aws-sdk-iot 1.70.0 → 1.74.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c170565c31c69dbfbd12e99bbb1adb4c74ccf9c59b806af59c6bffaa2394e124
-  data.tar.gz: 81da5ad654a98c01fc2bbb37d09d251745348199e36646edd9402bdf46f8a5a2
+  metadata.gz: f94f5bf43d4aaf29f175fb9cd42e674950496644f334c3e455de0249e27d0de1
+  data.tar.gz: 454fe30646d9155e501126ea6f0f02295b0fdccf29630a6b739a536250edc491
 SHA512:
-  metadata.gz: 4028df3f1a41adf7d217ea12b1df15ce3910ba99f092e07991f797069106668094936bdfec92917de06e2da699de3e4d31be3584129e1865fa440b3e4ef85a8d
-  data.tar.gz: 413189c3a9290f27e52af88770f12500a41f5494500478b9222272cfdd2e56a5ab63a7f04fe2a4bed848bf296a178416b7fb93456ec034d457e49dbe12a1ea69
+  metadata.gz: bcb337813edb0d1a58b0bf6524a95de521fbe5e138356c8d7d444c2f6af73bd939bee2c19cf37cc28678df5091a86cf16c139fffb8fb2a8b92004be7cc5047e8
+  data.tar.gz: a98cfe4dc9834e3103bc62f1c90f9435576945ac78642dae99179e79cff670b29735bbf03a117c3ca5cb7d506f6b2c927a23177af6cfddd007a31328daeeac24

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.74.0 (2021-09-01)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.73.0 (2021-08-31)
+------------------
+
+* Feature - Added Create/Update/Delete/Describe/List APIs for a new IoT resource named FleetMetric. Added a new Fleet Indexing query API named GetBucketsAggregation. Added a new field named DisconnectedReason in Fleet Indexing query response. Updated their related documentations.
+
+1.72.0 (2021-07-30)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.71.0 (2021-07-29)
+------------------
+
+* Feature - Increase maximum credential duration of role alias to 12 hours.
+
 1.70.0 (2021-07-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.70.0
+1.74.0

data/lib/aws-sdk-iot/client.rb

@@ -333,6 +333,13 @@ module Aws::IoT
     # To check for pending certificate transfers, call ListCertificates to
     # enumerate your certificates.
     #
+    # Requires permission to access the [AcceptCertificateTransfer][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
@@ -358,6 +365,12 @@ module Aws::IoT
 
     # Adds a thing to a billing group.
     #
+    # Requires permission to access the [AddThingToBillingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :billing_group_name
     #   The name of the billing group.
     #
@@ -390,6 +403,12 @@ module Aws::IoT
 
     # Adds a thing to a thing group.
     #
+    # Requires permission to access the [AddThingToThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :thing_group_name
     #   The name of the group to which you are adding a thing.
     #
@@ -438,6 +457,12 @@ module Aws::IoT
     # * The total number of targets associated with a job must not exceed
     #   100.
     #
+    # Requires permission to access the [AssociateTargetsWithJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Array<String>] :targets
     #   A list of thing group ARNs that define the targets of the job.
     #
@@ -451,9 +476,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -489,7 +514,14 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Attaches a policy to the specified target.
+    # Attaches the specified policy to the specified principal (certificate
+    # or other credential).
+    #
+    # Requires permission to access the [AttachPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :policy_name
     #   The name of the policy to attach.
@@ -521,7 +553,13 @@ module Aws::IoT
     # Attaches the specified policy to the specified principal (certificate
     # or other credential).
     #
-    # **Note:** This API is deprecated. Please use AttachPolicy instead.
+    # **Note:** This action is deprecated. Please use AttachPolicy instead.
+    #
+    # Requires permission to access the [AttachPrincipalPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :policy_name
     #   The policy name.
@@ -550,6 +588,12 @@ module Aws::IoT
     # this account. Each thing group or account can have up to five security
     # profiles associated with it.
     #
+    # Requires permission to access the [AttachSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The security profile that is attached.
     #
@@ -577,6 +621,12 @@ module Aws::IoT
     # can be X.509 certificates, IAM users, groups, and roles, Amazon
     # Cognito identities or federated identities.
     #
+    # Requires permission to access the [AttachThingPrincipal][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The name of the thing.
     #
@@ -603,6 +653,13 @@ module Aws::IoT
     # Cancels a mitigation action task that is in progress. If the task is
     # not in progress, an InvalidRequestException occurs.
     #
+    # Requires permission to access the
+    # [CancelAuditMitigationActionsTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The unique identifier for the task that you want to cancel.
     #
@@ -625,6 +682,12 @@ module Aws::IoT
     # scheduled or on demand. If the audit isn't in progress, an
     # "InvalidRequestException" occurs.
     #
+    # Requires permission to access the [CancelAuditTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The ID of the audit you want to cancel. You can only cancel an audit
     #   that is "IN\_PROGRESS".
@@ -648,14 +711,21 @@ module Aws::IoT
     #
     # **Note** Only the transfer source account can use this operation to
     # cancel a transfer. (Transfer destinations can use
-    # RejectCertificateTransfer instead.) After transfer, AWS IoT returns
-    # the certificate to the source account in the INACTIVE state. After the
+    # RejectCertificateTransfer instead.) After transfer, IoT returns the
+    # certificate to the source account in the INACTIVE state. After the
     # destination account has accepted the transfer, the transfer cannot be
     # cancelled.
     #
     # After a certificate transfer is cancelled, the status of the
     # certificate changes from PENDING\_TRANSFER to INACTIVE.
     #
+    # Requires permission to access the [CancelCertificateTransfer][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
@@ -677,6 +747,13 @@ module Aws::IoT
 
     # Cancels a Device Defender ML Detect mitigation action.
     #
+    # Requires permission to access the
+    # [CancelDetectMitigationActionsTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The unique identifier of the task.
     #
@@ -697,6 +774,12 @@ module Aws::IoT
 
     # Cancels a job.
     #
+    # Requires permission to access the [CancelJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The unique identifier you assigned to this job when it was created.
     #
@@ -746,6 +829,12 @@ module Aws::IoT
 
     # Cancels the execution of a job for a given thing.
     #
+    # Requires permission to access the [CancelJobExecution][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The ID of the job to be canceled.
     #
@@ -801,6 +890,12 @@ module Aws::IoT
 
     # Clears the default authorizer.
     #
+    # Requires permission to access the [ClearDefaultAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @overload clear_default_authorizer(params = {})
@@ -811,10 +906,17 @@ module Aws::IoT
     end
 
     # Confirms a topic rule destination. When you create a rule requiring a
-    # destination, AWS IoT sends a confirmation message to the endpoint or
-    # base address you specify. The message includes a token which you pass
-    # back when calling `ConfirmTopicRuleDestination` to confirm that you
-    # own or have access to the endpoint.
+    # destination, IoT sends a confirmation message to the endpoint or base
+    # address you specify. The message includes a token which you pass back
+    # when calling `ConfirmTopicRuleDestination` to confirm that you own or
+    # have access to the endpoint.
+    #
+    # Requires permission to access the [ConfirmTopicRuleDestination][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :confirmation_token
     #   The token used to confirm ownership or access to the topic rule
@@ -837,6 +939,12 @@ module Aws::IoT
 
     # Creates a Device Defender audit suppression.
     #
+    # Requires permission to access the [CreateAuditSuppression][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :check_name
     #   An audit check name. Checks must be enabled for your account. (Use
     #   `DescribeAccountAuditConfiguration` to see the list of all checks,
@@ -895,6 +1003,12 @@ module Aws::IoT
 
     # Creates an authorizer.
     #
+    # Requires permission to access the [CreateAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :authorizer_name
     #   The authorizer name.
     #
@@ -927,7 +1041,7 @@ module Aws::IoT
     #    </note>
     #
     # @option params [Boolean] :signing_disabled
-    #   Specifies whether AWS IoT validates the token signature in an
+    #   Specifies whether IoT validates the token signature in an
     #   authorization request.
     #
     # @return [Types::CreateAuthorizerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -968,6 +1082,12 @@ module Aws::IoT
 
     # Creates a billing group.
     #
+    # Requires permission to access the [CreateBillingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :billing_group_name
     #   The name you wish to give to the billing group.
     #
@@ -1021,6 +1141,9 @@ module Aws::IoT
     # **Note:** Reusing the same certificate signing request (CSR) results
     # in a distinct certificate.
     #
+    # Requires permission to access the [CreateCertificateFromCsr][1]
+    # action.
+    #
     # You can create multiple certificates in a batch by creating a
     # directory, copying multiple .csr files into that directory, and then
     # specifying that directory on the command line. The following commands
@@ -1036,8 +1159,9 @@ module Aws::IoT
     # file://my-csr-directory/\\\{\\}
     #
     # This command lists all of the CSRs in my-csr-directory and pipes each
-    # CSR file name to the aws iot create-certificate-from-csr AWS CLI
-    # command to create a certificate for the corresponding CSR.
+    # CSR file name to the aws iot create-certificate-from-csr Amazon Web
+    # Services CLI command to create a certificate for the corresponding
+    # CSR.
     #
     # The aws iot create-certificate-from-csr part of the command can also
     # be run in parallel to speed up the certificate creation process:
@@ -1060,6 +1184,10 @@ module Aws::IoT
     # create-certificate-from-csr --certificate-signing-request
     # file://@path"
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_signing_request
     #   The certificate signing request (CSR).
     #
@@ -1095,6 +1223,12 @@ module Aws::IoT
     # Use this API to define a Custom Metric published by your devices to
     # Device Defender.
     #
+    # Requires permission to access the [CreateCustomMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :metric_name
     #   The name of the custom metric. This will be used in the metric report
     #   submitted from the device/thing. Shouldn't begin with `aws:`. Cannot
@@ -1115,8 +1249,8 @@ module Aws::IoT
     # @option params [required, String] :client_request_token
     #   Each custom metric must have a unique client request token. If you try
     #   to create a new custom metric that already exists with a different
-    #   token, an exception occurs. If you omit this value, AWS SDKs will
-    #   automatically generate a unique client request.
+    #   token, an exception occurs. If you omit this value, Amazon Web
+    #   Services SDKs will automatically generate a unique client request.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -1154,11 +1288,17 @@ module Aws::IoT
     end
 
     # Create a dimension that you can use to limit the scope of a metric
-    # used in a security profile for AWS IoT Device Defender. For example,
-    # using a `TOPIC_FILTER` dimension, you can narrow down the scope of the
+    # used in a security profile for IoT Device Defender. For example, using
+    # a `TOPIC_FILTER` dimension, you can narrow down the scope of the
     # metric only to MQTT topics whose name match the pattern specified in
     # the dimension.
     #
+    # Requires permission to access the [CreateDimension][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :name
     #   A unique identifier for the dimension. Choose something that describes
     #   the type and value to make it easy to remember what it does.
@@ -1177,8 +1317,8 @@ module Aws::IoT
     # @option params [required, String] :client_request_token
     #   Each dimension must have a unique client request token. If you try to
     #   create a new dimension with the same token as a dimension that already
-    #   exists, an exception occurs. If you omit this value, AWS SDKs will
-    #   automatically generate a unique client request.
+    #   exists, an exception occurs. If you omit this value, Amazon Web
+    #   Services SDKs will automatically generate a unique client request.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -1217,6 +1357,13 @@ module Aws::IoT
 
     # Creates a domain configuration.
     #
+    # Requires permission to access the [CreateDomainConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :domain_configuration_name
     #   The name of the domain configuration. This value must be unique to a
     #   region.
@@ -1225,15 +1372,15 @@ module Aws::IoT
     #   The name of the domain.
     #
     # @option params [Array<String>] :server_certificate_arns
-    #   The ARNs of the certificates that AWS IoT passes to the device during
-    #   the TLS handshake. Currently you can specify only one certificate ARN.
-    #   This value is not required for AWS-managed domains.
+    #   The ARNs of the certificates that IoT passes to the device during the
+    #   TLS handshake. Currently you can specify only one certificate ARN.
+    #   This value is not required for Amazon Web Services-managed domains.
     #
     # @option params [String] :validation_certificate_arn
     #   The certificate used to validate the server certificate and prove
     #   domain name ownership. This certificate must be signed by a public
-    #   certificate authority. This value is not required for AWS-managed
-    #   domains.
+    #   certificate authority. This value is not required for Amazon Web
+    #   Services-managed domains.
     #
     # @option params [Types::AuthorizerConfig] :authorizer_config
     #   An object that specifies the authorization service for a domain.
@@ -1241,7 +1388,8 @@ module Aws::IoT
     # @option params [String] :service_type
     #   The type of service delivered by the endpoint.
     #
-    #   <note markdown="1"> AWS IoT Core currently supports only the `DATA` service type.
+    #   <note markdown="1"> Amazon Web Services IoT Core currently supports only the `DATA`
+    #   service type.
     #
     #    </note>
     #
@@ -1298,6 +1446,12 @@ module Aws::IoT
 
     # Creates a dynamic thing group.
     #
+    # Requires permission to access the [CreateDynamicThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The dynamic thing group name to create.
     #
@@ -1307,7 +1461,7 @@ module Aws::IoT
     # @option params [String] :index_name
     #   The dynamic thing group index name.
     #
-    #   <note markdown="1"> Currently one index is supported: "AWS\_Things".
+    #   <note markdown="1"> Currently one index is supported: `AWS_Things`.
     #
     #    </note>
     #
@@ -1380,12 +1534,102 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Creates a fleet metric.
+    #
+    # Requires permission to access the [CreateFleetMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [required, String] :metric_name
+    #   The name of the fleet metric to create.
+    #
+    # @option params [required, String] :query_string
+    #   The search query string.
+    #
+    # @option params [required, Types::AggregationType] :aggregation_type
+    #   The type of the aggregation query.
+    #
+    # @option params [required, Integer] :period
+    #   The time in seconds between fleet metric emissions. Range \[60(1 min),
+    #   86400(1 day)\] and must be multiple of 60.
+    #
+    # @option params [required, String] :aggregation_field
+    #   The field to aggregate.
+    #
+    # @option params [String] :description
+    #   The fleet metric description.
+    #
+    # @option params [String] :query_version
+    #   The query version.
+    #
+    # @option params [String] :index_name
+    #   The name of the index to search.
+    #
+    # @option params [String] :unit
+    #   Used to support unit transformation such as milliseconds to seconds.
+    #   The unit must be supported by [CW metric][1]. Default to null.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/https:/docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   Metadata, which can be used to manage the fleet metric.
+    #
+    # @return [Types::CreateFleetMetricResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateFleetMetricResponse#metric_name #metric_name} => String
+    #   * {Types::CreateFleetMetricResponse#metric_arn #metric_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_fleet_metric({
+    #     metric_name: "FleetMetricName", # required
+    #     query_string: "QueryString", # required
+    #     aggregation_type: { # required
+    #       name: "Statistics", # required, accepts Statistics, Percentiles, Cardinality
+    #       values: ["AggregationTypeValue"],
+    #     },
+    #     period: 1, # required
+    #     aggregation_field: "AggregationField", # required
+    #     description: "FleetMetricDescription",
+    #     query_version: "QueryVersion",
+    #     index_name: "IndexName",
+    #     unit: "Seconds", # accepts Seconds, Microseconds, Milliseconds, Bytes, Kilobytes, Megabytes, Gigabytes, Terabytes, Bits, Kilobits, Megabits, Gigabits, Terabits, Percent, Count, Bytes/Second, Kilobytes/Second, Megabytes/Second, Gigabytes/Second, Terabytes/Second, Bits/Second, Kilobits/Second, Megabits/Second, Gigabits/Second, Terabits/Second, Count/Second, None
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue",
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.metric_name #=> String
+    #   resp.metric_arn #=> String
+    #
+    # @overload create_fleet_metric(params = {})
+    # @param [Hash] params ({})
+    def create_fleet_metric(params = {}, options = {})
+      req = build_request(:create_fleet_metric, params)
+      req.send_request(options)
+    end
+
     # Creates a job.
     #
+    # Requires permission to access the [CreateJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
-    #   A job identifier which must be unique for your AWS account. We
-    #   recommend using a UUID. Alpha-numeric characters, "-" and "\_" are
-    #   valid for use here.
+    #   A job identifier which must be unique for your Amazon Web Services
+    #   account. We recommend using a UUID. Alpha-numeric characters, "-"
+    #   and "\_" are valid for use here.
     #
     # @option params [required, Array<String>] :targets
     #   A list of things and thing groups to which the job should be sent.
@@ -1443,9 +1687,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -1524,6 +1768,12 @@ module Aws::IoT
 
     # Creates a job template.
     #
+    # Requires permission to access the [CreateJobTemplate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_template_id
     #   A unique identifier for the job template. We recommend using a UUID.
     #   Alpha-numeric characters, "-", and "\_" are valid for use here.
@@ -1639,12 +1889,16 @@ module Aws::IoT
     # over MQTT from a device, for more information, see [Provisioning MQTT
     # API][1].
     #
-    # **Note** This is the only time AWS IoT issues the private key for this
+    # **Note** This is the only time IoT issues the private key for this
     # certificate, so it is important to keep it in a secure location.
     #
+    # Requires permission to access the [CreateKeysAndCertificate][2]
+    # action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html#provision-mqtt-api
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [Boolean] :set_as_active
     #   Specifies whether the certificate is active.
@@ -1683,9 +1937,12 @@ module Aws::IoT
     # see [Mitigation actions][1]. Each mitigation action can apply only one
     # type of change.
     #
+    # Requires permission to access the [CreateMitigationAction][2] action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-mitigation-actions.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :action_name
     #   A friendly name for the action. Choose a friendly name that accurately
@@ -1752,7 +2009,13 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Creates an AWS IoT OTAUpdate on a target group of things or groups.
+    # Creates an IoT OTA update on a target group of things or groups.
+    #
+    # Requires permission to access the [CreateOTAUpdate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :ota_update_id
     #   The ID of the OTA update to be created.
@@ -1797,8 +2060,9 @@ module Aws::IoT
     #   The files to be streamed by the OTA update.
     #
     # @option params [required, String] :role_arn
-    #   The IAM role that grants AWS IoT access to the Amazon S3, AWS IoT jobs
-    #   and AWS Code Signing resources to create an OTA update job.
+    #   The IAM role that grants Amazon Web Services IoT Core access to the
+    #   Amazon S3, IoT jobs and Amazon Web Services Code Signing resources to
+    #   create an OTA update job.
     #
     # @option params [Hash<String,String>] :additional_parameters
     #   A list of additional OTA update parameters which are name-value pairs.
@@ -1925,12 +2189,18 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Creates an AWS IoT policy.
+    # Creates an IoT policy.
     #
     # The created policy is the default version for the policy. This
     # operation creates a policy version with a version identifier of **1**
     # and sets **1** as the policy's default version.
     #
+    # Requires permission to access the [CreatePolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy name.
     #
@@ -1987,9 +2257,9 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Creates a new version of the specified AWS IoT policy. To update a
-    # policy, create a new policy version. A managed policy can have up to
-    # five versions. If the policy has five versions, you must use
+    # Creates a new version of the specified IoT policy. To update a policy,
+    # create a new policy version. A managed policy can have up to five
+    # versions. If the policy has five versions, you must use
     # DeletePolicyVersion to delete an existing version before you create a
     # new one.
     #
@@ -1998,6 +2268,12 @@ module Aws::IoT
     # version that is in effect for the certificates to which the policy is
     # attached).
     #
+    # Requires permission to access the [CreatePolicyVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy name.
     #
@@ -2042,6 +2318,12 @@ module Aws::IoT
 
     # Creates a provisioning claim.
     #
+    # Requires permission to access the [CreateProvisioningClaim][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the provisioning template to use.
     #
@@ -2075,6 +2357,13 @@ module Aws::IoT
 
     # Creates a fleet provisioning template.
     #
+    # Requires permission to access the [CreateProvisioningTemplate][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template.
     #
@@ -2149,6 +2438,13 @@ module Aws::IoT
 
     # Creates a new version of a fleet provisioning template.
     #
+    # Requires permission to access the
+    # [CreateProvisioningTemplateVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template.
     #
@@ -2189,6 +2485,12 @@ module Aws::IoT
 
     # Creates a role alias.
     #
+    # Requires permission to access the [CreateRoleAlias][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :role_alias
     #   The role alias that points to a role ARN. This allows you to change
     #   the role without having to update the device.
@@ -2197,7 +2499,8 @@ module Aws::IoT
     #   The role ARN.
     #
     # @option params [Integer] :credential_duration_seconds
-    #   How long (in seconds) the credentials will be valid.
+    #   How long (in seconds) the credentials will be valid. The default value
+    #   is 3,600 seconds.
     #
     # @option params [Array<Types::Tag>] :tags
     #   Metadata which can be used to manage the role alias.
@@ -2246,6 +2549,12 @@ module Aws::IoT
 
     # Creates a scheduled audit that is run at a specified time interval.
     #
+    # Requires permission to access the [CreateScheduledAudit][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :frequency
     #   How often the scheduled audit takes place, either `DAILY`, `WEEKLY`,
     #   `BIWEEKLY` or `MONTHLY`. The start time of each audit is determined by
@@ -2309,6 +2618,12 @@ module Aws::IoT
 
     # Creates a Device Defender security profile.
     #
+    # Requires permission to access the [CreateSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The name you are giving to the security profile.
     #
@@ -2424,6 +2739,12 @@ module Aws::IoT
     # MQTT messages from a source like S3. You can have one or more files
     # associated with a stream.
     #
+    # Requires permission to access the [CreateStream][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :stream_id
     #   The stream ID.
     #
@@ -2495,9 +2816,12 @@ module Aws::IoT
     #
     #  </note>
     #
+    # Requires permission to access the [CreateThing][2] action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/iot-authorization.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :thing_name
     #   The name of the thing to create.
@@ -2558,9 +2882,12 @@ module Aws::IoT
     #
     #  </note>
     #
+    # Requires permission to access the [CreateThingGroup][2] action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/iot-authorization.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :thing_group_name
     #   The thing group name to create.
@@ -2617,6 +2944,12 @@ module Aws::IoT
 
     # Creates a new thing type.
     #
+    # Requires permission to access the [CreateThingType][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_type_name
     #   The name of the thing type.
     #
@@ -2667,6 +3000,12 @@ module Aws::IoT
     # user who has permission to create rules will be able to access data
     # processed by the rule.
     #
+    # Requires permission to access the [CreateTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the rule.
     #
@@ -3050,6 +3389,13 @@ module Aws::IoT
     # Creates a topic rule destination. The destination must be confirmed
     # prior to use.
     #
+    # Requires permission to access the [CreateTopicRuleDestination][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Types::TopicRuleDestinationConfiguration] :destination_configuration
     #   The topic rule destination configuration.
     #
@@ -3099,6 +3445,13 @@ module Aws::IoT
     # account. Any configuration data you entered is deleted and all audit
     # checks are reset to disabled.
     #
+    # Requires permission to access the [DeleteAccountAuditConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Boolean] :delete_scheduled_audits
     #   If true, all scheduled audits are deleted.
     #
@@ -3119,6 +3472,12 @@ module Aws::IoT
 
     # Deletes a Device Defender audit suppression.
     #
+    # Requires permission to access the [DeleteAuditSuppression][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :check_name
     #   An audit check name. Checks must be enabled for your account. (Use
     #   `DescribeAccountAuditConfiguration` to see the list of all checks,
@@ -3158,6 +3517,12 @@ module Aws::IoT
 
     # Deletes an authorizer.
     #
+    # Requires permission to access the [DeleteAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :authorizer_name
     #   The name of the authorizer to delete.
     #
@@ -3178,6 +3543,12 @@ module Aws::IoT
 
     # Deletes the billing group.
     #
+    # Requires permission to access the [DeleteBillingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :billing_group_name
     #   The name of the billing group.
     #
@@ -3205,6 +3576,12 @@ module Aws::IoT
 
     # Deletes a registered CA certificate.
     #
+    # Requires permission to access the [DeleteCACertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate to delete. (The last part of the certificate
     #   ARN contains the certificate ID.)
@@ -3228,9 +3605,15 @@ module Aws::IoT
     #
     # A certificate cannot be deleted if it has a policy or IoT thing
     # attached to it or if its status is set to ACTIVE. To delete a
-    # certificate, first use the DetachPrincipalPolicy API to detach all
-    # policies. Next, use the UpdateCertificate API to set the certificate
-    # to the INACTIVE status.
+    # certificate, first use the DetachPolicy action to detach all policies.
+    # Next, use the UpdateCertificate action to set the certificate to the
+    # INACTIVE status.
+    #
+    # Requires permission to access the [DeleteCertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
@@ -3256,19 +3639,22 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Deletes a Device Defender detect custom metric.
+    #
+    # Requires permission to access the [DeleteCustomMetric][1] action.
+    #
     # <note markdown="1"> Before you can delete a custom metric, you must first remove the
     # custom metric from all security profiles it's a part of. The security
     # profile associated with the custom metric can be found using the
-    # [ListSecurityProfiles][1] API with `metricName` set to your custom
+    # [ListSecurityProfiles][2] API with `metricName` set to your custom
     # metric name.
     #
     #  </note>
     #
-    # Deletes a Device Defender detect custom metric.
-    #
     #
     #
-    # [1]: https://docs.aws.amazon.com/iot/latest/apireference/API_ListSecurityProfiles.html
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/iot/latest/apireference/API_ListSecurityProfiles.html
     #
     # @option params [required, String] :metric_name
     #   The name of the custom metric.
@@ -3288,7 +3674,14 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Removes the specified dimension from your AWS account.
+    # Removes the specified dimension from your Amazon Web Services
+    # accounts.
+    #
+    # Requires permission to access the [DeleteDimension][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :name
     #   The unique identifier for the dimension that you want to delete.
@@ -3310,6 +3703,13 @@ module Aws::IoT
 
     # Deletes the specified domain configuration.
     #
+    # Requires permission to access the [DeleteDomainConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :domain_configuration_name
     #   The name of the domain configuration to be deleted.
     #
@@ -3330,6 +3730,12 @@ module Aws::IoT
 
     # Deletes a dynamic thing group.
     #
+    # Requires permission to access the [DeleteDynamicThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The name of the dynamic thing group to delete.
     #
@@ -3352,6 +3758,38 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Deletes the specified fleet metric. Returns successfully with no error
+    # if the deletion is successful or you specify a fleet metric that
+    # doesn't exist.
+    #
+    # Requires permission to access the [DeleteFleetMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [required, String] :metric_name
+    #   The name of the fleet metric to delete.
+    #
+    # @option params [Integer] :expected_version
+    #   The expected version of the fleet metric to delete.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_fleet_metric({
+    #     metric_name: "FleetMetricName", # required
+    #     expected_version: 1,
+    #   })
+    #
+    # @overload delete_fleet_metric(params = {})
+    # @param [Hash] params ({})
+    def delete_fleet_metric(params = {}, options = {})
+      req = build_request(:delete_fleet_metric, params)
+      req.send_request(options)
+    end
+
     # Deletes a job and its related job executions.
     #
     # Deleting a job may take time, depending on the number of job
@@ -3363,6 +3801,12 @@ module Aws::IoT
     # Only 10 jobs may have status "DELETION\_IN\_PROGRESS" at the same
     # time, or a LimitExceededException will occur.
     #
+    # Requires permission to access the [DeleteJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The ID of the job to be deleted.
     #
@@ -3387,9 +3831,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -3416,6 +3860,12 @@ module Aws::IoT
 
     # Deletes a job execution.
     #
+    # Requires permission to access the [DeleteJobExecution][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The ID of the job whose execution on a particular device will be
     #   deleted.
@@ -3447,9 +3897,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -3496,7 +3946,14 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Deletes a defined mitigation action from your AWS account.
+    # Deletes a defined mitigation action from your Amazon Web Services
+    # accounts.
+    #
+    # Requires permission to access the [DeleteMitigationAction][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :action_name
     #   The name of the mitigation action that you want to delete.
@@ -3518,6 +3975,12 @@ module Aws::IoT
 
     # Delete an OTA update.
     #
+    # Requires permission to access the [DeleteOTAUpdate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :ota_update_id
     #   The ID of the OTA update to delete.
     #
@@ -3527,7 +3990,7 @@ module Aws::IoT
     #   OTAUpdate is supplied by the user.
     #
     # @option params [Boolean] :force_delete_aws_job
-    #   When true, deletes the AWS job created by the OTAUpdate process even
+    #   When true, deletes the IoT job created by the OTAUpdate process even
     #   if it is "IN\_PROGRESS". Otherwise, if the job is not in a terminal
     #   state ("COMPLETED" or "CANCELED") an exception will occur. The
     #   default is false.
@@ -3554,14 +4017,26 @@ module Aws::IoT
     # A policy cannot be deleted if it has non-default versions or it is
     # attached to any certificate.
     #
-    # To delete a policy, use the DeletePolicyVersion API to delete all
-    # non-default versions of the policy; use the DetachPrincipalPolicy API
-    # to detach the policy from any certificate; and then use the
-    # DeletePolicy API to delete the policy.
+    # To delete a policy, use the DeletePolicyVersion action to delete all
+    # non-default versions of the policy; use the DetachPolicy action to
+    # detach the policy from any certificate; and then use the DeletePolicy
+    # action to delete the policy.
     #
     # When a policy is deleted using DeletePolicy, its default version is
     # deleted with it.
     #
+    # <note markdown="1"> Because of the distributed nature of Amazon Web Services, it can take
+    # up to five minutes after a policy is detached before it's ready to be
+    # deleted.
+    #
+    #  </note>
+    #
+    # Requires permission to access the [DeletePolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The name of the policy to delete.
     #
@@ -3581,11 +4056,17 @@ module Aws::IoT
     end
 
     # Deletes the specified version of the specified policy. You cannot
-    # delete the default version of a policy using this API. To delete the
-    # default version of a policy, use DeletePolicy. To find out which
+    # delete the default version of a policy using this action. To delete
+    # the default version of a policy, use DeletePolicy. To find out which
     # version of a policy is marked as the default version, use
     # ListPolicyVersions.
     #
+    # Requires permission to access the [DeletePolicyVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The name of the policy.
     #
@@ -3610,6 +4091,13 @@ module Aws::IoT
 
     # Deletes a fleet provisioning template.
     #
+    # Requires permission to access the [DeleteProvisioningTemplate][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provision template to delete.
     #
@@ -3630,6 +4118,13 @@ module Aws::IoT
 
     # Deletes a fleet provisioning template version.
     #
+    # Requires permission to access the
+    # [DeleteProvisioningTemplateVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template version to delete.
     #
@@ -3654,6 +4149,12 @@ module Aws::IoT
 
     # Deletes a CA certificate registration code.
     #
+    # Requires permission to access the [DeleteRegistrationCode][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @overload delete_registration_code(params = {})
@@ -3665,6 +4166,12 @@ module Aws::IoT
 
     # Deletes a role alias
     #
+    # Requires permission to access the [DeleteRoleAlias][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :role_alias
     #   The role alias to delete.
     #
@@ -3685,6 +4192,12 @@ module Aws::IoT
 
     # Deletes a scheduled audit.
     #
+    # Requires permission to access the [DeleteScheduledAudit][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :scheduled_audit_name
     #   The name of the scheduled audit you want to delete.
     #
@@ -3705,6 +4218,12 @@ module Aws::IoT
 
     # Deletes a Device Defender security profile.
     #
+    # Requires permission to access the [DeleteSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The name of the security profile to be deleted.
     #
@@ -3732,6 +4251,12 @@ module Aws::IoT
 
     # Deletes a stream.
     #
+    # Requires permission to access the [DeleteStream][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :stream_id
     #   The stream ID.
     #
@@ -3753,6 +4278,12 @@ module Aws::IoT
     # Deletes the specified thing. Returns successfully with no error if the
     # deletion is successful or you specify a thing that doesn't exist.
     #
+    # Requires permission to access the [DeleteThing][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The name of the thing to delete.
     #
@@ -3780,6 +4311,12 @@ module Aws::IoT
 
     # Deletes a thing group.
     #
+    # Requires permission to access the [DeleteThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The name of the thing group to delete.
     #
@@ -3809,6 +4346,12 @@ module Aws::IoT
     # any associated thing, and finally use DeleteThingType to delete the
     # thing type.
     #
+    # Requires permission to access the [DeleteThingType][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_type_name
     #   The name of the thing type.
     #
@@ -3829,6 +4372,12 @@ module Aws::IoT
 
     # Deletes the rule.
     #
+    # Requires permission to access the [DeleteTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the rule.
     #
@@ -3849,6 +4398,13 @@ module Aws::IoT
 
     # Deletes a topic rule destination.
     #
+    # Requires permission to access the [DeleteTopicRuleDestination][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :arn
     #   The ARN of the topic rule destination to delete.
     #
@@ -3869,6 +4425,12 @@ module Aws::IoT
 
     # Deletes a logging level.
     #
+    # Requires permission to access the [DeleteV2LoggingLevel][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :target_type
     #   The type of resource for which you are configuring logging. Must be
     #   `THING_Group`.
@@ -3895,6 +4457,12 @@ module Aws::IoT
     # Deprecates a thing type. You can not associate new things with
     # deprecated thing type.
     #
+    # Requires permission to access the [DeprecateThingType][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_type_name
     #   The name of the thing type to deprecate.
     #
@@ -3923,6 +4491,13 @@ module Aws::IoT
     # account. Settings include how audit notifications are sent and which
     # audit checks are enabled or disabled.
     #
+    # Requires permission to access the
+    # [DescribeAccountAuditConfiguration][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::DescribeAccountAuditConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DescribeAccountAuditConfigurationResponse#role_arn #role_arn} => String
@@ -3950,6 +4525,12 @@ module Aws::IoT
     # reason for noncompliance, the severity of the issue, and the start
     # time when the audit that returned the finding.
     #
+    # Requires permission to access the [DescribeAuditFinding][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :finding_id
     #   A unique identifier for a single audit finding. You can use this
     #   identifier to apply mitigation actions to the finding.
@@ -4136,6 +4717,12 @@ module Aws::IoT
 
     # Gets information about a Device Defender audit.
     #
+    # Requires permission to access the [DescribeAuditTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The ID of the audit whose information you want to get.
     #
@@ -4185,6 +4772,12 @@ module Aws::IoT
 
     # Describes an authorizer.
     #
+    # Requires permission to access the [DescribeAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :authorizer_name
     #   The name of the authorizer to describe.
     #
@@ -4220,6 +4813,12 @@ module Aws::IoT
 
     # Returns information about a billing group.
     #
+    # Requires permission to access the [DescribeBillingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :billing_group_name
     #   The name of the billing group.
     #
@@ -4256,6 +4855,12 @@ module Aws::IoT
 
     # Describes a registered CA certificate.
     #
+    # Requires permission to access the [DescribeCACertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The CA certificate identifier.
     #
@@ -4296,6 +4901,12 @@ module Aws::IoT
 
     # Gets information about the specified certificate.
     #
+    # Requires permission to access the [DescribeCertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
@@ -4341,6 +4952,12 @@ module Aws::IoT
 
     # Gets information about a Device Defender detect custom metric.
     #
+    # Requires permission to access the [DescribeCustomMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :metric_name
     #   The name of the custom metric.
     #
@@ -4377,6 +4994,13 @@ module Aws::IoT
 
     # Describes the default authorizer.
     #
+    # Requires permission to access the [DescribeDefaultAuthorizer][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::DescribeDefaultAuthorizerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DescribeDefaultAuthorizerResponse#authorizer_description #authorizer_description} => Types::AuthorizerDescription
@@ -4403,6 +5027,13 @@ module Aws::IoT
 
     # Gets information about a Device Defender ML Detect mitigation action.
     #
+    # Requires permission to access the
+    # [DescribeDetectMitigationActionsTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The unique identifier of the task.
     #
@@ -4454,8 +5085,14 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Provides details about a dimension that is defined in your AWS
-    # account.
+    # Provides details about a dimension that is defined in your Amazon Web
+    # Services accounts.
+    #
+    # Requires permission to access the [DescribeDimension][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :name
     #   The unique identifier for the dimension.
@@ -4494,6 +5131,13 @@ module Aws::IoT
 
     # Gets summary information about a domain configuration.
     #
+    # Requires permission to access the [DescribeDomainConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :domain_configuration_name
     #   The name of the domain configuration.
     #
@@ -4538,7 +5182,14 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Returns a unique endpoint specific to the AWS account making the call.
+    # Returns a unique endpoint specific to the Amazon Web Services account
+    # making the call.
+    #
+    # Requires permission to access the [DescribeEndpoint][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [String] :endpoint_type
     #   The endpoint type. Valid endpoint types include:
@@ -4553,13 +5204,13 @@ module Aws::IoT
     #   ^
     #   ^
     #
-    #   * `iot:CredentialProvider` - Returns an AWS IoT credentials provider
-    #     API endpoint.
+    #   * `iot:CredentialProvider` - Returns an IoT credentials provider API
+    #     endpoint.
     #
     #   ^
     #   ^
     #
-    #   * `iot:Jobs` - Returns an AWS IoT device management Jobs API endpoint.
+    #   * `iot:Jobs` - Returns an IoT device management Jobs API endpoint.
     #
     #   ^
     #
@@ -4590,6 +5241,13 @@ module Aws::IoT
 
     # Describes event configurations.
     #
+    # Requires permission to access the [DescribeEventConfigurations][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::DescribeEventConfigurationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DescribeEventConfigurationsResponse#event_configurations #event_configurations} => Hash&lt;String,Types::Configuration&gt;
@@ -4610,8 +5268,72 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Gets information about the specified fleet metric.
+    #
+    # Requires permission to access the [DescribeFleetMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [required, String] :metric_name
+    #   The name of the fleet metric to describe.
+    #
+    # @return [Types::DescribeFleetMetricResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeFleetMetricResponse#metric_name #metric_name} => String
+    #   * {Types::DescribeFleetMetricResponse#query_string #query_string} => String
+    #   * {Types::DescribeFleetMetricResponse#aggregation_type #aggregation_type} => Types::AggregationType
+    #   * {Types::DescribeFleetMetricResponse#period #period} => Integer
+    #   * {Types::DescribeFleetMetricResponse#aggregation_field #aggregation_field} => String
+    #   * {Types::DescribeFleetMetricResponse#description #description} => String
+    #   * {Types::DescribeFleetMetricResponse#query_version #query_version} => String
+    #   * {Types::DescribeFleetMetricResponse#index_name #index_name} => String
+    #   * {Types::DescribeFleetMetricResponse#creation_date #creation_date} => Time
+    #   * {Types::DescribeFleetMetricResponse#last_modified_date #last_modified_date} => Time
+    #   * {Types::DescribeFleetMetricResponse#unit #unit} => String
+    #   * {Types::DescribeFleetMetricResponse#version #version} => Integer
+    #   * {Types::DescribeFleetMetricResponse#metric_arn #metric_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_fleet_metric({
+    #     metric_name: "FleetMetricName", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.metric_name #=> String
+    #   resp.query_string #=> String
+    #   resp.aggregation_type.name #=> String, one of "Statistics", "Percentiles", "Cardinality"
+    #   resp.aggregation_type.values #=> Array
+    #   resp.aggregation_type.values[0] #=> String
+    #   resp.period #=> Integer
+    #   resp.aggregation_field #=> String
+    #   resp.description #=> String
+    #   resp.query_version #=> String
+    #   resp.index_name #=> String
+    #   resp.creation_date #=> Time
+    #   resp.last_modified_date #=> Time
+    #   resp.unit #=> String, one of "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None"
+    #   resp.version #=> Integer
+    #   resp.metric_arn #=> String
+    #
+    # @overload describe_fleet_metric(params = {})
+    # @param [Hash] params ({})
+    def describe_fleet_metric(params = {}, options = {})
+      req = build_request(:describe_fleet_metric, params)
+      req.send_request(options)
+    end
+
     # Describes a search index.
     #
+    # Requires permission to access the [DescribeIndex][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :index_name
     #   The index name.
     #
@@ -4642,6 +5364,12 @@ module Aws::IoT
 
     # Describes a job.
     #
+    # Requires permission to access the [DescribeJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The unique identifier you assigned to this job when it was created.
     #
@@ -4707,6 +5435,12 @@ module Aws::IoT
 
     # Describes a job execution.
     #
+    # Requires permission to access the [DescribeJobExecution][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The unique identifier you assigned to this job when it was created.
     #
@@ -4806,6 +5540,13 @@ module Aws::IoT
 
     # Gets information about a mitigation action.
     #
+    # Requires permission to access the [DescribeMitigationAction][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :action_name
     #   The friendly name that uniquely identifies the mitigation action.
     #
@@ -4854,6 +5595,13 @@ module Aws::IoT
 
     # Returns information about a fleet provisioning template.
     #
+    # Requires permission to access the [DescribeProvisioningTemplate][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template.
     #
@@ -4899,6 +5647,13 @@ module Aws::IoT
 
     # Returns information about a fleet provisioning template version.
     #
+    # Requires permission to access the
+    # [DescribeProvisioningTemplateVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The template name.
     #
@@ -4935,6 +5690,12 @@ module Aws::IoT
 
     # Describes a role alias.
     #
+    # Requires permission to access the [DescribeRoleAlias][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :role_alias
     #   The role alias to describe.
     #
@@ -4967,6 +5728,12 @@ module Aws::IoT
 
     # Gets information about a scheduled audit.
     #
+    # Requires permission to access the [DescribeScheduledAudit][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :scheduled_audit_name
     #   The name of the scheduled audit whose information you want to get.
     #
@@ -5004,6 +5771,12 @@ module Aws::IoT
 
     # Gets information about a Device Defender security profile.
     #
+    # Requires permission to access the [DescribeSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The name of the security profile whose information you want to get.
     #
@@ -5075,6 +5848,12 @@ module Aws::IoT
 
     # Gets information about a stream.
     #
+    # Requires permission to access the [DescribeStream][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :stream_id
     #   The stream ID.
     #
@@ -5112,6 +5891,12 @@ module Aws::IoT
 
     # Gets information about the specified thing.
     #
+    # Requires permission to access the [DescribeThing][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The name of the thing.
     #
@@ -5153,6 +5938,12 @@ module Aws::IoT
 
     # Describe a thing group.
     #
+    # Requires permission to access the [DescribeThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The name of the thing group.
     #
@@ -5204,6 +5995,13 @@ module Aws::IoT
 
     # Describes a bulk thing provisioning task.
     #
+    # Requires permission to access the [DescribeThingRegistrationTask][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The task ID.
     #
@@ -5252,6 +6050,12 @@ module Aws::IoT
 
     # Gets information about the specified thing type.
     #
+    # Requires permission to access the [DescribeThingType][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_type_name
     #   The name of the thing type.
     #
@@ -5290,6 +6094,18 @@ module Aws::IoT
 
     # Detaches a policy from the specified target.
     #
+    # <note markdown="1"> Because of the distributed nature of Amazon Web Services, it can take
+    # up to five minutes after a policy is detached before it's ready to be
+    # deleted.
+    #
+    #  </note>
+    #
+    # Requires permission to access the [DetachPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy to detach.
     #
@@ -5314,7 +6130,15 @@ module Aws::IoT
 
     # Removes the specified policy from the specified certificate.
     #
-    # **Note:** This API is deprecated. Please use DetachPolicy instead.
+    # <note markdown="1"> This action is deprecated. Please use DetachPolicy instead.
+    #
+    #  </note>
+    #
+    # Requires permission to access the [DetachPrincipalPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :policy_name
     #   The name of the policy to detach.
@@ -5347,6 +6171,12 @@ module Aws::IoT
     # Disassociates a Device Defender security profile from a thing group or
     # from this account.
     #
+    # Requires permission to access the [DetachSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The security profile that is detached.
     #
@@ -5379,6 +6209,12 @@ module Aws::IoT
     #
     #  </note>
     #
+    # Requires permission to access the [DetachThingPrincipal][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The name of the thing.
     #
@@ -5405,6 +6241,12 @@ module Aws::IoT
 
     # Disables the rule.
     #
+    # Requires permission to access the [DisableTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the rule to disable.
     #
@@ -5425,6 +6267,12 @@ module Aws::IoT
 
     # Enables the rule.
     #
+    # Requires permission to access the [EnableTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the topic rule to enable.
     #
@@ -5446,6 +6294,13 @@ module Aws::IoT
     # Returns a Device Defender's ML Detect Security Profile training
     # model's status.
     #
+    # Requires permission to access the
+    # [GetBehaviorModelTrainingSummaries][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :security_profile_name
     #   The name of the security profile.
     #
@@ -5489,13 +6344,77 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Aggregates on indexed data with search queries pertaining to
+    # particular fields.
+    #
+    # Requires permission to access the [GetBucketsAggregation][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [String] :index_name
+    #   The name of the index to search.
+    #
+    # @option params [required, String] :query_string
+    #   The search query string.
+    #
+    # @option params [required, String] :aggregation_field
+    #   The aggregation field.
+    #
+    # @option params [String] :query_version
+    #   The version of the query.
+    #
+    # @option params [required, Types::BucketsAggregationType] :buckets_aggregation_type
+    #   The basic control of the response shape and the bucket aggregation
+    #   type to perform.
+    #
+    # @return [Types::GetBucketsAggregationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetBucketsAggregationResponse#total_count #total_count} => Integer
+    #   * {Types::GetBucketsAggregationResponse#buckets #buckets} => Array&lt;Types::Bucket&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_buckets_aggregation({
+    #     index_name: "IndexName",
+    #     query_string: "QueryString", # required
+    #     aggregation_field: "AggregationField", # required
+    #     query_version: "QueryVersion",
+    #     buckets_aggregation_type: { # required
+    #       terms_aggregation: {
+    #         max_buckets: 1,
+    #       },
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.total_count #=> Integer
+    #   resp.buckets #=> Array
+    #   resp.buckets[0].key_value #=> String
+    #   resp.buckets[0].count #=> Integer
+    #
+    # @overload get_buckets_aggregation(params = {})
+    # @param [Hash] params ({})
+    def get_buckets_aggregation(params = {}, options = {})
+      req = build_request(:get_buckets_aggregation, params)
+      req.send_request(options)
+    end
+
     # Returns the approximate count of unique values that match the query.
     #
+    # Requires permission to access the [GetCardinality][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :index_name
     #   The name of the index to search.
     #
     # @option params [required, String] :query_string
-    #   The search query.
+    #   The search query string.
     #
     # @option params [String] :aggregation_field
     #   The field to aggregate.
@@ -5528,8 +6447,14 @@ module Aws::IoT
     end
 
     # Gets a list of the policies that have an effect on the authorization
-    # behavior of the specified device when it connects to the AWS IoT
-    # device gateway.
+    # behavior of the specified device when it connects to the IoT device
+    # gateway.
+    #
+    # Requires permission to access the [GetEffectivePolicies][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [String] :principal
     #   The principal. Valid principals are CertificateArn
@@ -5572,6 +6497,13 @@ module Aws::IoT
 
     # Gets the indexing configuration.
     #
+    # Requires permission to access the [GetIndexingConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::GetIndexingConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetIndexingConfigurationResponse#thing_indexing_configuration #thing_indexing_configuration} => Types::ThingIndexingConfiguration
@@ -5604,6 +6536,12 @@ module Aws::IoT
 
     # Gets a job document.
     #
+    # Requires permission to access the [GetJobDocument][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The unique identifier you assigned to this job when it was created.
     #
@@ -5633,6 +6571,12 @@ module Aws::IoT
     # NOTE: use of this command is not recommended. Use
     # `GetV2LoggingOptions` instead.
     #
+    # Requires permission to access the [GetLoggingOptions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::GetLoggingOptionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetLoggingOptionsResponse#role_arn #role_arn} => String
@@ -5652,6 +6596,12 @@ module Aws::IoT
 
     # Gets an OTA update.
     #
+    # Requires permission to access the [GetOTAUpdate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :ota_update_id
     #   The OTA update ID.
     #
@@ -5733,11 +6683,17 @@ module Aws::IoT
     # approximation, the more values that match the query, the more accurate
     # the percentile values.
     #
+    # Requires permission to access the [GetPercentiles][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :index_name
     #   The name of the index to search.
     #
     # @option params [required, String] :query_string
-    #   The query string.
+    #   The search query string.
     #
     # @option params [String] :aggregation_field
     #   The field to aggregate.
@@ -5778,6 +6734,12 @@ module Aws::IoT
     # Gets information about the specified policy with the policy document
     # of the default version.
     #
+    # Requires permission to access the [GetPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The name of the policy.
     #
@@ -5816,6 +6778,12 @@ module Aws::IoT
 
     # Gets information about the specified policy version.
     #
+    # Requires permission to access the [GetPolicyVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The name of the policy.
     #
@@ -5858,8 +6826,13 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Gets a registration code used to register a CA certificate with AWS
-    # IoT.
+    # Gets a registration code used to register a CA certificate with IoT.
+    #
+    # Requires permission to access the [GetRegistrationCode][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @return [Types::GetRegistrationCodeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -5881,12 +6854,19 @@ module Aws::IoT
     # If the aggregation field is of type `String`, only the count statistic
     # is returned.
     #
+    # Requires permission to access the [GetStatistics][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :index_name
     #   The name of the index to search. The default value is `AWS_Things`.
     #
     # @option params [required, String] :query_string
     #   The query used to search. You can specify "*" for the query string
-    #   to get the count of all indexed things in your AWS account.
+    #   to get the count of all indexed things in your Amazon Web Services
+    #   account.
     #
     # @option params [String] :aggregation_field
     #   The aggregation field name.
@@ -5927,6 +6907,12 @@ module Aws::IoT
 
     # Gets information about the rule.
     #
+    # Requires permission to access the [GetTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the rule.
     #
@@ -6159,6 +7145,12 @@ module Aws::IoT
 
     # Gets information about a topic rule destination.
     #
+    # Requires permission to access the [GetTopicRuleDestination][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :arn
     #   The ARN of the topic rule destination.
     #
@@ -6196,6 +7188,12 @@ module Aws::IoT
 
     # Gets the fine grained logging options.
     #
+    # Requires permission to access the [GetV2LoggingOptions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::GetV2LoggingOptionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetV2LoggingOptionsResponse#role_arn #role_arn} => String
@@ -6218,6 +7216,12 @@ module Aws::IoT
     # Lists the active violations for a given Device Defender security
     # profile.
     #
+    # Requires permission to access the [ListActiveViolations][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :thing_name
     #   The name of the thing whose active violations are listed.
     #
@@ -6306,6 +7310,12 @@ module Aws::IoT
 
     # Lists the policies attached to the specified thing group.
     #
+    # Requires permission to access the [ListAttachedPolicies][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :target
     #   The group or principal for which the policies will be listed. Valid
     #   principals are CertificateArn
@@ -6357,6 +7367,12 @@ module Aws::IoT
     # audits performed during a specified time period. (Findings are
     # retained for 90 days.)
     #
+    # Requires permission to access the [ListAuditFindings][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :task_id
     #   A filter to limit results to the audit with the specified ID. You must
     #   specify either the taskId or the startTime and endTime, but not both.
@@ -6471,6 +7487,13 @@ module Aws::IoT
 
     # Gets the status of audit mitigation action tasks that were executed.
     #
+    # Requires permission to access the
+    # [ListAuditMitigationActionsExecutions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   Specify this filter to limit results to actions for a specific audit
     #   mitigation actions task.
@@ -6530,6 +7553,13 @@ module Aws::IoT
     # Gets a list of audit mitigation action tasks that match the specified
     # filters.
     #
+    # Requires permission to access the [ListAuditMitigationActionsTasks][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :audit_task_id
     #   Specify this filter to limit results to tasks that were applied to
     #   results for a specific audit.
@@ -6593,6 +7623,12 @@ module Aws::IoT
 
     # Lists your Device Defender audit listings.
     #
+    # Requires permission to access the [ListAuditSuppressions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :check_name
     #   An audit check name. Checks must be enabled for your account. (Use
     #   `DescribeAccountAuditConfiguration` to see the list of all checks,
@@ -6671,6 +7707,12 @@ module Aws::IoT
     # Lists the Device Defender audits that have been performed during a
     # given time period.
     #
+    # Requires permission to access the [ListAuditTasks][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Time,DateTime,Date,Integer,String] :start_time
     #   The beginning of the time period. Audit information is retained for a
     #   limited time (90 days). Requesting a start time prior to what is
@@ -6730,6 +7772,12 @@ module Aws::IoT
 
     # Lists the authorizers registered in your account.
     #
+    # Requires permission to access the [ListAuthorizers][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :page_size
     #   The maximum number of results to return at one time.
     #
@@ -6774,6 +7822,12 @@ module Aws::IoT
 
     # Lists the billing groups you have created.
     #
+    # Requires permission to access the [ListBillingGroups][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -6814,11 +7868,18 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists the CA certificates registered for your AWS account.
+    # Lists the CA certificates registered for your Amazon Web Services
+    # account.
     #
     # The results are paginated with a default page size of 25. You can use
     # the returned marker to retrieve additional results.
     #
+    # Requires permission to access the [ListCACertificates][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :page_size
     #   The result page size.
     #
@@ -6859,11 +7920,17 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists the certificates registered in your AWS account.
+    # Lists the certificates registered in your Amazon Web Services account.
     #
     # The results are paginated with a default page size of 25. You can use
     # the returned marker to retrieve additional results.
     #
+    # Requires permission to access the [ListCertificates][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :page_size
     #   The result page size.
     #
@@ -6908,6 +7975,12 @@ module Aws::IoT
 
     # List the device certificates signed by the specified CA certificate.
     #
+    # Requires permission to access the [ListCertificatesByCA][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :ca_certificate_id
     #   The ID of the CA certificate. This operation will list all registered
     #   device certificate that were signed by this CA certificate.
@@ -6957,6 +8030,12 @@ module Aws::IoT
 
     # Lists your Device Defender detect custom metrics.
     #
+    # Requires permission to access the [ListCustomMetrics][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   The token for the next set of results.
     #
@@ -6994,6 +8073,13 @@ module Aws::IoT
     # Lists mitigation actions executions for a Device Defender ML Detect
     # Security Profile.
     #
+    # Requires permission to access the
+    # [ListDetectMitigationActionsExecutions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :task_id
     #   The unique identifier of the task.
     #
@@ -7061,6 +8147,13 @@ module Aws::IoT
 
     # List of Device Defender ML Detect mitigation actions tasks.
     #
+    # Requires permission to access the
+    # [ListDetectMitigationActionsTasks][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time. The default is
     #   25.
@@ -7133,7 +8226,14 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # List the set of dimensions that are defined for your AWS account.
+    # List the set of dimensions that are defined for your Amazon Web
+    # Services accounts.
+    #
+    # Requires permission to access the [ListDimensions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [String] :next_token
     #   The token for the next set of results.
@@ -7171,6 +8271,13 @@ module Aws::IoT
     # Gets a list of domain configurations for the user. This list is sorted
     # alphabetically by domain configuration name.
     #
+    # Requires permission to access the [ListDomainConfigurations][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :marker
     #   The marker for the next set of results.
     #
@@ -7210,8 +8317,58 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Lists all your fleet metrics.
+    #
+    # Requires permission to access the [ListFleetMetrics][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [String] :next_token
+    #   To retrieve the next set of results, the `nextToken` value from a
+    #   previous response; otherwise `null` to receive the first set of
+    #   results.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return in this operation.
+    #
+    # @return [Types::ListFleetMetricsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFleetMetricsResponse#fleet_metrics #fleet_metrics} => Array&lt;Types::FleetMetricNameAndArn&gt;
+    #   * {Types::ListFleetMetricsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_fleet_metrics({
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.fleet_metrics #=> Array
+    #   resp.fleet_metrics[0].metric_name #=> String
+    #   resp.fleet_metrics[0].metric_arn #=> String
+    #   resp.next_token #=> String
+    #
+    # @overload list_fleet_metrics(params = {})
+    # @param [Hash] params ({})
+    def list_fleet_metrics(params = {}, options = {})
+      req = build_request(:list_fleet_metrics, params)
+      req.send_request(options)
+    end
+
     # Lists the search indices.
     #
+    # Requires permission to access the [ListIndices][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   The token used to get the next set of results, or `null` if there are
     #   no additional results.
@@ -7248,6 +8405,12 @@ module Aws::IoT
 
     # Lists the job executions for a job.
     #
+    # Requires permission to access the [ListJobExecutionsForJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The unique identifier you assigned to this job when it was created.
     #
@@ -7296,6 +8459,13 @@ module Aws::IoT
 
     # Lists the job executions for the specified thing.
     #
+    # Requires permission to access the [ListJobExecutionsForThing][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The thing name.
     #
@@ -7306,9 +8476,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -7359,6 +8529,12 @@ module Aws::IoT
 
     # Returns a list of job templates.
     #
+    # Requires permission to access the [ListJobTemplates][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :max_results
     #   The maximum number of results to return in the list.
     #
@@ -7370,6 +8546,8 @@ module Aws::IoT
     #   * {Types::ListJobTemplatesResponse#job_templates #job_templates} => Array&lt;Types::JobTemplateSummary&gt;
     #   * {Types::ListJobTemplatesResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_job_templates({
@@ -7395,6 +8573,12 @@ module Aws::IoT
 
     # Lists jobs.
     #
+    # Requires permission to access the [ListJobs][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :status
     #   An optional filter that lets you search for jobs that have the
     #   specified status.
@@ -7424,9 +8608,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -7476,6 +8660,12 @@ module Aws::IoT
     # Gets a list of all mitigation actions that match the specified filter
     # criteria.
     #
+    # Requires permission to access the [ListMitigationActions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :action_type
     #   Specify a value to limit the result to mitigation actions with a
     #   specific action type.
@@ -7519,6 +8709,12 @@ module Aws::IoT
 
     # Lists OTA updates.
     #
+    # Requires permission to access the [ListOTAUpdates][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time.
     #
@@ -7560,6 +8756,13 @@ module Aws::IoT
 
     # Lists certificates that are being transferred but not yet accepted.
     #
+    # Requires permission to access the [ListOutgoingCertificates][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :page_size
     #   The result page size.
     #
@@ -7605,6 +8808,12 @@ module Aws::IoT
 
     # Lists your policies.
     #
+    # Requires permission to access the [ListPolicies][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :marker
     #   The marker for the next set of results.
     #
@@ -7646,9 +8855,15 @@ module Aws::IoT
 
     # Lists the principals associated with the specified policy.
     #
-    # **Note:** This API is deprecated. Please use ListTargetsForPolicy
+    # **Note:** This action is deprecated. Please use ListTargetsForPolicy
     # instead.
     #
+    # Requires permission to access the [ListPolicyPrincipals][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy name.
     #
@@ -7694,6 +8909,12 @@ module Aws::IoT
     # Lists the versions of the specified policy and identifies the default
     # version.
     #
+    # Requires permission to access the [ListPolicyVersions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy name.
     #
@@ -7725,12 +8946,15 @@ module Aws::IoT
     # Cognito identity, the ID must be in [AmazonCognito Identity
     # format][1].
     #
-    # **Note:** This API is deprecated. Please use ListAttachedPolicies
+    # **Note:** This action is deprecated. Please use ListAttachedPolicies
     # instead.
     #
+    # Requires permission to access the [ListPrincipalPolicies][2] action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html#API_GetCredentialsForIdentity_RequestSyntax
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :principal
     #   The principal. Valid principals are CertificateArn
@@ -7783,6 +9007,12 @@ module Aws::IoT
     # can be X.509 certificates, IAM users, groups, and roles, Amazon
     # Cognito identities or federated identities.
     #
+    # Requires permission to access the [ListPrincipalThings][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -7824,6 +9054,13 @@ module Aws::IoT
 
     # A list of fleet provisioning template versions.
     #
+    # Requires permission to access the
+    # [ListProvisioningTemplateVersions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template.
     #
@@ -7863,7 +9100,15 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists the fleet provisioning templates in your AWS account.
+    # Lists the fleet provisioning templates in your Amazon Web Services
+    # account.
+    #
+    # Requires permission to access the [ListProvisioningTemplates][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time.
@@ -7905,6 +9150,12 @@ module Aws::IoT
 
     # Lists the role aliases registered in your account.
     #
+    # Requires permission to access the [ListRoleAliases][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :page_size
     #   The maximum number of results to return at one time.
     #
@@ -7944,6 +9195,12 @@ module Aws::IoT
 
     # Lists all of your scheduled audits.
     #
+    # Requires permission to access the [ListScheduledAudits][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   The token for the next set of results.
     #
@@ -7985,10 +9242,16 @@ module Aws::IoT
     # Lists the Device Defender security profiles you've created. You can
     # filter security profiles by dimension or custom metric.
     #
+    # Requires permission to access the [ListSecurityProfiles][1] action.
+    #
     # <note markdown="1"> `dimensionName` and `metricName` cannot be used in the same request.
     #
     #  </note>
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   The token for the next set of results.
     #
@@ -8035,6 +9298,13 @@ module Aws::IoT
     # Lists the Device Defender security profiles attached to a target
     # (thing group).
     #
+    # Requires permission to access the [ListSecurityProfilesForTarget][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   The token for the next set of results.
     #
@@ -8079,7 +9349,13 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists all of the streams in your AWS account.
+    # Lists all of the streams in your Amazon Web Services account.
+    #
+    # Requires permission to access the [ListStreams][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at a time.
@@ -8123,6 +9399,12 @@ module Aws::IoT
 
     # Lists the tags (metadata) you have assigned to the resource.
     #
+    # Requires permission to access the [ListTagsForResource][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :resource_arn
     #   The ARN of the resource.
     #
@@ -8161,6 +9443,12 @@ module Aws::IoT
 
     # List targets for the specified policy.
     #
+    # Requires permission to access the [ListTargetsForPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy name.
     #
@@ -8201,6 +9489,13 @@ module Aws::IoT
     # Lists the targets (thing groups) associated with a given Device
     # Defender security profile.
     #
+    # Requires permission to access the [ListTargetsForSecurityProfile][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The security profile.
     #
@@ -8240,6 +9535,12 @@ module Aws::IoT
 
     # List the thing groups in your account.
     #
+    # Requires permission to access the [ListThingGroups][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -8292,6 +9593,12 @@ module Aws::IoT
 
     # List the thing groups to which the specified thing belongs.
     #
+    # Requires permission to access the [ListThingGroupsForThing][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The thing name.
     #
@@ -8336,6 +9643,12 @@ module Aws::IoT
     # can be X.509 certificates, IAM users, groups, and roles, Amazon
     # Cognito identities or federated identities.
     #
+    # Requires permission to access the [ListThingPrincipals][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -8424,6 +9737,13 @@ module Aws::IoT
 
     # List bulk thing provisioning tasks.
     #
+    # Requires permission to access the [ListThingRegistrationTasks][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -8465,6 +9785,12 @@ module Aws::IoT
 
     # Lists the existing thing types.
     #
+    # Requires permission to access the [ListThingTypes][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -8517,6 +9843,8 @@ module Aws::IoT
     # in the registry that contain an attribute **Color** with the value
     # **Red**.
     #
+    # Requires permission to access the [ListThings][1] action.
+    #
     # <note markdown="1"> You will not be charged for calling this API if an `Access denied`
     # error is returned. You will also not be charged if no attributes or
     # pagination token was provided in request and no pagination token and
@@ -8524,6 +9852,10 @@ module Aws::IoT
     #
     #  </note>
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -8587,6 +9919,13 @@ module Aws::IoT
 
     # Lists the things you have added to the given billing group.
     #
+    # Requires permission to access the [ListThingsInBillingGroup][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :billing_group_name
     #   The name of the billing group.
     #
@@ -8628,6 +9967,12 @@ module Aws::IoT
 
     # Lists the things in the specified group.
     #
+    # Requires permission to access the [ListThingsInThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The thing group name.
     #
@@ -8672,7 +10017,15 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists all the topic rule destinations in your AWS account.
+    # Lists all the topic rule destinations in your Amazon Web Services
+    # account.
+    #
+    # Requires permission to access the [ListTopicRuleDestinations][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time.
@@ -8722,6 +10075,12 @@ module Aws::IoT
 
     # Lists the rules for the specific topic.
     #
+    # Requires permission to access the [ListTopicRules][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :topic
     #   The topic.
     #
@@ -8771,6 +10130,12 @@ module Aws::IoT
 
     # Lists logging levels.
     #
+    # Requires permission to access the [ListV2LoggingLevels][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :target_type
     #   The type of resource for which you are configuring logging. Must be
     #   `THING_Group`.
@@ -8818,6 +10183,12 @@ module Aws::IoT
     # to those alerts issued for a particular security profile, behavior, or
     # thing (device).
     #
+    # Requires permission to access the [ListViolationEvents][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Time,DateTime,Date,Integer,String] :start_time
     #   The start time for the alerts to be listed.
     #
@@ -8913,14 +10284,20 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Registers a CA certificate with AWS IoT. This CA certificate can then
-    # be used to sign device certificates, which can be then registered with
-    # AWS IoT. You can register up to 10 CA certificates per AWS account
-    # that have the same subject field. This enables you to have up to 10
-    # certificate authorities sign your device certificates. If you have
-    # more than one CA certificate registered, make sure you pass the CA
-    # certificate when you register your device certificates with the
-    # RegisterCertificate API.
+    # Registers a CA certificate with IoT. This CA certificate can then be
+    # used to sign device certificates, which can be then registered with
+    # IoT. You can register up to 10 CA certificates per Amazon Web Services
+    # account that have the same subject field. This enables you to have up
+    # to 10 certificate authorities sign your device certificates. If you
+    # have more than one CA certificate registered, make sure you pass the
+    # CA certificate when you register your device certificates with the
+    # RegisterCertificate action.
+    #
+    # Requires permission to access the [RegisterCACertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :ca_certificate
     #   The CA certificate.
@@ -8988,11 +10365,17 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Registers a device certificate with AWS IoT. If you have more than one
-    # CA certificate that has the same subject field, you must specify the
-    # CA certificate that was used to sign the device certificate being
+    # Registers a device certificate with IoT. If you have more than one CA
+    # certificate that has the same subject field, you must specify the CA
+    # certificate that was used to sign the device certificate being
     # registered.
     #
+    # Requires permission to access the [RegisterCertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_pem
     #   The certificate data, in PEM format.
     #
@@ -9066,15 +10449,18 @@ module Aws::IoT
     end
 
     # Provisions a thing in the device registry. RegisterThing calls other
-    # AWS IoT control plane APIs. These calls might exceed your account
-    # level [ AWS IoT Throttling Limits][1] and cause throttle errors.
-    # Please contact [AWS Customer Support][2] to raise your throttling
+    # IoT control plane APIs. These calls might exceed your account level [
+    # IoT Throttling Limits][1] and cause throttle errors. Please contact
+    # [Amazon Web Services Customer Support][2] to raise your throttling
     # limits if necessary.
     #
+    # Requires permission to access the [RegisterThing][3] action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_iot
     # [2]: https://console.aws.amazon.com/support/home
+    # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :template_body
     #   The provisioning template. See [Provisioning Devices That Have Device
@@ -9119,7 +10505,7 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Rejects a pending certificate transfer. After AWS IoT rejects a
+    # Rejects a pending certificate transfer. After IoT rejects a
     # certificate transfer, the certificate status changes from
     # **PENDING\_TRANSFER** to **INACTIVE**.
     #
@@ -9130,6 +10516,13 @@ module Aws::IoT
     # it is called, the certificate will be returned to the source's
     # account in the INACTIVE state.
     #
+    # Requires permission to access the [RejectCertificateTransfer][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
@@ -9155,6 +10548,13 @@ module Aws::IoT
 
     # Removes the given thing from the billing group.
     #
+    # Requires permission to access the [RemoveThingFromBillingGroup][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :billing_group_name
     #   The name of the billing group.
     #
@@ -9191,6 +10591,13 @@ module Aws::IoT
     # identify the thing group and either a `thingArn` or a `thingName` to
     # identify the thing to remove from the thing group.
     #
+    # Requires permission to access the [RemoveThingFromThingGroup][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :thing_group_name
     #   The group name.
     #
@@ -9226,6 +10633,12 @@ module Aws::IoT
     # permission to create rules will be able to access data processed by
     # the rule.
     #
+    # Requires permission to access the [ReplaceTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the rule.
     #
@@ -9593,6 +11006,12 @@ module Aws::IoT
 
     # The query search index.
     #
+    # Requires permission to access the [SearchIndex][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :index_name
     #   The search index name.
     #
@@ -9639,6 +11058,7 @@ module Aws::IoT
     #   resp.things[0].shadow #=> String
     #   resp.things[0].connectivity.connected #=> Boolean
     #   resp.things[0].connectivity.timestamp #=> Integer
+    #   resp.things[0].connectivity.disconnect_reason #=> String
     #   resp.thing_groups #=> Array
     #   resp.thing_groups[0].thing_group_name #=> String
     #   resp.thing_groups[0].thing_group_id #=> String
@@ -9658,6 +11078,12 @@ module Aws::IoT
     # Sets the default authorizer. This will be used if a websocket
     # connection is made without specifying an authorizer.
     #
+    # Requires permission to access the [SetDefaultAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :authorizer_name
     #   The authorizer name.
     #
@@ -9687,7 +11113,13 @@ module Aws::IoT
     # Sets the specified version of the specified policy as the policy's
     # default (operative) version. This action affects all certificates to
     # which the policy is attached. To list the principals the policy is
-    # attached to, use the ListPrincipalPolicy API.
+    # attached to, use the ListPrincipalPolicies action.
+    #
+    # Requires permission to access the [SetDefaultPolicyVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :policy_name
     #   The policy name.
@@ -9716,6 +11148,12 @@ module Aws::IoT
     # NOTE: use of this command is not recommended. Use
     # `SetV2LoggingOptions` instead.
     #
+    # Requires permission to access the [SetLoggingOptions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Types::LoggingOptionsPayload] :logging_options_payload
     #   The logging options payload.
     #
@@ -9739,6 +11177,12 @@ module Aws::IoT
 
     # Sets the logging level.
     #
+    # Requires permission to access the [SetV2LoggingLevel][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Types::LogTarget] :log_target
     #   The log target.
     #
@@ -9766,6 +11210,12 @@ module Aws::IoT
 
     # Sets the logging options for the V2 logging service.
     #
+    # Requires permission to access the [SetV2LoggingOptions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :role_arn
     #   The ARN of the role that allows IoT to write to Cloudwatch logs.
     #
@@ -9795,6 +11245,13 @@ module Aws::IoT
     # Starts a task that applies a set of mitigation actions to the
     # specified target.
     #
+    # Requires permission to access the [StartAuditMitigationActionsTask][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   A unique identifier for the task. You can use this identifier to check
     #   the status of the task or to cancel it.
@@ -9806,7 +11263,7 @@ module Aws::IoT
     #
     # @option params [required, Hash<String,Array>] :audit_check_to_actions_mapping
     #   For an audit check, specifies which mitigation actions to apply. Those
-    #   actions must be defined in your AWS account.
+    #   actions must be defined in your Amazon Web Services accounts.
     #
     # @option params [required, String] :client_request_token
     #   Each audit mitigation task must have a unique client request token. If
@@ -9851,6 +11308,13 @@ module Aws::IoT
 
     # Starts a Device Defender ML Detect mitigation actions task.
     #
+    # Requires permission to access the
+    # [StartDetectMitigationActionsTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The unique identifier of the task.
     #
@@ -9873,8 +11337,8 @@ module Aws::IoT
     # @option params [required, String] :client_request_token
     #   Each mitigation action task must have a unique client request token.
     #   If you try to create a new task with the same token as a task that
-    #   already exists, an exception occurs. If you omit this value, AWS SDKs
-    #   will automatically generate a unique client request.
+    #   already exists, an exception occurs. If you omit this value, Amazon
+    #   Web Services SDKs will automatically generate a unique client request.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -9915,6 +11379,12 @@ module Aws::IoT
 
     # Starts an on-demand Device Defender audit.
     #
+    # Requires permission to access the [StartOnDemandAuditTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Array<String>] :target_check_names
     #   Which checks are performed during the audit. The checks you specify
     #   must be enabled for your account or an exception occurs. Use
@@ -9945,6 +11415,13 @@ module Aws::IoT
 
     # Creates a bulk thing provisioning task.
     #
+    # Requires permission to access the [StartThingRegistrationTask][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_body
     #   The provisioning template.
     #
@@ -9985,6 +11462,13 @@ module Aws::IoT
 
     # Cancels a bulk thing provisioning task.
     #
+    # Requires permission to access the [StopThingRegistrationTask][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The bulk thing provisioning task ID.
     #
@@ -10006,6 +11490,12 @@ module Aws::IoT
     # Adds to or modifies the tags of the given resource. Tags are metadata
     # which can be used to manage a resource.
     #
+    # Requires permission to access the [TagResource][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :resource_arn
     #   The ARN of the resource.
     #
@@ -10033,10 +11523,15 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Tests if a specified principal is authorized to perform an AWS IoT
-    # action on a specified resource. Use this to test and debug the
-    # authorization behavior of devices that connect to the AWS IoT device
-    # gateway.
+    # Tests if a specified principal is authorized to perform an IoT action
+    # on a specified resource. Use this to test and debug the authorization
+    # behavior of devices that connect to the IoT device gateway.
+    #
+    # Requires permission to access the [TestAuthorization][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [String] :principal
     #   The principal. Valid principals are CertificateArn
@@ -10111,7 +11606,13 @@ module Aws::IoT
 
     # Tests a custom authorization behavior by invoking a specified custom
     # authorizer. Use this to test and debug the custom authorization
-    # behavior of devices that connect to the AWS IoT device gateway.
+    # behavior of devices that connect to the IoT device gateway.
+    #
+    # Requires permission to access the [TestInvokeAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :authorizer_name
     #   The custom authorizer name.
@@ -10178,7 +11679,10 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Transfers the specified certificate to the specified AWS account.
+    # Transfers the specified certificate to the specified Amazon Web
+    # Services account.
+    #
+    # Requires permission to access the [TransferCertificate][1] action.
     #
     # You can cancel the transfer until it is acknowledged by the recipient.
     #
@@ -10186,17 +11690,21 @@ module Aws::IoT
     # up to the caller to notify the transfer target.
     #
     # The certificate being transferred must not be in the ACTIVE state. You
-    # can use the UpdateCertificate API to deactivate it.
+    # can use the UpdateCertificate action to deactivate it.
     #
     # The certificate must not have any policies attached to it. You can use
-    # the DetachPrincipalPolicy API to detach them.
+    # the DetachPolicy action to detach them.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
     #
     # @option params [required, String] :target_aws_account
-    #   The AWS account.
+    #   The Amazon Web Services account.
     #
     # @option params [String] :transfer_message
     #   The transfer message.
@@ -10226,6 +11734,12 @@ module Aws::IoT
 
     # Removes the given tags (metadata) from the resource.
     #
+    # Requires permission to access the [UntagResource][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :resource_arn
     #   The ARN of the resource.
     #
@@ -10252,10 +11766,17 @@ module Aws::IoT
     # account. Settings include how audit notifications are sent and which
     # audit checks are enabled or disabled.
     #
+    # Requires permission to access the [UpdateAccountAuditConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :role_arn
     #   The Amazon Resource Name (ARN) of the role that grants permission to
-    #   AWS IoT to access information about your devices, policies,
-    #   certificates, and other items as required when performing an audit.
+    #   IoT to access information about your devices, policies, certificates,
+    #   and other items as required when performing an audit.
     #
     # @option params [Hash<String,Types::AuditNotificationTarget>] :audit_notification_target_configurations
     #   Information about the targets to which audit notifications are sent.
@@ -10357,6 +11878,12 @@ module Aws::IoT
 
     # Updates an authorizer.
     #
+    # Requires permission to access the [UpdateAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :authorizer_name
     #   The authorizer name.
     #
@@ -10403,6 +11930,12 @@ module Aws::IoT
 
     # Updates information about the billing group.
     #
+    # Requires permission to access the [UpdateBillingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :billing_group_name
     #   The name of the billing group.
     #
@@ -10442,6 +11975,12 @@ module Aws::IoT
 
     # Updates a registered CA certificate.
     #
+    # Requires permission to access the [UpdateCACertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The CA certificate identifier.
     #
@@ -10486,14 +12025,20 @@ module Aws::IoT
     # Updates the status of the specified certificate. This operation is
     # idempotent.
     #
+    # Requires permission to access the [UpdateCertificate][1] action.
+    #
     # Certificates must be in the ACTIVE state to authenticate devices that
-    # use a certificate to connect to AWS IoT.
+    # use a certificate to connect to IoT.
     #
     # Within a few minutes of updating a certificate from the ACTIVE state
-    # to any other state, AWS IoT disconnects all devices that used that
+    # to any other state, IoT disconnects all devices that used that
     # certificate to connect. Devices cannot use a certificate that is not
     # in the ACTIVE state to reconnect.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
@@ -10504,7 +12049,7 @@ module Aws::IoT
     #   **Note:** Setting the status to PENDING\_TRANSFER or
     #   PENDING\_ACTIVATION will result in an exception being thrown.
     #   PENDING\_TRANSFER and PENDING\_ACTIVATION are statuses used internally
-    #   by AWS IoT. They are not intended for developer use.
+    #   by IoT. They are not intended for developer use.
     #
     #   **Note:** The status value REGISTER\_INACTIVE is deprecated and should
     #   not be used.
@@ -10527,6 +12072,12 @@ module Aws::IoT
 
     # Updates a Device Defender detect custom metric.
     #
+    # Requires permission to access the [UpdateCustomMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :metric_name
     #   The name of the custom metric. Cannot be updated.
     #
@@ -10570,6 +12121,12 @@ module Aws::IoT
     # Updates the definition for a dimension. You cannot change the type of
     # a dimension after it is created (you can delete it and recreate it).
     #
+    # Requires permission to access the [UpdateDimension][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :name
     #   A unique identifier for the dimension. Choose something that describes
     #   the type and value to make it easy to remember what it does.
@@ -10615,6 +12172,13 @@ module Aws::IoT
     # Updates values stored in the domain configuration. Domain
     # configurations for default endpoints can't be updated.
     #
+    # Requires permission to access the [UpdateDomainConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :domain_configuration_name
     #   The name of the domain configuration to be updated.
     #
@@ -10658,6 +12222,12 @@ module Aws::IoT
 
     # Updates a dynamic thing group.
     #
+    # Requires permission to access the [UpdateDynamicThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The name of the dynamic thing group to update.
     #
@@ -10670,7 +12240,7 @@ module Aws::IoT
     # @option params [String] :index_name
     #   The dynamic thing group index to update.
     #
-    #   <note markdown="1"> Currently one index is supported: 'AWS\_Things'.
+    #   <note markdown="1"> Currently one index is supported: `AWS_Things`.
     #
     #    </note>
     #
@@ -10721,6 +12291,13 @@ module Aws::IoT
 
     # Updates the event configurations.
     #
+    # Requires permission to access the [UpdateEventConfigurations][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Hash<String,Types::Configuration>] :event_configurations
     #   The new event configuration values.
     #
@@ -10743,8 +12320,86 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Updates the data for a fleet metric.
+    #
+    # Requires permission to access the [UpdateFleetMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [required, String] :metric_name
+    #   The name of the fleet metric to update.
+    #
+    # @option params [String] :query_string
+    #   The search query string.
+    #
+    # @option params [Types::AggregationType] :aggregation_type
+    #   The type of the aggregation query.
+    #
+    # @option params [Integer] :period
+    #   The time in seconds between fleet metric emissions. Range \[60(1 min),
+    #   86400(1 day)\] and must be multiple of 60.
+    #
+    # @option params [String] :aggregation_field
+    #   The field to aggregate.
+    #
+    # @option params [String] :description
+    #   The description of the fleet metric.
+    #
+    # @option params [String] :query_version
+    #   The version of the query.
+    #
+    # @option params [required, String] :index_name
+    #   The name of the index to search.
+    #
+    # @option params [String] :unit
+    #   Used to support unit transformation such as milliseconds to seconds.
+    #   The unit must be supported by [CW metric][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/https:/docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html
+    #
+    # @option params [Integer] :expected_version
+    #   The expected version of the fleet metric record in the registry.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_fleet_metric({
+    #     metric_name: "FleetMetricName", # required
+    #     query_string: "QueryString",
+    #     aggregation_type: {
+    #       name: "Statistics", # required, accepts Statistics, Percentiles, Cardinality
+    #       values: ["AggregationTypeValue"],
+    #     },
+    #     period: 1,
+    #     aggregation_field: "AggregationField",
+    #     description: "FleetMetricDescription",
+    #     query_version: "QueryVersion",
+    #     index_name: "IndexName", # required
+    #     unit: "Seconds", # accepts Seconds, Microseconds, Milliseconds, Bytes, Kilobytes, Megabytes, Gigabytes, Terabytes, Bits, Kilobits, Megabits, Gigabits, Terabits, Percent, Count, Bytes/Second, Kilobytes/Second, Megabytes/Second, Gigabytes/Second, Terabytes/Second, Bits/Second, Kilobits/Second, Megabits/Second, Gigabits/Second, Terabits/Second, Count/Second, None
+    #     expected_version: 1,
+    #   })
+    #
+    # @overload update_fleet_metric(params = {})
+    # @param [Hash] params ({})
+    def update_fleet_metric(params = {}, options = {})
+      req = build_request(:update_fleet_metric, params)
+      req.send_request(options)
+    end
+
     # Updates the search configuration.
     #
+    # Requires permission to access the [UpdateIndexingConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Types::ThingIndexingConfiguration] :thing_indexing_configuration
     #   Thing indexing configuration.
     #
@@ -10798,6 +12453,12 @@ module Aws::IoT
 
     # Updates supported fields of the specified job.
     #
+    # Requires permission to access the [UpdateJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The ID of the job to be updated.
     #
@@ -10823,9 +12484,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -10880,6 +12541,12 @@ module Aws::IoT
 
     # Updates the definition for the specified mitigation action.
     #
+    # Requires permission to access the [UpdateMitigationAction][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :action_name
     #   The friendly name for the mitigation action. You cannot change the
     #   name by using `UpdateMitigationAction`. Instead, you must delete and
@@ -10939,6 +12606,13 @@ module Aws::IoT
 
     # Updates a fleet provisioning template.
     #
+    # Requires permission to access the [UpdateProvisioningTemplate][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template.
     #
@@ -10987,6 +12661,12 @@ module Aws::IoT
 
     # Updates a role alias.
     #
+    # Requires permission to access the [UpdateRoleAlias][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :role_alias
     #   The role alias to update.
     #
@@ -11024,6 +12704,12 @@ module Aws::IoT
     # Updates a scheduled audit, including which checks are performed and
     # how often the audit takes place.
     #
+    # Requires permission to access the [UpdateScheduledAudit][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :frequency
     #   How often the scheduled audit takes place, either `DAILY`, `WEEKLY`,
     #   `BIWEEKLY`, or `MONTHLY`. The start time of each audit is determined
@@ -11078,6 +12764,12 @@ module Aws::IoT
 
     # Updates a Device Defender security profile.
     #
+    # Requires permission to access the [UpdateSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The name of the security profile you want to update.
     #
@@ -11248,6 +12940,12 @@ module Aws::IoT
     # Updates an existing stream. The stream version will be incremented by
     # one.
     #
+    # Requires permission to access the [UpdateStream][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :stream_id
     #   The stream ID.
     #
@@ -11302,6 +13000,12 @@ module Aws::IoT
 
     # Updates the data for a thing.
     #
+    # Requires permission to access the [UpdateThing][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The name of the thing to update.
     #
@@ -11356,6 +13060,12 @@ module Aws::IoT
 
     # Update a thing group.
     #
+    # Requires permission to access the [UpdateThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The thing group to update.
     #
@@ -11399,6 +13109,13 @@ module Aws::IoT
 
     # Updates the groups to which the thing belongs.
     #
+    # Requires permission to access the [UpdateThingGroupsForThing][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :thing_name
     #   The thing whose group memberships will be updated.
     #
@@ -11435,6 +13152,13 @@ module Aws::IoT
     # Updates a topic rule destination. You use this to change the status,
     # endpoint URL, or confirmation URL of the destination.
     #
+    # Requires permission to access the [UpdateTopicRuleDestination][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :arn
     #   The ARN of the topic rule destination.
     #
@@ -11488,6 +13212,13 @@ module Aws::IoT
 
     # Validates a Device Defender security profile behaviors specification.
     #
+    # Requires permission to access the
+    # [ValidateSecurityProfileBehaviors][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Array<Types::Behavior>] :behaviors
     #   Specifies the behaviors that, when violated by a device (thing), cause
     #   an alert.
@@ -11559,7 +13290,7 @@ module Aws::IoT
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iot'
-      context[:gem_version] = '1.70.0'
+      context[:gem_version] = '1.74.0'
       Seahorse::Client::Request.new(handlers, context)
     end