aws-sdk-iam 1.74.0 → 1.75.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 772aef53edcb2dcfd825515204fcb855d4c189accf178b15c21949a755bac3d5
-  data.tar.gz: 1d8109abe12a8082ad44f2672d1fd3189dac90dd49cd947992997f80c7f861a5
+  metadata.gz: ef84c0d91723ced85c4f386e729ccce65d8015eb3a211e43ecfd82e3f0e66704
+  data.tar.gz: 1bbdbb017d13ce2fcf7cf1a7ff11206be46086df7c6757474e15bdf082a97d0b
 SHA512:
-  metadata.gz: c345d0c8a4cfdc02be9938560f8cb82196176c14fd9822a903e8e032f5aae4423d2af3a99bbf88c2c14be01fc86f3ef2399d9d933ce6ac2333ff97337a239dfb
-  data.tar.gz: f8f21b795a257ece2eda80c18ec9cf8a0b68a1034982243423a12991fa10db563dbfdfdc5d5fc515c3b4d97bd15d23c420d4fd1b63cdf8d92a5dc28f780e3d0e
+  metadata.gz: e5de3cb4467504346c82b05c019201baa34aa21eb77309ae1fc3a382c33536dfa22dbc450ef428004de1ca85429777076a8345a43784c8e93b34b9dec09d5698
+  data.tar.gz: 239df2e18c8248c0456b5ace08e77991507f75223c74169ed5cc4f42effd64c482c2ec7bcf9c64ae3484b8150c5789b9c393f6b94bdba4728112abb741bcbf4c

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.75.0 (2023-02-01)
+------------------
+
+* Feature - Documentation updates for AWS Identity and Access Management (IAM).
+
 1.74.0 (2023-01-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.74.0
+1.75.0

data/lib/aws-sdk-iam/client.rb

@@ -1298,10 +1298,10 @@ module Aws::IAM
     # <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
     # providers (IdPs) through our library of trusted certificate
     # authorities (CAs) instead of using a certificate thumbprint to verify
-    # your IdP server certificate. These OIDC IdPs include Google, and those
-    # that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)
-    # endpoint. In these cases, your legacy thumbprint remains in your
-    # configuration, but is no longer used for validation.
+    # your IdP server certificate. These OIDC IdPs include Google, Auth0,
+    # and those that use an Amazon S3 bucket to host a JSON Web Key Set
+    # (JWKS) endpoint. In these cases, your legacy thumbprint remains in
+    # your configuration, but is no longer used for validation.
     #
     #  </note>
     #
@@ -1790,8 +1790,23 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
     #
     # @option params [String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the role.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the role.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #
     # @option params [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the new role. Each tag
@@ -2183,8 +2198,23 @@ module Aws::IAM
     #   create resources named both "MyResource" and "myresource".
     #
     # @option params [String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #
     # @option params [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the new user. Each tag
@@ -2916,9 +2946,20 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Deletes the specified role. The role must not have any policies
-    # attached. For more information about roles, see [Working with
-    # roles][1].
+    # Deletes the specified role. Unlike the Amazon Web Services Management
+    # Console, when you delete a role programmatically, you must delete the
+    # items attached to the role manually, or the deletion fails. For more
+    # information, see [Deleting an IAM role][1]. Before attempting to
+    # delete a role, remove the following attached items:
+    #
+    # * Inline policies (DeleteRolePolicy)
+    #
+    # * Attached managed policies (DetachRolePolicy)
+    #
+    # * Instance profile (RemoveRoleFromInstanceProfile)
+    #
+    # * Optional – Delete instance profile after detaching from role for
+    #   resource clean up (DeleteInstanceProfile)
     #
     # Make sure that you do not have any Amazon EC2 instances running with
     # the role you are about to delete. Deleting a role or instance profile
@@ -2927,7 +2968,7 @@ module Aws::IAM
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli
     #
     # @option params [required, String] :role_name
     #   The name of the role to delete.
@@ -9356,8 +9397,23 @@ module Aws::IAM
     #   to set the permissions boundary.
     #
     # @option params [required, String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the role.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the role.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -9509,8 +9565,23 @@ module Aws::IAM
     #   to set the permissions boundary.
     #
     # @option params [required, String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -10071,9 +10142,16 @@ module Aws::IAM
     # If the output is long, you can use `MaxItems` and `Marker` parameters
     # to paginate the results.
     #
-    # For more information about using the policy simulator, see [Testing
-    # IAM policies with the IAM policy simulator ][1]in the *IAM User
-    # Guide*.
+    # <note markdown="1"> The IAM policy simulator evaluates statements in the identity-based
+    # policy and the inputs that you provide during simulation. The policy
+    # simulator results can differ from your live Amazon Web Services
+    # environment. We recommend that you check your policies against your
+    # live Amazon Web Services environment after testing using the policy
+    # simulator to confirm that you have the desired results. For more
+    # information about using the policy simulator, see [Testing IAM
+    # policies with the IAM policy simulator ][1]in the *IAM User Guide*.
+    #
+    #  </note>
     #
     #
     #
@@ -10173,6 +10251,10 @@ module Aws::IAM
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
     #   in the *Amazon Web Services General Reference*.
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
@@ -10200,6 +10282,10 @@ module Aws::IAM
     #   * The special characters tab (`\u0009`), line feed (`\u000A`), and
     #     carriage return (`\u000D`)
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
@@ -10382,7 +10468,8 @@ module Aws::IAM
     # instead.
     #
     # You can also optionally include one resource-based policy to be
-    # evaluated with each of the resources included in the simulation.
+    # evaluated with each of the resources included in the simulation for
+    # IAM users only.
     #
     # The simulation does not perform the API operations; it only checks the
     # authorization to determine if the simulated policies allow or deny the
@@ -10403,9 +10490,16 @@ module Aws::IAM
     # If the output is long, you can use the `MaxItems` and `Marker`
     # parameters to paginate the results.
     #
-    # For more information about using the policy simulator, see [Testing
-    # IAM policies with the IAM policy simulator ][1]in the *IAM User
-    # Guide*.
+    # <note markdown="1"> The IAM policy simulator evaluates statements in the identity-based
+    # policy and the inputs that you provide during simulation. The policy
+    # simulator results can differ from your live Amazon Web Services
+    # environment. We recommend that you check your policies against your
+    # live Amazon Web Services environment after testing using the policy
+    # simulator to confirm that you have the desired results. For more
+    # information about using the policy simulator, see [Testing IAM
+    # policies with the IAM policy simulator ][1]in the *IAM User Guide*.
+    #
+    #  </note>
     #
     #
     #
@@ -10511,6 +10605,10 @@ module Aws::IAM
     #   For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
     #   in the *Amazon Web Services General Reference*.
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
@@ -10538,6 +10636,10 @@ module Aws::IAM
     #   * The special characters tab (`\u0009`), line feed (`\u000A`), and
     #     carriage return (`\u000D`)
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
@@ -12255,10 +12357,10 @@ module Aws::IAM
     # <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
     # providers (IdPs) through our library of trusted certificate
     # authorities (CAs) instead of using a certificate thumbprint to verify
-    # your IdP server certificate. These OIDC IdPs include Google, and those
-    # that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)
-    # endpoint. In these cases, your legacy thumbprint remains in your
-    # configuration, but is no longer used for validation.
+    # your IdP server certificate. These OIDC IdPs include Google, Auth0,
+    # and those that use an Amazon S3 bucket to host a JSON Web Key Set
+    # (JWKS) endpoint. In these cases, your legacy thumbprint remains in
+    # your configuration, but is no longer used for validation.
     #
     #  </note>
     #
@@ -13233,7 +13335,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.74.0'
+      context[:gem_version] = '1.75.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iam/endpoint_parameters.rb

@@ -50,6 +50,9 @@ module Aws::IAM
 
     def initialize(options = {})
       self[:region] = options[:region]
+      if self[:region].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :region"
+      end
       self[:use_dual_stack] = options[:use_dual_stack]
       self[:use_dual_stack] = false if self[:use_dual_stack].nil?
       if self[:use_dual_stack].nil?

data/lib/aws-sdk-iam/endpoint_provider.rb

@@ -15,7 +15,7 @@ module Aws::IAM
       use_fips = parameters.use_fips
       endpoint = parameters.endpoint
       if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-        if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
+        if Aws::Endpoints::Matchers.set?(endpoint)
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
             raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
           end
@@ -27,7 +27,7 @@ module Aws::IAM
         if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws")
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.aws", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.aws", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
@@ -39,7 +39,7 @@ module Aws::IAM
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.aws", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.aws", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
@@ -48,19 +48,19 @@ module Aws::IAM
         if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-cn")
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.amazonwebservices.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"cn-north-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.amazonwebservices.com.cn", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.amazonaws.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"cn-north-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.amazonaws.com.cn", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.amazonwebservices.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"cn-north-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.amazonwebservices.com.cn", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
@@ -69,7 +69,7 @@ module Aws::IAM
         if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.aws", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.api.aws", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
@@ -81,7 +81,7 @@ module Aws::IAM
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.aws", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam.#{region}.api.aws", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
@@ -90,7 +90,7 @@ module Aws::IAM
         if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-iso")
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.c2s.ic.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-iso-east-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.c2s.ic.gov", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
@@ -99,7 +99,7 @@ module Aws::IAM
         if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-iso-b")
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.sc2s.sgov.gov", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-isob-east-1", "signingName"=>"iam"}]})
+              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.#{region}.sc2s.sgov.gov", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
@@ -113,15 +113,9 @@ module Aws::IAM
         end
         if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
           if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-            if Aws::Endpoints::Matchers.string_equals?(region, "iam")
-              return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
-            end
             if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
               return Aws::Endpoints::Endpoint.new(url: "https://iam-fips.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"iam"}]})
             end
-            if Aws::Endpoints::Matchers.string_equals?(region, "iam-govcloud")
-              return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
-            end
             if Aws::Endpoints::Matchers.string_equals?(region, "aws-us-gov-global")
               return Aws::Endpoints::Endpoint.new(url: "https://iam.us-gov.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-gov-west-1", "signingName"=>"iam"}]})
             end

data/lib/aws-sdk-iam/resource.rb

@@ -505,8 +505,23 @@ module Aws::IAM
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
     # @option options [String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the role.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the role.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     # @option options [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the new role. Each tag
     #   consists of a key name and an associated value. For more information
@@ -808,8 +823,23 @@ module Aws::IAM
     #   account. Names are not distinguished by case. For example, you cannot
     #   create resources named both "MyResource" and "myresource".
     # @option options [String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     # @option options [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the new user. Each tag
     #   consists of a key name and an associated value. For more information

data/lib/aws-sdk-iam/types.rb

@@ -1250,8 +1250,23 @@ module Aws::IAM
     #   @return [Integer]
     #
     # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary
-    #   for the role.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the role.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in
+    #   the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -1516,8 +1531,23 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary
-    #   for the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in
+    #   the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -8130,8 +8160,23 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary
-    #   for the role.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the role.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in
+    #   the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutRolePermissionsBoundaryRequest AWS API Documentation
@@ -8210,8 +8255,23 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary
-    #   for the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in
+    #   the *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutUserPermissionsBoundaryRequest AWS API Documentation
@@ -9504,6 +9564,11 @@ module Aws::IAM
     #   For more information about ARNs, see [Amazon Resource Names
     #   (ARNs)][1] in the *Amazon Web Services General Reference*.
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM
+    #   roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
@@ -9532,6 +9597,11 @@ module Aws::IAM
     #   * The special characters tab (`\u0009`), line feed (`\u000A`), and
     #     carriage return (`\u000D`)
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM
+    #   roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
@@ -9789,6 +9859,11 @@ module Aws::IAM
     #   For more information about ARNs, see [Amazon Resource Names
     #   (ARNs)][1] in the *Amazon Web Services General Reference*.
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM
+    #   roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
@@ -9817,6 +9892,11 @@ module Aws::IAM
     #   * The special characters tab (`\u0009`), line feed (`\u000A`), and
     #     carriage return (`\u000D`)
     #
+    #   <note markdown="1"> Simulation of resource-based policies isn't supported for IAM
+    #   roles.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length

data/lib/aws-sdk-iam/user.rb

@@ -379,8 +379,23 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
     #   [2]: http://wikipedia.org/wiki/regex
     # @option options [String] :permissions_boundary
-    #   The ARN of the policy that is used to set the permissions boundary for
-    #   the user.
+    #   The ARN of the managed policy that is used to set the permissions
+    #   boundary for the user.
+    #
+    #   A permissions boundary policy defines the maximum permissions that
+    #   identity-based policies can grant to an entity, but does not grant
+    #   permissions. Permissions boundaries do not define the maximum
+    #   permissions that a resource-based policy can grant to an entity. To
+    #   learn more, see [Permissions boundaries for IAM entities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   For more information about policy types, see [Policy types ][2] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types
     # @option options [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the new user. Each tag
     #   consists of a key name and an associated value. For more information

data/lib/aws-sdk-iam.rb

@@ -74,6 +74,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @!group service
 module Aws::IAM
 
-  GEM_VERSION = '1.74.0'
+  GEM_VERSION = '1.75.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iam
 version: !ruby/object:Gem::Version
-  version: 1.74.0
+  version: 1.75.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-01-18 00:00:00.000000000 Z
+date: 2023-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core