aws-sdk-iot 1.71.0 → 1.75.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3499140aaa7538f1ae2835ce9a35933c6247ce9978176da53023ece3a9a5a4b9
-  data.tar.gz: '09595bd54dd3e8e7ad5ce861e090c1cbe621ae3c678a358fbb434896a6d3c444'
+  metadata.gz: 777563bcee47aa617cefbd8f7453e813f6ca0b35f2a77e7854e27456a7a377dc
+  data.tar.gz: 363748251c5a7b07da78a6e78a2efee5a2a194b94e60fa16475c903320a8b412
 SHA512:
-  metadata.gz: f0e2ee701978b616d5d71a948d5f7a00dba88629c1776f5d2af97423e46a124aa3ec822b208cfe6f71dbc05635e3f64bce7e924b1579b9f76973150a46de99ea
-  data.tar.gz: 80d48fd0307b04353690e1de1ca5f2fdb6f9dfd323b7c14b76d68becaae34102a69a8f320e9e3310f853e98026b839a68b2b414ee1c7aadc813e2a5ba22da29f
+  metadata.gz: 63d8281c51e6f14b7a62615c038140ecf219a50937b5b4cc9739861f714d99584b38be7a40563b52a29492a9cbd3f295f7615b6ef0660d9559acd0a14f34a00b
+  data.tar.gz: 7126c9ad606ac911cc0ad2f0ba8edb43800f1c39aa3860ad434978c632786fe2940c9b4fa3ea0d3c312ee59ff7eff9789a0a73bb1abc1c10f50fe07bba211061

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.75.0 (2021-09-13)
+------------------
+
+* Feature - AWS IoT Rules Engine adds OpenSearch action. The OpenSearch rule action lets you stream data from IoT sensors and applications to Amazon OpenSearch Service which is a successor to Amazon Elasticsearch Service.
+
+1.74.0 (2021-09-01)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.73.0 (2021-08-31)
+------------------
+
+* Feature - Added Create/Update/Delete/Describe/List APIs for a new IoT resource named FleetMetric. Added a new Fleet Indexing query API named GetBucketsAggregation. Added a new field named DisconnectedReason in Fleet Indexing query response. Updated their related documentations.
+
+1.72.0 (2021-07-30)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.71.0 (2021-07-29)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.71.0
+1.75.0

data/lib/aws-sdk-iot/client.rb

@@ -333,6 +333,13 @@ module Aws::IoT
     # To check for pending certificate transfers, call ListCertificates to
     # enumerate your certificates.
     #
+    # Requires permission to access the [AcceptCertificateTransfer][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
@@ -358,6 +365,12 @@ module Aws::IoT
 
     # Adds a thing to a billing group.
     #
+    # Requires permission to access the [AddThingToBillingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :billing_group_name
     #   The name of the billing group.
     #
@@ -390,6 +403,12 @@ module Aws::IoT
 
     # Adds a thing to a thing group.
     #
+    # Requires permission to access the [AddThingToThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :thing_group_name
     #   The name of the group to which you are adding a thing.
     #
@@ -438,6 +457,12 @@ module Aws::IoT
     # * The total number of targets associated with a job must not exceed
     #   100.
     #
+    # Requires permission to access the [AssociateTargetsWithJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Array<String>] :targets
     #   A list of thing group ARNs that define the targets of the job.
     #
@@ -451,9 +476,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -492,6 +517,12 @@ module Aws::IoT
     # Attaches the specified policy to the specified principal (certificate
     # or other credential).
     #
+    # Requires permission to access the [AttachPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The name of the policy to attach.
     #
@@ -522,7 +553,13 @@ module Aws::IoT
     # Attaches the specified policy to the specified principal (certificate
     # or other credential).
     #
-    # **Note:** This API is deprecated. Please use AttachPolicy instead.
+    # **Note:** This action is deprecated. Please use AttachPolicy instead.
+    #
+    # Requires permission to access the [AttachPrincipalPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :policy_name
     #   The policy name.
@@ -551,6 +588,12 @@ module Aws::IoT
     # this account. Each thing group or account can have up to five security
     # profiles associated with it.
     #
+    # Requires permission to access the [AttachSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The security profile that is attached.
     #
@@ -578,6 +621,12 @@ module Aws::IoT
     # can be X.509 certificates, IAM users, groups, and roles, Amazon
     # Cognito identities or federated identities.
     #
+    # Requires permission to access the [AttachThingPrincipal][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The name of the thing.
     #
@@ -604,6 +653,13 @@ module Aws::IoT
     # Cancels a mitigation action task that is in progress. If the task is
     # not in progress, an InvalidRequestException occurs.
     #
+    # Requires permission to access the
+    # [CancelAuditMitigationActionsTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The unique identifier for the task that you want to cancel.
     #
@@ -626,6 +682,12 @@ module Aws::IoT
     # scheduled or on demand. If the audit isn't in progress, an
     # "InvalidRequestException" occurs.
     #
+    # Requires permission to access the [CancelAuditTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The ID of the audit you want to cancel. You can only cancel an audit
     #   that is "IN\_PROGRESS".
@@ -649,14 +711,21 @@ module Aws::IoT
     #
     # **Note** Only the transfer source account can use this operation to
     # cancel a transfer. (Transfer destinations can use
-    # RejectCertificateTransfer instead.) After transfer, AWS IoT returns
-    # the certificate to the source account in the INACTIVE state. After the
+    # RejectCertificateTransfer instead.) After transfer, IoT returns the
+    # certificate to the source account in the INACTIVE state. After the
     # destination account has accepted the transfer, the transfer cannot be
     # cancelled.
     #
     # After a certificate transfer is cancelled, the status of the
     # certificate changes from PENDING\_TRANSFER to INACTIVE.
     #
+    # Requires permission to access the [CancelCertificateTransfer][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
@@ -678,6 +747,13 @@ module Aws::IoT
 
     # Cancels a Device Defender ML Detect mitigation action.
     #
+    # Requires permission to access the
+    # [CancelDetectMitigationActionsTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The unique identifier of the task.
     #
@@ -698,6 +774,12 @@ module Aws::IoT
 
     # Cancels a job.
     #
+    # Requires permission to access the [CancelJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The unique identifier you assigned to this job when it was created.
     #
@@ -747,6 +829,12 @@ module Aws::IoT
 
     # Cancels the execution of a job for a given thing.
     #
+    # Requires permission to access the [CancelJobExecution][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The ID of the job to be canceled.
     #
@@ -802,6 +890,12 @@ module Aws::IoT
 
     # Clears the default authorizer.
     #
+    # Requires permission to access the [ClearDefaultAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @overload clear_default_authorizer(params = {})
@@ -812,10 +906,17 @@ module Aws::IoT
     end
 
     # Confirms a topic rule destination. When you create a rule requiring a
-    # destination, AWS IoT sends a confirmation message to the endpoint or
-    # base address you specify. The message includes a token which you pass
-    # back when calling `ConfirmTopicRuleDestination` to confirm that you
-    # own or have access to the endpoint.
+    # destination, IoT sends a confirmation message to the endpoint or base
+    # address you specify. The message includes a token which you pass back
+    # when calling `ConfirmTopicRuleDestination` to confirm that you own or
+    # have access to the endpoint.
+    #
+    # Requires permission to access the [ConfirmTopicRuleDestination][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :confirmation_token
     #   The token used to confirm ownership or access to the topic rule
@@ -838,6 +939,12 @@ module Aws::IoT
 
     # Creates a Device Defender audit suppression.
     #
+    # Requires permission to access the [CreateAuditSuppression][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :check_name
     #   An audit check name. Checks must be enabled for your account. (Use
     #   `DescribeAccountAuditConfiguration` to see the list of all checks,
@@ -896,6 +1003,12 @@ module Aws::IoT
 
     # Creates an authorizer.
     #
+    # Requires permission to access the [CreateAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :authorizer_name
     #   The authorizer name.
     #
@@ -928,7 +1041,7 @@ module Aws::IoT
     #    </note>
     #
     # @option params [Boolean] :signing_disabled
-    #   Specifies whether AWS IoT validates the token signature in an
+    #   Specifies whether IoT validates the token signature in an
     #   authorization request.
     #
     # @return [Types::CreateAuthorizerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -969,6 +1082,12 @@ module Aws::IoT
 
     # Creates a billing group.
     #
+    # Requires permission to access the [CreateBillingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :billing_group_name
     #   The name you wish to give to the billing group.
     #
@@ -1022,6 +1141,9 @@ module Aws::IoT
     # **Note:** Reusing the same certificate signing request (CSR) results
     # in a distinct certificate.
     #
+    # Requires permission to access the [CreateCertificateFromCsr][1]
+    # action.
+    #
     # You can create multiple certificates in a batch by creating a
     # directory, copying multiple .csr files into that directory, and then
     # specifying that directory on the command line. The following commands
@@ -1037,8 +1159,9 @@ module Aws::IoT
     # file://my-csr-directory/\\\{\\}
     #
     # This command lists all of the CSRs in my-csr-directory and pipes each
-    # CSR file name to the aws iot create-certificate-from-csr AWS CLI
-    # command to create a certificate for the corresponding CSR.
+    # CSR file name to the aws iot create-certificate-from-csr Amazon Web
+    # Services CLI command to create a certificate for the corresponding
+    # CSR.
     #
     # The aws iot create-certificate-from-csr part of the command can also
     # be run in parallel to speed up the certificate creation process:
@@ -1061,6 +1184,10 @@ module Aws::IoT
     # create-certificate-from-csr --certificate-signing-request
     # file://@path"
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_signing_request
     #   The certificate signing request (CSR).
     #
@@ -1096,6 +1223,12 @@ module Aws::IoT
     # Use this API to define a Custom Metric published by your devices to
     # Device Defender.
     #
+    # Requires permission to access the [CreateCustomMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :metric_name
     #   The name of the custom metric. This will be used in the metric report
     #   submitted from the device/thing. Shouldn't begin with `aws:`. Cannot
@@ -1116,8 +1249,8 @@ module Aws::IoT
     # @option params [required, String] :client_request_token
     #   Each custom metric must have a unique client request token. If you try
     #   to create a new custom metric that already exists with a different
-    #   token, an exception occurs. If you omit this value, AWS SDKs will
-    #   automatically generate a unique client request.
+    #   token, an exception occurs. If you omit this value, Amazon Web
+    #   Services SDKs will automatically generate a unique client request.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -1155,11 +1288,17 @@ module Aws::IoT
     end
 
     # Create a dimension that you can use to limit the scope of a metric
-    # used in a security profile for AWS IoT Device Defender. For example,
-    # using a `TOPIC_FILTER` dimension, you can narrow down the scope of the
+    # used in a security profile for IoT Device Defender. For example, using
+    # a `TOPIC_FILTER` dimension, you can narrow down the scope of the
     # metric only to MQTT topics whose name match the pattern specified in
     # the dimension.
     #
+    # Requires permission to access the [CreateDimension][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :name
     #   A unique identifier for the dimension. Choose something that describes
     #   the type and value to make it easy to remember what it does.
@@ -1178,8 +1317,8 @@ module Aws::IoT
     # @option params [required, String] :client_request_token
     #   Each dimension must have a unique client request token. If you try to
     #   create a new dimension with the same token as a dimension that already
-    #   exists, an exception occurs. If you omit this value, AWS SDKs will
-    #   automatically generate a unique client request.
+    #   exists, an exception occurs. If you omit this value, Amazon Web
+    #   Services SDKs will automatically generate a unique client request.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -1218,6 +1357,13 @@ module Aws::IoT
 
     # Creates a domain configuration.
     #
+    # Requires permission to access the [CreateDomainConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :domain_configuration_name
     #   The name of the domain configuration. This value must be unique to a
     #   region.
@@ -1226,15 +1372,15 @@ module Aws::IoT
     #   The name of the domain.
     #
     # @option params [Array<String>] :server_certificate_arns
-    #   The ARNs of the certificates that AWS IoT passes to the device during
-    #   the TLS handshake. Currently you can specify only one certificate ARN.
-    #   This value is not required for AWS-managed domains.
+    #   The ARNs of the certificates that IoT passes to the device during the
+    #   TLS handshake. Currently you can specify only one certificate ARN.
+    #   This value is not required for Amazon Web Services-managed domains.
     #
     # @option params [String] :validation_certificate_arn
     #   The certificate used to validate the server certificate and prove
     #   domain name ownership. This certificate must be signed by a public
-    #   certificate authority. This value is not required for AWS-managed
-    #   domains.
+    #   certificate authority. This value is not required for Amazon Web
+    #   Services-managed domains.
     #
     # @option params [Types::AuthorizerConfig] :authorizer_config
     #   An object that specifies the authorization service for a domain.
@@ -1242,7 +1388,8 @@ module Aws::IoT
     # @option params [String] :service_type
     #   The type of service delivered by the endpoint.
     #
-    #   <note markdown="1"> AWS IoT Core currently supports only the `DATA` service type.
+    #   <note markdown="1"> Amazon Web Services IoT Core currently supports only the `DATA`
+    #   service type.
     #
     #    </note>
     #
@@ -1299,6 +1446,12 @@ module Aws::IoT
 
     # Creates a dynamic thing group.
     #
+    # Requires permission to access the [CreateDynamicThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The dynamic thing group name to create.
     #
@@ -1308,7 +1461,7 @@ module Aws::IoT
     # @option params [String] :index_name
     #   The dynamic thing group index name.
     #
-    #   <note markdown="1"> Currently one index is supported: "AWS\_Things".
+    #   <note markdown="1"> Currently one index is supported: `AWS_Things`.
     #
     #    </note>
     #
@@ -1381,12 +1534,102 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Creates a fleet metric.
+    #
+    # Requires permission to access the [CreateFleetMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [required, String] :metric_name
+    #   The name of the fleet metric to create.
+    #
+    # @option params [required, String] :query_string
+    #   The search query string.
+    #
+    # @option params [required, Types::AggregationType] :aggregation_type
+    #   The type of the aggregation query.
+    #
+    # @option params [required, Integer] :period
+    #   The time in seconds between fleet metric emissions. Range \[60(1 min),
+    #   86400(1 day)\] and must be multiple of 60.
+    #
+    # @option params [required, String] :aggregation_field
+    #   The field to aggregate.
+    #
+    # @option params [String] :description
+    #   The fleet metric description.
+    #
+    # @option params [String] :query_version
+    #   The query version.
+    #
+    # @option params [String] :index_name
+    #   The name of the index to search.
+    #
+    # @option params [String] :unit
+    #   Used to support unit transformation such as milliseconds to seconds.
+    #   The unit must be supported by [CW metric][1]. Default to null.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/https:/docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   Metadata, which can be used to manage the fleet metric.
+    #
+    # @return [Types::CreateFleetMetricResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateFleetMetricResponse#metric_name #metric_name} => String
+    #   * {Types::CreateFleetMetricResponse#metric_arn #metric_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_fleet_metric({
+    #     metric_name: "FleetMetricName", # required
+    #     query_string: "QueryString", # required
+    #     aggregation_type: { # required
+    #       name: "Statistics", # required, accepts Statistics, Percentiles, Cardinality
+    #       values: ["AggregationTypeValue"],
+    #     },
+    #     period: 1, # required
+    #     aggregation_field: "AggregationField", # required
+    #     description: "FleetMetricDescription",
+    #     query_version: "QueryVersion",
+    #     index_name: "IndexName",
+    #     unit: "Seconds", # accepts Seconds, Microseconds, Milliseconds, Bytes, Kilobytes, Megabytes, Gigabytes, Terabytes, Bits, Kilobits, Megabits, Gigabits, Terabits, Percent, Count, Bytes/Second, Kilobytes/Second, Megabytes/Second, Gigabytes/Second, Terabytes/Second, Bits/Second, Kilobits/Second, Megabits/Second, Gigabits/Second, Terabits/Second, Count/Second, None
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue",
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.metric_name #=> String
+    #   resp.metric_arn #=> String
+    #
+    # @overload create_fleet_metric(params = {})
+    # @param [Hash] params ({})
+    def create_fleet_metric(params = {}, options = {})
+      req = build_request(:create_fleet_metric, params)
+      req.send_request(options)
+    end
+
     # Creates a job.
     #
+    # Requires permission to access the [CreateJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
-    #   A job identifier which must be unique for your AWS account. We
-    #   recommend using a UUID. Alpha-numeric characters, "-" and "\_" are
-    #   valid for use here.
+    #   A job identifier which must be unique for your Amazon Web Services
+    #   account. We recommend using a UUID. Alpha-numeric characters, "-"
+    #   and "\_" are valid for use here.
     #
     # @option params [required, Array<String>] :targets
     #   A list of things and thing groups to which the job should be sent.
@@ -1444,9 +1687,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -1525,6 +1768,12 @@ module Aws::IoT
 
     # Creates a job template.
     #
+    # Requires permission to access the [CreateJobTemplate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_template_id
     #   A unique identifier for the job template. We recommend using a UUID.
     #   Alpha-numeric characters, "-", and "\_" are valid for use here.
@@ -1640,12 +1889,16 @@ module Aws::IoT
     # over MQTT from a device, for more information, see [Provisioning MQTT
     # API][1].
     #
-    # **Note** This is the only time AWS IoT issues the private key for this
+    # **Note** This is the only time IoT issues the private key for this
     # certificate, so it is important to keep it in a secure location.
     #
+    # Requires permission to access the [CreateKeysAndCertificate][2]
+    # action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html#provision-mqtt-api
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [Boolean] :set_as_active
     #   Specifies whether the certificate is active.
@@ -1684,9 +1937,12 @@ module Aws::IoT
     # see [Mitigation actions][1]. Each mitigation action can apply only one
     # type of change.
     #
+    # Requires permission to access the [CreateMitigationAction][2] action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-mitigation-actions.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :action_name
     #   A friendly name for the action. Choose a friendly name that accurately
@@ -1753,7 +2009,13 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Creates an AWS IoT OTAUpdate on a target group of things or groups.
+    # Creates an IoT OTA update on a target group of things or groups.
+    #
+    # Requires permission to access the [CreateOTAUpdate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :ota_update_id
     #   The ID of the OTA update to be created.
@@ -1798,8 +2060,9 @@ module Aws::IoT
     #   The files to be streamed by the OTA update.
     #
     # @option params [required, String] :role_arn
-    #   The IAM role that grants AWS IoT access to the Amazon S3, AWS IoT jobs
-    #   and AWS Code Signing resources to create an OTA update job.
+    #   The IAM role that grants Amazon Web Services IoT Core access to the
+    #   Amazon S3, IoT jobs and Amazon Web Services Code Signing resources to
+    #   create an OTA update job.
     #
     # @option params [Hash<String,String>] :additional_parameters
     #   A list of additional OTA update parameters which are name-value pairs.
@@ -1926,12 +2189,18 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Creates an AWS IoT policy.
+    # Creates an IoT policy.
     #
     # The created policy is the default version for the policy. This
     # operation creates a policy version with a version identifier of **1**
     # and sets **1** as the policy's default version.
     #
+    # Requires permission to access the [CreatePolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy name.
     #
@@ -1988,9 +2257,9 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Creates a new version of the specified AWS IoT policy. To update a
-    # policy, create a new policy version. A managed policy can have up to
-    # five versions. If the policy has five versions, you must use
+    # Creates a new version of the specified IoT policy. To update a policy,
+    # create a new policy version. A managed policy can have up to five
+    # versions. If the policy has five versions, you must use
     # DeletePolicyVersion to delete an existing version before you create a
     # new one.
     #
@@ -1999,6 +2268,12 @@ module Aws::IoT
     # version that is in effect for the certificates to which the policy is
     # attached).
     #
+    # Requires permission to access the [CreatePolicyVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy name.
     #
@@ -2043,6 +2318,12 @@ module Aws::IoT
 
     # Creates a provisioning claim.
     #
+    # Requires permission to access the [CreateProvisioningClaim][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the provisioning template to use.
     #
@@ -2076,6 +2357,13 @@ module Aws::IoT
 
     # Creates a fleet provisioning template.
     #
+    # Requires permission to access the [CreateProvisioningTemplate][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template.
     #
@@ -2150,6 +2438,13 @@ module Aws::IoT
 
     # Creates a new version of a fleet provisioning template.
     #
+    # Requires permission to access the
+    # [CreateProvisioningTemplateVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template.
     #
@@ -2190,6 +2485,12 @@ module Aws::IoT
 
     # Creates a role alias.
     #
+    # Requires permission to access the [CreateRoleAlias][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :role_alias
     #   The role alias that points to a role ARN. This allows you to change
     #   the role without having to update the device.
@@ -2198,7 +2499,8 @@ module Aws::IoT
     #   The role ARN.
     #
     # @option params [Integer] :credential_duration_seconds
-    #   How long (in seconds) the credentials will be valid.
+    #   How long (in seconds) the credentials will be valid. The default value
+    #   is 3,600 seconds.
     #
     # @option params [Array<Types::Tag>] :tags
     #   Metadata which can be used to manage the role alias.
@@ -2247,6 +2549,12 @@ module Aws::IoT
 
     # Creates a scheduled audit that is run at a specified time interval.
     #
+    # Requires permission to access the [CreateScheduledAudit][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :frequency
     #   How often the scheduled audit takes place, either `DAILY`, `WEEKLY`,
     #   `BIWEEKLY` or `MONTHLY`. The start time of each audit is determined by
@@ -2310,6 +2618,12 @@ module Aws::IoT
 
     # Creates a Device Defender security profile.
     #
+    # Requires permission to access the [CreateSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The name you are giving to the security profile.
     #
@@ -2425,6 +2739,12 @@ module Aws::IoT
     # MQTT messages from a source like S3. You can have one or more files
     # associated with a stream.
     #
+    # Requires permission to access the [CreateStream][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :stream_id
     #   The stream ID.
     #
@@ -2496,9 +2816,12 @@ module Aws::IoT
     #
     #  </note>
     #
+    # Requires permission to access the [CreateThing][2] action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/iot-authorization.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :thing_name
     #   The name of the thing to create.
@@ -2559,9 +2882,12 @@ module Aws::IoT
     #
     #  </note>
     #
+    # Requires permission to access the [CreateThingGroup][2] action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/iot-authorization.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :thing_group_name
     #   The thing group name to create.
@@ -2618,6 +2944,12 @@ module Aws::IoT
 
     # Creates a new thing type.
     #
+    # Requires permission to access the [CreateThingType][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_type_name
     #   The name of the thing type.
     #
@@ -2668,6 +3000,12 @@ module Aws::IoT
     # user who has permission to create rules will be able to access data
     # processed by the rule.
     #
+    # Requires permission to access the [CreateTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the rule.
     #
@@ -2865,6 +3203,13 @@ module Aws::IoT
     #               "String" => "String",
     #             },
     #           },
+    #           open_search: {
+    #             role_arn: "AwsArn", # required
+    #             endpoint: "ElasticsearchEndpoint", # required
+    #             index: "ElasticsearchIndex", # required
+    #             type: "ElasticsearchType", # required
+    #             id: "ElasticsearchId", # required
+    #           },
     #         },
     #       ],
     #       rule_disabled: false,
@@ -3036,6 +3381,13 @@ module Aws::IoT
     #             "String" => "String",
     #           },
     #         },
+    #         open_search: {
+    #           role_arn: "AwsArn", # required
+    #           endpoint: "ElasticsearchEndpoint", # required
+    #           index: "ElasticsearchIndex", # required
+    #           type: "ElasticsearchType", # required
+    #           id: "ElasticsearchId", # required
+    #         },
     #       },
     #     },
     #     tags: "String",
@@ -3051,6 +3403,13 @@ module Aws::IoT
     # Creates a topic rule destination. The destination must be confirmed
     # prior to use.
     #
+    # Requires permission to access the [CreateTopicRuleDestination][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Types::TopicRuleDestinationConfiguration] :destination_configuration
     #   The topic rule destination configuration.
     #
@@ -3100,6 +3459,13 @@ module Aws::IoT
     # account. Any configuration data you entered is deleted and all audit
     # checks are reset to disabled.
     #
+    # Requires permission to access the [DeleteAccountAuditConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Boolean] :delete_scheduled_audits
     #   If true, all scheduled audits are deleted.
     #
@@ -3120,6 +3486,12 @@ module Aws::IoT
 
     # Deletes a Device Defender audit suppression.
     #
+    # Requires permission to access the [DeleteAuditSuppression][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :check_name
     #   An audit check name. Checks must be enabled for your account. (Use
     #   `DescribeAccountAuditConfiguration` to see the list of all checks,
@@ -3159,6 +3531,12 @@ module Aws::IoT
 
     # Deletes an authorizer.
     #
+    # Requires permission to access the [DeleteAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :authorizer_name
     #   The name of the authorizer to delete.
     #
@@ -3179,6 +3557,12 @@ module Aws::IoT
 
     # Deletes the billing group.
     #
+    # Requires permission to access the [DeleteBillingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :billing_group_name
     #   The name of the billing group.
     #
@@ -3206,6 +3590,12 @@ module Aws::IoT
 
     # Deletes a registered CA certificate.
     #
+    # Requires permission to access the [DeleteCACertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate to delete. (The last part of the certificate
     #   ARN contains the certificate ID.)
@@ -3229,9 +3619,15 @@ module Aws::IoT
     #
     # A certificate cannot be deleted if it has a policy or IoT thing
     # attached to it or if its status is set to ACTIVE. To delete a
-    # certificate, first use the DetachPrincipalPolicy API to detach all
-    # policies. Next, use the UpdateCertificate API to set the certificate
-    # to the INACTIVE status.
+    # certificate, first use the DetachPolicy action to detach all policies.
+    # Next, use the UpdateCertificate action to set the certificate to the
+    # INACTIVE status.
+    #
+    # Requires permission to access the [DeleteCertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
@@ -3257,19 +3653,22 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Deletes a Device Defender detect custom metric.
+    #
+    # Requires permission to access the [DeleteCustomMetric][1] action.
+    #
     # <note markdown="1"> Before you can delete a custom metric, you must first remove the
     # custom metric from all security profiles it's a part of. The security
     # profile associated with the custom metric can be found using the
-    # [ListSecurityProfiles][1] API with `metricName` set to your custom
+    # [ListSecurityProfiles][2] API with `metricName` set to your custom
     # metric name.
     #
     #  </note>
     #
-    # Deletes a Device Defender detect custom metric.
-    #
     #
     #
-    # [1]: https://docs.aws.amazon.com/iot/latest/apireference/API_ListSecurityProfiles.html
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/iot/latest/apireference/API_ListSecurityProfiles.html
     #
     # @option params [required, String] :metric_name
     #   The name of the custom metric.
@@ -3289,10 +3688,17 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Removes the specified dimension from your AWS account.
+    # Removes the specified dimension from your Amazon Web Services
+    # accounts.
     #
-    # @option params [required, String] :name
-    #   The unique identifier for the dimension that you want to delete.
+    # Requires permission to access the [DeleteDimension][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [required, String] :name
+    #   The unique identifier for the dimension that you want to delete.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -3311,6 +3717,13 @@ module Aws::IoT
 
     # Deletes the specified domain configuration.
     #
+    # Requires permission to access the [DeleteDomainConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :domain_configuration_name
     #   The name of the domain configuration to be deleted.
     #
@@ -3331,6 +3744,12 @@ module Aws::IoT
 
     # Deletes a dynamic thing group.
     #
+    # Requires permission to access the [DeleteDynamicThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The name of the dynamic thing group to delete.
     #
@@ -3353,6 +3772,38 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Deletes the specified fleet metric. Returns successfully with no error
+    # if the deletion is successful or you specify a fleet metric that
+    # doesn't exist.
+    #
+    # Requires permission to access the [DeleteFleetMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [required, String] :metric_name
+    #   The name of the fleet metric to delete.
+    #
+    # @option params [Integer] :expected_version
+    #   The expected version of the fleet metric to delete.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_fleet_metric({
+    #     metric_name: "FleetMetricName", # required
+    #     expected_version: 1,
+    #   })
+    #
+    # @overload delete_fleet_metric(params = {})
+    # @param [Hash] params ({})
+    def delete_fleet_metric(params = {}, options = {})
+      req = build_request(:delete_fleet_metric, params)
+      req.send_request(options)
+    end
+
     # Deletes a job and its related job executions.
     #
     # Deleting a job may take time, depending on the number of job
@@ -3364,6 +3815,12 @@ module Aws::IoT
     # Only 10 jobs may have status "DELETION\_IN\_PROGRESS" at the same
     # time, or a LimitExceededException will occur.
     #
+    # Requires permission to access the [DeleteJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The ID of the job to be deleted.
     #
@@ -3388,9 +3845,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -3417,6 +3874,12 @@ module Aws::IoT
 
     # Deletes a job execution.
     #
+    # Requires permission to access the [DeleteJobExecution][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The ID of the job whose execution on a particular device will be
     #   deleted.
@@ -3448,9 +3911,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -3497,7 +3960,14 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Deletes a defined mitigation action from your AWS account.
+    # Deletes a defined mitigation action from your Amazon Web Services
+    # accounts.
+    #
+    # Requires permission to access the [DeleteMitigationAction][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :action_name
     #   The name of the mitigation action that you want to delete.
@@ -3519,6 +3989,12 @@ module Aws::IoT
 
     # Delete an OTA update.
     #
+    # Requires permission to access the [DeleteOTAUpdate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :ota_update_id
     #   The ID of the OTA update to delete.
     #
@@ -3528,7 +4004,7 @@ module Aws::IoT
     #   OTAUpdate is supplied by the user.
     #
     # @option params [Boolean] :force_delete_aws_job
-    #   When true, deletes the AWS job created by the OTAUpdate process even
+    #   When true, deletes the IoT job created by the OTAUpdate process even
     #   if it is "IN\_PROGRESS". Otherwise, if the job is not in a terminal
     #   state ("COMPLETED" or "CANCELED") an exception will occur. The
     #   default is false.
@@ -3555,14 +4031,26 @@ module Aws::IoT
     # A policy cannot be deleted if it has non-default versions or it is
     # attached to any certificate.
     #
-    # To delete a policy, use the DeletePolicyVersion API to delete all
-    # non-default versions of the policy; use the DetachPrincipalPolicy API
-    # to detach the policy from any certificate; and then use the
-    # DeletePolicy API to delete the policy.
+    # To delete a policy, use the DeletePolicyVersion action to delete all
+    # non-default versions of the policy; use the DetachPolicy action to
+    # detach the policy from any certificate; and then use the DeletePolicy
+    # action to delete the policy.
     #
     # When a policy is deleted using DeletePolicy, its default version is
     # deleted with it.
     #
+    # <note markdown="1"> Because of the distributed nature of Amazon Web Services, it can take
+    # up to five minutes after a policy is detached before it's ready to be
+    # deleted.
+    #
+    #  </note>
+    #
+    # Requires permission to access the [DeletePolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The name of the policy to delete.
     #
@@ -3582,11 +4070,17 @@ module Aws::IoT
     end
 
     # Deletes the specified version of the specified policy. You cannot
-    # delete the default version of a policy using this API. To delete the
-    # default version of a policy, use DeletePolicy. To find out which
+    # delete the default version of a policy using this action. To delete
+    # the default version of a policy, use DeletePolicy. To find out which
     # version of a policy is marked as the default version, use
     # ListPolicyVersions.
     #
+    # Requires permission to access the [DeletePolicyVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The name of the policy.
     #
@@ -3611,6 +4105,13 @@ module Aws::IoT
 
     # Deletes a fleet provisioning template.
     #
+    # Requires permission to access the [DeleteProvisioningTemplate][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provision template to delete.
     #
@@ -3631,6 +4132,13 @@ module Aws::IoT
 
     # Deletes a fleet provisioning template version.
     #
+    # Requires permission to access the
+    # [DeleteProvisioningTemplateVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template version to delete.
     #
@@ -3655,6 +4163,12 @@ module Aws::IoT
 
     # Deletes a CA certificate registration code.
     #
+    # Requires permission to access the [DeleteRegistrationCode][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @overload delete_registration_code(params = {})
@@ -3666,6 +4180,12 @@ module Aws::IoT
 
     # Deletes a role alias
     #
+    # Requires permission to access the [DeleteRoleAlias][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :role_alias
     #   The role alias to delete.
     #
@@ -3686,6 +4206,12 @@ module Aws::IoT
 
     # Deletes a scheduled audit.
     #
+    # Requires permission to access the [DeleteScheduledAudit][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :scheduled_audit_name
     #   The name of the scheduled audit you want to delete.
     #
@@ -3706,6 +4232,12 @@ module Aws::IoT
 
     # Deletes a Device Defender security profile.
     #
+    # Requires permission to access the [DeleteSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The name of the security profile to be deleted.
     #
@@ -3733,6 +4265,12 @@ module Aws::IoT
 
     # Deletes a stream.
     #
+    # Requires permission to access the [DeleteStream][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :stream_id
     #   The stream ID.
     #
@@ -3754,6 +4292,12 @@ module Aws::IoT
     # Deletes the specified thing. Returns successfully with no error if the
     # deletion is successful or you specify a thing that doesn't exist.
     #
+    # Requires permission to access the [DeleteThing][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The name of the thing to delete.
     #
@@ -3781,6 +4325,12 @@ module Aws::IoT
 
     # Deletes a thing group.
     #
+    # Requires permission to access the [DeleteThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The name of the thing group to delete.
     #
@@ -3810,6 +4360,12 @@ module Aws::IoT
     # any associated thing, and finally use DeleteThingType to delete the
     # thing type.
     #
+    # Requires permission to access the [DeleteThingType][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_type_name
     #   The name of the thing type.
     #
@@ -3830,6 +4386,12 @@ module Aws::IoT
 
     # Deletes the rule.
     #
+    # Requires permission to access the [DeleteTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the rule.
     #
@@ -3850,6 +4412,13 @@ module Aws::IoT
 
     # Deletes a topic rule destination.
     #
+    # Requires permission to access the [DeleteTopicRuleDestination][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :arn
     #   The ARN of the topic rule destination to delete.
     #
@@ -3870,6 +4439,12 @@ module Aws::IoT
 
     # Deletes a logging level.
     #
+    # Requires permission to access the [DeleteV2LoggingLevel][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :target_type
     #   The type of resource for which you are configuring logging. Must be
     #   `THING_Group`.
@@ -3896,6 +4471,12 @@ module Aws::IoT
     # Deprecates a thing type. You can not associate new things with
     # deprecated thing type.
     #
+    # Requires permission to access the [DeprecateThingType][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_type_name
     #   The name of the thing type to deprecate.
     #
@@ -3924,6 +4505,13 @@ module Aws::IoT
     # account. Settings include how audit notifications are sent and which
     # audit checks are enabled or disabled.
     #
+    # Requires permission to access the
+    # [DescribeAccountAuditConfiguration][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::DescribeAccountAuditConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DescribeAccountAuditConfigurationResponse#role_arn #role_arn} => String
@@ -3951,6 +4539,12 @@ module Aws::IoT
     # reason for noncompliance, the severity of the issue, and the start
     # time when the audit that returned the finding.
     #
+    # Requires permission to access the [DescribeAuditFinding][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :finding_id
     #   A unique identifier for a single audit finding. You can use this
     #   identifier to apply mitigation actions to the finding.
@@ -4137,6 +4731,12 @@ module Aws::IoT
 
     # Gets information about a Device Defender audit.
     #
+    # Requires permission to access the [DescribeAuditTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The ID of the audit whose information you want to get.
     #
@@ -4186,6 +4786,12 @@ module Aws::IoT
 
     # Describes an authorizer.
     #
+    # Requires permission to access the [DescribeAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :authorizer_name
     #   The name of the authorizer to describe.
     #
@@ -4221,6 +4827,12 @@ module Aws::IoT
 
     # Returns information about a billing group.
     #
+    # Requires permission to access the [DescribeBillingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :billing_group_name
     #   The name of the billing group.
     #
@@ -4257,6 +4869,12 @@ module Aws::IoT
 
     # Describes a registered CA certificate.
     #
+    # Requires permission to access the [DescribeCACertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The CA certificate identifier.
     #
@@ -4297,6 +4915,12 @@ module Aws::IoT
 
     # Gets information about the specified certificate.
     #
+    # Requires permission to access the [DescribeCertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
@@ -4342,6 +4966,12 @@ module Aws::IoT
 
     # Gets information about a Device Defender detect custom metric.
     #
+    # Requires permission to access the [DescribeCustomMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :metric_name
     #   The name of the custom metric.
     #
@@ -4378,6 +5008,13 @@ module Aws::IoT
 
     # Describes the default authorizer.
     #
+    # Requires permission to access the [DescribeDefaultAuthorizer][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::DescribeDefaultAuthorizerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DescribeDefaultAuthorizerResponse#authorizer_description #authorizer_description} => Types::AuthorizerDescription
@@ -4404,6 +5041,13 @@ module Aws::IoT
 
     # Gets information about a Device Defender ML Detect mitigation action.
     #
+    # Requires permission to access the
+    # [DescribeDetectMitigationActionsTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The unique identifier of the task.
     #
@@ -4455,8 +5099,14 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Provides details about a dimension that is defined in your AWS
-    # account.
+    # Provides details about a dimension that is defined in your Amazon Web
+    # Services accounts.
+    #
+    # Requires permission to access the [DescribeDimension][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :name
     #   The unique identifier for the dimension.
@@ -4495,6 +5145,13 @@ module Aws::IoT
 
     # Gets summary information about a domain configuration.
     #
+    # Requires permission to access the [DescribeDomainConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :domain_configuration_name
     #   The name of the domain configuration.
     #
@@ -4539,7 +5196,14 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Returns a unique endpoint specific to the AWS account making the call.
+    # Returns a unique endpoint specific to the Amazon Web Services account
+    # making the call.
+    #
+    # Requires permission to access the [DescribeEndpoint][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [String] :endpoint_type
     #   The endpoint type. Valid endpoint types include:
@@ -4554,13 +5218,13 @@ module Aws::IoT
     #   ^
     #   ^
     #
-    #   * `iot:CredentialProvider` - Returns an AWS IoT credentials provider
-    #     API endpoint.
+    #   * `iot:CredentialProvider` - Returns an IoT credentials provider API
+    #     endpoint.
     #
     #   ^
     #   ^
     #
-    #   * `iot:Jobs` - Returns an AWS IoT device management Jobs API endpoint.
+    #   * `iot:Jobs` - Returns an IoT device management Jobs API endpoint.
     #
     #   ^
     #
@@ -4591,6 +5255,13 @@ module Aws::IoT
 
     # Describes event configurations.
     #
+    # Requires permission to access the [DescribeEventConfigurations][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::DescribeEventConfigurationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DescribeEventConfigurationsResponse#event_configurations #event_configurations} => Hash&lt;String,Types::Configuration&gt;
@@ -4611,8 +5282,72 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Gets information about the specified fleet metric.
+    #
+    # Requires permission to access the [DescribeFleetMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [required, String] :metric_name
+    #   The name of the fleet metric to describe.
+    #
+    # @return [Types::DescribeFleetMetricResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeFleetMetricResponse#metric_name #metric_name} => String
+    #   * {Types::DescribeFleetMetricResponse#query_string #query_string} => String
+    #   * {Types::DescribeFleetMetricResponse#aggregation_type #aggregation_type} => Types::AggregationType
+    #   * {Types::DescribeFleetMetricResponse#period #period} => Integer
+    #   * {Types::DescribeFleetMetricResponse#aggregation_field #aggregation_field} => String
+    #   * {Types::DescribeFleetMetricResponse#description #description} => String
+    #   * {Types::DescribeFleetMetricResponse#query_version #query_version} => String
+    #   * {Types::DescribeFleetMetricResponse#index_name #index_name} => String
+    #   * {Types::DescribeFleetMetricResponse#creation_date #creation_date} => Time
+    #   * {Types::DescribeFleetMetricResponse#last_modified_date #last_modified_date} => Time
+    #   * {Types::DescribeFleetMetricResponse#unit #unit} => String
+    #   * {Types::DescribeFleetMetricResponse#version #version} => Integer
+    #   * {Types::DescribeFleetMetricResponse#metric_arn #metric_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_fleet_metric({
+    #     metric_name: "FleetMetricName", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.metric_name #=> String
+    #   resp.query_string #=> String
+    #   resp.aggregation_type.name #=> String, one of "Statistics", "Percentiles", "Cardinality"
+    #   resp.aggregation_type.values #=> Array
+    #   resp.aggregation_type.values[0] #=> String
+    #   resp.period #=> Integer
+    #   resp.aggregation_field #=> String
+    #   resp.description #=> String
+    #   resp.query_version #=> String
+    #   resp.index_name #=> String
+    #   resp.creation_date #=> Time
+    #   resp.last_modified_date #=> Time
+    #   resp.unit #=> String, one of "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None"
+    #   resp.version #=> Integer
+    #   resp.metric_arn #=> String
+    #
+    # @overload describe_fleet_metric(params = {})
+    # @param [Hash] params ({})
+    def describe_fleet_metric(params = {}, options = {})
+      req = build_request(:describe_fleet_metric, params)
+      req.send_request(options)
+    end
+
     # Describes a search index.
     #
+    # Requires permission to access the [DescribeIndex][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :index_name
     #   The index name.
     #
@@ -4643,6 +5378,12 @@ module Aws::IoT
 
     # Describes a job.
     #
+    # Requires permission to access the [DescribeJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The unique identifier you assigned to this job when it was created.
     #
@@ -4708,6 +5449,12 @@ module Aws::IoT
 
     # Describes a job execution.
     #
+    # Requires permission to access the [DescribeJobExecution][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The unique identifier you assigned to this job when it was created.
     #
@@ -4807,6 +5554,13 @@ module Aws::IoT
 
     # Gets information about a mitigation action.
     #
+    # Requires permission to access the [DescribeMitigationAction][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :action_name
     #   The friendly name that uniquely identifies the mitigation action.
     #
@@ -4855,6 +5609,13 @@ module Aws::IoT
 
     # Returns information about a fleet provisioning template.
     #
+    # Requires permission to access the [DescribeProvisioningTemplate][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template.
     #
@@ -4900,6 +5661,13 @@ module Aws::IoT
 
     # Returns information about a fleet provisioning template version.
     #
+    # Requires permission to access the
+    # [DescribeProvisioningTemplateVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The template name.
     #
@@ -4936,6 +5704,12 @@ module Aws::IoT
 
     # Describes a role alias.
     #
+    # Requires permission to access the [DescribeRoleAlias][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :role_alias
     #   The role alias to describe.
     #
@@ -4968,6 +5742,12 @@ module Aws::IoT
 
     # Gets information about a scheduled audit.
     #
+    # Requires permission to access the [DescribeScheduledAudit][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :scheduled_audit_name
     #   The name of the scheduled audit whose information you want to get.
     #
@@ -5005,6 +5785,12 @@ module Aws::IoT
 
     # Gets information about a Device Defender security profile.
     #
+    # Requires permission to access the [DescribeSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The name of the security profile whose information you want to get.
     #
@@ -5076,6 +5862,12 @@ module Aws::IoT
 
     # Gets information about a stream.
     #
+    # Requires permission to access the [DescribeStream][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :stream_id
     #   The stream ID.
     #
@@ -5113,6 +5905,12 @@ module Aws::IoT
 
     # Gets information about the specified thing.
     #
+    # Requires permission to access the [DescribeThing][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The name of the thing.
     #
@@ -5154,6 +5952,12 @@ module Aws::IoT
 
     # Describe a thing group.
     #
+    # Requires permission to access the [DescribeThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The name of the thing group.
     #
@@ -5205,6 +6009,13 @@ module Aws::IoT
 
     # Describes a bulk thing provisioning task.
     #
+    # Requires permission to access the [DescribeThingRegistrationTask][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The task ID.
     #
@@ -5253,6 +6064,12 @@ module Aws::IoT
 
     # Gets information about the specified thing type.
     #
+    # Requires permission to access the [DescribeThingType][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_type_name
     #   The name of the thing type.
     #
@@ -5291,6 +6108,18 @@ module Aws::IoT
 
     # Detaches a policy from the specified target.
     #
+    # <note markdown="1"> Because of the distributed nature of Amazon Web Services, it can take
+    # up to five minutes after a policy is detached before it's ready to be
+    # deleted.
+    #
+    #  </note>
+    #
+    # Requires permission to access the [DetachPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy to detach.
     #
@@ -5315,7 +6144,15 @@ module Aws::IoT
 
     # Removes the specified policy from the specified certificate.
     #
-    # **Note:** This API is deprecated. Please use DetachPolicy instead.
+    # <note markdown="1"> This action is deprecated. Please use DetachPolicy instead.
+    #
+    #  </note>
+    #
+    # Requires permission to access the [DetachPrincipalPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :policy_name
     #   The name of the policy to detach.
@@ -5348,6 +6185,12 @@ module Aws::IoT
     # Disassociates a Device Defender security profile from a thing group or
     # from this account.
     #
+    # Requires permission to access the [DetachSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The security profile that is detached.
     #
@@ -5380,6 +6223,12 @@ module Aws::IoT
     #
     #  </note>
     #
+    # Requires permission to access the [DetachThingPrincipal][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The name of the thing.
     #
@@ -5406,6 +6255,12 @@ module Aws::IoT
 
     # Disables the rule.
     #
+    # Requires permission to access the [DisableTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the rule to disable.
     #
@@ -5426,6 +6281,12 @@ module Aws::IoT
 
     # Enables the rule.
     #
+    # Requires permission to access the [EnableTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the topic rule to enable.
     #
@@ -5447,6 +6308,13 @@ module Aws::IoT
     # Returns a Device Defender's ML Detect Security Profile training
     # model's status.
     #
+    # Requires permission to access the
+    # [GetBehaviorModelTrainingSummaries][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :security_profile_name
     #   The name of the security profile.
     #
@@ -5490,13 +6358,77 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Aggregates on indexed data with search queries pertaining to
+    # particular fields.
+    #
+    # Requires permission to access the [GetBucketsAggregation][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [String] :index_name
+    #   The name of the index to search.
+    #
+    # @option params [required, String] :query_string
+    #   The search query string.
+    #
+    # @option params [required, String] :aggregation_field
+    #   The aggregation field.
+    #
+    # @option params [String] :query_version
+    #   The version of the query.
+    #
+    # @option params [required, Types::BucketsAggregationType] :buckets_aggregation_type
+    #   The basic control of the response shape and the bucket aggregation
+    #   type to perform.
+    #
+    # @return [Types::GetBucketsAggregationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetBucketsAggregationResponse#total_count #total_count} => Integer
+    #   * {Types::GetBucketsAggregationResponse#buckets #buckets} => Array&lt;Types::Bucket&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_buckets_aggregation({
+    #     index_name: "IndexName",
+    #     query_string: "QueryString", # required
+    #     aggregation_field: "AggregationField", # required
+    #     query_version: "QueryVersion",
+    #     buckets_aggregation_type: { # required
+    #       terms_aggregation: {
+    #         max_buckets: 1,
+    #       },
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.total_count #=> Integer
+    #   resp.buckets #=> Array
+    #   resp.buckets[0].key_value #=> String
+    #   resp.buckets[0].count #=> Integer
+    #
+    # @overload get_buckets_aggregation(params = {})
+    # @param [Hash] params ({})
+    def get_buckets_aggregation(params = {}, options = {})
+      req = build_request(:get_buckets_aggregation, params)
+      req.send_request(options)
+    end
+
     # Returns the approximate count of unique values that match the query.
     #
+    # Requires permission to access the [GetCardinality][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :index_name
     #   The name of the index to search.
     #
     # @option params [required, String] :query_string
-    #   The search query.
+    #   The search query string.
     #
     # @option params [String] :aggregation_field
     #   The field to aggregate.
@@ -5529,8 +6461,14 @@ module Aws::IoT
     end
 
     # Gets a list of the policies that have an effect on the authorization
-    # behavior of the specified device when it connects to the AWS IoT
-    # device gateway.
+    # behavior of the specified device when it connects to the IoT device
+    # gateway.
+    #
+    # Requires permission to access the [GetEffectivePolicies][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [String] :principal
     #   The principal. Valid principals are CertificateArn
@@ -5573,6 +6511,13 @@ module Aws::IoT
 
     # Gets the indexing configuration.
     #
+    # Requires permission to access the [GetIndexingConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::GetIndexingConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetIndexingConfigurationResponse#thing_indexing_configuration #thing_indexing_configuration} => Types::ThingIndexingConfiguration
@@ -5605,6 +6550,12 @@ module Aws::IoT
 
     # Gets a job document.
     #
+    # Requires permission to access the [GetJobDocument][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The unique identifier you assigned to this job when it was created.
     #
@@ -5634,6 +6585,12 @@ module Aws::IoT
     # NOTE: use of this command is not recommended. Use
     # `GetV2LoggingOptions` instead.
     #
+    # Requires permission to access the [GetLoggingOptions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::GetLoggingOptionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetLoggingOptionsResponse#role_arn #role_arn} => String
@@ -5653,6 +6610,12 @@ module Aws::IoT
 
     # Gets an OTA update.
     #
+    # Requires permission to access the [GetOTAUpdate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :ota_update_id
     #   The OTA update ID.
     #
@@ -5734,11 +6697,17 @@ module Aws::IoT
     # approximation, the more values that match the query, the more accurate
     # the percentile values.
     #
+    # Requires permission to access the [GetPercentiles][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :index_name
     #   The name of the index to search.
     #
     # @option params [required, String] :query_string
-    #   The query string.
+    #   The search query string.
     #
     # @option params [String] :aggregation_field
     #   The field to aggregate.
@@ -5779,6 +6748,12 @@ module Aws::IoT
     # Gets information about the specified policy with the policy document
     # of the default version.
     #
+    # Requires permission to access the [GetPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The name of the policy.
     #
@@ -5817,6 +6792,12 @@ module Aws::IoT
 
     # Gets information about the specified policy version.
     #
+    # Requires permission to access the [GetPolicyVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The name of the policy.
     #
@@ -5859,8 +6840,13 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Gets a registration code used to register a CA certificate with AWS
-    # IoT.
+    # Gets a registration code used to register a CA certificate with IoT.
+    #
+    # Requires permission to access the [GetRegistrationCode][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @return [Types::GetRegistrationCodeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -5882,12 +6868,19 @@ module Aws::IoT
     # If the aggregation field is of type `String`, only the count statistic
     # is returned.
     #
+    # Requires permission to access the [GetStatistics][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :index_name
     #   The name of the index to search. The default value is `AWS_Things`.
     #
     # @option params [required, String] :query_string
     #   The query used to search. You can specify "*" for the query string
-    #   to get the count of all indexed things in your AWS account.
+    #   to get the count of all indexed things in your Amazon Web Services
+    #   account.
     #
     # @option params [String] :aggregation_field
     #   The aggregation field name.
@@ -5928,6 +6921,12 @@ module Aws::IoT
 
     # Gets information about the rule.
     #
+    # Requires permission to access the [GetTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the rule.
     #
@@ -6049,6 +7048,11 @@ module Aws::IoT
     #   resp.rule.actions[0].kafka.partition #=> String
     #   resp.rule.actions[0].kafka.client_properties #=> Hash
     #   resp.rule.actions[0].kafka.client_properties["String"] #=> String
+    #   resp.rule.actions[0].open_search.role_arn #=> String
+    #   resp.rule.actions[0].open_search.endpoint #=> String
+    #   resp.rule.actions[0].open_search.index #=> String
+    #   resp.rule.actions[0].open_search.type #=> String
+    #   resp.rule.actions[0].open_search.id #=> String
     #   resp.rule.rule_disabled #=> Boolean
     #   resp.rule.aws_iot_sql_version #=> String
     #   resp.rule.error_action.dynamo_db.table_name #=> String
@@ -6150,6 +7154,11 @@ module Aws::IoT
     #   resp.rule.error_action.kafka.partition #=> String
     #   resp.rule.error_action.kafka.client_properties #=> Hash
     #   resp.rule.error_action.kafka.client_properties["String"] #=> String
+    #   resp.rule.error_action.open_search.role_arn #=> String
+    #   resp.rule.error_action.open_search.endpoint #=> String
+    #   resp.rule.error_action.open_search.index #=> String
+    #   resp.rule.error_action.open_search.type #=> String
+    #   resp.rule.error_action.open_search.id #=> String
     #
     # @overload get_topic_rule(params = {})
     # @param [Hash] params ({})
@@ -6160,6 +7169,12 @@ module Aws::IoT
 
     # Gets information about a topic rule destination.
     #
+    # Requires permission to access the [GetTopicRuleDestination][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :arn
     #   The ARN of the topic rule destination.
     #
@@ -6197,6 +7212,12 @@ module Aws::IoT
 
     # Gets the fine grained logging options.
     #
+    # Requires permission to access the [GetV2LoggingOptions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @return [Types::GetV2LoggingOptionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetV2LoggingOptionsResponse#role_arn #role_arn} => String
@@ -6219,6 +7240,12 @@ module Aws::IoT
     # Lists the active violations for a given Device Defender security
     # profile.
     #
+    # Requires permission to access the [ListActiveViolations][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :thing_name
     #   The name of the thing whose active violations are listed.
     #
@@ -6307,6 +7334,12 @@ module Aws::IoT
 
     # Lists the policies attached to the specified thing group.
     #
+    # Requires permission to access the [ListAttachedPolicies][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :target
     #   The group or principal for which the policies will be listed. Valid
     #   principals are CertificateArn
@@ -6358,6 +7391,12 @@ module Aws::IoT
     # audits performed during a specified time period. (Findings are
     # retained for 90 days.)
     #
+    # Requires permission to access the [ListAuditFindings][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :task_id
     #   A filter to limit results to the audit with the specified ID. You must
     #   specify either the taskId or the startTime and endTime, but not both.
@@ -6472,6 +7511,13 @@ module Aws::IoT
 
     # Gets the status of audit mitigation action tasks that were executed.
     #
+    # Requires permission to access the
+    # [ListAuditMitigationActionsExecutions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   Specify this filter to limit results to actions for a specific audit
     #   mitigation actions task.
@@ -6531,6 +7577,13 @@ module Aws::IoT
     # Gets a list of audit mitigation action tasks that match the specified
     # filters.
     #
+    # Requires permission to access the [ListAuditMitigationActionsTasks][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :audit_task_id
     #   Specify this filter to limit results to tasks that were applied to
     #   results for a specific audit.
@@ -6594,6 +7647,12 @@ module Aws::IoT
 
     # Lists your Device Defender audit listings.
     #
+    # Requires permission to access the [ListAuditSuppressions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :check_name
     #   An audit check name. Checks must be enabled for your account. (Use
     #   `DescribeAccountAuditConfiguration` to see the list of all checks,
@@ -6672,6 +7731,12 @@ module Aws::IoT
     # Lists the Device Defender audits that have been performed during a
     # given time period.
     #
+    # Requires permission to access the [ListAuditTasks][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Time,DateTime,Date,Integer,String] :start_time
     #   The beginning of the time period. Audit information is retained for a
     #   limited time (90 days). Requesting a start time prior to what is
@@ -6731,6 +7796,12 @@ module Aws::IoT
 
     # Lists the authorizers registered in your account.
     #
+    # Requires permission to access the [ListAuthorizers][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :page_size
     #   The maximum number of results to return at one time.
     #
@@ -6775,6 +7846,12 @@ module Aws::IoT
 
     # Lists the billing groups you have created.
     #
+    # Requires permission to access the [ListBillingGroups][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -6815,11 +7892,18 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists the CA certificates registered for your AWS account.
+    # Lists the CA certificates registered for your Amazon Web Services
+    # account.
     #
     # The results are paginated with a default page size of 25. You can use
     # the returned marker to retrieve additional results.
     #
+    # Requires permission to access the [ListCACertificates][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :page_size
     #   The result page size.
     #
@@ -6860,11 +7944,17 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists the certificates registered in your AWS account.
+    # Lists the certificates registered in your Amazon Web Services account.
     #
     # The results are paginated with a default page size of 25. You can use
     # the returned marker to retrieve additional results.
     #
+    # Requires permission to access the [ListCertificates][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :page_size
     #   The result page size.
     #
@@ -6909,6 +7999,12 @@ module Aws::IoT
 
     # List the device certificates signed by the specified CA certificate.
     #
+    # Requires permission to access the [ListCertificatesByCA][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :ca_certificate_id
     #   The ID of the CA certificate. This operation will list all registered
     #   device certificate that were signed by this CA certificate.
@@ -6958,6 +8054,12 @@ module Aws::IoT
 
     # Lists your Device Defender detect custom metrics.
     #
+    # Requires permission to access the [ListCustomMetrics][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   The token for the next set of results.
     #
@@ -6995,6 +8097,13 @@ module Aws::IoT
     # Lists mitigation actions executions for a Device Defender ML Detect
     # Security Profile.
     #
+    # Requires permission to access the
+    # [ListDetectMitigationActionsExecutions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :task_id
     #   The unique identifier of the task.
     #
@@ -7062,6 +8171,13 @@ module Aws::IoT
 
     # List of Device Defender ML Detect mitigation actions tasks.
     #
+    # Requires permission to access the
+    # [ListDetectMitigationActionsTasks][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time. The default is
     #   25.
@@ -7134,7 +8250,14 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # List the set of dimensions that are defined for your AWS account.
+    # List the set of dimensions that are defined for your Amazon Web
+    # Services accounts.
+    #
+    # Requires permission to access the [ListDimensions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [String] :next_token
     #   The token for the next set of results.
@@ -7172,6 +8295,13 @@ module Aws::IoT
     # Gets a list of domain configurations for the user. This list is sorted
     # alphabetically by domain configuration name.
     #
+    # Requires permission to access the [ListDomainConfigurations][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :marker
     #   The marker for the next set of results.
     #
@@ -7211,8 +8341,58 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Lists all your fleet metrics.
+    #
+    # Requires permission to access the [ListFleetMetrics][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [String] :next_token
+    #   To retrieve the next set of results, the `nextToken` value from a
+    #   previous response; otherwise `null` to receive the first set of
+    #   results.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return in this operation.
+    #
+    # @return [Types::ListFleetMetricsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFleetMetricsResponse#fleet_metrics #fleet_metrics} => Array&lt;Types::FleetMetricNameAndArn&gt;
+    #   * {Types::ListFleetMetricsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_fleet_metrics({
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.fleet_metrics #=> Array
+    #   resp.fleet_metrics[0].metric_name #=> String
+    #   resp.fleet_metrics[0].metric_arn #=> String
+    #   resp.next_token #=> String
+    #
+    # @overload list_fleet_metrics(params = {})
+    # @param [Hash] params ({})
+    def list_fleet_metrics(params = {}, options = {})
+      req = build_request(:list_fleet_metrics, params)
+      req.send_request(options)
+    end
+
     # Lists the search indices.
     #
+    # Requires permission to access the [ListIndices][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   The token used to get the next set of results, or `null` if there are
     #   no additional results.
@@ -7249,6 +8429,12 @@ module Aws::IoT
 
     # Lists the job executions for a job.
     #
+    # Requires permission to access the [ListJobExecutionsForJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The unique identifier you assigned to this job when it was created.
     #
@@ -7297,6 +8483,13 @@ module Aws::IoT
 
     # Lists the job executions for the specified thing.
     #
+    # Requires permission to access the [ListJobExecutionsForThing][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The thing name.
     #
@@ -7307,9 +8500,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -7360,6 +8553,12 @@ module Aws::IoT
 
     # Returns a list of job templates.
     #
+    # Requires permission to access the [ListJobTemplates][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :max_results
     #   The maximum number of results to return in the list.
     #
@@ -7371,6 +8570,8 @@ module Aws::IoT
     #   * {Types::ListJobTemplatesResponse#job_templates #job_templates} => Array&lt;Types::JobTemplateSummary&gt;
     #   * {Types::ListJobTemplatesResponse#next_token #next_token} => String
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_job_templates({
@@ -7396,6 +8597,12 @@ module Aws::IoT
 
     # Lists jobs.
     #
+    # Requires permission to access the [ListJobs][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :status
     #   An optional filter that lets you search for jobs that have the
     #   specified status.
@@ -7425,9 +8632,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -7477,6 +8684,12 @@ module Aws::IoT
     # Gets a list of all mitigation actions that match the specified filter
     # criteria.
     #
+    # Requires permission to access the [ListMitigationActions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :action_type
     #   Specify a value to limit the result to mitigation actions with a
     #   specific action type.
@@ -7520,6 +8733,12 @@ module Aws::IoT
 
     # Lists OTA updates.
     #
+    # Requires permission to access the [ListOTAUpdates][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time.
     #
@@ -7561,6 +8780,13 @@ module Aws::IoT
 
     # Lists certificates that are being transferred but not yet accepted.
     #
+    # Requires permission to access the [ListOutgoingCertificates][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :page_size
     #   The result page size.
     #
@@ -7606,6 +8832,12 @@ module Aws::IoT
 
     # Lists your policies.
     #
+    # Requires permission to access the [ListPolicies][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :marker
     #   The marker for the next set of results.
     #
@@ -7647,9 +8879,15 @@ module Aws::IoT
 
     # Lists the principals associated with the specified policy.
     #
-    # **Note:** This API is deprecated. Please use ListTargetsForPolicy
+    # **Note:** This action is deprecated. Please use ListTargetsForPolicy
     # instead.
     #
+    # Requires permission to access the [ListPolicyPrincipals][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy name.
     #
@@ -7695,6 +8933,12 @@ module Aws::IoT
     # Lists the versions of the specified policy and identifies the default
     # version.
     #
+    # Requires permission to access the [ListPolicyVersions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy name.
     #
@@ -7726,12 +8970,15 @@ module Aws::IoT
     # Cognito identity, the ID must be in [AmazonCognito Identity
     # format][1].
     #
-    # **Note:** This API is deprecated. Please use ListAttachedPolicies
+    # **Note:** This action is deprecated. Please use ListAttachedPolicies
     # instead.
     #
+    # Requires permission to access the [ListPrincipalPolicies][2] action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html#API_GetCredentialsForIdentity_RequestSyntax
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :principal
     #   The principal. Valid principals are CertificateArn
@@ -7784,6 +9031,12 @@ module Aws::IoT
     # can be X.509 certificates, IAM users, groups, and roles, Amazon
     # Cognito identities or federated identities.
     #
+    # Requires permission to access the [ListPrincipalThings][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -7825,6 +9078,13 @@ module Aws::IoT
 
     # A list of fleet provisioning template versions.
     #
+    # Requires permission to access the
+    # [ListProvisioningTemplateVersions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template.
     #
@@ -7864,7 +9124,15 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists the fleet provisioning templates in your AWS account.
+    # Lists the fleet provisioning templates in your Amazon Web Services
+    # account.
+    #
+    # Requires permission to access the [ListProvisioningTemplates][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time.
@@ -7906,6 +9174,12 @@ module Aws::IoT
 
     # Lists the role aliases registered in your account.
     #
+    # Requires permission to access the [ListRoleAliases][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Integer] :page_size
     #   The maximum number of results to return at one time.
     #
@@ -7945,6 +9219,12 @@ module Aws::IoT
 
     # Lists all of your scheduled audits.
     #
+    # Requires permission to access the [ListScheduledAudits][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   The token for the next set of results.
     #
@@ -7986,10 +9266,16 @@ module Aws::IoT
     # Lists the Device Defender security profiles you've created. You can
     # filter security profiles by dimension or custom metric.
     #
+    # Requires permission to access the [ListSecurityProfiles][1] action.
+    #
     # <note markdown="1"> `dimensionName` and `metricName` cannot be used in the same request.
     #
     #  </note>
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   The token for the next set of results.
     #
@@ -8036,6 +9322,13 @@ module Aws::IoT
     # Lists the Device Defender security profiles attached to a target
     # (thing group).
     #
+    # Requires permission to access the [ListSecurityProfilesForTarget][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   The token for the next set of results.
     #
@@ -8080,7 +9373,13 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists all of the streams in your AWS account.
+    # Lists all of the streams in your Amazon Web Services account.
+    #
+    # Requires permission to access the [ListStreams][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at a time.
@@ -8124,6 +9423,12 @@ module Aws::IoT
 
     # Lists the tags (metadata) you have assigned to the resource.
     #
+    # Requires permission to access the [ListTagsForResource][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :resource_arn
     #   The ARN of the resource.
     #
@@ -8162,6 +9467,12 @@ module Aws::IoT
 
     # List targets for the specified policy.
     #
+    # Requires permission to access the [ListTargetsForPolicy][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :policy_name
     #   The policy name.
     #
@@ -8202,6 +9513,13 @@ module Aws::IoT
     # Lists the targets (thing groups) associated with a given Device
     # Defender security profile.
     #
+    # Requires permission to access the [ListTargetsForSecurityProfile][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The security profile.
     #
@@ -8241,6 +9559,12 @@ module Aws::IoT
 
     # List the thing groups in your account.
     #
+    # Requires permission to access the [ListThingGroups][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -8293,6 +9617,12 @@ module Aws::IoT
 
     # List the thing groups to which the specified thing belongs.
     #
+    # Requires permission to access the [ListThingGroupsForThing][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The thing name.
     #
@@ -8337,6 +9667,12 @@ module Aws::IoT
     # can be X.509 certificates, IAM users, groups, and roles, Amazon
     # Cognito identities or federated identities.
     #
+    # Requires permission to access the [ListThingPrincipals][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -8425,6 +9761,13 @@ module Aws::IoT
 
     # List bulk thing provisioning tasks.
     #
+    # Requires permission to access the [ListThingRegistrationTasks][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -8466,6 +9809,12 @@ module Aws::IoT
 
     # Lists the existing thing types.
     #
+    # Requires permission to access the [ListThingTypes][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -8518,6 +9867,8 @@ module Aws::IoT
     # in the registry that contain an attribute **Color** with the value
     # **Red**.
     #
+    # Requires permission to access the [ListThings][1] action.
+    #
     # <note markdown="1"> You will not be charged for calling this API if an `Access denied`
     # error is returned. You will also not be charged if no attributes or
     # pagination token was provided in request and no pagination token and
@@ -8525,6 +9876,10 @@ module Aws::IoT
     #
     #  </note>
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :next_token
     #   To retrieve the next set of results, the `nextToken` value from a
     #   previous response; otherwise **null** to receive the first set of
@@ -8588,6 +9943,13 @@ module Aws::IoT
 
     # Lists the things you have added to the given billing group.
     #
+    # Requires permission to access the [ListThingsInBillingGroup][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :billing_group_name
     #   The name of the billing group.
     #
@@ -8629,6 +9991,12 @@ module Aws::IoT
 
     # Lists the things in the specified group.
     #
+    # Requires permission to access the [ListThingsInThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The thing group name.
     #
@@ -8673,7 +10041,15 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists all the topic rule destinations in your AWS account.
+    # Lists all the topic rule destinations in your Amazon Web Services
+    # account.
+    #
+    # Requires permission to access the [ListTopicRuleDestinations][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time.
@@ -8723,6 +10099,12 @@ module Aws::IoT
 
     # Lists the rules for the specific topic.
     #
+    # Requires permission to access the [ListTopicRules][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :topic
     #   The topic.
     #
@@ -8772,6 +10154,12 @@ module Aws::IoT
 
     # Lists logging levels.
     #
+    # Requires permission to access the [ListV2LoggingLevels][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :target_type
     #   The type of resource for which you are configuring logging. Must be
     #   `THING_Group`.
@@ -8819,6 +10207,12 @@ module Aws::IoT
     # to those alerts issued for a particular security profile, behavior, or
     # thing (device).
     #
+    # Requires permission to access the [ListViolationEvents][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Time,DateTime,Date,Integer,String] :start_time
     #   The start time for the alerts to be listed.
     #
@@ -8914,14 +10308,20 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Registers a CA certificate with AWS IoT. This CA certificate can then
-    # be used to sign device certificates, which can be then registered with
-    # AWS IoT. You can register up to 10 CA certificates per AWS account
-    # that have the same subject field. This enables you to have up to 10
-    # certificate authorities sign your device certificates. If you have
-    # more than one CA certificate registered, make sure you pass the CA
-    # certificate when you register your device certificates with the
-    # RegisterCertificate API.
+    # Registers a CA certificate with IoT. This CA certificate can then be
+    # used to sign device certificates, which can be then registered with
+    # IoT. You can register up to 10 CA certificates per Amazon Web Services
+    # account that have the same subject field. This enables you to have up
+    # to 10 certificate authorities sign your device certificates. If you
+    # have more than one CA certificate registered, make sure you pass the
+    # CA certificate when you register your device certificates with the
+    # RegisterCertificate action.
+    #
+    # Requires permission to access the [RegisterCACertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :ca_certificate
     #   The CA certificate.
@@ -8989,11 +10389,17 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Registers a device certificate with AWS IoT. If you have more than one
-    # CA certificate that has the same subject field, you must specify the
-    # CA certificate that was used to sign the device certificate being
+    # Registers a device certificate with IoT. If you have more than one CA
+    # certificate that has the same subject field, you must specify the CA
+    # certificate that was used to sign the device certificate being
     # registered.
     #
+    # Requires permission to access the [RegisterCertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_pem
     #   The certificate data, in PEM format.
     #
@@ -9067,15 +10473,18 @@ module Aws::IoT
     end
 
     # Provisions a thing in the device registry. RegisterThing calls other
-    # AWS IoT control plane APIs. These calls might exceed your account
-    # level [ AWS IoT Throttling Limits][1] and cause throttle errors.
-    # Please contact [AWS Customer Support][2] to raise your throttling
+    # IoT control plane APIs. These calls might exceed your account level [
+    # IoT Throttling Limits][1] and cause throttle errors. Please contact
+    # [Amazon Web Services Customer Support][2] to raise your throttling
     # limits if necessary.
     #
+    # Requires permission to access the [RegisterThing][3] action.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_iot
     # [2]: https://console.aws.amazon.com/support/home
+    # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :template_body
     #   The provisioning template. See [Provisioning Devices That Have Device
@@ -9120,7 +10529,7 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Rejects a pending certificate transfer. After AWS IoT rejects a
+    # Rejects a pending certificate transfer. After IoT rejects a
     # certificate transfer, the certificate status changes from
     # **PENDING\_TRANSFER** to **INACTIVE**.
     #
@@ -9131,6 +10540,13 @@ module Aws::IoT
     # it is called, the certificate will be returned to the source's
     # account in the INACTIVE state.
     #
+    # Requires permission to access the [RejectCertificateTransfer][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
@@ -9156,6 +10572,13 @@ module Aws::IoT
 
     # Removes the given thing from the billing group.
     #
+    # Requires permission to access the [RemoveThingFromBillingGroup][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :billing_group_name
     #   The name of the billing group.
     #
@@ -9192,6 +10615,13 @@ module Aws::IoT
     # identify the thing group and either a `thingArn` or a `thingName` to
     # identify the thing to remove from the thing group.
     #
+    # Requires permission to access the [RemoveThingFromThingGroup][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :thing_group_name
     #   The group name.
     #
@@ -9227,6 +10657,12 @@ module Aws::IoT
     # permission to create rules will be able to access data processed by
     # the rule.
     #
+    # Requires permission to access the [ReplaceTopicRule][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :rule_name
     #   The name of the rule.
     #
@@ -9410,6 +10846,13 @@ module Aws::IoT
     #               "String" => "String",
     #             },
     #           },
+    #           open_search: {
+    #             role_arn: "AwsArn", # required
+    #             endpoint: "ElasticsearchEndpoint", # required
+    #             index: "ElasticsearchIndex", # required
+    #             type: "ElasticsearchType", # required
+    #             id: "ElasticsearchId", # required
+    #           },
     #         },
     #       ],
     #       rule_disabled: false,
@@ -9581,6 +11024,13 @@ module Aws::IoT
     #             "String" => "String",
     #           },
     #         },
+    #         open_search: {
+    #           role_arn: "AwsArn", # required
+    #           endpoint: "ElasticsearchEndpoint", # required
+    #           index: "ElasticsearchIndex", # required
+    #           type: "ElasticsearchType", # required
+    #           id: "ElasticsearchId", # required
+    #         },
     #       },
     #     },
     #   })
@@ -9594,6 +11044,12 @@ module Aws::IoT
 
     # The query search index.
     #
+    # Requires permission to access the [SearchIndex][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :index_name
     #   The search index name.
     #
@@ -9640,6 +11096,7 @@ module Aws::IoT
     #   resp.things[0].shadow #=> String
     #   resp.things[0].connectivity.connected #=> Boolean
     #   resp.things[0].connectivity.timestamp #=> Integer
+    #   resp.things[0].connectivity.disconnect_reason #=> String
     #   resp.thing_groups #=> Array
     #   resp.thing_groups[0].thing_group_name #=> String
     #   resp.thing_groups[0].thing_group_id #=> String
@@ -9659,6 +11116,12 @@ module Aws::IoT
     # Sets the default authorizer. This will be used if a websocket
     # connection is made without specifying an authorizer.
     #
+    # Requires permission to access the [SetDefaultAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :authorizer_name
     #   The authorizer name.
     #
@@ -9688,7 +11151,13 @@ module Aws::IoT
     # Sets the specified version of the specified policy as the policy's
     # default (operative) version. This action affects all certificates to
     # which the policy is attached. To list the principals the policy is
-    # attached to, use the ListPrincipalPolicy API.
+    # attached to, use the ListPrincipalPolicies action.
+    #
+    # Requires permission to access the [SetDefaultPolicyVersion][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :policy_name
     #   The policy name.
@@ -9717,6 +11186,12 @@ module Aws::IoT
     # NOTE: use of this command is not recommended. Use
     # `SetV2LoggingOptions` instead.
     #
+    # Requires permission to access the [SetLoggingOptions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Types::LoggingOptionsPayload] :logging_options_payload
     #   The logging options payload.
     #
@@ -9740,6 +11215,12 @@ module Aws::IoT
 
     # Sets the logging level.
     #
+    # Requires permission to access the [SetV2LoggingLevel][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Types::LogTarget] :log_target
     #   The log target.
     #
@@ -9767,6 +11248,12 @@ module Aws::IoT
 
     # Sets the logging options for the V2 logging service.
     #
+    # Requires permission to access the [SetV2LoggingOptions][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :role_arn
     #   The ARN of the role that allows IoT to write to Cloudwatch logs.
     #
@@ -9796,6 +11283,13 @@ module Aws::IoT
     # Starts a task that applies a set of mitigation actions to the
     # specified target.
     #
+    # Requires permission to access the [StartAuditMitigationActionsTask][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   A unique identifier for the task. You can use this identifier to check
     #   the status of the task or to cancel it.
@@ -9807,7 +11301,7 @@ module Aws::IoT
     #
     # @option params [required, Hash<String,Array>] :audit_check_to_actions_mapping
     #   For an audit check, specifies which mitigation actions to apply. Those
-    #   actions must be defined in your AWS account.
+    #   actions must be defined in your Amazon Web Services accounts.
     #
     # @option params [required, String] :client_request_token
     #   Each audit mitigation task must have a unique client request token. If
@@ -9852,6 +11346,13 @@ module Aws::IoT
 
     # Starts a Device Defender ML Detect mitigation actions task.
     #
+    # Requires permission to access the
+    # [StartDetectMitigationActionsTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The unique identifier of the task.
     #
@@ -9874,8 +11375,8 @@ module Aws::IoT
     # @option params [required, String] :client_request_token
     #   Each mitigation action task must have a unique client request token.
     #   If you try to create a new task with the same token as a task that
-    #   already exists, an exception occurs. If you omit this value, AWS SDKs
-    #   will automatically generate a unique client request.
+    #   already exists, an exception occurs. If you omit this value, Amazon
+    #   Web Services SDKs will automatically generate a unique client request.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -9916,6 +11417,12 @@ module Aws::IoT
 
     # Starts an on-demand Device Defender audit.
     #
+    # Requires permission to access the [StartOnDemandAuditTask][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Array<String>] :target_check_names
     #   Which checks are performed during the audit. The checks you specify
     #   must be enabled for your account or an exception occurs. Use
@@ -9946,6 +11453,13 @@ module Aws::IoT
 
     # Creates a bulk thing provisioning task.
     #
+    # Requires permission to access the [StartThingRegistrationTask][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_body
     #   The provisioning template.
     #
@@ -9986,6 +11500,13 @@ module Aws::IoT
 
     # Cancels a bulk thing provisioning task.
     #
+    # Requires permission to access the [StopThingRegistrationTask][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :task_id
     #   The bulk thing provisioning task ID.
     #
@@ -10007,6 +11528,12 @@ module Aws::IoT
     # Adds to or modifies the tags of the given resource. Tags are metadata
     # which can be used to manage a resource.
     #
+    # Requires permission to access the [TagResource][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :resource_arn
     #   The ARN of the resource.
     #
@@ -10034,10 +11561,15 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Tests if a specified principal is authorized to perform an AWS IoT
-    # action on a specified resource. Use this to test and debug the
-    # authorization behavior of devices that connect to the AWS IoT device
-    # gateway.
+    # Tests if a specified principal is authorized to perform an IoT action
+    # on a specified resource. Use this to test and debug the authorization
+    # behavior of devices that connect to the IoT device gateway.
+    #
+    # Requires permission to access the [TestAuthorization][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [String] :principal
     #   The principal. Valid principals are CertificateArn
@@ -10112,7 +11644,13 @@ module Aws::IoT
 
     # Tests a custom authorization behavior by invoking a specified custom
     # authorizer. Use this to test and debug the custom authorization
-    # behavior of devices that connect to the AWS IoT device gateway.
+    # behavior of devices that connect to the IoT device gateway.
+    #
+    # Requires permission to access the [TestInvokeAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :authorizer_name
     #   The custom authorizer name.
@@ -10179,7 +11717,10 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Transfers the specified certificate to the specified AWS account.
+    # Transfers the specified certificate to the specified Amazon Web
+    # Services account.
+    #
+    # Requires permission to access the [TransferCertificate][1] action.
     #
     # You can cancel the transfer until it is acknowledged by the recipient.
     #
@@ -10187,17 +11728,21 @@ module Aws::IoT
     # up to the caller to notify the transfer target.
     #
     # The certificate being transferred must not be in the ACTIVE state. You
-    # can use the UpdateCertificate API to deactivate it.
+    # can use the UpdateCertificate action to deactivate it.
     #
     # The certificate must not have any policies attached to it. You can use
-    # the DetachPrincipalPolicy API to detach them.
+    # the DetachPolicy action to detach them.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
     #
     # @option params [required, String] :target_aws_account
-    #   The AWS account.
+    #   The Amazon Web Services account.
     #
     # @option params [String] :transfer_message
     #   The transfer message.
@@ -10227,6 +11772,12 @@ module Aws::IoT
 
     # Removes the given tags (metadata) from the resource.
     #
+    # Requires permission to access the [UntagResource][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :resource_arn
     #   The ARN of the resource.
     #
@@ -10253,10 +11804,17 @@ module Aws::IoT
     # account. Settings include how audit notifications are sent and which
     # audit checks are enabled or disabled.
     #
+    # Requires permission to access the [UpdateAccountAuditConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :role_arn
     #   The Amazon Resource Name (ARN) of the role that grants permission to
-    #   AWS IoT to access information about your devices, policies,
-    #   certificates, and other items as required when performing an audit.
+    #   IoT to access information about your devices, policies, certificates,
+    #   and other items as required when performing an audit.
     #
     # @option params [Hash<String,Types::AuditNotificationTarget>] :audit_notification_target_configurations
     #   Information about the targets to which audit notifications are sent.
@@ -10358,6 +11916,12 @@ module Aws::IoT
 
     # Updates an authorizer.
     #
+    # Requires permission to access the [UpdateAuthorizer][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :authorizer_name
     #   The authorizer name.
     #
@@ -10404,6 +11968,12 @@ module Aws::IoT
 
     # Updates information about the billing group.
     #
+    # Requires permission to access the [UpdateBillingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :billing_group_name
     #   The name of the billing group.
     #
@@ -10443,6 +12013,12 @@ module Aws::IoT
 
     # Updates a registered CA certificate.
     #
+    # Requires permission to access the [UpdateCACertificate][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The CA certificate identifier.
     #
@@ -10487,14 +12063,20 @@ module Aws::IoT
     # Updates the status of the specified certificate. This operation is
     # idempotent.
     #
+    # Requires permission to access the [UpdateCertificate][1] action.
+    #
     # Certificates must be in the ACTIVE state to authenticate devices that
-    # use a certificate to connect to AWS IoT.
+    # use a certificate to connect to IoT.
     #
     # Within a few minutes of updating a certificate from the ACTIVE state
-    # to any other state, AWS IoT disconnects all devices that used that
+    # to any other state, IoT disconnects all devices that used that
     # certificate to connect. Devices cannot use a certificate that is not
     # in the ACTIVE state to reconnect.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :certificate_id
     #   The ID of the certificate. (The last part of the certificate ARN
     #   contains the certificate ID.)
@@ -10505,7 +12087,7 @@ module Aws::IoT
     #   **Note:** Setting the status to PENDING\_TRANSFER or
     #   PENDING\_ACTIVATION will result in an exception being thrown.
     #   PENDING\_TRANSFER and PENDING\_ACTIVATION are statuses used internally
-    #   by AWS IoT. They are not intended for developer use.
+    #   by IoT. They are not intended for developer use.
     #
     #   **Note:** The status value REGISTER\_INACTIVE is deprecated and should
     #   not be used.
@@ -10528,6 +12110,12 @@ module Aws::IoT
 
     # Updates a Device Defender detect custom metric.
     #
+    # Requires permission to access the [UpdateCustomMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :metric_name
     #   The name of the custom metric. Cannot be updated.
     #
@@ -10571,6 +12159,12 @@ module Aws::IoT
     # Updates the definition for a dimension. You cannot change the type of
     # a dimension after it is created (you can delete it and recreate it).
     #
+    # Requires permission to access the [UpdateDimension][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :name
     #   A unique identifier for the dimension. Choose something that describes
     #   the type and value to make it easy to remember what it does.
@@ -10616,6 +12210,13 @@ module Aws::IoT
     # Updates values stored in the domain configuration. Domain
     # configurations for default endpoints can't be updated.
     #
+    # Requires permission to access the [UpdateDomainConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :domain_configuration_name
     #   The name of the domain configuration to be updated.
     #
@@ -10659,6 +12260,12 @@ module Aws::IoT
 
     # Updates a dynamic thing group.
     #
+    # Requires permission to access the [UpdateDynamicThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The name of the dynamic thing group to update.
     #
@@ -10671,7 +12278,7 @@ module Aws::IoT
     # @option params [String] :index_name
     #   The dynamic thing group index to update.
     #
-    #   <note markdown="1"> Currently one index is supported: 'AWS\_Things'.
+    #   <note markdown="1"> Currently one index is supported: `AWS_Things`.
     #
     #    </note>
     #
@@ -10722,6 +12329,13 @@ module Aws::IoT
 
     # Updates the event configurations.
     #
+    # Requires permission to access the [UpdateEventConfigurations][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Hash<String,Types::Configuration>] :event_configurations
     #   The new event configuration values.
     #
@@ -10744,8 +12358,86 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Updates the data for a fleet metric.
+    #
+    # Requires permission to access the [UpdateFleetMetric][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
+    # @option params [required, String] :metric_name
+    #   The name of the fleet metric to update.
+    #
+    # @option params [String] :query_string
+    #   The search query string.
+    #
+    # @option params [Types::AggregationType] :aggregation_type
+    #   The type of the aggregation query.
+    #
+    # @option params [Integer] :period
+    #   The time in seconds between fleet metric emissions. Range \[60(1 min),
+    #   86400(1 day)\] and must be multiple of 60.
+    #
+    # @option params [String] :aggregation_field
+    #   The field to aggregate.
+    #
+    # @option params [String] :description
+    #   The description of the fleet metric.
+    #
+    # @option params [String] :query_version
+    #   The version of the query.
+    #
+    # @option params [required, String] :index_name
+    #   The name of the index to search.
+    #
+    # @option params [String] :unit
+    #   Used to support unit transformation such as milliseconds to seconds.
+    #   The unit must be supported by [CW metric][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/https:/docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html
+    #
+    # @option params [Integer] :expected_version
+    #   The expected version of the fleet metric record in the registry.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_fleet_metric({
+    #     metric_name: "FleetMetricName", # required
+    #     query_string: "QueryString",
+    #     aggregation_type: {
+    #       name: "Statistics", # required, accepts Statistics, Percentiles, Cardinality
+    #       values: ["AggregationTypeValue"],
+    #     },
+    #     period: 1,
+    #     aggregation_field: "AggregationField",
+    #     description: "FleetMetricDescription",
+    #     query_version: "QueryVersion",
+    #     index_name: "IndexName", # required
+    #     unit: "Seconds", # accepts Seconds, Microseconds, Milliseconds, Bytes, Kilobytes, Megabytes, Gigabytes, Terabytes, Bits, Kilobits, Megabits, Gigabits, Terabits, Percent, Count, Bytes/Second, Kilobytes/Second, Megabytes/Second, Gigabytes/Second, Terabytes/Second, Bits/Second, Kilobits/Second, Megabits/Second, Gigabits/Second, Terabits/Second, Count/Second, None
+    #     expected_version: 1,
+    #   })
+    #
+    # @overload update_fleet_metric(params = {})
+    # @param [Hash] params ({})
+    def update_fleet_metric(params = {}, options = {})
+      req = build_request(:update_fleet_metric, params)
+      req.send_request(options)
+    end
+
     # Updates the search configuration.
     #
+    # Requires permission to access the [UpdateIndexingConfiguration][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [Types::ThingIndexingConfiguration] :thing_indexing_configuration
     #   Thing indexing configuration.
     #
@@ -10799,6 +12491,12 @@ module Aws::IoT
 
     # Updates supported fields of the specified job.
     #
+    # Requires permission to access the [UpdateJob][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :job_id
     #   The ID of the job to be updated.
     #
@@ -10824,9 +12522,9 @@ module Aws::IoT
     # @option params [String] :namespace_id
     #   The namespace used to indicate that a job is a customer-managed job.
     #
-    #   When you specify a value for this parameter, AWS IoT Core sends jobs
-    #   notifications to MQTT topics that contain the value in the following
-    #   format.
+    #   When you specify a value for this parameter, Amazon Web Services IoT
+    #   Core sends jobs notifications to MQTT topics that contain the value in
+    #   the following format.
     #
     #   `$aws/things/THING_NAME/jobs/JOB_ID/notify-namespace-NAMESPACE_ID/`
     #
@@ -10881,6 +12579,12 @@ module Aws::IoT
 
     # Updates the definition for the specified mitigation action.
     #
+    # Requires permission to access the [UpdateMitigationAction][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :action_name
     #   The friendly name for the mitigation action. You cannot change the
     #   name by using `UpdateMitigationAction`. Instead, you must delete and
@@ -10940,6 +12644,13 @@ module Aws::IoT
 
     # Updates a fleet provisioning template.
     #
+    # Requires permission to access the [UpdateProvisioningTemplate][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :template_name
     #   The name of the fleet provisioning template.
     #
@@ -10988,6 +12699,12 @@ module Aws::IoT
 
     # Updates a role alias.
     #
+    # Requires permission to access the [UpdateRoleAlias][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :role_alias
     #   The role alias to update.
     #
@@ -11025,6 +12742,12 @@ module Aws::IoT
     # Updates a scheduled audit, including which checks are performed and
     # how often the audit takes place.
     #
+    # Requires permission to access the [UpdateScheduledAudit][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :frequency
     #   How often the scheduled audit takes place, either `DAILY`, `WEEKLY`,
     #   `BIWEEKLY`, or `MONTHLY`. The start time of each audit is determined
@@ -11079,6 +12802,12 @@ module Aws::IoT
 
     # Updates a Device Defender security profile.
     #
+    # Requires permission to access the [UpdateSecurityProfile][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :security_profile_name
     #   The name of the security profile you want to update.
     #
@@ -11249,6 +12978,12 @@ module Aws::IoT
     # Updates an existing stream. The stream version will be incremented by
     # one.
     #
+    # Requires permission to access the [UpdateStream][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :stream_id
     #   The stream ID.
     #
@@ -11303,6 +13038,12 @@ module Aws::IoT
 
     # Updates the data for a thing.
     #
+    # Requires permission to access the [UpdateThing][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_name
     #   The name of the thing to update.
     #
@@ -11357,6 +13098,12 @@ module Aws::IoT
 
     # Update a thing group.
     #
+    # Requires permission to access the [UpdateThingGroup][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :thing_group_name
     #   The thing group to update.
     #
@@ -11400,6 +13147,13 @@ module Aws::IoT
 
     # Updates the groups to which the thing belongs.
     #
+    # Requires permission to access the [UpdateThingGroupsForThing][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [String] :thing_name
     #   The thing whose group memberships will be updated.
     #
@@ -11436,6 +13190,13 @@ module Aws::IoT
     # Updates a topic rule destination. You use this to change the status,
     # endpoint URL, or confirmation URL of the destination.
     #
+    # Requires permission to access the [UpdateTopicRuleDestination][1]
+    # action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, String] :arn
     #   The ARN of the topic rule destination.
     #
@@ -11489,6 +13250,13 @@ module Aws::IoT
 
     # Validates a Device Defender security profile behaviors specification.
     #
+    # Requires permission to access the
+    # [ValidateSecurityProfileBehaviors][1] action.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    #
     # @option params [required, Array<Types::Behavior>] :behaviors
     #   Specifies the behaviors that, when violated by a device (thing), cause
     #   an alert.
@@ -11560,7 +13328,7 @@ module Aws::IoT
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iot'
-      context[:gem_version] = '1.71.0'
+      context[:gem_version] = '1.75.0'
       Seahorse::Client::Request.new(handlers, context)
     end