lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.47.0 vs lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.48.0

- old
+ new

@@ -371,37 +371,34 @@ req = build_request(:add_client_id_to_open_id_connect_provider, params) req.send_request(options) end # Adds the specified IAM role to the specified instance profile. An - # instance profile can contain only one role. (The number and size of - # IAM resources in an AWS account are limited. For more information, see - # [IAM and STS Quotas][1] in the *IAM User Guide*.) You can remove the - # existing role and then add a different role to an instance profile. - # You must then wait for the change to appear across all of AWS because - # of [eventual consistency][2]. To force the change, you must - # [disassociate the instance profile][3] and then [associate the - # instance profile][4], or you can stop your instance and then restart - # it. + # instance profile can contain only one role, and this quota cannot be + # increased. You can remove the existing role and then add a different + # role to an instance profile. You must then wait for the change to + # appear across all of AWS because of [eventual consistency][1]. To + # force the change, you must [disassociate the instance profile][2] and + # then [associate the instance profile][3], or you can stop your + # instance and then restart it. # - # <note markdown="1"> The caller of this API must be granted the `PassRole` permission on - # the IAM role by a permissions policy. + # <note markdown="1"> The caller of this operation must be granted the `PassRole` permission + # on the IAM role by a permissions policy. # # </note> # - # For more information about roles, go to [Working with Roles][5]. For - # more information about instance profiles, go to [About Instance - # Profiles][6]. + # For more information about roles, see [Working with roles][4]. For + # more information about instance profiles, see [About instance + # profiles][5]. # # # - # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html - # [2]: https://en.wikipedia.org/wiki/Eventual_consistency - # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html - # [4]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html - # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html - # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html + # [1]: https://en.wikipedia.org/wiki/Eventual_consistency + # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html + # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html + # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html + # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html # # @option params [required, String] :instance_profile_name # The name of the instance profile to update. # # This parameter allows (through its [regex pattern][1]) a string of @@ -507,15 +504,15 @@ req.send_request(options) end # Attaches the specified managed policy to the specified IAM group. # - # You use this API to attach a managed policy to a group. To embed an - # inline policy in a group, use PutGroupPolicy. + # You use this operation to attach a managed policy to a group. To embed + # an inline policy in a group, use PutGroupPolicy. # - # For more information about policies, see [Managed Policies and Inline - # Policies][1] in the *IAM User Guide*. + # For more information about policies, see [Managed policies and inline + # policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # @@ -533,12 +530,12 @@ # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to attach. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -579,13 +576,13 @@ # CreateRole. You can update a role's trust policy using # UpdateAssumeRolePolicy. # # </note> # - # Use this API to attach a *managed* policy to a role. To embed an + # Use this operation to attach a *managed* policy to a role. To embed an # inline policy in a role, use PutRolePolicy. For more information about - # policies, see [Managed Policies and Inline Policies][1] in the *IAM + # policies, see [Managed policies and inline policies][1] in the *IAM # User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html @@ -603,12 +600,12 @@ # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to attach. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -640,15 +637,15 @@ req.send_request(options) end # Attaches the specified managed policy to the specified user. # - # You use this API to attach a *managed* policy to a user. To embed an - # inline policy in a user, use PutUserPolicy. + # You use this operation to attach a *managed* policy to a user. To + # embed an inline policy in a user, use PutUserPolicy. # - # For more information about policies, see [Managed Policies and Inline - # Policies][1] in the *IAM User Guide*. + # For more information about policies, see [Managed policies and inline + # policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # @@ -666,12 +663,12 @@ # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to attach. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -702,15 +699,18 @@ req = build_request(:attach_user_policy, params) req.send_request(options) end # Changes the password of the IAM user who is calling this operation. - # The AWS account root user password is not affected by this operation. + # This operation can be performed using the AWS CLI, the AWS API, or the + # **My Security Credentials** page in the AWS Management Console. The + # AWS account root user password is not affected by this operation. # - # To change the password for a different user, see UpdateLoginProfile. - # For more information about modifying passwords, see [Managing - # Passwords][1] in the *IAM User Guide*. + # Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the + # **Users** page in the IAM console to change the password for any IAM + # user. For more information about modifying passwords, see [Managing + # passwords][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html # @@ -771,13 +771,12 @@ # operation works for access keys under the AWS account. Consequently, # you can use this operation to manage AWS account root user # credentials. This is true even if the AWS account has no associated # users. # - # The number and size of IAM resources in an AWS account are limited. - # For more information, see [IAM and STS Quotas][1] in the *IAM User - # Guide*. + # For information about quotas on the number of keys you can create, see + # [IAM and STS quotas][1] in the *IAM User Guide*. # # To ensure the security of your AWS account, the secret access key is # accessible only during key and user creation. You must save the key # (for example, in a text file) if you want to be able to access it # again. If a secret key is lost, you can delete the access keys for the @@ -845,11 +844,11 @@ req = build_request(:create_access_key, params) req.send_request(options) end # Creates an alias for your AWS account. For information about using an - # AWS account alias, see [Using an Alias for Your AWS Account ID][1] in + # AWS account alias, see [Using an alias for your AWS account ID][1] in # the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html @@ -892,21 +891,20 @@ req.send_request(options) end # Creates a new group. # - # The number and size of IAM resources in an AWS account are limited. - # For more information, see [IAM and STS Quotas][1] in the *IAM User - # Guide*. + # For information about the number of groups you can create, see [IAM + # and STS quotas][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html # # @option params [String] :path # The path to the group. For more information about paths, see [IAM - # Identifiers][1] in the *IAM User Guide*. + # identifiers][1] in the *IAM User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). # # This parameter allows (through its [regex pattern][2]) a string of @@ -976,19 +974,18 @@ req = build_request(:create_group, params) req.send_request(options) end # Creates a new instance profile. For information about instance - # profiles, go to [About Instance Profiles][1]. + # profiles, see [About instance profiles][1]. # - # The number and size of IAM resources in an AWS account are limited. - # For more information, see [IAM and STS Quotas][2] in the *IAM User - # Guide*. + # For information about the number of instance profiles you can create, + # see [IAM object quotas][2] in the *IAM User Guide*. # # # - # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entities # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html # # @option params [required, String] :instance_profile_name # The name of the instance profile to create. # @@ -1018,10 +1015,26 @@ # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html # [2]: http://wikipedia.org/wiki/regex # + # @option params [Array<Types::Tag>] :tags + # A list of tags that you want to attach to the newly created IAM + # instance profile. Each tag consists of a key name and an associated + # value. For more information about tagging, see [Tagging IAM + # resources][1] in the *IAM User Guide*. + # + # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum + # number of tags, then the entire request fails and the resource is not + # created. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # # @return [Types::CreateInstanceProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateInstanceProfileResponse#instance_profile #instance_profile} => Types::InstanceProfile # # @@ -1050,10 +1063,16 @@ # @example Request syntax with placeholder values # # resp = client.create_instance_profile({ # instance_profile_name: "instanceProfileNameType", # required # path: "pathType", + # tags: [ + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], # }) # # @example Response structure # # resp.instance_profile.path #=> String @@ -1075,27 +1094,36 @@ # resp.instance_profile.roles[0].tags #=> Array # resp.instance_profile.roles[0].tags[0].key #=> String # resp.instance_profile.roles[0].tags[0].value #=> String # resp.instance_profile.roles[0].role_last_used.last_used_date #=> Time # resp.instance_profile.roles[0].role_last_used.region #=> String + # resp.instance_profile.tags #=> Array + # resp.instance_profile.tags[0].key #=> String + # resp.instance_profile.tags[0].value #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation # # @overload create_instance_profile(params = {}) # @param [Hash] params ({}) def create_instance_profile(params = {}, options = {}) req = build_request(:create_instance_profile, params) req.send_request(options) end - # Creates a password for the specified user, giving the user the ability - # to access AWS services through the AWS Management Console. For more - # information about managing passwords, see [Managing Passwords][1] in - # the *IAM User Guide*. + # Creates a password for the specified IAM user. A password allows an + # IAM user to access AWS services through the AWS Management Console. # + # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM + # console to create a password for any IAM user. Use ChangePassword to + # update your own existing password in the **My Security Credentials** + # page in the AWS Management Console. # + # For more information about managing passwords, see [Managing + # passwords][1] in the *IAM User Guide*. # + # + # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html # # @option params [required, String] :user_name # The name of the IAM user to create a password for. The user must # already exist. @@ -1251,20 +1279,37 @@ # https://keys.server.example.com/openid-connect. In that case, the # thumbprint string would be the hex-encoded SHA-1 hash value of the # certificate used by https://keys.server.example.com. # # For more information about obtaining the OIDC provider's thumbprint, - # see [Obtaining the Thumbprint for an OpenID Connect Provider][1] in + # see [Obtaining the thumbprint for an OpenID Connect provider][1] in # the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html # + # @option params [Array<Types::Tag>] :tags + # A list of tags that you want to attach to the new IAM OpenID Connect + # (OIDC) provider. Each tag consists of a key name and an associated + # value. For more information about tagging, see [Tagging IAM + # resources][1] in the *IAM User Guide*. + # + # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum + # number of tags, then the entire request fails and the resource is not + # created. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # # @return [Types::CreateOpenIDConnectProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateOpenIDConnectProviderResponse#open_id_connect_provider_arn #open_id_connect_provider_arn} => String + # * {Types::CreateOpenIDConnectProviderResponse#tags #tags} => Array&lt;Types::Tag&gt; # # # @example Example: To create an instance profile # # # The following example defines a new OIDC provider in IAM with a client ID of my-application-id and pointing at the @@ -1289,15 +1334,24 @@ # # resp = client.create_open_id_connect_provider({ # url: "OpenIDConnectProviderUrlType", # required # client_id_list: ["clientIDType"], # thumbprint_list: ["thumbprintType"], # required + # tags: [ + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], # }) # # @example Response structure # # resp.open_id_connect_provider_arn #=> String + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProvider AWS API Documentation # # @overload create_open_id_connect_provider(params = {}) # @param [Hash] params ({}) @@ -1308,15 +1362,15 @@ # Creates a new managed policy for your AWS account. # # This operation creates a policy version with a version identifier of # `v1` and sets v1 as the policy's default version. For more - # information about policy versions, see [Versioning for Managed - # Policies][1] in the *IAM User Guide*. + # information about policy versions, see [Versioning for managed + # policies][1] in the *IAM User Guide*. # # For more information about managed policies in general, see [Managed - # Policies and Inline Policies][2] in the *IAM User Guide*. + # policies and inline policies][2] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html @@ -1329,11 +1383,11 @@ # create resources named both "MyResource" and "myresource". # # @option params [String] :path # The path for the policy. # - # For more information about paths, see [IAM Identifiers][1] in the *IAM + # For more information about paths, see [IAM identifiers][1] in the *IAM # User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). # @@ -1382,10 +1436,26 @@ # tables." # # The policy description is immutable. After a value is assigned, it # cannot be changed. # + # @option params [Array<Types::Tag>] :tags + # A list of tags that you want to attach to the new IAM customer managed + # policy. Each tag consists of a key name and an associated value. For + # more information about tagging, see [Tagging IAM resources][1] in the + # *IAM User Guide*. + # + # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum + # number of tags, then the entire request fails and the resource is not + # created. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreatePolicyResponse#policy #policy} => Types::Policy # # @example Request syntax with placeholder values @@ -1393,10 +1463,16 @@ # resp = client.create_policy({ # policy_name: "policyNameType", # required # path: "policyPathType", # policy_document: "policyDocumentType", # required # description: "policyDescriptionType", + # tags: [ + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], # }) # # @example Response structure # # resp.policy.policy_name #=> String @@ -1408,10 +1484,13 @@ # resp.policy.permissions_boundary_usage_count #=> Integer # resp.policy.is_attachable #=> Boolean # resp.policy.description #=> String # resp.policy.create_date #=> Time # resp.policy.update_date #=> Time + # resp.policy.tags #=> Array + # resp.policy.tags[0].key #=> String + # resp.policy.tags[0].value #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicy AWS API Documentation # # @overload create_policy(params = {}) # @param [Hash] params ({}) @@ -1429,22 +1508,22 @@ # Optionally, you can set the new version as the policy's default # version. The default version is the version that is in effect for the # IAM users, groups, and roles to which the policy is attached. # # For more information about managed policy versions, see [Versioning - # for Managed Policies][1] in the *IAM User Guide*. + # for managed policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy to which you want to # add a new version. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -1480,11 +1559,11 @@ # When this parameter is `true`, the new policy version becomes the # operative version. That is, it becomes the version that is in effect # for the IAM users, groups, and roles that the policy is attached to. # # For more information about managed policy versions, see [Versioning - # for Managed Policies][1] in the *IAM User Guide*. + # for managed policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # @@ -1515,13 +1594,13 @@ req = build_request(:create_policy_version, params) req.send_request(options) end # Creates a new role for your AWS account. For more information about - # roles, go to [IAM Roles][1]. The number and size of IAM resources in - # an AWS account are limited. For more information, see [IAM and STS - # Quotas][2] in the *IAM User Guide*. + # roles, see [IAM roles][1]. For information about quotas for role names + # and the number of roles you can create, see [IAM and STS quotas][2] in + # the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html @@ -1597,28 +1676,27 @@ # the `DurationSeconds` parameter. If users don't specify a value for # the `DurationSeconds` parameter, their security credentials are valid # for one hour by default. This applies when you use the `AssumeRole*` # API operations or the `assume-role*` CLI operations but does not apply # when you use those operations to create a console URL. For more - # information, see [Using IAM Roles][1] in the *IAM User Guide*. + # information, see [Using IAM roles][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html # # @option params [String] :permissions_boundary # The ARN of the policy that is used to set the permissions boundary for # the role. # # @option params [Array<Types::Tag>] :tags - # A list of tags that you want to attach to the newly created role. Each - # tag consists of a key name and an associated value. For more - # information about tagging, see [Tagging IAM Identities][1] in the *IAM - # User Guide*. + # A list of tags that you want to attach to the new role. Each tag + # consists of a key name and an associated value. For more information + # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*. # - # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number - # of tags per role, then the entire request fails and the role is not + # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum + # number of tags, then the entire request fails and the resource is not # created. # # </note> # # @@ -1716,13 +1794,13 @@ # # <note markdown="1"> This operation requires [Signature Version 4][1]. # # </note> # - # For more information, see [Enabling SAML 2.0 Federated Users to Access + # For more information, see [Enabling SAML 2.0 federated users to access # the AWS Management Console][2] and [About SAML 2.0-based - # Federation][3] in the *IAM User Guide*. + # federation][3] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html @@ -1734,11 +1812,11 @@ # information, and keys that can be used to validate the SAML # authentication response (assertions) that are received from the IdP. # You must generate the metadata document using the identity management # software that is used as your organization's IdP. # - # For more information, see [About SAML 2.0-based Federation][1] in the + # For more information, see [About SAML 2.0-based federation][1] in the # *IAM User Guide* # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html @@ -1753,24 +1831,50 @@ # # # # [1]: http://wikipedia.org/wiki/regex # + # @option params [Array<Types::Tag>] :tags + # A list of tags that you want to attach to the new IAM SAML provider. + # Each tag consists of a key name and an associated value. For more + # information about tagging, see [Tagging IAM resources][1] in the *IAM + # User Guide*. + # + # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum + # number of tags, then the entire request fails and the resource is not + # created. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # # @return [Types::CreateSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateSAMLProviderResponse#saml_provider_arn #saml_provider_arn} => String + # * {Types::CreateSAMLProviderResponse#tags #tags} => Array&lt;Types::Tag&gt; # # @example Request syntax with placeholder values # # resp = client.create_saml_provider({ # saml_metadata_document: "SAMLMetadataDocumentType", # required # name: "SAMLProviderNameType", # required + # tags: [ + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], # }) # # @example Response structure # # resp.saml_provider_arn #=> String + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProvider AWS API Documentation # # @overload create_saml_provider(params = {}) # @param [Hash] params ({}) @@ -1784,11 +1888,11 @@ # deleted. This helps ensure that the service is not broken by an # unexpectedly changed or deleted role, which could put your AWS # resources into an unknown state. Allowing the service to control the # role helps improve service stability and proper cleanup when a service # and its role are no longer needed. For more information, see [Using - # Service-Linked Roles][1] in the *IAM User Guide*. + # service-linked roles][1] in the *IAM User Guide*. # # To attach a policy to this service-linked role, you must make the # request using the AWS service that depends on this role. # # @@ -1799,12 +1903,12 @@ # The service principal for the AWS service to which this role is # attached. You use a string similar to a URL but without the http:// in # front. For example: `elasticbeanstalk.amazonaws.com`. # # Service principals are unique and case-sensitive. To find the exact - # service principal for your service-linked role, see [AWS Services That - # Work with IAM][1] in the *IAM User Guide*. Look for the services that + # service principal for your service-linked role, see [AWS services that + # work with IAM][1] in the *IAM User Guide*. Look for the services that # have <b>Yes </b>in the **Service-Linked Role** column. Choose the # **Yes** link to view the service-linked role documentation for that # service. # # @@ -1870,18 +1974,19 @@ # specified service. # # You can have a maximum of two sets of service-specific credentials for # each supported service per user. # - # The only supported service at this time is AWS CodeCommit. + # You can create service-specific credentials for AWS CodeCommit and + # Amazon Keyspaces (for Apache Cassandra). # # You can reset the password to a new service-generated value by calling # ResetServiceSpecificCredential. # # For more information about service-specific credentials, see [Using - # IAM with AWS CodeCommit: Git Credentials, SSH Keys, and AWS Access - # Keys][1] in the *IAM User Guide*. + # IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access + # keys][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html # @@ -1935,21 +2040,20 @@ req.send_request(options) end # Creates a new IAM user for your AWS account. # - # The number and size of IAM resources in an AWS account are limited. - # For more information, see [IAM and STS Quotas][1] in the *IAM User - # Guide*. + # For information about quotas for the number of IAM users you can + # create, see [IAM and STS quotas][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html # # @option params [String] :path # The path for the user name. For more information about paths, see [IAM - # Identifiers][1] in the *IAM User Guide*. + # identifiers][1] in the *IAM User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). # # This parameter allows (through its [regex pattern][2]) a string of @@ -1974,17 +2078,16 @@ # @option params [String] :permissions_boundary # The ARN of the policy that is used to set the permissions boundary for # the user. # # @option params [Array<Types::Tag>] :tags - # A list of tags that you want to attach to the newly created user. Each - # tag consists of a key name and an associated value. For more - # information about tagging, see [Tagging IAM Identities][1] in the *IAM - # User Guide*. + # A list of tags that you want to attach to the new user. Each tag + # consists of a key name and an associated value. For more information + # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*. # - # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number - # of tags per user, then the entire request fails and the user is not + # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum + # number of tags, then the entire request fails and the resource is not # created. # # </note> # # @@ -2053,16 +2156,15 @@ end # Creates a new virtual MFA device for the AWS account. After creating # the virtual MFA, use EnableMFADevice to attach the MFA device to an # IAM user. For more information about creating and working with virtual - # MFA devices, go to [Using a Virtual MFA Device][1] in the *IAM User + # MFA devices, see [Using a virtual MFA device][1] in the *IAM User # Guide*. # - # The number and size of IAM resources in an AWS account are limited. - # For more information, see [IAM and STS Quotas][2] in the *IAM User - # Guide*. + # For information about the maximum number of MFA devices you can + # create, see [IAM and STS quotas][2] in the *IAM User Guide*. # # The seed information contained in the QR code and the Base32 string # should be treated like any other secret access information. In other # words, protect the seed information as you would your AWS access keys # or your passwords. After you provision your virtual device, you should @@ -2073,11 +2175,11 @@ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html # # @option params [String] :path # The path for the virtual MFA device. For more information about paths, - # see [IAM Identifiers][1] in the *IAM User Guide*. + # see [IAM identifiers][1] in the *IAM User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). # # This parameter allows (through its [regex pattern][2]) a string of @@ -2103,19 +2205,41 @@ # # # # [1]: http://wikipedia.org/wiki/regex # + # @option params [Array<Types::Tag>] :tags + # A list of tags that you want to attach to the new IAM virtual MFA + # device. Each tag consists of a key name and an associated value. For + # more information about tagging, see [Tagging IAM resources][1] in the + # *IAM User Guide*. + # + # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum + # number of tags, then the entire request fails and the resource is not + # created. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # # @return [Types::CreateVirtualMFADeviceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateVirtualMFADeviceResponse#virtual_mfa_device #virtual_mfa_device} => Types::VirtualMFADevice # # @example Request syntax with placeholder values # # resp = client.create_virtual_mfa_device({ # path: "pathType", # virtual_mfa_device_name: "virtualMFADeviceName", # required + # tags: [ + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], # }) # # @example Response structure # # resp.virtual_mfa_device.serial_number #=> String @@ -2131,10 +2255,13 @@ # resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_arn #=> String # resp.virtual_mfa_device.user.tags #=> Array # resp.virtual_mfa_device.user.tags[0].key #=> String # resp.virtual_mfa_device.user.tags[0].value #=> String # resp.virtual_mfa_device.enable_date #=> Time + # resp.virtual_mfa_device.tags #=> Array + # resp.virtual_mfa_device.tags[0].key #=> String + # resp.virtual_mfa_device.tags[0].value #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADevice AWS API Documentation # # @overload create_virtual_mfa_device(params = {}) # @param [Hash] params ({}) @@ -2145,12 +2272,12 @@ # Deactivates the specified MFA device and removes it from association # with the user name for which it was originally enabled. # # For more information about creating and working with virtual MFA - # devices, go to [Enabling a Virtual Multi-factor Authentication (MFA) - # Device][1] in the *IAM User Guide*. + # devices, see [Enabling a virtual multi-factor authentication (MFA) + # device][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html # @@ -2256,11 +2383,11 @@ req = build_request(:delete_access_key, params) req.send_request(options) end # Deletes the specified AWS account alias. For information about using - # an AWS account alias, see [Using an Alias for Your AWS Account ID][1] + # an AWS account alias, see [Using an alias for your AWS account ID][1] # in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html @@ -2360,12 +2487,12 @@ # Deletes the specified inline policy that is embedded in the specified # IAM group. # # A group can also have managed policies attached to it. To detach a # managed policy from a group, use DetachGroupPolicy. For more - # information about policies, refer to [Managed Policies and Inline - # Policies][1] in the *IAM User Guide*. + # information about policies, refer to [Managed policies and inline + # policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # @@ -2428,12 +2555,12 @@ # Make sure that you do not have any Amazon EC2 instances running with # the instance profile you are about to delete. Deleting a role or # instance profile that is associated with a running instance will break # any applications running on the instance. # - # For more information about instance profiles, go to [About Instance - # Profiles][1]. + # For more information about instance profiles, see [About instance + # profiles][1]. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html # @@ -2477,10 +2604,15 @@ # Deletes the password for the specified IAM user, which terminates the # user's ability to access AWS services through the AWS Management # Console. # + # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM + # console to delete a password for any IAM user. You can use + # ChangePassword to update, but not delete, your own password in the + # **My Security Credentials** page in the AWS Management Console. + # # Deleting a user's password does not prevent a user from accessing AWS # through the command line interface or the API. To prevent all user # access, you must also either make any access keys inactive or delete # them. For more information about making keys inactive or deleting # them, see UpdateAccessKey and DeleteAccessKey. @@ -2562,35 +2694,35 @@ # policy from all users, groups, and roles that it is attached to. In # addition, you must delete all the policy's versions. The following # steps describe the process for deleting a managed policy: # # * Detach the policy from all users, groups, and roles that the policy - # is attached to, using the DetachUserPolicy, DetachGroupPolicy, or - # DetachRolePolicy API operations. To list all the users, groups, and - # roles that a policy is attached to, use ListEntitiesForPolicy. + # is attached to, using DetachUserPolicy, DetachGroupPolicy, or + # DetachRolePolicy. To list all the users, groups, and roles that a + # policy is attached to, use ListEntitiesForPolicy. # # * Delete all versions of the policy using DeletePolicyVersion. To list # the policy's versions, use ListPolicyVersions. You cannot use # DeletePolicyVersion to delete the version that is marked as the # default version. You delete the policy's default version in the # next step of the process. # # * Delete the policy (this automatically deletes the policy's default - # version) using this API. + # version) using this operation. # - # For information about managed policies, see [Managed Policies and - # Inline Policies][1] in the *IAM User Guide*. + # For information about managed policies, see [Managed policies and + # inline policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to delete. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -2611,28 +2743,28 @@ req.send_request(options) end # Deletes the specified version from the specified managed policy. # - # You cannot delete the default version from a policy using this API. To - # delete the default version from a policy, use DeletePolicy. To find - # out which version of a policy is marked as the default version, use - # ListPolicyVersions. + # You cannot delete the default version from a policy using this + # operation. To delete the default version from a policy, use + # DeletePolicy. To find out which version of a policy is marked as the + # default version, use ListPolicyVersions. # # For information about versions for managed policies, see [Versioning - # for Managed Policies][1] in the *IAM User Guide*. + # for managed policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy from which you want # to delete a version. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -2643,11 +2775,11 @@ # characters that consists of the lowercase letter 'v' followed by one # or two digits, and optionally followed by a period '.' and a string # of letters and digits. # # For more information about managed policy versions, see [Versioning - # for Managed Policies][2] in the *IAM User Guide*. + # for managed policies][2] in the *IAM User Guide*. # # # # [1]: http://wikipedia.org/wiki/regex # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html @@ -2669,12 +2801,12 @@ req = build_request(:delete_policy_version, params) req.send_request(options) end # Deletes the specified role. The role must not have any policies - # attached. For more information about roles, go to [Working with - # Roles][1]. + # attached. For more information about roles, see [Working with + # roles][1]. # # Make sure that you do not have any Amazon EC2 instances running with # the role you are about to delete. Deleting a role or instance profile # that is associated with a running instance will break any applications # running on the instance. @@ -2751,11 +2883,11 @@ # Deletes the specified inline policy that is embedded in the specified # IAM role. # # A role can also have managed policies attached to it. To detach a # managed policy from a role, use DetachRolePolicy. For more information - # about policies, refer to [Managed Policies and Inline Policies][1] in + # about policies, refer to [Managed policies and inline policies][1] in # the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html @@ -2852,11 +2984,11 @@ # # The SSH public key deleted by this operation is used only for # authenticating the associated IAM user to an AWS CodeCommit # repository. For more information about using SSH keys to authenticate # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH - # Connections][1] in the *AWS CodeCommit User Guide*. + # connections][1] in the *AWS CodeCommit User Guide*. # # # # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # @@ -2902,23 +3034,23 @@ end # Deletes the specified server certificate. # # For more information about working with server certificates, see - # [Working with Server Certificates][1] in the *IAM User Guide*. This + # [Working with server certificates][1] in the *IAM User Guide*. This # topic also includes a list of AWS services that can use the server # certificates that you manage with IAM. # # If you are using a server certificate with Elastic Load Balancing, # deleting the certificate could have implications for your application. # If Elastic Load Balancing doesn't detect the deletion of bound # certificates, it may continue to use the certificates. This could # cause Elastic Load Balancing to stop accepting traffic. We recommend # that you remove the reference to the certificate from Elastic Load # Balancing before using this command to delete the certificate. For - # more information, go to [DeleteLoadBalancerListeners][2] in the - # *Elastic Load Balancing API Reference*. + # more information, see [DeleteLoadBalancerListeners][2] in the *Elastic + # Load Balancing API Reference*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html # [2]: https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html @@ -2960,21 +3092,20 @@ # same service-linked role and an earlier deletion task is not complete, # then the `DeletionTaskId` of the earlier request is returned. # # If you submit a deletion request for a service-linked role whose # linked service is still accessing a resource, then the deletion task - # fails. If it fails, the GetServiceLinkedRoleDeletionStatus API - # operation returns the reason for the failure, usually including the - # resources that must be deleted. To delete the service-linked role, you - # must first remove those resources from the linked service and then - # submit the deletion request again. Resources are specific to the - # service that is linked to the role. For more information about - # removing resources from a service, see the [AWS documentation][1] for - # your service. + # fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation + # returns the reason for the failure, usually including the resources + # that must be deleted. To delete the service-linked role, you must + # first remove those resources from the linked service and then submit + # the deletion request again. Resources are specific to the service that + # is linked to the role. For more information about removing resources + # from a service, see the [AWS documentation][1] for your service. # - # For more information about service-linked roles, see [Roles Terms and - # Concepts: AWS Service-Linked Role][2] in the *IAM User Guide*. + # For more information about service-linked roles, see [Roles terms and + # concepts: AWS service-linked role][2] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role @@ -3111,11 +3242,11 @@ end # Deletes the specified IAM user. Unlike the AWS Management Console, # when you delete a user programmatically, you must delete the items # attached to the user manually, or the deletion fails. For more - # information, see [Deleting an IAM User][1]. Before attempting to + # information, see [Deleting an IAM user][1]. Before attempting to # delete a user, remove the following items: # # * Password (DeleteLoginProfile) # # * Access keys (DeleteAccessKey) @@ -3207,11 +3338,11 @@ # Deletes the specified inline policy that is embedded in the specified # IAM user. # # A user can also have managed policies attached to it. To detach a # managed policy from a user, use DetachUserPolicy. For more information - # about policies, refer to [Managed Policies and Inline Policies][1] in + # about policies, refer to [Managed policies and inline policies][1] in # the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html @@ -3317,13 +3448,12 @@ end # Removes the specified managed policy from the specified IAM group. # # A group can also have inline policies embedded with it. To delete an - # inline policy, use the DeleteGroupPolicy API. For information about - # policies, see [Managed Policies and Inline Policies][1] in the *IAM - # User Guide*. + # inline policy, use DeleteGroupPolicy. For information about policies, + # see [Managed policies and inline policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # @@ -3341,12 +3471,12 @@ # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to detach. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -3369,13 +3499,12 @@ end # Removes the specified managed policy from the specified role. # # A role can also have inline policies embedded with it. To delete an - # inline policy, use the DeleteRolePolicy API. For information about - # policies, see [Managed Policies and Inline Policies][1] in the *IAM - # User Guide*. + # inline policy, use DeleteRolePolicy. For information about policies, + # see [Managed policies and inline policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # @@ -3393,12 +3522,12 @@ # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to detach. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -3421,13 +3550,12 @@ end # Removes the specified managed policy from the specified user. # # A user can also have inline policies embedded with it. To delete an - # inline policy, use the DeleteUserPolicy API. For information about - # policies, see [Managed Policies and Inline Policies][1] in the *IAM - # User Guide*. + # inline policy, use DeleteUserPolicy. For information about policies, + # see [Managed policies and inline policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # @@ -3445,12 +3573,12 @@ # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to detach. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -3552,12 +3680,12 @@ req = build_request(:enable_mfa_device, params) req.send_request(options) end # Generates a credential report for the AWS account. For more - # information about the credential report, see [Getting Credential - # Reports][1] in the *IAM User Guide*. + # information about the credential report, see [Getting credential + # reports][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html # @@ -3584,16 +3712,16 @@ # Organizations. You can generate a report for any entities # (organization root, organizational unit, or account) or policies in # your organization. # # To call this operation, you must be signed in using your AWS - # Organizations master account credentials. You can use your long-term - # IAM user or root user credentials, or temporary credentials from - # assuming an IAM role. SCPs must be enabled for your organization root. - # You must have the required IAM and AWS Organizations permissions. For - # more information, see [Refining Permissions Using Service Last - # Accessed Data][1] in the *IAM User Guide*. + # Organizations management account credentials. You can use your + # long-term IAM user or root user credentials, or temporary credentials + # from assuming an IAM role. SCPs must be enabled for your organization + # root. You must have the required IAM and AWS Organizations + # permissions. For more information, see [Refining permissions using + # service last accessed data][1] in the *IAM User Guide*. # # You can generate a service last accessed data report for entities by # specifying only the entity's path. This data includes a list of # services that are allowed by any service control policies (SCPs) that # apply to the entity. @@ -3605,22 +3733,22 @@ # # For each service in both report types, the data includes the most # recent account activity that the policy allows to account principals # in the entity or the entity's children. For important information # about the data, reporting period, permissions required, - # troubleshooting, and supported Regions see [Reducing Permissions Using - # Service Last Accessed Data][1] in the *IAM User Guide*. + # troubleshooting, and supported Regions see [Reducing permissions using + # service last accessed data][1] in the *IAM User Guide*. # # The data includes all attempts to access AWS, not just the successful # ones. This includes all attempts that were made using the AWS # Management Console, the AWS API through any of the SDKs, or any of the # command line tools. An unexpected entry in the service last accessed # data does not mean that an account has been compromised, because the # request might have been denied. Refer to your CloudTrail logs as the # authoritative source for information about all API calls and whether # they were successful or denied access. For more information, - # see [Logging IAM Events with CloudTrail][2] in the *IAM User Guide*. + # see [Logging IAM events with CloudTrail][2] in the *IAM User Guide*. # # This operation returns a `JobId`. Use this parameter in the ` # GetOrganizationsAccessReport ` operation to check the status of the # report generation. To check the status of this request, use the # `JobId` parameter in the ` GetOrganizationsAccessReport ` operation @@ -3633,24 +3761,24 @@ # returned in the report. # # * **Root** – When you specify the organizations root as the entity, # the resulting report lists all of the services allowed by SCPs that # are attached to your root. For each service, the report includes - # data for all accounts in your organization except the master - # account, because the master account is not limited by SCPs. + # data for all accounts in your organization except the management + # account, because the management account is not limited by SCPs. # # * **OU** – When you specify an organizational unit (OU) as the entity, # the resulting report lists all of the services allowed by SCPs that # are attached to the OU and its parents. For each service, the report # includes data for all accounts in the OU or its children. This data - # excludes the master account, because the master account is not - # limited by SCPs. + # excludes the management account, because the management account is + # not limited by SCPs. # - # * **Master account** – When you specify the master account, the - # resulting report lists all AWS services, because the master account - # is not limited by SCPs. For each service, the report includes data - # for only the master account. + # * **management account** – When you specify the management account, + # the resulting report lists all AWS services, because the management + # account is not limited by SCPs. For each service, the report + # includes data for only the management account. # # * **Account** – When you specify another account as the entity, the # resulting report lists all of the services allowed by SCPs that are # attached to the account and its parents. For each service, the # report includes data for only the specified account. @@ -3662,30 +3790,30 @@ # # * **Root** – When you specify the root entity and a policy ID, the # resulting report lists all of the services that are allowed by the # specified SCP. For each service, the report includes data for all # accounts in your organization to which the SCP applies. This data - # excludes the master account, because the master account is not - # limited by SCPs. If the SCP is not attached to any entities in the - # organization, then the report will return a list of services with no - # data. + # excludes the management account, because the management account is + # not limited by SCPs. If the SCP is not attached to any entities in + # the organization, then the report will return a list of services + # with no data. # # * **OU** – When you specify an OU entity and a policy ID, the # resulting report lists all of the services that are allowed by the # specified SCP. For each service, the report includes data for all # accounts in the OU or its children to which the SCP applies. This # means that other accounts outside the OU that are affected by the - # SCP might not be included in the data. This data excludes the master - # account, because the master account is not limited by SCPs. If the - # SCP is not attached to the OU or one of its children, the report - # will return a list of services with no data. + # SCP might not be included in the data. This data excludes the + # management account, because the management account is not limited by + # SCPs. If the SCP is not attached to the OU or one of its children, + # the report will return a list of services with no data. # - # * **Master account** – When you specify the master account, the - # resulting report lists all AWS services, because the master account - # is not limited by SCPs. If you specify a policy ID in the CLI or - # API, the policy is ignored. For each service, the report includes - # data for only the master account. + # * **management account** – When you specify the management account, + # the resulting report lists all AWS services, because the management + # account is not limited by SCPs. If you specify a policy ID in the + # CLI or API, the policy is ignored. For each service, the report + # includes data for only the management account. # # * **Account** – When you specify another account entity and a policy # ID, the resulting report lists all of the services that are allowed # by the specified SCP. For each service, the report includes data for # only the specified account. This means that other accounts in the @@ -3696,16 +3824,16 @@ # <note markdown="1"> Service last accessed data does not use other policy types when # determining whether a principal could access a service. These other # policy types include identity-based policies, resource-based policies, # access control lists, IAM permissions boundaries, and STS assume role # policies. It only applies SCP logic. For more about the evaluation of - # policy types, see [Evaluating Policies][3] in the *IAM User Guide*. + # policy types, see [Evaluating policies][3] in the *IAM User Guide*. # # </note> # # For more information about service last accessed data, see [Reducing - # Policy Scope by Viewing User Activity][1] in the *IAM User Guide*. + # policy scope by viewing user activity][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html @@ -3769,21 +3897,21 @@ # Generates a report that includes details about when an IAM resource # (user, group, role, or policy) was last used in an attempt to access # AWS services. Recent activity usually appears within four hours. IAM # reports activity for the last 365 days, or less if your Region began # supporting this feature within the last year. For more information, - # see [Regions Where Data Is Tracked][1]. + # see [Regions where data is tracked][1]. # # The service last accessed data includes all attempts to access an AWS # API, not just the successful ones. This includes all attempts that # were made using the AWS Management Console, the AWS API through any of # the SDKs, or any of the command line tools. An unexpected entry in the # service last accessed data does not mean that your account has been # compromised, because the request might have been denied. Refer to your # CloudTrail logs as the authoritative source for information about all # API calls and whether they were successful or denied access. For more - # information, see [Logging IAM Events with CloudTrail][2] in the *IAM + # information, see [Logging IAM events with CloudTrail][2] in the *IAM # User Guide*. # # The `GenerateServiceLastAccessedDetails` operation returns a `JobId`. # Use this parameter in the following operations to retrieve the # following details from your report: @@ -3815,16 +3943,16 @@ # determining whether a resource could access a service. These other # policy types include resource-based policies, access control lists, # AWS Organizations policies, IAM permissions boundaries, and AWS STS # assume role policies. It only applies permissions policy logic. For # more about the evaluation of policy types, see [Evaluating - # Policies][3] in the *IAM User Guide*. + # policies][3] in the *IAM User Guide*. # # </note> # # For more information about service and action last accessed data, see - # [Reducing Permissions Using Service Last Accessed Data][4] in the *IAM + # [Reducing permissions using service last accessed data][4] in the *IAM # User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period @@ -3926,16 +4054,16 @@ req.send_request(options) end # Retrieves information about all IAM users, groups, roles, and policies # in your AWS account, including their relationships to one another. Use - # this API to obtain a snapshot of the configuration of IAM permissions - # (users, groups, roles, and policies) in your account. + # this operation to obtain a snapshot of the configuration of IAM + # permissions (users, groups, roles, and policies) in your account. # - # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC - # 3986][1]. You can use a URL decoding method to convert the policy back - # to plain JSON text. For example, if you use Java, you can use the + # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with + # [RFC 3986][1]. You can use a URL decoding method to convert the policy + # back to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # </note> # @@ -4052,10 +4180,13 @@ # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags #=> Array # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].key #=> String # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String # resp.role_detail_list[0].instance_profile_list[0].roles[0].role_last_used.last_used_date #=> Time # resp.role_detail_list[0].instance_profile_list[0].roles[0].role_last_used.region #=> String + # resp.role_detail_list[0].instance_profile_list[0].tags #=> Array + # resp.role_detail_list[0].instance_profile_list[0].tags[0].key #=> String + # resp.role_detail_list[0].instance_profile_list[0].tags[0].value #=> String # resp.role_detail_list[0].role_policy_list #=> Array # resp.role_detail_list[0].role_policy_list[0].policy_name #=> String # resp.role_detail_list[0].role_policy_list[0].policy_document #=> String # resp.role_detail_list[0].attached_managed_policies #=> Array # resp.role_detail_list[0].attached_managed_policies[0].policy_name #=> String @@ -4094,13 +4225,14 @@ def get_account_authorization_details(params = {}, options = {}) req = build_request(:get_account_authorization_details, params) req.send_request(options) end - # Retrieves the password policy for the AWS account. For more - # information about using a password policy, go to [Managing an IAM - # Password Policy][1]. + # Retrieves the password policy for the AWS account. This tells you the + # complexity requirements and mandatory rotation periods for the IAM + # user passwords in your account. For more information about using a + # password policy, see [Managing an IAM password policy][1]. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html # @@ -4155,13 +4287,12 @@ end # Retrieves information about IAM entity usage and IAM quotas in the AWS # account. # - # The number and size of IAM resources in an AWS account are limited. - # For more information, see [IAM and STS Quotas][1] in the *IAM User - # Guide*. + # For information about IAM quotas, see [IAM and STS quotas][1] in the + # *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html # @@ -4290,12 +4421,12 @@ # # You can optionally include a list of one or more additional policies, # specified as strings. If you want to include *only* a list of policies # by string, use GetContextKeysForCustomPolicy instead. # - # **Note:** This API discloses information about the permissions granted - # to other users. If you do not want users to see other user's + # **Note:** This operation discloses information about the permissions + # granted to other users. If you do not want users to see other user's # permissions, then consider allowing them to use # GetContextKeysForCustomPolicy instead. # # Context keys are variables maintained by AWS and its services that # provide details about the context of an API query request. Context @@ -4311,12 +4442,12 @@ # If you pick a group or a role, then it includes only those context # keys that are found in policies attached to that entity. Note that all # parameters are shown in unencoded form here for clarity, but must be # URL encoded to be included as a part of a real HTML request. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -4364,12 +4495,12 @@ req = build_request(:get_context_keys_for_principal_policy, params) req.send_request(options) end # Retrieves a credential report for the AWS account. For more - # information about the credential report, see [Getting Credential - # Reports][1] in the *IAM User Guide*. + # information about the credential report, see [Getting credential + # reports][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html # @@ -4475,25 +4606,25 @@ end # Retrieves the specified inline policy document that is embedded in the # specified IAM group. # - # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC - # 3986][1]. You can use a URL decoding method to convert the policy back - # to plain JSON text. For example, if you use Java, you can use the + # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with + # [RFC 3986][1]. You can use a URL decoding method to convert the policy + # back to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # </note> # # An IAM group can also have managed policies attached to it. To # retrieve a managed policy document that is attached to a group, use # GetPolicy to determine the policy's default version, then use # GetPolicyVersion to retrieve the policy document. # - # For more information about policies, see [Managed Policies and Inline - # Policies][2] in the *IAM User Guide*. + # For more information about policies, see [Managed policies and inline + # policies][2] in the *IAM User Guide*. # # # # [1]: https://tools.ietf.org/html/rfc3986 # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html @@ -4550,11 +4681,11 @@ req.send_request(options) end # Retrieves information about the specified instance profile, including # the instance profile's path, GUID, ARN, and role. For more - # information about instance profiles, see [About Instance Profiles][1] + # information about instance profiles, see [About instance profiles][1] # in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html @@ -4632,10 +4763,13 @@ # resp.instance_profile.roles[0].tags #=> Array # resp.instance_profile.roles[0].tags[0].key #=> String # resp.instance_profile.roles[0].tags[0].value #=> String # resp.instance_profile.roles[0].role_last_used.last_used_date #=> Time # resp.instance_profile.roles[0].role_last_used.region #=> String + # resp.instance_profile.tags #=> Array + # resp.instance_profile.tags[0].key #=> String + # resp.instance_profile.tags[0].value #=> String # # # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage): # # * instance_profile_exists @@ -4647,11 +4781,11 @@ def get_instance_profile(params = {}, options = {}) req = build_request(:get_instance_profile, params) req.send_request(options) end - # Retrieves the user name and password-creation date for the specified + # Retrieves the user name and password creation date for the specified # IAM user. If the user has not been assigned a password, the operation # returns a 404 (`NoSuchEntity`) error. # # @option params [required, String] :user_name # The name of the user whose login profile you want to retrieve. @@ -4713,12 +4847,12 @@ # @option params [required, String] :open_id_connect_provider_arn # The Amazon Resource Name (ARN) of the OIDC provider resource object in # IAM to get information for. You can get a list of OIDC provider # resource ARNs by using the ListOpenIDConnectProviders operation. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -4726,10 +4860,11 @@ # # * {Types::GetOpenIDConnectProviderResponse#url #url} => String # * {Types::GetOpenIDConnectProviderResponse#client_id_list #client_id_list} => Array&lt;String&gt; # * {Types::GetOpenIDConnectProviderResponse#thumbprint_list #thumbprint_list} => Array&lt;String&gt; # * {Types::GetOpenIDConnectProviderResponse#create_date #create_date} => Time + # * {Types::GetOpenIDConnectProviderResponse#tags #tags} => Array&lt;Types::Tag&gt; # # @example Request syntax with placeholder values # # resp = client.get_open_id_connect_provider({ # open_id_connect_provider_arn: "arnType", # required @@ -4741,10 +4876,13 @@ # resp.client_id_list #=> Array # resp.client_id_list[0] #=> String # resp.thumbprint_list #=> Array # resp.thumbprint_list[0] #=> String # resp.create_date #=> Time + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProvider AWS API Documentation # # @overload get_open_id_connect_provider(params = {}) # @param [Hash] params ({}) @@ -4760,15 +4898,15 @@ # # Depending on the parameters that you passed when you generated the # report, the data returned could include different information. For # details, see GenerateOrganizationsAccessReport. # - # To call this operation, you must be signed in to the master account in - # your organization. SCPs must be enabled for your organization root. - # You must have permissions to perform this operation. For more - # information, see [Refining Permissions Using Service Last Accessed - # Data][1] in the *IAM User Guide*. + # To call this operation, you must be signed in to the management + # account in your organization. SCPs must be enabled for your + # organization root. You must have permissions to perform this + # operation. For more information, see [Refining permissions using + # service last accessed data][1] in the *IAM User Guide*. # # For each service that principals in an account (root users, IAM users, # or IAM roles) could access using SCPs, the operation returns details # about the most recent access attempt. If there was no attempt, the # service is listed without details about the most recent attempt to @@ -4900,32 +5038,32 @@ # Retrieves information about the specified managed policy, including # the policy's default version and the total number of IAM users, # groups, and roles to which the policy is attached. To retrieve the # list of the specific users, groups, and roles that the policy is - # attached to, use the ListEntitiesForPolicy API. This API returns + # attached to, use ListEntitiesForPolicy. This operation returns # metadata about the policy. To retrieve the actual policy document for # a specific version of the policy, use GetPolicyVersion. # - # This API retrieves information about managed policies. To retrieve - # information about an inline policy that is embedded with an IAM user, - # group, or role, use the GetUserPolicy, GetGroupPolicy, or - # GetRolePolicy API. + # This operation retrieves information about managed policies. To + # retrieve information about an inline policy that is embedded with an + # IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or + # GetRolePolicy. # - # For more information about policies, see [Managed Policies and Inline - # Policies][1] in the *IAM User Guide*. + # For more information about policies, see [Managed policies and inline + # policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the managed policy that you want # information about. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -4950,10 +5088,13 @@ # resp.policy.permissions_boundary_usage_count #=> Integer # resp.policy.is_attachable #=> Boolean # resp.policy.description #=> String # resp.policy.create_date #=> Time # resp.policy.update_date #=> Time + # resp.policy.tags #=> Array + # resp.policy.tags[0].key #=> String + # resp.policy.tags[0].value #=> String # # # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage): # # * policy_exists @@ -4968,29 +5109,30 @@ end # Retrieves information about the specified version of the specified # managed policy, including the policy document. # - # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC - # 3986][1]. You can use a URL decoding method to convert the policy back - # to plain JSON text. For example, if you use Java, you can use the + # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with + # [RFC 3986][1]. You can use a URL decoding method to convert the policy + # back to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # </note> # # To list the available versions for a policy, use ListPolicyVersions. # - # This API retrieves information about managed policies. To retrieve - # information about an inline policy that is embedded in a user, group, - # or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API. + # This operation retrieves information about managed policies. To + # retrieve information about an inline policy that is embedded in a + # user, group, or role, use GetUserPolicy, GetGroupPolicy, or + # GetRolePolicy. # # For more information about the types of policies, see [Managed - # Policies and Inline Policies][2] in the *IAM User Guide*. + # policies and inline policies][2] in the *IAM User Guide*. # # For more information about managed policy versions, see [Versioning - # for Managed Policies][3] in the *IAM User Guide*. + # for managed policies][3] in the *IAM User Guide*. # # # # [1]: https://tools.ietf.org/html/rfc3986 # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html @@ -4998,12 +5140,12 @@ # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the managed policy that you want # information about. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -5047,15 +5189,15 @@ end # Retrieves information about the specified role, including the role's # path, GUID, ARN, and the role's trust policy that grants permission # to assume the role. For more information about roles, see [Working - # with Roles][1]. + # with roles][1]. # - # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC - # 3986][2]. You can use a URL decoding method to convert the policy back - # to plain JSON text. For example, if you use Java, you can use the + # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with + # [RFC 3986][2]. You can use a URL decoding method to convert the policy + # back to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # </note> # @@ -5145,28 +5287,28 @@ end # Retrieves the specified inline policy document that is embedded with # the specified IAM role. # - # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC - # 3986][1]. You can use a URL decoding method to convert the policy back - # to plain JSON text. For example, if you use Java, you can use the + # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with + # [RFC 3986][1]. You can use a URL decoding method to convert the policy + # back to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # </note> # # An IAM role can also have managed policies attached to it. To retrieve # a managed policy document that is attached to a role, use GetPolicy to # determine the policy's default version, then use GetPolicyVersion to # retrieve the policy document. # - # For more information about policies, see [Managed Policies and Inline - # Policies][2] in the *IAM User Guide*. + # For more information about policies, see [Managed policies and inline + # policies][2] in the *IAM User Guide*. # - # For more information about roles, see [Using Roles to Delegate - # Permissions and Federate Identities][3]. + # For more information about roles, see [Using roles to delegate + # permissions and federate identities][3]. # # # # [1]: https://tools.ietf.org/html/rfc3986 # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html @@ -5237,22 +5379,23 @@ # # @option params [required, String] :saml_provider_arn # The Amazon Resource Name (ARN) of the SAML provider resource object in # IAM to get information about. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Types::GetSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetSAMLProviderResponse#saml_metadata_document #saml_metadata_document} => String # * {Types::GetSAMLProviderResponse#create_date #create_date} => Time # * {Types::GetSAMLProviderResponse#valid_until #valid_until} => Time + # * {Types::GetSAMLProviderResponse#tags #tags} => Array&lt;Types::Tag&gt; # # @example Request syntax with placeholder values # # resp = client.get_saml_provider({ # saml_provider_arn: "arnType", # required @@ -5261,10 +5404,13 @@ # @example Response structure # # resp.saml_metadata_document #=> String # resp.create_date #=> Time # resp.valid_until #=> Time + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProvider AWS API Documentation # # @overload get_saml_provider(params = {}) # @param [Hash] params ({}) @@ -5278,11 +5424,11 @@ # # The SSH public key retrieved by this operation is used only for # authenticating the associated IAM user to an AWS CodeCommit # repository. For more information about using SSH keys to authenticate # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH - # Connections][1] in the *AWS CodeCommit User Guide*. + # connections][1] in the *AWS CodeCommit User Guide*. # # # # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # @@ -5346,11 +5492,11 @@ # Retrieves information about the specified server certificate stored in # IAM. # # For more information about working with server certificates, see - # [Working with Server Certificates][1] in the *IAM User Guide*. This + # [Working with server certificates][1] in the *IAM User Guide*. This # topic includes a list of AWS services that can use the server # certificates that you manage with IAM. # # # @@ -5387,10 +5533,13 @@ # resp.server_certificate.server_certificate_metadata.arn #=> String # resp.server_certificate.server_certificate_metadata.upload_date #=> Time # resp.server_certificate.server_certificate_metadata.expiration #=> Time # resp.server_certificate.certificate_body #=> String # resp.server_certificate.certificate_chain #=> String + # resp.server_certificate.tags #=> Array + # resp.server_certificate.tags[0].key #=> String + # resp.server_certificate.tags[0].value #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServerCertificate AWS API Documentation # # @overload get_server_certificate(params = {}) # @param [Hash] params ({}) @@ -5411,11 +5560,11 @@ # determining whether a resource could access a service. These other # policy types include resource-based policies, access control lists, # AWS Organizations policies, IAM permissions boundaries, and AWS STS # assume role policies. It only applies permissions policy logic. For # more about the evaluation of policy types, see [Evaluating - # Policies][1] in the *IAM User Guide*. + # policies][1] in the *IAM User Guide*. # # </note> # # For each service that the resource could access using permissions # policies, the operation returns details about the most recent access @@ -5446,11 +5595,11 @@ # report, this operation returns service and action last accessed data. # This includes the most recent access attempt for each tracked action # within a service. Otherwise, this operation returns only service data. # # For more information about service and action last accessed data, see - # [Reducing Permissions Using Service Last Accessed Data][2] in the *IAM + # [Reducing permissions using service last accessed data][2] in the *IAM # User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics @@ -5594,21 +5743,20 @@ # @option params [required, String] :service_namespace # The service namespace for an AWS service. Provide the service # namespace to learn when the IAM entity last attempted to access the # specified service. # - # To learn the service namespace for a service, go to [Actions, - # Resources, and Condition Keys for AWS Services][1] in the *IAM User - # Guide*. Choose the name of the service to view details for that - # service. In the first paragraph, find the service prefix. For example, - # `(service prefix: a4b)`. For more information about service - # namespaces, see [AWS Service Namespaces][2] in the *AWS General - # Reference*. + # To learn the service namespace for a service, see [Actions, resources, + # and condition keys for AWS services][1] in the *IAM User Guide*. + # Choose the name of the service to view details for that service. In + # the first paragraph, find the service prefix. For example, `(service + # prefix: a4b)`. For more information about service namespaces, see [AWS + # service namespaces][2] in the *AWS General Reference*. # # # - # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces # # @option params [Integer] :max_items # Use this only when paginating results to indicate the maximum number # of items you want in the response. If additional items exist beyond @@ -5709,15 +5857,15 @@ req = build_request(:get_service_last_accessed_details_with_entities, params) req.send_request(options) end # Retrieves the status of your service-linked role deletion. After you - # use the DeleteServiceLinkedRole API operation to submit a - # service-linked role for deletion, you can use the `DeletionTaskId` - # parameter in `GetServiceLinkedRoleDeletionStatus` to check the status - # of the deletion. If the deletion fails, this operation returns the - # reason that it failed, if that information is returned by the service. + # use DeleteServiceLinkedRole to submit a service-linked role for + # deletion, you can use the `DeletionTaskId` parameter in + # `GetServiceLinkedRoleDeletionStatus` to check the status of the + # deletion. If the deletion fails, this operation returns the reason + # that it failed, if that information is returned by the service. # # @option params [required, String] :deletion_task_id # The deletion task identifier. This identifier is returned by the # DeleteServiceLinkedRole operation in the format # `task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>`. @@ -5754,11 +5902,11 @@ # Retrieves information about the specified IAM user, including the # user's creation date, path, unique ID, and ARN. # # If you do not specify a user name, IAM determines the user name # implicitly based on the AWS access key ID used to sign the request to - # this API. + # this operation. # # @option params [String] :user_name # The name of the user to get information about. # # This parameter is optional. If it is not included, it defaults to the @@ -5830,25 +5978,25 @@ end # Retrieves the specified inline policy document that is embedded in the # specified IAM user. # - # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC - # 3986][1]. You can use a URL decoding method to convert the policy back - # to plain JSON text. For example, if you use Java, you can use the + # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with + # [RFC 3986][1]. You can use a URL decoding method to convert the policy + # back to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # </note> # # An IAM user can also have managed policies attached to it. To retrieve # a managed policy document that is attached to a user, use GetPolicy to # determine the policy's default version. Then use GetPolicyVersion to # retrieve the policy document. # - # For more information about policies, see [Managed Policies and Inline - # Policies][2] in the *IAM User Guide*. + # For more information about policies, see [Managed policies and inline + # policies][2] in the *IAM User Guide*. # # # # [1]: https://tools.ietf.org/html/rfc3986 # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html @@ -6014,11 +6162,11 @@ req.send_request(options) end # Lists the account alias associated with the AWS account (Note: you can # have only one). For information about using an AWS account alias, see - # [Using an Alias for Your AWS Account ID][1] in the *IAM User Guide*. + # [Using an alias for your AWS account ID][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html # @@ -6087,13 +6235,13 @@ # Lists all managed policies that are attached to the specified IAM # group. # # An IAM group can also have inline policies embedded with it. To list - # the inline policies for a group, use the ListGroupPolicies API. For - # information about policies, see [Managed Policies and Inline - # Policies][1] in the *IAM User Guide*. + # the inline policies for a group, use ListGroupPolicies. For + # information about policies, see [Managed policies and inline + # policies][1] in the *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. You can use the `PathPrefix` parameter to limit the list # of policies to only those matching the specified path prefix. If there # are no policies attached to the specified group (or none that match @@ -6185,13 +6333,13 @@ # Lists all managed policies that are attached to the specified IAM # role. # # An IAM role can also have inline policies embedded with it. To list - # the inline policies for a role, use the ListRolePolicies API. For - # information about policies, see [Managed Policies and Inline - # Policies][1] in the *IAM User Guide*. + # the inline policies for a role, use ListRolePolicies. For information + # about policies, see [Managed policies and inline policies][1] in the + # *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. You can use the `PathPrefix` parameter to limit the list # of policies to only those matching the specified path prefix. If there # are no policies attached to the specified role (or none that match the @@ -6283,13 +6431,13 @@ # Lists all managed policies that are attached to the specified IAM # user. # # An IAM user can also have inline policies embedded with it. To list - # the inline policies for a user, use the ListUserPolicies API. For - # information about policies, see [Managed Policies and Inline - # Policies][1] in the *IAM User Guide*. + # the inline policies for a user, use ListUserPolicies. For information + # about policies, see [Managed policies and inline policies][1] in the + # *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. You can use the `PathPrefix` parameter to limit the list # of policies to only those matching the specified path prefix. If there # are no policies attached to the specified group (or none that match @@ -6392,12 +6540,12 @@ # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy for which you want # the versions. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -6502,11 +6650,11 @@ # specified IAM group. # # An IAM group can also have managed policies attached to it. To list # the managed policies that are attached to a group, use # ListAttachedGroupPolicies. For more information about policies, see - # [Managed Policies and Inline Policies][1] in the *IAM User Guide*. + # [Managed policies and inline policies][1] in the *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. If there are no inline policies embedded with the # specified group, the operation returns an empty list. # @@ -6799,15 +6947,92 @@ def list_groups_for_user(params = {}, options = {}) req = build_request(:list_groups_for_user, params) req.send_request(options) end + # Lists the tags that are attached to the specified IAM instance + # profile. The returned list of tags is sorted by tag key. For more + # information about tagging, see [Tagging IAM resources][1] in the *IAM + # User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :instance_profile_name + # The name of the IAM instance profile whose tags you want to see. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [String] :marker + # Use this parameter only when paginating results and only after you + # receive a response indicating that the results are truncated. Set it + # to the value of the `Marker` element in the response that you received + # to indicate where the next call should start. + # + # @option params [Integer] :max_items + # (Optional) Use this only when paginating results to indicate the + # maximum number of items that you want in the response. If additional + # items exist beyond the maximum that you specify, the `IsTruncated` + # response element is `true`. + # + # If you do not include this parameter, it defaults to 100. Note that + # IAM might return fewer results, even when more results are available. + # In that case, the `IsTruncated` response element returns `true`, and + # `Marker` contains a value to include in the subsequent call that tells + # the service where to continue from. + # + # @return [Types::ListInstanceProfileTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::ListInstanceProfileTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; + # * {Types::ListInstanceProfileTagsResponse#is_truncated #is_truncated} => Boolean + # * {Types::ListInstanceProfileTagsResponse#marker #marker} => String + # + # @example Request syntax with placeholder values + # + # resp = client.list_instance_profile_tags({ + # instance_profile_name: "instanceProfileNameType", # required + # marker: "markerType", + # max_items: 1, + # }) + # + # @example Response structure + # + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String + # resp.is_truncated #=> Boolean + # resp.marker #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfileTags AWS API Documentation + # + # @overload list_instance_profile_tags(params = {}) + # @param [Hash] params ({}) + def list_instance_profile_tags(params = {}, options = {}) + req = build_request(:list_instance_profile_tags, params) + req.send_request(options) + end + # Lists the instance profiles that have the specified path prefix. If # there are none, the operation returns an empty list. For more - # information about instance profiles, go to [About Instance - # Profiles][1]. + # information about instance profiles, see [About instance profiles][1]. # + # <note markdown="1"> IAM resource-listing operations return a subset of the available + # attributes for the resource. For example, this operation does not + # return tags, even though they are an attribute of the returned object. + # To view all of the information for an instance profile, see + # GetInstanceProfile. + # + # </note> + # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # # @@ -6886,10 +7111,13 @@ # resp.instance_profiles[0].roles[0].tags #=> Array # resp.instance_profiles[0].roles[0].tags[0].key #=> String # resp.instance_profiles[0].roles[0].tags[0].value #=> String # resp.instance_profiles[0].roles[0].role_last_used.last_used_date #=> Time # resp.instance_profiles[0].roles[0].role_last_used.region #=> String + # resp.instance_profiles[0].tags #=> Array + # resp.instance_profiles[0].tags[0].key #=> String + # resp.instance_profiles[0].tags[0].value #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfiles AWS API Documentation # @@ -6900,12 +7128,12 @@ req.send_request(options) end # Lists the instance profiles that have the specified associated IAM # role. If there are none, the operation returns an empty list. For more - # information about instance profiles, go to [About Instance - # Profiles][1]. + # information about instance profiles, go to [About instance + # profiles][1]. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @@ -6979,10 +7207,13 @@ # resp.instance_profiles[0].roles[0].tags #=> Array # resp.instance_profiles[0].roles[0].tags[0].key #=> String # resp.instance_profiles[0].roles[0].tags[0].value #=> String # resp.instance_profiles[0].roles[0].role_last_used.last_used_date #=> Time # resp.instance_profiles[0].roles[0].role_last_used.region #=> String + # resp.instance_profiles[0].tags #=> Array + # resp.instance_profiles[0].tags[0].key #=> String + # resp.instance_profiles[0].tags[0].value #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesForRole AWS API Documentation # @@ -6991,15 +7222,87 @@ def list_instance_profiles_for_role(params = {}, options = {}) req = build_request(:list_instance_profiles_for_role, params) req.send_request(options) end + # Lists the tags that are attached to the specified IAM virtual + # multi-factor authentication (MFA) device. The returned list of tags is + # sorted by tag key. For more information about tagging, see [Tagging + # IAM resources][1] in the *IAM User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :serial_number + # The unique identifier for the IAM virtual MFA device whose tags you + # want to see. For virtual MFA devices, the serial number is the same as + # the ARN. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [String] :marker + # Use this parameter only when paginating results and only after you + # receive a response indicating that the results are truncated. Set it + # to the value of the `Marker` element in the response that you received + # to indicate where the next call should start. + # + # @option params [Integer] :max_items + # (Optional) Use this only when paginating results to indicate the + # maximum number of items that you want in the response. If additional + # items exist beyond the maximum that you specify, the `IsTruncated` + # response element is `true`. + # + # If you do not include this parameter, it defaults to 100. Note that + # IAM might return fewer results, even when more results are available. + # In that case, the `IsTruncated` response element returns `true`, and + # `Marker` contains a value to include in the subsequent call that tells + # the service where to continue from. + # + # @return [Types::ListMFADeviceTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::ListMFADeviceTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; + # * {Types::ListMFADeviceTagsResponse#is_truncated #is_truncated} => Boolean + # * {Types::ListMFADeviceTagsResponse#marker #marker} => String + # + # @example Request syntax with placeholder values + # + # resp = client.list_mfa_device_tags({ + # serial_number: "serialNumberType", # required + # marker: "markerType", + # max_items: 1, + # }) + # + # @example Response structure + # + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String + # resp.is_truncated #=> Boolean + # resp.marker #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADeviceTags AWS API Documentation + # + # @overload list_mfa_device_tags(params = {}) + # @param [Hash] params ({}) + def list_mfa_device_tags(params = {}, options = {}) + req = build_request(:list_mfa_device_tags, params) + req.send_request(options) + end + # Lists the MFA devices for an IAM user. If the request includes a IAM # user name, then this operation lists all the MFA devices associated # with the specified user. If you do not specify a user name, IAM # determines the user name implicitly based on the AWS access key ID - # signing the request for this API. + # signing the request for this operation. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [String] :user_name @@ -7063,13 +7366,96 @@ def list_mfa_devices(params = {}, options = {}) req = build_request(:list_mfa_devices, params) req.send_request(options) end + # Lists the tags that are attached to the specified OpenID Connect + # (OIDC)-compatible identity provider. The returned list of tags is + # sorted by tag key. For more information, see [About web identity + # federation][1]. + # + # For more information about tagging, see [Tagging IAM resources][2] in + # the *IAM User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :open_id_connect_provider_arn + # The ARN of the OpenID Connect (OIDC) identity provider whose tags you + # want to see. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [String] :marker + # Use this parameter only when paginating results and only after you + # receive a response indicating that the results are truncated. Set it + # to the value of the `Marker` element in the response that you received + # to indicate where the next call should start. + # + # @option params [Integer] :max_items + # (Optional) Use this only when paginating results to indicate the + # maximum number of items that you want in the response. If additional + # items exist beyond the maximum that you specify, the `IsTruncated` + # response element is `true`. + # + # If you do not include this parameter, it defaults to 100. Note that + # IAM might return fewer results, even when more results are available. + # In that case, the `IsTruncated` response element returns `true`, and + # `Marker` contains a value to include in the subsequent call that tells + # the service where to continue from. + # + # @return [Types::ListOpenIDConnectProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::ListOpenIDConnectProviderTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; + # * {Types::ListOpenIDConnectProviderTagsResponse#is_truncated #is_truncated} => Boolean + # * {Types::ListOpenIDConnectProviderTagsResponse#marker #marker} => String + # + # @example Request syntax with placeholder values + # + # resp = client.list_open_id_connect_provider_tags({ + # open_id_connect_provider_arn: "arnType", # required + # marker: "markerType", + # max_items: 1, + # }) + # + # @example Response structure + # + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String + # resp.is_truncated #=> Boolean + # resp.marker #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviderTags AWS API Documentation + # + # @overload list_open_id_connect_provider_tags(params = {}) + # @param [Hash] params ({}) + def list_open_id_connect_provider_tags(params = {}, options = {}) + req = build_request(:list_open_id_connect_provider_tags, params) + req.send_request(options) + end + # Lists information about the IAM OpenID Connect (OIDC) provider # resource objects defined in the AWS account. # + # <note markdown="1"> IAM resource-listing operations return a subset of the available + # attributes for the resource. For example, this operation does not + # return tags, even though they are an attribute of the returned object. + # To view all of the information for an OIDC provider, see + # GetOpenIDConnectProvider. + # + # </note> + # # @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array&lt;Types::OpenIDConnectProviderListEntry&gt; # # @example Response structure @@ -7097,15 +7483,23 @@ # set `Scope` to `AWS`. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # - # For more information about managed policies, see [Managed Policies and - # Inline Policies][1] in the *IAM User Guide*. + # For more information about managed policies, see [Managed policies and + # inline policies][1] in the *IAM User Guide*. # + # <note markdown="1"> IAM resource-listing operations return a subset of the available + # attributes for the resource. For example, this operation does not + # return tags, even though they are an attribute of the returned object. + # To view all of the information for a customer manged policy, see + # GetPolicy. # + # </note> # + # + # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [String] :scope # The scope to use for filtering the results. # @@ -7197,10 +7591,13 @@ # resp.policies[0].permissions_boundary_usage_count #=> Integer # resp.policies[0].is_attachable #=> Boolean # resp.policies[0].description #=> String # resp.policies[0].create_date #=> Time # resp.policies[0].update_date #=> Time + # resp.policies[0].tags #=> Array + # resp.policies[0].tags[0].key #=> String + # resp.policies[0].tags[0].value #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicies AWS API Documentation # @@ -7217,11 +7614,11 @@ # <note markdown="1"> This operation does not use other policy types when determining # whether a resource could access a service. These other policy types # include resource-based policies, access control lists, AWS # Organizations policies, IAM permissions boundaries, and AWS STS assume # role policies. It only applies permissions policy logic. For more - # about the evaluation of policy types, see [Evaluating Policies][1] in + # about the evaluation of policy types, see [Evaluating policies][1] in # the *IAM User Guide*. # # </note> # # The list of policies returned by the operation depends on the ARN of @@ -7240,12 +7637,12 @@ # policies that are attached to the role. # # For each managed policy, this operation returns the ARN and policy # name. For each inline policy, it returns the policy name and the # entity to which it is attached. Inline policies do not have an ARN. - # For more information about these policy types, see [Managed Policies - # and Inline Policies][2] in the *IAM User Guide*. + # For more information about these policy types, see [Managed policies + # and inline policies][2] in the *IAM User Guide*. # # Policies that are attached to users and roles as permissions # boundaries are not returned. To view which managed policy is currently # used to set the permissions boundary for a user or role, use the # GetUser or GetRole operations. @@ -7267,21 +7664,20 @@ # # @option params [required, Array<String>] :service_namespaces # The service namespace for the AWS services whose policies you want to # list. # - # To learn the service namespace for a service, go to [Actions, - # Resources, and Condition Keys for AWS Services][1] in the *IAM User - # Guide*. Choose the name of the service to view details for that - # service. In the first paragraph, find the service prefix. For example, - # `(service prefix: a4b)`. For more information about service - # namespaces, see [AWS Service Namespaces][2] in the *AWS General - # Reference*. + # To learn the service namespace for a service, see [Actions, resources, + # and condition keys for AWS services][1] in the *IAM User Guide*. + # Choose the name of the service to view details for that service. In + # the first paragraph, find the service prefix. For example, `(service + # prefix: a4b)`. For more information about service namespaces, see [AWS + # service namespaces][2] in the *AWS General Reference*. # # # - # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces # # @return [Types::ListPoliciesGrantingServiceAccessResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListPoliciesGrantingServiceAccessResponse#policies_granting_service_access #policies_granting_service_access} => Array&lt;Types::ListPoliciesGrantingServiceAccessEntry&gt; @@ -7362,27 +7758,97 @@ def list_policies_granting_service_access(params = {}, options = {}) req = build_request(:list_policies_granting_service_access, params) req.send_request(options) end + # Lists the tags that are attached to the specified IAM customer managed + # policy. The returned list of tags is sorted by tag key. For more + # information about tagging, see [Tagging IAM resources][1] in the *IAM + # User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :policy_arn + # The ARN of the IAM customer managed policy whose tags you want to see. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [String] :marker + # Use this parameter only when paginating results and only after you + # receive a response indicating that the results are truncated. Set it + # to the value of the `Marker` element in the response that you received + # to indicate where the next call should start. + # + # @option params [Integer] :max_items + # (Optional) Use this only when paginating results to indicate the + # maximum number of items that you want in the response. If additional + # items exist beyond the maximum that you specify, the `IsTruncated` + # response element is `true`. + # + # If you do not include this parameter, it defaults to 100. Note that + # IAM might return fewer results, even when more results are available. + # In that case, the `IsTruncated` response element returns `true`, and + # `Marker` contains a value to include in the subsequent call that tells + # the service where to continue from. + # + # @return [Types::ListPolicyTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::ListPolicyTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; + # * {Types::ListPolicyTagsResponse#is_truncated #is_truncated} => Boolean + # * {Types::ListPolicyTagsResponse#marker #marker} => String + # + # @example Request syntax with placeholder values + # + # resp = client.list_policy_tags({ + # policy_arn: "arnType", # required + # marker: "markerType", + # max_items: 1, + # }) + # + # @example Response structure + # + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String + # resp.is_truncated #=> Boolean + # resp.marker #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyTags AWS API Documentation + # + # @overload list_policy_tags(params = {}) + # @param [Hash] params ({}) + def list_policy_tags(params = {}, options = {}) + req = build_request(:list_policy_tags, params) + req.send_request(options) + end + # Lists information about the versions of the specified managed policy, # including the version that is currently set as the policy's default # version. # - # For more information about managed policies, see [Managed Policies and - # Inline Policies][1] in the *IAM User Guide*. + # For more information about managed policies, see [Managed policies and + # inline policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy for which you want # the versions. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -7442,11 +7908,11 @@ # specified IAM role. # # An IAM role can also have managed policies attached to it. To list the # managed policies that are attached to a role, use # ListAttachedRolePolicies. For more information about policies, see - # [Managed Policies and Inline Policies][1] in the *IAM User Guide*. + # [Managed policies and inline policies][1] in the *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. If there are no inline policies embedded with the # specified role, the operation returns an empty list. # @@ -7515,11 +7981,11 @@ req.send_request(options) end # Lists the tags that are attached to the specified role. The returned # list of tags is sorted by tag key. For more information about tagging, - # see [Tagging IAM Identities][1] in the *IAM User Guide*. + # see [Tagging IAM resources][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # @@ -7608,12 +8074,19 @@ req.send_request(options) end # Lists the IAM roles that have the specified path prefix. If there are # none, the operation returns an empty list. For more information about - # roles, go to [Working with Roles][1]. + # roles, see [Working with roles][1]. # + # <note markdown="1"> IAM resource-listing operations return a subset of the available + # attributes for the resource. For example, this operation does not + # return tags, even though they are an attribute of the returned object. + # To view all of the information for a role, see GetRole. + # + # </note> + # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # # @@ -7697,19 +8170,96 @@ def list_roles(params = {}, options = {}) req = build_request(:list_roles, params) req.send_request(options) end - # Lists the SAML provider resource objects defined in IAM in the - # account. + # Lists the tags that are attached to the specified Security Assertion + # Markup Language (SAML) identity provider. The returned list of tags is + # sorted by tag key. For more information, see [About SAML 2.0-based + # federation][1]. # - # <note markdown="1"> This operation requires [Signature Version 4][1]. + # For more information about tagging, see [Tagging IAM resources][2] in + # the *IAM User Guide*. # - # </note> # # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # + # @option params [required, String] :saml_provider_arn + # The ARN of the Security Assertion Markup Language (SAML) identity + # provider whose tags you want to see. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [String] :marker + # Use this parameter only when paginating results and only after you + # receive a response indicating that the results are truncated. Set it + # to the value of the `Marker` element in the response that you received + # to indicate where the next call should start. + # + # @option params [Integer] :max_items + # (Optional) Use this only when paginating results to indicate the + # maximum number of items that you want in the response. If additional + # items exist beyond the maximum that you specify, the `IsTruncated` + # response element is `true`. + # + # If you do not include this parameter, it defaults to 100. Note that + # IAM might return fewer results, even when more results are available. + # In that case, the `IsTruncated` response element returns `true`, and + # `Marker` contains a value to include in the subsequent call that tells + # the service where to continue from. + # + # @return [Types::ListSAMLProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::ListSAMLProviderTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; + # * {Types::ListSAMLProviderTagsResponse#is_truncated #is_truncated} => Boolean + # * {Types::ListSAMLProviderTagsResponse#marker #marker} => String + # + # @example Request syntax with placeholder values + # + # resp = client.list_saml_provider_tags({ + # saml_provider_arn: "arnType", # required + # marker: "markerType", + # max_items: 1, + # }) + # + # @example Response structure + # + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String + # resp.is_truncated #=> Boolean + # resp.marker #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviderTags AWS API Documentation + # + # @overload list_saml_provider_tags(params = {}) + # @param [Hash] params ({}) + def list_saml_provider_tags(params = {}, options = {}) + req = build_request(:list_saml_provider_tags, params) + req.send_request(options) + end + + # Lists the SAML provider resource objects defined in IAM in the + # account. IAM resource-listing operations return a subset of the + # available attributes for the resource. For example, this operation + # does not return tags, even though they are an attribute of the + # returned object. To view all of the information for a SAML provider, + # see GetSAMLProvider. + # + # This operation requires [Signature Version 4][1]. + # + # + # # [1]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html # # @return [Types::ListSAMLProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListSAMLProvidersResponse#saml_provider_list #saml_provider_list} => Array&lt;Types::SAMLProviderListEntry&gt; @@ -7735,11 +8285,11 @@ # list. # # The SSH public keys returned by this operation are used only for # authenticating the IAM user to an AWS CodeCommit repository. For more # information about using SSH keys to authenticate to an AWS CodeCommit - # repository, see [Set up AWS CodeCommit for SSH Connections][1] in the + # repository, see [Set up AWS CodeCommit for SSH connections][1] in the # *AWS CodeCommit User Guide*. # # Although each user is limited to a small number of keys, you can still # paginate the results using the `MaxItems` and `Marker` parameters. # @@ -7811,23 +8361,110 @@ def list_ssh_public_keys(params = {}, options = {}) req = build_request(:list_ssh_public_keys, params) req.send_request(options) end + # Lists the tags that are attached to the specified IAM server + # certificate. The returned list of tags is sorted by tag key. For more + # information about tagging, see [Tagging IAM resources][1] in the *IAM + # User Guide*. + # + # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager + # (ACM), we recommend that you don't use IAM server certificates. + # Instead, use ACM to provision, manage, and deploy your server + # certificates. For more information about IAM server certificates, + # [Working with server certificates][2] in the *IAM User Guide*. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html + # + # @option params [required, String] :server_certificate_name + # The name of the IAM server certificate whose tags you want to see. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [String] :marker + # Use this parameter only when paginating results and only after you + # receive a response indicating that the results are truncated. Set it + # to the value of the `Marker` element in the response that you received + # to indicate where the next call should start. + # + # @option params [Integer] :max_items + # (Optional) Use this only when paginating results to indicate the + # maximum number of items that you want in the response. If additional + # items exist beyond the maximum that you specify, the `IsTruncated` + # response element is `true`. + # + # If you do not include this parameter, it defaults to 100. Note that + # IAM might return fewer results, even when more results are available. + # In that case, the `IsTruncated` response element returns `true`, and + # `Marker` contains a value to include in the subsequent call that tells + # the service where to continue from. + # + # @return [Types::ListServerCertificateTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::ListServerCertificateTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; + # * {Types::ListServerCertificateTagsResponse#is_truncated #is_truncated} => Boolean + # * {Types::ListServerCertificateTagsResponse#marker #marker} => String + # + # @example Request syntax with placeholder values + # + # resp = client.list_server_certificate_tags({ + # server_certificate_name: "serverCertificateNameType", # required + # marker: "markerType", + # max_items: 1, + # }) + # + # @example Response structure + # + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String + # resp.is_truncated #=> Boolean + # resp.marker #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificateTags AWS API Documentation + # + # @overload list_server_certificate_tags(params = {}) + # @param [Hash] params ({}) + def list_server_certificate_tags(params = {}, options = {}) + req = build_request(:list_server_certificate_tags, params) + req.send_request(options) + end + # Lists the server certificates stored in IAM that have the specified # path prefix. If none exist, the operation returns an empty list. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # For more information about working with server certificates, see - # [Working with Server Certificates][1] in the *IAM User Guide*. This + # [Working with server certificates][1] in the *IAM User Guide*. This # topic also includes a list of AWS services that can use the server # certificates that you manage with IAM. # + # <note markdown="1"> IAM resource-listing operations return a subset of the available + # attributes for the resource. For example, this operation does not + # return tags, even though they are an attribute of the returned object. + # To view all of the information for a servercertificate, see + # GetServerCertificate. # + # </note> # + # + # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html # # @option params [String] :path_prefix # The path prefix for filtering the results. For example: # `/company/servercerts` would get all server certificates for which the @@ -7903,11 +8540,11 @@ # Returns information about the service-specific credentials associated # with the specified IAM user. If none exists, the operation returns an # empty list. The service-specific credentials returned by this # operation are used only for authenticating the IAM user to a specific # service. For more information about using service-specific credentials - # to authenticate to an AWS service, see [Set Up service-specific + # to authenticate to an AWS service, see [Set up service-specific # credentials][1] in the AWS CodeCommit User Guide. # # # # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html @@ -7969,13 +8606,14 @@ # certificates, you can still paginate the results using the `MaxItems` # and `Marker` parameters. # # If the `UserName` field is not specified, the user name is determined # implicitly based on the AWS access key ID used to sign the request for - # this API. This operation works for access keys under the AWS account. - # Consequently, you can use this operation to manage AWS account root - # user credentials even if the AWS account has no associated users. + # this operation. This operation works for access keys under the AWS + # account. Consequently, you can use this operation to manage AWS + # account root user credentials even if the AWS account has no + # associated users. # # @option params [String] :user_name # The name of the IAM user whose signing certificates you want to # examine. # @@ -8067,11 +8705,11 @@ # user. # # An IAM user can also have managed policies attached to it. To list the # managed policies that are attached to a user, use # ListAttachedUserPolicies. For more information about policies, see - # [Managed Policies and Inline Policies][1] in the *IAM User Guide*. + # [Managed policies and inline policies][1] in the *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. If there are no inline policies embedded with the # specified user, the operation returns an empty list. # @@ -8138,13 +8776,13 @@ def list_user_policies(params = {}, options = {}) req = build_request(:list_user_policies, params) req.send_request(options) end - # Lists the tags that are attached to the specified user. The returned - # list of tags is sorted by tag key. For more information about tagging, - # see [Tagging IAM Identities][1] in the *IAM User Guide*. + # Lists the tags that are attached to the specified IAM user. The + # returned list of tags is sorted by tag key. For more information about + # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # @@ -8235,10 +8873,17 @@ # Lists the IAM users that have the specified path prefix. If no path # prefix is specified, the operation returns all users in the AWS # account. If there are none, the operation returns an empty list. # + # <note markdown="1"> IAM resource-listing operations return a subset of the available + # attributes for the resource. For example, this operation does not + # return tags, even though they are an attribute of the returned object. + # To view all of the information for a user, see GetUser. + # + # </note> + # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [String] :path_prefix # The path prefix for filtering the results. For example: @@ -8349,10 +8994,18 @@ # Lists the virtual MFA devices defined in the AWS account by assignment # status. If you do not specify an assignment status, the operation # returns a list of all virtual MFA devices. Assignment status can be # `Assigned`, `Unassigned`, or `Any`. # + # <note markdown="1"> IAM resource-listing operations return a subset of the available + # attributes for the resource. For example, this operation does not + # return tags, even though they are an attribute of the returned object. + # To view all of the information for a virtual MFA device, see + # ListVirtualMFADevices. + # + # </note> + # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [String] :assignment_status # The status (`Unassigned` or `Assigned`) of the devices to list. If you @@ -8428,10 +9081,13 @@ # resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_arn #=> String # resp.virtual_mfa_devices[0].user.tags #=> Array # resp.virtual_mfa_devices[0].user.tags[0].key #=> String # resp.virtual_mfa_devices[0].user.tags[0].value #=> String # resp.virtual_mfa_devices[0].enable_date #=> Time + # resp.virtual_mfa_devices[0].tags #=> Array + # resp.virtual_mfa_devices[0].tags[0].key #=> String + # resp.virtual_mfa_devices[0].tags[0].value #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListVirtualMFADevices AWS API Documentation # @@ -8446,27 +9102,27 @@ # specified IAM group. # # A user can also have managed policies attached to it. To attach a # managed policy to a group, use AttachGroupPolicy. To create a new # managed policy, use CreatePolicy. For information about policies, see - # [Managed Policies and Inline Policies][1] in the *IAM User Guide*. + # [Managed policies and inline policies][1] in the *IAM User Guide*. # - # For information about limits on the number of inline policies that you - # can embed in a group, see [Limitations on IAM Entities][2] in the *IAM - # User Guide*. + # For information about the maximum number of inline policies that you + # can embed in a group, see [IAM and STS quotas][2] in the *IAM User + # Guide*. # # <note markdown="1"> Because policy documents can be large, you should use POST rather than # GET when calling `PutGroupPolicy`. For general information about using - # the Query API with IAM, go to [Making Query Requests][3] in the *IAM + # the Query API with IAM, see [Making query requests][3] in the *IAM # User Guide*. # # </note> # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html - # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html # # @option params [required, String] :group_name # The name of the group to associate the policy with. # @@ -8555,11 +9211,11 @@ # You cannot set the boundary for a service-linked role. # # Policies used as permissions boundaries do not provide permissions. # You must also attach a permissions policy to the role. To learn how # the effective permissions for a role are evaluated, see [IAM JSON - # Policy Evaluation Logic][1] in the IAM User Guide. + # policy evaluation logic][1] in the IAM User Guide. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html # @@ -8594,34 +9250,34 @@ # # When you embed an inline policy in a role, the inline policy is used # as part of the role's access (permissions) policy. The role's trust # policy is created at the same time as the role, using CreateRole. You # can update a role's trust policy using UpdateAssumeRolePolicy. For - # more information about IAM roles, go to [Using Roles to Delegate - # Permissions and Federate Identities][1]. + # more information about IAM roles, see [Using roles to delegate + # permissions and federate identities][1]. # # A role can also have a managed policy attached to it. To attach a # managed policy to a role, use AttachRolePolicy. To create a new # managed policy, use CreatePolicy. For information about policies, see - # [Managed Policies and Inline Policies][2] in the *IAM User Guide*. + # [Managed policies and inline policies][2] in the *IAM User Guide*. # - # For information about limits on the number of inline policies that you - # can embed with a role, see [Limitations on IAM Entities][3] in the - # *IAM User Guide*. + # For information about the maximum number of inline policies that you + # can embed with a role, see [IAM and STS quotas][3] in the *IAM User + # Guide*. # # <note markdown="1"> Because policy documents can be large, you should use POST rather than # GET when calling `PutRolePolicy`. For general information about using - # the Query API with IAM, go to [Making Query Requests][4] in the *IAM + # the Query API with IAM, see [Making query requests][4] in the *IAM # User Guide*. # # </note> # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html - # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html + # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html # # @option params [required, String] :role_name # The name of the role to associate the policy with. # @@ -8708,11 +9364,11 @@ # permissions for the user. # # Policies that are used as permissions boundaries do not provide # permissions. You must also attach a permissions policy to the user. To # learn how the effective permissions for a user are evaluated, see [IAM - # JSON Policy Evaluation Logic][1] in the IAM User Guide. + # JSON policy evaluation logic][1] in the IAM User Guide. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html # @@ -8746,27 +9402,27 @@ # specified IAM user. # # An IAM user can also have a managed policy attached to it. To attach a # managed policy to a user, use AttachUserPolicy. To create a new # managed policy, use CreatePolicy. For information about policies, see - # [Managed Policies and Inline Policies][1] in the *IAM User Guide*. + # [Managed policies and inline policies][1] in the *IAM User Guide*. # - # For information about limits on the number of inline policies that you - # can embed in a user, see [Limitations on IAM Entities][2] in the *IAM - # User Guide*. + # For information about the maximum number of inline policies that you + # can embed in a user, see [IAM and STS quotas][2] in the *IAM User + # Guide*. # # <note markdown="1"> Because policy documents can be large, you should use POST rather than # GET when calling `PutUserPolicy`. For general information about using - # the Query API with IAM, go to [Making Query Requests][3] in the *IAM + # the Query API with IAM, see [Making query requests][3] in the *IAM # User Guide*. # # </note> # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html - # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html # # @option params [required, String] :user_name # The name of the user to associate the policy with. # @@ -8855,12 +9511,12 @@ # @option params [required, String] :open_id_connect_provider_arn # The Amazon Resource Name (ARN) of the IAM OIDC provider resource to # remove the client ID from. You can get a list of OIDC provider ARNs by # using the ListOpenIDConnectProviders operation. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -8893,13 +9549,13 @@ # Make sure that you do not have any Amazon EC2 instances running with # the role you are about to remove from the instance profile. Removing a # role from an instance profile that is associated with a running # instance might break any applications running on the instance. # - # For more information about IAM roles, go to [Working with Roles][1]. - # For more information about instance profiles, go to [About Instance - # Profiles][2]. + # For more information about IAM roles, see [Working with roles][1]. For + # more information about instance profiles, see [About instance + # profiles][2]. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html @@ -9072,12 +9728,11 @@ # Synchronizes the specified MFA device with its IAM resource object on # the AWS servers. # # For more information about creating and working with virtual MFA - # devices, go to [Using a Virtual MFA Device][1] in the *IAM User - # Guide*. + # devices, see [Using a virtual MFA device][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html # @@ -9138,35 +9793,35 @@ # Sets the specified version of the specified policy as the policy's # default (operative) version. # # This operation affects all users, groups, and roles that the policy is # attached to. To list the users, groups, and roles that the policy is - # attached to, use the ListEntitiesForPolicy API. + # attached to, use ListEntitiesForPolicy. # - # For information about managed policies, see [Managed Policies and - # Inline Policies][1] in the *IAM User Guide*. + # For information about managed policies, see [Managed policies and + # inline policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy whose default version # you want to set. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [required, String] :version_id # The version of the policy to set as the default (operative) version. # # For more information about managed policy versions, see [Versioning - # for Managed Policies][1] in the *IAM User Guide*. + # for managed policies][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # @@ -9194,41 +9849,42 @@ # By default, AWS Security Token Service (STS) is available as a global # service, and all STS requests go to a single endpoint at # `https://sts.amazonaws.com`. AWS recommends using Regional STS # endpoints to reduce latency, build in redundancy, and increase session # token availability. For information about Regional endpoints for STS, - # see [AWS Regions and Endpoints][1] in the *AWS General Reference*. + # see [AWS AWS Security Token Service endpoints and quotas][1] in the + # *AWS General Reference*. # # If you make an STS call to the global endpoint, the resulting session # tokens might be valid in some Regions but not others. It depends on # the version that is set in this operation. Version 1 tokens are valid # only in AWS Regions that are available by default. These tokens do not # work in manually enabled Regions, such as Asia Pacific (Hong Kong). # Version 2 tokens are valid in all Regions. However, version 2 tokens # are longer and might affect systems where you temporarily store - # tokens. For information, see [Activating and Deactivating STS in an - # AWS Region][2] in the *IAM User Guide*. + # tokens. For information, see [Activating and deactivating STS in an + # AWS region][2] in the *IAM User Guide*. # # To view the current session token version, see the # `GlobalEndpointTokenVersion` entry in the response of the # GetAccountSummary operation. # # # - # [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region + # [1]: https://docs.aws.amazon.com/general/latest/gr/sts.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html # # @option params [required, String] :global_endpoint_token_version # The version of the global endpoint token. Version 1 tokens are valid # only in AWS Regions that are available by default. These tokens do not # work in manually enabled Regions, such as Asia Pacific (Hong Kong). # Version 2 tokens are valid in all Regions. However, version 2 tokens # are longer and might affect systems where you temporarily store # tokens. # - # For information, see [Activating and Deactivating STS in an AWS - # Region][1] in the *IAM User Guide*. + # For information, see [Activating and deactivating STS in an AWS + # region][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html # @@ -9263,11 +9919,12 @@ # determine the policies' effective permissions. The policies are # provided as strings. # # The simulation does not perform the API operations; it only checks the # authorization to determine if the simulated policies allow or deny the - # operations. + # operations. You can simulate resources that don't exist in your + # account. # # If you want to simulate existing policies that are attached to an IAM # user, group, or role, use SimulatePrincipalPolicy instead. # # Context keys are variables that are maintained by AWS and its services @@ -9277,10 +9934,18 @@ # require for correct simulation, use GetContextKeysForCustomPolicy. # # If the output is long, you can use `MaxItems` and `Marker` parameters # to paginate the results. # + # For more information about using the policy simulator, see [Testing + # IAM policies with the IAM policy simulator ][1]in the *IAM User + # Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html + # # @option params [required, Array<String>] :policy_input_list # A list of policy documents to include in the simulation. Each document # is specified as a string containing the complete, valid JSON text of # an IAM policy. Do not include any resource-based policies in this # parameter. Any resource-based policy must be submitted with the @@ -9311,11 +9976,11 @@ # @option params [Array<String>] :permissions_boundary_policy_input_list # The IAM permissions boundary policy to simulate. The permissions # boundary sets the maximum permissions that an IAM entity can have. You # can input only one permissions boundary when you pass a policy to this # operation. For more information about permissions boundaries, see - # [Permissions Boundaries for IAM Entities][1] in the *IAM User Guide*. + # [Permissions boundaries for IAM entities][1] in the *IAM User Guide*. # The policy input is specified as a string that contains the complete, # valid JSON text of a permissions boundary policy. # # The [regex pattern][2] used to validate this parameter is a string of # characters consisting of the following: @@ -9344,23 +10009,24 @@ # A list of ARNs of AWS resources to include in the simulation. If this # parameter is not provided, then the value defaults to `*` (all # resources). Each API in the `ActionNames` parameter is evaluated for # each resource in this list. The simulation determines the access # result (allowed or denied) of each combination and reports it in the - # response. + # response. You can simulate resources that don't exist in your + # account. # # The simulation does not automatically retrieve policies for the # specified resources. If you want to include a resource policy in the # simulation, then you must include the policy as a string in the # `ResourcePolicy` parameter. # # If you include a `ResourcePolicy`, then it must be applicable to all # of the resources included in the simulation or you receive an invalid # input error. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -9432,11 +10098,11 @@ # and security-group resources. If your scenario includes an EBS volume, # then you must specify that volume as a resource. If the EC2 scenario # includes VPC, then you must supply the network-interface resource. If # it includes an IP subnet, then you must specify the subnet resource. # For more information on the EC2 scenario options, see [Supported - # Platforms][1] in the *Amazon EC2 User Guide*. + # platforms][1] in the *Amazon EC2 User Guide*. # # * **EC2-Classic-InstanceStore** # # instance, image, security-group # @@ -9560,11 +10226,12 @@ # Simulate how a set of IAM policies attached to an IAM entity works # with a list of API operations and AWS resources to determine the # policies' effective permissions. The entity can be an IAM user, # group, or role. If you specify a user, then the simulation also # includes all of the policies that are attached to groups that the user - # belongs to. + # belongs to. You can simulate resources that don't exist in your + # account. # # You can optionally include a list of one or more additional policies # specified as strings to include in the simulation. If you want to # simulate only policies specified as strings, use SimulateCustomPolicy # instead. @@ -9574,12 +10241,12 @@ # # The simulation does not perform the API operations; it only checks the # authorization to determine if the simulated policies allow or deny the # operations. # - # **Note:** This API discloses information about the permissions granted - # to other users. If you do not want users to see other user's + # **Note:** This operation discloses information about the permissions + # granted to other users. If you do not want users to see other user's # permissions, then consider allowing them to use SimulateCustomPolicy # instead. # # Context keys are variables maintained by AWS and its services that # provide details about the context of an API query request. You can use @@ -9588,20 +10255,28 @@ # simulation, use GetContextKeysForPrincipalPolicy. # # If the output is long, you can use the `MaxItems` and `Marker` # parameters to paginate the results. # + # For more information about using the policy simulator, see [Testing + # IAM policies with the IAM policy simulator ][1]in the *IAM User + # Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html + # # @option params [required, String] :policy_source_arn # The Amazon Resource Name (ARN) of a user, group, or role whose # policies you want to include in the simulation. If you specify a user, # group, or role, the simulation includes all policies that are # associated with that entity. If you specify a user, the simulation # also includes all policies that are attached to any groups the user # belongs to. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -9633,11 +10308,11 @@ # operation. An IAM entity can only have one permissions boundary in # effect at a time. For example, if a permissions boundary is attached # to an entity and you pass in a different permissions boundary policy # using this parameter, then the new permissions boundary policy is used # for the simulation. For more information about permissions boundaries, - # see [Permissions Boundaries for IAM Entities][1] in the *IAM User + # see [Permissions boundaries for IAM entities][1] in the *IAM User # Guide*. The policy input is specified as a string containing the # complete, valid JSON text of a permissions boundary policy. # # The [regex pattern][2] used to validate this parameter is a string of # characters consisting of the following: @@ -9665,19 +10340,20 @@ # A list of ARNs of AWS resources to include in the simulation. If this # parameter is not provided, then the value defaults to `*` (all # resources). Each API in the `ActionNames` parameter is evaluated for # each resource in this list. The simulation determines the access # result (allowed or denied) of each combination and reports it in the - # response. + # response. You can simulate resources that don't exist in your + # account. # # The simulation does not automatically retrieve policies for the # specified resources. If you want to include a resource policy in the # simulation, then you must include the policy as a string in the # `ResourcePolicy` parameter. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -9731,12 +10407,12 @@ # `CallerArn` is required if you include a `ResourcePolicy` and the # `PolicySourceArn` is not the ARN for an IAM user. This is required so # that the resource-based policy's `Principal` element has a value to # use in evaluating the policy. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -9759,11 +10435,11 @@ # and security group resources. If your scenario includes an EBS volume, # then you must specify that volume as a resource. If the EC2 scenario # includes VPC, then you must supply the network interface resource. If # it includes an IP subnet, then you must specify the subnet resource. # For more information on the EC2 scenario options, see [Supported - # Platforms][1] in the *Amazon EC2 User Guide*. + # platforms][1] in the *Amazon EC2 User Guide*. # # * **EC2-Classic-InstanceStore** # # instance, image, security group # @@ -9883,10 +10559,313 @@ def simulate_principal_policy(params = {}, options = {}) req = build_request(:simulate_principal_policy, params) req.send_request(options) end + # Adds one or more tags to an IAM instance profile. If a tag with the + # same key name already exists, then that tag is overwritten with the + # new value. + # + # Each tag consists of a key name and an associated value. By assigning + # tags to your resources, you can do the following: + # + # * **Administrative grouping and discovery** - Attach tags to resources + # to aid in organization and search. For example, you could search for + # all resources with the key name *Project* and the value + # *MyImportantProject*. Or search for all resources with the key name + # *Cost Center* and the value *41200*. + # + # * **Access control** - Include tags in IAM user-based and + # resource-based policies. You can use tags to restrict access to only + # an IAM instance profile that has a specified tag attached. For + # examples of policies that show how to use tags to control access, + # see [Control access using IAM tags][1] in the *IAM User Guide*. + # + # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed + # maximum number of tags, then the entire request fails and the + # resource is not created. For more information about tagging, see + # [Tagging IAM resources][2] in the *IAM User Guide*. + # + # * AWS always interprets the tag `Value` as a single string. If you + # need to store an array, you can store comma-separated values in the + # string. However, you must interpret the value in your code. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :instance_profile_name + # The name of the IAM instance profile to which you want to add tags. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<Types::Tag>] :tags + # The list of tags that you want to attach to the IAM instance profile. + # Each tag consists of a key name and an associated value. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.tag_instance_profile({ + # instance_profile_name: "instanceProfileNameType", # required + # tags: [ # required + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagInstanceProfile AWS API Documentation + # + # @overload tag_instance_profile(params = {}) + # @param [Hash] params ({}) + def tag_instance_profile(params = {}, options = {}) + req = build_request(:tag_instance_profile, params) + req.send_request(options) + end + + # Adds one or more tags to an IAM virtual multi-factor authentication + # (MFA) device. If a tag with the same key name already exists, then + # that tag is overwritten with the new value. + # + # A tag consists of a key name and an associated value. By assigning + # tags to your resources, you can do the following: + # + # * **Administrative grouping and discovery** - Attach tags to resources + # to aid in organization and search. For example, you could search for + # all resources with the key name *Project* and the value + # *MyImportantProject*. Or search for all resources with the key name + # *Cost Center* and the value *41200*. + # + # * **Access control** - Include tags in IAM user-based and + # resource-based policies. You can use tags to restrict access to only + # an IAM virtual MFA device that has a specified tag attached. For + # examples of policies that show how to use tags to control access, + # see [Control access using IAM tags][1] in the *IAM User Guide*. + # + # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed + # maximum number of tags, then the entire request fails and the + # resource is not created. For more information about tagging, see + # [Tagging IAM resources][2] in the *IAM User Guide*. + # + # * AWS always interprets the tag `Value` as a single string. If you + # need to store an array, you can store comma-separated values in the + # string. However, you must interpret the value in your code. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :serial_number + # The unique identifier for the IAM virtual MFA device to which you want + # to add tags. For virtual MFA devices, the serial number is the same as + # the ARN. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<Types::Tag>] :tags + # The list of tags that you want to attach to the IAM virtual MFA + # device. Each tag consists of a key name and an associated value. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.tag_mfa_device({ + # serial_number: "serialNumberType", # required + # tags: [ # required + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagMFADevice AWS API Documentation + # + # @overload tag_mfa_device(params = {}) + # @param [Hash] params ({}) + def tag_mfa_device(params = {}, options = {}) + req = build_request(:tag_mfa_device, params) + req.send_request(options) + end + + # Adds one or more tags to an OpenID Connect (OIDC)-compatible identity + # provider. For more information about these providers, see [About web + # identity federation][1]. If a tag with the same key name already + # exists, then that tag is overwritten with the new value. + # + # A tag consists of a key name and an associated value. By assigning + # tags to your resources, you can do the following: + # + # * **Administrative grouping and discovery** - Attach tags to resources + # to aid in organization and search. For example, you could search for + # all resources with the key name *Project* and the value + # *MyImportantProject*. Or search for all resources with the key name + # *Cost Center* and the value *41200*. + # + # * **Access control** - Include tags in IAM user-based and + # resource-based policies. You can use tags to restrict access to only + # an OIDC provider that has a specified tag attached. For examples of + # policies that show how to use tags to control access, see [Control + # access using IAM tags][2] in the *IAM User Guide*. + # + # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed + # maximum number of tags, then the entire request fails and the + # resource is not created. For more information about tagging, see + # [Tagging IAM resources][3] in the *IAM User Guide*. + # + # * AWS always interprets the tag `Value` as a single string. If you + # need to store an array, you can store comma-separated values in the + # string. However, you must interpret the value in your code. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html + # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :open_id_connect_provider_arn + # The ARN of the OIDC identity provider in IAM to which you want to add + # tags. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<Types::Tag>] :tags + # The list of tags that you want to attach to the OIDC identity provider + # in IAM. Each tag consists of a key name and an associated value. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.tag_open_id_connect_provider({ + # open_id_connect_provider_arn: "arnType", # required + # tags: [ # required + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagOpenIDConnectProvider AWS API Documentation + # + # @overload tag_open_id_connect_provider(params = {}) + # @param [Hash] params ({}) + def tag_open_id_connect_provider(params = {}, options = {}) + req = build_request(:tag_open_id_connect_provider, params) + req.send_request(options) + end + + # Adds one or more tags to an IAM customer managed policy. If a tag with + # the same key name already exists, then that tag is overwritten with + # the new value. + # + # A tag consists of a key name and an associated value. By assigning + # tags to your resources, you can do the following: + # + # * **Administrative grouping and discovery** - Attach tags to resources + # to aid in organization and search. For example, you could search for + # all resources with the key name *Project* and the value + # *MyImportantProject*. Or search for all resources with the key name + # *Cost Center* and the value *41200*. + # + # * **Access control** - Include tags in IAM user-based and + # resource-based policies. You can use tags to restrict access to only + # an IAM customer managed policy that has a specified tag attached. + # For examples of policies that show how to use tags to control + # access, see [Control access using IAM tags][1] in the *IAM User + # Guide*. + # + # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed + # maximum number of tags, then the entire request fails and the + # resource is not created. For more information about tagging, see + # [Tagging IAM resources][2] in the *IAM User Guide*. + # + # * AWS always interprets the tag `Value` as a single string. If you + # need to store an array, you can store comma-separated values in the + # string. However, you must interpret the value in your code. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :policy_arn + # The ARN of the IAM customer managed policy to which you want to add + # tags. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<Types::Tag>] :tags + # The list of tags that you want to attach to the IAM customer managed + # policy. Each tag consists of a key name and an associated value. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.tag_policy({ + # policy_arn: "arnType", # required + # tags: [ # required + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagPolicy AWS API Documentation + # + # @overload tag_policy(params = {}) + # @param [Hash] params ({}) + def tag_policy(params = {}, options = {}) + req = build_request(:tag_policy, params) + req.send_request(options) + end + # Adds one or more tags to an IAM role. The role can be a regular role # or a service-linked role. If a tag with the same key name already # exists, then that tag is overwritten with the new value. # # A tag consists of a key name and an associated value. By assigning @@ -9896,41 +10875,41 @@ # to aid in organization and search. For example, you could search for # all resources with the key name *Project* and the value # *MyImportantProject*. Or search for all resources with the key name # *Cost Center* and the value *41200*. # - # * **Access control** - Reference tags in IAM user-based and + # * **Access control** - Include tags in IAM user-based and # resource-based policies. You can use tags to restrict access to only - # an IAM user or role that has a specified tag attached. You can also - # restrict access to only those resources that have a certain tag - # attached. For examples of policies that show how to use tags to - # control access, see [Control Access Using IAM Tags][1] in the *IAM - # User Guide*. + # an IAM role that has a specified tag attached. You can also restrict + # access to only those resources that have a certain tag attached. For + # examples of policies that show how to use tags to control access, + # see [Control access using IAM tags][1] in the *IAM User Guide*. # # * **Cost allocation** - Use tags to help track which individuals and # teams are using which AWS resources. # - # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed - # the allowed number of tags per role. In either case, the entire - # request fails and *no* tags are added to the role. + # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed + # maximum number of tags, then the entire request fails and the + # resource is not created. For more information about tagging, see + # [Tagging IAM resources][2] in the *IAM User Guide*. # # * AWS always interprets the tag `Value` as a single string. If you # need to store an array, you can store comma-separated values in the # string. However, you must interpret the value in your code. # # </note> # - # For more information about tagging, see [Tagging IAM Identities][2] in + # For more information about tagging, see [Tagging IAM identities][2] in # the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # # @option params [required, String] :role_name - # The name of the role that you want to add tags to. + # The name of the IAM role to which you want to add tags. # # This parameter accepts (through its [regex pattern][1]) a string of # characters that consist of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- @@ -9938,13 +10917,12 @@ # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, Array<Types::Tag>] :tags - # The list of tags that you want to attach to the role. Each tag - # consists of a key name and an associated value. You can specify this - # with a JSON string. + # The list of tags that you want to attach to the IAM role. Each tag + # consists of a key name and an associated value. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # # @example Example: To add a tag key and value to an IAM role @@ -9984,10 +10962,173 @@ def tag_role(params = {}, options = {}) req = build_request(:tag_role, params) req.send_request(options) end + # Adds one or more tags to a Security Assertion Markup Language (SAML) + # identity provider. For more information about these providers, see + # [About SAML 2.0-based federation ][1]. If a tag with the same key name + # already exists, then that tag is overwritten with the new value. + # + # A tag consists of a key name and an associated value. By assigning + # tags to your resources, you can do the following: + # + # * **Administrative grouping and discovery** - Attach tags to resources + # to aid in organization and search. For example, you could search for + # all resources with the key name *Project* and the value + # *MyImportantProject*. Or search for all resources with the key name + # *Cost Center* and the value *41200*. + # + # * **Access control** - Include tags in IAM user-based and + # resource-based policies. You can use tags to restrict access to only + # a SAML identity provider that has a specified tag attached. For + # examples of policies that show how to use tags to control access, + # see [Control access using IAM tags][2] in the *IAM User Guide*. + # + # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed + # maximum number of tags, then the entire request fails and the + # resource is not created. For more information about tagging, see + # [Tagging IAM resources][3] in the *IAM User Guide*. + # + # * AWS always interprets the tag `Value` as a single string. If you + # need to store an array, you can store comma-separated values in the + # string. However, you must interpret the value in your code. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html + # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :saml_provider_arn + # The ARN of the SAML identity provider in IAM to which you want to add + # tags. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<Types::Tag>] :tags + # The list of tags that you want to attach to the SAML identity provider + # in IAM. Each tag consists of a key name and an associated value. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.tag_saml_provider({ + # saml_provider_arn: "arnType", # required + # tags: [ # required + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagSAMLProvider AWS API Documentation + # + # @overload tag_saml_provider(params = {}) + # @param [Hash] params ({}) + def tag_saml_provider(params = {}, options = {}) + req = build_request(:tag_saml_provider, params) + req.send_request(options) + end + + # Adds one or more tags to an IAM server certificate. If a tag with the + # same key name already exists, then that tag is overwritten with the + # new value. + # + # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager + # (ACM), we recommend that you don't use IAM server certificates. + # Instead, use ACM to provision, manage, and deploy your server + # certificates. For more information about IAM server certificates, + # [Working with server certificates][1] in the *IAM User Guide*. + # + # </note> + # + # A tag consists of a key name and an associated value. By assigning + # tags to your resources, you can do the following: + # + # * **Administrative grouping and discovery** - Attach tags to resources + # to aid in organization and search. For example, you could search for + # all resources with the key name *Project* and the value + # *MyImportantProject*. Or search for all resources with the key name + # *Cost Center* and the value *41200*. + # + # * **Access control** - Include tags in IAM user-based and + # resource-based policies. You can use tags to restrict access to only + # a server certificate that has a specified tag attached. For examples + # of policies that show how to use tags to control access, see + # [Control access using IAM tags][2] in the *IAM User Guide*. + # + # * **Cost allocation** - Use tags to help track which individuals and + # teams are using which AWS resources. + # + # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed + # maximum number of tags, then the entire request fails and the + # resource is not created. For more information about tagging, see + # [Tagging IAM resources][3] in the *IAM User Guide*. + # + # * AWS always interprets the tag `Value` as a single string. If you + # need to store an array, you can store comma-separated values in the + # string. However, you must interpret the value in your code. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html + # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :server_certificate_name + # The name of the IAM server certificate to which you want to add tags. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<Types::Tag>] :tags + # The list of tags that you want to attach to the IAM server + # certificate. Each tag consists of a key name and an associated value. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.tag_server_certificate({ + # server_certificate_name: "serverCertificateNameType", # required + # tags: [ # required + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagServerCertificate AWS API Documentation + # + # @overload tag_server_certificate(params = {}) + # @param [Hash] params ({}) + def tag_server_certificate(params = {}, options = {}) + req = build_request(:tag_server_certificate, params) + req.send_request(options) + end + # Adds one or more tags to an IAM user. If a tag with the same key name # already exists, then that tag is overwritten with the new value. # # A tag consists of a key name and an associated value. By assigning # tags to your resources, you can do the following: @@ -9996,41 +11137,42 @@ # to aid in organization and search. For example, you could search for # all resources with the key name *Project* and the value # *MyImportantProject*. Or search for all resources with the key name # *Cost Center* and the value *41200*. # - # * **Access control** - Reference tags in IAM user-based and + # * **Access control** - Include tags in IAM user-based and # resource-based policies. You can use tags to restrict access to only - # an IAM requesting user or to a role that has a specified tag - # attached. You can also restrict access to only those resources that - # have a certain tag attached. For examples of policies that show how - # to use tags to control access, see [Control Access Using IAM - # Tags][1] in the *IAM User Guide*. + # an IAM requesting user that has a specified tag attached. You can + # also restrict access to only those resources that have a certain tag + # attached. For examples of policies that show how to use tags to + # control access, see [Control access using IAM tags][1] in the *IAM + # User Guide*. # # * **Cost allocation** - Use tags to help track which individuals and # teams are using which AWS resources. # - # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed - # the allowed number of tags per role. In either case, the entire - # request fails and *no* tags are added to the role. + # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed + # maximum number of tags, then the entire request fails and the + # resource is not created. For more information about tagging, see + # [Tagging IAM resources][2] in the *IAM User Guide*. # # * AWS always interprets the tag `Value` as a single string. If you # need to store an array, you can store comma-separated values in the # string. However, you must interpret the value in your code. # # </note> # - # For more information about tagging, see [Tagging IAM Identities][2] in + # For more information about tagging, see [Tagging IAM identities][2] in # the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # # @option params [required, String] :user_name - # The name of the user that you want to add tags to. + # The name of the IAM user to which you want to add tags. # # This parameter accepts (through its [regex pattern][1]) a string of # characters that consist of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- @@ -10038,11 +11180,11 @@ # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, Array<Types::Tag>] :tags - # The list of tags that you want to attach to the user. Each tag + # The list of tags that you want to attach to the IAM user. Each tag # consists of a key name and an associated value. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @@ -10083,12 +11225,188 @@ def tag_user(params = {}, options = {}) req = build_request(:tag_user, params) req.send_request(options) end + # Removes the specified tags from the IAM instance profile. For more + # information about tagging, see [Tagging IAM resources][1] in the *IAM + # User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :instance_profile_name + # The name of the IAM instance profile from which you want to remove + # tags. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<String>] :tag_keys + # A list of key names as a simple array of strings. The tags with + # matching keys are removed from the specified instance profile. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.untag_instance_profile({ + # instance_profile_name: "instanceProfileNameType", # required + # tag_keys: ["tagKeyType"], # required + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagInstanceProfile AWS API Documentation + # + # @overload untag_instance_profile(params = {}) + # @param [Hash] params ({}) + def untag_instance_profile(params = {}, options = {}) + req = build_request(:untag_instance_profile, params) + req.send_request(options) + end + + # Removes the specified tags from the IAM virtual multi-factor + # authentication (MFA) device. For more information about tagging, see + # [Tagging IAM resources][1] in the *IAM User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :serial_number + # The unique identifier for the IAM virtual MFA device from which you + # want to remove tags. For virtual MFA devices, the serial number is the + # same as the ARN. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<String>] :tag_keys + # A list of key names as a simple array of strings. The tags with + # matching keys are removed from the specified instance profile. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.untag_mfa_device({ + # serial_number: "serialNumberType", # required + # tag_keys: ["tagKeyType"], # required + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagMFADevice AWS API Documentation + # + # @overload untag_mfa_device(params = {}) + # @param [Hash] params ({}) + def untag_mfa_device(params = {}, options = {}) + req = build_request(:untag_mfa_device, params) + req.send_request(options) + end + + # Removes the specified tags from the specified OpenID Connect + # (OIDC)-compatible identity provider in IAM. For more information about + # OIDC providers, see [About web identity federation][1]. For more + # information about tagging, see [Tagging IAM resources][2] in the *IAM + # User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :open_id_connect_provider_arn + # The ARN of the OIDC provider in IAM from which you want to remove + # tags. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<String>] :tag_keys + # A list of key names as a simple array of strings. The tags with + # matching keys are removed from the specified OIDC provider. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.untag_open_id_connect_provider({ + # open_id_connect_provider_arn: "arnType", # required + # tag_keys: ["tagKeyType"], # required + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagOpenIDConnectProvider AWS API Documentation + # + # @overload untag_open_id_connect_provider(params = {}) + # @param [Hash] params ({}) + def untag_open_id_connect_provider(params = {}, options = {}) + req = build_request(:untag_open_id_connect_provider, params) + req.send_request(options) + end + + # Removes the specified tags from the customer managed policy. For more + # information about tagging, see [Tagging IAM resources][1] in the *IAM + # User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :policy_arn + # The ARN of the IAM customer managed policy from which you want to + # remove tags. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<String>] :tag_keys + # A list of key names as a simple array of strings. The tags with + # matching keys are removed from the specified policy. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.untag_policy({ + # policy_arn: "arnType", # required + # tag_keys: ["tagKeyType"], # required + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagPolicy AWS API Documentation + # + # @overload untag_policy(params = {}) + # @param [Hash] params ({}) + def untag_policy(params = {}, options = {}) + req = build_request(:untag_policy, params) + req.send_request(options) + end + # Removes the specified tags from the role. For more information about - # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*. + # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # @@ -10136,12 +11454,110 @@ def untag_role(params = {}, options = {}) req = build_request(:untag_role, params) req.send_request(options) end + # Removes the specified tags from the specified Security Assertion + # Markup Language (SAML) identity provider in IAM. For more information + # about these providers, see [About web identity federation][1]. For + # more information about tagging, see [Tagging IAM resources][2] in the + # *IAM User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # + # @option params [required, String] :saml_provider_arn + # The ARN of the SAML identity provider in IAM from which you want to + # remove tags. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<String>] :tag_keys + # A list of key names as a simple array of strings. The tags with + # matching keys are removed from the specified SAML identity provider. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.untag_saml_provider({ + # saml_provider_arn: "arnType", # required + # tag_keys: ["tagKeyType"], # required + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagSAMLProvider AWS API Documentation + # + # @overload untag_saml_provider(params = {}) + # @param [Hash] params ({}) + def untag_saml_provider(params = {}, options = {}) + req = build_request(:untag_saml_provider, params) + req.send_request(options) + end + + # Removes the specified tags from the IAM server certificate. For more + # information about tagging, see [Tagging IAM resources][1] in the *IAM + # User Guide*. + # + # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager + # (ACM), we recommend that you don't use IAM server certificates. + # Instead, use ACM to provision, manage, and deploy your server + # certificates. For more information about IAM server certificates, + # [Working with server certificates][2] in the *IAM User Guide*. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html + # + # @option params [required, String] :server_certificate_name + # The name of the IAM server certificate from which you want to remove + # tags. + # + # This parameter accepts (through its [regex pattern][1]) a string of + # characters that consist of upper and lowercase alphanumeric characters + # with no spaces. You can also include any of the following characters: + # =,.@- + # + # + # + # [1]: http://wikipedia.org/wiki/regex + # + # @option params [required, Array<String>] :tag_keys + # A list of key names as a simple array of strings. The tags with + # matching keys are removed from the specified IAM server certificate. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.untag_server_certificate({ + # server_certificate_name: "serverCertificateNameType", # required + # tag_keys: ["tagKeyType"], # required + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagServerCertificate AWS API Documentation + # + # @overload untag_server_certificate(params = {}) + # @param [Hash] params ({}) + def untag_server_certificate(params = {}, options = {}) + req = build_request(:untag_server_certificate, params) + req.send_request(options) + end + # Removes the specified tags from the user. For more information about - # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*. + # tagging, see [Tagging IAM resources][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # @@ -10199,12 +11615,12 @@ # implicitly based on the AWS access key ID used to sign the request. # This operation works for access keys under the AWS account. # Consequently, you can use this operation to manage AWS account root # user credentials even if the AWS account has no associated users. # - # For information about rotating keys, see [Managing Keys and - # Certificates][1] in the *IAM User Guide*. + # For information about rotating keys, see [Managing keys and + # certificates][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html # @@ -10231,12 +11647,12 @@ # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :status # The status you want to assign to the secret access key. `Active` means - # that the key can be used for API calls to AWS, while `Inactive` means - # that the key cannot be used. + # that the key can be used for programmatic calls to AWS, while + # `Inactive` means that the key cannot be used. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # # @example Example: To activate or deactivate an access key for an IAM user @@ -10280,11 +11696,11 @@ # ^ # # </note> # # For more information about using a password policy, see [Managing an - # IAM Password Policy][1] in the *IAM User Guide*. + # IAM password policy][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html # @@ -10329,11 +11745,11 @@ # require at least one lowercase character. # # @option params [Boolean] :allow_users_to_change_password # Allows all IAM users in your account to use the AWS Management Console # to change their own passwords. For more information, see [Letting IAM - # Users Change Their Own Passwords][1] in the *IAM User Guide*. + # users change their own passwords][1] in the *IAM User Guide*. # # If you do not specify a value for this parameter, then the operation # uses the default value of `false`. The result is that IAM users in the # account do not automatically have permissions to change their own # password. @@ -10403,12 +11819,12 @@ req.send_request(options) end # Updates the policy that grants an IAM entity permission to assume a # role. This is typically referred to as the "role trust policy". For - # more information about roles, go to [Using Roles to Delegate - # Permissions and Federate Identities][1]. + # more information about roles, see [Using roles to delegate permissions + # and federate identities][1]. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html # @@ -10477,20 +11893,20 @@ end # Updates the name and/or the path of the specified IAM group. # # You should understand the implications of changing a group's path or - # name. For more information, see [Renaming Users and Groups][1] in the + # name. For more information, see [Renaming users and groups][1] in the # *IAM User Guide*. # # <note markdown="1"> The person making the request (the principal), must have permission to # change the role group with the old name and the new name. For example, # to change the group named `Managers` to `MGRs`, the principal must # have a policy that allows them to update both groups. If the principal # has permission to update the `Managers` group, but not the `MGRs` # group, then the update fails. For more information about permissions, - # see [Access Management][2]. + # see [Access management][2]. # # </note> # # # @@ -10560,15 +11976,18 @@ def update_group(params = {}, options = {}) req = build_request(:update_group, params) req.send_request(options) end - # Changes the password for the specified IAM user. + # Changes the password for the specified IAM user. You can use the AWS + # CLI, the AWS API, or the **Users** page in the IAM console to change + # the password for any IAM user. Use ChangePassword to change your own + # password in the **My Security Credentials** page in the AWS Management + # Console. # - # IAM users can change their own passwords by calling ChangePassword. # For more information about modifying passwords, see [Managing - # Passwords][1] in the *IAM User Guide*. + # passwords][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html # @@ -10664,12 +12083,12 @@ # The Amazon Resource Name (ARN) of the IAM OIDC provider resource # object for which you want to update the thumbprint. You can get a list # of OIDC provider ARNs by using the ListOpenIDConnectProviders # operation. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -10717,11 +12136,11 @@ # the `DurationSeconds` parameter. If users don't specify a value for # the `DurationSeconds` parameter, their security credentials are valid # for one hour by default. This applies when you use the `AssumeRole*` # API operations or the `assume-role*` CLI operations but does not apply # when you use those operations to create a console URL. For more - # information, see [Using IAM Roles][1] in the *IAM User Guide*. + # information, see [Using IAM roles][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html # @@ -10814,12 +12233,12 @@ # software that is used as your organization's IdP. # # @option params [required, String] :saml_provider_arn # The Amazon Resource Name (ARN) of the SAML provider to update. # - # For more information about ARNs, see [Amazon Resource Names (ARNs) and - # AWS Service Namespaces][1] in the *AWS General Reference*. + # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] + # in the *AWS General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -10854,11 +12273,11 @@ # # The SSH public key affected by this operation is used only for # authenticating the associated IAM user to an AWS CodeCommit # repository. For more information about using SSH keys to authenticate # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH - # Connections][1] in the *AWS CodeCommit User Guide*. + # connections][1] in the *AWS CodeCommit User Guide*. # # # # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # @@ -10911,26 +12330,26 @@ # Updates the name and/or the path of the specified server certificate # stored in IAM. # # For more information about working with server certificates, see - # [Working with Server Certificates][1] in the *IAM User Guide*. This + # [Working with server certificates][1] in the *IAM User Guide*. This # topic also includes a list of AWS services that can use the server # certificates that you manage with IAM. # # You should understand the implications of changing a server # certificate's path or name. For more information, see [Renaming a - # Server Certificate][2] in the *IAM User Guide*. + # server certificate][2] in the *IAM User Guide*. # # <note markdown="1"> The person making the request (the principal), must have permission to # change the server certificate with the old name and the new name. For # example, to change the certificate named `ProductionCert` to # `ProdCert`, the principal must have a policy that allows them to # update both certificates. If the principal has permission to update # the `ProductionCert` group, but not the `ProdCert` certificate, then # the update fails. For more information about permissions, see [Access - # Management][3] in the *IAM User Guide*. + # management][3] in the *IAM User Guide*. # # </note> # # # @@ -11085,12 +12504,12 @@ # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :status # The status you want to assign to the certificate. `Active` means that - # the certificate can be used for API calls to AWS `Inactive` means that - # the certificate cannot be used. + # the certificate can be used for programmatic calls to AWS `Inactive` + # means that the certificate cannot be used. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # # @example Example: To change the active status of a signing certificate for an IAM user @@ -11121,18 +12540,18 @@ end # Updates the name and/or the path of the specified IAM user. # # You should understand the implications of changing an IAM user's path - # or name. For more information, see [Renaming an IAM User][1] and - # [Renaming an IAM Group][2] in the *IAM User Guide*. + # or name. For more information, see [Renaming an IAM user][1] and + # [Renaming an IAM group][2] in the *IAM User Guide*. # # <note markdown="1"> To change a user name, the requester must have appropriate permissions # on both the source object and the target object. For example, to # change Bob to Robert, the entity making the request must have # permission on Bob and Robert, or must have permission on all (*). For - # more information about permissions, see [Permissions and Policies][3]. + # more information about permissions, see [Permissions and policies][3]. # # </note> # # # @@ -11210,11 +12629,11 @@ # # The SSH public key uploaded by this operation can be used only for # authenticating the associated IAM user to an AWS CodeCommit # repository. For more information about using SSH keys to authenticate # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH - # Connections][1] in the *AWS CodeCommit User Guide*. + # connections][1] in the *AWS CodeCommit User Guide*. # # # # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # @@ -11291,40 +12710,39 @@ # certificate renewals for you. Certificates provided by ACM are free. # For more information about using ACM, see the [AWS Certificate Manager # User Guide][2]. # # For more information about working with server certificates, see - # [Working with Server Certificates][3] in the *IAM User Guide*. This + # [Working with server certificates][3] in the *IAM User Guide*. This # topic includes a list of AWS services that can use the server # certificates that you manage with IAM. # # For information about the number of server certificates you can - # upload, see [Limitations on IAM Entities and Objects][4] in the *IAM - # User Guide*. + # upload, see [IAM and STS quotas][4] in the *IAM User Guide*. # # <note markdown="1"> Because the body of the public key certificate, private key, and the # certificate chain can be large, you should use POST rather than GET # when calling `UploadServerCertificate`. For information about setting - # up signatures and authorization through the API, go to [Signing AWS - # API Requests][5] in the *AWS General Reference*. For general - # information about using the Query API with IAM, go to [Calling the API - # by Making HTTP Query Requests][6] in the *IAM User Guide*. + # up signatures and authorization through the API, see [Signing AWS API + # requests][5] in the *AWS General Reference*. For general information + # about using the Query API with IAM, see [Calling the API by making + # HTTP query requests][6] in the *IAM User Guide*. # # </note> # # # # [1]: https://docs.aws.amazon.com/acm/ # [2]: https://docs.aws.amazon.com/acm/latest/userguide/ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html - # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html + # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html # [5]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html # # @option params [String] :path # The path for the server certificate. For more information about paths, - # see [IAM Identifiers][1] in the *IAM User Guide*. + # see [IAM identifiers][1] in the *IAM User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). This parameter allows (through its [regex pattern][2]) a # string of characters consisting of either a forward slash (/) by # itself or a string that must begin and end with forward slashes. In @@ -11413,13 +12831,30 @@ # # # # [1]: http://wikipedia.org/wiki/regex # + # @option params [Array<Types::Tag>] :tags + # A list of tags that you want to attach to the new IAM server + # certificate resource. Each tag consists of a key name and an + # associated value. For more information about tagging, see [Tagging IAM + # resources][1] in the *IAM User Guide*. + # + # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum + # number of tags, then the entire request fails and the resource is not + # created. + # + # </note> + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html + # # @return [Types::UploadServerCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::UploadServerCertificateResponse#server_certificate_metadata #server_certificate_metadata} => Types::ServerCertificateMetadata + # * {Types::UploadServerCertificateResponse#tags #tags} => Array&lt;Types::Tag&gt; # # # @example Example: To upload a server certificate to your AWS account # # # The following upload-server-certificate command uploads a server certificate to your AWS account: @@ -11449,20 +12884,29 @@ # path: "pathType", # server_certificate_name: "serverCertificateNameType", # required # certificate_body: "certificateBodyType", # required # private_key: "privateKeyType", # required # certificate_chain: "certificateChainType", + # tags: [ + # { + # key: "tagKeyType", # required + # value: "tagValueType", # required + # }, + # ], # }) # # @example Response structure # # resp.server_certificate_metadata.path #=> String # resp.server_certificate_metadata.server_certificate_name #=> String # resp.server_certificate_metadata.server_certificate_id #=> String # resp.server_certificate_metadata.arn #=> String # resp.server_certificate_metadata.upload_date #=> Time # resp.server_certificate_metadata.expiration #=> Time + # resp.tags #=> Array + # resp.tags[0].key #=> String + # resp.tags[0].value #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificate AWS API Documentation # # @overload upload_server_certificate(params = {}) # @param [Hash] params ({}) @@ -11470,33 +12914,37 @@ req = build_request(:upload_server_certificate, params) req.send_request(options) end # Uploads an X.509 signing certificate and associates it with the - # specified IAM user. Some AWS services use X.509 signing certificates + # specified IAM user. Some AWS services require you to use certificates # to validate requests that are signed with a corresponding private key. # When you upload the certificate, its default status is `Active`. # + # For information about when you would use an X.509 signing certificate, + # see [Managing server certificates in IAM][1] in the *IAM User Guide*. + # # If the `UserName` is not specified, the IAM user name is determined # implicitly based on the AWS access key ID used to sign the request. # This operation works for access keys under the AWS account. # Consequently, you can use this operation to manage AWS account root # user credentials even if the AWS account has no associated users. # # <note markdown="1"> Because the body of an X.509 certificate can be large, you should use # POST rather than GET when calling `UploadSigningCertificate`. For # information about setting up signatures and authorization through the - # API, go to [Signing AWS API Requests][1] in the *AWS General - # Reference*. For general information about using the Query API with - # IAM, go to [Making Query Requests][2] in the *IAM User Guide*. + # API, see [Signing AWS API requests][2] in the *AWS General Reference*. + # For general information about using the Query API with IAM, see + # [Making query requests][3] in the *IAM User Guide*. # # </note> # # # - # [1]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html - # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html + # [2]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html + # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html # # @option params [String] :user_name # The name of the user the signing certificate is for. # # This parameter allows (through its [regex pattern][1]) a string of @@ -11587,10 +13035,10 @@ operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-iam' - context[:gem_version] = '1.47.0' + context[:gem_version] = '1.48.0' Seahorse::Client::Request.new(handlers, context) end # Polls an API operation until a resource enters a desired state. #