095
6122
  # If the `UserName` field is not specified, the user name is determined
6096
- # implicitly based on the AWS access key ID used to sign the request.
6097
- # This operation works for access keys under the AWS account.
6098
- # Consequently, you can use this operation to manage AWS account root
6099
- # user credentials even if the AWS account has no associated users.
6123
+ # implicitly based on the Amazon Web Services access key ID used to sign
6124
+ # the request. This operation works for access keys under the account.
6125
+ # Consequently, you can use this operation to manage account root user
6126
+ # credentials even if the account has no associated users.
6100
6127
  #
6101
- # <note markdown="1"> To ensure the security of your AWS account, the secret access key is
6128
+ # <note markdown="1"> To ensure the security of your account, the secret access key is
6102
6129
  # accessible only during key and user creation.
6103
6130
  #
6104
6131
  # </note>
@@ -6194,9 +6221,9 @@ module Aws::IAM
6194
6221
  req.send_request(options)
6195
6222
  end
6196
6223
 
6197
- # Lists the account alias associated with the AWS account (Note: you can
6198
- # have only one). For information about using an AWS account alias, see
6199
- # [Using an alias for your AWS account ID][1] in the *IAM User Guide*.
6224
+ # Lists the account alias associated with the account (Note: you can
6225
+ # have only one). For information about using an account alias, see
6226
+ # [Using an alias for your account ID][1] in the *IAM User Guide*.
6200
6227
  #
6201
6228
  #
6202
6229
  #
@@ -6575,7 +6602,7 @@ module Aws::IAM
6575
6602
  # the versions.
6576
6603
  #
6577
6604
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
6578
- # in the *AWS General Reference*.
6605
+ # in the *Amazon Web Services General Reference*.
6579
6606
  #
6580
6607
  #
6581
6608
  #
@@ -6993,10 +7020,10 @@ module Aws::IAM
6993
7020
  # @option params [required, String] :instance_profile_name
6994
7021
  # The name of the IAM instance profile whose tags you want to see.
6995
7022
  #
6996
- # This parameter accepts (through its [regex pattern][1]) a string of
6997
- # characters that consist of upper and lowercase alphanumeric characters
7023
+ # This parameter allows (through its [regex pattern][1]) a string of
7024
+ # characters consisting of upper and lowercase alphanumeric characters
6998
7025
  # with no spaces. You can also include any of the following characters:
6999
- # =,.@-
7026
+ # \_+=,.@-
7000
7027
  #
7001
7028
  #
7002
7029
  #
@@ -7009,16 +7036,15 @@ module Aws::IAM
7009
7036
  # to indicate where the next call should start.
7010
7037
  #
7011
7038
  # @option params [Integer] :max_items
7012
- # (Optional) Use this only when paginating results to indicate the
7013
- # maximum number of items that you want in the response. If additional
7014
- # items exist beyond the maximum that you specify, the `IsTruncated`
7015
- # response element is `true`.
7039
+ # Use this only when paginating results to indicate the maximum number
7040
+ # of items you want in the response. If additional items exist beyond
7041
+ # the maximum you specify, the `IsTruncated` response element is `true`.
7016
7042
  #
7017
- # If you do not include this parameter, it defaults to 100. Note that
7018
- # IAM might return fewer results, even when more results are available.
7019
- # In that case, the `IsTruncated` response element returns `true`, and
7020
- # `Marker` contains a value to include in the subsequent call that tells
7021
- # the service where to continue from.
7043
+ # If you do not include this parameter, the number of items defaults to
7044
+ # 100. Note that IAM might return fewer results, even when there are
7045
+ # more results available. In that case, the `IsTruncated` response
7046
+ # element returns `true`, and `Marker` contains a value to include in
7047
+ # the subsequent call that tells the service where to continue from.
7022
7048
  #
7023
7049
  # @return [Types::ListInstanceProfileTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7024
7050
  #
@@ -7270,10 +7296,10 @@ module Aws::IAM
7270
7296
  # want to see. For virtual MFA devices, the serial number is the same as
7271
7297
  # the ARN.
7272
7298
  #
7273
- # This parameter accepts (through its [regex pattern][1]) a string of
7274
- # characters that consist of upper and lowercase alphanumeric characters
7299
+ # This parameter allows (through its [regex pattern][1]) a string of
7300
+ # characters consisting of upper and lowercase alphanumeric characters
7275
7301
  # with no spaces. You can also include any of the following characters:
7276
- # =,.@-
7302
+ # \_+=,.@-
7277
7303
  #
7278
7304
  #
7279
7305
  #
@@ -7286,16 +7312,15 @@ module Aws::IAM
7286
7312
  # to indicate where the next call should start.
7287
7313
  #
7288
7314
  # @option params [Integer] :max_items
7289
- # (Optional) Use this only when paginating results to indicate the
7290
- # maximum number of items that you want in the response. If additional
7291
- # items exist beyond the maximum that you specify, the `IsTruncated`
7292
- # response element is `true`.
7315
+ # Use this only when paginating results to indicate the maximum number
7316
+ # of items you want in the response. If additional items exist beyond
7317
+ # the maximum you specify, the `IsTruncated` response element is `true`.
7293
7318
  #
7294
- # If you do not include this parameter, it defaults to 100. Note that
7295
- # IAM might return fewer results, even when more results are available.
7296
- # In that case, the `IsTruncated` response element returns `true`, and
7297
- # `Marker` contains a value to include in the subsequent call that tells
7298
- # the service where to continue from.
7319
+ # If you do not include this parameter, the number of items defaults to
7320
+ # 100. Note that IAM might return fewer results, even when there are
7321
+ # more results available. In that case, the `IsTruncated` response
7322
+ # element returns `true`, and `Marker` contains a value to include in
7323
+ # the subsequent call that tells the service where to continue from.
7299
7324
  #
7300
7325
  # @return [Types::ListMFADeviceTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7301
7326
  #
@@ -7331,8 +7356,8 @@ module Aws::IAM
7331
7356
  # Lists the MFA devices for an IAM user. If the request includes a IAM
7332
7357
  # user name, then this operation lists all the MFA devices associated
7333
7358
  # with the specified user. If you do not specify a user name, IAM
7334
- # determines the user name implicitly based on the AWS access key ID
7335
- # signing the request for this operation.
7359
+ # determines the user name implicitly based on the Amazon Web Services
7360
+ # access key ID signing the request for this operation.
7336
7361
  #
7337
7362
  # You can paginate the results using the `MaxItems` and `Marker`
7338
7363
  # parameters.
@@ -7417,10 +7442,10 @@ module Aws::IAM
7417
7442
  # The ARN of the OpenID Connect (OIDC) identity provider whose tags you
7418
7443
  # want to see.
7419
7444
  #
7420
- # This parameter accepts (through its [regex pattern][1]) a string of
7421
- # characters that consist of upper and lowercase alphanumeric characters
7445
+ # This parameter allows (through its [regex pattern][1]) a string of
7446
+ # characters consisting of upper and lowercase alphanumeric characters
7422
7447
  # with no spaces. You can also include any of the following characters:
7423
- # =,.@-
7448
+ # \_+=,.@-
7424
7449
  #
7425
7450
  #
7426
7451
  #
@@ -7433,16 +7458,15 @@ module Aws::IAM
7433
7458
  # to indicate where the next call should start.
7434
7459
  #
7435
7460
  # @option params [Integer] :max_items
7436
- # (Optional) Use this only when paginating results to indicate the
7437
- # maximum number of items that you want in the response. If additional
7438
- # items exist beyond the maximum that you specify, the `IsTruncated`
7439
- # response element is `true`.
7461
+ # Use this only when paginating results to indicate the maximum number
7462
+ # of items you want in the response. If additional items exist beyond
7463
+ # the maximum you specify, the `IsTruncated` response element is `true`.
7440
7464
  #
7441
- # If you do not include this parameter, it defaults to 100. Note that
7442
- # IAM might return fewer results, even when more results are available.
7443
- # In that case, the `IsTruncated` response element returns `true`, and
7444
- # `Marker` contains a value to include in the subsequent call that tells
7445
- # the service where to continue from.
7465
+ # If you do not include this parameter, the number of items defaults to
7466
+ # 100. Note that IAM might return fewer results, even when there are
7467
+ # more results available. In that case, the `IsTruncated` response
7468
+ # element returns `true`, and `Marker` contains a value to include in
7469
+ # the subsequent call that tells the service where to continue from.
7446
7470
  #
7447
7471
  # @return [Types::ListOpenIDConnectProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7448
7472
  #
@@ -7476,7 +7500,7 @@ module Aws::IAM
7476
7500
  end
7477
7501
 
7478
7502
  # Lists information about the IAM OpenID Connect (OIDC) provider
7479
- # resource objects defined in the AWS account.
7503
+ # resource objects defined in the account.
7480
7504
  #
7481
7505
  # <note markdown="1"> IAM resource-listing operations return a subset of the available
7482
7506
  # attributes for the resource. For example, this operation does not
@@ -7504,15 +7528,15 @@ module Aws::IAM
7504
7528
  req.send_request(options)
7505
7529
  end
7506
7530
 
7507
- # Lists all the managed policies that are available in your AWS account,
7508
- # including your own customer-defined managed policies and all AWS
7509
- # managed policies.
7531
+ # Lists all the managed policies that are available in your account,
7532
+ # including your own customer-defined managed policies and all Amazon
7533
+ # Web Services managed policies.
7510
7534
  #
7511
7535
  # You can filter the list of policies that is returned using the
7512
7536
  # optional `OnlyAttached`, `Scope`, and `PathPrefix` parameters. For
7513
- # example, to list only the customer managed policies in your AWS
7514
- # account, set `Scope` to `Local`. To list only AWS managed policies,
7515
- # set `Scope` to `AWS`.
7537
+ # example, to list only the customer managed policies in your Amazon Web
7538
+ # Services account, set `Scope` to `Local`. To list only Amazon Web
7539
+ # Services managed policies, set `Scope` to `AWS`.
7516
7540
  #
7517
7541
  # You can paginate the results using the `MaxItems` and `Marker`
7518
7542
  # parameters.
@@ -7535,9 +7559,9 @@ module Aws::IAM
7535
7559
  # @option params [String] :scope
7536
7560
  # The scope to use for filtering the results.
7537
7561
  #
7538
- # To list only AWS managed policies, set `Scope` to `AWS`. To list only
7539
- # the customer managed policies in your AWS account, set `Scope` to
7540
- # `Local`.
7562
+ # To list only Amazon Web Services managed policies, set `Scope` to
7563
+ # `AWS`. To list only the customer managed policies in your account, set
7564
+ # `Scope` to `Local`.
7541
7565
  #
7542
7566
  # This parameter is optional. If it is not included, or if it is set to
7543
7567
  # `All`, all policies are returned.
@@ -7645,11 +7669,10 @@ module Aws::IAM
7645
7669
  #
7646
7670
  # <note markdown="1"> This operation does not use other policy types when determining
7647
7671
  # whether a resource could access a service. These other policy types
7648
- # include resource-based policies, access control lists, AWS
7649
- # Organizations policies, IAM permissions boundaries, and AWS STS assume
7650
- # role policies. It only applies permissions policy logic. For more
7651
- # about the evaluation of policy types, see [Evaluating policies][1] in
7652
- # the *IAM User Guide*.
7672
+ # include resource-based policies, access control lists, Organizations
7673
+ # policies, IAM permissions boundaries, and STS assume role policies. It
7674
+ # only applies permissions policy logic. For more about the evaluation
7675
+ # of policy types, see [Evaluating policies][1] in the *IAM User Guide*.
7653
7676
  #
7654
7677
  # </note>
7655
7678
  #
@@ -7695,15 +7718,16 @@ module Aws::IAM
7695
7718
  # want to list.
7696
7719
  #
7697
7720
  # @option params [required, Array<String>] :service_namespaces
7698
- # The service namespace for the AWS services whose policies you want to
7699
- # list.
7721
+ # The service namespace for the Amazon Web Services services whose
7722
+ # policies you want to list.
7700
7723
  #
7701
7724
  # To learn the service namespace for a service, see [Actions, resources,
7702
- # and condition keys for AWS services][1] in the *IAM User Guide*.
7703
- # Choose the name of the service to view details for that service. In
7704
- # the first paragraph, find the service prefix. For example, `(service
7705
- # prefix: a4b)`. For more information about service namespaces, see [AWS
7706
- # service namespaces][2] in the *AWS General Reference*.
7725
+ # and condition keys for Amazon Web Services services][1] in the *IAM
7726
+ # User Guide*. Choose the name of the service to view details for that
7727
+ # service. In the first paragraph, find the service prefix. For example,
7728
+ # `(service prefix: a4b)`. For more information about service
7729
+ # namespaces, see [Amazon Web Services service namespaces][2] in
7730
+ # the *Amazon Web Services General Reference*.
7707
7731
  #
7708
7732
  #
7709
7733
  #
@@ -7804,10 +7828,10 @@ module Aws::IAM
7804
7828
  # @option params [required, String] :policy_arn
7805
7829
  # The ARN of the IAM customer managed policy whose tags you want to see.
7806
7830
  #
7807
- # This parameter accepts (through its [regex pattern][1]) a string of
7808
- # characters that consist of upper and lowercase alphanumeric characters
7831
+ # This parameter allows (through its [regex pattern][1]) a string of
7832
+ # characters consisting of upper and lowercase alphanumeric characters
7809
7833
  # with no spaces. You can also include any of the following characters:
7810
- # =,.@-
7834
+ # \_+=,.@-
7811
7835
  #
7812
7836
  #
7813
7837
  #
@@ -7820,16 +7844,15 @@ module Aws::IAM
7820
7844
  # to indicate where the next call should start.
7821
7845
  #
7822
7846
  # @option params [Integer] :max_items
7823
- # (Optional) Use this only when paginating results to indicate the
7824
- # maximum number of items that you want in the response. If additional
7825
- # items exist beyond the maximum that you specify, the `IsTruncated`
7826
- # response element is `true`.
7847
+ # Use this only when paginating results to indicate the maximum number
7848
+ # of items you want in the response. If additional items exist beyond
7849
+ # the maximum you specify, the `IsTruncated` response element is `true`.
7827
7850
  #
7828
- # If you do not include this parameter, it defaults to 100. Note that
7829
- # IAM might return fewer results, even when more results are available.
7830
- # In that case, the `IsTruncated` response element returns `true`, and
7831
- # `Marker` contains a value to include in the subsequent call that tells
7832
- # the service where to continue from.
7851
+ # If you do not include this parameter, the number of items defaults to
7852
+ # 100. Note that IAM might return fewer results, even when there are
7853
+ # more results available. In that case, the `IsTruncated` response
7854
+ # element returns `true`, and `Marker` contains a value to include in
7855
+ # the subsequent call that tells the service where to continue from.
7833
7856
  #
7834
7857
  # @return [Types::ListPolicyTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7835
7858
  #
@@ -7878,7 +7901,7 @@ module Aws::IAM
7878
7901
  # the versions.
7879
7902
  #
7880
7903
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
7881
- # in the *AWS General Reference*.
7904
+ # in the *Amazon Web Services General Reference*.
7882
7905
  #
7883
7906
  #
7884
7907
  #
@@ -8040,16 +8063,15 @@ module Aws::IAM
8040
8063
  # to indicate where the next call should start.
8041
8064
  #
8042
8065
  # @option params [Integer] :max_items
8043
- # (Optional) Use this only when paginating results to indicate the
8044
- # maximum number of items that you want in the response. If additional
8045
- # items exist beyond the maximum that you specify, the `IsTruncated`
8046
- # response element is `true`.
8066
+ # Use this only when paginating results to indicate the maximum number
8067
+ # of items you want in the response. If additional items exist beyond
8068
+ # the maximum you specify, the `IsTruncated` response element is `true`.
8047
8069
  #
8048
- # If you do not include this parameter, it defaults to 100. Note that
8049
- # IAM might return fewer results, even when more results are available.
8050
- # In that case, the `IsTruncated` response element returns `true`, and
8051
- # `Marker` contains a value to include in the subsequent call that tells
8052
- # the service where to continue from.
8070
+ # If you do not include this parameter, the number of items defaults to
8071
+ # 100. Note that IAM might return fewer results, even when there are
8072
+ # more results available. In that case, the `IsTruncated` response
8073
+ # element returns `true`, and `Marker` contains a value to include in
8074
+ # the subsequent call that tells the service where to continue from.
8053
8075
  #
8054
8076
  # @return [Types::ListRoleTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8055
8077
  #
@@ -8221,10 +8243,10 @@ module Aws::IAM
8221
8243
  # The ARN of the Security Assertion Markup Language (SAML) identity
8222
8244
  # provider whose tags you want to see.
8223
8245
  #
8224
- # This parameter accepts (through its [regex pattern][1]) a string of
8225
- # characters that consist of upper and lowercase alphanumeric characters
8246
+ # This parameter allows (through its [regex pattern][1]) a string of
8247
+ # characters consisting of upper and lowercase alphanumeric characters
8226
8248
  # with no spaces. You can also include any of the following characters:
8227
- # =,.@-
8249
+ # \_+=,.@-
8228
8250
  #
8229
8251
  #
8230
8252
  #
@@ -8237,16 +8259,15 @@ module Aws::IAM
8237
8259
  # to indicate where the next call should start.
8238
8260
  #
8239
8261
  # @option params [Integer] :max_items
8240
- # (Optional) Use this only when paginating results to indicate the
8241
- # maximum number of items that you want in the response. If additional
8242
- # items exist beyond the maximum that you specify, the `IsTruncated`
8243
- # response element is `true`.
8262
+ # Use this only when paginating results to indicate the maximum number
8263
+ # of items you want in the response. If additional items exist beyond
8264
+ # the maximum you specify, the `IsTruncated` response element is `true`.
8244
8265
  #
8245
- # If you do not include this parameter, it defaults to 100. Note that
8246
- # IAM might return fewer results, even when more results are available.
8247
- # In that case, the `IsTruncated` response element returns `true`, and
8248
- # `Marker` contains a value to include in the subsequent call that tells
8249
- # the service where to continue from.
8266
+ # If you do not include this parameter, the number of items defaults to
8267
+ # 100. Note that IAM might return fewer results, even when there are
8268
+ # more results available. In that case, the `IsTruncated` response
8269
+ # element returns `true`, and `Marker` contains a value to include in
8270
+ # the subsequent call that tells the service where to continue from.
8250
8271
  #
8251
8272
  # @return [Types::ListSAMLProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8252
8273
  #
@@ -8317,10 +8338,10 @@ module Aws::IAM
8317
8338
  # list.
8318
8339
  #
8319
8340
  # The SSH public keys returned by this operation are used only for
8320
- # authenticating the IAM user to an AWS CodeCommit repository. For more
8321
- # information about using SSH keys to authenticate to an AWS CodeCommit
8322
- # repository, see [Set up AWS CodeCommit for SSH connections][1] in the
8323
- # *AWS CodeCommit User Guide*.
8341
+ # authenticating the IAM user to an CodeCommit repository. For more
8342
+ # information about using SSH keys to authenticate to an CodeCommit
8343
+ # repository, see [Set up CodeCommit for SSH connections][1] in the
8344
+ # *CodeCommit User Guide*.
8324
8345
  #
8325
8346
  # Although each user is limited to a small number of keys, you can still
8326
8347
  # paginate the results using the `MaxItems` and `Marker` parameters.
@@ -8332,7 +8353,7 @@ module Aws::IAM
8332
8353
  # @option params [String] :user_name
8333
8354
  # The name of the IAM user to list SSH public keys for. If none is
8334
8355
  # specified, the `UserName` field is determined implicitly based on the
8335
- # AWS access key used to sign the request.
8356
+ # Amazon Web Services access key used to sign the request.
8336
8357
  #
8337
8358
  # This parameter allows (through its [regex pattern][1]) a string of
8338
8359
  # characters consisting of upper and lowercase alphanumeric characters
@@ -8400,11 +8421,11 @@ module Aws::IAM
8400
8421
  # information about tagging, see [Tagging IAM resources][1] in the *IAM
8401
8422
  # User Guide*.
8402
8423
  #
8403
- # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
8404
- # (ACM), we recommend that you don't use IAM server certificates.
8405
- # Instead, use ACM to provision, manage, and deploy your server
8406
- # certificates. For more information about IAM server certificates,
8407
- # [Working with server certificates][2] in the *IAM User Guide*.
8424
+ # <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM),
8425
+ # we recommend that you don't use IAM server certificates. Instead, use
8426
+ # ACM to provision, manage, and deploy your server certificates. For
8427
+ # more information about IAM server certificates, [Working with server
8428
+ # certificates][2] in the *IAM User Guide*.
8408
8429
  #
8409
8430
  # </note>
8410
8431
  #
@@ -8416,10 +8437,10 @@ module Aws::IAM
8416
8437
  # @option params [required, String] :server_certificate_name
8417
8438
  # The name of the IAM server certificate whose tags you want to see.
8418
8439
  #
8419
- # This parameter accepts (through its [regex pattern][1]) a string of
8420
- # characters that consist of upper and lowercase alphanumeric characters
8440
+ # This parameter allows (through its [regex pattern][1]) a string of
8441
+ # characters consisting of upper and lowercase alphanumeric characters
8421
8442
  # with no spaces. You can also include any of the following characters:
8422
- # =,.@-
8443
+ # \_+=,.@-
8423
8444
  #
8424
8445
  #
8425
8446
  #
@@ -8432,16 +8453,15 @@ module Aws::IAM
8432
8453
  # to indicate where the next call should start.
8433
8454
  #
8434
8455
  # @option params [Integer] :max_items
8435
- # (Optional) Use this only when paginating results to indicate the
8436
- # maximum number of items that you want in the response. If additional
8437
- # items exist beyond the maximum that you specify, the `IsTruncated`
8438
- # response element is `true`.
8456
+ # Use this only when paginating results to indicate the maximum number
8457
+ # of items you want in the response. If additional items exist beyond
8458
+ # the maximum you specify, the `IsTruncated` response element is `true`.
8439
8459
  #
8440
- # If you do not include this parameter, it defaults to 100. Note that
8441
- # IAM might return fewer results, even when more results are available.
8442
- # In that case, the `IsTruncated` response element returns `true`, and
8443
- # `Marker` contains a value to include in the subsequent call that tells
8444
- # the service where to continue from.
8460
+ # If you do not include this parameter, the number of items defaults to
8461
+ # 100. Note that IAM might return fewer results, even when there are
8462
+ # more results available. In that case, the `IsTruncated` response
8463
+ # element returns `true`, and `Marker` contains a value to include in
8464
+ # the subsequent call that tells the service where to continue from.
8445
8465
  #
8446
8466
  # @return [Types::ListServerCertificateTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8447
8467
  #
@@ -8482,8 +8502,8 @@ module Aws::IAM
8482
8502
  #
8483
8503
  # For more information about working with server certificates, see
8484
8504
  # [Working with server certificates][1] in the *IAM User Guide*. This
8485
- # topic also includes a list of AWS services that can use the server
8486
- # certificates that you manage with IAM.
8505
+ # topic also includes a list of Amazon Web Services services that can
8506
+ # use the server certificates that you manage with IAM.
8487
8507
  #
8488
8508
  # <note markdown="1"> IAM resource-listing operations return a subset of the available
8489
8509
  # attributes for the resource. For example, this operation does not
@@ -8574,8 +8594,8 @@ module Aws::IAM
8574
8594
  # empty list. The service-specific credentials returned by this
8575
8595
  # operation are used only for authenticating the IAM user to a specific
8576
8596
  # service. For more information about using service-specific credentials
8577
- # to authenticate to an AWS service, see [Set up service-specific
8578
- # credentials][1] in the AWS CodeCommit User Guide.
8597
+ # to authenticate to an Amazon Web Services service, see [Set up
8598
+ # service-specific credentials][1] in the CodeCommit User Guide.
8579
8599
  #
8580
8600
  #
8581
8601
  #
@@ -8596,9 +8616,9 @@ module Aws::IAM
8596
8616
  # [1]: http://wikipedia.org/wiki/regex
8597
8617
  #
8598
8618
  # @option params [String] :service_name
8599
- # Filters the returned results to only those for the specified AWS
8600
- # service. If not specified, then AWS returns service-specific
8601
- # credentials for all services.
8619
+ # Filters the returned results to only those for the specified Amazon
8620
+ # Web Services service. If not specified, then Amazon Web Services
8621
+ # returns service-specific credentials for all services.
8602
8622
  #
8603
8623
  # @return [Types::ListServiceSpecificCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8604
8624
  #
@@ -8639,11 +8659,11 @@ module Aws::IAM
8639
8659
  # and `Marker` parameters.
8640
8660
  #
8641
8661
  # If the `UserName` field is not specified, the user name is determined
8642
- # implicitly based on the AWS access key ID used to sign the request for
8643
- # this operation. This operation works for access keys under the AWS
8644
- # account. Consequently, you can use this operation to manage AWS
8645
- # account root user credentials even if the AWS account has no
8646
- # associated users.
8662
+ # implicitly based on the Amazon Web Services access key ID used to sign
8663
+ # the request for this operation. This operation works for access keys
8664
+ # under the account. Consequently, you can use this operation to manage
8665
+ # account root user credentials even if the account has no associated
8666
+ # users.
8647
8667
  #
8648
8668
  # @option params [String] :user_name
8649
8669
  # The name of the IAM user whose signing certificates you want to
@@ -8821,10 +8841,10 @@ module Aws::IAM
8821
8841
  # @option params [required, String] :user_name
8822
8842
  # The name of the IAM user whose tags you want to see.
8823
8843
  #
8824
- # This parameter accepts (through its [regex pattern][1]) a string of
8825
- # characters that consist of upper and lowercase alphanumeric characters
8844
+ # This parameter allows (through its [regex pattern][1]) a string of
8845
+ # characters consisting of upper and lowercase alphanumeric characters
8826
8846
  # with no spaces. You can also include any of the following characters:
8827
- # =,.@-
8847
+ # \_+=,.@-
8828
8848
  #
8829
8849
  #
8830
8850
  #
@@ -8837,16 +8857,15 @@ module Aws::IAM
8837
8857
  # to indicate where the next call should start.
8838
8858
  #
8839
8859
  # @option params [Integer] :max_items
8840
- # (Optional) Use this only when paginating results to indicate the
8841
- # maximum number of items that you want in the response. If additional
8842
- # items exist beyond the maximum that you specify, the `IsTruncated`
8843
- # response element is `true`.
8860
+ # Use this only when paginating results to indicate the maximum number
8861
+ # of items you want in the response. If additional items exist beyond
8862
+ # the maximum you specify, the `IsTruncated` response element is `true`.
8844
8863
  #
8845
- # If you do not include this parameter, it defaults to 100. Note that
8846
- # IAM might return fewer results, even when more results are available.
8847
- # In that case, the `IsTruncated` response element returns `true`, and
8848
- # `Marker` contains a value to include in the subsequent call that tells
8849
- # the service where to continue from.
8864
+ # If you do not include this parameter, the number of items defaults to
8865
+ # 100. Note that IAM might return fewer results, even when there are
8866
+ # more results available. In that case, the `IsTruncated` response
8867
+ # element returns `true`, and `Marker` contains a value to include in
8868
+ # the subsequent call that tells the service where to continue from.
8850
8869
  #
8851
8870
  # @return [Types::ListUserTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8852
8871
  #
@@ -8906,8 +8925,8 @@ module Aws::IAM
8906
8925
  end
8907
8926
 
8908
8927
  # Lists the IAM users that have the specified path prefix. If no path
8909
- # prefix is specified, the operation returns all users in the AWS
8910
- # account. If there are none, the operation returns an empty list.
8928
+ # prefix is specified, the operation returns all users in the account.
8929
+ # If there are none, the operation returns an empty list.
8911
8930
  #
8912
8931
  # <note markdown="1"> IAM resource-listing operations return a subset of the available
8913
8932
  # attributes for the resource. For example, this operation does not
@@ -9025,7 +9044,7 @@ module Aws::IAM
9025
9044
  req.send_request(options)
9026
9045
  end
9027
9046
 
9028
- # Lists the virtual MFA devices defined in the AWS account by assignment
9047
+ # Lists the virtual MFA devices defined in the account by assignment
9029
9048
  # status. If you do not specify an assignment status, the operation
9030
9049
  # returns a list of all virtual MFA devices. Assignment status can be
9031
9050
  # `Assigned`, `Unassigned`, or `Any`.
@@ -9184,10 +9203,10 @@ module Aws::IAM
9184
9203
  # @option params [required, String] :policy_document
9185
9204
  # The policy document.
9186
9205
  #
9187
- # You must provide policies in JSON format in IAM. However, for AWS
9206
+ # You must provide policies in JSON format in IAM. However, for
9188
9207
  # CloudFormation templates formatted in YAML, you can provide the policy
9189
- # in JSON or YAML format. AWS CloudFormation always converts a YAML
9190
- # policy to JSON format before submitting it to IAM.
9208
+ # in JSON or YAML format. CloudFormation always converts a YAML policy
9209
+ # to JSON format before submitting it to = IAM.
9191
9210
  #
9192
9211
  # The [regex pattern][1] used to validate this parameter is a string of
9193
9212
  # characters consisting of the following:
@@ -9236,11 +9255,11 @@ module Aws::IAM
9236
9255
  end
9237
9256
 
9238
9257
  # Adds or updates the policy that is specified as the IAM role's
9239
- # permissions boundary. You can use an AWS managed policy or a customer
9240
- # managed policy to set the boundary for a role. Use the boundary to
9241
- # control the maximum permissions that the role can have. Setting a
9242
- # permissions boundary is an advanced feature that can affect the
9243
- # permissions for the role.
9258
+ # permissions boundary. You can use an Amazon Web Services managed
9259
+ # policy or a customer managed policy to set the boundary for a role.
9260
+ # Use the boundary to control the maximum permissions that the role can
9261
+ # have. Setting a permissions boundary is an advanced feature that can
9262
+ # affect the permissions for the role.
9244
9263
  #
9245
9264
  # You cannot set the boundary for a service-linked role.
9246
9265
  #
@@ -9339,10 +9358,10 @@ module Aws::IAM
9339
9358
  # @option params [required, String] :policy_document
9340
9359
  # The policy document.
9341
9360
  #
9342
- # You must provide policies in JSON format in IAM. However, for AWS
9361
+ # You must provide policies in JSON format in IAM. However, for
9343
9362
  # CloudFormation templates formatted in YAML, you can provide the policy
9344
- # in JSON or YAML format. AWS CloudFormation always converts a YAML
9345
- # policy to JSON format before submitting it to IAM.
9363
+ # in JSON or YAML format. CloudFormation always converts a YAML policy
9364
+ # to JSON format before submitting it to IAM.
9346
9365
  #
9347
9366
  # The [regex pattern][1] used to validate this parameter is a string of
9348
9367
  # characters consisting of the following:
@@ -9391,11 +9410,11 @@ module Aws::IAM
9391
9410
  end
9392
9411
 
9393
9412
  # Adds or updates the policy that is specified as the IAM user's
9394
- # permissions boundary. You can use an AWS managed policy or a customer
9395
- # managed policy to set the boundary for a user. Use the boundary to
9396
- # control the maximum permissions that the user can have. Setting a
9397
- # permissions boundary is an advanced feature that can affect the
9398
- # permissions for the user.
9413
+ # permissions boundary. You can use an Amazon Web Services managed
9414
+ # policy or a customer managed policy to set the boundary for a user.
9415
+ # Use the boundary to control the maximum permissions that the user can
9416
+ # have. Setting a permissions boundary is an advanced feature that can
9417
+ # affect the permissions for the user.
9399
9418
  #
9400
9419
  # Policies that are used as permissions boundaries do not provide
9401
9420
  # permissions. You must also attach a permissions policy to the user. To
@@ -9484,10 +9503,10 @@ module Aws::IAM
9484
9503
  # @option params [required, String] :policy_document
9485
9504
  # The policy document.
9486
9505
  #
9487
- # You must provide policies in JSON format in IAM. However, for AWS
9506
+ # You must provide policies in JSON format in IAM. However, for
9488
9507
  # CloudFormation templates formatted in YAML, you can provide the policy
9489
- # in JSON or YAML format. AWS CloudFormation always converts a YAML
9490
- # policy to JSON format before submitting it to IAM.
9508
+ # in JSON or YAML format. CloudFormation always converts a YAML policy
9509
+ # to JSON format before submitting it to IAM.
9491
9510
  #
9492
9511
  # The [regex pattern][1] used to validate this parameter is a string of
9493
9512
  # characters consisting of the following:
@@ -9548,7 +9567,7 @@ module Aws::IAM
9548
9567
  # using the ListOpenIDConnectProviders operation.
9549
9568
  #
9550
9569
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
9551
- # in the *AWS General Reference*.
9570
+ # in the *Amazon Web Services General Reference*.
9552
9571
  #
9553
9572
  #
9554
9573
  #
@@ -9701,9 +9720,10 @@ module Aws::IAM
9701
9720
  end
9702
9721
 
9703
9722
  # Resets the password for a service-specific credential. The new
9704
- # password is AWS generated and cryptographically strong. It cannot be
9705
- # configured by the user. Resetting the password immediately invalidates
9706
- # the previous password associated with this user.
9723
+ # password is Amazon Web Services generated and cryptographically
9724
+ # strong. It cannot be configured by the user. Resetting the password
9725
+ # immediately invalidates the previous password associated with this
9726
+ # user.
9707
9727
  #
9708
9728
  # @option params [String] :user_name
9709
9729
  # The name of the IAM user associated with the service-specific
@@ -9761,7 +9781,7 @@ module Aws::IAM
9761
9781
  end
9762
9782
 
9763
9783
  # Synchronizes the specified MFA device with its IAM resource object on
9764
- # the AWS servers.
9784
+ # the Amazon Web Services servers.
9765
9785
  #
9766
9786
  # For more information about creating and working with virtual MFA
9767
9787
  # devices, see [Using a virtual MFA device][1] in the *IAM User Guide*.
@@ -9843,7 +9863,7 @@ module Aws::IAM
9843
9863
  # you want to set.
9844
9864
  #
9845
9865
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
9846
- # in the *AWS General Reference*.
9866
+ # in the *Amazon Web Services General Reference*.
9847
9867
  #
9848
9868
  #
9849
9869
  #
@@ -9878,25 +9898,25 @@ module Aws::IAM
9878
9898
  end
9879
9899
 
9880
9900
  # Sets the specified version of the global endpoint token as the token
9881
- # version used for the AWS account.
9901
+ # version used for the account.
9882
9902
  #
9883
- # By default, AWS Security Token Service (STS) is available as a global
9903
+ # By default, Security Token Service (STS) is available as a global
9884
9904
  # service, and all STS requests go to a single endpoint at
9885
- # `https://sts.amazonaws.com`. AWS recommends using Regional STS
9886
- # endpoints to reduce latency, build in redundancy, and increase session
9887
- # token availability. For information about Regional endpoints for STS,
9888
- # see [AWS AWS Security Token Service endpoints and quotas][1] in the
9889
- # *AWS General Reference*.
9905
+ # `https://sts.amazonaws.com`. Amazon Web Services recommends using
9906
+ # Regional STS endpoints to reduce latency, build in redundancy, and
9907
+ # increase session token availability. For information about Regional
9908
+ # endpoints for STS, see [Security Token Service endpoints and
9909
+ # quotas][1] in the *Amazon Web Services General Reference*.
9890
9910
  #
9891
9911
  # If you make an STS call to the global endpoint, the resulting session
9892
9912
  # tokens might be valid in some Regions but not others. It depends on
9893
9913
  # the version that is set in this operation. Version 1 tokens are valid
9894
- # only in AWS Regions that are available by default. These tokens do not
9914
+ # only in Regions that are available by default. These tokens do not
9895
9915
  # work in manually enabled Regions, such as Asia Pacific (Hong Kong).
9896
9916
  # Version 2 tokens are valid in all Regions. However, version 2 tokens
9897
9917
  # are longer and might affect systems where you temporarily store
9898
9918
  # tokens. For information, see [Activating and deactivating STS in an
9899
- # AWS region][2] in the *IAM User Guide*.
9919
+ # Region][2] in the *IAM User Guide*.
9900
9920
  #
9901
9921
  # To view the current session token version, see the
9902
9922
  # `GlobalEndpointTokenVersion` entry in the response of the
@@ -9909,14 +9929,14 @@ module Aws::IAM
9909
9929
  #
9910
9930
  # @option params [required, String] :global_endpoint_token_version
9911
9931
  # The version of the global endpoint token. Version 1 tokens are valid
9912
- # only in AWS Regions that are available by default. These tokens do not
9932
+ # only in Regions that are available by default. These tokens do not
9913
9933
  # work in manually enabled Regions, such as Asia Pacific (Hong Kong).
9914
9934
  # Version 2 tokens are valid in all Regions. However, version 2 tokens
9915
9935
  # are longer and might affect systems where you temporarily store
9916
9936
  # tokens.
9917
9937
  #
9918
- # For information, see [Activating and deactivating STS in an AWS
9919
- # region][1] in the *IAM User Guide*.
9938
+ # For information, see [Activating and deactivating STS in an Region][1]
9939
+ # in the *IAM User Guide*.
9920
9940
  #
9921
9941
  #
9922
9942
  #
@@ -9949,9 +9969,9 @@ module Aws::IAM
9949
9969
  end
9950
9970
 
9951
9971
  # Simulate how a set of IAM policies and optionally a resource-based
9952
- # policy works with a list of API operations and AWS resources to
9953
- # determine the policies' effective permissions. The policies are
9954
- # provided as strings.
9972
+ # policy works with a list of API operations and Amazon Web Services
9973
+ # resources to determine the policies' effective permissions. The
9974
+ # policies are provided as strings.
9955
9975
  #
9956
9976
  # The simulation does not perform the API operations; it only checks the
9957
9977
  # authorization to determine if the simulated policies allow or deny the
@@ -9961,11 +9981,12 @@ module Aws::IAM
9961
9981
  # If you want to simulate existing policies that are attached to an IAM
9962
9982
  # user, group, or role, use SimulatePrincipalPolicy instead.
9963
9983
  #
9964
- # Context keys are variables that are maintained by AWS and its services
9965
- # and which provide details about the context of an API query request.
9966
- # You can use the `Condition` element of an IAM policy to evaluate
9967
- # context keys. To get the list of context keys that the policies
9968
- # require for correct simulation, use GetContextKeysForCustomPolicy.
9984
+ # Context keys are variables that are maintained by Amazon Web Services
9985
+ # and its services and which provide details about the context of an API
9986
+ # query request. You can use the `Condition` element of an IAM policy to
9987
+ # evaluate context keys. To get the list of context keys that the
9988
+ # policies require for correct simulation, use
9989
+ # GetContextKeysForCustomPolicy.
9969
9990
  #
9970
9991
  # If the output is long, you can use `MaxItems` and `Marker` parameters
9971
9992
  # to paginate the results.
@@ -9989,7 +10010,12 @@ module Aws::IAM
9989
10010
  # In other words, do not use policies designed to restrict what a user
9990
10011
  # can do while using the temporary credentials.
9991
10012
  #
9992
- # The [regex pattern][3] used to validate this parameter is a string of
10013
+ # The maximum length of the policy document that you can pass in this
10014
+ # operation, including whitespace, is listed below. To view the maximum
10015
+ # character counts of a managed policy with no whitespaces, see [IAM and
10016
+ # STS character quotas][3].
10017
+ #
10018
+ # The [regex pattern][4] used to validate this parameter is a string of
9993
10019
  # characters consisting of the following:
9994
10020
  #
9995
10021
  # * Any printable ASCII character ranging from the space character
@@ -10005,7 +10031,8 @@ module Aws::IAM
10005
10031
  #
10006
10032
  # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html
10007
10033
  # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html
10008
- # [3]: http://wikipedia.org/wiki/regex
10034
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
10035
+ # [4]: http://wikipedia.org/wiki/regex
10009
10036
  #
10010
10037
  # @option params [Array<String>] :permissions_boundary_policy_input_list
10011
10038
  # The IAM permissions boundary policy to simulate. The permissions
@@ -10016,7 +10043,12 @@ module Aws::IAM
10016
10043
  # The policy input is specified as a string that contains the complete,
10017
10044
  # valid JSON text of a permissions boundary policy.
10018
10045
  #
10019
- # The [regex pattern][2] used to validate this parameter is a string of
10046
+ # The maximum length of the policy document that you can pass in this
10047
+ # operation, including whitespace, is listed below. To view the maximum
10048
+ # character counts of a managed policy with no whitespaces, see [IAM and
10049
+ # STS character quotas][2].
10050
+ #
10051
+ # The [regex pattern][3] used to validate this parameter is a string of
10020
10052
  # characters consisting of the following:
10021
10053
  #
10022
10054
  # * Any printable ASCII character ranging from the space character
@@ -10031,7 +10063,8 @@ module Aws::IAM
10031
10063
  #
10032
10064
  #
10033
10065
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
10034
- # [2]: http://wikipedia.org/wiki/regex
10066
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
10067
+ # [3]: http://wikipedia.org/wiki/regex
10035
10068
  #
10036
10069
  # @option params [required, Array<String>] :action_names
10037
10070
  # A list of names of API operations to evaluate in the simulation. Each
@@ -10040,13 +10073,13 @@ module Aws::IAM
10040
10073
  # operation does not support using wildcards (*) in an action name.
10041
10074
  #
10042
10075
  # @option params [Array<String>] :resource_arns
10043
- # A list of ARNs of AWS resources to include in the simulation. If this
10044
- # parameter is not provided, then the value defaults to `*` (all
10045
- # resources). Each API in the `ActionNames` parameter is evaluated for
10046
- # each resource in this list. The simulation determines the access
10047
- # result (allowed or denied) of each combination and reports it in the
10048
- # response. You can simulate resources that don't exist in your
10049
- # account.
10076
+ # A list of ARNs of Amazon Web Services resources to include in the
10077
+ # simulation. If this parameter is not provided, then the value defaults
10078
+ # to `*` (all resources). Each API in the `ActionNames` parameter is
10079
+ # evaluated for each resource in this list. The simulation determines
10080
+ # the access result (allowed or denied) of each combination and reports
10081
+ # it in the response. You can simulate resources that don't exist in
10082
+ # your account.
10050
10083
  #
10051
10084
  # The simulation does not automatically retrieve policies for the
10052
10085
  # specified resources. If you want to include a resource policy in the
@@ -10058,7 +10091,7 @@ module Aws::IAM
10058
10091
  # input error.
10059
10092
  #
10060
10093
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10061
- # in the *AWS General Reference*.
10094
+ # in the *Amazon Web Services General Reference*.
10062
10095
  #
10063
10096
  #
10064
10097
  #
@@ -10070,7 +10103,12 @@ module Aws::IAM
10070
10103
  # policy attached. You can include only one resource-based policy in a
10071
10104
  # simulation.
10072
10105
  #
10073
- # The [regex pattern][1] used to validate this parameter is a string of
10106
+ # The maximum length of the policy document that you can pass in this
10107
+ # operation, including whitespace, is listed below. To view the maximum
10108
+ # character counts of a managed policy with no whitespaces, see [IAM and
10109
+ # STS character quotas][1].
10110
+ #
10111
+ # The [regex pattern][2] used to validate this parameter is a string of
10074
10112
  # characters consisting of the following:
10075
10113
  #
10076
10114
  # * Any printable ASCII character ranging from the space character
@@ -10084,10 +10122,11 @@ module Aws::IAM
10084
10122
  #
10085
10123
  #
10086
10124
  #
10087
- # [1]: http://wikipedia.org/wiki/regex
10125
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
10126
+ # [2]: http://wikipedia.org/wiki/regex
10088
10127
  #
10089
10128
  # @option params [String] :resource_owner
10090
- # An ARN representing the AWS account ID that specifies the owner of any
10129
+ # An ARN representing the account ID that specifies the owner of any
10091
10130
  # simulated resource that does not identify its owner in the resource
10092
10131
  # ARN. Examples of resource ARNs include an S3 bucket or object. If
10093
10132
  # `ResourceOwner` is specified, it is also used as the account owner of
@@ -10258,11 +10297,11 @@ module Aws::IAM
10258
10297
  end
10259
10298
 
10260
10299
  # Simulate how a set of IAM policies attached to an IAM entity works
10261
- # with a list of API operations and AWS resources to determine the
10262
- # policies' effective permissions. The entity can be an IAM user,
10263
- # group, or role. If you specify a user, then the simulation also
10264
- # includes all of the policies that are attached to groups that the user
10265
- # belongs to. You can simulate resources that don't exist in your
10300
+ # with a list of API operations and Amazon Web Services resources to
10301
+ # determine the policies' effective permissions. The entity can be an
10302
+ # IAM user, group, or role. If you specify a user, then the simulation
10303
+ # also includes all of the policies that are attached to groups that the
10304
+ # user belongs to. You can simulate resources that don't exist in your
10266
10305
  # account.
10267
10306
  #
10268
10307
  # You can optionally include a list of one or more additional policies
@@ -10282,11 +10321,12 @@ module Aws::IAM
10282
10321
  # permissions, then consider allowing them to use SimulateCustomPolicy
10283
10322
  # instead.
10284
10323
  #
10285
- # Context keys are variables maintained by AWS and its services that
10286
- # provide details about the context of an API query request. You can use
10287
- # the `Condition` element of an IAM policy to evaluate context keys. To
10288
- # get the list of context keys that the policies require for correct
10289
- # simulation, use GetContextKeysForPrincipalPolicy.
10324
+ # Context keys are variables maintained by Amazon Web Services and its
10325
+ # services that provide details about the context of an API query
10326
+ # request. You can use the `Condition` element of an IAM policy to
10327
+ # evaluate context keys. To get the list of context keys that the
10328
+ # policies require for correct simulation, use
10329
+ # GetContextKeysForPrincipalPolicy.
10290
10330
  #
10291
10331
  # If the output is long, you can use the `MaxItems` and `Marker`
10292
10332
  # parameters to paginate the results.
@@ -10307,12 +10347,18 @@ module Aws::IAM
10307
10347
  # also includes all policies that are attached to any groups the user
10308
10348
  # belongs to.
10309
10349
  #
10310
- # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10311
- # in the *AWS General Reference*.
10350
+ # The maximum length of the policy document that you can pass in this
10351
+ # operation, including whitespace, is listed below. To view the maximum
10352
+ # character counts of a managed policy with no whitespaces, see [IAM and
10353
+ # STS character quotas][1].
10312
10354
  #
10355
+ # For more information about ARNs, see [Amazon Resource Names (ARNs)][2]
10356
+ # in the *Amazon Web Services General Reference*.
10313
10357
  #
10314
10358
  #
10315
- # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
10359
+ #
10360
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
10361
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
10316
10362
  #
10317
10363
  # @option params [Array<String>] :policy_input_list
10318
10364
  # An optional list of additional policy documents to include in the
@@ -10348,7 +10394,12 @@ module Aws::IAM
10348
10394
  # Guide*. The policy input is specified as a string containing the
10349
10395
  # complete, valid JSON text of a permissions boundary policy.
10350
10396
  #
10351
- # The [regex pattern][2] used to validate this parameter is a string of
10397
+ # The maximum length of the policy document that you can pass in this
10398
+ # operation, including whitespace, is listed below. To view the maximum
10399
+ # character counts of a managed policy with no whitespaces, see [IAM and
10400
+ # STS character quotas][2].
10401
+ #
10402
+ # The [regex pattern][3] used to validate this parameter is a string of
10352
10403
  # characters consisting of the following:
10353
10404
  #
10354
10405
  # * Any printable ASCII character ranging from the space character
@@ -10363,7 +10414,8 @@ module Aws::IAM
10363
10414
  #
10364
10415
  #
10365
10416
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
10366
- # [2]: http://wikipedia.org/wiki/regex
10417
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
10418
+ # [3]: http://wikipedia.org/wiki/regex
10367
10419
  #
10368
10420
  # @option params [required, Array<String>] :action_names
10369
10421
  # A list of names of API operations to evaluate in the simulation. Each
@@ -10371,13 +10423,13 @@ module Aws::IAM
10371
10423
  # the service identifier, such as `iam:CreateUser`.
10372
10424
  #
10373
10425
  # @option params [Array<String>] :resource_arns
10374
- # A list of ARNs of AWS resources to include in the simulation. If this
10375
- # parameter is not provided, then the value defaults to `*` (all
10376
- # resources). Each API in the `ActionNames` parameter is evaluated for
10377
- # each resource in this list. The simulation determines the access
10378
- # result (allowed or denied) of each combination and reports it in the
10379
- # response. You can simulate resources that don't exist in your
10380
- # account.
10426
+ # A list of ARNs of Amazon Web Services resources to include in the
10427
+ # simulation. If this parameter is not provided, then the value defaults
10428
+ # to `*` (all resources). Each API in the `ActionNames` parameter is
10429
+ # evaluated for each resource in this list. The simulation determines
10430
+ # the access result (allowed or denied) of each combination and reports
10431
+ # it in the response. You can simulate resources that don't exist in
10432
+ # your account.
10381
10433
  #
10382
10434
  # The simulation does not automatically retrieve policies for the
10383
10435
  # specified resources. If you want to include a resource policy in the
@@ -10385,7 +10437,7 @@ module Aws::IAM
10385
10437
  # `ResourcePolicy` parameter.
10386
10438
  #
10387
10439
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10388
- # in the *AWS General Reference*.
10440
+ # in the *Amazon Web Services General Reference*.
10389
10441
  #
10390
10442
  #
10391
10443
  #
@@ -10397,7 +10449,12 @@ module Aws::IAM
10397
10449
  # policy attached. You can include only one resource-based policy in a
10398
10450
  # simulation.
10399
10451
  #
10400
- # The [regex pattern][1] used to validate this parameter is a string of
10452
+ # The maximum length of the policy document that you can pass in this
10453
+ # operation, including whitespace, is listed below. To view the maximum
10454
+ # character counts of a managed policy with no whitespaces, see [IAM and
10455
+ # STS character quotas][1].
10456
+ #
10457
+ # The [regex pattern][2] used to validate this parameter is a string of
10401
10458
  # characters consisting of the following:
10402
10459
  #
10403
10460
  # * Any printable ASCII character ranging from the space character
@@ -10411,19 +10468,20 @@ module Aws::IAM
10411
10468
  #
10412
10469
  #
10413
10470
  #
10414
- # [1]: http://wikipedia.org/wiki/regex
10471
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
10472
+ # [2]: http://wikipedia.org/wiki/regex
10415
10473
  #
10416
10474
  # @option params [String] :resource_owner
10417
- # An AWS account ID that specifies the owner of any simulated resource
10418
- # that does not identify its owner in the resource ARN. Examples of
10419
- # resource ARNs include an S3 bucket or object. If `ResourceOwner` is
10420
- # specified, it is also used as the account owner of any
10421
- # `ResourcePolicy` included in the simulation. If the `ResourceOwner`
10422
- # parameter is not specified, then the owner of the resources and the
10423
- # resource policy defaults to the account of the identity provided in
10424
- # `CallerArn`. This parameter is required only if you specify a
10425
- # resource-based policy and account that owns the resource is different
10426
- # from the account that owns the simulated calling user `CallerArn`.
10475
+ # An account ID that specifies the owner of any simulated resource that
10476
+ # does not identify its owner in the resource ARN. Examples of resource
10477
+ # ARNs include an S3 bucket or object. If `ResourceOwner` is specified,
10478
+ # it is also used as the account owner of any `ResourcePolicy` included
10479
+ # in the simulation. If the `ResourceOwner` parameter is not specified,
10480
+ # then the owner of the resources and the resource policy defaults to
10481
+ # the account of the identity provided in `CallerArn`. This parameter is
10482
+ # required only if you specify a resource-based policy and account that
10483
+ # owns the resource is different from the account that owns the
10484
+ # simulated calling user `CallerArn`.
10427
10485
  #
10428
10486
  # @option params [String] :caller_arn
10429
10487
  # The ARN of the IAM user that you want to specify as the simulated
@@ -10444,7 +10502,7 @@ module Aws::IAM
10444
10502
  # use in evaluating the policy.
10445
10503
  #
10446
10504
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
10447
- # in the *AWS General Reference*.
10505
+ # in the *Amazon Web Services General Reference*.
10448
10506
  #
10449
10507
  #
10450
10508
  #
@@ -10619,9 +10677,10 @@ module Aws::IAM
10619
10677
  # resource is not created. For more information about tagging, see
10620
10678
  # [Tagging IAM resources][2] in the *IAM User Guide*.
10621
10679
  #
10622
- # * AWS always interprets the tag `Value` as a single string. If you
10623
- # need to store an array, you can store comma-separated values in the
10624
- # string. However, you must interpret the value in your code.
10680
+ # * Amazon Web Services always interprets the tag `Value` as a single
10681
+ # string. If you need to store an array, you can store comma-separated
10682
+ # values in the string. However, you must interpret the value in your
10683
+ # code.
10625
10684
  #
10626
10685
  # </note>
10627
10686
  #
@@ -10633,10 +10692,10 @@ module Aws::IAM
10633
10692
  # @option params [required, String] :instance_profile_name
10634
10693
  # The name of the IAM instance profile to which you want to add tags.
10635
10694
  #
10636
- # This parameter accepts (through its [regex pattern][1]) a string of
10637
- # characters that consist of upper and lowercase alphanumeric characters
10695
+ # This parameter allows (through its [regex pattern][1]) a string of
10696
+ # characters consisting of upper and lowercase alphanumeric characters
10638
10697
  # with no spaces. You can also include any of the following characters:
10639
- # =,.@-
10698
+ # \_+=,.@-
10640
10699
  #
10641
10700
  #
10642
10701
  #
@@ -10693,9 +10752,10 @@ module Aws::IAM
10693
10752
  # resource is not created. For more information about tagging, see
10694
10753
  # [Tagging IAM resources][2] in the *IAM User Guide*.
10695
10754
  #
10696
- # * AWS always interprets the tag `Value` as a single string. If you
10697
- # need to store an array, you can store comma-separated values in the
10698
- # string. However, you must interpret the value in your code.
10755
+ # * Amazon Web Services always interprets the tag `Value` as a single
10756
+ # string. If you need to store an array, you can store comma-separated
10757
+ # values in the string. However, you must interpret the value in your
10758
+ # code.
10699
10759
  #
10700
10760
  # </note>
10701
10761
  #
@@ -10709,10 +10769,10 @@ module Aws::IAM
10709
10769
  # to add tags. For virtual MFA devices, the serial number is the same as
10710
10770
  # the ARN.
10711
10771
  #
10712
- # This parameter accepts (through its [regex pattern][1]) a string of
10713
- # characters that consist of upper and lowercase alphanumeric characters
10772
+ # This parameter allows (through its [regex pattern][1]) a string of
10773
+ # characters consisting of upper and lowercase alphanumeric characters
10714
10774
  # with no spaces. You can also include any of the following characters:
10715
- # =,.@-
10775
+ # \_+=,.@-
10716
10776
  #
10717
10777
  #
10718
10778
  #
@@ -10770,9 +10830,10 @@ module Aws::IAM
10770
10830
  # resource is not created. For more information about tagging, see
10771
10831
  # [Tagging IAM resources][3] in the *IAM User Guide*.
10772
10832
  #
10773
- # * AWS always interprets the tag `Value` as a single string. If you
10774
- # need to store an array, you can store comma-separated values in the
10775
- # string. However, you must interpret the value in your code.
10833
+ # * Amazon Web Services always interprets the tag `Value` as a single
10834
+ # string. If you need to store an array, you can store comma-separated
10835
+ # values in the string. However, you must interpret the value in your
10836
+ # code.
10776
10837
  #
10777
10838
  # </note>
10778
10839
  #
@@ -10786,10 +10847,10 @@ module Aws::IAM
10786
10847
  # The ARN of the OIDC identity provider in IAM to which you want to add
10787
10848
  # tags.
10788
10849
  #
10789
- # This parameter accepts (through its [regex pattern][1]) a string of
10790
- # characters that consist of upper and lowercase alphanumeric characters
10850
+ # This parameter allows (through its [regex pattern][1]) a string of
10851
+ # characters consisting of upper and lowercase alphanumeric characters
10791
10852
  # with no spaces. You can also include any of the following characters:
10792
- # =,.@-
10853
+ # \_+=,.@-
10793
10854
  #
10794
10855
  #
10795
10856
  #
@@ -10847,9 +10908,10 @@ module Aws::IAM
10847
10908
  # resource is not created. For more information about tagging, see
10848
10909
  # [Tagging IAM resources][2] in the *IAM User Guide*.
10849
10910
  #
10850
- # * AWS always interprets the tag `Value` as a single string. If you
10851
- # need to store an array, you can store comma-separated values in the
10852
- # string. However, you must interpret the value in your code.
10911
+ # * Amazon Web Services always interprets the tag `Value` as a single
10912
+ # string. If you need to store an array, you can store comma-separated
10913
+ # values in the string. However, you must interpret the value in your
10914
+ # code.
10853
10915
  #
10854
10916
  # </note>
10855
10917
  #
@@ -10862,10 +10924,10 @@ module Aws::IAM
10862
10924
  # The ARN of the IAM customer managed policy to which you want to add
10863
10925
  # tags.
10864
10926
  #
10865
- # This parameter accepts (through its [regex pattern][1]) a string of
10866
- # characters that consist of upper and lowercase alphanumeric characters
10927
+ # This parameter allows (through its [regex pattern][1]) a string of
10928
+ # characters consisting of upper and lowercase alphanumeric characters
10867
10929
  # with no spaces. You can also include any of the following characters:
10868
- # =,.@-
10930
+ # \_+=,.@-
10869
10931
  #
10870
10932
  #
10871
10933
  #
@@ -10919,16 +10981,17 @@ module Aws::IAM
10919
10981
  # see [Control access using IAM tags][1] in the *IAM User Guide*.
10920
10982
  #
10921
10983
  # * **Cost allocation** - Use tags to help track which individuals and
10922
- # teams are using which AWS resources.
10984
+ # teams are using which Amazon Web Services resources.
10923
10985
  #
10924
10986
  # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
10925
10987
  # maximum number of tags, then the entire request fails and the
10926
10988
  # resource is not created. For more information about tagging, see
10927
10989
  # [Tagging IAM resources][2] in the *IAM User Guide*.
10928
10990
  #
10929
- # * AWS always interprets the tag `Value` as a single string. If you
10930
- # need to store an array, you can store comma-separated values in the
10931
- # string. However, you must interpret the value in your code.
10991
+ # * Amazon Web Services always interprets the tag `Value` as a single
10992
+ # string. If you need to store an array, you can store comma-separated
10993
+ # values in the string. However, you must interpret the value in your
10994
+ # code.
10932
10995
  #
10933
10996
  # </note>
10934
10997
  #
@@ -11023,9 +11086,10 @@ module Aws::IAM
11023
11086
  # resource is not created. For more information about tagging, see
11024
11087
  # [Tagging IAM resources][3] in the *IAM User Guide*.
11025
11088
  #
11026
- # * AWS always interprets the tag `Value` as a single string. If you
11027
- # need to store an array, you can store comma-separated values in the
11028
- # string. However, you must interpret the value in your code.
11089
+ # * Amazon Web Services always interprets the tag `Value` as a single
11090
+ # string. If you need to store an array, you can store comma-separated
11091
+ # values in the string. However, you must interpret the value in your
11092
+ # code.
11029
11093
  #
11030
11094
  # </note>
11031
11095
  #
@@ -11039,10 +11103,10 @@ module Aws::IAM
11039
11103
  # The ARN of the SAML identity provider in IAM to which you want to add
11040
11104
  # tags.
11041
11105
  #
11042
- # This parameter accepts (through its [regex pattern][1]) a string of
11043
- # characters that consist of upper and lowercase alphanumeric characters
11106
+ # This parameter allows (through its [regex pattern][1]) a string of
11107
+ # characters consisting of upper and lowercase alphanumeric characters
11044
11108
  # with no spaces. You can also include any of the following characters:
11045
- # =,.@-
11109
+ # \_+=,.@-
11046
11110
  #
11047
11111
  #
11048
11112
  #
@@ -11079,11 +11143,11 @@ module Aws::IAM
11079
11143
  # same key name already exists, then that tag is overwritten with the
11080
11144
  # new value.
11081
11145
  #
11082
- # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
11083
- # (ACM), we recommend that you don't use IAM server certificates.
11084
- # Instead, use ACM to provision, manage, and deploy your server
11085
- # certificates. For more information about IAM server certificates,
11086
- # [Working with server certificates][1] in the *IAM User Guide*.
11146
+ # <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM),
11147
+ # we recommend that you don't use IAM server certificates. Instead, use
11148
+ # ACM to provision, manage, and deploy your server certificates. For
11149
+ # more information about IAM server certificates, [Working with server
11150
+ # certificates][1] in the *IAM User Guide*.
11087
11151
  #
11088
11152
  # </note>
11089
11153
  #
@@ -11103,16 +11167,17 @@ module Aws::IAM
11103
11167
  # [Control access using IAM tags][2] in the *IAM User Guide*.
11104
11168
  #
11105
11169
  # * **Cost allocation** - Use tags to help track which individuals and
11106
- # teams are using which AWS resources.
11170
+ # teams are using which Amazon Web Services resources.
11107
11171
  #
11108
11172
  # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
11109
11173
  # maximum number of tags, then the entire request fails and the
11110
11174
  # resource is not created. For more information about tagging, see
11111
11175
  # [Tagging IAM resources][3] in the *IAM User Guide*.
11112
11176
  #
11113
- # * AWS always interprets the tag `Value` as a single string. If you
11114
- # need to store an array, you can store comma-separated values in the
11115
- # string. However, you must interpret the value in your code.
11177
+ # * Amazon Web Services always interprets the tag `Value` as a single
11178
+ # string. If you need to store an array, you can store comma-separated
11179
+ # values in the string. However, you must interpret the value in your
11180
+ # code.
11116
11181
  #
11117
11182
  # </note>
11118
11183
  #
@@ -11125,10 +11190,10 @@ module Aws::IAM
11125
11190
  # @option params [required, String] :server_certificate_name
11126
11191
  # The name of the IAM server certificate to which you want to add tags.
11127
11192
  #
11128
- # This parameter accepts (through its [regex pattern][1]) a string of
11129
- # characters that consist of upper and lowercase alphanumeric characters
11193
+ # This parameter allows (through its [regex pattern][1]) a string of
11194
+ # characters consisting of upper and lowercase alphanumeric characters
11130
11195
  # with no spaces. You can also include any of the following characters:
11131
- # =,.@-
11196
+ # \_+=,.@-
11132
11197
  #
11133
11198
  #
11134
11199
  #
@@ -11182,16 +11247,17 @@ module Aws::IAM
11182
11247
  # User Guide*.
11183
11248
  #
11184
11249
  # * **Cost allocation** - Use tags to help track which individuals and
11185
- # teams are using which AWS resources.
11250
+ # teams are using which Amazon Web Services resources.
11186
11251
  #
11187
11252
  # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
11188
11253
  # maximum number of tags, then the entire request fails and the
11189
11254
  # resource is not created. For more information about tagging, see
11190
11255
  # [Tagging IAM resources][2] in the *IAM User Guide*.
11191
11256
  #
11192
- # * AWS always interprets the tag `Value` as a single string. If you
11193
- # need to store an array, you can store comma-separated values in the
11194
- # string. However, you must interpret the value in your code.
11257
+ # * Amazon Web Services always interprets the tag `Value` as a single
11258
+ # string. If you need to store an array, you can store comma-separated
11259
+ # values in the string. However, you must interpret the value in your
11260
+ # code.
11195
11261
  #
11196
11262
  # </note>
11197
11263
  #
@@ -11206,10 +11272,10 @@ module Aws::IAM
11206
11272
  # @option params [required, String] :user_name
11207
11273
  # The name of the IAM user to which you want to add tags.
11208
11274
  #
11209
- # This parameter accepts (through its [regex pattern][1]) a string of
11210
- # characters that consist of upper and lowercase alphanumeric characters
11275
+ # This parameter allows (through its [regex pattern][1]) a string of
11276
+ # characters consisting of upper and lowercase alphanumeric characters
11211
11277
  # with no spaces. You can also include any of the following characters:
11212
- # =,.@-
11278
+ # \_+=,.@-
11213
11279
  #
11214
11280
  #
11215
11281
  #
@@ -11273,10 +11339,10 @@ module Aws::IAM
11273
11339
  # The name of the IAM instance profile from which you want to remove
11274
11340
  # tags.
11275
11341
  #
11276
- # This parameter accepts (through its [regex pattern][1]) a string of
11277
- # characters that consist of upper and lowercase alphanumeric characters
11342
+ # This parameter allows (through its [regex pattern][1]) a string of
11343
+ # characters consisting of upper and lowercase alphanumeric characters
11278
11344
  # with no spaces. You can also include any of the following characters:
11279
- # =,.@-
11345
+ # \_+=,.@-
11280
11346
  #
11281
11347
  #
11282
11348
  #
@@ -11317,10 +11383,10 @@ module Aws::IAM
11317
11383
  # want to remove tags. For virtual MFA devices, the serial number is the
11318
11384
  # same as the ARN.
11319
11385
  #
11320
- # This parameter accepts (through its [regex pattern][1]) a string of
11321
- # characters that consist of upper and lowercase alphanumeric characters
11386
+ # This parameter allows (through its [regex pattern][1]) a string of
11387
+ # characters consisting of upper and lowercase alphanumeric characters
11322
11388
  # with no spaces. You can also include any of the following characters:
11323
- # =,.@-
11389
+ # \_+=,.@-
11324
11390
  #
11325
11391
  #
11326
11392
  #
@@ -11363,10 +11429,10 @@ module Aws::IAM
11363
11429
  # The ARN of the OIDC provider in IAM from which you want to remove
11364
11430
  # tags.
11365
11431
  #
11366
- # This parameter accepts (through its [regex pattern][1]) a string of
11367
- # characters that consist of upper and lowercase alphanumeric characters
11432
+ # This parameter allows (through its [regex pattern][1]) a string of
11433
+ # characters consisting of upper and lowercase alphanumeric characters
11368
11434
  # with no spaces. You can also include any of the following characters:
11369
- # =,.@-
11435
+ # \_+=,.@-
11370
11436
  #
11371
11437
  #
11372
11438
  #
@@ -11406,10 +11472,10 @@ module Aws::IAM
11406
11472
  # The ARN of the IAM customer managed policy from which you want to
11407
11473
  # remove tags.
11408
11474
  #
11409
- # This parameter accepts (through its [regex pattern][1]) a string of
11410
- # characters that consist of upper and lowercase alphanumeric characters
11475
+ # This parameter allows (through its [regex pattern][1]) a string of
11476
+ # characters consisting of upper and lowercase alphanumeric characters
11411
11477
  # with no spaces. You can also include any of the following characters:
11412
- # =,.@-
11478
+ # \_+=,.@-
11413
11479
  #
11414
11480
  #
11415
11481
  #
@@ -11505,10 +11571,10 @@ module Aws::IAM
11505
11571
  # The ARN of the SAML identity provider in IAM from which you want to
11506
11572
  # remove tags.
11507
11573
  #
11508
- # This parameter accepts (through its [regex pattern][1]) a string of
11509
- # characters that consist of upper and lowercase alphanumeric characters
11574
+ # This parameter allows (through its [regex pattern][1]) a string of
11575
+ # characters consisting of upper and lowercase alphanumeric characters
11510
11576
  # with no spaces. You can also include any of the following characters:
11511
- # =,.@-
11577
+ # \_+=,.@-
11512
11578
  #
11513
11579
  #
11514
11580
  #
@@ -11540,11 +11606,11 @@ module Aws::IAM
11540
11606
  # information about tagging, see [Tagging IAM resources][1] in the *IAM
11541
11607
  # User Guide*.
11542
11608
  #
11543
- # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
11544
- # (ACM), we recommend that you don't use IAM server certificates.
11545
- # Instead, use ACM to provision, manage, and deploy your server
11546
- # certificates. For more information about IAM server certificates,
11547
- # [Working with server certificates][2] in the *IAM User Guide*.
11609
+ # <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM),
11610
+ # we recommend that you don't use IAM server certificates. Instead, use
11611
+ # ACM to provision, manage, and deploy your server certificates. For
11612
+ # more information about IAM server certificates, [Working with server
11613
+ # certificates][2] in the *IAM User Guide*.
11548
11614
  #
11549
11615
  # </note>
11550
11616
  #
@@ -11557,10 +11623,10 @@ module Aws::IAM
11557
11623
  # The name of the IAM server certificate from which you want to remove
11558
11624
  # tags.
11559
11625
  #
11560
- # This parameter accepts (through its [regex pattern][1]) a string of
11561
- # characters that consist of upper and lowercase alphanumeric characters
11626
+ # This parameter allows (through its [regex pattern][1]) a string of
11627
+ # characters consisting of upper and lowercase alphanumeric characters
11562
11628
  # with no spaces. You can also include any of the following characters:
11563
- # =,.@-
11629
+ # \_+=,.@-
11564
11630
  #
11565
11631
  #
11566
11632
  #
@@ -11598,10 +11664,10 @@ module Aws::IAM
11598
11664
  # @option params [required, String] :user_name
11599
11665
  # The name of the IAM user from which you want to remove tags.
11600
11666
  #
11601
- # This parameter accepts (through its [regex pattern][1]) a string of
11602
- # characters that consist of upper and lowercase alphanumeric characters
11667
+ # This parameter allows (through its [regex pattern][1]) a string of
11668
+ # characters consisting of upper and lowercase alphanumeric characters
11603
11669
  # with no spaces. You can also include any of the following characters:
11604
- # =,.@-
11670
+ # \_+=,.@-
11605
11671
  #
11606
11672
  #
11607
11673
  #
@@ -11646,10 +11712,10 @@ module Aws::IAM
11646
11712
  # user's key as part of a key rotation workflow.
11647
11713
  #
11648
11714
  # If the `UserName` is not specified, the user name is determined
11649
- # implicitly based on the AWS access key ID used to sign the request.
11650
- # This operation works for access keys under the AWS account.
11651
- # Consequently, you can use this operation to manage AWS account root
11652
- # user credentials even if the AWS account has no associated users.
11715
+ # implicitly based on the Amazon Web Services access key ID used to sign
11716
+ # the request. This operation works for access keys under the account.
11717
+ # Consequently, you can use this operation to manage account root user
11718
+ # credentials even if the account has no associated users.
11653
11719
  #
11654
11720
  # For information about rotating keys, see [Managing keys and
11655
11721
  # certificates][1] in the *IAM User Guide*.
@@ -11683,8 +11749,8 @@ module Aws::IAM
11683
11749
  #
11684
11750
  # @option params [required, String] :status
11685
11751
  # The status you want to assign to the secret access key. `Active` means
11686
- # that the key can be used for programmatic calls to AWS, while
11687
- # `Inactive` means that the key cannot be used.
11752
+ # that the key can be used for programmatic calls to Amazon Web
11753
+ # Services, while `Inactive` means that the key cannot be used.
11688
11754
  #
11689
11755
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
11690
11756
  #
@@ -11717,7 +11783,7 @@ module Aws::IAM
11717
11783
  req.send_request(options)
11718
11784
  end
11719
11785
 
11720
- # Updates the password policy settings for the AWS account.
11786
+ # Updates the password policy settings for the account.
11721
11787
  #
11722
11788
  # <note markdown="1"> * This operation does not support partial updates. No parameters are
11723
11789
  # required, but if you do not specify a parameter, that parameter's
@@ -11779,8 +11845,8 @@ module Aws::IAM
11779
11845
  # require at least one lowercase character.
11780
11846
  #
11781
11847
  # @option params [Boolean] :allow_users_to_change_password
11782
- # Allows all IAM users in your account to use the AWS Management Console
11783
- # to change their own passwords. For more information, see [Letting IAM
11848
+ # Allows all IAM users in your account to use the Management Console to
11849
+ # change their own passwords. For more information, see [Letting IAM
11784
11850
  # users change their own passwords][1] in the *IAM User Guide*.
11785
11851
  #
11786
11852
  # If you do not specify a value for this parameter, then the operation
@@ -11877,10 +11943,10 @@ module Aws::IAM
11877
11943
  # @option params [required, String] :policy_document
11878
11944
  # The policy that grants an entity permission to assume the role.
11879
11945
  #
11880
- # You must provide policies in JSON format in IAM. However, for AWS
11946
+ # You must provide policies in JSON format in IAM. However, for
11881
11947
  # CloudFormation templates formatted in YAML, you can provide the policy
11882
- # in JSON or YAML format. AWS CloudFormation always converts a YAML
11883
- # policy to JSON format before submitting it to IAM.
11948
+ # in JSON or YAML format. CloudFormation always converts a YAML policy
11949
+ # to JSON format before submitting it to IAM.
11884
11950
  #
11885
11951
  # The [regex pattern][1] used to validate this parameter is a string of
11886
11952
  # characters consisting of the following:
@@ -12012,11 +12078,11 @@ module Aws::IAM
12012
12078
  req.send_request(options)
12013
12079
  end
12014
12080
 
12015
- # Changes the password for the specified IAM user. You can use the AWS
12016
- # CLI, the AWS API, or the **Users** page in the IAM console to change
12017
- # the password for any IAM user. Use ChangePassword to change your own
12018
- # password in the **My Security Credentials** page in the AWS Management
12019
- # Console.
12081
+ # Changes the password for the specified IAM user. You can use the CLI,
12082
+ # the Amazon Web Services API, or the **Users** page in the IAM console
12083
+ # to change the password for any IAM user. Use ChangePassword to change
12084
+ # your own password in the **My Security Credentials** page in the
12085
+ # Management Console.
12020
12086
  #
12021
12087
  # For more information about modifying passwords, see [Managing
12022
12088
  # passwords][1] in the *IAM User Guide*.
@@ -12053,8 +12119,8 @@ module Aws::IAM
12053
12119
  # carriage return (`\u000D`)
12054
12120
  #
12055
12121
  # However, the format can be further restricted by the account
12056
- # administrator by setting a password policy on the AWS account. For
12057
- # more information, see UpdateAccountPasswordPolicy.
12122
+ # administrator by setting a password policy on the account. For more
12123
+ # information, see UpdateAccountPasswordPolicy.
12058
12124
  #
12059
12125
  #
12060
12126
  #
@@ -12120,7 +12186,7 @@ module Aws::IAM
12120
12186
  # operation.
12121
12187
  #
12122
12188
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
12123
- # in the *AWS General Reference*.
12189
+ # in the *Amazon Web Services General Reference*.
12124
12190
  #
12125
12191
  #
12126
12192
  #
@@ -12163,7 +12229,7 @@ module Aws::IAM
12163
12229
  # default maximum of one hour is applied. This setting can have a value
12164
12230
  # from 1 hour to 12 hours.
12165
12231
  #
12166
- # Anyone who assumes the role from the AWS CLI or API can use the
12232
+ # Anyone who assumes the role from the CLI or API can use the
12167
12233
  # `DurationSeconds` API parameter or the `duration-seconds` CLI
12168
12234
  # parameter to request a longer session. The `MaxSessionDuration`
12169
12235
  # setting determines the maximum duration that can be requested using
@@ -12270,7 +12336,7 @@ module Aws::IAM
12270
12336
  # The Amazon Resource Name (ARN) of the SAML provider to update.
12271
12337
  #
12272
12338
  # For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
12273
- # in the *AWS General Reference*.
12339
+ # in the *Amazon Web Services General Reference*.
12274
12340
  #
12275
12341
  #
12276
12342
  #
@@ -12306,10 +12372,10 @@ module Aws::IAM
12306
12372
  # public key as part of a key rotation work flow.
12307
12373
  #
12308
12374
  # The SSH public key affected by this operation is used only for
12309
- # authenticating the associated IAM user to an AWS CodeCommit
12310
- # repository. For more information about using SSH keys to authenticate
12311
- # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
12312
- # connections][1] in the *AWS CodeCommit User Guide*.
12375
+ # authenticating the associated IAM user to an CodeCommit repository.
12376
+ # For more information about using SSH keys to authenticate to an
12377
+ # CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
12378
+ # in the *CodeCommit User Guide*.
12313
12379
  #
12314
12380
  #
12315
12381
  #
@@ -12340,7 +12406,7 @@ module Aws::IAM
12340
12406
  #
12341
12407
  # @option params [required, String] :status
12342
12408
  # The status to assign to the SSH public key. `Active` means that the
12343
- # key can be used for authentication with an AWS CodeCommit repository.
12409
+ # key can be used for authentication with an CodeCommit repository.
12344
12410
  # `Inactive` means that the key cannot be used.
12345
12411
  #
12346
12412
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -12367,8 +12433,8 @@ module Aws::IAM
12367
12433
  #
12368
12434
  # For more information about working with server certificates, see
12369
12435
  # [Working with server certificates][1] in the *IAM User Guide*. This
12370
- # topic also includes a list of AWS services that can use the server
12371
- # certificates that you manage with IAM.
12436
+ # topic also includes a list of Amazon Web Services services that can
12437
+ # use the server certificates that you manage with IAM.
12372
12438
  #
12373
12439
  # You should understand the implications of changing a server
12374
12440
  # certificate's path or name. For more information, see [Renaming a
@@ -12510,10 +12576,10 @@ module Aws::IAM
12510
12576
  # rotation work flow.
12511
12577
  #
12512
12578
  # If the `UserName` field is not specified, the user name is determined
12513
- # implicitly based on the AWS access key ID used to sign the request.
12514
- # This operation works for access keys under the AWS account.
12515
- # Consequently, you can use this operation to manage AWS account root
12516
- # user credentials even if the AWS account has no associated users.
12579
+ # implicitly based on the Amazon Web Services access key ID used to sign
12580
+ # the request. This operation works for access keys under the account.
12581
+ # Consequently, you can use this operation to manage account root user
12582
+ # credentials even if the account has no associated users.
12517
12583
  #
12518
12584
  # @option params [String] :user_name
12519
12585
  # The name of the IAM user the signing certificate belongs to.
@@ -12540,8 +12606,8 @@ module Aws::IAM
12540
12606
  #
12541
12607
  # @option params [required, String] :status
12542
12608
  # The status you want to assign to the certificate. `Active` means that
12543
- # the certificate can be used for programmatic calls to AWS `Inactive`
12544
- # means that the certificate cannot be used.
12609
+ # the certificate can be used for programmatic calls to Amazon Web
12610
+ # Services `Inactive` means that the certificate cannot be used.
12545
12611
  #
12546
12612
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
12547
12613
  #
@@ -12662,10 +12728,10 @@ module Aws::IAM
12662
12728
  # user.
12663
12729
  #
12664
12730
  # The SSH public key uploaded by this operation can be used only for
12665
- # authenticating the associated IAM user to an AWS CodeCommit
12666
- # repository. For more information about using SSH keys to authenticate
12667
- # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
12668
- # connections][1] in the *AWS CodeCommit User Guide*.
12731
+ # authenticating the associated IAM user to an CodeCommit repository.
12732
+ # For more information about using SSH keys to authenticate to an
12733
+ # CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
12734
+ # in the *CodeCommit User Guide*.
12669
12735
  #
12670
12736
  #
12671
12737
  #
@@ -12734,21 +12800,21 @@ module Aws::IAM
12734
12800
  req.send_request(options)
12735
12801
  end
12736
12802
 
12737
- # Uploads a server certificate entity for the AWS account. The server
12803
+ # Uploads a server certificate entity for the account. The server
12738
12804
  # certificate entity includes a public key certificate, a private key,
12739
12805
  # and an optional certificate chain, which should all be PEM-encoded.
12740
12806
  #
12741
- # We recommend that you use [AWS Certificate Manager][1] to provision,
12807
+ # We recommend that you use [Certificate Manager][1] to provision,
12742
12808
  # manage, and deploy your server certificates. With ACM you can request
12743
- # a certificate, deploy it to AWS resources, and let ACM handle
12744
- # certificate renewals for you. Certificates provided by ACM are free.
12745
- # For more information about using ACM, see the [AWS Certificate Manager
12746
- # User Guide][2].
12809
+ # a certificate, deploy it to Amazon Web Services resources, and let ACM
12810
+ # handle certificate renewals for you. Certificates provided by ACM are
12811
+ # free. For more information about using ACM, see the [Certificate
12812
+ # Manager User Guide][2].
12747
12813
  #
12748
12814
  # For more information about working with server certificates, see
12749
12815
  # [Working with server certificates][3] in the *IAM User Guide*. This
12750
- # topic includes a list of AWS services that can use the server
12751
- # certificates that you manage with IAM.
12816
+ # topic includes a list of Amazon Web Services services that can use the
12817
+ # server certificates that you manage with IAM.
12752
12818
  #
12753
12819
  # For information about the number of server certificates you can
12754
12820
  # upload, see [IAM and STS quotas][4] in the *IAM User Guide*.
@@ -12756,10 +12822,11 @@ module Aws::IAM
12756
12822
  # <note markdown="1"> Because the body of the public key certificate, private key, and the
12757
12823
  # certificate chain can be large, you should use POST rather than GET
12758
12824
  # when calling `UploadServerCertificate`. For information about setting
12759
- # up signatures and authorization through the API, see [Signing AWS API
12760
- # requests][5] in the *AWS General Reference*. For general information
12761
- # about using the Query API with IAM, see [Calling the API by making
12762
- # HTTP query requests][6] in the *IAM User Guide*.
12825
+ # up signatures and authorization through the API, see [Signing Amazon
12826
+ # Web Services API requests][5] in the *Amazon Web Services General
12827
+ # Reference*. For general information about using the Query API with
12828
+ # IAM, see [Calling the API by making HTTP query requests][6] in the
12829
+ # *IAM User Guide*.
12763
12830
  #
12764
12831
  # </note>
12765
12832
  #
@@ -12950,25 +13017,27 @@ module Aws::IAM
12950
13017
  end
12951
13018
 
12952
13019
  # Uploads an X.509 signing certificate and associates it with the
12953
- # specified IAM user. Some AWS services require you to use certificates
12954
- # to validate requests that are signed with a corresponding private key.
12955
- # When you upload the certificate, its default status is `Active`.
13020
+ # specified IAM user. Some Amazon Web Services services require you to
13021
+ # use certificates to validate requests that are signed with a
13022
+ # corresponding private key. When you upload the certificate, its
13023
+ # default status is `Active`.
12956
13024
  #
12957
13025
  # For information about when you would use an X.509 signing certificate,
12958
13026
  # see [Managing server certificates in IAM][1] in the *IAM User Guide*.
12959
13027
  #
12960
13028
  # If the `UserName` is not specified, the IAM user name is determined
12961
- # implicitly based on the AWS access key ID used to sign the request.
12962
- # This operation works for access keys under the AWS account.
12963
- # Consequently, you can use this operation to manage AWS account root
12964
- # user credentials even if the AWS account has no associated users.
13029
+ # implicitly based on the Amazon Web Services access key ID used to sign
13030
+ # the request. This operation works for access keys under the account.
13031
+ # Consequently, you can use this operation to manage account root user
13032
+ # credentials even if the account has no associated users.
12965
13033
  #
12966
13034
  # <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
12967
13035
  # POST rather than GET when calling `UploadSigningCertificate`. For
12968
13036
  # information about setting up signatures and authorization through the
12969
- # API, see [Signing AWS API requests][2] in the *AWS General Reference*.
12970
- # For general information about using the Query API with IAM, see
12971
- # [Making query requests][3] in the *IAM User Guide*.
13037
+ # API, see [Signing Amazon Web Services API requests][2] in the *Amazon
13038
+ # Web Services General Reference*. For general information about using
13039
+ # the Query API with IAM, see [Making query requests][3] in the *IAM
13040
+ # User Guide*.
12972
13041
  #
12973
13042
  # </note>
12974
13043
  #
@@ -13071,7 +13140,7 @@ module Aws::IAM
13071
13140
  params: params,
13072
13141
  config: config)
13073
13142
  context[:gem_name] = 'aws-sdk-iam'
13074
- context[:gem_version] = '1.55.0'
13143
+ context[:gem_version] = '1.56.0'
13075
13144
  Seahorse::Client::Request.new(handlers, context)
13076
13145
  end
13077
13146