lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.55.0 vs lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.56.0

- old
+ new

@@ -374,14 +374,14 @@ # Adds the specified IAM role to the specified instance profile. An # instance profile can contain only one role, and this quota cannot be # increased. You can remove the existing role and then add a different # role to an instance profile. You must then wait for the change to - # appear across all of AWS because of [eventual consistency][1]. To - # force the change, you must [disassociate the instance profile][2] and - # then [associate the instance profile][3], or you can stop your - # instance and then restart it. + # appear across all of Amazon Web Services because of [eventual + # consistency][1]. To force the change, you must [disassociate the + # instance profile][2] and then [associate the instance profile][3], or + # you can stop your instance and then restart it. # # <note markdown="1"> The caller of this operation must be granted the `PassRole` permission # on the IAM role by a permissions policy. # # </note> @@ -535,11 +535,11 @@ # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to attach. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -609,11 +609,11 @@ # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to attach. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -676,11 +676,11 @@ # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to attach. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -711,38 +711,39 @@ req = build_request(:attach_user_policy, params) req.send_request(options) end # Changes the password of the IAM user who is calling this operation. - # This operation can be performed using the AWS CLI, the AWS API, or the - # **My Security Credentials** page in the AWS Management Console. The - # AWS account root user password is not affected by this operation. + # This operation can be performed using the CLI, the Amazon Web Services + # API, or the **My Security Credentials** page in the Management + # Console. The account root user password is not affected by this + # operation. # - # Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the - # **Users** page in the IAM console to change the password for any IAM - # user. For more information about modifying passwords, see [Managing - # passwords][1] in the *IAM User Guide*. + # Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or + # the **Users** page in the IAM console to change the password for any + # IAM user. For more information about modifying passwords, see + # [Managing passwords][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html # # @option params [required, String] :old_password # The IAM user's current password. # # @option params [required, String] :new_password - # The new password. The new password must conform to the AWS account's + # The new password. The new password must conform to the account's # password policy, if one exists. # # The [regex pattern][1] that is used to validate this parameter is a # string of characters. That string can include almost any printable # ASCII character from the space (`\u0020`) through the end of the ASCII # character range (`\u00FF`). You can also include the tab (`\u0009`), # line feed (`\u000A`), and carriage return (`\u000D`) characters. Any # of these characters are valid in a password. However, many tools, such - # as the AWS Management Console, might restrict the ability to type - # certain characters because they have special meaning within that tool. + # as the Management Console, might restrict the ability to type certain + # characters because they have special meaning within that tool. # # # # [1]: http://wikipedia.org/wiki/regex # @@ -772,25 +773,24 @@ def change_password(params = {}, options = {}) req = build_request(:change_password, params) req.send_request(options) end - # Creates a new AWS secret access key and corresponding AWS access key - # ID for the specified user. The default status for new keys is - # `Active`. + # Creates a new Amazon Web Services secret access key and corresponding + # Amazon Web Services access key ID for the specified user. The default + # status for new keys is `Active`. # # If you do not specify a user name, IAM determines the user name - # implicitly based on the AWS access key ID signing the request. This - # operation works for access keys under the AWS account. Consequently, - # you can use this operation to manage AWS account root user - # credentials. This is true even if the AWS account has no associated - # users. + # implicitly based on the Amazon Web Services access key ID signing the + # request. This operation works for access keys under the account. + # Consequently, you can use this operation to manage account root user + # credentials. This is true even if the account has no associated users. # # For information about quotas on the number of keys you can create, see # [IAM and STS quotas][1] in the *IAM User Guide*. # - # To ensure the security of your AWS account, the secret access key is + # To ensure the security of your account, the secret access key is # accessible only during key and user creation. You must save the key # (for example, in a text file) if you want to be able to access it # again. If a secret key is lost, you can delete the access keys for the # associated user and then create new keys. # @@ -855,13 +855,13 @@ def create_access_key(params = {}, options = {}) req = build_request(:create_access_key, params) req.send_request(options) end - # Creates an alias for your AWS account. For information about using an - # AWS account alias, see [Using an alias for your AWS account ID][1] in - # the *IAM User Guide*. + # Creates an alias for your account. For information about using an + # account alias, see [Using an alias for your account ID][1] in the *IAM + # User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html # @@ -1123,16 +1123,17 @@ req = build_request(:create_instance_profile, params) req.send_request(options) end # Creates a password for the specified IAM user. A password allows an - # IAM user to access AWS services through the AWS Management Console. + # IAM user to access Amazon Web Services services through the Management + # Console. # - # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM - # console to create a password for any IAM user. Use ChangePassword to - # update your own existing password in the **My Security Credentials** - # page in the AWS Management Console. + # You can use the CLI, the Amazon Web Services API, or the **Users** + # page in the IAM console to create a password for any IAM user. Use + # ChangePassword to update your own existing password in the **My + # Security Credentials** page in the Management Console. # # For more information about managing passwords, see [Managing # passwords][1] in the *IAM User Guide*. # # @@ -1159,12 +1160,12 @@ # string of characters. That string can include almost any printable # ASCII character from the space (`\u0020`) through the end of the ASCII # character range (`\u00FF`). You can also include the tab (`\u0009`), # line feed (`\u000A`), and carriage return (`\u000D`) characters. Any # of these characters are valid in a password. However, many tools, such - # as the AWS Management Console, might restrict the ability to type - # certain characters because they have special meaning within that tool. + # as the Management Console, might restrict the ability to type certain + # characters because they have special meaning within that tool. # # # # [1]: http://wikipedia.org/wiki/regex # @@ -1223,33 +1224,33 @@ # Creates an IAM entity to describe an identity provider (IdP) that # supports [OpenID Connect (OIDC)][1]. # # The OIDC provider that you create with this operation can be used as a # principal in a role's trust policy. Such a policy establishes a trust - # relationship between AWS and the OIDC provider. + # relationship between Amazon Web Services and the OIDC provider. # # If you are using an OIDC identity provider from Google, Facebook, or # Amazon Cognito, you don't need to create a separate IAM identity - # provider. These OIDC identity providers are already built-in to AWS - # and are available for your use. Instead, you can move directly to - # creating new roles using your identity provider. To learn more, see - # [Creating a role for web identity or OpenID connect federation][2] in - # the *IAM User Guide*. + # provider. These OIDC identity providers are already built-in to Amazon + # Web Services and are available for your use. Instead, you can move + # directly to creating new roles using your identity provider. To learn + # more, see [Creating a role for web identity or OpenID connect + # federation][2] in the *IAM User Guide*. # # When you create the IAM OIDC provider, you specify the following: # # * The URL of the OIDC identity provider (IdP) to trust # # * A list of client IDs (also known as audiences) that identify the - # application or applications that are allowed to authenticate using - # the OIDC provider + # application or applications allowed to authenticate using the OIDC + # provider # # * A list of thumbprints of one or more server certificates that the # IdP uses # # You get all of this information from the OIDC IdP that you want to use - # to access AWS. + # to access Amazon Web Services. # # <note markdown="1"> The trust for the OIDC provider is derived from the IAM provider that # this operation creates. Therefore, it is best to limit access to the # CreateOpenIDConnectProvider operation to highly privileged users. # @@ -1265,13 +1266,13 @@ # and should correspond to the `iss` claim in the provider's OpenID # Connect ID tokens. Per the OIDC standard, path components are allowed # but query parameters are not. Typically the URL consists of only a # hostname, like `https://server.example.org` or `https://example.com`. # - # You cannot register the same provider multiple times in a single AWS + # You cannot register the same provider multiple times in a single # account. If you try to submit a URL that has already been used for an - # OpenID Connect provider in the AWS account, you will get an error. + # OpenID Connect provider in the account, you will get an error. # # @option params [Array<String>] :client_id_list # A list of client IDs (also known as audiences). When a mobile or web # app registers with an OpenID Connect provider, they establish a value # that identifies the application. (This is the value that's sent as @@ -1382,11 +1383,11 @@ def create_open_id_connect_provider(params = {}, options = {}) req = build_request(:create_open_id_connect_provider, params) req.send_request(options) end - # Creates a new managed policy for your AWS account. + # Creates a new managed policy for your account. # # This operation creates a policy version with a version identifier of # `v1` and sets v1 as the policy's default version. For more # information about policy versions, see [Versioning for managed # policies][1] in the *IAM User Guide*. @@ -1433,19 +1434,24 @@ # # @option params [required, String] :policy_document # The JSON policy document that you want to use as the content for the # new policy. # - # You must provide policies in JSON format in IAM. However, for AWS + # You must provide policies in JSON format in IAM. However, for # CloudFormation templates formatted in YAML, you can provide the policy - # in JSON or YAML format. AWS CloudFormation always converts a YAML - # policy to JSON format before submitting it to IAM. + # in JSON or YAML format. CloudFormation always converts a YAML policy + # to JSON format before submitting it to IAM. # + # The maximum length of the policy document that you can pass in this + # operation, including whitespace, is listed below. To view the maximum + # character counts of a managed policy with no whitespaces, see [IAM and + # STS character quotas][1]. + # # To learn more about JSON policy grammar, see [Grammar of the IAM JSON - # policy language][1] in the *IAM User Guide*. + # policy language][2] in the *IAM User Guide*. # - # The [regex pattern][2] used to validate this parameter is a string of + # The [regex pattern][3] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character # (`\u0020`) through the end of the ASCII character range # @@ -1455,12 +1461,13 @@ # * The special characters tab (`\u0009`), line feed (`\u000A`), and # carriage return (`\u000D`) # # # - # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html - # [2]: http://wikipedia.org/wiki/regex + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html + # [3]: http://wikipedia.org/wiki/regex # # @option params [String] :description # A friendly description of the policy. # # Typically used to store information about the permissions defined in @@ -1551,26 +1558,31 @@ # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy to which you want to # add a new version. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [required, String] :policy_document # The JSON policy document that you want to use as the content for this # new version of the policy. # - # You must provide policies in JSON format in IAM. However, for AWS + # You must provide policies in JSON format in IAM. However, for # CloudFormation templates formatted in YAML, you can provide the policy - # in JSON or YAML format. AWS CloudFormation always converts a YAML - # policy to JSON format before submitting it to IAM. + # in JSON or YAML format. CloudFormation always converts a YAML policy + # to JSON format before submitting it to IAM. # - # The [regex pattern][1] used to validate this parameter is a string of + # The maximum length of the policy document that you can pass in this + # operation, including whitespace, is listed below. To view the maximum + # character counts of a managed policy with no whitespaces, see [IAM and + # STS character quotas][1]. + # + # The [regex pattern][2] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character # (`\u0020`) through the end of the ASCII character range # @@ -1580,11 +1592,12 @@ # * The special characters tab (`\u0009`), line feed (`\u000A`), and # carriage return (`\u000D`) # # # - # [1]: http://wikipedia.org/wiki/regex + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length + # [2]: http://wikipedia.org/wiki/regex # # @option params [Boolean] :set_as_default # Specifies whether to set this version as the policy's default # version. # @@ -1625,14 +1638,14 @@ def create_policy_version(params = {}, options = {}) req = build_request(:create_policy_version, params) req.send_request(options) end - # Creates a new role for your AWS account. For more information about - # roles, see [IAM roles][1]. For information about quotas for role names - # and the number of roles you can create, see [IAM and STS quotas][2] in - # the *IAM User Guide*. + # Creates a new role for your account. For more information about roles, + # see [IAM roles][1]. For information about quotas for role names and + # the number of roles you can create, see [IAM and STS quotas][2] in the + # *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html @@ -1666,14 +1679,13 @@ # @option params [required, String] :assume_role_policy_document # The trust relationship policy document that grants an entity # permission to assume the role. # # In IAM, you must provide a JSON policy that has been converted to a - # string. However, for AWS CloudFormation templates formatted in YAML, - # you can provide the policy in JSON or YAML format. AWS CloudFormation - # always converts a YAML policy to JSON format before submitting it to - # IAM. + # string. However, for CloudFormation templates formatted in YAML, you + # can provide the policy in JSON or YAML format. CloudFormation always + # converts a YAML policy to JSON format before submitting it to IAM. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character @@ -1699,11 +1711,11 @@ # The maximum session duration (in seconds) that you want to set for the # specified role. If you do not specify a value for this setting, the # default maximum of one hour is applied. This setting can have a value # from 1 hour to 12 hours. # - # Anyone who assumes the role from the AWS CLI or API can use the + # Anyone who assumes the role from the or API can use the # `DurationSeconds` API parameter or the `duration-seconds` CLI # parameter to request a longer session. The `MaxSessionDuration` # setting determines the maximum duration that can be requested using # the `DurationSeconds` parameter. If users don't specify a value for # the `DurationSeconds` parameter, their security credentials are valid @@ -1812,12 +1824,12 @@ # # The SAML provider resource that you create with this operation can be # used as a principal in an IAM role's trust policy. Such a policy can # enable federated users who sign in using the SAML IdP to assume the # role. You can create an IAM role that supports Web-based single - # sign-on (SSO) to the AWS Management Console or one that supports API - # access to AWS. + # sign-on (SSO) to the Management Console or one that supports API + # access to Amazon Web Services. # # When you create the SAML provider resource, you upload a SAML metadata # document that you get from your IdP. That document includes the # issuer's name, expiration information, and keys that can be used to # validate the SAML authentication response (assertions) that the IdP @@ -1827,12 +1839,12 @@ # <note markdown="1"> This operation requires [Signature Version 4][1]. # # </note> # # For more information, see [Enabling SAML 2.0 federated users to access - # the AWS Management Console][2] and [About SAML 2.0-based - # federation][3] in the *IAM User Guide*. + # the Management Console][2] and [About SAML 2.0-based federation][3] in + # the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html @@ -1913,37 +1925,39 @@ def create_saml_provider(params = {}, options = {}) req = build_request(:create_saml_provider, params) req.send_request(options) end - # Creates an IAM role that is linked to a specific AWS service. The - # service controls the attached policies and when the role can be - # deleted. This helps ensure that the service is not broken by an - # unexpectedly changed or deleted role, which could put your AWS - # resources into an unknown state. Allowing the service to control the - # role helps improve service stability and proper cleanup when a service - # and its role are no longer needed. For more information, see [Using - # service-linked roles][1] in the *IAM User Guide*. + # Creates an IAM role that is linked to a specific Amazon Web Services + # service. The service controls the attached policies and when the role + # can be deleted. This helps ensure that the service is not broken by an + # unexpectedly changed or deleted role, which could put your Amazon Web + # Services resources into an unknown state. Allowing the service to + # control the role helps improve service stability and proper cleanup + # when a service and its role are no longer needed. For more + # information, see [Using service-linked roles][1] in the *IAM User + # Guide*. # # To attach a policy to this service-linked role, you must make the - # request using the AWS service that depends on this role. + # request using the Amazon Web Services service that depends on this + # role. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html # # @option params [required, String] :aws_service_name - # The service principal for the AWS service to which this role is - # attached. You use a string similar to a URL but without the http:// in - # front. For example: `elasticbeanstalk.amazonaws.com`. + # The service principal for the Amazon Web Services service to which + # this role is attached. You use a string similar to a URL but without + # the http:// in front. For example: `elasticbeanstalk.amazonaws.com`. # # Service principals are unique and case-sensitive. To find the exact - # service principal for your service-linked role, see [AWS services that - # work with IAM][1] in the *IAM User Guide*. Look for the services that - # have <b>Yes </b>in the **Service-Linked Role** column. Choose the - # **Yes** link to view the service-linked role documentation for that - # service. + # service principal for your service-linked role, see [Amazon Web + # Services services that work with IAM][1] in the *IAM User Guide*. Look + # for the services that have <b>Yes </b>in the **Service-Linked Role** + # column. Choose the **Yes** link to view the service-linked role + # documentation for that service. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html # @@ -2006,19 +2020,19 @@ # specified service. # # You can have a maximum of two sets of service-specific credentials for # each supported service per user. # - # You can create service-specific credentials for AWS CodeCommit and - # Amazon Keyspaces (for Apache Cassandra). + # You can create service-specific credentials for CodeCommit and Amazon + # Keyspaces (for Apache Cassandra). # # You can reset the password to a new service-generated value by calling # ResetServiceSpecificCredential. # # For more information about service-specific credentials, see [Using - # IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access - # keys][1] in the *IAM User Guide*. + # IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web + # Services access keys][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html # @@ -2036,13 +2050,13 @@ # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :service_name - # The name of the AWS service that is to be associated with the - # credentials. The service you specify here is the only service that can - # be accessed using these credentials. + # The name of the Amazon Web Services service that is to be associated + # with the credentials. The service you specify here is the only service + # that can be accessed using these credentials. # # @return [Types::CreateServiceSpecificCredentialResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateServiceSpecificCredentialResponse#service_specific_credential #service_specific_credential} => Types::ServiceSpecificCredential # @@ -2070,11 +2084,11 @@ def create_service_specific_credential(params = {}, options = {}) req = build_request(:create_service_specific_credential, params) req.send_request(options) end - # Creates a new IAM user for your AWS account. + # Creates a new IAM user for your account. # # For information about quotas for the number of IAM users you can # create, see [IAM and STS quotas][1] in the *IAM User Guide*. # # @@ -2185,24 +2199,24 @@ def create_user(params = {}, options = {}) req = build_request(:create_user, params) req.send_request(options) end - # Creates a new virtual MFA device for the AWS account. After creating - # the virtual MFA, use EnableMFADevice to attach the MFA device to an - # IAM user. For more information about creating and working with virtual - # MFA devices, see [Using a virtual MFA device][1] in the *IAM User - # Guide*. + # Creates a new virtual MFA device for the account. After creating the + # virtual MFA, use EnableMFADevice to attach the MFA device to an IAM + # user. For more information about creating and working with virtual MFA + # devices, see [Using a virtual MFA device][1] in the *IAM User Guide*. # # For information about the maximum number of MFA devices you can # create, see [IAM and STS quotas][2] in the *IAM User Guide*. # # The seed information contained in the QR code and the Base32 string # should be treated like any other secret access information. In other - # words, protect the seed information as you would your AWS access keys - # or your passwords. After you provision your virtual device, you should - # ensure that the information is destroyed following secure procedures. + # words, protect the seed information as you would your Amazon Web + # Services access keys or your passwords. After you provision your + # virtual device, you should ensure that the information is destroyed + # following secure procedures. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html @@ -2357,14 +2371,14 @@ end # Deletes the access key pair associated with the specified IAM user. # # If you do not specify a user name, IAM determines the user name - # implicitly based on the AWS access key ID signing the request. This - # operation works for access keys under the AWS account. Consequently, - # you can use this operation to manage AWS account root user credentials - # even if the AWS account has no associated users. + # implicitly based on the Amazon Web Services access key ID signing the + # request. This operation works for access keys under the account. + # Consequently, you can use this operation to manage account root user + # credentials even if the account has no associated users. # # @option params [String] :user_name # The name of the user whose access key pair you want to delete. # # This parameter allows (through its [regex pattern][1]) a string of @@ -2414,13 +2428,13 @@ def delete_access_key(params = {}, options = {}) req = build_request(:delete_access_key, params) req.send_request(options) end - # Deletes the specified AWS account alias. For information about using - # an AWS account alias, see [Using an alias for your AWS account ID][1] - # in the *IAM User Guide*. + # Deletes the specified account alias. For information about using an + # Amazon Web Services account alias, see [Using an alias for your + # account ID][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html # @@ -2460,12 +2474,11 @@ def delete_account_alias(params = {}, options = {}) req = build_request(:delete_account_alias, params) req.send_request(options) end - # Deletes the password policy for the AWS account. There are no - # parameters. + # Deletes the password policy for the account. There are no parameters. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # # @example Example: To delete the current account password policy @@ -2633,23 +2646,23 @@ req = build_request(:delete_instance_profile, params) req.send_request(options) end # Deletes the password for the specified IAM user, which terminates the - # user's ability to access AWS services through the AWS Management - # Console. + # user's ability to access Amazon Web Services services through the + # Management Console. # - # You can use the AWS CLI, the AWS API, or the **Users** page in the IAM - # console to delete a password for any IAM user. You can use - # ChangePassword to update, but not delete, your own password in the - # **My Security Credentials** page in the AWS Management Console. + # You can use the CLI, the Amazon Web Services API, or the **Users** + # page in the IAM console to delete a password for any IAM user. You can + # use ChangePassword to update, but not delete, your own password in the + # **My Security Credentials** page in the Management Console. # - # Deleting a user's password does not prevent a user from accessing AWS - # through the command line interface or the API. To prevent all user - # access, you must also either make any access keys inactive or delete - # them. For more information about making keys inactive or deleting - # them, see UpdateAccessKey and DeleteAccessKey. + # Deleting a user's password does not prevent a user from accessing + # Amazon Web Services through the command line interface or the API. To + # prevent all user access, you must also either make any access keys + # inactive or delete them. For more information about making keys + # inactive or deleting them, see UpdateAccessKey and DeleteAccessKey. # # @option params [required, String] :user_name # The name of the user whose password you want to delete. # # This parameter allows (through its [regex pattern][1]) a string of @@ -2750,11 +2763,11 @@ # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to delete. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -2792,11 +2805,11 @@ # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy from which you want # to delete a version. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -3013,14 +3026,14 @@ end # Deletes the specified SSH public key. # # The SSH public key deleted by this operation is used only for - # authenticating the associated IAM user to an AWS CodeCommit - # repository. For more information about using SSH keys to authenticate - # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH - # connections][1] in the *AWS CodeCommit User Guide*. + # authenticating the associated IAM user to an CodeCommit repository. + # For more information about using SSH keys to authenticate to an + # CodeCommit repository, see [Set up CodeCommit for SSH connections][1] + # in the *CodeCommit User Guide*. # # # # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # @@ -3067,12 +3080,12 @@ # Deletes the specified server certificate. # # For more information about working with server certificates, see # [Working with server certificates][1] in the *IAM User Guide*. This - # topic also includes a list of AWS services that can use the server - # certificates that you manage with IAM. + # topic also includes a list of Amazon Web Services services that can + # use the server certificates that you manage with IAM. # # If you are using a server certificate with Elastic Load Balancing, # deleting the certificate could have implications for your application. # If Elastic Load Balancing doesn't detect the deletion of bound # certificates, it may continue to use the certificates. This could @@ -3130,14 +3143,16 @@ # returns the reason for the failure, usually including the resources # that must be deleted. To delete the service-linked role, you must # first remove those resources from the linked service and then submit # the deletion request again. Resources are specific to the service that # is linked to the role. For more information about removing resources - # from a service, see the [AWS documentation][1] for your service. + # from a service, see the [Amazon Web Services documentation][1] for + # your service. # # For more information about service-linked roles, see [Roles terms and - # concepts: AWS service-linked role][2] in the *IAM User Guide*. + # concepts: Amazon Web Services service-linked role][2] in the *IAM User + # Guide*. # # # # [1]: http://docs.aws.amazon.com/ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role @@ -3215,14 +3230,14 @@ end # Deletes a signing certificate associated with the specified IAM user. # # If you do not specify a user name, IAM determines the user name - # implicitly based on the AWS access key ID signing the request. This - # operation works for access keys under the AWS account. Consequently, - # you can use this operation to manage AWS account root user credentials - # even if the AWS account has no associated IAM users. + # implicitly based on the Amazon Web Services access key ID signing the + # request. This operation works for access keys under the account. + # Consequently, you can use this operation to manage account root user + # credentials even if the account has no associated IAM users. # # @option params [String] :user_name # The name of the user the signing certificate belongs to. # # This parameter allows (through its [regex pattern][1]) a string of @@ -3271,15 +3286,15 @@ def delete_signing_certificate(params = {}, options = {}) req = build_request(:delete_signing_certificate, params) req.send_request(options) end - # Deletes the specified IAM user. Unlike the AWS Management Console, - # when you delete a user programmatically, you must delete the items - # attached to the user manually, or the deletion fails. For more - # information, see [Deleting an IAM user][1]. Before attempting to - # delete a user, remove the following items: + # Deletes the specified IAM user. Unlike the Management Console, when + # you delete a user programmatically, you must delete the items attached + # to the user manually, or the deletion fails. For more information, see + # [Deleting an IAM user][1]. Before attempting to delete a user, remove + # the following items: # # * Password (DeleteLoginProfile) # # * Access keys (DeleteAccessKey) # @@ -3504,11 +3519,11 @@ # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to detach. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -3555,11 +3570,11 @@ # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to detach. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -3606,11 +3621,11 @@ # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to detach. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -3711,13 +3726,13 @@ def enable_mfa_device(params = {}, options = {}) req = build_request(:enable_mfa_device, params) req.send_request(options) end - # Generates a credential report for the AWS account. For more - # information about the credential report, see [Getting credential - # reports][1] in the *IAM User Guide*. + # Generates a credential report for the account. For more information + # about the credential report, see [Getting credential reports][1] in + # the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html # @@ -3738,61 +3753,61 @@ def generate_credential_report(params = {}, options = {}) req = build_request(:generate_credential_report, params) req.send_request(options) end - # Generates a report for service last accessed data for AWS - # Organizations. You can generate a report for any entities - # (organization root, organizational unit, or account) or policies in - # your organization. + # Generates a report for service last accessed data for Organizations. + # You can generate a report for any entities (organization root, + # organizational unit, or account) or policies in your organization. # - # To call this operation, you must be signed in using your AWS - # Organizations management account credentials. You can use your - # long-term IAM user or root user credentials, or temporary credentials - # from assuming an IAM role. SCPs must be enabled for your organization - # root. You must have the required IAM and AWS Organizations - # permissions. For more information, see [Refining permissions using - # service last accessed data][1] in the *IAM User Guide*. + # To call this operation, you must be signed in using your Organizations + # management account credentials. You can use your long-term IAM user or + # root user credentials, or temporary credentials from assuming an IAM + # role. SCPs must be enabled for your organization root. You must have + # the required IAM and Organizations permissions. For more information, + # see [Refining permissions using service last accessed data][1] in the + # *IAM User Guide*. # # You can generate a service last accessed data report for entities by # specifying only the entity's path. This data includes a list of # services that are allowed by any service control policies (SCPs) that # apply to the entity. # # You can generate a service last accessed data report for a policy by - # specifying an entity's path and an optional AWS Organizations policy - # ID. This data includes a list of services that are allowed by the + # specifying an entity's path and an optional Organizations policy ID. + # This data includes a list of services that are allowed by the # specified SCP. # # For each service in both report types, the data includes the most # recent account activity that the policy allows to account principals # in the entity or the entity's children. For important information # about the data, reporting period, permissions required, # troubleshooting, and supported Regions see [Reducing permissions using # service last accessed data][1] in the *IAM User Guide*. # - # The data includes all attempts to access AWS, not just the successful - # ones. This includes all attempts that were made using the AWS - # Management Console, the AWS API through any of the SDKs, or any of the - # command line tools. An unexpected entry in the service last accessed - # data does not mean that an account has been compromised, because the - # request might have been denied. Refer to your CloudTrail logs as the - # authoritative source for information about all API calls and whether - # they were successful or denied access. For more information, - # see [Logging IAM events with CloudTrail][2] in the *IAM User Guide*. + # The data includes all attempts to access Amazon Web Services, not just + # the successful ones. This includes all attempts that were made using + # the Management Console, the Amazon Web Services API through any of the + # SDKs, or any of the command line tools. An unexpected entry in the + # service last accessed data does not mean that an account has been + # compromised, because the request might have been denied. Refer to your + # CloudTrail logs as the authoritative source for information about all + # API calls and whether they were successful or denied access. For more + # information, see [Logging IAM events with CloudTrail][2] in the *IAM + # User Guide*. # # This operation returns a `JobId`. Use this parameter in the ` # GetOrganizationsAccessReport ` operation to check the status of the # report generation. To check the status of this request, use the # `JobId` parameter in the ` GetOrganizationsAccessReport ` operation # and test the `JobStatus` response parameter. When the job is complete, # you can retrieve the report. # # To generate a service last accessed data report for entities, specify - # an entity path without specifying the optional AWS Organizations - # policy ID. The type of entity that you specify determines the data - # returned in the report. + # an entity path without specifying the optional Organizations policy + # ID. The type of entity that you specify determines the data returned + # in the report. # # * **Root** – When you specify the organizations root as the entity, # the resulting report lists all of the services allowed by SCPs that # are attached to your root. For each service, the report includes # data for all accounts in your organization except the management @@ -3804,23 +3819,22 @@ # includes data for all accounts in the OU or its children. This data # excludes the management account, because the management account is # not limited by SCPs. # # * **management account** – When you specify the management account, - # the resulting report lists all AWS services, because the management - # account is not limited by SCPs. For each service, the report - # includes data for only the management account. + # the resulting report lists all Amazon Web Services services, because + # the management account is not limited by SCPs. For each service, the + # report includes data for only the management account. # # * **Account** – When you specify another account as the entity, the # resulting report lists all of the services allowed by SCPs that are # attached to the account and its parents. For each service, the # report includes data for only the specified account. # # To generate a service last accessed data report for policies, specify - # an entity path and the optional AWS Organizations policy ID. The type - # of entity that you specify determines the data returned for each - # service. + # an entity path and the optional Organizations policy ID. The type of + # entity that you specify determines the data returned for each service. # # * **Root** – When you specify the root entity and a policy ID, the # resulting report lists all of the services that are allowed by the # specified SCP. For each service, the report includes data for all # accounts in your organization to which the SCP applies. This data @@ -3838,14 +3852,14 @@ # management account, because the management account is not limited by # SCPs. If the SCP is not attached to the OU or one of its children, # the report will return a list of services with no data. # # * **management account** – When you specify the management account, - # the resulting report lists all AWS services, because the management - # account is not limited by SCPs. If you specify a policy ID in the - # CLI or API, the policy is ignored. For each service, the report - # includes data for only the management account. + # the resulting report lists all Amazon Web Services services, because + # the management account is not limited by SCPs. If you specify a + # policy ID in the CLI or API, the policy is ignored. For each + # service, the report includes data for only the management account. # # * **Account** – When you specify another account entity and a policy # ID, the resulting report lists all of the services that are allowed # by the specified SCP. For each service, the report includes data for # only the specified account. This means that other accounts in the @@ -3870,25 +3884,25 @@ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics # # @option params [required, String] :entity_path - # The path of the AWS Organizations entity (root, OU, or account). You - # can build an entity path using the known structure of your - # organization. For example, assume that your account ID is - # `123456789012` and its parent OU ID is `ou-rge0-awsabcde`. The - # organization root ID is `r-f6g7h8i9j0example` and your organization ID - # is `o-a1b2c3d4e5`. Your entity path is + # The path of the Organizations entity (root, OU, or account). You can + # build an entity path using the known structure of your organization. + # For example, assume that your account ID is `123456789012` and its + # parent OU ID is `ou-rge0-awsabcde`. The organization root ID is + # `r-f6g7h8i9j0example` and your organization ID is `o-a1b2c3d4e5`. Your + # entity path is # `o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012`. # # @option params [String] :organizations_policy_id - # The identifier of the AWS Organizations service control policy (SCP). - # This parameter is optional. + # The identifier of the Organizations service control policy (SCP). This + # parameter is optional. # # This ID is used to generate information about when an account - # principal that is limited by the SCP attempted to access an AWS - # service. + # principal that is limited by the SCP attempted to access an Amazon Web + # Services service. # # @return [Types::GenerateOrganizationsAccessReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GenerateOrganizationsAccessReportResponse#job_id #job_id} => String # @@ -3926,44 +3940,44 @@ req.send_request(options) end # Generates a report that includes details about when an IAM resource # (user, group, role, or policy) was last used in an attempt to access - # AWS services. Recent activity usually appears within four hours. IAM - # reports activity for the last 365 days, or less if your Region began - # supporting this feature within the last year. For more information, - # see [Regions where data is tracked][1]. + # Amazon Web Services services. Recent activity usually appears within + # four hours. IAM reports activity for the last 365 days, or less if + # your Region began supporting this feature within the last year. For + # more information, see [Regions where data is tracked][1]. # - # The service last accessed data includes all attempts to access an AWS - # API, not just the successful ones. This includes all attempts that - # were made using the AWS Management Console, the AWS API through any of - # the SDKs, or any of the command line tools. An unexpected entry in the - # service last accessed data does not mean that your account has been - # compromised, because the request might have been denied. Refer to your - # CloudTrail logs as the authoritative source for information about all - # API calls and whether they were successful or denied access. For more - # information, see [Logging IAM events with CloudTrail][2] in the *IAM - # User Guide*. + # The service last accessed data includes all attempts to access an + # Amazon Web Services API, not just the successful ones. This includes + # all attempts that were made using the Management Console, the Amazon + # Web Services API through any of the SDKs, or any of the command line + # tools. An unexpected entry in the service last accessed data does not + # mean that your account has been compromised, because the request might + # have been denied. Refer to your CloudTrail logs as the authoritative + # source for information about all API calls and whether they were + # successful or denied access. For more information, see [Logging IAM + # events with CloudTrail][2] in the *IAM User Guide*. # # The `GenerateServiceLastAccessedDetails` operation returns a `JobId`. # Use this parameter in the following operations to retrieve the # following details from your report: # # * GetServiceLastAccessedDetails – Use this operation for users, - # groups, roles, or policies to list every AWS service that the - # resource could access using permissions policies. For each service, - # the response includes information about the most recent access - # attempt. + # groups, roles, or policies to list every Amazon Web Services service + # that the resource could access using permissions policies. For each + # service, the response includes information about the most recent + # access attempt. # # The `JobId` returned by `GenerateServiceLastAccessedDetail` must be # used by the same role within a session, or by the same user when # used to call `GetServiceLastAccessedDetail`. # # * GetServiceLastAccessedDetailsWithEntities – Use this operation for # groups and policies to list information about the associated - # entities (users or roles) that attempted to access a specific AWS - # service. + # entities (users or roles) that attempted to access a specific Amazon + # Web Services service. # # To check the status of the `GenerateServiceLastAccessedDetails` # request, use the `JobId` parameter in the same operations and test the # `JobStatus` response parameter. # @@ -3972,14 +3986,14 @@ # the ListPoliciesGrantingServiceAccess operation. # # <note markdown="1"> Service last accessed data does not use other policy types when # determining whether a resource could access a service. These other # policy types include resource-based policies, access control lists, - # AWS Organizations policies, IAM permissions boundaries, and AWS STS - # assume role policies. It only applies permissions policy logic. For - # more about the evaluation of policy types, see [Evaluating - # policies][3] in the *IAM User Guide*. + # Organizations policies, IAM permissions boundaries, and STS assume + # role policies. It only applies permissions policy logic. For more + # about the evaluation of policy types, see [Evaluating policies][3] in + # the *IAM User Guide*. # # </note> # # For more information about service and action last accessed data, see # [Reducing permissions using service last accessed data][4] in the *IAM @@ -3993,11 +4007,11 @@ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html # # @option params [required, String] :arn # The ARN of the IAM resource (user, group, role, or managed policy) # used to generate information about when the resource was last used in - # an attempt to access an AWS service. + # an attempt to access an Amazon Web Services service. # # @option params [String] :granularity # The level of detail that you want to generate. You can specify whether # you want to generate information about the last attempt to access # services or actions. If you specify service-level granularity, this @@ -4043,12 +4057,12 @@ req.send_request(options) end # Retrieves information about when the specified access key was last # used. The information includes the date and time of last use, along - # with the AWS service and Region that were specified in the last - # request made with that key. + # with the Amazon Web Services service and Region that were specified in + # the last request made with that key. # # @option params [required, String] :access_key_id # The identifier of an access key. # # This parameter allows (through its [regex pattern][1]) a string of @@ -4085,13 +4099,14 @@ req = build_request(:get_access_key_last_used, params) req.send_request(options) end # Retrieves information about all IAM users, groups, roles, and policies - # in your AWS account, including their relationships to one another. Use - # this operation to obtain a snapshot of the configuration of IAM - # permissions (users, groups, roles, and policies) in your account. + # in your Amazon Web Services account, including their relationships to + # one another. Use this operation to obtain a snapshot of the + # configuration of IAM permissions (users, groups, roles, and policies) + # in your account. # # <note markdown="1"> Policies returned by this operation are URL-encoded compliant with # [RFC 3986][1]. You can use a URL decoding method to convert the policy # back to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java @@ -4257,11 +4272,11 @@ def get_account_authorization_details(params = {}, options = {}) req = build_request(:get_account_authorization_details, params) req.send_request(options) end - # Retrieves the password policy for the AWS account. This tells you the + # Retrieves the password policy for the account. This tells you the # complexity requirements and mandatory rotation periods for the IAM # user passwords in your account. For more information about using a # password policy, see [Managing an IAM password policy][1]. # # @@ -4316,12 +4331,12 @@ def get_account_password_policy(params = {}, options = {}) req = build_request(:get_account_password_policy, params) req.send_request(options) end - # Retrieves information about IAM entity usage and IAM quotas in the AWS - # account. + # Retrieves information about IAM entity usage and IAM quotas in the + # Amazon Web Services account. # # For information about IAM quotas, see [IAM and STS quotas][1] in the # *IAM User Guide*. # # @@ -4389,18 +4404,18 @@ # Gets a list of all of the context keys referenced in the input # policies. The policies are supplied as a list of one or more strings. # To get the context keys from policies associated with an IAM user, # group, or role, use GetContextKeysForPrincipalPolicy. # - # Context keys are variables maintained by AWS and its services that - # provide details about the context of an API query request. Context - # keys can be evaluated by testing against a value specified in an IAM - # policy. Use `GetContextKeysForCustomPolicy` to understand what key - # names and values you must supply when you call SimulateCustomPolicy. - # Note that all parameters are shown in unencoded form here for clarity - # but must be URL encoded to be included as a part of a real HTML - # request. + # Context keys are variables maintained by Amazon Web Services and its + # services that provide details about the context of an API query + # request. Context keys can be evaluated by testing against a value + # specified in an IAM policy. Use `GetContextKeysForCustomPolicy` to + # understand what key names and values you must supply when you call + # SimulateCustomPolicy. Note that all parameters are shown in unencoded + # form here for clarity but must be URL encoded to be included as a part + # of a real HTML request. # # @option params [required, Array<String>] :policy_input_list # A list of policies for which you want the list of context keys # referenced in those policies. Each document is specified as a string # containing the complete, valid JSON text of an IAM policy. @@ -4458,15 +4473,16 @@ # **Note:** This operation discloses information about the permissions # granted to other users. If you do not want users to see other user's # permissions, then consider allowing them to use # GetContextKeysForCustomPolicy instead. # - # Context keys are variables maintained by AWS and its services that - # provide details about the context of an API query request. Context - # keys can be evaluated by testing against a value in an IAM policy. Use - # GetContextKeysForPrincipalPolicy to understand what key names and - # values you must supply when you call SimulatePrincipalPolicy. + # Context keys are variables maintained by Amazon Web Services and its + # services that provide details about the context of an API query + # request. Context keys can be evaluated by testing against a value in + # an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what + # key names and values you must supply when you call + # SimulatePrincipalPolicy. # # @option params [required, String] :policy_source_arn # The ARN of a user, group, or role whose policies contain the context # keys that you want listed. If you specify a user, the list includes # context keys that are found in all policies that are attached to the @@ -4475,11 +4491,11 @@ # keys that are found in policies attached to that entity. Note that all # parameters are shown in unencoded form here for clarity, but must be # URL encoded to be included as a part of a real HTML request. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -4526,13 +4542,13 @@ def get_context_keys_for_principal_policy(params = {}, options = {}) req = build_request(:get_context_keys_for_principal_policy, params) req.send_request(options) end - # Retrieves a credential report for the AWS account. For more - # information about the credential report, see [Getting credential - # reports][1] in the *IAM User Guide*. + # Retrieves a credential report for the account. For more information + # about the credential report, see [Getting credential reports][1] in + # the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html # @@ -4813,14 +4829,24 @@ def get_instance_profile(params = {}, options = {}) req = build_request(:get_instance_profile, params) req.send_request(options) end - # Retrieves the user name and password creation date for the specified - # IAM user. If the user has not been assigned a password, the operation - # returns a 404 (`NoSuchEntity`) error. + # Retrieves the user name for the specified IAM user. A login profile is + # created when you create a password for the user to access the + # Management Console. If the user does not exist or does not have a + # password, the operation returns a 404 (`NoSuchEntity`) error. # + # If you create an IAM user with access to the console, the `CreateDate` + # reflects the date you created the initial password for the user. + # + # If you create an IAM user with programmatic access, and then later add + # a password for the user to access the Management Console, the + # `CreateDate` reflects the initial password creation date. A user with + # programmatic access does not have a login profile unless you create a + # password for the user to access the Management Console. + # # @option params [required, String] :user_name # The name of the user whose login profile you want to retrieve. # # This parameter allows (through its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters @@ -4880,11 +4906,11 @@ # The Amazon Resource Name (ARN) of the OIDC provider resource object in # IAM to get information for. You can get a list of OIDC provider # resource ARNs by using the ListOpenIDConnectProviders operation. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -4921,14 +4947,14 @@ def get_open_id_connect_provider(params = {}, options = {}) req = build_request(:get_open_id_connect_provider, params) req.send_request(options) end - # Retrieves the service last accessed data report for AWS Organizations - # that was previously generated using the ` - # GenerateOrganizationsAccessReport ` operation. This operation - # retrieves the status of your report job and the report contents. + # Retrieves the service last accessed data report for Organizations that + # was previously generated using the ` GenerateOrganizationsAccessReport + # ` operation. This operation retrieves the status of your report job + # and the report contents. # # Depending on the parameters that you passed when you generated the # report, the data returned could include different information. For # details, see GenerateOrganizationsAccessReport. # @@ -5091,11 +5117,11 @@ # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the managed policy that you want # information about. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -5173,11 +5199,11 @@ # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the managed policy that you want # information about. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -5412,11 +5438,11 @@ # @option params [required, String] :saml_provider_arn # The Amazon Resource Name (ARN) of the SAML provider resource object in # IAM to get information about. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -5453,14 +5479,14 @@ # Retrieves the specified SSH public key, including metadata about the # key. # # The SSH public key retrieved by this operation is used only for - # authenticating the associated IAM user to an AWS CodeCommit - # repository. For more information about using SSH keys to authenticate - # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH - # connections][1] in the *AWS CodeCommit User Guide*. + # authenticating the associated IAM user to an CodeCommit repository. + # For more information about using SSH keys to authenticate to an + # CodeCommit repository, see [Set up CodeCommit for SSH connections][1] + # in the *CodeCommit User Guide*. # # # # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # @@ -5525,12 +5551,12 @@ # Retrieves information about the specified server certificate stored in # IAM. # # For more information about working with server certificates, see # [Working with server certificates][1] in the *IAM User Guide*. This - # topic includes a list of AWS services that can use the server - # certificates that you manage with IAM. + # topic includes a list of Amazon Web Services services that can use the + # server certificates that you manage with IAM. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html # @@ -5582,21 +5608,21 @@ # Retrieves a service last accessed report that was created using the # `GenerateServiceLastAccessedDetails` operation. You can use the # `JobId` parameter in `GetServiceLastAccessedDetails` to retrieve the # status of your report job. When the report is complete, you can - # retrieve the generated report. The report includes a list of AWS - # services that the resource (user, group, role, or managed policy) can - # access. + # retrieve the generated report. The report includes a list of Amazon + # Web Services services that the resource (user, group, role, or managed + # policy) can access. # # <note markdown="1"> Service last accessed data does not use other policy types when # determining whether a resource could access a service. These other # policy types include resource-based policies, access control lists, - # AWS Organizations policies, IAM permissions boundaries, and AWS STS - # assume role policies. It only applies permissions policy logic. For - # more about the evaluation of policy types, see [Evaluating - # policies][1] in the *IAM User Guide*. + # Organizations policies, IAM permissions boundaries, and STS assume + # role policies. It only applies permissions policy logic. For more + # about the evaluation of policy types, see [Evaluating policies][1] in + # the *IAM User Guide*. # # </note> # # For each service that the resource could access using permissions # policies, the operation returns details about the most recent access @@ -5771,20 +5797,21 @@ # @option params [required, String] :job_id # The ID of the request generated by the # `GenerateServiceLastAccessedDetails` operation. # # @option params [required, String] :service_namespace - # The service namespace for an AWS service. Provide the service - # namespace to learn when the IAM entity last attempted to access the - # specified service. + # The service namespace for an Amazon Web Services service. Provide the + # service namespace to learn when the IAM entity last attempted to + # access the specified service. # # To learn the service namespace for a service, see [Actions, resources, - # and condition keys for AWS services][1] in the *IAM User Guide*. - # Choose the name of the service to view details for that service. In - # the first paragraph, find the service prefix. For example, `(service - # prefix: a4b)`. For more information about service namespaces, see [AWS - # service namespaces][2] in the *AWS General Reference*. + # and condition keys for Amazon Web Services services][1] in the *IAM + # User Guide*. Choose the name of the service to view details for that + # service. In the first paragraph, find the service prefix. For example, + # `(service prefix: a4b)`. For more information about service + # namespaces, see [Amazon Web Services service namespaces][2] in + # the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces @@ -5933,12 +5960,12 @@ # Retrieves information about the specified IAM user, including the # user's creation date, path, unique ID, and ARN. # # If you do not specify a user name, IAM determines the user name - # implicitly based on the AWS access key ID used to sign the request to - # this operation. + # implicitly based on the Amazon Web Services access key ID used to sign + # the request to this operation. # # @option params [String] :user_name # The name of the user to get information about. # # This parameter is optional. If it is not included, it defaults to the @@ -6091,16 +6118,16 @@ # # Although each user is limited to a small number of keys, you can still # paginate the results using the `MaxItems` and `Marker` parameters. # # If the `UserName` field is not specified, the user name is determined - # implicitly based on the AWS access key ID used to sign the request. - # This operation works for access keys under the AWS account. - # Consequently, you can use this operation to manage AWS account root - # user credentials even if the AWS account has no associated users. + # implicitly based on the Amazon Web Services access key ID used to sign + # the request. This operation works for access keys under the account. + # Consequently, you can use this operation to manage account root user + # credentials even if the account has no associated users. # - # <note markdown="1"> To ensure the security of your AWS account, the secret access key is + # <note markdown="1"> To ensure the security of your account, the secret access key is # accessible only during key and user creation. # # </note> # # @option params [String] :user_name @@ -6192,13 +6219,13 @@ def list_access_keys(params = {}, options = {}) req = build_request(:list_access_keys, params) req.send_request(options) end - # Lists the account alias associated with the AWS account (Note: you can - # have only one). For information about using an AWS account alias, see - # [Using an alias for your AWS account ID][1] in the *IAM User Guide*. + # Lists the account alias associated with the account (Note: you can + # have only one). For information about using an account alias, see + # [Using an alias for your account ID][1] in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html # @@ -6573,11 +6600,11 @@ # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy for which you want # the versions. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -6991,14 +7018,14 @@ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # # @option params [required, String] :instance_profile_name # The name of the IAM instance profile whose tags you want to see. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -7007,20 +7034,19 @@ # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items - # (Optional) Use this only when paginating results to indicate the - # maximum number of items that you want in the response. If additional - # items exist beyond the maximum that you specify, the `IsTruncated` - # response element is `true`. + # Use this only when paginating results to indicate the maximum number + # of items you want in the response. If additional items exist beyond + # the maximum you specify, the `IsTruncated` response element is `true`. # - # If you do not include this parameter, it defaults to 100. Note that - # IAM might return fewer results, even when more results are available. - # In that case, the `IsTruncated` response element returns `true`, and - # `Marker` contains a value to include in the subsequent call that tells - # the service where to continue from. + # If you do not include this parameter, the number of items defaults to + # 100. Note that IAM might return fewer results, even when there are + # more results available. In that case, the `IsTruncated` response + # element returns `true`, and `Marker` contains a value to include in + # the subsequent call that tells the service where to continue from. # # @return [Types::ListInstanceProfileTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListInstanceProfileTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; # * {Types::ListInstanceProfileTagsResponse#is_truncated #is_truncated} => Boolean @@ -7268,14 +7294,14 @@ # @option params [required, String] :serial_number # The unique identifier for the IAM virtual MFA device whose tags you # want to see. For virtual MFA devices, the serial number is the same as # the ARN. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -7284,20 +7310,19 @@ # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items - # (Optional) Use this only when paginating results to indicate the - # maximum number of items that you want in the response. If additional - # items exist beyond the maximum that you specify, the `IsTruncated` - # response element is `true`. + # Use this only when paginating results to indicate the maximum number + # of items you want in the response. If additional items exist beyond + # the maximum you specify, the `IsTruncated` response element is `true`. # - # If you do not include this parameter, it defaults to 100. Note that - # IAM might return fewer results, even when more results are available. - # In that case, the `IsTruncated` response element returns `true`, and - # `Marker` contains a value to include in the subsequent call that tells - # the service where to continue from. + # If you do not include this parameter, the number of items defaults to + # 100. Note that IAM might return fewer results, even when there are + # more results available. In that case, the `IsTruncated` response + # element returns `true`, and `Marker` contains a value to include in + # the subsequent call that tells the service where to continue from. # # @return [Types::ListMFADeviceTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListMFADeviceTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; # * {Types::ListMFADeviceTagsResponse#is_truncated #is_truncated} => Boolean @@ -7329,12 +7354,12 @@ end # Lists the MFA devices for an IAM user. If the request includes a IAM # user name, then this operation lists all the MFA devices associated # with the specified user. If you do not specify a user name, IAM - # determines the user name implicitly based on the AWS access key ID - # signing the request for this operation. + # determines the user name implicitly based on the Amazon Web Services + # access key ID signing the request for this operation. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [String] :user_name @@ -7415,14 +7440,14 @@ # # @option params [required, String] :open_id_connect_provider_arn # The ARN of the OpenID Connect (OIDC) identity provider whose tags you # want to see. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -7431,20 +7456,19 @@ # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items - # (Optional) Use this only when paginating results to indicate the - # maximum number of items that you want in the response. If additional - # items exist beyond the maximum that you specify, the `IsTruncated` - # response element is `true`. + # Use this only when paginating results to indicate the maximum number + # of items you want in the response. If additional items exist beyond + # the maximum you specify, the `IsTruncated` response element is `true`. # - # If you do not include this parameter, it defaults to 100. Note that - # IAM might return fewer results, even when more results are available. - # In that case, the `IsTruncated` response element returns `true`, and - # `Marker` contains a value to include in the subsequent call that tells - # the service where to continue from. + # If you do not include this parameter, the number of items defaults to + # 100. Note that IAM might return fewer results, even when there are + # more results available. In that case, the `IsTruncated` response + # element returns `true`, and `Marker` contains a value to include in + # the subsequent call that tells the service where to continue from. # # @return [Types::ListOpenIDConnectProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListOpenIDConnectProviderTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; # * {Types::ListOpenIDConnectProviderTagsResponse#is_truncated #is_truncated} => Boolean @@ -7474,11 +7498,11 @@ req = build_request(:list_open_id_connect_provider_tags, params) req.send_request(options) end # Lists information about the IAM OpenID Connect (OIDC) provider - # resource objects defined in the AWS account. + # resource objects defined in the account. # # <note markdown="1"> IAM resource-listing operations return a subset of the available # attributes for the resource. For example, this operation does not # return tags, even though they are an attribute of the returned object. # To view all of the information for an OIDC provider, see @@ -7502,19 +7526,19 @@ def list_open_id_connect_providers(params = {}, options = {}) req = build_request(:list_open_id_connect_providers, params) req.send_request(options) end - # Lists all the managed policies that are available in your AWS account, - # including your own customer-defined managed policies and all AWS - # managed policies. + # Lists all the managed policies that are available in your account, + # including your own customer-defined managed policies and all Amazon + # Web Services managed policies. # # You can filter the list of policies that is returned using the # optional `OnlyAttached`, `Scope`, and `PathPrefix` parameters. For - # example, to list only the customer managed policies in your AWS - # account, set `Scope` to `Local`. To list only AWS managed policies, - # set `Scope` to `AWS`. + # example, to list only the customer managed policies in your Amazon Web + # Services account, set `Scope` to `Local`. To list only Amazon Web + # Services managed policies, set `Scope` to `AWS`. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # For more information about managed policies, see [Managed policies and @@ -7533,13 +7557,13 @@ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [String] :scope # The scope to use for filtering the results. # - # To list only AWS managed policies, set `Scope` to `AWS`. To list only - # the customer managed policies in your AWS account, set `Scope` to - # `Local`. + # To list only Amazon Web Services managed policies, set `Scope` to + # `AWS`. To list only the customer managed policies in your account, set + # `Scope` to `Local`. # # This parameter is optional. If it is not included, or if it is set to # `All`, all policies are returned. # # @option params [Boolean] :only_attached @@ -7643,15 +7667,14 @@ # Retrieves a list of policies that the IAM identity (user, group, or # role) can use to access each specified service. # # <note markdown="1"> This operation does not use other policy types when determining # whether a resource could access a service. These other policy types - # include resource-based policies, access control lists, AWS - # Organizations policies, IAM permissions boundaries, and AWS STS assume - # role policies. It only applies permissions policy logic. For more - # about the evaluation of policy types, see [Evaluating policies][1] in - # the *IAM User Guide*. + # include resource-based policies, access control lists, Organizations + # policies, IAM permissions boundaries, and STS assume role policies. It + # only applies permissions policy logic. For more about the evaluation + # of policy types, see [Evaluating policies][1] in the *IAM User Guide*. # # </note> # # The list of policies returned by the operation depends on the ARN of # the identity that you provide. @@ -7693,19 +7716,20 @@ # @option params [required, String] :arn # The ARN of the IAM identity (user, group, or role) whose policies you # want to list. # # @option params [required, Array<String>] :service_namespaces - # The service namespace for the AWS services whose policies you want to - # list. + # The service namespace for the Amazon Web Services services whose + # policies you want to list. # # To learn the service namespace for a service, see [Actions, resources, - # and condition keys for AWS services][1] in the *IAM User Guide*. - # Choose the name of the service to view details for that service. In - # the first paragraph, find the service prefix. For example, `(service - # prefix: a4b)`. For more information about service namespaces, see [AWS - # service namespaces][2] in the *AWS General Reference*. + # and condition keys for Amazon Web Services services][1] in the *IAM + # User Guide*. Choose the name of the service to view details for that + # service. In the first paragraph, find the service prefix. For example, + # `(service prefix: a4b)`. For more information about service + # namespaces, see [Amazon Web Services service namespaces][2] in + # the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces @@ -7802,14 +7826,14 @@ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # # @option params [required, String] :policy_arn # The ARN of the IAM customer managed policy whose tags you want to see. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -7818,20 +7842,19 @@ # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items - # (Optional) Use this only when paginating results to indicate the - # maximum number of items that you want in the response. If additional - # items exist beyond the maximum that you specify, the `IsTruncated` - # response element is `true`. + # Use this only when paginating results to indicate the maximum number + # of items you want in the response. If additional items exist beyond + # the maximum you specify, the `IsTruncated` response element is `true`. # - # If you do not include this parameter, it defaults to 100. Note that - # IAM might return fewer results, even when more results are available. - # In that case, the `IsTruncated` response element returns `true`, and - # `Marker` contains a value to include in the subsequent call that tells - # the service where to continue from. + # If you do not include this parameter, the number of items defaults to + # 100. Note that IAM might return fewer results, even when there are + # more results available. In that case, the `IsTruncated` response + # element returns `true`, and `Marker` contains a value to include in + # the subsequent call that tells the service where to continue from. # # @return [Types::ListPolicyTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListPolicyTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; # * {Types::ListPolicyTagsResponse#is_truncated #is_truncated} => Boolean @@ -7876,11 +7899,11 @@ # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy for which you want # the versions. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -8038,20 +8061,19 @@ # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items - # (Optional) Use this only when paginating results to indicate the - # maximum number of items that you want in the response. If additional - # items exist beyond the maximum that you specify, the `IsTruncated` - # response element is `true`. + # Use this only when paginating results to indicate the maximum number + # of items you want in the response. If additional items exist beyond + # the maximum you specify, the `IsTruncated` response element is `true`. # - # If you do not include this parameter, it defaults to 100. Note that - # IAM might return fewer results, even when more results are available. - # In that case, the `IsTruncated` response element returns `true`, and - # `Marker` contains a value to include in the subsequent call that tells - # the service where to continue from. + # If you do not include this parameter, the number of items defaults to + # 100. Note that IAM might return fewer results, even when there are + # more results available. In that case, the `IsTruncated` response + # element returns `true`, and `Marker` contains a value to include in + # the subsequent call that tells the service where to continue from. # # @return [Types::ListRoleTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListRoleTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; # * {Types::ListRoleTagsResponse#is_truncated #is_truncated} => Boolean @@ -8219,14 +8241,14 @@ # # @option params [required, String] :saml_provider_arn # The ARN of the Security Assertion Markup Language (SAML) identity # provider whose tags you want to see. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -8235,20 +8257,19 @@ # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items - # (Optional) Use this only when paginating results to indicate the - # maximum number of items that you want in the response. If additional - # items exist beyond the maximum that you specify, the `IsTruncated` - # response element is `true`. + # Use this only when paginating results to indicate the maximum number + # of items you want in the response. If additional items exist beyond + # the maximum you specify, the `IsTruncated` response element is `true`. # - # If you do not include this parameter, it defaults to 100. Note that - # IAM might return fewer results, even when more results are available. - # In that case, the `IsTruncated` response element returns `true`, and - # `Marker` contains a value to include in the subsequent call that tells - # the service where to continue from. + # If you do not include this parameter, the number of items defaults to + # 100. Note that IAM might return fewer results, even when there are + # more results available. In that case, the `IsTruncated` response + # element returns `true`, and `Marker` contains a value to include in + # the subsequent call that tells the service where to continue from. # # @return [Types::ListSAMLProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListSAMLProviderTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; # * {Types::ListSAMLProviderTagsResponse#is_truncated #is_truncated} => Boolean @@ -8315,14 +8336,14 @@ # Returns information about the SSH public keys associated with the # specified IAM user. If none exists, the operation returns an empty # list. # # The SSH public keys returned by this operation are used only for - # authenticating the IAM user to an AWS CodeCommit repository. For more - # information about using SSH keys to authenticate to an AWS CodeCommit - # repository, see [Set up AWS CodeCommit for SSH connections][1] in the - # *AWS CodeCommit User Guide*. + # authenticating the IAM user to an CodeCommit repository. For more + # information about using SSH keys to authenticate to an CodeCommit + # repository, see [Set up CodeCommit for SSH connections][1] in the + # *CodeCommit User Guide*. # # Although each user is limited to a small number of keys, you can still # paginate the results using the `MaxItems` and `Marker` parameters. # # @@ -8330,11 +8351,11 @@ # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # # @option params [String] :user_name # The name of the IAM user to list SSH public keys for. If none is # specified, the `UserName` field is determined implicitly based on the - # AWS access key used to sign the request. + # Amazon Web Services access key used to sign the request. # # This parameter allows (through its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- @@ -8398,15 +8419,15 @@ # Lists the tags that are attached to the specified IAM server # certificate. The returned list of tags is sorted by tag key. For more # information about tagging, see [Tagging IAM resources][1] in the *IAM # User Guide*. # - # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager - # (ACM), we recommend that you don't use IAM server certificates. - # Instead, use ACM to provision, manage, and deploy your server - # certificates. For more information about IAM server certificates, - # [Working with server certificates][2] in the *IAM User Guide*. + # <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM), + # we recommend that you don't use IAM server certificates. Instead, use + # ACM to provision, manage, and deploy your server certificates. For + # more information about IAM server certificates, [Working with server + # certificates][2] in the *IAM User Guide*. # # </note> # # # @@ -8414,14 +8435,14 @@ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html # # @option params [required, String] :server_certificate_name # The name of the IAM server certificate whose tags you want to see. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -8430,20 +8451,19 @@ # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items - # (Optional) Use this only when paginating results to indicate the - # maximum number of items that you want in the response. If additional - # items exist beyond the maximum that you specify, the `IsTruncated` - # response element is `true`. + # Use this only when paginating results to indicate the maximum number + # of items you want in the response. If additional items exist beyond + # the maximum you specify, the `IsTruncated` response element is `true`. # - # If you do not include this parameter, it defaults to 100. Note that - # IAM might return fewer results, even when more results are available. - # In that case, the `IsTruncated` response element returns `true`, and - # `Marker` contains a value to include in the subsequent call that tells - # the service where to continue from. + # If you do not include this parameter, the number of items defaults to + # 100. Note that IAM might return fewer results, even when there are + # more results available. In that case, the `IsTruncated` response + # element returns `true`, and `Marker` contains a value to include in + # the subsequent call that tells the service where to continue from. # # @return [Types::ListServerCertificateTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListServerCertificateTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; # * {Types::ListServerCertificateTagsResponse#is_truncated #is_truncated} => Boolean @@ -8480,12 +8500,12 @@ # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # For more information about working with server certificates, see # [Working with server certificates][1] in the *IAM User Guide*. This - # topic also includes a list of AWS services that can use the server - # certificates that you manage with IAM. + # topic also includes a list of Amazon Web Services services that can + # use the server certificates that you manage with IAM. # # <note markdown="1"> IAM resource-listing operations return a subset of the available # attributes for the resource. For example, this operation does not # return tags, even though they are an attribute of the returned object. # To view all of the information for a servercertificate, see @@ -8572,12 +8592,12 @@ # Returns information about the service-specific credentials associated # with the specified IAM user. If none exists, the operation returns an # empty list. The service-specific credentials returned by this # operation are used only for authenticating the IAM user to a specific # service. For more information about using service-specific credentials - # to authenticate to an AWS service, see [Set up service-specific - # credentials][1] in the AWS CodeCommit User Guide. + # to authenticate to an Amazon Web Services service, see [Set up + # service-specific credentials][1] in the CodeCommit User Guide. # # # # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html # @@ -8594,13 +8614,13 @@ # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :service_name - # Filters the returned results to only those for the specified AWS - # service. If not specified, then AWS returns service-specific - # credentials for all services. + # Filters the returned results to only those for the specified Amazon + # Web Services service. If not specified, then Amazon Web Services + # returns service-specific credentials for all services. # # @return [Types::ListServiceSpecificCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListServiceSpecificCredentialsResponse#service_specific_credentials #service_specific_credentials} => Array&lt;Types::ServiceSpecificCredentialMetadata&gt; # @@ -8637,15 +8657,15 @@ # Although each user is limited to a small number of signing # certificates, you can still paginate the results using the `MaxItems` # and `Marker` parameters. # # If the `UserName` field is not specified, the user name is determined - # implicitly based on the AWS access key ID used to sign the request for - # this operation. This operation works for access keys under the AWS - # account. Consequently, you can use this operation to manage AWS - # account root user credentials even if the AWS account has no - # associated users. + # implicitly based on the Amazon Web Services access key ID used to sign + # the request for this operation. This operation works for access keys + # under the account. Consequently, you can use this operation to manage + # account root user credentials even if the account has no associated + # users. # # @option params [String] :user_name # The name of the IAM user whose signing certificates you want to # examine. # @@ -8819,14 +8839,14 @@ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # # @option params [required, String] :user_name # The name of the IAM user whose tags you want to see. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -8835,20 +8855,19 @@ # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items - # (Optional) Use this only when paginating results to indicate the - # maximum number of items that you want in the response. If additional - # items exist beyond the maximum that you specify, the `IsTruncated` - # response element is `true`. + # Use this only when paginating results to indicate the maximum number + # of items you want in the response. If additional items exist beyond + # the maximum you specify, the `IsTruncated` response element is `true`. # - # If you do not include this parameter, it defaults to 100. Note that - # IAM might return fewer results, even when more results are available. - # In that case, the `IsTruncated` response element returns `true`, and - # `Marker` contains a value to include in the subsequent call that tells - # the service where to continue from. + # If you do not include this parameter, the number of items defaults to + # 100. Note that IAM might return fewer results, even when there are + # more results available. In that case, the `IsTruncated` response + # element returns `true`, and `Marker` contains a value to include in + # the subsequent call that tells the service where to continue from. # # @return [Types::ListUserTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListUserTagsResponse#tags #tags} => Array&lt;Types::Tag&gt; # * {Types::ListUserTagsResponse#is_truncated #is_truncated} => Boolean @@ -8904,12 +8923,12 @@ req = build_request(:list_user_tags, params) req.send_request(options) end # Lists the IAM users that have the specified path prefix. If no path - # prefix is specified, the operation returns all users in the AWS - # account. If there are none, the operation returns an empty list. + # prefix is specified, the operation returns all users in the account. + # If there are none, the operation returns an empty list. # # <note markdown="1"> IAM resource-listing operations return a subset of the available # attributes for the resource. For example, this operation does not # return tags, even though they are an attribute of the returned object. # To view all of the information for a user, see GetUser. @@ -9023,11 +9042,11 @@ def list_users(params = {}, options = {}) req = build_request(:list_users, params) req.send_request(options) end - # Lists the virtual MFA devices defined in the AWS account by assignment + # Lists the virtual MFA devices defined in the account by assignment # status. If you do not specify an assignment status, the operation # returns a list of all virtual MFA devices. Assignment status can be # `Assigned`, `Unassigned`, or `Any`. # # <note markdown="1"> IAM resource-listing operations return a subset of the available @@ -9182,14 +9201,14 @@ # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_document # The policy document. # - # You must provide policies in JSON format in IAM. However, for AWS + # You must provide policies in JSON format in IAM. However, for # CloudFormation templates formatted in YAML, you can provide the policy - # in JSON or YAML format. AWS CloudFormation always converts a YAML - # policy to JSON format before submitting it to IAM. + # in JSON or YAML format. CloudFormation always converts a YAML policy + # to JSON format before submitting it to = IAM. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character @@ -9234,15 +9253,15 @@ req = build_request(:put_group_policy, params) req.send_request(options) end # Adds or updates the policy that is specified as the IAM role's - # permissions boundary. You can use an AWS managed policy or a customer - # managed policy to set the boundary for a role. Use the boundary to - # control the maximum permissions that the role can have. Setting a - # permissions boundary is an advanced feature that can affect the - # permissions for the role. + # permissions boundary. You can use an Amazon Web Services managed + # policy or a customer managed policy to set the boundary for a role. + # Use the boundary to control the maximum permissions that the role can + # have. Setting a permissions boundary is an advanced feature that can + # affect the permissions for the role. # # You cannot set the boundary for a service-linked role. # # Policies used as permissions boundaries do not provide permissions. # You must also attach a permissions policy to the role. To learn how @@ -9337,14 +9356,14 @@ # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_document # The policy document. # - # You must provide policies in JSON format in IAM. However, for AWS + # You must provide policies in JSON format in IAM. However, for # CloudFormation templates formatted in YAML, you can provide the policy - # in JSON or YAML format. AWS CloudFormation always converts a YAML - # policy to JSON format before submitting it to IAM. + # in JSON or YAML format. CloudFormation always converts a YAML policy + # to JSON format before submitting it to IAM. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character @@ -9389,15 +9408,15 @@ req = build_request(:put_role_policy, params) req.send_request(options) end # Adds or updates the policy that is specified as the IAM user's - # permissions boundary. You can use an AWS managed policy or a customer - # managed policy to set the boundary for a user. Use the boundary to - # control the maximum permissions that the user can have. Setting a - # permissions boundary is an advanced feature that can affect the - # permissions for the user. + # permissions boundary. You can use an Amazon Web Services managed + # policy or a customer managed policy to set the boundary for a user. + # Use the boundary to control the maximum permissions that the user can + # have. Setting a permissions boundary is an advanced feature that can + # affect the permissions for the user. # # Policies that are used as permissions boundaries do not provide # permissions. You must also attach a permissions policy to the user. To # learn how the effective permissions for a user are evaluated, see [IAM # JSON policy evaluation logic][1] in the IAM User Guide. @@ -9482,14 +9501,14 @@ # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_document # The policy document. # - # You must provide policies in JSON format in IAM. However, for AWS + # You must provide policies in JSON format in IAM. However, for # CloudFormation templates formatted in YAML, you can provide the policy - # in JSON or YAML format. AWS CloudFormation always converts a YAML - # policy to JSON format before submitting it to IAM. + # in JSON or YAML format. CloudFormation always converts a YAML policy + # to JSON format before submitting it to IAM. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character @@ -9546,11 +9565,11 @@ # The Amazon Resource Name (ARN) of the IAM OIDC provider resource to # remove the client ID from. You can get a list of OIDC provider ARNs by # using the ListOpenIDConnectProviders operation. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -9699,13 +9718,14 @@ req = build_request(:remove_user_from_group, params) req.send_request(options) end # Resets the password for a service-specific credential. The new - # password is AWS generated and cryptographically strong. It cannot be - # configured by the user. Resetting the password immediately invalidates - # the previous password associated with this user. + # password is Amazon Web Services generated and cryptographically + # strong. It cannot be configured by the user. Resetting the password + # immediately invalidates the previous password associated with this + # user. # # @option params [String] :user_name # The name of the IAM user associated with the service-specific # credential. If this value is not specified, then the operation assumes # the user whose credentials are used to call the operation. @@ -9759,11 +9779,11 @@ req = build_request(:reset_service_specific_credential, params) req.send_request(options) end # Synchronizes the specified MFA device with its IAM resource object on - # the AWS servers. + # the Amazon Web Services servers. # # For more information about creating and working with virtual MFA # devices, see [Using a virtual MFA device][1] in the *IAM User Guide*. # # @@ -9841,11 +9861,11 @@ # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy whose default version # you want to set. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -9876,29 +9896,29 @@ req = build_request(:set_default_policy_version, params) req.send_request(options) end # Sets the specified version of the global endpoint token as the token - # version used for the AWS account. + # version used for the account. # - # By default, AWS Security Token Service (STS) is available as a global + # By default, Security Token Service (STS) is available as a global # service, and all STS requests go to a single endpoint at - # `https://sts.amazonaws.com`. AWS recommends using Regional STS - # endpoints to reduce latency, build in redundancy, and increase session - # token availability. For information about Regional endpoints for STS, - # see [AWS AWS Security Token Service endpoints and quotas][1] in the - # *AWS General Reference*. + # `https://sts.amazonaws.com`. Amazon Web Services recommends using + # Regional STS endpoints to reduce latency, build in redundancy, and + # increase session token availability. For information about Regional + # endpoints for STS, see [Security Token Service endpoints and + # quotas][1] in the *Amazon Web Services General Reference*. # # If you make an STS call to the global endpoint, the resulting session # tokens might be valid in some Regions but not others. It depends on # the version that is set in this operation. Version 1 tokens are valid - # only in AWS Regions that are available by default. These tokens do not + # only in Regions that are available by default. These tokens do not # work in manually enabled Regions, such as Asia Pacific (Hong Kong). # Version 2 tokens are valid in all Regions. However, version 2 tokens # are longer and might affect systems where you temporarily store # tokens. For information, see [Activating and deactivating STS in an - # AWS region][2] in the *IAM User Guide*. + # Region][2] in the *IAM User Guide*. # # To view the current session token version, see the # `GlobalEndpointTokenVersion` entry in the response of the # GetAccountSummary operation. # @@ -9907,18 +9927,18 @@ # [1]: https://docs.aws.amazon.com/general/latest/gr/sts.html # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html # # @option params [required, String] :global_endpoint_token_version # The version of the global endpoint token. Version 1 tokens are valid - # only in AWS Regions that are available by default. These tokens do not + # only in Regions that are available by default. These tokens do not # work in manually enabled Regions, such as Asia Pacific (Hong Kong). # Version 2 tokens are valid in all Regions. However, version 2 tokens # are longer and might affect systems where you temporarily store # tokens. # - # For information, see [Activating and deactivating STS in an AWS - # region][1] in the *IAM User Guide*. + # For information, see [Activating and deactivating STS in an Region][1] + # in the *IAM User Guide*. # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html # @@ -9947,27 +9967,28 @@ req = build_request(:set_security_token_service_preferences, params) req.send_request(options) end # Simulate how a set of IAM policies and optionally a resource-based - # policy works with a list of API operations and AWS resources to - # determine the policies' effective permissions. The policies are - # provided as strings. + # policy works with a list of API operations and Amazon Web Services + # resources to determine the policies' effective permissions. The + # policies are provided as strings. # # The simulation does not perform the API operations; it only checks the # authorization to determine if the simulated policies allow or deny the # operations. You can simulate resources that don't exist in your # account. # # If you want to simulate existing policies that are attached to an IAM # user, group, or role, use SimulatePrincipalPolicy instead. # - # Context keys are variables that are maintained by AWS and its services - # and which provide details about the context of an API query request. - # You can use the `Condition` element of an IAM policy to evaluate - # context keys. To get the list of context keys that the policies - # require for correct simulation, use GetContextKeysForCustomPolicy. + # Context keys are variables that are maintained by Amazon Web Services + # and its services and which provide details about the context of an API + # query request. You can use the `Condition` element of an IAM policy to + # evaluate context keys. To get the list of context keys that the + # policies require for correct simulation, use + # GetContextKeysForCustomPolicy. # # If the output is long, you can use `MaxItems` and `Marker` parameters # to paginate the results. # # For more information about using the policy simulator, see [Testing @@ -9987,11 +10008,16 @@ # policies, such as you could include in a call to # [GetFederationToken][1] or one of the [AssumeRole][2] API operations. # In other words, do not use policies designed to restrict what a user # can do while using the temporary credentials. # - # The [regex pattern][3] used to validate this parameter is a string of + # The maximum length of the policy document that you can pass in this + # operation, including whitespace, is listed below. To view the maximum + # character counts of a managed policy with no whitespaces, see [IAM and + # STS character quotas][3]. + # + # The [regex pattern][4] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character # (`\u0020`) through the end of the ASCII character range # @@ -10003,22 +10029,28 @@ # # # # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html # [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html - # [3]: http://wikipedia.org/wiki/regex + # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length + # [4]: http://wikipedia.org/wiki/regex # # @option params [Array<String>] :permissions_boundary_policy_input_list # The IAM permissions boundary policy to simulate. The permissions # boundary sets the maximum permissions that an IAM entity can have. You # can input only one permissions boundary when you pass a policy to this # operation. For more information about permissions boundaries, see # [Permissions boundaries for IAM entities][1] in the *IAM User Guide*. # The policy input is specified as a string that contains the complete, # valid JSON text of a permissions boundary policy. # - # The [regex pattern][2] used to validate this parameter is a string of + # The maximum length of the policy document that you can pass in this + # operation, including whitespace, is listed below. To view the maximum + # character counts of a managed policy with no whitespaces, see [IAM and + # STS character quotas][2]. + # + # The [regex pattern][3] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character # (`\u0020`) through the end of the ASCII character range # @@ -10029,26 +10061,27 @@ # carriage return (`\u000D`) # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html - # [2]: http://wikipedia.org/wiki/regex + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length + # [3]: http://wikipedia.org/wiki/regex # # @option params [required, Array<String>] :action_names # A list of names of API operations to evaluate in the simulation. Each # operation is evaluated against each resource. Each operation must # include the service identifier, such as `iam:CreateUser`. This # operation does not support using wildcards (*) in an action name. # # @option params [Array<String>] :resource_arns - # A list of ARNs of AWS resources to include in the simulation. If this - # parameter is not provided, then the value defaults to `*` (all - # resources). Each API in the `ActionNames` parameter is evaluated for - # each resource in this list. The simulation determines the access - # result (allowed or denied) of each combination and reports it in the - # response. You can simulate resources that don't exist in your - # account. + # A list of ARNs of Amazon Web Services resources to include in the + # simulation. If this parameter is not provided, then the value defaults + # to `*` (all resources). Each API in the `ActionNames` parameter is + # evaluated for each resource in this list. The simulation determines + # the access result (allowed or denied) of each combination and reports + # it in the response. You can simulate resources that don't exist in + # your account. # # The simulation does not automatically retrieve policies for the # specified resources. If you want to include a resource policy in the # simulation, then you must include the policy as a string in the # `ResourcePolicy` parameter. @@ -10056,11 +10089,11 @@ # If you include a `ResourcePolicy`, then it must be applicable to all # of the resources included in the simulation or you receive an invalid # input error. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -10068,11 +10101,16 @@ # A resource-based policy to include in the simulation provided as a # string. Each resource in the simulation is treated as if it had this # policy attached. You can include only one resource-based policy in a # simulation. # - # The [regex pattern][1] used to validate this parameter is a string of + # The maximum length of the policy document that you can pass in this + # operation, including whitespace, is listed below. To view the maximum + # character counts of a managed policy with no whitespaces, see [IAM and + # STS character quotas][1]. + # + # The [regex pattern][2] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character # (`\u0020`) through the end of the ASCII character range # @@ -10082,14 +10120,15 @@ # * The special characters tab (`\u0009`), line feed (`\u000A`), and # carriage return (`\u000D`) # # # - # [1]: http://wikipedia.org/wiki/regex + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length + # [2]: http://wikipedia.org/wiki/regex # # @option params [String] :resource_owner - # An ARN representing the AWS account ID that specifies the owner of any + # An ARN representing the account ID that specifies the owner of any # simulated resource that does not identify its owner in the resource # ARN. Examples of resource ARNs include an S3 bucket or object. If # `ResourceOwner` is specified, it is also used as the account owner of # any `ResourcePolicy` included in the simulation. If the # `ResourceOwner` parameter is not specified, then the owner of the @@ -10256,15 +10295,15 @@ req = build_request(:simulate_custom_policy, params) req.send_request(options) end # Simulate how a set of IAM policies attached to an IAM entity works - # with a list of API operations and AWS resources to determine the - # policies' effective permissions. The entity can be an IAM user, - # group, or role. If you specify a user, then the simulation also - # includes all of the policies that are attached to groups that the user - # belongs to. You can simulate resources that don't exist in your + # with a list of API operations and Amazon Web Services resources to + # determine the policies' effective permissions. The entity can be an + # IAM user, group, or role. If you specify a user, then the simulation + # also includes all of the policies that are attached to groups that the + # user belongs to. You can simulate resources that don't exist in your # account. # # You can optionally include a list of one or more additional policies # specified as strings to include in the simulation. If you want to # simulate only policies specified as strings, use SimulateCustomPolicy @@ -10280,15 +10319,16 @@ # **Note:** This operation discloses information about the permissions # granted to other users. If you do not want users to see other user's # permissions, then consider allowing them to use SimulateCustomPolicy # instead. # - # Context keys are variables maintained by AWS and its services that - # provide details about the context of an API query request. You can use - # the `Condition` element of an IAM policy to evaluate context keys. To - # get the list of context keys that the policies require for correct - # simulation, use GetContextKeysForPrincipalPolicy. + # Context keys are variables maintained by Amazon Web Services and its + # services that provide details about the context of an API query + # request. You can use the `Condition` element of an IAM policy to + # evaluate context keys. To get the list of context keys that the + # policies require for correct simulation, use + # GetContextKeysForPrincipalPolicy. # # If the output is long, you can use the `MaxItems` and `Marker` # parameters to paginate the results. # # For more information about using the policy simulator, see [Testing @@ -10305,17 +10345,23 @@ # group, or role, the simulation includes all policies that are # associated with that entity. If you specify a user, the simulation # also includes all policies that are attached to any groups the user # belongs to. # - # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # The maximum length of the policy document that you can pass in this + # operation, including whitespace, is listed below. To view the maximum + # character counts of a managed policy with no whitespaces, see [IAM and + # STS character quotas][1]. # + # For more information about ARNs, see [Amazon Resource Names (ARNs)][2] + # in the *Amazon Web Services General Reference*. # # - # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length + # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html + # # @option params [Array<String>] :policy_input_list # An optional list of additional policy documents to include in the # simulation. Each document is specified as a string containing the # complete, valid JSON text of an IAM policy. # @@ -10346,11 +10392,16 @@ # for the simulation. For more information about permissions boundaries, # see [Permissions boundaries for IAM entities][1] in the *IAM User # Guide*. The policy input is specified as a string containing the # complete, valid JSON text of a permissions boundary policy. # - # The [regex pattern][2] used to validate this parameter is a string of + # The maximum length of the policy document that you can pass in this + # operation, including whitespace, is listed below. To view the maximum + # character counts of a managed policy with no whitespaces, see [IAM and + # STS character quotas][2]. + # + # The [regex pattern][3] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character # (`\u0020`) through the end of the ASCII character range # @@ -10361,33 +10412,34 @@ # carriage return (`\u000D`) # # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html - # [2]: http://wikipedia.org/wiki/regex + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length + # [3]: http://wikipedia.org/wiki/regex # # @option params [required, Array<String>] :action_names # A list of names of API operations to evaluate in the simulation. Each # operation is evaluated for each resource. Each operation must include # the service identifier, such as `iam:CreateUser`. # # @option params [Array<String>] :resource_arns - # A list of ARNs of AWS resources to include in the simulation. If this - # parameter is not provided, then the value defaults to `*` (all - # resources). Each API in the `ActionNames` parameter is evaluated for - # each resource in this list. The simulation determines the access - # result (allowed or denied) of each combination and reports it in the - # response. You can simulate resources that don't exist in your - # account. + # A list of ARNs of Amazon Web Services resources to include in the + # simulation. If this parameter is not provided, then the value defaults + # to `*` (all resources). Each API in the `ActionNames` parameter is + # evaluated for each resource in this list. The simulation determines + # the access result (allowed or denied) of each combination and reports + # it in the response. You can simulate resources that don't exist in + # your account. # # The simulation does not automatically retrieve policies for the # specified resources. If you want to include a resource policy in the # simulation, then you must include the policy as a string in the # `ResourcePolicy` parameter. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -10395,11 +10447,16 @@ # A resource-based policy to include in the simulation provided as a # string. Each resource in the simulation is treated as if it had this # policy attached. You can include only one resource-based policy in a # simulation. # - # The [regex pattern][1] used to validate this parameter is a string of + # The maximum length of the policy document that you can pass in this + # operation, including whitespace, is listed below. To view the maximum + # character counts of a managed policy with no whitespaces, see [IAM and + # STS character quotas][1]. + # + # The [regex pattern][2] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character # (`\u0020`) through the end of the ASCII character range # @@ -10409,23 +10466,24 @@ # * The special characters tab (`\u0009`), line feed (`\u000A`), and # carriage return (`\u000D`) # # # - # [1]: http://wikipedia.org/wiki/regex + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length + # [2]: http://wikipedia.org/wiki/regex # # @option params [String] :resource_owner - # An AWS account ID that specifies the owner of any simulated resource - # that does not identify its owner in the resource ARN. Examples of - # resource ARNs include an S3 bucket or object. If `ResourceOwner` is - # specified, it is also used as the account owner of any - # `ResourcePolicy` included in the simulation. If the `ResourceOwner` - # parameter is not specified, then the owner of the resources and the - # resource policy defaults to the account of the identity provided in - # `CallerArn`. This parameter is required only if you specify a - # resource-based policy and account that owns the resource is different - # from the account that owns the simulated calling user `CallerArn`. + # An account ID that specifies the owner of any simulated resource that + # does not identify its owner in the resource ARN. Examples of resource + # ARNs include an S3 bucket or object. If `ResourceOwner` is specified, + # it is also used as the account owner of any `ResourcePolicy` included + # in the simulation. If the `ResourceOwner` parameter is not specified, + # then the owner of the resources and the resource policy defaults to + # the account of the identity provided in `CallerArn`. This parameter is + # required only if you specify a resource-based policy and account that + # owns the resource is different from the account that owns the + # simulated calling user `CallerArn`. # # @option params [String] :caller_arn # The ARN of the IAM user that you want to specify as the simulated # caller of the API operations. If you do not specify a `CallerArn`, it # defaults to the ARN of the user that you specify in `PolicySourceArn`, @@ -10442,11 +10500,11 @@ # `PolicySourceArn` is not the ARN for an IAM user. This is required so # that the resource-based policy's `Principal` element has a value to # use in evaluating the policy. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -10617,13 +10675,14 @@ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed # maximum number of tags, then the entire request fails and the # resource is not created. For more information about tagging, see # [Tagging IAM resources][2] in the *IAM User Guide*. # - # * AWS always interprets the tag `Value` as a single string. If you - # need to store an array, you can store comma-separated values in the - # string. However, you must interpret the value in your code. + # * Amazon Web Services always interprets the tag `Value` as a single + # string. If you need to store an array, you can store comma-separated + # values in the string. However, you must interpret the value in your + # code. # # </note> # # # @@ -10631,14 +10690,14 @@ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # # @option params [required, String] :instance_profile_name # The name of the IAM instance profile to which you want to add tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -10691,13 +10750,14 @@ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed # maximum number of tags, then the entire request fails and the # resource is not created. For more information about tagging, see # [Tagging IAM resources][2] in the *IAM User Guide*. # - # * AWS always interprets the tag `Value` as a single string. If you - # need to store an array, you can store comma-separated values in the - # string. However, you must interpret the value in your code. + # * Amazon Web Services always interprets the tag `Value` as a single + # string. If you need to store an array, you can store comma-separated + # values in the string. However, you must interpret the value in your + # code. # # </note> # # # @@ -10707,14 +10767,14 @@ # @option params [required, String] :serial_number # The unique identifier for the IAM virtual MFA device to which you want # to add tags. For virtual MFA devices, the serial number is the same as # the ARN. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -10768,13 +10828,14 @@ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed # maximum number of tags, then the entire request fails and the # resource is not created. For more information about tagging, see # [Tagging IAM resources][3] in the *IAM User Guide*. # - # * AWS always interprets the tag `Value` as a single string. If you - # need to store an array, you can store comma-separated values in the - # string. However, you must interpret the value in your code. + # * Amazon Web Services always interprets the tag `Value` as a single + # string. If you need to store an array, you can store comma-separated + # values in the string. However, you must interpret the value in your + # code. # # </note> # # # @@ -10784,14 +10845,14 @@ # # @option params [required, String] :open_id_connect_provider_arn # The ARN of the OIDC identity provider in IAM to which you want to add # tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -10845,13 +10906,14 @@ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed # maximum number of tags, then the entire request fails and the # resource is not created. For more information about tagging, see # [Tagging IAM resources][2] in the *IAM User Guide*. # - # * AWS always interprets the tag `Value` as a single string. If you - # need to store an array, you can store comma-separated values in the - # string. However, you must interpret the value in your code. + # * Amazon Web Services always interprets the tag `Value` as a single + # string. If you need to store an array, you can store comma-separated + # values in the string. However, you must interpret the value in your + # code. # # </note> # # # @@ -10860,14 +10922,14 @@ # # @option params [required, String] :policy_arn # The ARN of the IAM customer managed policy to which you want to add # tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -10917,20 +10979,21 @@ # access to only those resources that have a certain tag attached. For # examples of policies that show how to use tags to control access, # see [Control access using IAM tags][1] in the *IAM User Guide*. # # * **Cost allocation** - Use tags to help track which individuals and - # teams are using which AWS resources. + # teams are using which Amazon Web Services resources. # # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed # maximum number of tags, then the entire request fails and the # resource is not created. For more information about tagging, see # [Tagging IAM resources][2] in the *IAM User Guide*. # - # * AWS always interprets the tag `Value` as a single string. If you - # need to store an array, you can store comma-separated values in the - # string. However, you must interpret the value in your code. + # * Amazon Web Services always interprets the tag `Value` as a single + # string. If you need to store an array, you can store comma-separated + # values in the string. However, you must interpret the value in your + # code. # # </note> # # For more information about tagging, see [Tagging IAM identities][2] in # the *IAM User Guide*. @@ -11021,13 +11084,14 @@ # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed # maximum number of tags, then the entire request fails and the # resource is not created. For more information about tagging, see # [Tagging IAM resources][3] in the *IAM User Guide*. # - # * AWS always interprets the tag `Value` as a single string. If you - # need to store an array, you can store comma-separated values in the - # string. However, you must interpret the value in your code. + # * Amazon Web Services always interprets the tag `Value` as a single + # string. If you need to store an array, you can store comma-separated + # values in the string. However, you must interpret the value in your + # code. # # </note> # # # @@ -11037,14 +11101,14 @@ # # @option params [required, String] :saml_provider_arn # The ARN of the SAML identity provider in IAM to which you want to add # tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -11077,15 +11141,15 @@ # Adds one or more tags to an IAM server certificate. If a tag with the # same key name already exists, then that tag is overwritten with the # new value. # - # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager - # (ACM), we recommend that you don't use IAM server certificates. - # Instead, use ACM to provision, manage, and deploy your server - # certificates. For more information about IAM server certificates, - # [Working with server certificates][1] in the *IAM User Guide*. + # <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM), + # we recommend that you don't use IAM server certificates. Instead, use + # ACM to provision, manage, and deploy your server certificates. For + # more information about IAM server certificates, [Working with server + # certificates][1] in the *IAM User Guide*. # # </note> # # A tag consists of a key name and an associated value. By assigning # tags to your resources, you can do the following: @@ -11101,20 +11165,21 @@ # a server certificate that has a specified tag attached. For examples # of policies that show how to use tags to control access, see # [Control access using IAM tags][2] in the *IAM User Guide*. # # * **Cost allocation** - Use tags to help track which individuals and - # teams are using which AWS resources. + # teams are using which Amazon Web Services resources. # # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed # maximum number of tags, then the entire request fails and the # resource is not created. For more information about tagging, see # [Tagging IAM resources][3] in the *IAM User Guide*. # - # * AWS always interprets the tag `Value` as a single string. If you - # need to store an array, you can store comma-separated values in the - # string. However, you must interpret the value in your code. + # * Amazon Web Services always interprets the tag `Value` as a single + # string. If you need to store an array, you can store comma-separated + # values in the string. However, you must interpret the value in your + # code. # # </note> # # # @@ -11123,14 +11188,14 @@ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # # @option params [required, String] :server_certificate_name # The name of the IAM server certificate to which you want to add tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -11180,20 +11245,21 @@ # attached. For examples of policies that show how to use tags to # control access, see [Control access using IAM tags][1] in the *IAM # User Guide*. # # * **Cost allocation** - Use tags to help track which individuals and - # teams are using which AWS resources. + # teams are using which Amazon Web Services resources. # # <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed # maximum number of tags, then the entire request fails and the # resource is not created. For more information about tagging, see # [Tagging IAM resources][2] in the *IAM User Guide*. # - # * AWS always interprets the tag `Value` as a single string. If you - # need to store an array, you can store comma-separated values in the - # string. However, you must interpret the value in your code. + # * Amazon Web Services always interprets the tag `Value` as a single + # string. If you need to store an array, you can store comma-separated + # values in the string. However, you must interpret the value in your + # code. # # </note> # # For more information about tagging, see [Tagging IAM identities][2] in # the *IAM User Guide*. @@ -11204,14 +11270,14 @@ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # # @option params [required, String] :user_name # The name of the IAM user to which you want to add tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -11271,14 +11337,14 @@ # # @option params [required, String] :instance_profile_name # The name of the IAM instance profile from which you want to remove # tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -11315,14 +11381,14 @@ # @option params [required, String] :serial_number # The unique identifier for the IAM virtual MFA device from which you # want to remove tags. For virtual MFA devices, the serial number is the # same as the ARN. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -11361,14 +11427,14 @@ # # @option params [required, String] :open_id_connect_provider_arn # The ARN of the OIDC provider in IAM from which you want to remove # tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -11404,14 +11470,14 @@ # # @option params [required, String] :policy_arn # The ARN of the IAM customer managed policy from which you want to # remove tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -11503,14 +11569,14 @@ # # @option params [required, String] :saml_provider_arn # The ARN of the SAML identity provider in IAM from which you want to # remove tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -11538,15 +11604,15 @@ # Removes the specified tags from the IAM server certificate. For more # information about tagging, see [Tagging IAM resources][1] in the *IAM # User Guide*. # - # <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager - # (ACM), we recommend that you don't use IAM server certificates. - # Instead, use ACM to provision, manage, and deploy your server - # certificates. For more information about IAM server certificates, - # [Working with server certificates][2] in the *IAM User Guide*. + # <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM), + # we recommend that you don't use IAM server certificates. Instead, use + # ACM to provision, manage, and deploy your server certificates. For + # more information about IAM server certificates, [Working with server + # certificates][2] in the *IAM User Guide*. # # </note> # # # @@ -11555,14 +11621,14 @@ # # @option params [required, String] :server_certificate_name # The name of the IAM server certificate from which you want to remove # tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -11596,14 +11662,14 @@ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html # # @option params [required, String] :user_name # The name of the IAM user from which you want to remove tags. # - # This parameter accepts (through its [regex pattern][1]) a string of - # characters that consist of upper and lowercase alphanumeric characters + # This parameter allows (through its [regex pattern][1]) a string of + # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: - # =,.@- + # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # @@ -11644,14 +11710,14 @@ # Changes the status of the specified access key from Active to # Inactive, or vice versa. This operation can be used to disable a # user's key as part of a key rotation workflow. # # If the `UserName` is not specified, the user name is determined - # implicitly based on the AWS access key ID used to sign the request. - # This operation works for access keys under the AWS account. - # Consequently, you can use this operation to manage AWS account root - # user credentials even if the AWS account has no associated users. + # implicitly based on the Amazon Web Services access key ID used to sign + # the request. This operation works for access keys under the account. + # Consequently, you can use this operation to manage account root user + # credentials even if the account has no associated users. # # For information about rotating keys, see [Managing keys and # certificates][1] in the *IAM User Guide*. # # @@ -11681,12 +11747,12 @@ # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :status # The status you want to assign to the secret access key. `Active` means - # that the key can be used for programmatic calls to AWS, while - # `Inactive` means that the key cannot be used. + # that the key can be used for programmatic calls to Amazon Web + # Services, while `Inactive` means that the key cannot be used. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # # @example Example: To activate or deactivate an access key for an IAM user @@ -11715,11 +11781,11 @@ def update_access_key(params = {}, options = {}) req = build_request(:update_access_key, params) req.send_request(options) end - # Updates the password policy settings for the AWS account. + # Updates the password policy settings for the account. # # <note markdown="1"> * This operation does not support partial updates. No parameters are # required, but if you do not specify a parameter, that parameter's # value reverts to its default value. See the **Request Parameters** # section for each parameter's default value. Also note that some @@ -11777,12 +11843,12 @@ # If you do not specify a value for this parameter, then the operation # uses the default value of `false`. The result is that passwords do not # require at least one lowercase character. # # @option params [Boolean] :allow_users_to_change_password - # Allows all IAM users in your account to use the AWS Management Console - # to change their own passwords. For more information, see [Letting IAM + # Allows all IAM users in your account to use the Management Console to + # change their own passwords. For more information, see [Letting IAM # users change their own passwords][1] in the *IAM User Guide*. # # If you do not specify a value for this parameter, then the operation # uses the default value of `false`. The result is that IAM users in the # account do not automatically have permissions to change their own @@ -11875,14 +11941,14 @@ # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_document # The policy that grants an entity permission to assume the role. # - # You must provide policies in JSON format in IAM. However, for AWS + # You must provide policies in JSON format in IAM. However, for # CloudFormation templates formatted in YAML, you can provide the policy - # in JSON or YAML format. AWS CloudFormation always converts a YAML - # policy to JSON format before submitting it to IAM. + # in JSON or YAML format. CloudFormation always converts a YAML policy + # to JSON format before submitting it to IAM. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of the following: # # * Any printable ASCII character ranging from the space character @@ -12010,15 +12076,15 @@ def update_group(params = {}, options = {}) req = build_request(:update_group, params) req.send_request(options) end - # Changes the password for the specified IAM user. You can use the AWS - # CLI, the AWS API, or the **Users** page in the IAM console to change - # the password for any IAM user. Use ChangePassword to change your own - # password in the **My Security Credentials** page in the AWS Management - # Console. + # Changes the password for the specified IAM user. You can use the CLI, + # the Amazon Web Services API, or the **Users** page in the IAM console + # to change the password for any IAM user. Use ChangePassword to change + # your own password in the **My Security Credentials** page in the + # Management Console. # # For more information about modifying passwords, see [Managing # passwords][1] in the *IAM User Guide*. # # @@ -12051,12 +12117,12 @@ # # * The special characters tab (`\u0009`), line feed (`\u000A`), and # carriage return (`\u000D`) # # However, the format can be further restricted by the account - # administrator by setting a password policy on the AWS account. For - # more information, see UpdateAccountPasswordPolicy. + # administrator by setting a password policy on the account. For more + # information, see UpdateAccountPasswordPolicy. # # # # [1]: http://wikipedia.org/wiki/regex # @@ -12118,11 +12184,11 @@ # object for which you want to update the thumbprint. You can get a list # of OIDC provider ARNs by using the ListOpenIDConnectProviders # operation. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -12161,11 +12227,11 @@ # The maximum session duration (in seconds) that you want to set for the # specified role. If you do not specify a value for this setting, the # default maximum of one hour is applied. This setting can have a value # from 1 hour to 12 hours. # - # Anyone who assumes the role from the AWS CLI or API can use the + # Anyone who assumes the role from the CLI or API can use the # `DurationSeconds` API parameter or the `duration-seconds` CLI # parameter to request a longer session. The `MaxSessionDuration` # setting determines the maximum duration that can be requested using # the `DurationSeconds` parameter. If users don't specify a value for # the `DurationSeconds` parameter, their security credentials are valid @@ -12268,11 +12334,11 @@ # # @option params [required, String] :saml_provider_arn # The Amazon Resource Name (ARN) of the SAML provider to update. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] - # in the *AWS General Reference*. + # in the *Amazon Web Services General Reference*. # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # @@ -12304,14 +12370,14 @@ # inactive. SSH public keys that are inactive cannot be used for # authentication. This operation can be used to disable a user's SSH # public key as part of a key rotation work flow. # # The SSH public key affected by this operation is used only for - # authenticating the associated IAM user to an AWS CodeCommit - # repository. For more information about using SSH keys to authenticate - # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH - # connections][1] in the *AWS CodeCommit User Guide*. + # authenticating the associated IAM user to an CodeCommit repository. + # For more information about using SSH keys to authenticate to an + # CodeCommit repository, see [Set up CodeCommit for SSH connections][1] + # in the *CodeCommit User Guide*. # # # # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # @@ -12338,11 +12404,11 @@ # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :status # The status to assign to the SSH public key. `Active` means that the - # key can be used for authentication with an AWS CodeCommit repository. + # key can be used for authentication with an CodeCommit repository. # `Inactive` means that the key cannot be used. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values @@ -12365,12 +12431,12 @@ # Updates the name and/or the path of the specified server certificate # stored in IAM. # # For more information about working with server certificates, see # [Working with server certificates][1] in the *IAM User Guide*. This - # topic also includes a list of AWS services that can use the server - # certificates that you manage with IAM. + # topic also includes a list of Amazon Web Services services that can + # use the server certificates that you manage with IAM. # # You should understand the implications of changing a server # certificate's path or name. For more information, see [Renaming a # server certificate][2] in the *IAM User Guide*. # @@ -12508,14 +12574,14 @@ # active to disabled, or vice versa. This operation can be used to # disable an IAM user's signing certificate as part of a certificate # rotation work flow. # # If the `UserName` field is not specified, the user name is determined - # implicitly based on the AWS access key ID used to sign the request. - # This operation works for access keys under the AWS account. - # Consequently, you can use this operation to manage AWS account root - # user credentials even if the AWS account has no associated users. + # implicitly based on the Amazon Web Services access key ID used to sign + # the request. This operation works for access keys under the account. + # Consequently, you can use this operation to manage account root user + # credentials even if the account has no associated users. # # @option params [String] :user_name # The name of the IAM user the signing certificate belongs to. # # This parameter allows (through its [regex pattern][1]) a string of @@ -12538,12 +12604,12 @@ # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :status # The status you want to assign to the certificate. `Active` means that - # the certificate can be used for programmatic calls to AWS `Inactive` - # means that the certificate cannot be used. + # the certificate can be used for programmatic calls to Amazon Web + # Services `Inactive` means that the certificate cannot be used. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # # @example Example: To change the active status of a signing certificate for an IAM user @@ -12660,14 +12726,14 @@ # Uploads an SSH public key and associates it with the specified IAM # user. # # The SSH public key uploaded by this operation can be used only for - # authenticating the associated IAM user to an AWS CodeCommit - # repository. For more information about using SSH keys to authenticate - # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH - # connections][1] in the *AWS CodeCommit User Guide*. + # authenticating the associated IAM user to an CodeCommit repository. + # For more information about using SSH keys to authenticate to an + # CodeCommit repository, see [Set up CodeCommit for SSH connections][1] + # in the *CodeCommit User Guide*. # # # # [1]: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # @@ -12732,36 +12798,37 @@ def upload_ssh_public_key(params = {}, options = {}) req = build_request(:upload_ssh_public_key, params) req.send_request(options) end - # Uploads a server certificate entity for the AWS account. The server + # Uploads a server certificate entity for the account. The server # certificate entity includes a public key certificate, a private key, # and an optional certificate chain, which should all be PEM-encoded. # - # We recommend that you use [AWS Certificate Manager][1] to provision, + # We recommend that you use [Certificate Manager][1] to provision, # manage, and deploy your server certificates. With ACM you can request - # a certificate, deploy it to AWS resources, and let ACM handle - # certificate renewals for you. Certificates provided by ACM are free. - # For more information about using ACM, see the [AWS Certificate Manager - # User Guide][2]. + # a certificate, deploy it to Amazon Web Services resources, and let ACM + # handle certificate renewals for you. Certificates provided by ACM are + # free. For more information about using ACM, see the [Certificate + # Manager User Guide][2]. # # For more information about working with server certificates, see # [Working with server certificates][3] in the *IAM User Guide*. This - # topic includes a list of AWS services that can use the server - # certificates that you manage with IAM. + # topic includes a list of Amazon Web Services services that can use the + # server certificates that you manage with IAM. # # For information about the number of server certificates you can # upload, see [IAM and STS quotas][4] in the *IAM User Guide*. # # <note markdown="1"> Because the body of the public key certificate, private key, and the # certificate chain can be large, you should use POST rather than GET # when calling `UploadServerCertificate`. For information about setting - # up signatures and authorization through the API, see [Signing AWS API - # requests][5] in the *AWS General Reference*. For general information - # about using the Query API with IAM, see [Calling the API by making - # HTTP query requests][6] in the *IAM User Guide*. + # up signatures and authorization through the API, see [Signing Amazon + # Web Services API requests][5] in the *Amazon Web Services General + # Reference*. For general information about using the Query API with + # IAM, see [Calling the API by making HTTP query requests][6] in the + # *IAM User Guide*. # # </note> # # # @@ -12948,29 +13015,31 @@ req = build_request(:upload_server_certificate, params) req.send_request(options) end # Uploads an X.509 signing certificate and associates it with the - # specified IAM user. Some AWS services require you to use certificates - # to validate requests that are signed with a corresponding private key. - # When you upload the certificate, its default status is `Active`. + # specified IAM user. Some Amazon Web Services services require you to + # use certificates to validate requests that are signed with a + # corresponding private key. When you upload the certificate, its + # default status is `Active`. # # For information about when you would use an X.509 signing certificate, # see [Managing server certificates in IAM][1] in the *IAM User Guide*. # # If the `UserName` is not specified, the IAM user name is determined - # implicitly based on the AWS access key ID used to sign the request. - # This operation works for access keys under the AWS account. - # Consequently, you can use this operation to manage AWS account root - # user credentials even if the AWS account has no associated users. + # implicitly based on the Amazon Web Services access key ID used to sign + # the request. This operation works for access keys under the account. + # Consequently, you can use this operation to manage account root user + # credentials even if the account has no associated users. # # <note markdown="1"> Because the body of an X.509 certificate can be large, you should use # POST rather than GET when calling `UploadSigningCertificate`. For # information about setting up signatures and authorization through the - # API, see [Signing AWS API requests][2] in the *AWS General Reference*. - # For general information about using the Query API with IAM, see - # [Making query requests][3] in the *IAM User Guide*. + # API, see [Signing Amazon Web Services API requests][2] in the *Amazon + # Web Services General Reference*. For general information about using + # the Query API with IAM, see [Making query requests][3] in the *IAM + # User Guide*. # # </note> # # # @@ -13069,10 +13138,10 @@ operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-iam' - context[:gem_version] = '1.55.0' + context[:gem_version] = '1.56.0' Seahorse::Client::Request.new(handlers, context) end # Polls an API operation until a resource enters a desired state. #