@jjrawlins/cdk-iam-policy-builder-helper 0.0.86 → 0.0.88

package/node_modules/@aws-sdk/client-iam/dist-types/models/models_0.d.ts

@@ -1,17 +1,14 @@
-import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
-import { IAMServiceException as __BaseException } from "./IAMServiceException";
+import { AccessAdvisorUsageGranularityType, AssertionEncryptionModeType, AssignmentStatusType, ContextKeyTypeEnum, DeletionTaskStatusType, EncodingType, EntityType, FeatureType, GlobalEndpointTokenVersion, JobStatusType, PermissionCheckResultType, PermissionCheckStatusType, PermissionsBoundaryAttachmentType, PolicyEvaluationDecisionType, PolicyOwnerEntityType, PolicyParameterTypeEnum, PolicyScopeType, PolicySourceType, PolicyType, PolicyUsageType, ReportFormatType, ReportStateType, SortKeyType, StateType, StatusType, SummaryKeyType, SummaryStateType } from "./enums";
 /**
  * @public
- * @enum
  */
-export declare const AccessAdvisorUsageGranularityType: {
-    readonly ACTION_LEVEL: "ACTION_LEVEL";
-    readonly SERVICE_LEVEL: "SERVICE_LEVEL";
-};
-/**
- * @public
- */
-export type AccessAdvisorUsageGranularityType = (typeof AccessAdvisorUsageGranularityType)[keyof typeof AccessAdvisorUsageGranularityType];
+export interface AcceptDelegationRequestRequest {
+    /**
+     * <p>The unique identifier of the delegation request to accept.</p>
+     * @public
+     */
+    DelegationRequestId: string | undefined;
+}
 /**
  * <p>An object that contains details about when a principal in the reported Organizations entity
  *          last attempted to access an Amazon Web Services service. A principal can be an IAM user, an IAM role,
@@ -68,19 +65,6 @@ export interface AccessDetail {
      */
     TotalAuthenticatedEntities?: number | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const StatusType: {
-    readonly Active: "Active";
-    readonly Expired: "Expired";
-    readonly Inactive: "Inactive";
-};
-/**
- * @public
- */
-export type StatusType = (typeof StatusType)[keyof typeof StatusType];
 /**
  * <p>Contains information about an Amazon Web Services access key.</p>
  *          <p> This data type is used as a response element in the <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html">CreateAccessKey</a> and
@@ -215,21 +199,6 @@ export interface AccessKeyMetadata {
      */
     CreateDate?: Date | undefined;
 }
-/**
- * <p>The request was rejected because the account making the request is not the management
- *       account or delegated administrator account for <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management">centralized root
- *         access</a>.</p>
- * @public
- */
-export declare class AccountNotManagementOrDelegatedAdministratorException extends __BaseException {
-    readonly name: "AccountNotManagementOrDelegatedAdministratorException";
-    readonly $fault: "client";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<AccountNotManagementOrDelegatedAdministratorException, __BaseException>);
-}
 /**
  * @public
  */
@@ -247,71 +216,6 @@ export interface AddClientIDToOpenIDConnectProviderRequest {
      */
     ClientID: string | undefined;
 }
-/**
- * <p>The request was rejected because multiple requests to change this object were submitted
- *       simultaneously. Wait a few minutes and submit your request again.</p>
- * @public
- */
-export declare class ConcurrentModificationException extends __BaseException {
-    readonly name: "ConcurrentModificationException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ConcurrentModificationException, __BaseException>);
-}
-/**
- * <p>The request was rejected because an invalid or out-of-range value was supplied for an
- *       input parameter.</p>
- * @public
- */
-export declare class InvalidInputException extends __BaseException {
-    readonly name: "InvalidInputException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<InvalidInputException, __BaseException>);
-}
-/**
- * <p>The request was rejected because it attempted to create resources beyond the current
- *       Amazon Web Services account limits. The error message describes the limit exceeded.</p>
- * @public
- */
-export declare class LimitExceededException extends __BaseException {
-    readonly name: "LimitExceededException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<LimitExceededException, __BaseException>);
-}
-/**
- * <p>The request was rejected because it referenced a resource entity that does not exist. The
- *       error message describes the resource.</p>
- * @public
- */
-export declare class NoSuchEntityException extends __BaseException {
-    readonly name: "NoSuchEntityException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<NoSuchEntityException, __BaseException>);
-}
-/**
- * <p>The request processing has failed because of an unknown error, exception or
- *       failure.</p>
- * @public
- */
-export declare class ServiceFailureException extends __BaseException {
-    readonly name: "ServiceFailureException";
-    readonly $fault: "server";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ServiceFailureException, __BaseException>);
-}
 /**
  * @public
  */
@@ -331,34 +235,6 @@ export interface AddRoleToInstanceProfileRequest {
      */
     RoleName: string | undefined;
 }
-/**
- * <p>The request was rejected because it attempted to create a resource that already
- *       exists.</p>
- * @public
- */
-export declare class EntityAlreadyExistsException extends __BaseException {
-    readonly name: "EntityAlreadyExistsException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<EntityAlreadyExistsException, __BaseException>);
-}
-/**
- * <p>The request was rejected because service-linked roles are protected Amazon Web Services resources. Only
- *       the service that depends on the service-linked role can modify or delete the role on your
- *       behalf. The error message includes the name of the service that depends on this service-linked
- *       role. You must request the change through that service.</p>
- * @public
- */
-export declare class UnmodifiableEntityException extends __BaseException {
-    readonly name: "UnmodifiableEntityException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<UnmodifiableEntityException, __BaseException>);
-}
 /**
  * @public
  */
@@ -378,42 +254,16 @@ export interface AddUserToGroupRequest {
      */
     UserName: string | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const AssertionEncryptionModeType: {
-    readonly Allowed: "Allowed";
-    readonly Required: "Required";
-};
 /**
  * @public
  */
-export type AssertionEncryptionModeType = (typeof AssertionEncryptionModeType)[keyof typeof AssertionEncryptionModeType];
-/**
- * @public
- * @enum
- */
-export declare const AssignmentStatusType: {
-    readonly Any: "Any";
-    readonly Assigned: "Assigned";
-    readonly Unassigned: "Unassigned";
-};
-/**
- * @public
- */
-export type AssignmentStatusType = (typeof AssignmentStatusType)[keyof typeof AssignmentStatusType];
-/**
- * @public
- * @enum
- */
-export declare const PermissionsBoundaryAttachmentType: {
-    readonly Policy: "PermissionsBoundaryPolicy";
-};
-/**
- * @public
- */
-export type PermissionsBoundaryAttachmentType = (typeof PermissionsBoundaryAttachmentType)[keyof typeof PermissionsBoundaryAttachmentType];
+export interface AssociateDelegationRequestRequest {
+    /**
+     * <p>The unique identifier of the delegation request to associate.</p>
+     * @public
+     */
+    DelegationRequestId: string | undefined;
+}
 /**
  * <p>Contains information about an attached permissions boundary.</p>
  *          <p>An attached permissions boundary is a managed policy that has been attached to a user or
@@ -476,19 +326,6 @@ export interface AttachGroupPolicyRequest {
      */
     PolicyArn: string | undefined;
 }
-/**
- * <p>The request failed because Amazon Web Services service role policies can only be attached to the
- *       service-linked role for that service.</p>
- * @public
- */
-export declare class PolicyNotAttachableException extends __BaseException {
-    readonly name: "PolicyNotAttachableException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<PolicyNotAttachableException, __BaseException>);
-}
 /**
  * @public
  */
@@ -548,47 +385,6 @@ export interface ChangePasswordRequest {
      */
     NewPassword: string | undefined;
 }
-/**
- * <p>The request was rejected because it referenced an entity that is temporarily unmodifiable,
- *       such as a user name that was deleted and then recreated. The error indicates that the request
- *       is likely to succeed if you try again after waiting several minutes. The error message
- *       describes the entity.</p>
- * @public
- */
-export declare class EntityTemporarilyUnmodifiableException extends __BaseException {
-    readonly name: "EntityTemporarilyUnmodifiableException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<EntityTemporarilyUnmodifiableException, __BaseException>);
-}
-/**
- * <p>The request was rejected because the type of user for the transaction was
- *       incorrect.</p>
- * @public
- */
-export declare class InvalidUserTypeException extends __BaseException {
-    readonly name: "InvalidUserTypeException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<InvalidUserTypeException, __BaseException>);
-}
-/**
- * <p>The request was rejected because the provided password did not meet the requirements
- *       imposed by the account password policy.</p>
- * @public
- */
-export declare class PasswordPolicyViolationException extends __BaseException {
-    readonly name: "PasswordPolicyViolationException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<PasswordPolicyViolationException, __BaseException>);
-}
 /**
  * @public
  */
@@ -627,52 +423,39 @@ export interface CreateAccountAliasRequest {
     AccountAlias: string | undefined;
 }
 /**
- * @public
- * @enum
- */
-export declare const PolicyParameterTypeEnum: {
-    readonly STRING: "string";
-    readonly STRING_LIST: "stringList";
-};
-/**
- * @public
- */
-export type PolicyParameterTypeEnum = (typeof PolicyParameterTypeEnum)[keyof typeof PolicyParameterTypeEnum];
-/**
- * <p></p>
+ * <p>Contains information about a policy parameter used to customize delegated permissions.</p>
  * @public
  */
 export interface PolicyParameter {
     /**
-     * <p></p>
+     * <p>The name of the policy parameter.</p>
      * @public
      */
     Name?: string | undefined;
     /**
-     * <p></p>
+     * <p>The allowed values for the policy parameter.</p>
      * @public
      */
     Values?: string[] | undefined;
     /**
-     * <p></p>
+     * <p>The data type of the policy parameter value.</p>
      * @public
      */
     Type?: PolicyParameterTypeEnum | undefined;
 }
 /**
- * <p></p>
+ * <p>Contains information about the permissions being delegated in a delegation request.</p>
  * @public
  */
 export interface DelegationPermission {
     /**
-     * <p>The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.</p>
-     *          <p>For more information about ARNs, go to <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in
-     *          the <i>Amazon Web Services General Reference</i>. </p>
+     * <p>This ARN maps to a pre-registered policy content for this partner.
+     *          See the <a href="">partner onboarding documentation</a> to understand how to create a delegation template.</p>
      * @public
      */
     PolicyTemplateArn?: string | undefined;
     /**
-     * <p></p>
+     * <p>A list of policy parameters that define the scope and constraints of the delegated permissions.</p>
      * @public
      */
     Parameters?: PolicyParameter[] | undefined;
@@ -682,47 +465,68 @@ export interface DelegationPermission {
  */
 export interface CreateDelegationRequestRequest {
     /**
-     * <p></p>
+     * <p>The Amazon Web Services account ID this delegation request is targeted to.</p>
+     *          <p>If the account ID is not known, this parameter can be omitted, resulting in a request that can be associated by
+     *       any account. If the account ID passed, then the created delegation request can only be associated with an
+     *       identity of that target account.</p>
      * @public
      */
     OwnerAccountId?: string | undefined;
     /**
-     * <p></p>
+     * <p>A description of the delegation request.</p>
      * @public
      */
     Description: string | undefined;
     /**
-     * <p></p>
+     * <p>The permissions to be delegated in this delegation request.</p>
      * @public
      */
     Permissions: DelegationPermission | undefined;
     /**
-     * <p></p>
+     * <p>A message explaining the reason for the delegation request.</p>
+     *          <p>Requesters can utilize this field to add a custom note to the delegation request. This field is different from the
+     *       description such that this is to be utilized for a custom messaging on a case-by-case basis.</p>
+     *          <p>For example, if the current delegation request is in response to a previous request being rejected, this explanation
+     *          can be added to the request via this field.</p>
      * @public
      */
     RequestMessage?: string | undefined;
     /**
-     * <p></p>
+     * <p>The workflow ID associated with the requestor.</p>
+     *          <p>This is the unique identifier on the partner side that  can be used to track the progress of the request.</p>
+     *          <p>IAM maintains a uniqueness check on this workflow id for each request - if a workflow id for an existing request
+     *          is passed, this API call will fail.</p>
      * @public
      */
     RequestorWorkflowId: string | undefined;
     /**
-     * <p></p>
+     * <p>The URL to redirect to after the delegation request is processed.</p>
+     *          <p>This URL is used by the IAM console to show a link to the customer to re-load the partner workflow.</p>
      * @public
      */
     RedirectUrl?: string | undefined;
     /**
-     * <p></p>
+     * <p>The notification channel for updates about the delegation request.</p>
+     *          <p>At this time,only SNS topic ARNs are accepted for notification. This topic ARN must have a resource policy granting
+     *          <code>SNS:Publish</code> permission to the IAM service principal (<code>iam.amazonaws.com</code>). See
+     *          <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-temporary-delegation-partner-guide.html">partner onboarding documentation</a> for more details.
+     *       </p>
      * @public
      */
     NotificationChannel: string | undefined;
     /**
-     * <p></p>
+     * <p>The duration for which the delegated session should remain active, in seconds.</p>
+     *          <p>The active time window for the session starts when the customer calls the
+     *          <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_SendDelegationToken.html">SendDelegationToken</a> API.</p>
      * @public
      */
     SessionDuration: number | undefined;
     /**
-     * <p></p>
+     * <p>Specifies whether the delegation token should only be sent by the owner.</p>
+     *          <p>This flag prevents any party other than the owner from calling <code>SendDelegationToken</code> API for this delegation request.
+     *          This behavior becomes useful when the delegation request owner needs to be present for subsequent partner interactions, but the delegation request was sent
+     *          to a more privileged user for approval due to the owner lacking sufficient delegation permissions.
+     *       </p>
      * @public
      */
     OnlySendByOwner?: boolean | undefined;
@@ -732,12 +536,15 @@ export interface CreateDelegationRequestRequest {
  */
 export interface CreateDelegationRequestResponse {
     /**
-     * <p></p>
+     * <p>A deep link URL to the Amazon Web Services Management Console for managing the delegation request.</p>
+     *          <p>For a console based workflow, partners should redirect the customer to this URL.
+     *          If the customer is not logged in to any Amazon Web Services account, the Amazon Web Services workflow will
+     *       automatically direct the customer to log in and then display the delegation request approval page.</p>
      * @public
      */
     ConsoleDeepLink?: string | undefined;
     /**
-     * <p></p>
+     * <p>The unique identifier for the created delegation request.</p>
      * @public
      */
     DelegationRequestId?: string | undefined;
@@ -1229,19 +1036,6 @@ export interface CreateOpenIDConnectProviderResponse {
      */
     Tags?: Tag[] | undefined;
 }
-/**
- * <p>The request failed because IAM cannot connect to the OpenID Connect identity provider
- *       URL.</p>
- * @public
- */
-export declare class OpenIdIdpCommunicationErrorException extends __BaseException {
-    readonly name: "OpenIdIdpCommunicationErrorException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<OpenIdIdpCommunicationErrorException, __BaseException>);
-}
 /**
  * @public
  */
@@ -1418,19 +1212,6 @@ export interface CreatePolicyResponse {
      */
     Policy?: Policy | undefined;
 }
-/**
- * <p>The request was rejected because the policy document was malformed. The error message
- *       describes the specific error.</p>
- * @public
- */
-export declare class MalformedPolicyDocumentException extends __BaseException {
-    readonly name: "MalformedPolicyDocumentException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<MalformedPolicyDocumentException, __BaseException>);
-}
 /**
  * @public
  */
@@ -1864,18 +1645,6 @@ export interface CreateServiceSpecificCredentialResponse {
      */
     ServiceSpecificCredential?: ServiceSpecificCredential | undefined;
 }
-/**
- * <p>The specified service does not support service-specific credentials.</p>
- * @public
- */
-export declare class ServiceNotSupportedException extends __BaseException {
-    readonly name: "ServiceNotSupportedException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ServiceNotSupportedException, __BaseException>);
-}
 /**
  * @public
  */
@@ -2174,19 +1943,6 @@ export interface DeleteAccountAliasRequest {
      */
     AccountAlias: string | undefined;
 }
-/**
- * <p>The request was rejected because it attempted to delete a resource that has attached
- *       subordinate entities. The error message describes these entities.</p>
- * @public
- */
-export declare class DeleteConflictException extends __BaseException {
-    readonly name: "DeleteConflictException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<DeleteConflictException, __BaseException>);
-}
 /**
  * @public
  */
@@ -2553,18 +2309,6 @@ export interface DetachUserPolicyRequest {
  */
 export interface DisableOrganizationsRootCredentialsManagementRequest {
 }
-/**
- * @public
- * @enum
- */
-export declare const FeatureType: {
-    readonly ROOT_CREDENTIALS_MANAGEMENT: "RootCredentialsManagement";
-    readonly ROOT_SESSIONS: "RootSessions";
-};
-/**
- * @public
- */
-export type FeatureType = (typeof FeatureType)[keyof typeof FeatureType];
 /**
  * @public
  */
@@ -2581,47 +2325,6 @@ export interface DisableOrganizationsRootCredentialsManagementResponse {
      */
     EnabledFeatures?: FeatureType[] | undefined;
 }
-/**
- * <p>The request was rejected because no organization is associated with your account.</p>
- * @public
- */
-export declare class OrganizationNotFoundException extends __BaseException {
-    readonly name: "OrganizationNotFoundException";
-    readonly $fault: "client";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<OrganizationNotFoundException, __BaseException>);
-}
-/**
- * <p>The request was rejected because your organization does not have All features enabled. For
- *       more information, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set">Available feature sets</a> in the <i>Organizations User
- *       Guide</i>.</p>
- * @public
- */
-export declare class OrganizationNotInAllFeaturesModeException extends __BaseException {
-    readonly name: "OrganizationNotInAllFeaturesModeException";
-    readonly $fault: "client";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<OrganizationNotInAllFeaturesModeException, __BaseException>);
-}
-/**
- * <p>The request was rejected because trusted access is not enabled for IAM in Organizations. For details, see IAM and Organizations in the <i>Organizations User Guide</i>.</p>
- * @public
- */
-export declare class ServiceAccessNotEnabledException extends __BaseException {
-    readonly name: "ServiceAccessNotEnabledException";
-    readonly $fault: "client";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ServiceAccessNotEnabledException, __BaseException>);
-}
 /**
  * @public
  */
@@ -2692,33 +2395,6 @@ export interface EnableMFADeviceRequest {
      */
     AuthenticationCode2: string | undefined;
 }
-/**
- * <p>The request was rejected because the authentication code was not recognized. The error
- *       message describes the specific error.</p>
- * @public
- */
-export declare class InvalidAuthenticationCodeException extends __BaseException {
-    readonly name: "InvalidAuthenticationCodeException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<InvalidAuthenticationCodeException, __BaseException>);
-}
-/**
- * <p>The request was rejected because the account making the request is not the management
- *       account for the organization.</p>
- * @public
- */
-export declare class CallerIsNotManagementAccountException extends __BaseException {
-    readonly name: "CallerIsNotManagementAccountException";
-    readonly $fault: "client";
-    Message?: string | undefined;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<CallerIsNotManagementAccountException, __BaseException>);
-}
 /**
  * @public
  */
@@ -2759,19 +2435,18 @@ export interface EnableOrganizationsRootSessionsResponse {
      */
     EnabledFeatures?: FeatureType[] | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const ReportStateType: {
-    readonly COMPLETE: "COMPLETE";
-    readonly INPROGRESS: "INPROGRESS";
-    readonly STARTED: "STARTED";
-};
 /**
  * @public
  */
-export type ReportStateType = (typeof ReportStateType)[keyof typeof ReportStateType];
+export interface EnableOutboundWebIdentityFederationResponse {
+    /**
+     * <p>A unique issuer URL for your Amazon Web Services account that hosts the OpenID Connect (OIDC) discovery endpoints
+     *             at <code>/.well-known/openid-configuration and /.well-known/jwks.json</code>. The OpenID Connect (OIDC) discovery endpoints contain verification keys and metadata necessary
+     *             for token verification.</p>
+     * @public
+     */
+    IssuerIdentifier?: string | undefined;
+}
 /**
  * <p>Contains the response to a successful <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html">GenerateCredentialReport</a> request. </p>
  * @public
@@ -2821,19 +2496,6 @@ export interface GenerateOrganizationsAccessReportResponse {
      */
     JobId?: string | undefined;
 }
-/**
- * <p>The request failed because the maximum number of concurrent requests for this account are
- *       already running.</p>
- * @public
- */
-export declare class ReportGenerationLimitExceededException extends __BaseException {
-    readonly name: "ReportGenerationLimitExceededException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ReportGenerationLimitExceededException, __BaseException>);
-}
 /**
  * @public
  */
@@ -2899,21 +2561,6 @@ export interface GetAccessKeyLastUsedResponse {
      */
     AccessKeyLastUsed?: AccessKeyLastUsed | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const EntityType: {
-    readonly AWSManagedPolicy: "AWSManagedPolicy";
-    readonly Group: "Group";
-    readonly LocalManagedPolicy: "LocalManagedPolicy";
-    readonly Role: "Role";
-    readonly User: "User";
-};
-/**
- * @public
- */
-export type EntityType = (typeof EntityType)[keyof typeof EntityType];
 /**
  * @public
  */
@@ -3379,50 +3026,6 @@ export interface GetAccountPasswordPolicyResponse {
      */
     PasswordPolicy: PasswordPolicy | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const SummaryKeyType: {
-    readonly AccessKeysPerUserQuota: "AccessKeysPerUserQuota";
-    readonly AccountAccessKeysPresent: "AccountAccessKeysPresent";
-    readonly AccountMFAEnabled: "AccountMFAEnabled";
-    readonly AccountPasswordPresent: "AccountPasswordPresent";
-    readonly AccountSigningCertificatesPresent: "AccountSigningCertificatesPresent";
-    readonly AssumeRolePolicySizeQuota: "AssumeRolePolicySizeQuota";
-    readonly AttachedPoliciesPerGroupQuota: "AttachedPoliciesPerGroupQuota";
-    readonly AttachedPoliciesPerRoleQuota: "AttachedPoliciesPerRoleQuota";
-    readonly AttachedPoliciesPerUserQuota: "AttachedPoliciesPerUserQuota";
-    readonly GlobalEndpointTokenVersion: "GlobalEndpointTokenVersion";
-    readonly GroupPolicySizeQuota: "GroupPolicySizeQuota";
-    readonly Groups: "Groups";
-    readonly GroupsPerUserQuota: "GroupsPerUserQuota";
-    readonly GroupsQuota: "GroupsQuota";
-    readonly InstanceProfiles: "InstanceProfiles";
-    readonly InstanceProfilesQuota: "InstanceProfilesQuota";
-    readonly MFADevices: "MFADevices";
-    readonly MFADevicesInUse: "MFADevicesInUse";
-    readonly Policies: "Policies";
-    readonly PoliciesQuota: "PoliciesQuota";
-    readonly PolicySizeQuota: "PolicySizeQuota";
-    readonly PolicyVersionsInUse: "PolicyVersionsInUse";
-    readonly PolicyVersionsInUseQuota: "PolicyVersionsInUseQuota";
-    readonly Providers: "Providers";
-    readonly RolePolicySizeQuota: "RolePolicySizeQuota";
-    readonly Roles: "Roles";
-    readonly RolesQuota: "RolesQuota";
-    readonly ServerCertificates: "ServerCertificates";
-    readonly ServerCertificatesQuota: "ServerCertificatesQuota";
-    readonly SigningCertificatesPerUserQuota: "SigningCertificatesPerUserQuota";
-    readonly UserPolicySizeQuota: "UserPolicySizeQuota";
-    readonly Users: "Users";
-    readonly UsersQuota: "UsersQuota";
-    readonly VersionsPerPolicyQuota: "VersionsPerPolicyQuota";
-};
-/**
- * @public
- */
-export type SummaryKeyType = (typeof SummaryKeyType)[keyof typeof SummaryKeyType];
 /**
  * <p>Contains the response to a successful <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html">GetAccountSummary</a> request.
  *     </p>
@@ -3514,57 +3117,6 @@ export interface GetContextKeysForPrincipalPolicyRequest {
      */
     PolicyInputList?: string[] | undefined;
 }
-/**
- * <p>The request was rejected because the most recent credential report has expired. To
- *       generate a new credential report, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html">GenerateCredentialReport</a>. For more information about credential report expiration,
- *       see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html">Getting
- *         credential reports</a> in the <i>IAM User Guide</i>.</p>
- * @public
- */
-export declare class CredentialReportExpiredException extends __BaseException {
-    readonly name: "CredentialReportExpiredException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<CredentialReportExpiredException, __BaseException>);
-}
-/**
- * <p>The request was rejected because the credential report does not exist. To generate a
- *       credential report, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html">GenerateCredentialReport</a>.</p>
- * @public
- */
-export declare class CredentialReportNotPresentException extends __BaseException {
-    readonly name: "CredentialReportNotPresentException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<CredentialReportNotPresentException, __BaseException>);
-}
-/**
- * <p>The request was rejected because the credential report is still being generated.</p>
- * @public
- */
-export declare class CredentialReportNotReadyException extends __BaseException {
-    readonly name: "CredentialReportNotReadyException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<CredentialReportNotReadyException, __BaseException>);
-}
-/**
- * @public
- * @enum
- */
-export declare const ReportFormatType: {
-    readonly text_csv: "text/csv";
-};
-/**
- * @public
- */
-export type ReportFormatType = (typeof ReportFormatType)[keyof typeof ReportFormatType];
 /**
  * <p>Contains the response to a successful <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetCredentialReport.html">GetCredentialReport</a>
  *       request. </p>
@@ -3590,30 +3142,222 @@ export interface GetCredentialReportResponse {
 /**
  * @public
  */
-export interface GetGroupRequest {
+export interface GetDelegationRequestRequest {
     /**
-     * <p>The name of the group.</p>
-     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
-     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * <p>The unique identifier of the delegation request to retrieve.</p>
      * @public
      */
-    GroupName: string | undefined;
+    DelegationRequestId: string | undefined;
     /**
-     * <p>Use this parameter only when paginating results and only after
-     *     you receive a response indicating that the results are truncated. Set it to the value of the
-     *     <code>Marker</code> element in the response that you received to indicate where the next call
-     *     should start.</p>
+     * <p>Specifies whether to perform a permission check for the delegation request.</p>
+     *          <p>If set to true, the <code>GetDelegationRequest</code> API call will start a permission check process. This process
+     *       calculates whether the caller has sufficient permissions to cover the asks from this delegation request.</p>
+     *          <p>Setting this parameter to true does not guarantee an answer in the response. See the <code>PermissionCheckStatus</code>
+     *       and the <code>PermissionCheckResult</code> response attributes for further details.</p>
      * @public
      */
-    Marker?: string | undefined;
+    DelegationPermissionCheck?: boolean | undefined;
+}
+/**
+ * <p>Contains information about a delegation request, including its status, permissions, and associated metadata.</p>
+ * @public
+ */
+export interface DelegationRequest {
     /**
-     * <p>Use this only when paginating results to indicate the
-     *     maximum number of items you want in the response. If additional items exist beyond the maximum
-     *     you specify, the <code>IsTruncated</code> response element is <code>true</code>.</p>
-     *          <p>If you do not include this parameter, the number of items defaults to 100. Note that
-     *     IAM might return fewer results, even when there are more results available. In that case, the
-     *     <code>IsTruncated</code> response element returns <code>true</code>, and <code>Marker</code>
-     *     contains a value to include in the subsequent call that tells the service where to continue
+     * <p>The unique identifier for the delegation request.</p>
+     * @public
+     */
+    DelegationRequestId?: string | undefined;
+    /**
+     * <p>Amazon Web Services account ID of the owner of the delegation request.</p>
+     * @public
+     */
+    OwnerAccountId?: string | undefined;
+    /**
+     * <p>Description of the delegation request. This is a message that is provided by the Amazon Web Services
+     *          partner that filed the delegation request.</p>
+     * @public
+     */
+    Description?: string | undefined;
+    /**
+     * <p>A custom message that is added to the delegation request by the partner.</p>
+     *          <p>This element is different from the <code>Description</code> element such that this is a
+     *       request specific message injected by the partner. The <code>Description</code> is typically
+     *          a generic explanation of what the delegation request is targeted to do.</p>
+     * @public
+     */
+    RequestMessage?: string | undefined;
+    /**
+     * <p>Contains information about the permissions being delegated in a delegation request.</p>
+     * @public
+     */
+    Permissions?: DelegationPermission | undefined;
+    /**
+     * <p>JSON content of the associated permission policy of this delegation request.</p>
+     * @public
+     */
+    PermissionPolicy?: string | undefined;
+    /**
+     * <p>If the <code>PermissionPolicy</code> includes role creation permissions, this element will
+     *       include the list of permissions boundary policies associated with the role creation.
+     *       See <a href="IAM/latest/UserGuide/access_policies_boundaries.html">Permissions boundaries for IAM entities</a>
+     *          for more details about IAM permission boundaries.
+     *       </p>
+     * @public
+     */
+    RolePermissionRestrictionArns?: string[] | undefined;
+    /**
+     * <p>ARN of the owner of this delegation request.</p>
+     * @public
+     */
+    OwnerId?: string | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.</p>
+     *          <p>For more information about ARNs, go to <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in
+     *          the <i>Amazon Web Services General Reference</i>. </p>
+     * @public
+     */
+    ApproverId?: string | undefined;
+    /**
+     * <p>The state of this delegation request.</p>
+     *          <p>See the <a href="IAM/latest/UserGuide/temporary-delegation-building-integration.html">Understanding the Request Lifecycle</a> for an explanation of how these
+     *       states are transitioned.</p>
+     * @public
+     */
+    State?: StateType | undefined;
+    /**
+     * <p>Identity of the requestor of this delegation request. This will be an Amazon Web Services account ID.</p>
+     * @public
+     */
+    RequestorId?: string | undefined;
+    /**
+     * <p>A friendly name of the requestor.</p>
+     * @public
+     */
+    RequestorName?: string | undefined;
+    /**
+     * <p>Creation date (timestamp) of this delegation request.</p>
+     * @public
+     */
+    CreateDate?: Date | undefined;
+    /**
+     * <p>The life-time of the requested session credential.</p>
+     * @public
+     */
+    SessionDuration?: number | undefined;
+    /**
+     * <p>A URL to be redirected to once the delegation request is approved. Partners provide this URL when
+     *       creating the delegation request.</p>
+     * @public
+     */
+    RedirectUrl?: string | undefined;
+    /**
+     * <p>Notes added to this delegation request, if this request was updated via the
+     *          <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateDelegationRequest.html">UpdateDelegationRequest</a>
+     *       API.</p>
+     * @public
+     */
+    Notes?: string | undefined;
+    /**
+     * <p>Reasons for rejecting this delegation request, if this request was rejected. See also
+     *          <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_RejectDelegationRequest.html">RejectDelegationRequest</a>
+     *          API documentation.
+     *       </p>
+     * @public
+     */
+    RejectionReason?: string | undefined;
+    /**
+     * <p>A flag indicating whether the
+     *          <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_SendDelegationToken.html">SendDelegationToken</a>
+     *       must be called by the owner of this delegation request. This is set by the requesting partner.</p>
+     * @public
+     */
+    OnlySendByOwner?: boolean | undefined;
+    /**
+     * <p>Last updated timestamp of the request.</p>
+     * @public
+     */
+    UpdatedTime?: Date | undefined;
+}
+/**
+ * @public
+ */
+export interface GetDelegationRequestResponse {
+    /**
+     * <p>The delegation request object containing all details about the request.</p>
+     * @public
+     */
+    DelegationRequest?: DelegationRequest | undefined;
+    /**
+     * <p>The status of the permission check for the delegation request.</p>
+     *          <p>This value indicates the status of the process to check whether the caller has sufficient permissions to cover the requested actions in the delegation request.
+     *       Since this is an asynchronous process, there are three potential values:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>IN_PROGRESS</code> : The permission check process has started.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>COMPLETED</code> : The permission check process has completed. The <code>PermissionCheckResult</code> will include the result.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>FAILED</code> : The permission check process has failed.</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    PermissionCheckStatus?: PermissionCheckStatusType | undefined;
+    /**
+     * <p>The result of the permission check, indicating whether the caller has sufficient permissions to cover the requested permissions.
+     *       This is an approximate result.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>ALLOWED</code> : The caller has sufficient permissions cover all the requested permissions.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>DENIED</code> : The caller does not have sufficient permissions to cover all the requested permissions.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>UNSURE</code> : It is not possible to determine whether the caller has all the permissions needed.
+     *                This output is most likely for cases when the caller has permissions with conditions.</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    PermissionCheckResult?: PermissionCheckResultType | undefined;
+}
+/**
+ * @public
+ */
+export interface GetGroupRequest {
+    /**
+     * <p>The name of the group.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    GroupName: string | undefined;
+    /**
+     * <p>Use this parameter only when paginating results and only after
+     *     you receive a response indicating that the results are truncated. Set it to the value of the
+     *     <code>Marker</code> element in the response that you received to indicate where the next call
+     *     should start.</p>
+     * @public
+     */
+    Marker?: string | undefined;
+    /**
+     * <p>Use this only when paginating results to indicate the
+     *     maximum number of items you want in the response. If additional items exist beyond the maximum
+     *     you specify, the <code>IsTruncated</code> response element is <code>true</code>.</p>
+     *          <p>If you do not include this parameter, the number of items defaults to 100. Note that
+     *     IAM might return fewer results, even when there are more results available. In that case, the
+     *     <code>IsTruncated</code> response element returns <code>true</code>, and <code>Marker</code>
+     *     contains a value to include in the subsequent call that tells the service where to continue
      *     from.</p>
      * @public
      */
@@ -3696,6 +3440,48 @@ export interface GetGroupPolicyResponse {
      */
     PolicyDocument: string | undefined;
 }
+/**
+ * @public
+ */
+export interface GetHumanReadableSummaryRequest {
+    /**
+     * <p>Arn of the entity to be summarized. At this time, the only supported
+     *          entity type is <code>delegation-request</code>
+     *          </p>
+     * @public
+     */
+    EntityArn: string | undefined;
+    /**
+     * <p>A string representing the locale to use for the summary generation. The
+     *       supported locale strings are based on the <a href="/awsconsolehelpdocs/latest/gsg/change-language.html#supported-languages">
+     *             Supported languages of the Amazon Web Services Management Console
+     *          </a>.</p>
+     * @public
+     */
+    Locale?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetHumanReadableSummaryResponse {
+    /**
+     * <p>Summary content in the specified locale. Summary content is non-empty only if the
+     *       <code>SummaryState</code> is <code>AVAILABLE</code>.</p>
+     * @public
+     */
+    SummaryContent?: string | undefined;
+    /**
+     * <p>The locale that this response was generated for. This maps to the input locale.</p>
+     * @public
+     */
+    Locale?: string | undefined;
+    /**
+     * <p>State of summary generation. This generation process is asynchronous and this attribute indicates the
+     *       state of the generation process.</p>
+     * @public
+     */
+    SummaryState?: SummaryStateType | undefined;
+}
 /**
  * @public
  */
@@ -3841,20 +3627,6 @@ export interface GetOpenIDConnectProviderResponse {
      */
     Tags?: Tag[] | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const SortKeyType: {
-    readonly LAST_AUTHENTICATED_TIME_ASCENDING: "LAST_AUTHENTICATED_TIME_ASCENDING";
-    readonly LAST_AUTHENTICATED_TIME_DESCENDING: "LAST_AUTHENTICATED_TIME_DESCENDING";
-    readonly SERVICE_NAMESPACE_ASCENDING: "SERVICE_NAMESPACE_ASCENDING";
-    readonly SERVICE_NAMESPACE_DESCENDING: "SERVICE_NAMESPACE_DESCENDING";
-};
-/**
- * @public
- */
-export type SortKeyType = (typeof SortKeyType)[keyof typeof SortKeyType];
 /**
  * @public
  */
@@ -3909,19 +3681,6 @@ export interface ErrorDetails {
      */
     Code: string | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const JobStatusType: {
-    readonly COMPLETED: "COMPLETED";
-    readonly FAILED: "FAILED";
-    readonly IN_PROGRESS: "IN_PROGRESS";
-};
-/**
- * @public
- */
-export type JobStatusType = (typeof JobStatusType)[keyof typeof JobStatusType];
 /**
  * @public
  */
@@ -3932,13 +3691,13 @@ export interface GetOrganizationsAccessReportResponse {
      */
     JobStatus: JobStatusType | undefined;
     /**
-     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
+     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
      *                 format</a>, when the report job was created.</p>
      * @public
      */
     JobCreationDate: Date | undefined;
     /**
-     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
+     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
      *                 format</a>, when the generated report job was completed or failed.</p>
      *          <p>This field is null if the job is still in progress, as indicated by a job status value
      *             of <code>IN_PROGRESS</code>.</p>
@@ -3958,7 +3717,7 @@ export interface GetOrganizationsAccessReportResponse {
      */
     NumberOfServicesNotAccessed?: number | undefined;
     /**
-     * <p>An object that contains details about the most recent attempt to access the
+     * <p>An object that contains details about the most recent attempt to access the
      *             service.</p>
      * @public
      */
@@ -3987,6 +3746,23 @@ export interface GetOrganizationsAccessReportResponse {
      */
     ErrorDetails?: ErrorDetails | undefined;
 }
+/**
+ * @public
+ */
+export interface GetOutboundWebIdentityFederationInfoResponse {
+    /**
+     * <p>A unique issuer URL for your Amazon Web Services account that hosts the OpenID Connect (OIDC) discovery endpoints at
+     *             <code>/.well-known/openid-configuration and /.well-known/jwks.json</code>. The OpenID Connect (OIDC) discovery endpoints contain verification keys and metadata necessary for token verification.</p>
+     * @public
+     */
+    IssuerIdentifier?: string | undefined;
+    /**
+     * <p>Indicates whether outbound identity federation is currently enabled for your
+     *             Amazon Web Services account. When true, IAM principals in the account can call the <code>GetWebIdentityToken</code> API to obtain JSON Web Tokens (JWTs) for authentication with external services. </p>
+     * @public
+     */
+    JwtVendingEnabled?: boolean | undefined;
+}
 /**
  * @public
  */
@@ -4432,19 +4208,19 @@ export interface GetServiceLastAccessedDetailsResponse {
      */
     JobType?: AccessAdvisorUsageGranularityType | undefined;
     /**
-     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
+     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
      *                 format</a>, when the report job was created.</p>
      * @public
      */
     JobCreationDate: Date | undefined;
     /**
-     * <p> A <code>ServiceLastAccessed</code> object that contains details about the most recent
+     * <p> A <code>ServiceLastAccessed</code> object that contains details about the most recent
      *             attempt to access the service.</p>
      * @public
      */
     ServicesLastAccessed: ServiceLastAccessed[] | undefined;
     /**
-     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
+     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
      *                 format</a>, when the generated report job was completed or failed.</p>
      *          <p>This field is null if the job is still in progress, as indicated by a job status value
      *             of <code>IN_PROGRESS</code>.</p>
@@ -4492,7 +4268,7 @@ export interface GetServiceLastAccessedDetailsWithEntitiesRequest {
      *             details for that service. In the first paragraph, find the service prefix. For example,
      *                 <code>(service prefix: a4b)</code>. For more information about service namespaces,
      *             see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces">Amazon Web Services
-     *                 service namespaces</a> in the <i>Amazon Web Services General Reference</i>.</p>
+     *                 service namespaces</a> in the <i>Amazon Web Services General Reference</i>.</p>
      * @public
      */
     ServiceNamespace: string | undefined;
@@ -4517,19 +4293,6 @@ export interface GetServiceLastAccessedDetailsWithEntitiesRequest {
      */
     Marker?: string | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const PolicyOwnerEntityType: {
-    readonly GROUP: "GROUP";
-    readonly ROLE: "ROLE";
-    readonly USER: "USER";
-};
-/**
- * @public
- */
-export type PolicyOwnerEntityType = (typeof PolicyOwnerEntityType)[keyof typeof PolicyOwnerEntityType];
 /**
  * <p>Contains details about the specified entity (user or role).</p>
  *          <p>This data type is an element of the <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_EntityDetails.html">EntityDetails</a>
@@ -4599,13 +4362,13 @@ export interface GetServiceLastAccessedDetailsWithEntitiesResponse {
      */
     JobStatus: JobStatusType | undefined;
     /**
-     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
+     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
      *                 format</a>, when the report job was created.</p>
      * @public
      */
     JobCreationDate: Date | undefined;
     /**
-     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
+     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
      *                 format</a>, when the generated report job was completed or failed.</p>
      *          <p>This field is null if the job is still in progress, as indicated by a job status value
      *             of <code>IN_PROGRESS</code>.</p>
@@ -4613,7 +4376,7 @@ export interface GetServiceLastAccessedDetailsWithEntitiesResponse {
      */
     JobCompletionDate: Date | undefined;
     /**
-     * <p>An <code>EntityDetailsList</code> object that contains details about when an IAM
+     * <p>An <code>EntityDetailsList</code> object that contains details about when an IAM
      *             entity (user or role) used group or policy permissions in an attempt to access the
      *             specified Amazon Web Services service.</p>
      * @public
@@ -4693,20 +4456,6 @@ export interface DeletionTaskFailureReasonType {
      */
     RoleUsageList?: RoleUsageType[] | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const DeletionTaskStatusType: {
-    readonly FAILED: "FAILED";
-    readonly IN_PROGRESS: "IN_PROGRESS";
-    readonly NOT_STARTED: "NOT_STARTED";
-    readonly SUCCEEDED: "SUCCEEDED";
-};
-/**
- * @public
- */
-export type DeletionTaskStatusType = (typeof DeletionTaskStatusType)[keyof typeof DeletionTaskStatusType];
 /**
  * @public
  */
@@ -4722,18 +4471,6 @@ export interface GetServiceLinkedRoleDeletionStatusResponse {
      */
     Reason?: DeletionTaskFailureReasonType | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const EncodingType: {
-    readonly PEM: "PEM";
-    readonly SSH: "SSH";
-};
-/**
- * @public
- */
-export type EncodingType = (typeof EncodingType)[keyof typeof EncodingType];
 /**
  * @public
  */
@@ -4813,19 +4550,6 @@ export interface GetSSHPublicKeyResponse {
      */
     SSHPublicKey?: SSHPublicKey | undefined;
 }
-/**
- * <p>The request was rejected because the public key encoding format is unsupported or
- *       unrecognized.</p>
- * @public
- */
-export declare class UnrecognizedPublicKeyEncodingException extends __BaseException {
-    readonly name: "UnrecognizedPublicKeyEncodingException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<UnrecognizedPublicKeyEncodingException, __BaseException>);
-}
 /**
  * @public
  */
@@ -5236,16 +4960,61 @@ export interface ListAttachedUserPoliciesResponse {
 }
 /**
  * @public
- * @enum
  */
-export declare const PolicyUsageType: {
-    readonly PermissionsBoundary: "PermissionsBoundary";
-    readonly PermissionsPolicy: "PermissionsPolicy";
-};
+export interface ListDelegationRequestsRequest {
+    /**
+     * <p>The owner ID to filter delegation requests by.</p>
+     * @public
+     */
+    OwnerId?: string | undefined;
+    /**
+     * <p>Use this parameter only when paginating results and only after you receive a response
+     *          indicating that the results are truncated. Set it to the value of the
+     *          <code>Marker</code>
+     *          element in the response that you received to indicate where the next
+     *          call should start.
+     *       </p>
+     * @public
+     */
+    Marker?: string | undefined;
+    /**
+     * <p>Use this only when paginating results to indicate the maximum number of items you
+     *          want in the response. If additional items exist beyond the maximum you specify, the
+     *          <code>IsTruncated</code>
+     *          response element is <code>true</code>.
+     *       </p>
+     *          <p>If you do not include this parameter, the number of items defaults to 100. Note that
+     *          IAM may return fewer results, even when there are more results available. In that case,
+     *          the <code>IsTruncated</code> response element returns <code>true</code>, and
+     *          <code>Marker</code>
+     *          contains a value to include in the subsequent call that tells the
+     *          service where to continue from.
+     *       </p>
+     * @public
+     */
+    MaxItems?: number | undefined;
+}
 /**
  * @public
  */
-export type PolicyUsageType = (typeof PolicyUsageType)[keyof typeof PolicyUsageType];
+export interface ListDelegationRequestsResponse {
+    /**
+     * <p>A list of delegation requests that match the specified criteria.</p>
+     * @public
+     */
+    DelegationRequests?: DelegationRequest[] | undefined;
+    /**
+     * <p>When <code>isTruncated</code> is <code>true</code>, this element is present and contains the value to use for the <code>Marker</code> parameter in a subsequent pagination request.</p>
+     * @public
+     */
+    Marker?: string | undefined;
+    /**
+     * <p>A flag that indicates whether there are more items to return.
+     *          If your results were truncated, you can make a subsequent pagination request using the <code>Marker</code> request parameter to retrieve more items.</p>
+     * @public
+     */
+    isTruncated?: boolean | undefined;
+}
 /**
  * @public
  */
@@ -5279,9 +5048,9 @@ export interface ListEntitiesForPolicyRequest {
     /**
      * <p>The policy usage method to use for filtering the results.</p>
      *          <p>To list only permissions policies,
-     *                 set <code>PolicyUsageFilter</code> to <code>PermissionsPolicy</code>. To list only
-     *             the policies used to set permissions boundaries, set the value
-     *                 to <code>PermissionsBoundary</code>.</p>
+     *                 set <code>PolicyUsageFilter</code> to <code>PermissionsPolicy</code>. To list only
+     *             the policies used to set permissions boundaries, set the value
+     *                 to <code>PermissionsBoundary</code>.</p>
      *          <p>This parameter is optional. If it is not included, all policies are returned. </p>
      * @public
      */
@@ -6038,19 +5807,6 @@ export interface ListOrganizationsFeaturesResponse {
      */
     EnabledFeatures?: FeatureType[] | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const PolicyScopeType: {
-    readonly AWS: "AWS";
-    readonly All: "All";
-    readonly Local: "Local";
-};
-/**
- * @public
- */
-export type PolicyScopeType = (typeof PolicyScopeType)[keyof typeof PolicyScopeType];
 /**
  * @public
  */
@@ -6086,9 +5842,9 @@ export interface ListPoliciesRequest {
     /**
      * <p>The policy usage method to use for filtering the results.</p>
      *          <p>To list only permissions policies,
-     *                 set <code>PolicyUsageFilter</code> to <code>PermissionsPolicy</code>. To list only
-     *             the policies used to set permissions boundaries, set the value
-     *                 to <code>PermissionsBoundary</code>.</p>
+     *                 set <code>PolicyUsageFilter</code> to <code>PermissionsPolicy</code>. To list only
+     *             the policies used to set permissions boundaries, set the value
+     *                 to <code>PermissionsBoundary</code>.</p>
      *          <p>This parameter is optional. If it is not included, all policies are returned. </p>
      * @public
      */
@@ -6167,23 +5923,11 @@ export interface ListPoliciesGrantingServiceAccessRequest {
      *             details for that service. In the first paragraph, find the service prefix. For example,
      *                 <code>(service prefix: a4b)</code>. For more information about service namespaces,
      *             see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces">Amazon Web Services
-     *                 service namespaces</a> in the <i>Amazon Web Services General Reference</i>.</p>
+     *                 service namespaces</a> in the <i>Amazon Web Services General Reference</i>.</p>
      * @public
      */
     ServiceNamespaces: string[] | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const PolicyType: {
-    readonly INLINE: "INLINE";
-    readonly MANAGED: "MANAGED";
-};
-/**
- * @public
- */
-export type PolicyType = (typeof PolicyType)[keyof typeof PolicyType];
 /**
  * <p>Contains details about the permissions policies that are attached to the specified
  *          identity (user, group, or role).</p>
@@ -6258,7 +6002,7 @@ export interface ListPoliciesGrantingServiceAccessEntry {
  */
 export interface ListPoliciesGrantingServiceAccessResponse {
     /**
-     * <p>A <code>ListPoliciesGrantingServiceAccess</code> object that contains details about
+     * <p>A <code>ListPoliciesGrantingServiceAccess</code> object that contains details about
      *             the permissions policies attached to the specified identity (user, group, or
      *             role).</p>
      * @public
@@ -7546,25 +7290,40 @@ export interface PutUserPolicyRequest {
 /**
  * @public
  */
-export interface RemoveClientIDFromOpenIDConnectProviderRequest {
+export interface RejectDelegationRequestRequest {
     /**
-     * <p>The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the
-     *             client ID from. You can get a list of OIDC provider ARNs by using the <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html">ListOpenIDConnectProviders</a> operation.</p>
-     *          <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
+     * <p>The unique identifier of the delegation request to reject.</p>
      * @public
      */
-    OpenIDConnectProviderArn: string | undefined;
+    DelegationRequestId: string | undefined;
     /**
-     * <p>The client ID (also known as audience) to remove from the IAM OIDC provider
-     *             resource. For more information about client IDs, see <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html">CreateOpenIDConnectProvider</a>.</p>
+     * <p>Optional notes explaining the reason for rejecting the delegation request.</p>
      * @public
      */
-    ClientID: string | undefined;
+    Notes?: string | undefined;
 }
 /**
  * @public
  */
-export interface RemoveRoleFromInstanceProfileRequest {
+export interface RemoveClientIDFromOpenIDConnectProviderRequest {
+    /**
+     * <p>The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the
+     *             client ID from. You can get a list of OIDC provider ARNs by using the <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html">ListOpenIDConnectProviders</a> operation.</p>
+     *          <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
+     * @public
+     */
+    OpenIDConnectProviderArn: string | undefined;
+    /**
+     * <p>The client ID (also known as audience) to remove from the IAM OIDC provider
+     *             resource. For more information about client IDs, see <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html">CreateOpenIDConnectProvider</a>.</p>
+     * @public
+     */
+    ClientID: string | undefined;
+}
+/**
+ * @public
+ */
+export interface RemoveRoleFromInstanceProfileRequest {
     /**
      * <p>The name of the instance profile to update.</p>
      *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
@@ -7666,6 +7425,16 @@ export interface ResyncMFADeviceRequest {
      */
     AuthenticationCode2: string | undefined;
 }
+/**
+ * @public
+ */
+export interface SendDelegationTokenRequest {
+    /**
+     * <p>The unique identifier of the delegation request for which to send the token.</p>
+     * @public
+     */
+    DelegationRequestId: string | undefined;
+}
 /**
  * @public
  */
@@ -7687,13 +7456,1264 @@ export interface SetDefaultPolicyVersionRequest {
 }
 /**
  * @public
- * @enum
  */
-export declare const GlobalEndpointTokenVersion: {
-    readonly v1Token: "v1Token";
-    readonly v2Token: "v2Token";
-};
+export interface SetSecurityTokenServicePreferencesRequest {
+    /**
+     * <p>The version of the global endpoint token. Version 1 tokens are valid only in Amazon Web Services Regions that are available by default. These tokens do not work in
+     *             manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid
+     *             in all Regions. However, version 2 tokens are longer and might affect systems where you
+     *             temporarily store tokens.</p>
+     *          <p>For information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+     *                 deactivating STS in an Amazon Web Services Region</a> in the
+     *                 <i>IAM User Guide</i>.</p>
+     * @public
+     */
+    GlobalEndpointTokenVersion: GlobalEndpointTokenVersion | undefined;
+}
+/**
+ * <p>Contains information about a condition context key. It includes the name of the key and
+ *          specifies the value (or values, if the context key supports multiple values) to use in the
+ *          simulation. This information is used when evaluating the <code>Condition</code> elements of
+ *          the input policies.</p>
+ *          <p>This data type is used as an input parameter to <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html">SimulateCustomPolicy</a>
+ *          and <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html">SimulatePrincipalPolicy</a>.</p>
+ * @public
+ */
+export interface ContextEntry {
+    /**
+     * <p>The full name of a condition context key, including the service prefix. For example,
+     *             <code>aws:SourceIp</code> or <code>s3:VersionId</code>.</p>
+     * @public
+     */
+    ContextKeyName?: string | undefined;
+    /**
+     * <p>The value (or values, if the condition context key supports multiple values) to provide
+     *          to the simulation when the key is referenced by a <code>Condition</code> element in an
+     *          input policy.</p>
+     * @public
+     */
+    ContextKeyValues?: string[] | undefined;
+    /**
+     * <p>The data type of the value (or values) specified in the <code>ContextKeyValues</code>
+     *          parameter.</p>
+     * @public
+     */
+    ContextKeyType?: ContextKeyTypeEnum | undefined;
+}
+/**
+ * @public
+ */
+export interface SimulateCustomPolicyRequest {
+    /**
+     * <p>A list of policy documents to include in the simulation. Each document is specified as
+     *             a string containing the complete, valid JSON text of an IAM policy. Do not include any
+     *             resource-based policies in this parameter. Any resource-based policy must be submitted
+     *             with the <code>ResourcePolicy</code> parameter. The policies cannot be "scope-down"
+     *             policies, such as you could include in a call to <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html">GetFederationToken</a> or one of
+     *             the <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html">AssumeRole</a> API operations. In other words, do not use policies designed to
+     *             restrict what a user can do while using the temporary credentials.</p>
+     *          <p>The maximum length of the policy document that you can pass in this operation,
+     *             including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    PolicyInputList: string[] | undefined;
+    /**
+     * <p>The IAM permissions boundary policy to simulate. The permissions boundary sets the
+     *             maximum permissions that an IAM entity can have. You can input only one permissions
+     *             boundary when you pass a policy to this operation. For more information about
+     *             permissions boundaries, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html">Permissions boundaries for IAM
+     *                 entities</a> in the <i>IAM User Guide</i>. The policy input is
+     *             specified as a string that contains the complete, valid JSON text of a permissions
+     *             boundary policy.</p>
+     *          <p>The maximum length of the policy document that you can pass in this operation,
+     *             including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    PermissionsBoundaryPolicyInputList?: string[] | undefined;
+    /**
+     * <p>A list of names of API operations to evaluate in the simulation. Each operation is
+     *             evaluated against each resource. Each operation must include the service identifier,
+     *             such as <code>iam:CreateUser</code>. This operation does not support using wildcards (*)
+     *             in an action name.</p>
+     * @public
+     */
+    ActionNames: string[] | undefined;
+    /**
+     * <p>A list of ARNs of Amazon Web Services resources to include in the simulation. If this parameter is
+     *             not provided, then the value defaults to <code>*</code> (all resources). Each API in the
+     *                 <code>ActionNames</code> parameter is evaluated for each resource in this list. The
+     *             simulation determines the access result (allowed or denied) of each combination and
+     *             reports it in the response. You can simulate resources that don't exist in your
+     *             account.</p>
+     *          <p>The simulation does not automatically retrieve policies for the specified resources.
+     *             If you want to include a resource policy in the simulation, then you must include the
+     *             policy as a string in the <code>ResourcePolicy</code> parameter.</p>
+     *          <p>If you include a <code>ResourcePolicy</code>, then it must be applicable to all of the
+     *             resources included in the simulation or you receive an invalid input error.</p>
+     *          <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
+     *          <note>
+     *             <p>Simulation of resource-based policies isn't supported for IAM roles.</p>
+     *          </note>
+     * @public
+     */
+    ResourceArns?: string[] | undefined;
+    /**
+     * <p>A resource-based policy to include in the simulation provided as a string. Each
+     *             resource in the simulation is treated as if it had this policy attached. You can include
+     *             only one resource-based policy in a simulation.</p>
+     *          <p>The maximum length of the policy document that you can pass in this operation,
+     *             including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     *          <note>
+     *             <p>Simulation of resource-based policies isn't supported for IAM roles.</p>
+     *          </note>
+     * @public
+     */
+    ResourcePolicy?: string | undefined;
+    /**
+     * <p>An ARN representing the Amazon Web Services account ID that specifies the owner of any simulated
+     *             resource that does not identify its owner in the resource ARN. Examples of resource ARNs
+     *             include an S3 bucket or object. If <code>ResourceOwner</code> is specified, it is also
+     *             used as the account owner of any <code>ResourcePolicy</code> included in the simulation.
+     *             If the <code>ResourceOwner</code> parameter is not specified, then the owner of the
+     *             resources and the resource policy defaults to the account of the identity provided in
+     *                 <code>CallerArn</code>. This parameter is required only if you specify a
+     *             resource-based policy and account that owns the resource is different from the account
+     *             that owns the simulated calling user <code>CallerArn</code>.</p>
+     *          <p>The ARN for an account uses the following syntax:
+     *                     <code>arn:aws:iam::<i>AWS-account-ID</i>:root</code>. For example,
+     *             to represent the account with the 112233445566 ID, use the following ARN:
+     *                 <code>arn:aws:iam::112233445566-ID:root</code>. </p>
+     * @public
+     */
+    ResourceOwner?: string | undefined;
+    /**
+     * <p>The ARN of the IAM user that you want to use as the simulated caller of the API
+     *             operations. <code>CallerArn</code> is required if you include a
+     *                 <code>ResourcePolicy</code> so that the policy's <code>Principal</code> element has
+     *             a value to use in evaluating the policy.</p>
+     *          <p>You can specify only the ARN of an IAM user. You cannot specify the ARN of an
+     *             assumed role, federated user, or a service principal.</p>
+     * @public
+     */
+    CallerArn?: string | undefined;
+    /**
+     * <p>A list of context keys and corresponding values for the simulation to use. Whenever a
+     *             context key is evaluated in one of the simulated IAM permissions policies, the
+     *             corresponding value is supplied.</p>
+     * @public
+     */
+    ContextEntries?: ContextEntry[] | undefined;
+    /**
+     * <p>Specifies the type of simulation to run. Different API operations that support
+     *             resource-based policies require different combinations of resources. By specifying the
+     *             type of simulation to run, you enable the policy simulator to enforce the presence of
+     *             the required resources to ensure reliable simulation results. If your simulation does
+     *             not match one of the following scenarios, then you can omit this parameter. The
+     *             following list shows each of the supported scenario values and the resources that you
+     *             must define to run the simulation.</p>
+     *          <p>Each of the Amazon EC2 scenarios requires that you specify instance, image, and security
+     *             group resources. If your scenario includes an EBS volume, then you must specify that
+     *             volume as a resource. If the Amazon EC2 scenario includes VPC, then you must supply the
+     *             network interface resource. If it includes an IP subnet, then you must specify the
+     *             subnet resource. For more information on the Amazon EC2 scenario options, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html">Supported platforms</a> in the <i>Amazon EC2 User Guide</i>.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-InstanceStore</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-InstanceStore-Subnet</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface, subnet</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-EBS</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface, volume</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-EBS-Subnet</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface, subnet, volume</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    ResourceHandlingOption?: string | undefined;
+    /**
+     * <p>Use this only when paginating results to indicate the
+     *     maximum number of items you want in the response. If additional items exist beyond the maximum
+     *     you specify, the <code>IsTruncated</code> response element is <code>true</code>.</p>
+     *          <p>If you do not include this parameter, the number of items defaults to 100. Note that
+     *     IAM might return fewer results, even when there are more results available. In that case, the
+     *     <code>IsTruncated</code> response element returns <code>true</code>, and <code>Marker</code>
+     *     contains a value to include in the subsequent call that tells the service where to continue
+     *     from.</p>
+     * @public
+     */
+    MaxItems?: number | undefined;
+    /**
+     * <p>Use this parameter only when paginating results and only after
+     *     you receive a response indicating that the results are truncated. Set it to the value of the
+     *     <code>Marker</code> element in the response that you received to indicate where the next call
+     *     should start.</p>
+     * @public
+     */
+    Marker?: string | undefined;
+}
+/**
+ * <p>Contains the row and column of a location of a <code>Statement</code> element in a
+ *          policy document.</p>
+ *          <p>This data type is used as a member of the <code>
+ *                <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_Statement.html">Statement</a>
+ *             </code> type.</p>
+ * @public
+ */
+export interface Position {
+    /**
+     * <p>The line containing the specified position in the document.</p>
+     * @public
+     */
+    Line?: number | undefined;
+    /**
+     * <p>The column in the line containing the specified position in the document.</p>
+     * @public
+     */
+    Column?: number | undefined;
+}
+/**
+ * <p>Contains a reference to a <code>Statement</code> element in a policy document that
+ *          determines the result of the simulation.</p>
+ *          <p>This data type is used by the <code>MatchedStatements</code> member of the <code>
+ *                <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_EvaluationResult.html">EvaluationResult</a>
+ *             </code> type.</p>
+ * @public
+ */
+export interface Statement {
+    /**
+     * <p>The identifier of the policy that was provided as an input.</p>
+     * @public
+     */
+    SourcePolicyId?: string | undefined;
+    /**
+     * <p>The type of the policy.</p>
+     * @public
+     */
+    SourcePolicyType?: PolicySourceType | undefined;
+    /**
+     * <p>The row and column of the beginning of the <code>Statement</code> in an IAM
+     *          policy.</p>
+     * @public
+     */
+    StartPosition?: Position | undefined;
+    /**
+     * <p>The row and column of the end of a <code>Statement</code> in an IAM policy.</p>
+     * @public
+     */
+    EndPosition?: Position | undefined;
+}
+/**
+ * <p>Contains information about the effect that Organizations has on a policy simulation.</p>
+ * @public
+ */
+export interface OrganizationsDecisionDetail {
+    /**
+     * <p>Specifies whether the simulated operation is allowed by the Organizations service control
+     *          policies that impact the simulated user's account.</p>
+     * @public
+     */
+    AllowedByOrganizations?: boolean | undefined;
+}
+/**
+ * <p>Contains information about the effect that a permissions boundary has on a policy
+ *          simulation when the boundary is applied to an IAM entity.</p>
+ * @public
+ */
+export interface PermissionsBoundaryDecisionDetail {
+    /**
+     * <p>Specifies whether an action is allowed by a permissions boundary that is applied to an
+     *          IAM entity (user or role). A value of <code>true</code> means that the permissions
+     *          boundary does not deny the action. This means that the policy includes an
+     *             <code>Allow</code> statement that matches the request. In this case, if an
+     *          identity-based policy also allows the action, the request is allowed. A value of
+     *             <code>false</code> means that either the requested action is not allowed (implicitly
+     *          denied) or that the action is explicitly denied by the permissions boundary. In both of
+     *          these cases, the action is not allowed, regardless of the identity-based policy.</p>
+     * @public
+     */
+    AllowedByPermissionsBoundary?: boolean | undefined;
+}
+/**
+ * <p>Contains the result of the simulation of a single API operation call on a single
+ *          resource.</p>
+ *          <p>This data type is used by a member of the <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_EvaluationResult.html">EvaluationResult</a> data
+ *          type.</p>
+ * @public
+ */
+export interface ResourceSpecificResult {
+    /**
+     * <p>The name of the simulated resource, in Amazon Resource Name (ARN) format.</p>
+     * @public
+     */
+    EvalResourceName: string | undefined;
+    /**
+     * <p>The result of the simulation of the simulated API operation on the resource specified in
+     *             <code>EvalResourceName</code>.</p>
+     * @public
+     */
+    EvalResourceDecision: PolicyEvaluationDecisionType | undefined;
+    /**
+     * <p>A list of the statements in the input policies that determine the result for this part
+     *          of the simulation. Remember that even if multiple statements allow the operation on the
+     *          resource, if <i>any</i> statement denies that operation, then the explicit
+     *          deny overrides any allow. In addition, the deny statement is the only entry included in the
+     *          result.</p>
+     * @public
+     */
+    MatchedStatements?: Statement[] | undefined;
+    /**
+     * <p>A list of context keys that are required by the included input policies but that were
+     *          not provided by one of the input parameters. This list is used when a list of ARNs is
+     *          included in the <code>ResourceArns</code> parameter instead of "*". If you do not specify
+     *          individual resources, by setting <code>ResourceArns</code> to "*" or by not including the
+     *             <code>ResourceArns</code> parameter, then any missing context values are instead
+     *          included under the <code>EvaluationResults</code> section. To discover the context keys
+     *          used by a set of policies, you can call <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html">GetContextKeysForCustomPolicy</a> or <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html">GetContextKeysForPrincipalPolicy</a>.</p>
+     * @public
+     */
+    MissingContextValues?: string[] | undefined;
+    /**
+     * <p>Additional details about the results of the evaluation decision on a single resource.
+     *          This parameter is returned only for cross-account simulations. This parameter explains how
+     *          each policy type contributes to the resource-specific evaluation decision.</p>
+     * @public
+     */
+    EvalDecisionDetails?: Record<string, PolicyEvaluationDecisionType> | undefined;
+    /**
+     * <p>Contains information about the effect that a permissions boundary has on a policy
+     *          simulation when that boundary is applied to an IAM entity.</p>
+     * @public
+     */
+    PermissionsBoundaryDecisionDetail?: PermissionsBoundaryDecisionDetail | undefined;
+}
 /**
+ * <p>Contains the results of a simulation.</p>
+ *          <p>This data type is used by the return parameter of <code>
+ *                <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html">SimulateCustomPolicy</a>
+ *             </code> and <code>
+ *                <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html">SimulatePrincipalPolicy</a>
+ *             </code>.</p>
  * @public
  */
-export type GlobalEndpointTokenVersion = (typeof GlobalEndpointTokenVersion)[keyof typeof GlobalEndpointTokenVersion];
+export interface EvaluationResult {
+    /**
+     * <p>The name of the API operation tested on the indicated resource.</p>
+     * @public
+     */
+    EvalActionName: string | undefined;
+    /**
+     * <p>The ARN of the resource that the indicated API operation was tested on.</p>
+     * @public
+     */
+    EvalResourceName?: string | undefined;
+    /**
+     * <p>The result of the simulation.</p>
+     * @public
+     */
+    EvalDecision: PolicyEvaluationDecisionType | undefined;
+    /**
+     * <p>A list of the statements in the input policies that determine the result for this
+     *          scenario. Remember that even if multiple statements allow the operation on the resource, if
+     *          only one statement denies that operation, then the explicit deny overrides any allow. In
+     *          addition, the deny statement is the only entry included in the result.</p>
+     * @public
+     */
+    MatchedStatements?: Statement[] | undefined;
+    /**
+     * <p>A list of context keys that are required by the included input policies but that were
+     *          not provided by one of the input parameters. This list is used when the resource in a
+     *          simulation is "*", either explicitly, or when the <code>ResourceArns</code> parameter
+     *          blank. If you include a list of resources, then any missing context values are instead
+     *          included under the <code>ResourceSpecificResults</code> section. To discover the context
+     *          keys used by a set of policies, you can call <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html">GetContextKeysForCustomPolicy</a> or <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html">GetContextKeysForPrincipalPolicy</a>.</p>
+     * @public
+     */
+    MissingContextValues?: string[] | undefined;
+    /**
+     * <p>A structure that details how Organizations and its service control policies affect the results of
+     *          the simulation. Only applies if the simulated user's account is part of an
+     *          organization.</p>
+     * @public
+     */
+    OrganizationsDecisionDetail?: OrganizationsDecisionDetail | undefined;
+    /**
+     * <p>Contains information about the effect that a permissions boundary has on a policy
+     *          simulation when the boundary is applied to an IAM entity.</p>
+     * @public
+     */
+    PermissionsBoundaryDecisionDetail?: PermissionsBoundaryDecisionDetail | undefined;
+    /**
+     * <p>Additional details about the results of the cross-account evaluation decision. This
+     *          parameter is populated for only cross-account simulations. It contains a brief summary of
+     *          how each policy type contributes to the final evaluation decision.</p>
+     *          <p>If the simulation evaluates policies within the same account and includes a resource
+     *          ARN, then the parameter is present but the response is empty. If the simulation evaluates
+     *          policies within the same account and specifies all resources (<code>*</code>), then the
+     *          parameter is not returned.</p>
+     *          <p>When you make a cross-account request, Amazon Web Services evaluates the request in the trusting
+     *          account and the trusted account. The request is allowed only if both evaluations return
+     *             <code>true</code>. For more information about how policies are evaluated, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics">Evaluating policies within a single account</a>.</p>
+     *          <p>If an Organizations SCP included in the evaluation denies access, the simulation ends. In
+     *          this case, policy evaluation does not proceed any further and this parameter is not
+     *          returned.</p>
+     * @public
+     */
+    EvalDecisionDetails?: Record<string, PolicyEvaluationDecisionType> | undefined;
+    /**
+     * <p>The individual results of the simulation of the API operation specified in
+     *          EvalActionName on each resource.</p>
+     * @public
+     */
+    ResourceSpecificResults?: ResourceSpecificResult[] | undefined;
+}
+/**
+ * <p>Contains the response to a successful <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html">SimulatePrincipalPolicy</a> or <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html">SimulateCustomPolicy</a>
+ *       request.</p>
+ * @public
+ */
+export interface SimulatePolicyResponse {
+    /**
+     * <p>The results of the simulation.</p>
+     * @public
+     */
+    EvaluationResults?: EvaluationResult[] | undefined;
+    /**
+     * <p>A flag that indicates whether there are more items to return. If your
+     *     results were truncated, you can make a subsequent pagination request using the <code>Marker</code>
+     *     request parameter to retrieve more items. Note that IAM might return fewer than the
+     *     <code>MaxItems</code> number of results even when there are more results available. We recommend
+     *     that you check <code>IsTruncated</code> after every call to ensure that you receive all your
+     *     results.</p>
+     * @public
+     */
+    IsTruncated?: boolean | undefined;
+    /**
+     * <p>When <code>IsTruncated</code> is <code>true</code>, this element
+     *     is present and contains the value to use for the <code>Marker</code> parameter in a subsequent
+     *     pagination request.</p>
+     * @public
+     */
+    Marker?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface SimulatePrincipalPolicyRequest {
+    /**
+     * <p>The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to
+     *             include in the simulation. If you specify a user, group, or role, the simulation
+     *             includes all policies that are associated with that entity. If you specify a user, the
+     *             simulation also includes all policies that are attached to any groups the user belongs
+     *             to.</p>
+     *          <p>The maximum length of the policy document that you can pass in this operation,
+     *             including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
+     *          <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
+     * @public
+     */
+    PolicySourceArn: string | undefined;
+    /**
+     * <p>An optional list of additional policy documents to include in the simulation. Each
+     *             document is specified as a string containing the complete, valid JSON text of an IAM
+     *             policy.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    PolicyInputList?: string[] | undefined;
+    /**
+     * <p>The IAM permissions boundary policy to simulate. The permissions boundary sets the
+     *             maximum permissions that the entity can have. You can input only one permissions
+     *             boundary when you pass a policy to this operation. An IAM entity can only have one
+     *             permissions boundary in effect at a time. For example, if a permissions boundary is
+     *             attached to an entity and you pass in a different permissions boundary policy using this
+     *             parameter, then the new permissions boundary policy is used for the simulation. For more
+     *             information about permissions boundaries, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html">Permissions boundaries for IAM
+     *                 entities</a> in the <i>IAM User Guide</i>. The policy input is
+     *             specified as a string containing the complete, valid JSON text of a permissions boundary
+     *             policy.</p>
+     *          <p>The maximum length of the policy document that you can pass in this operation,
+     *             including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    PermissionsBoundaryPolicyInputList?: string[] | undefined;
+    /**
+     * <p>A list of names of API operations to evaluate in the simulation. Each operation is
+     *             evaluated for each resource. Each operation must include the service identifier, such as
+     *                 <code>iam:CreateUser</code>.</p>
+     * @public
+     */
+    ActionNames: string[] | undefined;
+    /**
+     * <p>A list of ARNs of Amazon Web Services resources to include in the simulation. If this parameter is
+     *             not provided, then the value defaults to <code>*</code> (all resources). Each API in the
+     *                 <code>ActionNames</code> parameter is evaluated for each resource in this list. The
+     *             simulation determines the access result (allowed or denied) of each combination and
+     *             reports it in the response. You can simulate resources that don't exist in your
+     *             account.</p>
+     *          <p>The simulation does not automatically retrieve policies for the specified resources.
+     *             If you want to include a resource policy in the simulation, then you must include the
+     *             policy as a string in the <code>ResourcePolicy</code> parameter.</p>
+     *          <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
+     *          <note>
+     *             <p>Simulation of resource-based policies isn't supported for IAM roles.</p>
+     *          </note>
+     * @public
+     */
+    ResourceArns?: string[] | undefined;
+    /**
+     * <p>A resource-based policy to include in the simulation provided as a string. Each
+     *             resource in the simulation is treated as if it had this policy attached. You can include
+     *             only one resource-based policy in a simulation.</p>
+     *          <p>The maximum length of the policy document that you can pass in this operation,
+     *             including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     *          <note>
+     *             <p>Simulation of resource-based policies isn't supported for IAM roles.</p>
+     *          </note>
+     * @public
+     */
+    ResourcePolicy?: string | undefined;
+    /**
+     * <p>An Amazon Web Services account ID that specifies the owner of any simulated resource that does not
+     *             identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket
+     *             or object. If <code>ResourceOwner</code> is specified, it is also used as the account
+     *             owner of any <code>ResourcePolicy</code> included in the simulation. If the
+     *                 <code>ResourceOwner</code> parameter is not specified, then the owner of the
+     *             resources and the resource policy defaults to the account of the identity provided in
+     *                 <code>CallerArn</code>. This parameter is required only if you specify a
+     *             resource-based policy and account that owns the resource is different from the account
+     *             that owns the simulated calling user <code>CallerArn</code>.</p>
+     * @public
+     */
+    ResourceOwner?: string | undefined;
+    /**
+     * <p>The ARN of the IAM user that you want to specify as the simulated caller of the API
+     *             operations. If you do not specify a <code>CallerArn</code>, it defaults to the ARN of
+     *             the user that you specify in <code>PolicySourceArn</code>, if you specified a user. If
+     *             you include both a <code>PolicySourceArn</code> (for example,
+     *                 <code>arn:aws:iam::123456789012:user/David</code>) and a <code>CallerArn</code> (for
+     *             example, <code>arn:aws:iam::123456789012:user/Bob</code>), the result is that you
+     *             simulate calling the API operations as Bob, as if Bob had David's policies.</p>
+     *          <p>You can specify only the ARN of an IAM user. You cannot specify the ARN of an
+     *             assumed role, federated user, or a service principal.</p>
+     *          <p>
+     *             <code>CallerArn</code> is required if you include a <code>ResourcePolicy</code> and
+     *             the <code>PolicySourceArn</code> is not the ARN for an IAM user. This is required so
+     *             that the resource-based policy's <code>Principal</code> element has a value to use in
+     *             evaluating the policy.</p>
+     *          <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
+     * @public
+     */
+    CallerArn?: string | undefined;
+    /**
+     * <p>A list of context keys and corresponding values for the simulation to use. Whenever a
+     *             context key is evaluated in one of the simulated IAM permissions policies, the
+     *             corresponding value is supplied.</p>
+     * @public
+     */
+    ContextEntries?: ContextEntry[] | undefined;
+    /**
+     * <p>Specifies the type of simulation to run. Different API operations that support
+     *             resource-based policies require different combinations of resources. By specifying the
+     *             type of simulation to run, you enable the policy simulator to enforce the presence of
+     *             the required resources to ensure reliable simulation results. If your simulation does
+     *             not match one of the following scenarios, then you can omit this parameter. The
+     *             following list shows each of the supported scenario values and the resources that you
+     *             must define to run the simulation.</p>
+     *          <p>Each of the Amazon EC2 scenarios requires that you specify instance, image, and security
+     *             group resources. If your scenario includes an EBS volume, then you must specify that
+     *             volume as a resource. If the Amazon EC2 scenario includes VPC, then you must supply the
+     *             network interface resource. If it includes an IP subnet, then you must specify the
+     *             subnet resource. For more information on the Amazon EC2 scenario options, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html">Supported platforms</a> in the <i>Amazon EC2 User Guide</i>.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-InstanceStore</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-InstanceStore-Subnet</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface, subnet</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-EBS</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface, volume</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-EBS-Subnet</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface, subnet, volume</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    ResourceHandlingOption?: string | undefined;
+    /**
+     * <p>Use this only when paginating results to indicate the
+     *     maximum number of items you want in the response. If additional items exist beyond the maximum
+     *     you specify, the <code>IsTruncated</code> response element is <code>true</code>.</p>
+     *          <p>If you do not include this parameter, the number of items defaults to 100. Note that
+     *     IAM might return fewer results, even when there are more results available. In that case, the
+     *     <code>IsTruncated</code> response element returns <code>true</code>, and <code>Marker</code>
+     *     contains a value to include in the subsequent call that tells the service where to continue
+     *     from.</p>
+     * @public
+     */
+    MaxItems?: number | undefined;
+    /**
+     * <p>Use this parameter only when paginating results and only after
+     *     you receive a response indicating that the results are truncated. Set it to the value of the
+     *     <code>Marker</code> element in the response that you received to indicate where the next call
+     *     should start.</p>
+     * @public
+     */
+    Marker?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface TagInstanceProfileRequest {
+    /**
+     * <p>The name of the IAM instance profile to which you want to add tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    InstanceProfileName: string | undefined;
+    /**
+     * <p>The list of tags that you want to attach to the IAM instance profile.
+     *       Each tag consists of a key name and an associated value.</p>
+     * @public
+     */
+    Tags: Tag[] | undefined;
+}
+/**
+ * @public
+ */
+export interface TagMFADeviceRequest {
+    /**
+     * <p>The unique identifier for the IAM virtual MFA device to which you want to add tags.
+     *       For virtual MFA devices, the serial number is the same as the ARN.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    SerialNumber: string | undefined;
+    /**
+     * <p>The list of tags that you want to attach to the IAM virtual MFA device.
+     *       Each tag consists of a key name and an associated value.</p>
+     * @public
+     */
+    Tags: Tag[] | undefined;
+}
+/**
+ * @public
+ */
+export interface TagOpenIDConnectProviderRequest {
+    /**
+     * <p>The ARN of the OIDC identity provider in IAM to which you want to add tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    OpenIDConnectProviderArn: string | undefined;
+    /**
+     * <p>The list of tags that you want to attach to the OIDC identity provider in IAM.
+     *       Each tag consists of a key name and an associated value.</p>
+     * @public
+     */
+    Tags: Tag[] | undefined;
+}
+/**
+ * @public
+ */
+export interface TagPolicyRequest {
+    /**
+     * <p>The ARN of the IAM customer managed policy to which you want to add tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    PolicyArn: string | undefined;
+    /**
+     * <p>The list of tags that you want to attach to the IAM customer managed policy.
+     *       Each tag consists of a key name and an associated value.</p>
+     * @public
+     */
+    Tags: Tag[] | undefined;
+}
+/**
+ * @public
+ */
+export interface TagRoleRequest {
+    /**
+     * <p>The name of the IAM role to which you want to add tags.</p>
+     *          <p>This parameter accepts (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that consist of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    RoleName: string | undefined;
+    /**
+     * <p>The list of tags that you want to attach to the IAM role. Each tag consists of a key name and an associated value.</p>
+     * @public
+     */
+    Tags: Tag[] | undefined;
+}
+/**
+ * @public
+ */
+export interface TagSAMLProviderRequest {
+    /**
+     * <p>The ARN of the SAML identity provider in IAM to which you want to add tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    SAMLProviderArn: string | undefined;
+    /**
+     * <p>The list of tags that you want to attach to the SAML identity provider in IAM.
+     *       Each tag consists of a key name and an associated value.</p>
+     * @public
+     */
+    Tags: Tag[] | undefined;
+}
+/**
+ * @public
+ */
+export interface TagServerCertificateRequest {
+    /**
+     * <p>The name of the IAM server certificate to which you want to add tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    ServerCertificateName: string | undefined;
+    /**
+     * <p>The list of tags that you want to attach to the IAM server certificate.
+     *       Each tag consists of a key name and an associated value.</p>
+     * @public
+     */
+    Tags: Tag[] | undefined;
+}
+/**
+ * @public
+ */
+export interface TagUserRequest {
+    /**
+     * <p>The name of the IAM user to which you want to add tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    UserName: string | undefined;
+    /**
+     * <p>The list of tags that you want to attach to the IAM user. Each tag consists of a key name and an associated value.</p>
+     * @public
+     */
+    Tags: Tag[] | undefined;
+}
+/**
+ * @public
+ */
+export interface UntagInstanceProfileRequest {
+    /**
+     * <p>The name of the IAM instance profile from which you want to remove tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    InstanceProfileName: string | undefined;
+    /**
+     * <p>A list of key names as a simple array of strings. The tags with matching keys are
+     *       removed from the specified instance profile.</p>
+     * @public
+     */
+    TagKeys: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface UntagMFADeviceRequest {
+    /**
+     * <p>The unique identifier for the IAM virtual MFA device from which you want to remove
+     *       tags. For virtual MFA devices, the serial number is the same as the ARN.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    SerialNumber: string | undefined;
+    /**
+     * <p>A list of key names as a simple array of strings. The tags with matching keys are
+     *       removed from the specified instance profile.</p>
+     * @public
+     */
+    TagKeys: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface UntagOpenIDConnectProviderRequest {
+    /**
+     * <p>The ARN of the OIDC provider in IAM from which you want to remove tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    OpenIDConnectProviderArn: string | undefined;
+    /**
+     * <p>A list of key names as a simple array of strings. The tags with matching keys are
+     *       removed from the specified OIDC provider.</p>
+     * @public
+     */
+    TagKeys: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface UntagPolicyRequest {
+    /**
+     * <p>The ARN of the IAM customer managed policy from which you want to remove
+     *       tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    PolicyArn: string | undefined;
+    /**
+     * <p>A list of key names as a simple array of strings. The tags with matching keys are
+     *       removed from the specified policy.</p>
+     * @public
+     */
+    TagKeys: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface UntagRoleRequest {
+    /**
+     * <p>The name of the IAM role from which you want to remove tags.</p>
+     *          <p>This parameter accepts (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that consist of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    RoleName: string | undefined;
+    /**
+     * <p>A list of key names as a simple array of strings. The tags with matching keys are
+     *       removed from the specified role.</p>
+     * @public
+     */
+    TagKeys: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface UntagSAMLProviderRequest {
+    /**
+     * <p>The ARN of the SAML identity provider in IAM from which you want to remove
+     *       tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    SAMLProviderArn: string | undefined;
+    /**
+     * <p>A list of key names as a simple array of strings. The tags with matching keys are
+     *       removed from the specified SAML identity provider.</p>
+     * @public
+     */
+    TagKeys: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface UntagServerCertificateRequest {
+    /**
+     * <p>The name of the IAM server certificate from which you want to remove tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    ServerCertificateName: string | undefined;
+    /**
+     * <p>A list of key names as a simple array of strings. The tags with matching keys are
+     *       removed from the specified IAM server certificate.</p>
+     * @public
+     */
+    TagKeys: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface UntagUserRequest {
+    /**
+     * <p>The name of the IAM user from which you want to remove tags.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    UserName: string | undefined;
+    /**
+     * <p>A list of key names as a simple array of strings. The tags with matching keys are
+     *       removed from the specified user.</p>
+     * @public
+     */
+    TagKeys: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdateAccessKeyRequest {
+    /**
+     * <p>The name of the user whose key you want to update.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    UserName?: string | undefined;
+    /**
+     * <p>The access key ID of the secret access key you want to update.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that can
+     *     consist of any upper or lowercased letter or digit.</p>
+     * @public
+     */
+    AccessKeyId: string | undefined;
+    /**
+     * <p> The status you want to assign to the secret access key. <code>Active</code> means
+     *             that the key can be used for programmatic calls to Amazon Web Services, while <code>Inactive</code>
+     *             means that the key cannot be used.</p>
+     * @public
+     */
+    Status: StatusType | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdateAccountPasswordPolicyRequest {
+    /**
+     * <p>The minimum number of characters allowed in an IAM user password.</p>
+     *          <p>If you do not specify a value for this parameter, then the operation uses the default
+     *             value of <code>6</code>.</p>
+     * @public
+     */
+    MinimumPasswordLength?: number | undefined;
+    /**
+     * <p>Specifies whether IAM user passwords must contain at least one of the following
+     *             non-alphanumeric characters:</p>
+     *          <p>! @ # $ % ^ & * ( ) _ + - = [ ] \{ \} | '</p>
+     *          <p>If you do not specify a value for this parameter, then the operation uses the default
+     *             value of <code>false</code>. The result is that passwords do not require at least one
+     *             symbol character.</p>
+     * @public
+     */
+    RequireSymbols?: boolean | undefined;
+    /**
+     * <p>Specifies whether IAM user passwords must contain at least one numeric character (0
+     *             to 9).</p>
+     *          <p>If you do not specify a value for this parameter, then the operation uses the default
+     *             value of <code>false</code>. The result is that passwords do not require at least one
+     *             numeric character.</p>
+     * @public
+     */
+    RequireNumbers?: boolean | undefined;
+    /**
+     * <p>Specifies whether IAM user passwords must contain at least one uppercase character
+     *             from the ISO basic Latin alphabet (A to Z).</p>
+     *          <p>If you do not specify a value for this parameter, then the operation uses the default
+     *             value of <code>false</code>. The result is that passwords do not require at least one
+     *             uppercase character.</p>
+     * @public
+     */
+    RequireUppercaseCharacters?: boolean | undefined;
+    /**
+     * <p>Specifies whether IAM user passwords must contain at least one lowercase character
+     *             from the ISO basic Latin alphabet (a to z).</p>
+     *          <p>If you do not specify a value for this parameter, then the operation uses the default
+     *             value of <code>false</code>. The result is that passwords do not require at least one
+     *             lowercase character.</p>
+     * @public
+     */
+    RequireLowercaseCharacters?: boolean | undefined;
+    /**
+     * <p> Allows all IAM users in your account to use the Amazon Web Services Management Console to change their own
+     *             passwords. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_enable-user-change.html">Permitting
+     *                 IAM users to change their own passwords</a> in the
+     *                 <i>IAM User Guide</i>.</p>
+     *          <p>If you do not specify a value for this parameter, then the operation uses the default
+     *             value of <code>false</code>. The result is that IAM users in the account do not
+     *             automatically have permissions to change their own password.</p>
+     * @public
+     */
+    AllowUsersToChangePassword?: boolean | undefined;
+    /**
+     * <p>The number of days that an IAM user password is valid.</p>
+     *          <p>If you do not specify a value for this parameter, then the operation uses the default
+     *             value of <code>0</code>. The result is that IAM user passwords never expire.</p>
+     * @public
+     */
+    MaxPasswordAge?: number | undefined;
+    /**
+     * <p>Specifies the number of previous passwords that IAM users are prevented from
+     *             reusing.</p>
+     *          <p>If you do not specify a value for this parameter, then the operation uses the default
+     *             value of <code>0</code>. The result is that IAM users are not prevented from reusing
+     *             previous passwords.</p>
+     * @public
+     */
+    PasswordReusePrevention?: number | undefined;
+    /**
+     * <p> Prevents IAM users who are accessing the account via the Amazon Web Services Management Console from setting a
+     *             new console password after their password has expired. The IAM user cannot access the
+     *             console until an administrator resets the password.</p>
+     *          <p>If you do not specify a value for this parameter, then the operation uses the default
+     *             value of <code>false</code>. The result is that IAM users can change their passwords
+     *             after they expire and continue to sign in as the user.</p>
+     *          <note>
+     *             <p> In the Amazon Web Services Management Console, the custom password policy option <b>Allow
+     *                     users to change their own password</b> gives IAM users permissions to
+     *                     <code>iam:ChangePassword</code> for only their user and to the
+     *                     <code>iam:GetAccountPasswordPolicy</code> action. This option does not attach a
+     *                 permissions policy to each user, rather the permissions are applied at the
+     *                 account-level for all users by IAM. IAM users with
+     *                     <code>iam:ChangePassword</code> permission and active access keys can reset
+     *                 their own expired console password using the CLI or API.</p>
+     *          </note>
+     * @public
+     */
+    HardExpiry?: boolean | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdateAssumeRolePolicyRequest {
+    /**
+     * <p>The name of the role to update with the new policy.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    RoleName: string | undefined;
+    /**
+     * <p>The policy that grants an entity permission to assume the role.</p>
+     *          <p>You must provide policies in JSON format in IAM. However, for CloudFormation
+     *             templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to
+     *             IAM.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    PolicyDocument: string | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdateDelegationRequestRequest {
+    /**
+     * <p>The unique identifier of the delegation request to update.</p>
+     * @public
+     */
+    DelegationRequestId: string | undefined;
+    /**
+     * <p>Additional notes or comments to add to the delegation request.</p>
+     * @public
+     */
+    Notes?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdateGroupRequest {
+    /**
+     * <p>Name of the IAM group to update. If you're changing the name of the group, this is
+     *             the original name.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    GroupName: string | undefined;
+    /**
+     * <p>New path for the IAM group. Only include this if changing the group's path.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
+     *     of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
+     *     In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
+     *     most punctuation characters, digits, and upper and lowercased letters.</p>
+     * @public
+     */
+    NewPath?: string | undefined;
+    /**
+     * <p>New name for the IAM group. Only include this if changing the group's name.</p>
+     *          <p>IAM user, group, role, and policy names must be unique within the account. Names are
+     *             not distinguished by case. For example, you cannot create resources named both
+     *             "MyResource" and "myresource".</p>
+     * @public
+     */
+    NewGroupName?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdateLoginProfileRequest {
+    /**
+     * <p>The name of the user whose password you want to update.</p>
+     *          <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
+     *     characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
+     * @public
+     */
+    UserName: string | undefined;
+    /**
+     * <p>The new password for the specified IAM user.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     *          <p>However, the format can be further restricted by the account administrator by setting
+     *             a password policy on the Amazon Web Services account. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccountPasswordPolicy.html">UpdateAccountPasswordPolicy</a>.</p>
+     * @public
+     */
+    Password?: string | undefined;
+    /**
+     * <p>Allows this new password to be used only once by requiring the specified IAM user to
+     *             set a new password on next sign-in.</p>
+     * @public
+     */
+    PasswordResetRequired?: boolean | undefined;
+}