service/iam/api.go

// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.

// Package iam provides a client for AWS Identity and Access Management.
package iam

import (
	"sync"
	"time"

	"github.com/aws/aws-sdk-go/aws"
)

var oprw sync.Mutex

// AddClientIDToOpenIDConnectProviderRequest generates a request for the AddClientIDToOpenIDConnectProvider operation.
func (c *IAM) AddClientIDToOpenIDConnectProviderRequest(input *AddClientIDToOpenIDConnectProviderInput) (req *aws.Request, output *AddClientIDToOpenIDConnectProviderOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opAddClientIDToOpenIDConnectProvider == nil {
		opAddClientIDToOpenIDConnectProvider = &aws.Operation{
			Name:       "AddClientIDToOpenIDConnectProvider",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &AddClientIDToOpenIDConnectProviderInput{}
	}

	req = c.newRequest(opAddClientIDToOpenIDConnectProvider, input, output)
	output = &AddClientIDToOpenIDConnectProviderOutput{}
	req.Data = output
	return
}

// Adds a new client ID (also known as audience) to the list of client IDs already
// registered for the specified IAM OpenID Connect provider.
//
// This action is idempotent; it does not fail or return an error if you add
// an existing client ID to the provider.
func (c *IAM) AddClientIDToOpenIDConnectProvider(input *AddClientIDToOpenIDConnectProviderInput) (*AddClientIDToOpenIDConnectProviderOutput, error) {
	req, out := c.AddClientIDToOpenIDConnectProviderRequest(input)
	err := req.Send()
	return out, err
}

var opAddClientIDToOpenIDConnectProvider *aws.Operation

// AddRoleToInstanceProfileRequest generates a request for the AddRoleToInstanceProfile operation.
func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInput) (req *aws.Request, output *AddRoleToInstanceProfileOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opAddRoleToInstanceProfile == nil {
		opAddRoleToInstanceProfile = &aws.Operation{
			Name:       "AddRoleToInstanceProfile",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &AddRoleToInstanceProfileInput{}
	}

	req = c.newRequest(opAddRoleToInstanceProfile, input, output)
	output = &AddRoleToInstanceProfileOutput{}
	req.Data = output
	return
}

// Adds the specified role to the specified instance profile. For more information
// about roles, go to Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
// For more information about instance profiles, go to About Instance Profiles
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
func (c *IAM) AddRoleToInstanceProfile(input *AddRoleToInstanceProfileInput) (*AddRoleToInstanceProfileOutput, error) {
	req, out := c.AddRoleToInstanceProfileRequest(input)
	err := req.Send()
	return out, err
}

var opAddRoleToInstanceProfile *aws.Operation

// AddUserToGroupRequest generates a request for the AddUserToGroup operation.
func (c *IAM) AddUserToGroupRequest(input *AddUserToGroupInput) (req *aws.Request, output *AddUserToGroupOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opAddUserToGroup == nil {
		opAddUserToGroup = &aws.Operation{
			Name:       "AddUserToGroup",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &AddUserToGroupInput{}
	}

	req = c.newRequest(opAddUserToGroup, input, output)
	output = &AddUserToGroupOutput{}
	req.Data = output
	return
}

// Adds the specified user to the specified group.
func (c *IAM) AddUserToGroup(input *AddUserToGroupInput) (*AddUserToGroupOutput, error) {
	req, out := c.AddUserToGroupRequest(input)
	err := req.Send()
	return out, err
}

var opAddUserToGroup *aws.Operation

// AttachGroupPolicyRequest generates a request for the AttachGroupPolicy operation.
func (c *IAM) AttachGroupPolicyRequest(input *AttachGroupPolicyInput) (req *aws.Request, output *AttachGroupPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opAttachGroupPolicy == nil {
		opAttachGroupPolicy = &aws.Operation{
			Name:       "AttachGroupPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &AttachGroupPolicyInput{}
	}

	req = c.newRequest(opAttachGroupPolicy, input, output)
	output = &AttachGroupPolicyOutput{}
	req.Data = output
	return
}

// Attaches the specified managed policy to the specified group.
//
// You use this API to attach a managed policy to a group. To embed an inline
// policy in a group, use PutGroupPolicy.
//
// For more information about policies, refer to Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) AttachGroupPolicy(input *AttachGroupPolicyInput) (*AttachGroupPolicyOutput, error) {
	req, out := c.AttachGroupPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opAttachGroupPolicy *aws.Operation

// AttachRolePolicyRequest generates a request for the AttachRolePolicy operation.
func (c *IAM) AttachRolePolicyRequest(input *AttachRolePolicyInput) (req *aws.Request, output *AttachRolePolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opAttachRolePolicy == nil {
		opAttachRolePolicy = &aws.Operation{
			Name:       "AttachRolePolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &AttachRolePolicyInput{}
	}

	req = c.newRequest(opAttachRolePolicy, input, output)
	output = &AttachRolePolicyOutput{}
	req.Data = output
	return
}

// Attaches the specified managed policy to the specified role.
//
// When you attach a managed policy to a role, the managed policy is used as
// the role's access (permissions) policy. You cannot use a managed policy as
// the role's trust policy. The role's trust policy is created at the same time
// as the role, using CreateRole. You can update a role's trust policy using
// UpdateAssumeRolePolicy.
//
// Use this API to attach a managed policy to a role. To embed an inline policy
// in a role, use PutRolePolicy. For more information about policies, refer
// to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) AttachRolePolicy(input *AttachRolePolicyInput) (*AttachRolePolicyOutput, error) {
	req, out := c.AttachRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

var opAttachRolePolicy *aws.Operation

// AttachUserPolicyRequest generates a request for the AttachUserPolicy operation.
func (c *IAM) AttachUserPolicyRequest(input *AttachUserPolicyInput) (req *aws.Request, output *AttachUserPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opAttachUserPolicy == nil {
		opAttachUserPolicy = &aws.Operation{
			Name:       "AttachUserPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &AttachUserPolicyInput{}
	}

	req = c.newRequest(opAttachUserPolicy, input, output)
	output = &AttachUserPolicyOutput{}
	req.Data = output
	return
}

// Attaches the specified managed policy to the specified user.
//
// You use this API to attach a managed policy to a user. To embed an inline
// policy in a user, use PutUserPolicy.
//
// For more information about policies, refer to Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) AttachUserPolicy(input *AttachUserPolicyInput) (*AttachUserPolicyOutput, error) {
	req, out := c.AttachUserPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opAttachUserPolicy *aws.Operation

// ChangePasswordRequest generates a request for the ChangePassword operation.
func (c *IAM) ChangePasswordRequest(input *ChangePasswordInput) (req *aws.Request, output *ChangePasswordOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opChangePassword == nil {
		opChangePassword = &aws.Operation{
			Name:       "ChangePassword",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &ChangePasswordInput{}
	}

	req = c.newRequest(opChangePassword, input, output)
	output = &ChangePasswordOutput{}
	req.Data = output
	return
}

// Changes the password of the IAM user who is calling this action. The root
// account password is not affected by this action.
//
// To change the password for a different user, see UpdateLoginProfile. For
// more information about modifying passwords, see Managing Passwords (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the Using IAM guide.
func (c *IAM) ChangePassword(input *ChangePasswordInput) (*ChangePasswordOutput, error) {
	req, out := c.ChangePasswordRequest(input)
	err := req.Send()
	return out, err
}

var opChangePassword *aws.Operation

// CreateAccessKeyRequest generates a request for the CreateAccessKey operation.
func (c *IAM) CreateAccessKeyRequest(input *CreateAccessKeyInput) (req *aws.Request, output *CreateAccessKeyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreateAccessKey == nil {
		opCreateAccessKey = &aws.Operation{
			Name:       "CreateAccessKey",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreateAccessKeyInput{}
	}

	req = c.newRequest(opCreateAccessKey, input, output)
	output = &CreateAccessKeyOutput{}
	req.Data = output
	return
}

// Creates a new AWS secret access key and corresponding AWS access key ID for
// the specified user. The default status for new keys is Active.
//
//  If you do not specify a user name, IAM determines the user name implicitly
// based on the AWS access key ID signing the request. Because this action works
// for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
//
//  For information about limits on the number of keys you can create, see
// Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
//
//  To ensure the security of your AWS account, the secret access key is accessible
// only during key and user creation. You must save the key (for example, in
// a text file) if you want to be able to access it again. If a secret key is
// lost, you can delete the access keys for the associated user and then create
// new keys.
func (c *IAM) CreateAccessKey(input *CreateAccessKeyInput) (*CreateAccessKeyOutput, error) {
	req, out := c.CreateAccessKeyRequest(input)
	err := req.Send()
	return out, err
}

var opCreateAccessKey *aws.Operation

// CreateAccountAliasRequest generates a request for the CreateAccountAlias operation.
func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *aws.Request, output *CreateAccountAliasOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreateAccountAlias == nil {
		opCreateAccountAlias = &aws.Operation{
			Name:       "CreateAccountAlias",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreateAccountAliasInput{}
	}

	req = c.newRequest(opCreateAccountAlias, input, output)
	output = &CreateAccountAliasOutput{}
	req.Data = output
	return
}

// Creates an alias for your AWS account. For information about using an AWS
// account alias, see Using an Alias for Your AWS Account ID (http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the Using IAM guide.
func (c *IAM) CreateAccountAlias(input *CreateAccountAliasInput) (*CreateAccountAliasOutput, error) {
	req, out := c.CreateAccountAliasRequest(input)
	err := req.Send()
	return out, err
}

var opCreateAccountAlias *aws.Operation

// CreateGroupRequest generates a request for the CreateGroup operation.
func (c *IAM) CreateGroupRequest(input *CreateGroupInput) (req *aws.Request, output *CreateGroupOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreateGroup == nil {
		opCreateGroup = &aws.Operation{
			Name:       "CreateGroup",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreateGroupInput{}
	}

	req = c.newRequest(opCreateGroup, input, output)
	output = &CreateGroupOutput{}
	req.Data = output
	return
}

// Creates a new group.
//
//  For information about the number of groups you can create, see Limitations
// on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
func (c *IAM) CreateGroup(input *CreateGroupInput) (*CreateGroupOutput, error) {
	req, out := c.CreateGroupRequest(input)
	err := req.Send()
	return out, err
}

var opCreateGroup *aws.Operation

// CreateInstanceProfileRequest generates a request for the CreateInstanceProfile operation.
func (c *IAM) CreateInstanceProfileRequest(input *CreateInstanceProfileInput) (req *aws.Request, output *CreateInstanceProfileOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreateInstanceProfile == nil {
		opCreateInstanceProfile = &aws.Operation{
			Name:       "CreateInstanceProfile",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreateInstanceProfileInput{}
	}

	req = c.newRequest(opCreateInstanceProfile, input, output)
	output = &CreateInstanceProfileOutput{}
	req.Data = output
	return
}

// Creates a new instance profile. For information about instance profiles,
// go to About Instance Profiles (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
//  For information about the number of instance profiles you can create, see
// Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
func (c *IAM) CreateInstanceProfile(input *CreateInstanceProfileInput) (*CreateInstanceProfileOutput, error) {
	req, out := c.CreateInstanceProfileRequest(input)
	err := req.Send()
	return out, err
}

var opCreateInstanceProfile *aws.Operation

// CreateLoginProfileRequest generates a request for the CreateLoginProfile operation.
func (c *IAM) CreateLoginProfileRequest(input *CreateLoginProfileInput) (req *aws.Request, output *CreateLoginProfileOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreateLoginProfile == nil {
		opCreateLoginProfile = &aws.Operation{
			Name:       "CreateLoginProfile",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreateLoginProfileInput{}
	}

	req = c.newRequest(opCreateLoginProfile, input, output)
	output = &CreateLoginProfileOutput{}
	req.Data = output
	return
}

// Creates a password for the specified user, giving the user the ability to
// access AWS services through the AWS Management Console. For more information
// about managing passwords, see Managing Passwords (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the Using IAM guide.
func (c *IAM) CreateLoginProfile(input *CreateLoginProfileInput) (*CreateLoginProfileOutput, error) {
	req, out := c.CreateLoginProfileRequest(input)
	err := req.Send()
	return out, err
}

var opCreateLoginProfile *aws.Operation

// CreateOpenIDConnectProviderRequest generates a request for the CreateOpenIDConnectProvider operation.
func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProviderInput) (req *aws.Request, output *CreateOpenIDConnectProviderOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreateOpenIDConnectProvider == nil {
		opCreateOpenIDConnectProvider = &aws.Operation{
			Name:       "CreateOpenIDConnectProvider",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreateOpenIDConnectProviderInput{}
	}

	req = c.newRequest(opCreateOpenIDConnectProvider, input, output)
	output = &CreateOpenIDConnectProviderOutput{}
	req.Data = output
	return
}

// Creates an IAM entity to describe an identity provider (IdP) that supports
// OpenID Connect (OIDC) (http://openid.net/connect/).
//
// The OIDC provider that you create with this operation can be used as a principal
// in a role's trust policy to establish a trust relationship between AWS and
// the OIDC provider.
//
// When you create the IAM OIDC provider, you specify the URL of the OIDC identity
// provider (IdP) to trust, a list of client IDs (also known as audiences) that
// identify the application or applications that are allowed to authenticate
// using the OIDC provider, and a list of thumbprints of the server certificate(s)
// that the IdP uses. You get all of this information from the OIDC IdP that
// you want to use for access to AWS.
//
// Because trust for the OIDC provider is ultimately derived from the IAM provider
// that this action creates, it is a best practice to limit access to the CreateOpenIDConnectProvider
// action to highly-privileged users.
func (c *IAM) CreateOpenIDConnectProvider(input *CreateOpenIDConnectProviderInput) (*CreateOpenIDConnectProviderOutput, error) {
	req, out := c.CreateOpenIDConnectProviderRequest(input)
	err := req.Send()
	return out, err
}

var opCreateOpenIDConnectProvider *aws.Operation

// CreatePolicyRequest generates a request for the CreatePolicy operation.
func (c *IAM) CreatePolicyRequest(input *CreatePolicyInput) (req *aws.Request, output *CreatePolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreatePolicy == nil {
		opCreatePolicy = &aws.Operation{
			Name:       "CreatePolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreatePolicyInput{}
	}

	req = c.newRequest(opCreatePolicy, input, output)
	output = &CreatePolicyOutput{}
	req.Data = output
	return
}

// Creates a new managed policy for your AWS account.
//
// This operation creates a policy version with a version identifier of v1
// and sets v1 as the policy's default version. For more information about policy
// versions, see Versioning for Managed Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the Using IAM guide.
//
// For more information about managed policies in general, refer to Managed
// Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) {
	req, out := c.CreatePolicyRequest(input)
	err := req.Send()
	return out, err
}

var opCreatePolicy *aws.Operation

// CreatePolicyVersionRequest generates a request for the CreatePolicyVersion operation.
func (c *IAM) CreatePolicyVersionRequest(input *CreatePolicyVersionInput) (req *aws.Request, output *CreatePolicyVersionOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreatePolicyVersion == nil {
		opCreatePolicyVersion = &aws.Operation{
			Name:       "CreatePolicyVersion",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreatePolicyVersionInput{}
	}

	req = c.newRequest(opCreatePolicyVersion, input, output)
	output = &CreatePolicyVersionOutput{}
	req.Data = output
	return
}

// Creates a new version of the specified managed policy. To update a managed
// policy, you create a new policy version. A managed policy can have up to
// five versions. If the policy has five versions, you must delete an existing
// version using DeletePolicyVersion before you create a new version.
//
// Optionally, you can set the new version as the policy's default version.
// The default version is the operative version; that is, the version that is
// in effect for the IAM users, groups, and roles that the policy is attached
// to.
//
// For more information about managed policy versions, see Versioning for Managed
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the Using IAM guide.
func (c *IAM) CreatePolicyVersion(input *CreatePolicyVersionInput) (*CreatePolicyVersionOutput, error) {
	req, out := c.CreatePolicyVersionRequest(input)
	err := req.Send()
	return out, err
}

var opCreatePolicyVersion *aws.Operation

// CreateRoleRequest generates a request for the CreateRole operation.
func (c *IAM) CreateRoleRequest(input *CreateRoleInput) (req *aws.Request, output *CreateRoleOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreateRole == nil {
		opCreateRole = &aws.Operation{
			Name:       "CreateRole",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreateRoleInput{}
	}

	req = c.newRequest(opCreateRole, input, output)
	output = &CreateRoleOutput{}
	req.Data = output
	return
}

// Creates a new role for your AWS account. For more information about roles,
// go to Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
// For information about limitations on role names and the number of roles you
// can create, go to Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
//
// The policy in the following example grants permission to an EC2 instance
// to assume the role.
func (c *IAM) CreateRole(input *CreateRoleInput) (*CreateRoleOutput, error) {
	req, out := c.CreateRoleRequest(input)
	err := req.Send()
	return out, err
}

var opCreateRole *aws.Operation

// CreateSAMLProviderRequest generates a request for the CreateSAMLProvider operation.
func (c *IAM) CreateSAMLProviderRequest(input *CreateSAMLProviderInput) (req *aws.Request, output *CreateSAMLProviderOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreateSAMLProvider == nil {
		opCreateSAMLProvider = &aws.Operation{
			Name:       "CreateSAMLProvider",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreateSAMLProviderInput{}
	}

	req = c.newRequest(opCreateSAMLProvider, input, output)
	output = &CreateSAMLProviderOutput{}
	req.Data = output
	return
}

// Creates an IAM entity to describe an identity provider (IdP) that supports
// SAML 2.0.
//
//  The SAML provider that you create with this operation can be used as a
// principal in a role's trust policy to establish a trust relationship between
// AWS and a SAML identity provider. You can create an IAM role that supports
// Web-based single sign-on (SSO) to the AWS Management Console or one that
// supports API access to AWS.
//
//  When you create the SAML provider, you upload an a SAML metadata document
// that you get from your IdP and that includes the issuer's name, expiration
// information, and keys that can be used to validate the SAML authentication
// response (assertions) that are received from the IdP. You must generate the
// metadata document using the identity management software that is used as
// your organization's IdP.
//
//  This operation requires Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//   For more information, see Giving Console Access Using SAML (http://docs.aws.amazon.com/STS/latest/UsingSTS/STSMgmtConsole-SAML.html)
// and Creating Temporary Security Credentials for SAML Federation (http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSAML.html)
// in the Using Temporary Credentials guide.
func (c *IAM) CreateSAMLProvider(input *CreateSAMLProviderInput) (*CreateSAMLProviderOutput, error) {
	req, out := c.CreateSAMLProviderRequest(input)
	err := req.Send()
	return out, err
}

var opCreateSAMLProvider *aws.Operation

// CreateUserRequest generates a request for the CreateUser operation.
func (c *IAM) CreateUserRequest(input *CreateUserInput) (req *aws.Request, output *CreateUserOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreateUser == nil {
		opCreateUser = &aws.Operation{
			Name:       "CreateUser",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreateUserInput{}
	}

	req = c.newRequest(opCreateUser, input, output)
	output = &CreateUserOutput{}
	req.Data = output
	return
}

// Creates a new user for your AWS account.
//
//  For information about limitations on the number of users you can create,
// see Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
func (c *IAM) CreateUser(input *CreateUserInput) (*CreateUserOutput, error) {
	req, out := c.CreateUserRequest(input)
	err := req.Send()
	return out, err
}

var opCreateUser *aws.Operation

// CreateVirtualMFADeviceRequest generates a request for the CreateVirtualMFADevice operation.
func (c *IAM) CreateVirtualMFADeviceRequest(input *CreateVirtualMFADeviceInput) (req *aws.Request, output *CreateVirtualMFADeviceOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opCreateVirtualMFADevice == nil {
		opCreateVirtualMFADevice = &aws.Operation{
			Name:       "CreateVirtualMFADevice",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &CreateVirtualMFADeviceInput{}
	}

	req = c.newRequest(opCreateVirtualMFADevice, input, output)
	output = &CreateVirtualMFADeviceOutput{}
	req.Data = output
	return
}

// Creates a new virtual MFA device for the AWS account. After creating the
// virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user.
// For more information about creating and working with virtual MFA devices,
// go to Using a Virtual MFA Device (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the Using IAM guide.
//
// For information about limits on the number of MFA devices you can create,
// see Limitations on Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
//
// The seed information contained in the QR code and the Base32 string should
// be treated like any other secret access information, such as your AWS access
// keys or your passwords. After you provision your virtual device, you should
// ensure that the information is destroyed following secure procedures.
func (c *IAM) CreateVirtualMFADevice(input *CreateVirtualMFADeviceInput) (*CreateVirtualMFADeviceOutput, error) {
	req, out := c.CreateVirtualMFADeviceRequest(input)
	err := req.Send()
	return out, err
}

var opCreateVirtualMFADevice *aws.Operation

// DeactivateMFADeviceRequest generates a request for the DeactivateMFADevice operation.
func (c *IAM) DeactivateMFADeviceRequest(input *DeactivateMFADeviceInput) (req *aws.Request, output *DeactivateMFADeviceOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeactivateMFADevice == nil {
		opDeactivateMFADevice = &aws.Operation{
			Name:       "DeactivateMFADevice",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeactivateMFADeviceInput{}
	}

	req = c.newRequest(opDeactivateMFADevice, input, output)
	output = &DeactivateMFADeviceOutput{}
	req.Data = output
	return
}

// Deactivates the specified MFA device and removes it from association with
// the user name for which it was originally enabled.
//
// For more information about creating and working with virtual MFA devices,
// go to Using a Virtual MFA Device (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the Using IAM guide.
func (c *IAM) DeactivateMFADevice(input *DeactivateMFADeviceInput) (*DeactivateMFADeviceOutput, error) {
	req, out := c.DeactivateMFADeviceRequest(input)
	err := req.Send()
	return out, err
}

var opDeactivateMFADevice *aws.Operation

// DeleteAccessKeyRequest generates a request for the DeleteAccessKey operation.
func (c *IAM) DeleteAccessKeyRequest(input *DeleteAccessKeyInput) (req *aws.Request, output *DeleteAccessKeyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteAccessKey == nil {
		opDeleteAccessKey = &aws.Operation{
			Name:       "DeleteAccessKey",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteAccessKeyInput{}
	}

	req = c.newRequest(opDeleteAccessKey, input, output)
	output = &DeleteAccessKeyOutput{}
	req.Data = output
	return
}

// Deletes the access key associated with the specified user.
//
//  If you do not specify a user name, IAM determines the user name implicitly
// based on the AWS access key ID signing the request. Because this action works
// for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
func (c *IAM) DeleteAccessKey(input *DeleteAccessKeyInput) (*DeleteAccessKeyOutput, error) {
	req, out := c.DeleteAccessKeyRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteAccessKey *aws.Operation

// DeleteAccountAliasRequest generates a request for the DeleteAccountAlias operation.
func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *aws.Request, output *DeleteAccountAliasOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteAccountAlias == nil {
		opDeleteAccountAlias = &aws.Operation{
			Name:       "DeleteAccountAlias",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteAccountAliasInput{}
	}

	req = c.newRequest(opDeleteAccountAlias, input, output)
	output = &DeleteAccountAliasOutput{}
	req.Data = output
	return
}

// Deletes the specified AWS account alias. For information about using an AWS
// account alias, see Using an Alias for Your AWS Account ID (http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the Using IAM guide.
func (c *IAM) DeleteAccountAlias(input *DeleteAccountAliasInput) (*DeleteAccountAliasOutput, error) {
	req, out := c.DeleteAccountAliasRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteAccountAlias *aws.Operation

// DeleteAccountPasswordPolicyRequest generates a request for the DeleteAccountPasswordPolicy operation.
func (c *IAM) DeleteAccountPasswordPolicyRequest(input *DeleteAccountPasswordPolicyInput) (req *aws.Request, output *DeleteAccountPasswordPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteAccountPasswordPolicy == nil {
		opDeleteAccountPasswordPolicy = &aws.Operation{
			Name:       "DeleteAccountPasswordPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteAccountPasswordPolicyInput{}
	}

	req = c.newRequest(opDeleteAccountPasswordPolicy, input, output)
	output = &DeleteAccountPasswordPolicyOutput{}
	req.Data = output
	return
}

// Deletes the password policy for the AWS account.
func (c *IAM) DeleteAccountPasswordPolicy(input *DeleteAccountPasswordPolicyInput) (*DeleteAccountPasswordPolicyOutput, error) {
	req, out := c.DeleteAccountPasswordPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteAccountPasswordPolicy *aws.Operation

// DeleteGroupRequest generates a request for the DeleteGroup operation.
func (c *IAM) DeleteGroupRequest(input *DeleteGroupInput) (req *aws.Request, output *DeleteGroupOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteGroup == nil {
		opDeleteGroup = &aws.Operation{
			Name:       "DeleteGroup",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteGroupInput{}
	}

	req = c.newRequest(opDeleteGroup, input, output)
	output = &DeleteGroupOutput{}
	req.Data = output
	return
}

// Deletes the specified group. The group must not contain any users or have
// any attached policies.
func (c *IAM) DeleteGroup(input *DeleteGroupInput) (*DeleteGroupOutput, error) {
	req, out := c.DeleteGroupRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteGroup *aws.Operation

// DeleteGroupPolicyRequest generates a request for the DeleteGroupPolicy operation.
func (c *IAM) DeleteGroupPolicyRequest(input *DeleteGroupPolicyInput) (req *aws.Request, output *DeleteGroupPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteGroupPolicy == nil {
		opDeleteGroupPolicy = &aws.Operation{
			Name:       "DeleteGroupPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteGroupPolicyInput{}
	}

	req = c.newRequest(opDeleteGroupPolicy, input, output)
	output = &DeleteGroupPolicyOutput{}
	req.Data = output
	return
}

// Deletes the specified inline policy that is embedded in the specified group.
//
// A group can also have managed policies attached to it. To detach a managed
// policy from a group, use DetachGroupPolicy. For more information about policies,
// refer to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) DeleteGroupPolicy(input *DeleteGroupPolicyInput) (*DeleteGroupPolicyOutput, error) {
	req, out := c.DeleteGroupPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteGroupPolicy *aws.Operation

// DeleteInstanceProfileRequest generates a request for the DeleteInstanceProfile operation.
func (c *IAM) DeleteInstanceProfileRequest(input *DeleteInstanceProfileInput) (req *aws.Request, output *DeleteInstanceProfileOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteInstanceProfile == nil {
		opDeleteInstanceProfile = &aws.Operation{
			Name:       "DeleteInstanceProfile",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteInstanceProfileInput{}
	}

	req = c.newRequest(opDeleteInstanceProfile, input, output)
	output = &DeleteInstanceProfileOutput{}
	req.Data = output
	return
}

// Deletes the specified instance profile. The instance profile must not have
// an associated role.
//
//  Make sure you do not have any Amazon EC2 instances running with the instance
// profile you are about to delete. Deleting a role or instance profile that
// is associated with a running instance will break any applications running
// on the instance.  For more information about instance profiles, go to About
// Instance Profiles (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
func (c *IAM) DeleteInstanceProfile(input *DeleteInstanceProfileInput) (*DeleteInstanceProfileOutput, error) {
	req, out := c.DeleteInstanceProfileRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteInstanceProfile *aws.Operation

// DeleteLoginProfileRequest generates a request for the DeleteLoginProfile operation.
func (c *IAM) DeleteLoginProfileRequest(input *DeleteLoginProfileInput) (req *aws.Request, output *DeleteLoginProfileOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteLoginProfile == nil {
		opDeleteLoginProfile = &aws.Operation{
			Name:       "DeleteLoginProfile",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteLoginProfileInput{}
	}

	req = c.newRequest(opDeleteLoginProfile, input, output)
	output = &DeleteLoginProfileOutput{}
	req.Data = output
	return
}

// Deletes the password for the specified user, which terminates the user's
// ability to access AWS services through the AWS Management Console.
//
//  Deleting a user's password does not prevent a user from accessing IAM through
// the command line interface or the API. To prevent all user access you must
// also either make the access key inactive or delete it. For more information
// about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
func (c *IAM) DeleteLoginProfile(input *DeleteLoginProfileInput) (*DeleteLoginProfileOutput, error) {
	req, out := c.DeleteLoginProfileRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteLoginProfile *aws.Operation

// DeleteOpenIDConnectProviderRequest generates a request for the DeleteOpenIDConnectProvider operation.
func (c *IAM) DeleteOpenIDConnectProviderRequest(input *DeleteOpenIDConnectProviderInput) (req *aws.Request, output *DeleteOpenIDConnectProviderOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteOpenIDConnectProvider == nil {
		opDeleteOpenIDConnectProvider = &aws.Operation{
			Name:       "DeleteOpenIDConnectProvider",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteOpenIDConnectProviderInput{}
	}

	req = c.newRequest(opDeleteOpenIDConnectProvider, input, output)
	output = &DeleteOpenIDConnectProviderOutput{}
	req.Data = output
	return
}

// Deletes an IAM OpenID Connect identity provider.
//
// Deleting an OIDC provider does not update any roles that reference the provider
// as a principal in their trust policies. Any attempt to assume a role that
// references a provider that has been deleted will fail.
//
// This action is idempotent; it does not fail or return an error if you call
// the action for a provider that was already deleted.
func (c *IAM) DeleteOpenIDConnectProvider(input *DeleteOpenIDConnectProviderInput) (*DeleteOpenIDConnectProviderOutput, error) {
	req, out := c.DeleteOpenIDConnectProviderRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteOpenIDConnectProvider *aws.Operation

// DeletePolicyRequest generates a request for the DeletePolicy operation.
func (c *IAM) DeletePolicyRequest(input *DeletePolicyInput) (req *aws.Request, output *DeletePolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeletePolicy == nil {
		opDeletePolicy = &aws.Operation{
			Name:       "DeletePolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeletePolicyInput{}
	}

	req = c.newRequest(opDeletePolicy, input, output)
	output = &DeletePolicyOutput{}
	req.Data = output
	return
}

// Deletes the specified managed policy.
//
// Before you can delete a managed policy, you must detach the policy from
// all users, groups, and roles that it is attached to, and you must delete
// all of the policy's versions. The following steps describe the process for
// deleting a managed policy:  Detach the policy from all users, groups, and
// roles that the policy is attached to, using the DetachUserPolicy, DetachGroupPolicy,
// or DetachRolePolicy APIs. To list all the users, groups, and roles that a
// policy is attached to, use ListEntitiesForPolicy.  Delete all versions of
// the policy using DeletePolicyVersion. To list the policy's versions, use
// ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version
// that is marked as the default version. You delete the policy's default version
// in the next step of the process.  Delete the policy (this automatically deletes
// the policy's default version) using this API.
//
// For information about managed policies, refer to Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) {
	req, out := c.DeletePolicyRequest(input)
	err := req.Send()
	return out, err
}

var opDeletePolicy *aws.Operation

// DeletePolicyVersionRequest generates a request for the DeletePolicyVersion operation.
func (c *IAM) DeletePolicyVersionRequest(input *DeletePolicyVersionInput) (req *aws.Request, output *DeletePolicyVersionOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeletePolicyVersion == nil {
		opDeletePolicyVersion = &aws.Operation{
			Name:       "DeletePolicyVersion",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeletePolicyVersionInput{}
	}

	req = c.newRequest(opDeletePolicyVersion, input, output)
	output = &DeletePolicyVersionOutput{}
	req.Data = output
	return
}

// Deletes the specified version of the specified managed policy.
//
// You cannot delete the default version of a policy using this API. To delete
// the default version of a policy, use DeletePolicy. To find out which version
// of a policy is marked as the default version, use ListPolicyVersions.
//
// For information about versions for managed policies, refer to Versioning
// for Managed Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the Using IAM guide.
func (c *IAM) DeletePolicyVersion(input *DeletePolicyVersionInput) (*DeletePolicyVersionOutput, error) {
	req, out := c.DeletePolicyVersionRequest(input)
	err := req.Send()
	return out, err
}

var opDeletePolicyVersion *aws.Operation

// DeleteRoleRequest generates a request for the DeleteRole operation.
func (c *IAM) DeleteRoleRequest(input *DeleteRoleInput) (req *aws.Request, output *DeleteRoleOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteRole == nil {
		opDeleteRole = &aws.Operation{
			Name:       "DeleteRole",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteRoleInput{}
	}

	req = c.newRequest(opDeleteRole, input, output)
	output = &DeleteRoleOutput{}
	req.Data = output
	return
}

// Deletes the specified role. The role must not have any policies attached.
// For more information about roles, go to Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
//
// Make sure you do not have any Amazon EC2 instances running with the role
// you are about to delete. Deleting a role or instance profile that is associated
// with a running instance will break any applications running on the instance.
func (c *IAM) DeleteRole(input *DeleteRoleInput) (*DeleteRoleOutput, error) {
	req, out := c.DeleteRoleRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteRole *aws.Operation

// DeleteRolePolicyRequest generates a request for the DeleteRolePolicy operation.
func (c *IAM) DeleteRolePolicyRequest(input *DeleteRolePolicyInput) (req *aws.Request, output *DeleteRolePolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteRolePolicy == nil {
		opDeleteRolePolicy = &aws.Operation{
			Name:       "DeleteRolePolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteRolePolicyInput{}
	}

	req = c.newRequest(opDeleteRolePolicy, input, output)
	output = &DeleteRolePolicyOutput{}
	req.Data = output
	return
}

// Deletes the specified inline policy that is embedded in the specified role.
//
// A role can also have managed policies attached to it. To detach a managed
// policy from a role, use DetachRolePolicy. For more information about policies,
// refer to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) DeleteRolePolicy(input *DeleteRolePolicyInput) (*DeleteRolePolicyOutput, error) {
	req, out := c.DeleteRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteRolePolicy *aws.Operation

// DeleteSAMLProviderRequest generates a request for the DeleteSAMLProvider operation.
func (c *IAM) DeleteSAMLProviderRequest(input *DeleteSAMLProviderInput) (req *aws.Request, output *DeleteSAMLProviderOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteSAMLProvider == nil {
		opDeleteSAMLProvider = &aws.Operation{
			Name:       "DeleteSAMLProvider",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteSAMLProviderInput{}
	}

	req = c.newRequest(opDeleteSAMLProvider, input, output)
	output = &DeleteSAMLProviderOutput{}
	req.Data = output
	return
}

// Deletes a SAML provider.
//
//  Deleting the provider does not update any roles that reference the SAML
// provider as a principal in their trust policies. Any attempt to assume a
// role that references a SAML provider that has been deleted will fail.
//
//  This operation requires Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
func (c *IAM) DeleteSAMLProvider(input *DeleteSAMLProviderInput) (*DeleteSAMLProviderOutput, error) {
	req, out := c.DeleteSAMLProviderRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteSAMLProvider *aws.Operation

// DeleteServerCertificateRequest generates a request for the DeleteServerCertificate operation.
func (c *IAM) DeleteServerCertificateRequest(input *DeleteServerCertificateInput) (req *aws.Request, output *DeleteServerCertificateOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteServerCertificate == nil {
		opDeleteServerCertificate = &aws.Operation{
			Name:       "DeleteServerCertificate",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteServerCertificateInput{}
	}

	req = c.newRequest(opDeleteServerCertificate, input, output)
	output = &DeleteServerCertificateOutput{}
	req.Data = output
	return
}

// Deletes the specified server certificate.
//
//  If you are using a server certificate with Elastic Load Balancing, deleting
// the certificate could have implications for your application. If Elastic
// Load Balancing doesn't detect the deletion of bound certificates, it may
// continue to use the certificates. This could cause Elastic Load Balancing
// to stop accepting traffic. We recommend that you remove the reference to
// the certificate from Elastic Load Balancing before using this command to
// delete the certificate. For more information, go to DeleteLoadBalancerListeners
// (http://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html)
// in the Elastic Load Balancing API Reference.
func (c *IAM) DeleteServerCertificate(input *DeleteServerCertificateInput) (*DeleteServerCertificateOutput, error) {
	req, out := c.DeleteServerCertificateRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteServerCertificate *aws.Operation

// DeleteSigningCertificateRequest generates a request for the DeleteSigningCertificate operation.
func (c *IAM) DeleteSigningCertificateRequest(input *DeleteSigningCertificateInput) (req *aws.Request, output *DeleteSigningCertificateOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteSigningCertificate == nil {
		opDeleteSigningCertificate = &aws.Operation{
			Name:       "DeleteSigningCertificate",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteSigningCertificateInput{}
	}

	req = c.newRequest(opDeleteSigningCertificate, input, output)
	output = &DeleteSigningCertificateOutput{}
	req.Data = output
	return
}

// Deletes the specified signing certificate associated with the specified user.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the AWS access key ID signing the request. Because this action works
// for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
func (c *IAM) DeleteSigningCertificate(input *DeleteSigningCertificateInput) (*DeleteSigningCertificateOutput, error) {
	req, out := c.DeleteSigningCertificateRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteSigningCertificate *aws.Operation

// DeleteUserRequest generates a request for the DeleteUser operation.
func (c *IAM) DeleteUserRequest(input *DeleteUserInput) (req *aws.Request, output *DeleteUserOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteUser == nil {
		opDeleteUser = &aws.Operation{
			Name:       "DeleteUser",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteUserInput{}
	}

	req = c.newRequest(opDeleteUser, input, output)
	output = &DeleteUserOutput{}
	req.Data = output
	return
}

// Deletes the specified user. The user must not belong to any groups, have
// any keys or signing certificates, or have any attached policies.
func (c *IAM) DeleteUser(input *DeleteUserInput) (*DeleteUserOutput, error) {
	req, out := c.DeleteUserRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteUser *aws.Operation

// DeleteUserPolicyRequest generates a request for the DeleteUserPolicy operation.
func (c *IAM) DeleteUserPolicyRequest(input *DeleteUserPolicyInput) (req *aws.Request, output *DeleteUserPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteUserPolicy == nil {
		opDeleteUserPolicy = &aws.Operation{
			Name:       "DeleteUserPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteUserPolicyInput{}
	}

	req = c.newRequest(opDeleteUserPolicy, input, output)
	output = &DeleteUserPolicyOutput{}
	req.Data = output
	return
}

// Deletes the specified inline policy that is embedded in the specified user.
//
// A user can also have managed policies attached to it. To detach a managed
// policy from a user, use DetachUserPolicy. For more information about policies,
// refer to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) DeleteUserPolicy(input *DeleteUserPolicyInput) (*DeleteUserPolicyOutput, error) {
	req, out := c.DeleteUserPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteUserPolicy *aws.Operation

// DeleteVirtualMFADeviceRequest generates a request for the DeleteVirtualMFADevice operation.
func (c *IAM) DeleteVirtualMFADeviceRequest(input *DeleteVirtualMFADeviceInput) (req *aws.Request, output *DeleteVirtualMFADeviceOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDeleteVirtualMFADevice == nil {
		opDeleteVirtualMFADevice = &aws.Operation{
			Name:       "DeleteVirtualMFADevice",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DeleteVirtualMFADeviceInput{}
	}

	req = c.newRequest(opDeleteVirtualMFADevice, input, output)
	output = &DeleteVirtualMFADeviceOutput{}
	req.Data = output
	return
}

// Deletes a virtual MFA device.
//
//  You must deactivate a user's virtual MFA device before you can delete it.
// For information about deactivating MFA devices, see DeactivateMFADevice.
func (c *IAM) DeleteVirtualMFADevice(input *DeleteVirtualMFADeviceInput) (*DeleteVirtualMFADeviceOutput, error) {
	req, out := c.DeleteVirtualMFADeviceRequest(input)
	err := req.Send()
	return out, err
}

var opDeleteVirtualMFADevice *aws.Operation

// DetachGroupPolicyRequest generates a request for the DetachGroupPolicy operation.
func (c *IAM) DetachGroupPolicyRequest(input *DetachGroupPolicyInput) (req *aws.Request, output *DetachGroupPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDetachGroupPolicy == nil {
		opDetachGroupPolicy = &aws.Operation{
			Name:       "DetachGroupPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DetachGroupPolicyInput{}
	}

	req = c.newRequest(opDetachGroupPolicy, input, output)
	output = &DetachGroupPolicyOutput{}
	req.Data = output
	return
}

// Removes the specified managed policy from the specified group.
//
// A group can also have inline policies embedded with it. To delete an inline
// policy, use the DeleteGroupPolicy API. For information about policies, refer
// to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) DetachGroupPolicy(input *DetachGroupPolicyInput) (*DetachGroupPolicyOutput, error) {
	req, out := c.DetachGroupPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opDetachGroupPolicy *aws.Operation

// DetachRolePolicyRequest generates a request for the DetachRolePolicy operation.
func (c *IAM) DetachRolePolicyRequest(input *DetachRolePolicyInput) (req *aws.Request, output *DetachRolePolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDetachRolePolicy == nil {
		opDetachRolePolicy = &aws.Operation{
			Name:       "DetachRolePolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DetachRolePolicyInput{}
	}

	req = c.newRequest(opDetachRolePolicy, input, output)
	output = &DetachRolePolicyOutput{}
	req.Data = output
	return
}

// Removes the specified managed policy from the specified role.
//
// A role can also have inline policies embedded with it. To delete an inline
// policy, use the DeleteRolePolicy API. For information about policies, refer
// to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) DetachRolePolicy(input *DetachRolePolicyInput) (*DetachRolePolicyOutput, error) {
	req, out := c.DetachRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

var opDetachRolePolicy *aws.Operation

// DetachUserPolicyRequest generates a request for the DetachUserPolicy operation.
func (c *IAM) DetachUserPolicyRequest(input *DetachUserPolicyInput) (req *aws.Request, output *DetachUserPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opDetachUserPolicy == nil {
		opDetachUserPolicy = &aws.Operation{
			Name:       "DetachUserPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &DetachUserPolicyInput{}
	}

	req = c.newRequest(opDetachUserPolicy, input, output)
	output = &DetachUserPolicyOutput{}
	req.Data = output
	return
}

// Removes the specified managed policy from the specified user.
//
// A user can also have inline policies embedded with it. To delete an inline
// policy, use the DeleteUserPolicy API. For information about policies, refer
// to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) DetachUserPolicy(input *DetachUserPolicyInput) (*DetachUserPolicyOutput, error) {
	req, out := c.DetachUserPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opDetachUserPolicy *aws.Operation

// EnableMFADeviceRequest generates a request for the EnableMFADevice operation.
func (c *IAM) EnableMFADeviceRequest(input *EnableMFADeviceInput) (req *aws.Request, output *EnableMFADeviceOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opEnableMFADevice == nil {
		opEnableMFADevice = &aws.Operation{
			Name:       "EnableMFADevice",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &EnableMFADeviceInput{}
	}

	req = c.newRequest(opEnableMFADevice, input, output)
	output = &EnableMFADeviceOutput{}
	req.Data = output
	return
}

// Enables the specified MFA device and associates it with the specified user
// name. When enabled, the MFA device is required for every subsequent login
// by the user name associated with the device.
func (c *IAM) EnableMFADevice(input *EnableMFADeviceInput) (*EnableMFADeviceOutput, error) {
	req, out := c.EnableMFADeviceRequest(input)
	err := req.Send()
	return out, err
}

var opEnableMFADevice *aws.Operation

// GenerateCredentialReportRequest generates a request for the GenerateCredentialReport operation.
func (c *IAM) GenerateCredentialReportRequest(input *GenerateCredentialReportInput) (req *aws.Request, output *GenerateCredentialReportOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGenerateCredentialReport == nil {
		opGenerateCredentialReport = &aws.Operation{
			Name:       "GenerateCredentialReport",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GenerateCredentialReportInput{}
	}

	req = c.newRequest(opGenerateCredentialReport, input, output)
	output = &GenerateCredentialReportOutput{}
	req.Data = output
	return
}

// Generates a credential report for the AWS account. For more information about
// the credential report, see Getting Credential Reports (http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
// in the Using IAM guide.
func (c *IAM) GenerateCredentialReport(input *GenerateCredentialReportInput) (*GenerateCredentialReportOutput, error) {
	req, out := c.GenerateCredentialReportRequest(input)
	err := req.Send()
	return out, err
}

var opGenerateCredentialReport *aws.Operation

// GetAccessKeyLastUsedRequest generates a request for the GetAccessKeyLastUsed operation.
func (c *IAM) GetAccessKeyLastUsedRequest(input *GetAccessKeyLastUsedInput) (req *aws.Request, output *GetAccessKeyLastUsedOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetAccessKeyLastUsed == nil {
		opGetAccessKeyLastUsed = &aws.Operation{
			Name:       "GetAccessKeyLastUsed",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetAccessKeyLastUsedInput{}
	}

	req = c.newRequest(opGetAccessKeyLastUsed, input, output)
	output = &GetAccessKeyLastUsedOutput{}
	req.Data = output
	return
}

// Retrieves information about when the specified access key was last used.
// The information includes the date and time of last use, along with the AWS
// service and region that were specified in the last request made with that
// key.
func (c *IAM) GetAccessKeyLastUsed(input *GetAccessKeyLastUsedInput) (*GetAccessKeyLastUsedOutput, error) {
	req, out := c.GetAccessKeyLastUsedRequest(input)
	err := req.Send()
	return out, err
}

var opGetAccessKeyLastUsed *aws.Operation

// GetAccountAuthorizationDetailsRequest generates a request for the GetAccountAuthorizationDetails operation.
func (c *IAM) GetAccountAuthorizationDetailsRequest(input *GetAccountAuthorizationDetailsInput) (req *aws.Request, output *GetAccountAuthorizationDetailsOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetAccountAuthorizationDetails == nil {
		opGetAccountAuthorizationDetails = &aws.Operation{
			Name:       "GetAccountAuthorizationDetails",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &GetAccountAuthorizationDetailsInput{}
	}

	req = c.newRequest(opGetAccountAuthorizationDetails, input, output)
	output = &GetAccountAuthorizationDetailsOutput{}
	req.Data = output
	return
}

// Retrieves information about all IAM users, groups, roles, and policies in
// your account, including their relationships to one another. Use this API
// to obtain a snapshot of the configuration of IAM permissions (users, groups,
// roles, and policies) in your account.
//
// You can optionally filter the results using the Filter parameter. You can
// paginate the results using the MaxItems and Marker parameters.
func (c *IAM) GetAccountAuthorizationDetails(input *GetAccountAuthorizationDetailsInput) (*GetAccountAuthorizationDetailsOutput, error) {
	req, out := c.GetAccountAuthorizationDetailsRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) GetAccountAuthorizationDetailsPages(input *GetAccountAuthorizationDetailsInput, fn func(p *GetAccountAuthorizationDetailsOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.GetAccountAuthorizationDetailsRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*GetAccountAuthorizationDetailsOutput), lastPage)
	})
}

var opGetAccountAuthorizationDetails *aws.Operation

// GetAccountPasswordPolicyRequest generates a request for the GetAccountPasswordPolicy operation.
func (c *IAM) GetAccountPasswordPolicyRequest(input *GetAccountPasswordPolicyInput) (req *aws.Request, output *GetAccountPasswordPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetAccountPasswordPolicy == nil {
		opGetAccountPasswordPolicy = &aws.Operation{
			Name:       "GetAccountPasswordPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetAccountPasswordPolicyInput{}
	}

	req = c.newRequest(opGetAccountPasswordPolicy, input, output)
	output = &GetAccountPasswordPolicyOutput{}
	req.Data = output
	return
}

// Retrieves the password policy for the AWS account. For more information about
// using a password policy, go to Managing an IAM Password Policy (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html).
func (c *IAM) GetAccountPasswordPolicy(input *GetAccountPasswordPolicyInput) (*GetAccountPasswordPolicyOutput, error) {
	req, out := c.GetAccountPasswordPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opGetAccountPasswordPolicy *aws.Operation

// GetAccountSummaryRequest generates a request for the GetAccountSummary operation.
func (c *IAM) GetAccountSummaryRequest(input *GetAccountSummaryInput) (req *aws.Request, output *GetAccountSummaryOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetAccountSummary == nil {
		opGetAccountSummary = &aws.Operation{
			Name:       "GetAccountSummary",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetAccountSummaryInput{}
	}

	req = c.newRequest(opGetAccountSummary, input, output)
	output = &GetAccountSummaryOutput{}
	req.Data = output
	return
}

// Retrieves information about IAM entity usage and IAM quotas in the AWS account.
//
//  For information about limitations on IAM entities, see Limitations on IAM
// Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
func (c *IAM) GetAccountSummary(input *GetAccountSummaryInput) (*GetAccountSummaryOutput, error) {
	req, out := c.GetAccountSummaryRequest(input)
	err := req.Send()
	return out, err
}

var opGetAccountSummary *aws.Operation

// GetCredentialReportRequest generates a request for the GetCredentialReport operation.
func (c *IAM) GetCredentialReportRequest(input *GetCredentialReportInput) (req *aws.Request, output *GetCredentialReportOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetCredentialReport == nil {
		opGetCredentialReport = &aws.Operation{
			Name:       "GetCredentialReport",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetCredentialReportInput{}
	}

	req = c.newRequest(opGetCredentialReport, input, output)
	output = &GetCredentialReportOutput{}
	req.Data = output
	return
}

// Retrieves a credential report for the AWS account. For more information about
// the credential report, see Getting Credential Reports (http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
// in the Using IAM guide.
func (c *IAM) GetCredentialReport(input *GetCredentialReportInput) (*GetCredentialReportOutput, error) {
	req, out := c.GetCredentialReportRequest(input)
	err := req.Send()
	return out, err
}

var opGetCredentialReport *aws.Operation

// GetGroupRequest generates a request for the GetGroup operation.
func (c *IAM) GetGroupRequest(input *GetGroupInput) (req *aws.Request, output *GetGroupOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetGroup == nil {
		opGetGroup = &aws.Operation{
			Name:       "GetGroup",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &GetGroupInput{}
	}

	req = c.newRequest(opGetGroup, input, output)
	output = &GetGroupOutput{}
	req.Data = output
	return
}

// Returns a list of users that are in the specified group. You can paginate
// the results using the MaxItems and Marker parameters.
func (c *IAM) GetGroup(input *GetGroupInput) (*GetGroupOutput, error) {
	req, out := c.GetGroupRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) GetGroupPages(input *GetGroupInput, fn func(p *GetGroupOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.GetGroupRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*GetGroupOutput), lastPage)
	})
}

var opGetGroup *aws.Operation

// GetGroupPolicyRequest generates a request for the GetGroupPolicy operation.
func (c *IAM) GetGroupPolicyRequest(input *GetGroupPolicyInput) (req *aws.Request, output *GetGroupPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetGroupPolicy == nil {
		opGetGroupPolicy = &aws.Operation{
			Name:       "GetGroupPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetGroupPolicyInput{}
	}

	req = c.newRequest(opGetGroupPolicy, input, output)
	output = &GetGroupPolicyOutput{}
	req.Data = output
	return
}

// Retrieves the specified inline policy document that is embedded in the specified
// group.
//
// A group can also have managed policies attached to it. To retrieve a managed
// policy document that is attached to a group, use GetPolicy to determine the
// policy's default version, then use GetPolicyVersion to retrieve the policy
// document.
//
// For more information about policies, refer to Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) GetGroupPolicy(input *GetGroupPolicyInput) (*GetGroupPolicyOutput, error) {
	req, out := c.GetGroupPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opGetGroupPolicy *aws.Operation

// GetInstanceProfileRequest generates a request for the GetInstanceProfile operation.
func (c *IAM) GetInstanceProfileRequest(input *GetInstanceProfileInput) (req *aws.Request, output *GetInstanceProfileOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetInstanceProfile == nil {
		opGetInstanceProfile = &aws.Operation{
			Name:       "GetInstanceProfile",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetInstanceProfileInput{}
	}

	req = c.newRequest(opGetInstanceProfile, input, output)
	output = &GetInstanceProfileOutput{}
	req.Data = output
	return
}

// Retrieves information about the specified instance profile, including the
// instance profile's path, GUID, ARN, and role. For more information about
// instance profiles, go to About Instance Profiles (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
// For more information about ARNs, go to ARNs (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html#Identifiers_ARNs).
func (c *IAM) GetInstanceProfile(input *GetInstanceProfileInput) (*GetInstanceProfileOutput, error) {
	req, out := c.GetInstanceProfileRequest(input)
	err := req.Send()
	return out, err
}

var opGetInstanceProfile *aws.Operation

// GetLoginProfileRequest generates a request for the GetLoginProfile operation.
func (c *IAM) GetLoginProfileRequest(input *GetLoginProfileInput) (req *aws.Request, output *GetLoginProfileOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetLoginProfile == nil {
		opGetLoginProfile = &aws.Operation{
			Name:       "GetLoginProfile",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetLoginProfileInput{}
	}

	req = c.newRequest(opGetLoginProfile, input, output)
	output = &GetLoginProfileOutput{}
	req.Data = output
	return
}

// Retrieves the user name and password-creation date for the specified user.
// If the user has not been assigned a password, the action returns a 404 (NoSuchEntity)
// error.
func (c *IAM) GetLoginProfile(input *GetLoginProfileInput) (*GetLoginProfileOutput, error) {
	req, out := c.GetLoginProfileRequest(input)
	err := req.Send()
	return out, err
}

var opGetLoginProfile *aws.Operation

// GetOpenIDConnectProviderRequest generates a request for the GetOpenIDConnectProvider operation.
func (c *IAM) GetOpenIDConnectProviderRequest(input *GetOpenIDConnectProviderInput) (req *aws.Request, output *GetOpenIDConnectProviderOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetOpenIDConnectProvider == nil {
		opGetOpenIDConnectProvider = &aws.Operation{
			Name:       "GetOpenIDConnectProvider",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetOpenIDConnectProviderInput{}
	}

	req = c.newRequest(opGetOpenIDConnectProvider, input, output)
	output = &GetOpenIDConnectProviderOutput{}
	req.Data = output
	return
}

// Returns information about the specified OpenID Connect provider.
func (c *IAM) GetOpenIDConnectProvider(input *GetOpenIDConnectProviderInput) (*GetOpenIDConnectProviderOutput, error) {
	req, out := c.GetOpenIDConnectProviderRequest(input)
	err := req.Send()
	return out, err
}

var opGetOpenIDConnectProvider *aws.Operation

// GetPolicyRequest generates a request for the GetPolicy operation.
func (c *IAM) GetPolicyRequest(input *GetPolicyInput) (req *aws.Request, output *GetPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetPolicy == nil {
		opGetPolicy = &aws.Operation{
			Name:       "GetPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetPolicyInput{}
	}

	req = c.newRequest(opGetPolicy, input, output)
	output = &GetPolicyOutput{}
	req.Data = output
	return
}

// Retrieves information about the specified managed policy, including the policy's
// default version and the total number of users, groups, and roles that the
// policy is attached to. For a list of the specific users, groups, and roles
// that the policy is attached to, use the ListEntitiesForPolicy API. This API
// returns metadata about the policy. To retrieve the policy document for a
// specific version of the policy, use GetPolicyVersion.
//
// This API retrieves information about managed policies. To retrieve information
// about an inline policy that is embedded with a user, group, or role, use
// the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.
//
// For more information about policies, refer to Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) GetPolicy(input *GetPolicyInput) (*GetPolicyOutput, error) {
	req, out := c.GetPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opGetPolicy *aws.Operation

// GetPolicyVersionRequest generates a request for the GetPolicyVersion operation.
func (c *IAM) GetPolicyVersionRequest(input *GetPolicyVersionInput) (req *aws.Request, output *GetPolicyVersionOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetPolicyVersion == nil {
		opGetPolicyVersion = &aws.Operation{
			Name:       "GetPolicyVersion",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetPolicyVersionInput{}
	}

	req = c.newRequest(opGetPolicyVersion, input, output)
	output = &GetPolicyVersionOutput{}
	req.Data = output
	return
}

// Retrieves information about the specified version of the specified managed
// policy, including the policy document.
//
// To list the available versions for a policy, use ListPolicyVersions.
//
// This API retrieves information about managed policies. To retrieve information
// about an inline policy that is embedded in a user, group, or role, use the
// GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.
//
// For more information about the types of policies, refer to Managed Policies
// and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) GetPolicyVersion(input *GetPolicyVersionInput) (*GetPolicyVersionOutput, error) {
	req, out := c.GetPolicyVersionRequest(input)
	err := req.Send()
	return out, err
}

var opGetPolicyVersion *aws.Operation

// GetRoleRequest generates a request for the GetRole operation.
func (c *IAM) GetRoleRequest(input *GetRoleInput) (req *aws.Request, output *GetRoleOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetRole == nil {
		opGetRole = &aws.Operation{
			Name:       "GetRole",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetRoleInput{}
	}

	req = c.newRequest(opGetRole, input, output)
	output = &GetRoleOutput{}
	req.Data = output
	return
}

// Retrieves information about the specified role, including the role's path,
// GUID, ARN, and the policy granting permission to assume the role. For more
// information about ARNs, go to ARNs (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html#Identifiers_ARNs).
// For more information about roles, go to Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
func (c *IAM) GetRole(input *GetRoleInput) (*GetRoleOutput, error) {
	req, out := c.GetRoleRequest(input)
	err := req.Send()
	return out, err
}

var opGetRole *aws.Operation

// GetRolePolicyRequest generates a request for the GetRolePolicy operation.
func (c *IAM) GetRolePolicyRequest(input *GetRolePolicyInput) (req *aws.Request, output *GetRolePolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetRolePolicy == nil {
		opGetRolePolicy = &aws.Operation{
			Name:       "GetRolePolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetRolePolicyInput{}
	}

	req = c.newRequest(opGetRolePolicy, input, output)
	output = &GetRolePolicyOutput{}
	req.Data = output
	return
}

// Retrieves the specified inline policy document that is embedded with the
// specified role.
//
// A role can also have managed policies attached to it. To retrieve a managed
// policy document that is attached to a role, use GetPolicy to determine the
// policy's default version, then use GetPolicyVersion to retrieve the policy
// document.
//
// For more information about policies, refer to Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
//
// For more information about roles, go to Using Roles to Delegate Permissions
// and Federate Identities (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
func (c *IAM) GetRolePolicy(input *GetRolePolicyInput) (*GetRolePolicyOutput, error) {
	req, out := c.GetRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

var opGetRolePolicy *aws.Operation

// GetSAMLProviderRequest generates a request for the GetSAMLProvider operation.
func (c *IAM) GetSAMLProviderRequest(input *GetSAMLProviderInput) (req *aws.Request, output *GetSAMLProviderOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetSAMLProvider == nil {
		opGetSAMLProvider = &aws.Operation{
			Name:       "GetSAMLProvider",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetSAMLProviderInput{}
	}

	req = c.newRequest(opGetSAMLProvider, input, output)
	output = &GetSAMLProviderOutput{}
	req.Data = output
	return
}

// Returns the SAML provider metadocument that was uploaded when the provider
// was created or updated.
//
// This operation requires Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
func (c *IAM) GetSAMLProvider(input *GetSAMLProviderInput) (*GetSAMLProviderOutput, error) {
	req, out := c.GetSAMLProviderRequest(input)
	err := req.Send()
	return out, err
}

var opGetSAMLProvider *aws.Operation

// GetServerCertificateRequest generates a request for the GetServerCertificate operation.
func (c *IAM) GetServerCertificateRequest(input *GetServerCertificateInput) (req *aws.Request, output *GetServerCertificateOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetServerCertificate == nil {
		opGetServerCertificate = &aws.Operation{
			Name:       "GetServerCertificate",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetServerCertificateInput{}
	}

	req = c.newRequest(opGetServerCertificate, input, output)
	output = &GetServerCertificateOutput{}
	req.Data = output
	return
}

// Retrieves information about the specified server certificate.
func (c *IAM) GetServerCertificate(input *GetServerCertificateInput) (*GetServerCertificateOutput, error) {
	req, out := c.GetServerCertificateRequest(input)
	err := req.Send()
	return out, err
}

var opGetServerCertificate *aws.Operation

// GetUserRequest generates a request for the GetUser operation.
func (c *IAM) GetUserRequest(input *GetUserInput) (req *aws.Request, output *GetUserOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetUser == nil {
		opGetUser = &aws.Operation{
			Name:       "GetUser",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetUserInput{}
	}

	req = c.newRequest(opGetUser, input, output)
	output = &GetUserOutput{}
	req.Data = output
	return
}

// Retrieves information about the specified user, including the user's creation
// date, path, unique ID, and ARN.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the AWS access key ID used to sign the request.
func (c *IAM) GetUser(input *GetUserInput) (*GetUserOutput, error) {
	req, out := c.GetUserRequest(input)
	err := req.Send()
	return out, err
}

var opGetUser *aws.Operation

// GetUserPolicyRequest generates a request for the GetUserPolicy operation.
func (c *IAM) GetUserPolicyRequest(input *GetUserPolicyInput) (req *aws.Request, output *GetUserPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opGetUserPolicy == nil {
		opGetUserPolicy = &aws.Operation{
			Name:       "GetUserPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &GetUserPolicyInput{}
	}

	req = c.newRequest(opGetUserPolicy, input, output)
	output = &GetUserPolicyOutput{}
	req.Data = output
	return
}

// Retrieves the specified inline policy document that is embedded in the specified
// user.
//
// A user can also have managed policies attached to it. To retrieve a managed
// policy document that is attached to a user, use GetPolicy to determine the
// policy's default version, then use GetPolicyVersion to retrieve the policy
// document.
//
// For more information about policies, refer to Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) GetUserPolicy(input *GetUserPolicyInput) (*GetUserPolicyOutput, error) {
	req, out := c.GetUserPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opGetUserPolicy *aws.Operation

// ListAccessKeysRequest generates a request for the ListAccessKeys operation.
func (c *IAM) ListAccessKeysRequest(input *ListAccessKeysInput) (req *aws.Request, output *ListAccessKeysOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListAccessKeys == nil {
		opListAccessKeys = &aws.Operation{
			Name:       "ListAccessKeys",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListAccessKeysInput{}
	}

	req = c.newRequest(opListAccessKeys, input, output)
	output = &ListAccessKeysOutput{}
	req.Data = output
	return
}

// Returns information about the access key IDs associated with the specified
// user. If there are none, the action returns an empty list.
//
// Although each user is limited to a small number of keys, you can still paginate
// the results using the MaxItems and Marker parameters.
//
// If the UserName field is not specified, the UserName is determined implicitly
// based on the AWS access key ID used to sign the request. Because this action
// works for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
//
// To ensure the security of your AWS account, the secret access key is accessible
// only during key and user creation.
func (c *IAM) ListAccessKeys(input *ListAccessKeysInput) (*ListAccessKeysOutput, error) {
	req, out := c.ListAccessKeysRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListAccessKeysPages(input *ListAccessKeysInput, fn func(p *ListAccessKeysOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListAccessKeysRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListAccessKeysOutput), lastPage)
	})
}

var opListAccessKeys *aws.Operation

// ListAccountAliasesRequest generates a request for the ListAccountAliases operation.
func (c *IAM) ListAccountAliasesRequest(input *ListAccountAliasesInput) (req *aws.Request, output *ListAccountAliasesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListAccountAliases == nil {
		opListAccountAliases = &aws.Operation{
			Name:       "ListAccountAliases",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListAccountAliasesInput{}
	}

	req = c.newRequest(opListAccountAliases, input, output)
	output = &ListAccountAliasesOutput{}
	req.Data = output
	return
}

// Lists the account aliases associated with the account. For information about
// using an AWS account alias, see Using an Alias for Your AWS Account ID (http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the Using IAM guide.
//
//  You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListAccountAliases(input *ListAccountAliasesInput) (*ListAccountAliasesOutput, error) {
	req, out := c.ListAccountAliasesRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListAccountAliasesPages(input *ListAccountAliasesInput, fn func(p *ListAccountAliasesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListAccountAliasesRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListAccountAliasesOutput), lastPage)
	})
}

var opListAccountAliases *aws.Operation

// ListAttachedGroupPoliciesRequest generates a request for the ListAttachedGroupPolicies operation.
func (c *IAM) ListAttachedGroupPoliciesRequest(input *ListAttachedGroupPoliciesInput) (req *aws.Request, output *ListAttachedGroupPoliciesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListAttachedGroupPolicies == nil {
		opListAttachedGroupPolicies = &aws.Operation{
			Name:       "ListAttachedGroupPolicies",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &ListAttachedGroupPoliciesInput{}
	}

	req = c.newRequest(opListAttachedGroupPolicies, input, output)
	output = &ListAttachedGroupPoliciesOutput{}
	req.Data = output
	return
}

// Lists all managed policies that are attached to the specified group.
//
// A group can also have inline policies embedded with it. To list the inline
// policies for a group, use the ListGroupPolicies API. For information about
// policies, refer to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You
// can use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to
// the specified group (or none that match the specified path prefix), the action
// returns an empty list.
func (c *IAM) ListAttachedGroupPolicies(input *ListAttachedGroupPoliciesInput) (*ListAttachedGroupPoliciesOutput, error) {
	req, out := c.ListAttachedGroupPoliciesRequest(input)
	err := req.Send()
	return out, err
}

var opListAttachedGroupPolicies *aws.Operation

// ListAttachedRolePoliciesRequest generates a request for the ListAttachedRolePolicies operation.
func (c *IAM) ListAttachedRolePoliciesRequest(input *ListAttachedRolePoliciesInput) (req *aws.Request, output *ListAttachedRolePoliciesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListAttachedRolePolicies == nil {
		opListAttachedRolePolicies = &aws.Operation{
			Name:       "ListAttachedRolePolicies",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &ListAttachedRolePoliciesInput{}
	}

	req = c.newRequest(opListAttachedRolePolicies, input, output)
	output = &ListAttachedRolePoliciesOutput{}
	req.Data = output
	return
}

// Lists all managed policies that are attached to the specified role.
//
// A role can also have inline policies embedded with it. To list the inline
// policies for a role, use the ListRolePolicies API. For information about
// policies, refer to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You
// can use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to
// the specified role (or none that match the specified path prefix), the action
// returns an empty list.
func (c *IAM) ListAttachedRolePolicies(input *ListAttachedRolePoliciesInput) (*ListAttachedRolePoliciesOutput, error) {
	req, out := c.ListAttachedRolePoliciesRequest(input)
	err := req.Send()
	return out, err
}

var opListAttachedRolePolicies *aws.Operation

// ListAttachedUserPoliciesRequest generates a request for the ListAttachedUserPolicies operation.
func (c *IAM) ListAttachedUserPoliciesRequest(input *ListAttachedUserPoliciesInput) (req *aws.Request, output *ListAttachedUserPoliciesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListAttachedUserPolicies == nil {
		opListAttachedUserPolicies = &aws.Operation{
			Name:       "ListAttachedUserPolicies",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &ListAttachedUserPoliciesInput{}
	}

	req = c.newRequest(opListAttachedUserPolicies, input, output)
	output = &ListAttachedUserPoliciesOutput{}
	req.Data = output
	return
}

// Lists all managed policies that are attached to the specified user.
//
// A user can also have inline policies embedded with it. To list the inline
// policies for a user, use the ListUserPolicies API. For information about
// policies, refer to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You
// can use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to
// the specified group (or none that match the specified path prefix), the action
// returns an empty list.
func (c *IAM) ListAttachedUserPolicies(input *ListAttachedUserPoliciesInput) (*ListAttachedUserPoliciesOutput, error) {
	req, out := c.ListAttachedUserPoliciesRequest(input)
	err := req.Send()
	return out, err
}

var opListAttachedUserPolicies *aws.Operation

// ListEntitiesForPolicyRequest generates a request for the ListEntitiesForPolicy operation.
func (c *IAM) ListEntitiesForPolicyRequest(input *ListEntitiesForPolicyInput) (req *aws.Request, output *ListEntitiesForPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListEntitiesForPolicy == nil {
		opListEntitiesForPolicy = &aws.Operation{
			Name:       "ListEntitiesForPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &ListEntitiesForPolicyInput{}
	}

	req = c.newRequest(opListEntitiesForPolicy, input, output)
	output = &ListEntitiesForPolicyOutput{}
	req.Data = output
	return
}

// Lists all users, groups, and roles that the specified managed policy is attached
// to.
//
// You can use the optional EntityFilter parameter to limit the results to
// a particular type of entity (users, groups, or roles). For example, to list
// only the roles that are attached to the specified policy, set EntityFilter
// to Role.
//
// You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListEntitiesForPolicy(input *ListEntitiesForPolicyInput) (*ListEntitiesForPolicyOutput, error) {
	req, out := c.ListEntitiesForPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opListEntitiesForPolicy *aws.Operation

// ListGroupPoliciesRequest generates a request for the ListGroupPolicies operation.
func (c *IAM) ListGroupPoliciesRequest(input *ListGroupPoliciesInput) (req *aws.Request, output *ListGroupPoliciesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListGroupPolicies == nil {
		opListGroupPolicies = &aws.Operation{
			Name:       "ListGroupPolicies",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListGroupPoliciesInput{}
	}

	req = c.newRequest(opListGroupPolicies, input, output)
	output = &ListGroupPoliciesOutput{}
	req.Data = output
	return
}

// Lists the names of the inline policies that are embedded in the specified
// group.
//
// A group can also have managed policies attached to it. To list the managed
// policies that are attached to a group, use ListAttachedGroupPolicies. For
// more information about policies, refer to Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If
// there are no inline policies embedded with the specified group, the action
// returns an empty list.
func (c *IAM) ListGroupPolicies(input *ListGroupPoliciesInput) (*ListGroupPoliciesOutput, error) {
	req, out := c.ListGroupPoliciesRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListGroupPoliciesPages(input *ListGroupPoliciesInput, fn func(p *ListGroupPoliciesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListGroupPoliciesRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListGroupPoliciesOutput), lastPage)
	})
}

var opListGroupPolicies *aws.Operation

// ListGroupsRequest generates a request for the ListGroups operation.
func (c *IAM) ListGroupsRequest(input *ListGroupsInput) (req *aws.Request, output *ListGroupsOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListGroups == nil {
		opListGroups = &aws.Operation{
			Name:       "ListGroups",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListGroupsInput{}
	}

	req = c.newRequest(opListGroups, input, output)
	output = &ListGroupsOutput{}
	req.Data = output
	return
}

// Lists the groups that have the specified path prefix.
//
//  You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListGroups(input *ListGroupsInput) (*ListGroupsOutput, error) {
	req, out := c.ListGroupsRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListGroupsPages(input *ListGroupsInput, fn func(p *ListGroupsOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListGroupsRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListGroupsOutput), lastPage)
	})
}

var opListGroups *aws.Operation

// ListGroupsForUserRequest generates a request for the ListGroupsForUser operation.
func (c *IAM) ListGroupsForUserRequest(input *ListGroupsForUserInput) (req *aws.Request, output *ListGroupsForUserOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListGroupsForUser == nil {
		opListGroupsForUser = &aws.Operation{
			Name:       "ListGroupsForUser",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListGroupsForUserInput{}
	}

	req = c.newRequest(opListGroupsForUser, input, output)
	output = &ListGroupsForUserOutput{}
	req.Data = output
	return
}

// Lists the groups the specified user belongs to.
//
// You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListGroupsForUser(input *ListGroupsForUserInput) (*ListGroupsForUserOutput, error) {
	req, out := c.ListGroupsForUserRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListGroupsForUserPages(input *ListGroupsForUserInput, fn func(p *ListGroupsForUserOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListGroupsForUserRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListGroupsForUserOutput), lastPage)
	})
}

var opListGroupsForUser *aws.Operation

// ListInstanceProfilesRequest generates a request for the ListInstanceProfiles operation.
func (c *IAM) ListInstanceProfilesRequest(input *ListInstanceProfilesInput) (req *aws.Request, output *ListInstanceProfilesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListInstanceProfiles == nil {
		opListInstanceProfiles = &aws.Operation{
			Name:       "ListInstanceProfiles",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListInstanceProfilesInput{}
	}

	req = c.newRequest(opListInstanceProfiles, input, output)
	output = &ListInstanceProfilesOutput{}
	req.Data = output
	return
}

// Lists the instance profiles that have the specified path prefix. If there
// are none, the action returns an empty list. For more information about instance
// profiles, go to About Instance Profiles (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListInstanceProfiles(input *ListInstanceProfilesInput) (*ListInstanceProfilesOutput, error) {
	req, out := c.ListInstanceProfilesRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListInstanceProfilesPages(input *ListInstanceProfilesInput, fn func(p *ListInstanceProfilesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListInstanceProfilesRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListInstanceProfilesOutput), lastPage)
	})
}

var opListInstanceProfiles *aws.Operation

// ListInstanceProfilesForRoleRequest generates a request for the ListInstanceProfilesForRole operation.
func (c *IAM) ListInstanceProfilesForRoleRequest(input *ListInstanceProfilesForRoleInput) (req *aws.Request, output *ListInstanceProfilesForRoleOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListInstanceProfilesForRole == nil {
		opListInstanceProfilesForRole = &aws.Operation{
			Name:       "ListInstanceProfilesForRole",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListInstanceProfilesForRoleInput{}
	}

	req = c.newRequest(opListInstanceProfilesForRole, input, output)
	output = &ListInstanceProfilesForRoleOutput{}
	req.Data = output
	return
}

// Lists the instance profiles that have the specified associated role. If there
// are none, the action returns an empty list. For more information about instance
// profiles, go to About Instance Profiles (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListInstanceProfilesForRole(input *ListInstanceProfilesForRoleInput) (*ListInstanceProfilesForRoleOutput, error) {
	req, out := c.ListInstanceProfilesForRoleRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListInstanceProfilesForRolePages(input *ListInstanceProfilesForRoleInput, fn func(p *ListInstanceProfilesForRoleOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListInstanceProfilesForRoleRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListInstanceProfilesForRoleOutput), lastPage)
	})
}

var opListInstanceProfilesForRole *aws.Operation

// ListMFADevicesRequest generates a request for the ListMFADevices operation.
func (c *IAM) ListMFADevicesRequest(input *ListMFADevicesInput) (req *aws.Request, output *ListMFADevicesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListMFADevices == nil {
		opListMFADevices = &aws.Operation{
			Name:       "ListMFADevices",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListMFADevicesInput{}
	}

	req = c.newRequest(opListMFADevices, input, output)
	output = &ListMFADevicesOutput{}
	req.Data = output
	return
}

// Lists the MFA devices. If the request includes the user name, then this action
// lists all the MFA devices associated with the specified user name. If you
// do not specify a user name, IAM determines the user name implicitly based
// on the AWS access key ID signing the request.
//
// You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListMFADevices(input *ListMFADevicesInput) (*ListMFADevicesOutput, error) {
	req, out := c.ListMFADevicesRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListMFADevicesPages(input *ListMFADevicesInput, fn func(p *ListMFADevicesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListMFADevicesRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListMFADevicesOutput), lastPage)
	})
}

var opListMFADevices *aws.Operation

// ListOpenIDConnectProvidersRequest generates a request for the ListOpenIDConnectProviders operation.
func (c *IAM) ListOpenIDConnectProvidersRequest(input *ListOpenIDConnectProvidersInput) (req *aws.Request, output *ListOpenIDConnectProvidersOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListOpenIDConnectProviders == nil {
		opListOpenIDConnectProviders = &aws.Operation{
			Name:       "ListOpenIDConnectProviders",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &ListOpenIDConnectProvidersInput{}
	}

	req = c.newRequest(opListOpenIDConnectProviders, input, output)
	output = &ListOpenIDConnectProvidersOutput{}
	req.Data = output
	return
}

// Lists information about the OpenID Connect providers in the AWS account.
func (c *IAM) ListOpenIDConnectProviders(input *ListOpenIDConnectProvidersInput) (*ListOpenIDConnectProvidersOutput, error) {
	req, out := c.ListOpenIDConnectProvidersRequest(input)
	err := req.Send()
	return out, err
}

var opListOpenIDConnectProviders *aws.Operation

// ListPoliciesRequest generates a request for the ListPolicies operation.
func (c *IAM) ListPoliciesRequest(input *ListPoliciesInput) (req *aws.Request, output *ListPoliciesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListPolicies == nil {
		opListPolicies = &aws.Operation{
			Name:       "ListPolicies",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &ListPoliciesInput{}
	}

	req = c.newRequest(opListPolicies, input, output)
	output = &ListPoliciesOutput{}
	req.Data = output
	return
}

// Lists all the managed policies that are available to your account, including
// your own customer managed policies and all AWS managed policies.
//
// You can filter the list of policies that is returned using the optional
// OnlyAttached, Scope, and PathPrefix parameters. For example, to list only
// the customer managed policies in your AWS account, set Scope to Local. To
// list only AWS managed policies, set Scope to AWS.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) {
	req, out := c.ListPoliciesRequest(input)
	err := req.Send()
	return out, err
}

var opListPolicies *aws.Operation

// ListPolicyVersionsRequest generates a request for the ListPolicyVersions operation.
func (c *IAM) ListPolicyVersionsRequest(input *ListPolicyVersionsInput) (req *aws.Request, output *ListPolicyVersionsOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListPolicyVersions == nil {
		opListPolicyVersions = &aws.Operation{
			Name:       "ListPolicyVersions",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &ListPolicyVersionsInput{}
	}

	req = c.newRequest(opListPolicyVersions, input, output)
	output = &ListPolicyVersionsOutput{}
	req.Data = output
	return
}

// Lists information about the versions of the specified managed policy, including
// the version that is set as the policy's default version.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) ListPolicyVersions(input *ListPolicyVersionsInput) (*ListPolicyVersionsOutput, error) {
	req, out := c.ListPolicyVersionsRequest(input)
	err := req.Send()
	return out, err
}

var opListPolicyVersions *aws.Operation

// ListRolePoliciesRequest generates a request for the ListRolePolicies operation.
func (c *IAM) ListRolePoliciesRequest(input *ListRolePoliciesInput) (req *aws.Request, output *ListRolePoliciesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListRolePolicies == nil {
		opListRolePolicies = &aws.Operation{
			Name:       "ListRolePolicies",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListRolePoliciesInput{}
	}

	req = c.newRequest(opListRolePolicies, input, output)
	output = &ListRolePoliciesOutput{}
	req.Data = output
	return
}

// Lists the names of the inline policies that are embedded in the specified
// role.
//
// A role can also have managed policies attached to it. To list the managed
// policies that are attached to a role, use ListAttachedRolePolicies. For more
// information about policies, refer to Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If
// there are no inline policies embedded with the specified role, the action
// returns an empty list.
func (c *IAM) ListRolePolicies(input *ListRolePoliciesInput) (*ListRolePoliciesOutput, error) {
	req, out := c.ListRolePoliciesRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListRolePoliciesPages(input *ListRolePoliciesInput, fn func(p *ListRolePoliciesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListRolePoliciesRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListRolePoliciesOutput), lastPage)
	})
}

var opListRolePolicies *aws.Operation

// ListRolesRequest generates a request for the ListRoles operation.
func (c *IAM) ListRolesRequest(input *ListRolesInput) (req *aws.Request, output *ListRolesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListRoles == nil {
		opListRoles = &aws.Operation{
			Name:       "ListRoles",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListRolesInput{}
	}

	req = c.newRequest(opListRoles, input, output)
	output = &ListRolesOutput{}
	req.Data = output
	return
}

// Lists the roles that have the specified path prefix. If there are none, the
// action returns an empty list. For more information about roles, go to Working
// with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
//
// You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListRoles(input *ListRolesInput) (*ListRolesOutput, error) {
	req, out := c.ListRolesRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListRolesPages(input *ListRolesInput, fn func(p *ListRolesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListRolesRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListRolesOutput), lastPage)
	})
}

var opListRoles *aws.Operation

// ListSAMLProvidersRequest generates a request for the ListSAMLProviders operation.
func (c *IAM) ListSAMLProvidersRequest(input *ListSAMLProvidersInput) (req *aws.Request, output *ListSAMLProvidersOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListSAMLProviders == nil {
		opListSAMLProviders = &aws.Operation{
			Name:       "ListSAMLProviders",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &ListSAMLProvidersInput{}
	}

	req = c.newRequest(opListSAMLProviders, input, output)
	output = &ListSAMLProvidersOutput{}
	req.Data = output
	return
}

// Lists the SAML providers in the account.
//
//  This operation requires Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
func (c *IAM) ListSAMLProviders(input *ListSAMLProvidersInput) (*ListSAMLProvidersOutput, error) {
	req, out := c.ListSAMLProvidersRequest(input)
	err := req.Send()
	return out, err
}

var opListSAMLProviders *aws.Operation

// ListServerCertificatesRequest generates a request for the ListServerCertificates operation.
func (c *IAM) ListServerCertificatesRequest(input *ListServerCertificatesInput) (req *aws.Request, output *ListServerCertificatesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListServerCertificates == nil {
		opListServerCertificates = &aws.Operation{
			Name:       "ListServerCertificates",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListServerCertificatesInput{}
	}

	req = c.newRequest(opListServerCertificates, input, output)
	output = &ListServerCertificatesOutput{}
	req.Data = output
	return
}

// Lists the server certificates that have the specified path prefix. If none
// exist, the action returns an empty list.
//
//  You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListServerCertificates(input *ListServerCertificatesInput) (*ListServerCertificatesOutput, error) {
	req, out := c.ListServerCertificatesRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListServerCertificatesPages(input *ListServerCertificatesInput, fn func(p *ListServerCertificatesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListServerCertificatesRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListServerCertificatesOutput), lastPage)
	})
}

var opListServerCertificates *aws.Operation

// ListSigningCertificatesRequest generates a request for the ListSigningCertificates operation.
func (c *IAM) ListSigningCertificatesRequest(input *ListSigningCertificatesInput) (req *aws.Request, output *ListSigningCertificatesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListSigningCertificates == nil {
		opListSigningCertificates = &aws.Operation{
			Name:       "ListSigningCertificates",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListSigningCertificatesInput{}
	}

	req = c.newRequest(opListSigningCertificates, input, output)
	output = &ListSigningCertificatesOutput{}
	req.Data = output
	return
}

// Returns information about the signing certificates associated with the specified
// user. If there are none, the action returns an empty list.
//
// Although each user is limited to a small number of signing certificates,
// you can still paginate the results using the MaxItems and Marker parameters.
//
// If the UserName field is not specified, the user name is determined implicitly
// based on the AWS access key ID used to sign the request. Because this action
// works for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
func (c *IAM) ListSigningCertificates(input *ListSigningCertificatesInput) (*ListSigningCertificatesOutput, error) {
	req, out := c.ListSigningCertificatesRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListSigningCertificatesPages(input *ListSigningCertificatesInput, fn func(p *ListSigningCertificatesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListSigningCertificatesRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListSigningCertificatesOutput), lastPage)
	})
}

var opListSigningCertificates *aws.Operation

// ListUserPoliciesRequest generates a request for the ListUserPolicies operation.
func (c *IAM) ListUserPoliciesRequest(input *ListUserPoliciesInput) (req *aws.Request, output *ListUserPoliciesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListUserPolicies == nil {
		opListUserPolicies = &aws.Operation{
			Name:       "ListUserPolicies",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListUserPoliciesInput{}
	}

	req = c.newRequest(opListUserPolicies, input, output)
	output = &ListUserPoliciesOutput{}
	req.Data = output
	return
}

// Lists the names of the inline policies embedded in the specified user.
//
// A user can also have managed policies attached to it. To list the managed
// policies that are attached to a user, use ListAttachedUserPolicies. For more
// information about policies, refer to Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If
// there are no inline policies embedded with the specified user, the action
// returns an empty list.
func (c *IAM) ListUserPolicies(input *ListUserPoliciesInput) (*ListUserPoliciesOutput, error) {
	req, out := c.ListUserPoliciesRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListUserPoliciesPages(input *ListUserPoliciesInput, fn func(p *ListUserPoliciesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListUserPoliciesRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListUserPoliciesOutput), lastPage)
	})
}

var opListUserPolicies *aws.Operation

// ListUsersRequest generates a request for the ListUsers operation.
func (c *IAM) ListUsersRequest(input *ListUsersInput) (req *aws.Request, output *ListUsersOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListUsers == nil {
		opListUsers = &aws.Operation{
			Name:       "ListUsers",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListUsersInput{}
	}

	req = c.newRequest(opListUsers, input, output)
	output = &ListUsersOutput{}
	req.Data = output
	return
}

// Lists the IAM users that have the specified path prefix. If no path prefix
// is specified, the action returns all users in the AWS account. If there are
// none, the action returns an empty list.
//
// You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListUsers(input *ListUsersInput) (*ListUsersOutput, error) {
	req, out := c.ListUsersRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListUsersPages(input *ListUsersInput, fn func(p *ListUsersOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListUsersRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListUsersOutput), lastPage)
	})
}

var opListUsers *aws.Operation

// ListVirtualMFADevicesRequest generates a request for the ListVirtualMFADevices operation.
func (c *IAM) ListVirtualMFADevicesRequest(input *ListVirtualMFADevicesInput) (req *aws.Request, output *ListVirtualMFADevicesOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opListVirtualMFADevices == nil {
		opListVirtualMFADevices = &aws.Operation{
			Name:       "ListVirtualMFADevices",
			HTTPMethod: "POST",
			HTTPPath:   "/",
			Paginator: &aws.Paginator{
				InputTokens:     []string{"Marker"},
				OutputTokens:    []string{"Marker"},
				LimitToken:      "MaxItems",
				TruncationToken: "IsTruncated",
			},
		}
	}

	if input == nil {
		input = &ListVirtualMFADevicesInput{}
	}

	req = c.newRequest(opListVirtualMFADevices, input, output)
	output = &ListVirtualMFADevicesOutput{}
	req.Data = output
	return
}

// Lists the virtual MFA devices under the AWS account by assignment status.
// If you do not specify an assignment status, the action returns a list of
// all virtual MFA devices. Assignment status can be Assigned, Unassigned, or
// Any.
//
// You can paginate the results using the MaxItems and Marker parameters.
func (c *IAM) ListVirtualMFADevices(input *ListVirtualMFADevicesInput) (*ListVirtualMFADevicesOutput, error) {
	req, out := c.ListVirtualMFADevicesRequest(input)
	err := req.Send()
	return out, err
}

func (c *IAM) ListVirtualMFADevicesPages(input *ListVirtualMFADevicesInput, fn func(p *ListVirtualMFADevicesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListVirtualMFADevicesRequest(input)
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListVirtualMFADevicesOutput), lastPage)
	})
}

var opListVirtualMFADevices *aws.Operation

// PutGroupPolicyRequest generates a request for the PutGroupPolicy operation.
func (c *IAM) PutGroupPolicyRequest(input *PutGroupPolicyInput) (req *aws.Request, output *PutGroupPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opPutGroupPolicy == nil {
		opPutGroupPolicy = &aws.Operation{
			Name:       "PutGroupPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &PutGroupPolicyInput{}
	}

	req = c.newRequest(opPutGroupPolicy, input, output)
	output = &PutGroupPolicyOutput{}
	req.Data = output
	return
}

// Adds (or updates) an inline policy document that is embedded in the specified
// group.
//
// A user can also have managed policies attached to it. To attach a managed
// policy to a group, use AttachGroupPolicy. To create a new managed policy,
// use CreatePolicy. For information about policies, refer to Managed Policies
// and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
//
// For information about limits on the number of inline policies that you can
// embed in a group, see Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
//
// Because policy documents can be large, you should use POST rather than GET
// when calling PutGroupPolicy. For general information about using the Query
// API with IAM, go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the Using IAM guide.
func (c *IAM) PutGroupPolicy(input *PutGroupPolicyInput) (*PutGroupPolicyOutput, error) {
	req, out := c.PutGroupPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opPutGroupPolicy *aws.Operation

// PutRolePolicyRequest generates a request for the PutRolePolicy operation.
func (c *IAM) PutRolePolicyRequest(input *PutRolePolicyInput) (req *aws.Request, output *PutRolePolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opPutRolePolicy == nil {
		opPutRolePolicy = &aws.Operation{
			Name:       "PutRolePolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &PutRolePolicyInput{}
	}

	req = c.newRequest(opPutRolePolicy, input, output)
	output = &PutRolePolicyOutput{}
	req.Data = output
	return
}

// Adds (or updates) an inline policy document that is embedded in the specified
// role.
//
// When you embed an inline policy in a role, the inline policy is used as
// the role's access (permissions) policy. The role's trust policy is created
// at the same time as the role, using CreateRole. You can update a role's trust
// policy using UpdateAssumeRolePolicy. For more information about roles, go
// to Using Roles to Delegate Permissions and Federate Identities (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
//
// A role can also have a managed policy attached to it. To attach a managed
// policy to a role, use AttachRolePolicy. To create a new managed policy, use
// CreatePolicy. For information about policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
//
// For information about limits on the number of inline policies that you can
// embed with a role, see Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
//
// Because policy documents can be large, you should use POST rather than GET
// when calling PutRolePolicy. For general information about using the Query
// API with IAM, go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the Using IAM guide.
func (c *IAM) PutRolePolicy(input *PutRolePolicyInput) (*PutRolePolicyOutput, error) {
	req, out := c.PutRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

var opPutRolePolicy *aws.Operation

// PutUserPolicyRequest generates a request for the PutUserPolicy operation.
func (c *IAM) PutUserPolicyRequest(input *PutUserPolicyInput) (req *aws.Request, output *PutUserPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opPutUserPolicy == nil {
		opPutUserPolicy = &aws.Operation{
			Name:       "PutUserPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &PutUserPolicyInput{}
	}

	req = c.newRequest(opPutUserPolicy, input, output)
	output = &PutUserPolicyOutput{}
	req.Data = output
	return
}

// Adds (or updates) an inline policy document that is embedded in the specified
// user.
//
// A user can also have a managed policy attached to it. To attach a managed
// policy to a user, use AttachUserPolicy. To create a new managed policy, use
// CreatePolicy. For information about policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
//
// For information about limits on the number of inline policies that you can
// embed in a user, see Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
//
// Because policy documents can be large, you should use POST rather than GET
// when calling PutUserPolicy. For general information about using the Query
// API with IAM, go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the Using IAM guide.
func (c *IAM) PutUserPolicy(input *PutUserPolicyInput) (*PutUserPolicyOutput, error) {
	req, out := c.PutUserPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opPutUserPolicy *aws.Operation

// RemoveClientIDFromOpenIDConnectProviderRequest generates a request for the RemoveClientIDFromOpenIDConnectProvider operation.
func (c *IAM) RemoveClientIDFromOpenIDConnectProviderRequest(input *RemoveClientIDFromOpenIDConnectProviderInput) (req *aws.Request, output *RemoveClientIDFromOpenIDConnectProviderOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opRemoveClientIDFromOpenIDConnectProvider == nil {
		opRemoveClientIDFromOpenIDConnectProvider = &aws.Operation{
			Name:       "RemoveClientIDFromOpenIDConnectProvider",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &RemoveClientIDFromOpenIDConnectProviderInput{}
	}

	req = c.newRequest(opRemoveClientIDFromOpenIDConnectProvider, input, output)
	output = &RemoveClientIDFromOpenIDConnectProviderOutput{}
	req.Data = output
	return
}

// Removes the specified client ID (also known as audience) from the list of
// client IDs registered for the specified IAM OpenID Connect provider.
//
// This action is idempotent; it does not fail or return an error if you try
// to remove a client ID that was removed previously.
func (c *IAM) RemoveClientIDFromOpenIDConnectProvider(input *RemoveClientIDFromOpenIDConnectProviderInput) (*RemoveClientIDFromOpenIDConnectProviderOutput, error) {
	req, out := c.RemoveClientIDFromOpenIDConnectProviderRequest(input)
	err := req.Send()
	return out, err
}

var opRemoveClientIDFromOpenIDConnectProvider *aws.Operation

// RemoveRoleFromInstanceProfileRequest generates a request for the RemoveRoleFromInstanceProfile operation.
func (c *IAM) RemoveRoleFromInstanceProfileRequest(input *RemoveRoleFromInstanceProfileInput) (req *aws.Request, output *RemoveRoleFromInstanceProfileOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opRemoveRoleFromInstanceProfile == nil {
		opRemoveRoleFromInstanceProfile = &aws.Operation{
			Name:       "RemoveRoleFromInstanceProfile",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &RemoveRoleFromInstanceProfileInput{}
	}

	req = c.newRequest(opRemoveRoleFromInstanceProfile, input, output)
	output = &RemoveRoleFromInstanceProfileOutput{}
	req.Data = output
	return
}

// Removes the specified role from the specified instance profile.
//
//  Make sure you do not have any Amazon EC2 instances running with the role
// you are about to remove from the instance profile. Removing a role from an
// instance profile that is associated with a running instance will break any
// applications running on the instance.   For more information about roles,
// go to Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
// For more information about instance profiles, go to About Instance Profiles
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
func (c *IAM) RemoveRoleFromInstanceProfile(input *RemoveRoleFromInstanceProfileInput) (*RemoveRoleFromInstanceProfileOutput, error) {
	req, out := c.RemoveRoleFromInstanceProfileRequest(input)
	err := req.Send()
	return out, err
}

var opRemoveRoleFromInstanceProfile *aws.Operation

// RemoveUserFromGroupRequest generates a request for the RemoveUserFromGroup operation.
func (c *IAM) RemoveUserFromGroupRequest(input *RemoveUserFromGroupInput) (req *aws.Request, output *RemoveUserFromGroupOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opRemoveUserFromGroup == nil {
		opRemoveUserFromGroup = &aws.Operation{
			Name:       "RemoveUserFromGroup",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &RemoveUserFromGroupInput{}
	}

	req = c.newRequest(opRemoveUserFromGroup, input, output)
	output = &RemoveUserFromGroupOutput{}
	req.Data = output
	return
}

// Removes the specified user from the specified group.
func (c *IAM) RemoveUserFromGroup(input *RemoveUserFromGroupInput) (*RemoveUserFromGroupOutput, error) {
	req, out := c.RemoveUserFromGroupRequest(input)
	err := req.Send()
	return out, err
}

var opRemoveUserFromGroup *aws.Operation

// ResyncMFADeviceRequest generates a request for the ResyncMFADevice operation.
func (c *IAM) ResyncMFADeviceRequest(input *ResyncMFADeviceInput) (req *aws.Request, output *ResyncMFADeviceOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opResyncMFADevice == nil {
		opResyncMFADevice = &aws.Operation{
			Name:       "ResyncMFADevice",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &ResyncMFADeviceInput{}
	}

	req = c.newRequest(opResyncMFADevice, input, output)
	output = &ResyncMFADeviceOutput{}
	req.Data = output
	return
}

// Synchronizes the specified MFA device with AWS servers.
//
// For more information about creating and working with virtual MFA devices,
// go to Using a Virtual MFA Device (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the Using IAM guide.
func (c *IAM) ResyncMFADevice(input *ResyncMFADeviceInput) (*ResyncMFADeviceOutput, error) {
	req, out := c.ResyncMFADeviceRequest(input)
	err := req.Send()
	return out, err
}

var opResyncMFADevice *aws.Operation

// SetDefaultPolicyVersionRequest generates a request for the SetDefaultPolicyVersion operation.
func (c *IAM) SetDefaultPolicyVersionRequest(input *SetDefaultPolicyVersionInput) (req *aws.Request, output *SetDefaultPolicyVersionOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opSetDefaultPolicyVersion == nil {
		opSetDefaultPolicyVersion = &aws.Operation{
			Name:       "SetDefaultPolicyVersion",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &SetDefaultPolicyVersionInput{}
	}

	req = c.newRequest(opSetDefaultPolicyVersion, input, output)
	output = &SetDefaultPolicyVersionOutput{}
	req.Data = output
	return
}

// Sets the specified version of the specified policy as the policy's default
// (operative) version.
//
// This action affects all users, groups, and roles that the policy is attached
// to. To list the users, groups, and roles that the policy is attached to,
// use the ListEntitiesForPolicy API.
//
// For information about managed policies, refer to Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
func (c *IAM) SetDefaultPolicyVersion(input *SetDefaultPolicyVersionInput) (*SetDefaultPolicyVersionOutput, error) {
	req, out := c.SetDefaultPolicyVersionRequest(input)
	err := req.Send()
	return out, err
}

var opSetDefaultPolicyVersion *aws.Operation

// UpdateAccessKeyRequest generates a request for the UpdateAccessKey operation.
func (c *IAM) UpdateAccessKeyRequest(input *UpdateAccessKeyInput) (req *aws.Request, output *UpdateAccessKeyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUpdateAccessKey == nil {
		opUpdateAccessKey = &aws.Operation{
			Name:       "UpdateAccessKey",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UpdateAccessKeyInput{}
	}

	req = c.newRequest(opUpdateAccessKey, input, output)
	output = &UpdateAccessKeyOutput{}
	req.Data = output
	return
}

// Changes the status of the specified access key from Active to Inactive, or
// vice versa. This action can be used to disable a user's key as part of a
// key rotation work flow.
//
// If the UserName field is not specified, the UserName is determined implicitly
// based on the AWS access key ID used to sign the request. Because this action
// works for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
//
// For information about rotating keys, see Managing Keys and Certificates
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html)
// in the Using IAM guide.
func (c *IAM) UpdateAccessKey(input *UpdateAccessKeyInput) (*UpdateAccessKeyOutput, error) {
	req, out := c.UpdateAccessKeyRequest(input)
	err := req.Send()
	return out, err
}

var opUpdateAccessKey *aws.Operation

// UpdateAccountPasswordPolicyRequest generates a request for the UpdateAccountPasswordPolicy operation.
func (c *IAM) UpdateAccountPasswordPolicyRequest(input *UpdateAccountPasswordPolicyInput) (req *aws.Request, output *UpdateAccountPasswordPolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUpdateAccountPasswordPolicy == nil {
		opUpdateAccountPasswordPolicy = &aws.Operation{
			Name:       "UpdateAccountPasswordPolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UpdateAccountPasswordPolicyInput{}
	}

	req = c.newRequest(opUpdateAccountPasswordPolicy, input, output)
	output = &UpdateAccountPasswordPolicyOutput{}
	req.Data = output
	return
}

// Updates the password policy settings for the AWS account.
//
//  This action does not support partial updates. No parameters are required,
// but if you do not specify a parameter, that parameter's value reverts to
// its default value. See the Request Parameters section for each parameter's
// default value.
//
//   For more information about using a password policy, see Managing an IAM
// Password Policy (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html)
// in the Using IAM guide.
func (c *IAM) UpdateAccountPasswordPolicy(input *UpdateAccountPasswordPolicyInput) (*UpdateAccountPasswordPolicyOutput, error) {
	req, out := c.UpdateAccountPasswordPolicyRequest(input)
	err := req.Send()
	return out, err
}

var opUpdateAccountPasswordPolicy *aws.Operation

// UpdateAssumeRolePolicyRequest generates a request for the UpdateAssumeRolePolicy operation.
func (c *IAM) UpdateAssumeRolePolicyRequest(input *UpdateAssumeRolePolicyInput) (req *aws.Request, output *UpdateAssumeRolePolicyOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUpdateAssumeRolePolicy == nil {
		opUpdateAssumeRolePolicy = &aws.Operation{
			Name:       "UpdateAssumeRolePolicy",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UpdateAssumeRolePolicyInput{}
	}

	req = c.newRequest(opUpdateAssumeRolePolicy, input, output)
	output = &UpdateAssumeRolePolicyOutput{}
	req.Data = output
	return
}

// Updates the policy that grants an entity permission to assume a role. For
// more information about roles, go to Using Roles to Delegate Permissions and
// Federate Identities (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
func (c *IAM) UpdateAssumeRolePolicy(input *UpdateAssumeRolePolicyInput) (*UpdateAssumeRolePolicyOutput, error) {
	req, out := c.UpdateAssumeRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

var opUpdateAssumeRolePolicy *aws.Operation

// UpdateGroupRequest generates a request for the UpdateGroup operation.
func (c *IAM) UpdateGroupRequest(input *UpdateGroupInput) (req *aws.Request, output *UpdateGroupOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUpdateGroup == nil {
		opUpdateGroup = &aws.Operation{
			Name:       "UpdateGroup",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UpdateGroupInput{}
	}

	req = c.newRequest(opUpdateGroup, input, output)
	output = &UpdateGroupOutput{}
	req.Data = output
	return
}

// Updates the name and/or the path of the specified group.
//
//  You should understand the implications of changing a group's path or name.
// For more information, see Renaming Users and Groups (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html)
// in the Using IAM guide.  To change a group name the requester must have appropriate
// permissions on both the source object and the target object. For example,
// to change Managers to MGRs, the entity making the request must have permission
// on Managers and MGRs, or must have permission on all (*). For more information
// about permissions, see Permissions and Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html"
// target="blank).
func (c *IAM) UpdateGroup(input *UpdateGroupInput) (*UpdateGroupOutput, error) {
	req, out := c.UpdateGroupRequest(input)
	err := req.Send()
	return out, err
}

var opUpdateGroup *aws.Operation

// UpdateLoginProfileRequest generates a request for the UpdateLoginProfile operation.
func (c *IAM) UpdateLoginProfileRequest(input *UpdateLoginProfileInput) (req *aws.Request, output *UpdateLoginProfileOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUpdateLoginProfile == nil {
		opUpdateLoginProfile = &aws.Operation{
			Name:       "UpdateLoginProfile",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UpdateLoginProfileInput{}
	}

	req = c.newRequest(opUpdateLoginProfile, input, output)
	output = &UpdateLoginProfileOutput{}
	req.Data = output
	return
}

// Changes the password for the specified user.
//
// Users can change their own passwords by calling ChangePassword. For more
// information about modifying passwords, see Managing Passwords (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the Using IAM guide.
func (c *IAM) UpdateLoginProfile(input *UpdateLoginProfileInput) (*UpdateLoginProfileOutput, error) {
	req, out := c.UpdateLoginProfileRequest(input)
	err := req.Send()
	return out, err
}

var opUpdateLoginProfile *aws.Operation

// UpdateOpenIDConnectProviderThumbprintRequest generates a request for the UpdateOpenIDConnectProviderThumbprint operation.
func (c *IAM) UpdateOpenIDConnectProviderThumbprintRequest(input *UpdateOpenIDConnectProviderThumbprintInput) (req *aws.Request, output *UpdateOpenIDConnectProviderThumbprintOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUpdateOpenIDConnectProviderThumbprint == nil {
		opUpdateOpenIDConnectProviderThumbprint = &aws.Operation{
			Name:       "UpdateOpenIDConnectProviderThumbprint",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UpdateOpenIDConnectProviderThumbprintInput{}
	}

	req = c.newRequest(opUpdateOpenIDConnectProviderThumbprint, input, output)
	output = &UpdateOpenIDConnectProviderThumbprintOutput{}
	req.Data = output
	return
}

// Replaces the existing list of server certificate thumbprints with a new list.
//
// The list that you pass with this action completely replaces the existing
// list of thumbprints. (The lists are not merged.)
//
// Typically, you need to update a thumbprint only when the identity provider's
// certificate changes, which occurs rarely. However, if the provider's certificate
// does change, any attempt to assume an IAM role that specifies the OIDC provider
// as a principal will fail until the certificate thumbprint is updated.
//
// Because trust for the OpenID Connect provider is ultimately derived from
// the provider's certificate and is validated by the thumbprint, it is a best
// practice to limit access to the UpdateOpenIDConnectProviderThumbprint action
// to highly-privileged users.
func (c *IAM) UpdateOpenIDConnectProviderThumbprint(input *UpdateOpenIDConnectProviderThumbprintInput) (*UpdateOpenIDConnectProviderThumbprintOutput, error) {
	req, out := c.UpdateOpenIDConnectProviderThumbprintRequest(input)
	err := req.Send()
	return out, err
}

var opUpdateOpenIDConnectProviderThumbprint *aws.Operation

// UpdateSAMLProviderRequest generates a request for the UpdateSAMLProvider operation.
func (c *IAM) UpdateSAMLProviderRequest(input *UpdateSAMLProviderInput) (req *aws.Request, output *UpdateSAMLProviderOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUpdateSAMLProvider == nil {
		opUpdateSAMLProvider = &aws.Operation{
			Name:       "UpdateSAMLProvider",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UpdateSAMLProviderInput{}
	}

	req = c.newRequest(opUpdateSAMLProvider, input, output)
	output = &UpdateSAMLProviderOutput{}
	req.Data = output
	return
}

// Updates the metadata document for an existing SAML provider.
//
// This operation requires Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
func (c *IAM) UpdateSAMLProvider(input *UpdateSAMLProviderInput) (*UpdateSAMLProviderOutput, error) {
	req, out := c.UpdateSAMLProviderRequest(input)
	err := req.Send()
	return out, err
}

var opUpdateSAMLProvider *aws.Operation

// UpdateServerCertificateRequest generates a request for the UpdateServerCertificate operation.
func (c *IAM) UpdateServerCertificateRequest(input *UpdateServerCertificateInput) (req *aws.Request, output *UpdateServerCertificateOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUpdateServerCertificate == nil {
		opUpdateServerCertificate = &aws.Operation{
			Name:       "UpdateServerCertificate",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UpdateServerCertificateInput{}
	}

	req = c.newRequest(opUpdateServerCertificate, input, output)
	output = &UpdateServerCertificateOutput{}
	req.Data = output
	return
}

// Updates the name and/or the path of the specified server certificate.
//
//  You should understand the implications of changing a server certificate's
// path or name. For more information, see Managing Server Certificates (http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.html)
// in the Using IAM guide.  To change a server certificate name the requester
// must have appropriate permissions on both the source object and the target
// object. For example, to change the name from ProductionCert to ProdCert,
// the entity making the request must have permission on ProductionCert and
// ProdCert, or must have permission on all (*). For more information about
// permissions, see Permissions and Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html"
// target="blank).
func (c *IAM) UpdateServerCertificate(input *UpdateServerCertificateInput) (*UpdateServerCertificateOutput, error) {
	req, out := c.UpdateServerCertificateRequest(input)
	err := req.Send()
	return out, err
}

var opUpdateServerCertificate *aws.Operation

// UpdateSigningCertificateRequest generates a request for the UpdateSigningCertificate operation.
func (c *IAM) UpdateSigningCertificateRequest(input *UpdateSigningCertificateInput) (req *aws.Request, output *UpdateSigningCertificateOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUpdateSigningCertificate == nil {
		opUpdateSigningCertificate = &aws.Operation{
			Name:       "UpdateSigningCertificate",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UpdateSigningCertificateInput{}
	}

	req = c.newRequest(opUpdateSigningCertificate, input, output)
	output = &UpdateSigningCertificateOutput{}
	req.Data = output
	return
}

// Changes the status of the specified signing certificate from active to disabled,
// or vice versa. This action can be used to disable a user's signing certificate
// as part of a certificate rotation work flow.
//
// If the UserName field is not specified, the UserName is determined implicitly
// based on the AWS access key ID used to sign the request. Because this action
// works for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
func (c *IAM) UpdateSigningCertificate(input *UpdateSigningCertificateInput) (*UpdateSigningCertificateOutput, error) {
	req, out := c.UpdateSigningCertificateRequest(input)
	err := req.Send()
	return out, err
}

var opUpdateSigningCertificate *aws.Operation

// UpdateUserRequest generates a request for the UpdateUser operation.
func (c *IAM) UpdateUserRequest(input *UpdateUserInput) (req *aws.Request, output *UpdateUserOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUpdateUser == nil {
		opUpdateUser = &aws.Operation{
			Name:       "UpdateUser",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UpdateUserInput{}
	}

	req = c.newRequest(opUpdateUser, input, output)
	output = &UpdateUserOutput{}
	req.Data = output
	return
}

// Updates the name and/or the path of the specified user.
//
//  You should understand the implications of changing a user's path or name.
// For more information, see Renaming Users and Groups (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html)
// in the Using IAM guide.   To change a user name the requester must have appropriate
// permissions on both the source object and the target object. For example,
// to change Bob to Robert, the entity making the request must have permission
// on Bob and Robert, or must have permission on all (*). For more information
// about permissions, see Permissions and Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html"
// target="blank).
func (c *IAM) UpdateUser(input *UpdateUserInput) (*UpdateUserOutput, error) {
	req, out := c.UpdateUserRequest(input)
	err := req.Send()
	return out, err
}

var opUpdateUser *aws.Operation

// UploadServerCertificateRequest generates a request for the UploadServerCertificate operation.
func (c *IAM) UploadServerCertificateRequest(input *UploadServerCertificateInput) (req *aws.Request, output *UploadServerCertificateOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUploadServerCertificate == nil {
		opUploadServerCertificate = &aws.Operation{
			Name:       "UploadServerCertificate",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UploadServerCertificateInput{}
	}

	req = c.newRequest(opUploadServerCertificate, input, output)
	output = &UploadServerCertificateOutput{}
	req.Data = output
	return
}

// Uploads a server certificate entity for the AWS account. The server certificate
// entity includes a public key certificate, a private key, and an optional
// certificate chain, which should all be PEM-encoded.
//
// For information about the number of server certificates you can upload,
// see Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the Using IAM guide.
//
// Because the body of the public key certificate, private key, and the certificate
// chain can be large, you should use POST rather than GET when calling UploadServerCertificate.
// For information about setting up signatures and authorization through the
// API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
// in the AWS General Reference. For general information about using the Query
// API with IAM, go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the Using IAM guide.
func (c *IAM) UploadServerCertificate(input *UploadServerCertificateInput) (*UploadServerCertificateOutput, error) {
	req, out := c.UploadServerCertificateRequest(input)
	err := req.Send()
	return out, err
}

var opUploadServerCertificate *aws.Operation

// UploadSigningCertificateRequest generates a request for the UploadSigningCertificate operation.
func (c *IAM) UploadSigningCertificateRequest(input *UploadSigningCertificateInput) (req *aws.Request, output *UploadSigningCertificateOutput) {
	oprw.Lock()
	defer oprw.Unlock()

	if opUploadSigningCertificate == nil {
		opUploadSigningCertificate = &aws.Operation{
			Name:       "UploadSigningCertificate",
			HTTPMethod: "POST",
			HTTPPath:   "/",
		}
	}

	if input == nil {
		input = &UploadSigningCertificateInput{}
	}

	req = c.newRequest(opUploadSigningCertificate, input, output)
	output = &UploadSigningCertificateOutput{}
	req.Data = output
	return
}

// Uploads an X.509 signing certificate and associates it with the specified
// user. Some AWS services use X.509 signing certificates to validate requests
// that are signed with a corresponding private key. When you upload the certificate,
// its default status is Active.
//
// If the UserName field is not specified, the user name is determined implicitly
// based on the AWS access key ID used to sign the request. Because this action
// works for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
//
// Because the body of a X.509 certificate can be large, you should use POST
// rather than GET when calling UploadSigningCertificate. For information about
// setting up signatures and authorization through the API, go to Signing AWS
// API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
// in the AWS General Reference. For general information about using the Query
// API with IAM, go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the Using IAMguide.
func (c *IAM) UploadSigningCertificate(input *UploadSigningCertificateInput) (*UploadSigningCertificateOutput, error) {
	req, out := c.UploadSigningCertificateRequest(input)
	err := req.Send()
	return out, err
}

var opUploadSigningCertificate *aws.Operation

// Contains information about an AWS access key.
//
//  This data type is used as a response element in the CreateAccessKey and
// ListAccessKeys actions.
//
// The SecretAccessKey value is returned only in response to CreateAccessKey.
// You can get a secret access key only when you first create an access key;
// you cannot recover the secret access key later. If you lose a secret access
// key, you must create a new access key.
type AccessKey struct {
	// The ID for this access key.
	AccessKeyID *string `locationName:"AccessKeyId" type:"string" required:"true"`

	// The date when the access key was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The secret key used to sign requests.
	SecretAccessKey *string `type:"string" required:"true"`

	// The status of the access key. Active means the key is valid for API calls,
	// while Inactive means it is not.
	Status *string `type:"string" required:"true"`

	// The name of the IAM user that the access key is associated with.
	UserName *string `type:"string" required:"true"`

	metadataAccessKey `json:"-" xml:"-"`
}

type metadataAccessKey struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about the last time an AWS access key was used.
//
// This data type is used as a response element in the GetAccessKeyLastUsed
// action.
type AccessKeyLastUsed struct {
	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the access key was most recently used.
	LastUsedDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The AWS region where this access key was most recently used.
	//
	// For more information about AWS regions, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html)
	// in the Amazon Web Services General Reference.
	Region *string `type:"string" required:"true"`

	// The name of the AWS service with which this access key was most recently
	// used.
	ServiceName *string `type:"string" required:"true"`

	metadataAccessKeyLastUsed `json:"-" xml:"-"`
}

type metadataAccessKeyLastUsed struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an AWS access key, without its secret key.
//
// This data type is used as a response element in the ListAccessKeys action.
type AccessKeyMetadata struct {
	// The ID for this access key.
	AccessKeyID *string `locationName:"AccessKeyId" type:"string"`

	// The date when the access key was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The status of the access key. Active means the key is valid for API calls;
	// Inactive means it is not.
	Status *string `type:"string"`

	// The name of the IAM user that the key is associated with.
	UserName *string `type:"string"`

	metadataAccessKeyMetadata `json:"-" xml:"-"`
}

type metadataAccessKeyMetadata struct {
	SDKShapeTraits bool `type:"structure"`
}

type AddClientIDToOpenIDConnectProviderInput struct {
	// The client ID (also known as audience) to add to the IAM OpenID Connect provider.
	ClientID *string `type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider
	// to add the client ID to. You can get a list of OIDC provider ARNs by using
	// the ListOpenIDConnectProviders action.
	OpenIDConnectProviderARN *string `locationName:"OpenIDConnectProviderArn" type:"string" required:"true"`

	metadataAddClientIDToOpenIDConnectProviderInput `json:"-" xml:"-"`
}

type metadataAddClientIDToOpenIDConnectProviderInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AddClientIDToOpenIDConnectProviderOutput struct {
	metadataAddClientIDToOpenIDConnectProviderOutput `json:"-" xml:"-"`
}

type metadataAddClientIDToOpenIDConnectProviderOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AddRoleToInstanceProfileInput struct {
	// The name of the instance profile to update.
	InstanceProfileName *string `type:"string" required:"true"`

	// The name of the role to add.
	RoleName *string `type:"string" required:"true"`

	metadataAddRoleToInstanceProfileInput `json:"-" xml:"-"`
}

type metadataAddRoleToInstanceProfileInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AddRoleToInstanceProfileOutput struct {
	metadataAddRoleToInstanceProfileOutput `json:"-" xml:"-"`
}

type metadataAddRoleToInstanceProfileOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AddUserToGroupInput struct {
	// The name of the group to update.
	GroupName *string `type:"string" required:"true"`

	// The name of the user to add.
	UserName *string `type:"string" required:"true"`

	metadataAddUserToGroupInput `json:"-" xml:"-"`
}

type metadataAddUserToGroupInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AddUserToGroupOutput struct {
	metadataAddUserToGroupOutput `json:"-" xml:"-"`
}

type metadataAddUserToGroupOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AttachGroupPolicyInput struct {
	// The name (friendly name, not ARN) of the group to attach the policy to.
	GroupName *string `type:"string" required:"true"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	metadataAttachGroupPolicyInput `json:"-" xml:"-"`
}

type metadataAttachGroupPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AttachGroupPolicyOutput struct {
	metadataAttachGroupPolicyOutput `json:"-" xml:"-"`
}

type metadataAttachGroupPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AttachRolePolicyInput struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the role to attach the policy to.
	RoleName *string `type:"string" required:"true"`

	metadataAttachRolePolicyInput `json:"-" xml:"-"`
}

type metadataAttachRolePolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AttachRolePolicyOutput struct {
	metadataAttachRolePolicyOutput `json:"-" xml:"-"`
}

type metadataAttachRolePolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AttachUserPolicyInput struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the user to attach the policy to.
	UserName *string `type:"string" required:"true"`

	metadataAttachUserPolicyInput `json:"-" xml:"-"`
}

type metadataAttachUserPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type AttachUserPolicyOutput struct {
	metadataAttachUserPolicyOutput `json:"-" xml:"-"`
}

type metadataAttachUserPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an attached policy.
//
// An attached policy is a managed policy that has been attached to a user,
// group, or role. This data type is used as a response element in the ListAttachedGroupPolicies,
// ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails
// actions.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type AttachedPolicy struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string"`

	// The friendly name of the attached policy.
	PolicyName *string `type:"string"`

	metadataAttachedPolicy `json:"-" xml:"-"`
}

type metadataAttachedPolicy struct {
	SDKShapeTraits bool `type:"structure"`
}

type ChangePasswordInput struct {
	// The new password. The new password must conform to the AWS account's password
	// policy, if one exists.
	NewPassword *string `type:"string" required:"true"`

	// The IAM user's current password.
	OldPassword *string `type:"string" required:"true"`

	metadataChangePasswordInput `json:"-" xml:"-"`
}

type metadataChangePasswordInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ChangePasswordOutput struct {
	metadataChangePasswordOutput `json:"-" xml:"-"`
}

type metadataChangePasswordOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateAccessKeyInput struct {
	// The user name that the new key will belong to.
	UserName *string `type:"string"`

	metadataCreateAccessKeyInput `json:"-" xml:"-"`
}

type metadataCreateAccessKeyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreateAccessKey request.
type CreateAccessKeyOutput struct {
	// Information about the access key.
	AccessKey *AccessKey `type:"structure" required:"true"`

	metadataCreateAccessKeyOutput `json:"-" xml:"-"`
}

type metadataCreateAccessKeyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateAccountAliasInput struct {
	// The account alias to create.
	AccountAlias *string `type:"string" required:"true"`

	metadataCreateAccountAliasInput `json:"-" xml:"-"`
}

type metadataCreateAccountAliasInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateAccountAliasOutput struct {
	metadataCreateAccountAliasOutput `json:"-" xml:"-"`
}

type metadataCreateAccountAliasOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateGroupInput struct {
	// The name of the group to create. Do not include the path in this value.
	GroupName *string `type:"string" required:"true"`

	// The path to the group. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	Path *string `type:"string"`

	metadataCreateGroupInput `json:"-" xml:"-"`
}

type metadataCreateGroupInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreateGroup request.
type CreateGroupOutput struct {
	// Information about the group.
	Group *Group `type:"structure" required:"true"`

	metadataCreateGroupOutput `json:"-" xml:"-"`
}

type metadataCreateGroupOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateInstanceProfileInput struct {
	// The name of the instance profile to create.
	InstanceProfileName *string `type:"string" required:"true"`

	// The path to the instance profile. For more information about paths, see IAM
	// Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	Path *string `type:"string"`

	metadataCreateInstanceProfileInput `json:"-" xml:"-"`
}

type metadataCreateInstanceProfileInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreateInstanceProfile request.
type CreateInstanceProfileOutput struct {
	// Information about the instance profile.
	InstanceProfile *InstanceProfile `type:"structure" required:"true"`

	metadataCreateInstanceProfileOutput `json:"-" xml:"-"`
}

type metadataCreateInstanceProfileOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateLoginProfileInput struct {
	// The new password for the user.
	Password *string `type:"string" required:"true"`

	// Specifies whether the user is required to set a new password on next sign-in.
	PasswordResetRequired *bool `type:"boolean"`

	// The name of the user to create a password for.
	UserName *string `type:"string" required:"true"`

	metadataCreateLoginProfileInput `json:"-" xml:"-"`
}

type metadataCreateLoginProfileInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreateLoginProfile request.
type CreateLoginProfileOutput struct {
	// The user name and password create date.
	LoginProfile *LoginProfile `type:"structure" required:"true"`

	metadataCreateLoginProfileOutput `json:"-" xml:"-"`
}

type metadataCreateLoginProfileOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateOpenIDConnectProviderInput struct {
	// A list of client IDs (also known as audiences). When a mobile or web app
	// registers with an OpenID Connect provider, they establish a value that identifies
	// the application. (This is the value that's sent as the client_id parameter
	// on OAuth requests.)
	//
	// You can register multiple client IDs with the same provider. For example,
	// you might have multiple applications that use the same OIDC provider. You
	// cannot register more than 100 client IDs with a single IAM OIDC provider.
	//
	// There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest
	// action accepts client IDs up to 255 characters long.
	ClientIDList []*string `type:"list"`

	// A list of server certificate thumbprints for the OpenID Connect (OIDC) identity
	// provider's server certificate(s). Typically this list includes only one entry.
	// However, IAM lets you have up to five thumbprints for an OIDC provider. This
	// lets you maintain multiple thumbprints if the identity provider is rotating
	// certificates.
	//
	// The server certificate thumbprint is the hex-encoded SHA-1 hash value of
	// the X.509 certificate used by the domain where the OpenID Connect provider
	// makes its keys available. It is always a 40-character string.
	//
	// You must provide at least one thumbprint when creating an IAM OIDC provider.
	// For example, if the OIDC provider is server.example.com and the provider
	// stores its keys at "https://keys.server.example.com/openid-connect", the
	// thumbprint string would be the hex-encoded SHA-1 hash value of the certificate
	// used by https://keys.server.example.com.
	//
	// For more information about obtaining the OIDC provider's thumbprint, see
	// Obtaining the Thumbprint for an OpenID Connect Provider (http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html)
	// in the Using IAM guide.
	ThumbprintList []*string `type:"list" required:"true"`

	// The URL of the identity provider. The URL must begin with "https://" and
	// should correspond to the iss claim in the provider's OpenID Connect ID tokens.
	// Per the OIDC standard, path components are allowed but query parameters are
	// not. Typically the URL consists of only a host name, like "https://server.example.org"
	// or "https://example.com".
	//
	// You cannot register the same provider multiple times in a single AWS account.
	// If you try to submit a URL that has already been used for an OpenID Connect
	// provider in the AWS account, you will get an error.
	URL *string `locationName:"Url" type:"string" required:"true"`

	metadataCreateOpenIDConnectProviderInput `json:"-" xml:"-"`
}

type metadataCreateOpenIDConnectProviderInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreateOpenIDConnectProvider request.
type CreateOpenIDConnectProviderOutput struct {
	// The Amazon Resource Name (ARN) of the IAM OpenID Connect provider that was
	// created. For more information, see OpenIDConnectProviderListEntry.
	OpenIDConnectProviderARN *string `locationName:"OpenIDConnectProviderArn" type:"string"`

	metadataCreateOpenIDConnectProviderOutput `json:"-" xml:"-"`
}

type metadataCreateOpenIDConnectProviderOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreatePolicyInput struct {
	// A friendly description of the policy.
	//
	// Typically used to store information about the permissions defined in the
	// policy. For example, "Grants access to production DynamoDB tables."
	//
	// The policy description is immutable. After a value is assigned, it cannot
	// be changed.
	Description *string `type:"string"`

	// The path for the policy.
	//
	// For more information about paths, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	Path *string `type:"string"`

	// The policy document.
	PolicyDocument *string `type:"string" required:"true"`

	// The name of the policy document.
	PolicyName *string `type:"string" required:"true"`

	metadataCreatePolicyInput `json:"-" xml:"-"`
}

type metadataCreatePolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreatePolicy request.
type CreatePolicyOutput struct {
	// Information about the policy.
	Policy *Policy `type:"structure"`

	metadataCreatePolicyOutput `json:"-" xml:"-"`
}

type metadataCreatePolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreatePolicyVersionInput struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	// The policy document.
	PolicyDocument *string `type:"string" required:"true"`

	// Specifies whether to set this version as the policy's default version.
	//
	// When this parameter is true, the new policy version becomes the operative
	// version; that is, the version that is in effect for the IAM users, groups,
	// and roles that the policy is attached to.
	//
	// For more information about managed policy versions, see Versioning for Managed
	// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the Using IAM guide.
	SetAsDefault *bool `type:"boolean"`

	metadataCreatePolicyVersionInput `json:"-" xml:"-"`
}

type metadataCreatePolicyVersionInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreatePolicyVersion request.
type CreatePolicyVersionOutput struct {
	// Information about the policy version.
	PolicyVersion *PolicyVersion `type:"structure"`

	metadataCreatePolicyVersionOutput `json:"-" xml:"-"`
}

type metadataCreatePolicyVersionOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateRoleInput struct {
	// The policy that grants an entity permission to assume the role.
	AssumeRolePolicyDocument *string `type:"string" required:"true"`

	// The path to the role. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	Path *string `type:"string"`

	// The name of the role to create.
	RoleName *string `type:"string" required:"true"`

	metadataCreateRoleInput `json:"-" xml:"-"`
}

type metadataCreateRoleInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreateRole request.
type CreateRoleOutput struct {
	// Information about the role.
	Role *Role `type:"structure" required:"true"`

	metadataCreateRoleOutput `json:"-" xml:"-"`
}

type metadataCreateRoleOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateSAMLProviderInput struct {
	// The name of the provider to create.
	Name *string `type:"string" required:"true"`

	// An XML document generated by an identity provider (IdP) that supports SAML
	// 2.0. The document includes the issuer's name, expiration information, and
	// keys that can be used to validate the SAML authentication response (assertions)
	// that are received from the IdP. You must generate the metadata document using
	// the identity management software that is used as your organization's IdP.
	//
	// For more information, see Creating Temporary Security Credentials for SAML
	// Federation (http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSAML.html)
	// in the Using Temporary Security Credentials guide.
	SAMLMetadataDocument *string `type:"string" required:"true"`

	metadataCreateSAMLProviderInput `json:"-" xml:"-"`
}

type metadataCreateSAMLProviderInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreateSAMLProvider request.
type CreateSAMLProviderOutput struct {
	// The Amazon Resource Name (ARN) of the SAML provider.
	SAMLProviderARN *string `locationName:"SAMLProviderArn" type:"string"`

	metadataCreateSAMLProviderOutput `json:"-" xml:"-"`
}

type metadataCreateSAMLProviderOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateUserInput struct {
	// The path for the user name. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	Path *string `type:"string"`

	// The name of the user to create.
	UserName *string `type:"string" required:"true"`

	metadataCreateUserInput `json:"-" xml:"-"`
}

type metadataCreateUserInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreateUser request.
type CreateUserOutput struct {
	// Information about the user.
	User *User `type:"structure"`

	metadataCreateUserOutput `json:"-" xml:"-"`
}

type metadataCreateUserOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type CreateVirtualMFADeviceInput struct {
	// The path for the virtual MFA device. For more information about paths, see
	// IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	Path *string `type:"string"`

	// The name of the virtual MFA device. Use with path to uniquely identify a
	// virtual MFA device.
	VirtualMFADeviceName *string `type:"string" required:"true"`

	metadataCreateVirtualMFADeviceInput `json:"-" xml:"-"`
}

type metadataCreateVirtualMFADeviceInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful CreateVirtualMFADevice request.
type CreateVirtualMFADeviceOutput struct {
	// A newly created virtual MFA device.
	VirtualMFADevice *VirtualMFADevice `type:"structure" required:"true"`

	metadataCreateVirtualMFADeviceOutput `json:"-" xml:"-"`
}

type metadataCreateVirtualMFADeviceOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeactivateMFADeviceInput struct {
	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the device ARN.
	SerialNumber *string `type:"string" required:"true"`

	// The name of the user whose MFA device you want to deactivate.
	UserName *string `type:"string" required:"true"`

	metadataDeactivateMFADeviceInput `json:"-" xml:"-"`
}

type metadataDeactivateMFADeviceInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeactivateMFADeviceOutput struct {
	metadataDeactivateMFADeviceOutput `json:"-" xml:"-"`
}

type metadataDeactivateMFADeviceOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteAccessKeyInput struct {
	// The access key ID for the access key ID and secret access key you want to
	// delete.
	AccessKeyID *string `locationName:"AccessKeyId" type:"string" required:"true"`

	// The name of the user whose key you want to delete.
	UserName *string `type:"string"`

	metadataDeleteAccessKeyInput `json:"-" xml:"-"`
}

type metadataDeleteAccessKeyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteAccessKeyOutput struct {
	metadataDeleteAccessKeyOutput `json:"-" xml:"-"`
}

type metadataDeleteAccessKeyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteAccountAliasInput struct {
	// The name of the account alias to delete.
	AccountAlias *string `type:"string" required:"true"`

	metadataDeleteAccountAliasInput `json:"-" xml:"-"`
}

type metadataDeleteAccountAliasInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteAccountAliasOutput struct {
	metadataDeleteAccountAliasOutput `json:"-" xml:"-"`
}

type metadataDeleteAccountAliasOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteAccountPasswordPolicyInput struct {
	metadataDeleteAccountPasswordPolicyInput `json:"-" xml:"-"`
}

type metadataDeleteAccountPasswordPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteAccountPasswordPolicyOutput struct {
	metadataDeleteAccountPasswordPolicyOutput `json:"-" xml:"-"`
}

type metadataDeleteAccountPasswordPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteGroupInput struct {
	// The name of the group to delete.
	GroupName *string `type:"string" required:"true"`

	metadataDeleteGroupInput `json:"-" xml:"-"`
}

type metadataDeleteGroupInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteGroupOutput struct {
	metadataDeleteGroupOutput `json:"-" xml:"-"`
}

type metadataDeleteGroupOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteGroupPolicyInput struct {
	// The name (friendly name, not ARN) identifying the group that the policy is
	// embedded in.
	GroupName *string `type:"string" required:"true"`

	// The name identifying the policy document to delete.
	PolicyName *string `type:"string" required:"true"`

	metadataDeleteGroupPolicyInput `json:"-" xml:"-"`
}

type metadataDeleteGroupPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteGroupPolicyOutput struct {
	metadataDeleteGroupPolicyOutput `json:"-" xml:"-"`
}

type metadataDeleteGroupPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteInstanceProfileInput struct {
	// The name of the instance profile to delete.
	InstanceProfileName *string `type:"string" required:"true"`

	metadataDeleteInstanceProfileInput `json:"-" xml:"-"`
}

type metadataDeleteInstanceProfileInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteInstanceProfileOutput struct {
	metadataDeleteInstanceProfileOutput `json:"-" xml:"-"`
}

type metadataDeleteInstanceProfileOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteLoginProfileInput struct {
	// The name of the user whose password you want to delete.
	UserName *string `type:"string" required:"true"`

	metadataDeleteLoginProfileInput `json:"-" xml:"-"`
}

type metadataDeleteLoginProfileInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteLoginProfileOutput struct {
	metadataDeleteLoginProfileOutput `json:"-" xml:"-"`
}

type metadataDeleteLoginProfileOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteOpenIDConnectProviderInput struct {
	// The Amazon Resource Name (ARN) of the IAM OpenID Connect provider to delete.
	// You can get a list of OpenID Connect provider ARNs by using the ListOpenIDConnectProviders
	// action.
	OpenIDConnectProviderARN *string `locationName:"OpenIDConnectProviderArn" type:"string" required:"true"`

	metadataDeleteOpenIDConnectProviderInput `json:"-" xml:"-"`
}

type metadataDeleteOpenIDConnectProviderInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteOpenIDConnectProviderOutput struct {
	metadataDeleteOpenIDConnectProviderOutput `json:"-" xml:"-"`
}

type metadataDeleteOpenIDConnectProviderOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeletePolicyInput struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	metadataDeletePolicyInput `json:"-" xml:"-"`
}

type metadataDeletePolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeletePolicyOutput struct {
	metadataDeletePolicyOutput `json:"-" xml:"-"`
}

type metadataDeletePolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeletePolicyVersionInput struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	// The policy version to delete.
	//
	// For more information about managed policy versions, see Versioning for Managed
	// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the Using IAM guide.
	VersionID *string `locationName:"VersionId" type:"string" required:"true"`

	metadataDeletePolicyVersionInput `json:"-" xml:"-"`
}

type metadataDeletePolicyVersionInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeletePolicyVersionOutput struct {
	metadataDeletePolicyVersionOutput `json:"-" xml:"-"`
}

type metadataDeletePolicyVersionOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteRoleInput struct {
	// The name of the role to delete.
	RoleName *string `type:"string" required:"true"`

	metadataDeleteRoleInput `json:"-" xml:"-"`
}

type metadataDeleteRoleInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteRoleOutput struct {
	metadataDeleteRoleOutput `json:"-" xml:"-"`
}

type metadataDeleteRoleOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteRolePolicyInput struct {
	// The name identifying the policy document to delete.
	PolicyName *string `type:"string" required:"true"`

	// The name (friendly name, not ARN) identifying the role that the policy is
	// embedded in.
	RoleName *string `type:"string" required:"true"`

	metadataDeleteRolePolicyInput `json:"-" xml:"-"`
}

type metadataDeleteRolePolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteRolePolicyOutput struct {
	metadataDeleteRolePolicyOutput `json:"-" xml:"-"`
}

type metadataDeleteRolePolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteSAMLProviderInput struct {
	// The Amazon Resource Name (ARN) of the SAML provider to delete.
	SAMLProviderARN *string `locationName:"SAMLProviderArn" type:"string" required:"true"`

	metadataDeleteSAMLProviderInput `json:"-" xml:"-"`
}

type metadataDeleteSAMLProviderInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteSAMLProviderOutput struct {
	metadataDeleteSAMLProviderOutput `json:"-" xml:"-"`
}

type metadataDeleteSAMLProviderOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteServerCertificateInput struct {
	// The name of the server certificate you want to delete.
	ServerCertificateName *string `type:"string" required:"true"`

	metadataDeleteServerCertificateInput `json:"-" xml:"-"`
}

type metadataDeleteServerCertificateInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteServerCertificateOutput struct {
	metadataDeleteServerCertificateOutput `json:"-" xml:"-"`
}

type metadataDeleteServerCertificateOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteSigningCertificateInput struct {
	// The ID of the signing certificate to delete.
	CertificateID *string `locationName:"CertificateId" type:"string" required:"true"`

	// The name of the user the signing certificate belongs to.
	UserName *string `type:"string"`

	metadataDeleteSigningCertificateInput `json:"-" xml:"-"`
}

type metadataDeleteSigningCertificateInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteSigningCertificateOutput struct {
	metadataDeleteSigningCertificateOutput `json:"-" xml:"-"`
}

type metadataDeleteSigningCertificateOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteUserInput struct {
	// The name of the user to delete.
	UserName *string `type:"string" required:"true"`

	metadataDeleteUserInput `json:"-" xml:"-"`
}

type metadataDeleteUserInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteUserOutput struct {
	metadataDeleteUserOutput `json:"-" xml:"-"`
}

type metadataDeleteUserOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteUserPolicyInput struct {
	// The name identifying the policy document to delete.
	PolicyName *string `type:"string" required:"true"`

	// The name (friendly name, not ARN) identifying the user that the policy is
	// embedded in.
	UserName *string `type:"string" required:"true"`

	metadataDeleteUserPolicyInput `json:"-" xml:"-"`
}

type metadataDeleteUserPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteUserPolicyOutput struct {
	metadataDeleteUserPolicyOutput `json:"-" xml:"-"`
}

type metadataDeleteUserPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteVirtualMFADeviceInput struct {
	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the same as the ARN.
	SerialNumber *string `type:"string" required:"true"`

	metadataDeleteVirtualMFADeviceInput `json:"-" xml:"-"`
}

type metadataDeleteVirtualMFADeviceInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DeleteVirtualMFADeviceOutput struct {
	metadataDeleteVirtualMFADeviceOutput `json:"-" xml:"-"`
}

type metadataDeleteVirtualMFADeviceOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DetachGroupPolicyInput struct {
	// The name (friendly name, not ARN) of the group to detach the policy from.
	GroupName *string `type:"string" required:"true"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	metadataDetachGroupPolicyInput `json:"-" xml:"-"`
}

type metadataDetachGroupPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DetachGroupPolicyOutput struct {
	metadataDetachGroupPolicyOutput `json:"-" xml:"-"`
}

type metadataDetachGroupPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DetachRolePolicyInput struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the role to detach the policy from.
	RoleName *string `type:"string" required:"true"`

	metadataDetachRolePolicyInput `json:"-" xml:"-"`
}

type metadataDetachRolePolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DetachRolePolicyOutput struct {
	metadataDetachRolePolicyOutput `json:"-" xml:"-"`
}

type metadataDetachRolePolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DetachUserPolicyInput struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the user to detach the policy from.
	UserName *string `type:"string" required:"true"`

	metadataDetachUserPolicyInput `json:"-" xml:"-"`
}

type metadataDetachUserPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type DetachUserPolicyOutput struct {
	metadataDetachUserPolicyOutput `json:"-" xml:"-"`
}

type metadataDetachUserPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type EnableMFADeviceInput struct {
	// An authentication code emitted by the device.
	AuthenticationCode1 *string `type:"string" required:"true"`

	// A subsequent authentication code emitted by the device.
	AuthenticationCode2 *string `type:"string" required:"true"`

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the device ARN.
	SerialNumber *string `type:"string" required:"true"`

	// The name of the user for whom you want to enable the MFA device.
	UserName *string `type:"string" required:"true"`

	metadataEnableMFADeviceInput `json:"-" xml:"-"`
}

type metadataEnableMFADeviceInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type EnableMFADeviceOutput struct {
	metadataEnableMFADeviceOutput `json:"-" xml:"-"`
}

type metadataEnableMFADeviceOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GenerateCredentialReportInput struct {
	metadataGenerateCredentialReportInput `json:"-" xml:"-"`
}

type metadataGenerateCredentialReportInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GenerateCredentialReport request.
type GenerateCredentialReportOutput struct {
	// Information about the credential report.
	Description *string `type:"string"`

	// Information about the state of the credential report.
	State *string `type:"string"`

	metadataGenerateCredentialReportOutput `json:"-" xml:"-"`
}

type metadataGenerateCredentialReportOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetAccessKeyLastUsedInput struct {
	// The identifier of an access key.
	AccessKeyID *string `locationName:"AccessKeyId" type:"string" required:"true"`

	metadataGetAccessKeyLastUsedInput `json:"-" xml:"-"`
}

type metadataGetAccessKeyLastUsedInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetAccessKeyLastUsed request. It is
// also returned as a member of the AccessKeyMetaData structure returned by
// the ListAccessKeys action.
type GetAccessKeyLastUsedOutput struct {
	// Contains information about the last time the access key was used.
	AccessKeyLastUsed *AccessKeyLastUsed `type:"structure"`

	// The name of the AWS IAM user that owns this access key.
	UserName *string `type:"string"`

	metadataGetAccessKeyLastUsedOutput `json:"-" xml:"-"`
}

type metadataGetAccessKeyLastUsedOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetAccountAuthorizationDetailsInput struct {
	// A list of entity types (user, group, role, local managed policy, or AWS managed
	// policy) for filtering the results.
	Filter []*string `type:"list"`

	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If there are additional items beyond the maximum
	// you specify, the IsTruncated response element is true. This parameter is
	// optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	metadataGetAccountAuthorizationDetailsInput `json:"-" xml:"-"`
}

type metadataGetAccountAuthorizationDetailsInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetAccountAuthorizationDetails request.
type GetAccountAuthorizationDetailsOutput struct {
	// A list containing information about IAM groups.
	GroupDetailList []*GroupDetail `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list containing information about managed policies.
	Policies []*ManagedPolicyDetail `type:"list"`

	// A list containing information about IAM roles.
	RoleDetailList []*RoleDetail `type:"list"`

	// A list containing information about IAM users.
	UserDetailList []*UserDetail `type:"list"`

	metadataGetAccountAuthorizationDetailsOutput `json:"-" xml:"-"`
}

type metadataGetAccountAuthorizationDetailsOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetAccountPasswordPolicyInput struct {
	metadataGetAccountPasswordPolicyInput `json:"-" xml:"-"`
}

type metadataGetAccountPasswordPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetAccountPasswordPolicy request.
type GetAccountPasswordPolicyOutput struct {
	// Contains information about the account password policy.
	//
	//  This data type is used as a response element in the GetAccountPasswordPolicy
	// action.
	PasswordPolicy *PasswordPolicy `type:"structure" required:"true"`

	metadataGetAccountPasswordPolicyOutput `json:"-" xml:"-"`
}

type metadataGetAccountPasswordPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetAccountSummaryInput struct {
	metadataGetAccountSummaryInput `json:"-" xml:"-"`
}

type metadataGetAccountSummaryInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetAccountSummary request.
type GetAccountSummaryOutput struct {
	// A set of key value pairs containing information about IAM entity usage and
	// IAM quotas.
	//
	//  SummaryMap contains the following keys:   AccessKeysPerUserQuota
	//
	// The maximum number of active access keys allowed for each IAM user.
	//
	//   AccountAccessKeysPresent
	//
	// This value is 1 if the AWS account (root) has an access key, otherwise it
	// is 0.
	//
	//   AccountMFAEnabled
	//
	// This value is 1 if the AWS account (root) has an MFA device assigned, otherwise
	// it is 0.
	//
	//   AccountSigningCertificatesPresent
	//
	// This value is 1 if the AWS account (root) has a signing certificate, otherwise
	// it is 0.
	//
	//   AssumeRolePolicySizeQuota
	//
	// The maximum allowed size for assume role policy documents (trust policies),
	// in non-whitespace characters.
	//
	//   AttachedPoliciesPerGroupQuota
	//
	// The maximum number of managed policies that can be attached to an IAM group.
	//
	//   AttachedPoliciesPerRoleQuota
	//
	// The maximum number of managed policies that can be attached to an IAM role.
	//
	//   AttachedPoliciesPerUserQuota
	//
	// The maximum number of managed policies that can be attached to an IAM user.
	//
	//   GroupPolicySizeQuota
	//
	// The maximum allowed size for the aggregate of all inline policies embedded
	// in an IAM group, in non-whitespace characters.
	//
	//   Groups
	//
	// The number of IAM groups in the AWS account.
	//
	//   GroupsPerUserQuota
	//
	// The maximum number of IAM groups each IAM user can belong to.
	//
	//   GroupsQuota
	//
	// The maximum number of IAM groups allowed in the AWS account.
	//
	//   InstanceProfiles
	//
	// The number of instance profiles in the AWS account.
	//
	//   InstanceProfilesQuota
	//
	// The maximum number of instance profiles allowed in the AWS account.
	//
	//   MFADevices
	//
	// The number of MFA devices in the AWS account, including those assigned and
	// unassigned.
	//
	//   MFADevicesInUse
	//
	// The number of MFA devices that have been assigned to an IAM user or to the
	// AWS account (root).
	//
	//   Policies
	//
	// The number of customer managed policies in the AWS account.
	//
	//   PoliciesQuota
	//
	// The maximum number of customer managed policies allowed in the AWS account.
	//
	//   PolicySizeQuota
	//
	// The maximum allowed size of a customer managed policy, in non-whitespace
	// characters.
	//
	//   PolicyVersionsInUse
	//
	// The number of managed policies that are attached to IAM users, groups, or
	// roles in the AWS account.
	//
	//   PolicyVersionsInUseQuota
	//
	// The maximum number of managed policies that can be attached to IAM users,
	// groups, or roles in the AWS account.
	//
	//   Providers
	//
	// The number of identity providers in the AWS account.
	//
	//   RolePolicySizeQuota
	//
	// The maximum allowed size for the aggregate of all inline policies (access
	// policies, not the trust policy) embedded in an IAM role, in non-whitespace
	// characters.
	//
	//   Roles
	//
	// The number of IAM roles in the AWS account.
	//
	//   RolesQuota
	//
	// The maximum number of IAM roles allowed in the AWS account.
	//
	//   ServerCertificates
	//
	// The number of server certificates in the AWS account.
	//
	//   ServerCertificatesQuota
	//
	// The maximum number of server certificates allowed in the AWS account.
	//
	//   SigningCertificatesPerUserQuota
	//
	// The maximum number of X.509 signing certificates allowed for each IAM user.
	//
	//   UserPolicySizeQuota
	//
	// The maximum allowed size for the aggregate of all inline policies embedded
	// in an IAM user, in non-whitespace characters.
	//
	//   Users
	//
	// The number of IAM users in the AWS account.
	//
	//   UsersQuota
	//
	// The maximum number of IAM users allowed in the AWS account.
	//
	//   VersionsPerPolicyQuota
	//
	// The maximum number of policy versions allowed for each managed policy.
	SummaryMap map[string]*int64 `type:"map"`

	metadataGetAccountSummaryOutput `json:"-" xml:"-"`
}

type metadataGetAccountSummaryOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetCredentialReportInput struct {
	metadataGetCredentialReportInput `json:"-" xml:"-"`
}

type metadataGetCredentialReportInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetCredentialReport request.
type GetCredentialReportOutput struct {
	// Contains the credential report. The report is Base64-encoded.
	Content []byte `type:"blob"`

	// The date and time when the credential report was created, in ISO 8601 date-time
	// format (http://www.iso.org/iso/iso8601).
	GeneratedTime *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The format (MIME type) of the credential report.
	ReportFormat *string `type:"string"`

	metadataGetCredentialReportOutput `json:"-" xml:"-"`
}

type metadataGetCredentialReportOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetGroupInput struct {
	// The name of the group.
	GroupName *string `type:"string" required:"true"`

	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of groups
	// you want in the response. If there are additional groups beyond the maximum
	// you specify, the IsTruncated response element is true. This parameter is
	// optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	metadataGetGroupInput `json:"-" xml:"-"`
}

type metadataGetGroupInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetGroup request.
type GetGroupOutput struct {
	// Information about the group.
	Group *Group `type:"structure" required:"true"`

	// A flag that indicates whether there are more user names to list. If your
	// results were truncated, you can make a subsequent pagination request using
	// the Marker request parameter to retrieve more user names in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, then this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of users in the group.
	Users []*User `type:"list" required:"true"`

	metadataGetGroupOutput `json:"-" xml:"-"`
}

type metadataGetGroupOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetGroupPolicyInput struct {
	// The name of the group the policy is associated with.
	GroupName *string `type:"string" required:"true"`

	// The name of the policy document to get.
	PolicyName *string `type:"string" required:"true"`

	metadataGetGroupPolicyInput `json:"-" xml:"-"`
}

type metadataGetGroupPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetGroupPolicy request.
type GetGroupPolicyOutput struct {
	// The group the policy is associated with.
	GroupName *string `type:"string" required:"true"`

	// The policy document.
	PolicyDocument *string `type:"string" required:"true"`

	// The name of the policy.
	PolicyName *string `type:"string" required:"true"`

	metadataGetGroupPolicyOutput `json:"-" xml:"-"`
}

type metadataGetGroupPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetInstanceProfileInput struct {
	// The name of the instance profile to get information about.
	InstanceProfileName *string `type:"string" required:"true"`

	metadataGetInstanceProfileInput `json:"-" xml:"-"`
}

type metadataGetInstanceProfileInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetInstanceProfile request.
type GetInstanceProfileOutput struct {
	// Information about the instance profile.
	InstanceProfile *InstanceProfile `type:"structure" required:"true"`

	metadataGetInstanceProfileOutput `json:"-" xml:"-"`
}

type metadataGetInstanceProfileOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetLoginProfileInput struct {
	// The name of the user whose login profile you want to retrieve.
	UserName *string `type:"string" required:"true"`

	metadataGetLoginProfileInput `json:"-" xml:"-"`
}

type metadataGetLoginProfileInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetLoginProfile request.
type GetLoginProfileOutput struct {
	// The user name and password create date for the user.
	LoginProfile *LoginProfile `type:"structure" required:"true"`

	metadataGetLoginProfileOutput `json:"-" xml:"-"`
}

type metadataGetLoginProfileOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetOpenIDConnectProviderInput struct {
	// The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider
	// to get information for. You can get a list of OIDC provider ARNs by using
	// the ListOpenIDConnectProviders action.
	OpenIDConnectProviderARN *string `locationName:"OpenIDConnectProviderArn" type:"string" required:"true"`

	metadataGetOpenIDConnectProviderInput `json:"-" xml:"-"`
}

type metadataGetOpenIDConnectProviderInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetOpenIDConnectProvider request.
type GetOpenIDConnectProviderOutput struct {
	// A list of client IDs (also known as audiences) that are associated with the
	// specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
	ClientIDList []*string `type:"list"`

	// The date and time when the IAM OpenID Connect provider entity was created
	// in the AWS account.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// A list of certificate thumbprints that are associated with the specified
	// IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
	ThumbprintList []*string `type:"list"`

	// The URL that the IAM OpenID Connect provider is associated with. For more
	// information, see CreateOpenIDConnectProvider.
	URL *string `locationName:"Url" type:"string"`

	metadataGetOpenIDConnectProviderOutput `json:"-" xml:"-"`
}

type metadataGetOpenIDConnectProviderOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetPolicyInput struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	metadataGetPolicyInput `json:"-" xml:"-"`
}

type metadataGetPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetPolicy request.
type GetPolicyOutput struct {
	// Information about the policy.
	Policy *Policy `type:"structure"`

	metadataGetPolicyOutput `json:"-" xml:"-"`
}

type metadataGetPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetPolicyVersionInput struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	// Identifies the policy version to retrieve.
	VersionID *string `locationName:"VersionId" type:"string" required:"true"`

	metadataGetPolicyVersionInput `json:"-" xml:"-"`
}

type metadataGetPolicyVersionInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetPolicyVersion request.
type GetPolicyVersionOutput struct {
	// Information about the policy version.
	//
	// For more information about managed policy versions, see Versioning for Managed
	// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the Using IAM guide.
	PolicyVersion *PolicyVersion `type:"structure"`

	metadataGetPolicyVersionOutput `json:"-" xml:"-"`
}

type metadataGetPolicyVersionOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetRoleInput struct {
	// The name of the role to get information about.
	RoleName *string `type:"string" required:"true"`

	metadataGetRoleInput `json:"-" xml:"-"`
}

type metadataGetRoleInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetRole request.
type GetRoleOutput struct {
	// Information about the role.
	Role *Role `type:"structure" required:"true"`

	metadataGetRoleOutput `json:"-" xml:"-"`
}

type metadataGetRoleOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetRolePolicyInput struct {
	// The name of the policy document to get.
	PolicyName *string `type:"string" required:"true"`

	// The name of the role associated with the policy.
	RoleName *string `type:"string" required:"true"`

	metadataGetRolePolicyInput `json:"-" xml:"-"`
}

type metadataGetRolePolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetRolePolicy request.
type GetRolePolicyOutput struct {
	// The policy document.
	PolicyDocument *string `type:"string" required:"true"`

	// The name of the policy.
	PolicyName *string `type:"string" required:"true"`

	// The role the policy is associated with.
	RoleName *string `type:"string" required:"true"`

	metadataGetRolePolicyOutput `json:"-" xml:"-"`
}

type metadataGetRolePolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetSAMLProviderInput struct {
	// The Amazon Resource Name (ARN) of the SAML provider to get information about.
	SAMLProviderARN *string `locationName:"SAMLProviderArn" type:"string" required:"true"`

	metadataGetSAMLProviderInput `json:"-" xml:"-"`
}

type metadataGetSAMLProviderInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetSAMLProvider request.
type GetSAMLProviderOutput struct {
	// The date and time when the SAML provider was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The XML metadata document that includes information about an identity provider.
	SAMLMetadataDocument *string `type:"string"`

	// The expiration date and time for the SAML provider.
	ValidUntil *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	metadataGetSAMLProviderOutput `json:"-" xml:"-"`
}

type metadataGetSAMLProviderOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetServerCertificateInput struct {
	// The name of the server certificate you want to retrieve information about.
	ServerCertificateName *string `type:"string" required:"true"`

	metadataGetServerCertificateInput `json:"-" xml:"-"`
}

type metadataGetServerCertificateInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetServerCertificate request.
type GetServerCertificateOutput struct {
	// Information about the server certificate.
	ServerCertificate *ServerCertificate `type:"structure" required:"true"`

	metadataGetServerCertificateOutput `json:"-" xml:"-"`
}

type metadataGetServerCertificateOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetUserInput struct {
	// The name of the user to get information about.
	//
	// This parameter is optional. If it is not included, it defaults to the user
	// making the request.
	UserName *string `type:"string"`

	metadataGetUserInput `json:"-" xml:"-"`
}

type metadataGetUserInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetUser request.
type GetUserOutput struct {
	// Information about the user.
	User *User `type:"structure" required:"true"`

	metadataGetUserOutput `json:"-" xml:"-"`
}

type metadataGetUserOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type GetUserPolicyInput struct {
	// The name of the policy document to get.
	PolicyName *string `type:"string" required:"true"`

	// The name of the user who the policy is associated with.
	UserName *string `type:"string" required:"true"`

	metadataGetUserPolicyInput `json:"-" xml:"-"`
}

type metadataGetUserPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful GetUserPolicy request.
type GetUserPolicyOutput struct {
	// The policy document.
	PolicyDocument *string `type:"string" required:"true"`

	// The name of the policy.
	PolicyName *string `type:"string" required:"true"`

	// The user the policy is associated with.
	UserName *string `type:"string" required:"true"`

	metadataGetUserPolicyOutput `json:"-" xml:"-"`
}

type metadataGetUserPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an IAM group entity.
//
//  This data type is used as a response element in the following actions:
//
//   CreateGroup   GetGroup   ListGroups
type Group struct {
	// The Amazon Resource Name (ARN) specifying the group. For more information
	// about ARNs and how to use them in policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	ARN *string `locationName:"Arn" type:"string" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the group was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The stable and unique string identifying the group. For more information
	// about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	GroupID *string `locationName:"GroupId" type:"string" required:"true"`

	// The friendly name that identifies the group.
	GroupName *string `type:"string" required:"true"`

	// The path to the group. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string" required:"true"`

	metadataGroup `json:"-" xml:"-"`
}

type metadataGroup struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an IAM group, including all of the group's policies.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// action.
type GroupDetail struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	ARN *string `locationName:"Arn" type:"string"`

	// A list of the managed policies attached to the group.
	AttachedManagedPolicies []*AttachedPolicy `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the group was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The stable and unique string identifying the group. For more information
	// about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	GroupID *string `locationName:"GroupId" type:"string"`

	// The friendly name that identifies the group.
	GroupName *string `type:"string"`

	// A list of the inline policies embedded in the group.
	GroupPolicyList []*PolicyDetail `type:"list"`

	// The path to the group. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string"`

	metadataGroupDetail `json:"-" xml:"-"`
}

type metadataGroupDetail struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an instance profile.
//
// This data type is used as a response element in the following actions:
//
//    CreateInstanceProfile
//
//    GetInstanceProfile
//
//    ListInstanceProfiles
//
//    ListInstanceProfilesForRole
type InstanceProfile struct {
	// The Amazon Resource Name (ARN) specifying the instance profile. For more
	// information about ARNs and how to use them in policies, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	ARN *string `locationName:"Arn" type:"string" required:"true"`

	// The date when the instance profile was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The stable and unique string identifying the instance profile. For more information
	// about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	InstanceProfileID *string `locationName:"InstanceProfileId" type:"string" required:"true"`

	// The name identifying the instance profile.
	InstanceProfileName *string `type:"string" required:"true"`

	// The path to the instance profile. For more information about paths, see IAM
	// Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string" required:"true"`

	// The role associated with the instance profile.
	Roles []*Role `type:"list" required:"true"`

	metadataInstanceProfile `json:"-" xml:"-"`
}

type metadataInstanceProfile struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListAccessKeysInput struct {
	// Use this parameter only when paginating results, and only in a subsequent
	// request after you've received a response where the results are truncated.
	// Set it to the value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this parameter only when paginating results to indicate the maximum number
	// of keys you want in the response. If there are additional keys beyond the
	// maximum you specify, the IsTruncated response element is true. This parameter
	// is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The name of the user.
	UserName *string `type:"string"`

	metadataListAccessKeysInput `json:"-" xml:"-"`
}

type metadataListAccessKeysInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListAccessKeys request.
type ListAccessKeysOutput struct {
	// A list of access key metadata.
	AccessKeyMetadata []*AccessKeyMetadata `type:"list" required:"true"`

	// A flag that indicates whether there are more keys to list. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more keys in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	metadataListAccessKeysOutput `json:"-" xml:"-"`
}

type metadataListAccessKeysOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListAccountAliasesInput struct {
	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of account
	// aliases you want in the response. If there are additional account aliases
	// beyond the maximum you specify, the IsTruncated response element is true.
	// This parameter is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	metadataListAccountAliasesInput `json:"-" xml:"-"`
}

type metadataListAccountAliasesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListAccountAliases request.
type ListAccountAliasesOutput struct {
	// A list of aliases associated with the account.
	AccountAliases []*string `type:"list" required:"true"`

	// A flag that indicates whether there are more account aliases to list. If
	// your results were truncated, you can make a subsequent pagination request
	// using the Marker request parameter to retrieve more account aliases in the
	// list.
	IsTruncated *bool `type:"boolean"`

	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	metadataListAccountAliasesOutput `json:"-" xml:"-"`
}

type metadataListAccountAliasesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListAttachedGroupPoliciesInput struct {
	// The name (friendly name, not ARN) of the group to list attached policies
	// for.
	GroupName *string `type:"string" required:"true"`

	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of policies
	// you want in the response. If there are additional policies beyond the maximum
	// you specify, the IsTruncated response element is true. This parameter is
	// optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies.
	PathPrefix *string `type:"string"`

	metadataListAttachedGroupPoliciesInput `json:"-" xml:"-"`
}

type metadataListAttachedGroupPoliciesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListAttachedGroupPolicies request.
type ListAttachedGroupPoliciesOutput struct {
	// A list of the attached policies.
	AttachedPolicies []*AttachedPolicy `type:"list"`

	// A flag that indicates whether there are more policies to list. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more policies in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	metadataListAttachedGroupPoliciesOutput `json:"-" xml:"-"`
}

type metadataListAttachedGroupPoliciesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListAttachedRolePoliciesInput struct {
	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of policies
	// you want in the response. If there are additional policies beyond the maximum
	// you specify, the IsTruncated response element is true. This parameter is
	// optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies.
	PathPrefix *string `type:"string"`

	// The name (friendly name, not ARN) of the role to list attached policies for.
	RoleName *string `type:"string" required:"true"`

	metadataListAttachedRolePoliciesInput `json:"-" xml:"-"`
}

type metadataListAttachedRolePoliciesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListAttachedRolePolicies request.
type ListAttachedRolePoliciesOutput struct {
	// A list of the attached policies.
	AttachedPolicies []*AttachedPolicy `type:"list"`

	// A flag that indicates whether there are more policies to list. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more policies in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	metadataListAttachedRolePoliciesOutput `json:"-" xml:"-"`
}

type metadataListAttachedRolePoliciesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListAttachedUserPoliciesInput struct {
	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of policies
	// you want in the response. If there are additional policies beyond the maximum
	// you specify, the IsTruncated response element is true. This parameter is
	// optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies.
	PathPrefix *string `type:"string"`

	// The name (friendly name, not ARN) of the user to list attached policies for.
	UserName *string `type:"string" required:"true"`

	metadataListAttachedUserPoliciesInput `json:"-" xml:"-"`
}

type metadataListAttachedUserPoliciesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListAttachedUserPolicies request.
type ListAttachedUserPoliciesOutput struct {
	// A list of the attached policies.
	AttachedPolicies []*AttachedPolicy `type:"list"`

	// A flag that indicates whether there are more policies to list. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more policies in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	metadataListAttachedUserPoliciesOutput `json:"-" xml:"-"`
}

type metadataListAttachedUserPoliciesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListEntitiesForPolicyInput struct {
	// The entity type to use for filtering the results.
	//
	// For example, when EntityFilter is Role, only the roles that are attached
	// to the specified policy are returned. This parameter is optional. If it is
	// not included, all attached entities (users, groups, and roles) are returned.
	EntityFilter *string `type:"string"`

	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of entities
	// you want in the response. If there are additional entities beyond the maximum
	// you specify, the IsTruncated response element is true. This parameter is
	// optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all entities.
	PathPrefix *string `type:"string"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	metadataListEntitiesForPolicyInput `json:"-" xml:"-"`
}

type metadataListEntitiesForPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListEntitiesForPolicy request.
type ListEntitiesForPolicyOutput struct {
	// A flag that indicates whether there are more entities to list. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more entities in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of groups that the policy is attached to.
	PolicyGroups []*PolicyGroup `type:"list"`

	// A list of roles that the policy is attached to.
	PolicyRoles []*PolicyRole `type:"list"`

	// A list of users that the policy is attached to.
	PolicyUsers []*PolicyUser `type:"list"`

	metadataListEntitiesForPolicyOutput `json:"-" xml:"-"`
}

type metadataListEntitiesForPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListGroupPoliciesInput struct {
	// The name of the group to list policies for.
	GroupName *string `type:"string" required:"true"`

	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of policy
	// names you want in the response. If there are additional policy names beyond
	// the maximum you specify, the IsTruncated response element is true. This parameter
	// is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	metadataListGroupPoliciesInput `json:"-" xml:"-"`
}

type metadataListGroupPoliciesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListGroupPolicies request.
type ListGroupPoliciesOutput struct {
	// A flag that indicates whether there are more policy names to list. If your
	// results were truncated, you can make a subsequent pagination request using
	// the Marker request parameter to retrieve more policy names in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of policy names.
	PolicyNames []*string `type:"list" required:"true"`

	metadataListGroupPoliciesOutput `json:"-" xml:"-"`
}

type metadataListGroupPoliciesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListGroupsForUserInput struct {
	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of groups
	// you want in the response. If there are additional groups beyond the maximum
	// you specify, the IsTruncated response element is true. This parameter is
	// optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The name of the user to list groups for.
	UserName *string `type:"string" required:"true"`

	metadataListGroupsForUserInput `json:"-" xml:"-"`
}

type metadataListGroupsForUserInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListGroupsForUser request.
type ListGroupsForUserOutput struct {
	// A list of groups.
	Groups []*Group `type:"list" required:"true"`

	// A flag that indicates whether there are more groups to list. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more groups in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	metadataListGroupsForUserOutput `json:"-" xml:"-"`
}

type metadataListGroupsForUserOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListGroupsInput struct {
	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of groups
	// you want in the response. If there are additional groups beyond the maximum
	// you specify, the IsTruncated response element is true. This parameter is
	// optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The path prefix for filtering the results. For example, the prefix /division_abc/subdivision_xyz/
	// gets all groups whose path starts with /division_abc/subdivision_xyz/.
	//
	//  This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all groups.
	PathPrefix *string `type:"string"`

	metadataListGroupsInput `json:"-" xml:"-"`
}

type metadataListGroupsInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListGroups request.
type ListGroupsOutput struct {
	// A list of groups.
	Groups []*Group `type:"list" required:"true"`

	// A flag that indicates whether there are more groups to list. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more groups in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	metadataListGroupsOutput `json:"-" xml:"-"`
}

type metadataListGroupsOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListInstanceProfilesForRoleInput struct {
	// Use this parameter only when paginating results, and only in a subsequent
	// request after you've received a response where the results are truncated.
	// Set it to the value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this parameter only when paginating results to indicate the maximum number
	// of instance profiles you want in the response. If there are additional instance
	// profiles beyond the maximum you specify, the IsTruncated response element
	// is true. This parameter is optional. If you do not include it, it defaults
	// to 100.
	MaxItems *int64 `type:"integer"`

	// The name of the role to list instance profiles for.
	RoleName *string `type:"string" required:"true"`

	metadataListInstanceProfilesForRoleInput `json:"-" xml:"-"`
}

type metadataListInstanceProfilesForRoleInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListInstanceProfilesForRole request.
type ListInstanceProfilesForRoleOutput struct {
	// A list of instance profiles.
	InstanceProfiles []*InstanceProfile `type:"list" required:"true"`

	// A flag that indicates whether there are more instance profiles to list. If
	// your results were truncated, you can make a subsequent pagination request
	// using the Marker request parameter to retrieve more instance profiles in
	// the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	metadataListInstanceProfilesForRoleOutput `json:"-" xml:"-"`
}

type metadataListInstanceProfilesForRoleOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListInstanceProfilesInput struct {
	// Use this parameter only when paginating results, and only in a subsequent
	// request after you've received a response where the results are truncated.
	// Set it to the value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this parameter only when paginating results to indicate the maximum number
	// of instance profiles you want in the response. If there are additional instance
	// profiles beyond the maximum you specify, the IsTruncated response element
	// is true. This parameter is optional. If you do not include it, it defaults
	// to 100.
	MaxItems *int64 `type:"integer"`

	// The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/
	// gets all instance profiles whose path starts with /application_abc/component_xyz/.
	//
	//  This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all instance profiles.
	PathPrefix *string `type:"string"`

	metadataListInstanceProfilesInput `json:"-" xml:"-"`
}

type metadataListInstanceProfilesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListInstanceProfiles request.
type ListInstanceProfilesOutput struct {
	// A list of instance profiles.
	InstanceProfiles []*InstanceProfile `type:"list" required:"true"`

	// A flag that indicates whether there are more instance profiles to list. If
	// your results were truncated, you can make a subsequent pagination request
	// using the Marker request parameter to retrieve more instance profiles in
	// the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	metadataListInstanceProfilesOutput `json:"-" xml:"-"`
}

type metadataListInstanceProfilesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListMFADevicesInput struct {
	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of MFA
	// devices you want in the response. If there are additional MFA devices beyond
	// the maximum you specify, the IsTruncated response element is true. This parameter
	// is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The name of the user whose MFA devices you want to list.
	UserName *string `type:"string"`

	metadataListMFADevicesInput `json:"-" xml:"-"`
}

type metadataListMFADevicesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListMFADevices request.
type ListMFADevicesOutput struct {
	// A flag that indicates whether there are more MFA devices to list. If your
	// results were truncated, you can make a subsequent pagination request using
	// the Marker request parameter to retrieve more MFA devices in the list.
	IsTruncated *bool `type:"boolean"`

	// A list of MFA devices.
	MFADevices []*MFADevice `type:"list" required:"true"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	metadataListMFADevicesOutput `json:"-" xml:"-"`
}

type metadataListMFADevicesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListOpenIDConnectProvidersInput struct {
	metadataListOpenIDConnectProvidersInput `json:"-" xml:"-"`
}

type metadataListOpenIDConnectProvidersInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListOpenIDConnectProviders request.
type ListOpenIDConnectProvidersOutput struct {
	// The list of IAM OpenID Connect providers in the AWS account.
	OpenIDConnectProviderList []*OpenIDConnectProviderListEntry `type:"list"`

	metadataListOpenIDConnectProvidersOutput `json:"-" xml:"-"`
}

type metadataListOpenIDConnectProvidersOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListPoliciesInput struct {
	// Use this parameter only when paginating results, and only in a subsequent
	// request after you've received a response where the results are truncated.
	// Set it to the value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this parameter only when paginating results to indicate the maximum number
	// of policies you want in the response. If there are additional policies beyond
	// the maximum you specify, the IsTruncated response element is true. This parameter
	// is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// A flag to filter the results to only the attached policies.
	//
	// When OnlyAttached is true, the returned list contains only the policies
	// that are attached to a user, group, or role. When OnlyAttached is false,
	// or when the parameter is not included, all policies are returned.
	OnlyAttached *bool `type:"boolean"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies.
	PathPrefix *string `type:"string"`

	// The scope to use for filtering the results.
	//
	// To list only AWS managed policies, set Scope to AWS. To list only the customer
	// managed policies in your AWS account, set Scope to Local.
	//
	// This parameter is optional. If it is not included, or if it is set to All,
	// all policies are returned.
	Scope *string `type:"string"`

	metadataListPoliciesInput `json:"-" xml:"-"`
}

type metadataListPoliciesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListPolicies request.
type ListPoliciesOutput struct {
	// A flag that indicates whether there are more policies to list. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more policies in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of policies.
	Policies []*Policy `type:"list"`

	metadataListPoliciesOutput `json:"-" xml:"-"`
}

type metadataListPoliciesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListPolicyVersionsInput struct {
	// Use this parameter only when paginating results, and only in a subsequent
	// request after you've received a response where the results are truncated.
	// Set it to the value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this parameter only when paginating results to indicate the maximum number
	// of policy versions you want in the response. If there are additional policy
	// versions beyond the maximum you specify, the IsTruncated response element
	// is true. This parameter is optional. If you do not include it, it defaults
	// to 100.
	MaxItems *int64 `type:"integer"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	metadataListPolicyVersionsInput `json:"-" xml:"-"`
}

type metadataListPolicyVersionsInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListPolicyVersions request.
type ListPolicyVersionsOutput struct {
	// A flag that indicates whether there are more policy versions to list. If
	// your results were truncated, you can make a subsequent pagination request
	// using the Marker request parameter to retrieve more policy versions in the
	// list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of policy versions.
	//
	// For more information about managed policy versions, see Versioning for Managed
	// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the Using IAM guide.
	Versions []*PolicyVersion `type:"list"`

	metadataListPolicyVersionsOutput `json:"-" xml:"-"`
}

type metadataListPolicyVersionsOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListRolePoliciesInput struct {
	// Use this parameter only when paginating results, and only in a subsequent
	// request after you've received a response where the results are truncated.
	// Set it to the value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this parameter only when paginating results to indicate the maximum number
	// of role policies you want in the response. If there are additional role policies
	// beyond the maximum you specify, the IsTruncated response element is true.
	// This parameter is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The name of the role to list policies for.
	RoleName *string `type:"string" required:"true"`

	metadataListRolePoliciesInput `json:"-" xml:"-"`
}

type metadataListRolePoliciesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListRolePolicies request.
type ListRolePoliciesOutput struct {
	// A flag that indicates whether there are more policy names to list. If your
	// results were truncated, you can make a subsequent pagination request using
	// the Marker request parameter to retrieve more policy names in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of policy names.
	PolicyNames []*string `type:"list" required:"true"`

	metadataListRolePoliciesOutput `json:"-" xml:"-"`
}

type metadataListRolePoliciesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListRolesInput struct {
	// Use this parameter only when paginating results, and only in a subsequent
	// request after you've received a response where the results are truncated.
	// Set it to the value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this parameter only when paginating results to indicate the maximum number
	// of roles you want in the response. If there are additional roles beyond the
	// maximum you specify, the IsTruncated response element is true. This parameter
	// is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/
	// gets all roles whose path starts with /application_abc/component_xyz/.
	//
	//  This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all roles.
	PathPrefix *string `type:"string"`

	metadataListRolesInput `json:"-" xml:"-"`
}

type metadataListRolesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListRoles request.
type ListRolesOutput struct {
	// A flag that indicates whether there are more roles to list. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more roles in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of roles.
	Roles []*Role `type:"list" required:"true"`

	metadataListRolesOutput `json:"-" xml:"-"`
}

type metadataListRolesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListSAMLProvidersInput struct {
	metadataListSAMLProvidersInput `json:"-" xml:"-"`
}

type metadataListSAMLProvidersInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListSAMLProviders request.
type ListSAMLProvidersOutput struct {
	// The list of SAML providers for this account.
	SAMLProviderList []*SAMLProviderListEntry `type:"list"`

	metadataListSAMLProvidersOutput `json:"-" xml:"-"`
}

type metadataListSAMLProvidersOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListServerCertificatesInput struct {
	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of server
	// certificates you want in the response. If there are additional server certificates
	// beyond the maximum you specify, the IsTruncated response element will be
	// set to true. This parameter is optional. If you do not include it, it defaults
	// to 100.
	MaxItems *int64 `type:"integer"`

	// The path prefix for filtering the results. For example: /company/servercerts
	// would get all server certificates for which the path starts with /company/servercerts.
	//
	//  This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all server certificates.
	PathPrefix *string `type:"string"`

	metadataListServerCertificatesInput `json:"-" xml:"-"`
}

type metadataListServerCertificatesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListServerCertificates request.
type ListServerCertificatesOutput struct {
	// A flag that indicates whether there are more server certificates to list.
	// If your results were truncated, you can make a subsequent pagination request
	// using the Marker request parameter to retrieve more server certificates in
	// the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of server certificates.
	ServerCertificateMetadataList []*ServerCertificateMetadata `type:"list" required:"true"`

	metadataListServerCertificatesOutput `json:"-" xml:"-"`
}

type metadataListServerCertificatesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListSigningCertificatesInput struct {
	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of certificate
	// IDs you want in the response. If there are additional certificate IDs beyond
	// the maximum you specify, the IsTruncated response element is true. This parameter
	// is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The name of the user.
	UserName *string `type:"string"`

	metadataListSigningCertificatesInput `json:"-" xml:"-"`
}

type metadataListSigningCertificatesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListSigningCertificates request.
type ListSigningCertificatesOutput struct {
	// A list of the user's signing certificate information.
	Certificates []*SigningCertificate `type:"list" required:"true"`

	// A flag that indicates whether there are more certificate IDs to list. If
	// your results were truncated, you can make a subsequent pagination request
	// using the Marker request parameter to retrieve more certificates in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	metadataListSigningCertificatesOutput `json:"-" xml:"-"`
}

type metadataListSigningCertificatesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListUserPoliciesInput struct {
	// Use this only when paginating results, and only in a subsequent request after
	// you've received a response where the results are truncated. Set it to the
	// value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this only when paginating results to indicate the maximum number of policy
	// names you want in the response. If there are additional policy names beyond
	// the maximum you specify, the IsTruncated response element is true. This parameter
	// is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The name of the user to list policies for.
	UserName *string `type:"string" required:"true"`

	metadataListUserPoliciesInput `json:"-" xml:"-"`
}

type metadataListUserPoliciesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListUserPolicies request.
type ListUserPoliciesOutput struct {
	// A flag that indicates whether there are more policy names to list. If your
	// results were truncated, you can make a subsequent pagination request using
	// the Marker request parameter to retrieve more policy names in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of policy names.
	PolicyNames []*string `type:"list" required:"true"`

	metadataListUserPoliciesOutput `json:"-" xml:"-"`
}

type metadataListUserPoliciesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListUsersInput struct {
	// Use this parameter only when paginating results, and only in a subsequent
	// request after you've received a response where the results are truncated.
	// Set it to the value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this parameter only when paginating results to indicate the maximum number
	// of user names you want in the response. If there are additional user names
	// beyond the maximum you specify, the IsTruncated response element is true.
	// This parameter is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	// The path prefix for filtering the results. For example: /division_abc/subdivision_xyz/,
	// which would get all user names whose path starts with /division_abc/subdivision_xyz/.
	//
	//  This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all user names.
	PathPrefix *string `type:"string"`

	metadataListUsersInput `json:"-" xml:"-"`
}

type metadataListUsersInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListUsers request.
type ListUsersOutput struct {
	// A flag that indicates whether there are more user names to list. If your
	// results were truncated, you can make a subsequent pagination request using
	// the Marker request parameter to retrieve more users in the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of users.
	Users []*User `type:"list" required:"true"`

	metadataListUsersOutput `json:"-" xml:"-"`
}

type metadataListUsersOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ListVirtualMFADevicesInput struct {
	// The status (unassigned or assigned) of the devices to list. If you do not
	// specify an AssignmentStatus, the action defaults to Any which lists both
	// assigned and unassigned virtual MFA devices.
	AssignmentStatus *string `type:"string"`

	// Use this parameter only when paginating results, and only in a subsequent
	// request after you've received a response where the results are truncated.
	// Set it to the value of the Marker element in the response you just received.
	Marker *string `type:"string"`

	// Use this parameter only when paginating results to indicate the maximum number
	// of MFA devices you want in the response. If there are additional MFA devices
	// beyond the maximum you specify, the IsTruncated response element is true.
	// This parameter is optional. If you do not include it, it defaults to 100.
	MaxItems *int64 `type:"integer"`

	metadataListVirtualMFADevicesInput `json:"-" xml:"-"`
}

type metadataListVirtualMFADevicesInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful ListVirtualMFADevices request.
type ListVirtualMFADevicesOutput struct {
	// A flag that indicates whether there are more items to list. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items the list.
	IsTruncated *bool `type:"boolean"`

	// If IsTruncated is true, this element is present and contains the value to
	// use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// The list of virtual MFA devices in the current account that match the AssignmentStatus
	// value that was passed in the request.
	VirtualMFADevices []*VirtualMFADevice `type:"list" required:"true"`

	metadataListVirtualMFADevicesOutput `json:"-" xml:"-"`
}

type metadataListVirtualMFADevicesOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the user name and password create date for a user.
//
//  This data type is used as a response element in the CreateLoginProfile
// and GetLoginProfile actions.
type LoginProfile struct {
	// The date when the password for the user was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// Specifies whether the user is required to set a new password on next sign-in.
	PasswordResetRequired *bool `type:"boolean"`

	// The name of the user, which can be used for signing in to the AWS Management
	// Console.
	UserName *string `type:"string" required:"true"`

	metadataLoginProfile `json:"-" xml:"-"`
}

type metadataLoginProfile struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an MFA device.
//
// This data type is used as a response element in the ListMFADevices action.
type MFADevice struct {
	// The date when the MFA device was enabled for the user.
	EnableDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the device ARN.
	SerialNumber *string `type:"string" required:"true"`

	// The user with whom the MFA device is associated.
	UserName *string `type:"string" required:"true"`

	metadataMFADevice `json:"-" xml:"-"`
}

type metadataMFADevice struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about a managed policy, including the policy's ARN,
// versions, and the number of principal entities (users, groups, and roles)
// that the policy is attached to.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// action.
//
// For more information about managed policies, see Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type ManagedPolicyDetail struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	ARN *string `locationName:"Arn" type:"string"`

	// The number of principal entities (users, groups, and roles) that the policy
	// is attached to.
	AttachmentCount *int64 `type:"integer"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The identifier for the version of the policy that is set as the default (operative)
	// version.
	//
	// For more information about policy versions, see Versioning for Managed Policies
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the Using IAM guide.
	DefaultVersionID *string `locationName:"DefaultVersionId" type:"string"`

	// A friendly description of the policy.
	Description *string `type:"string"`

	// Specifies whether the policy can be attached to an IAM user, group, or role.
	IsAttachable *bool `type:"boolean"`

	// The path to the policy.
	//
	// For more information about paths, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string"`

	// The stable and unique string identifying the policy.
	//
	// For more information about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	PolicyID *string `locationName:"PolicyId" type:"string"`

	// The friendly name (not ARN) identifying the policy.
	PolicyName *string `type:"string"`

	// A list containing information about the versions of the policy.
	PolicyVersionList []*PolicyVersion `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was last updated.
	//
	// When a policy has only one version, this field contains the date and time
	// when the policy was created. When a policy has more than one version, this
	// field contains the date and time when the most recent policy version was
	// created.
	UpdateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	metadataManagedPolicyDetail `json:"-" xml:"-"`
}

type metadataManagedPolicyDetail struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider.
type OpenIDConnectProviderListEntry struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	ARN *string `locationName:"Arn" type:"string"`

	metadataOpenIDConnectProviderListEntry `json:"-" xml:"-"`
}

type metadataOpenIDConnectProviderListEntry struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about the account password policy.
//
//  This data type is used as a response element in the GetAccountPasswordPolicy
// action.
type PasswordPolicy struct {
	// Specifies whether IAM users are allowed to change their own password.
	AllowUsersToChangePassword *bool `type:"boolean"`

	// Specifies whether IAM users are required to change their password after a
	// specified number of days.
	ExpirePasswords *bool `type:"boolean"`

	// Specifies whether IAM users are prevented from setting a new password after
	// their password has expired.
	HardExpiry *bool `type:"boolean"`

	// The number of days that an IAM user password is valid.
	MaxPasswordAge *int64 `type:"integer"`

	// Minimum length to require for IAM user passwords.
	MinimumPasswordLength *int64 `type:"integer"`

	// Specifies the number of previous passwords that IAM users are prevented from
	// reusing.
	PasswordReusePrevention *int64 `type:"integer"`

	// Specifies whether to require lowercase characters for IAM user passwords.
	RequireLowercaseCharacters *bool `type:"boolean"`

	// Specifies whether to require numbers for IAM user passwords.
	RequireNumbers *bool `type:"boolean"`

	// Specifies whether to require symbols for IAM user passwords.
	RequireSymbols *bool `type:"boolean"`

	// Specifies whether to require uppercase characters for IAM user passwords.
	RequireUppercaseCharacters *bool `type:"boolean"`

	metadataPasswordPolicy `json:"-" xml:"-"`
}

type metadataPasswordPolicy struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about a managed policy.
//
// This data type is used as a response element in the CreatePolicy, GetPolicy,
// and ListPolicies actions.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type Policy struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	ARN *string `locationName:"Arn" type:"string"`

	// The number of entities (users, groups, and roles) that the policy is attached
	// to.
	AttachmentCount *int64 `type:"integer"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The identifier for the version of the policy that is set as the default version.
	DefaultVersionID *string `locationName:"DefaultVersionId" type:"string"`

	// A friendly description of the policy.
	//
	// This element is included in the response to the GetPolicy operation. It
	// is not included in the response to the ListPolicies operation.
	Description *string `type:"string"`

	// Specifies whether the policy can be attached to an IAM user, group, or role.
	IsAttachable *bool `type:"boolean"`

	// The path to the policy.
	//
	// For more information about paths, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string"`

	// The stable and unique string identifying the policy.
	//
	// For more information about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	PolicyID *string `locationName:"PolicyId" type:"string"`

	// The friendly name (not ARN) identifying the policy.
	PolicyName *string `type:"string"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was last updated.
	//
	// When a policy has only one version, this field contains the date and time
	// when the policy was created. When a policy has more than one version, this
	// field contains the date and time when the most recent policy version was
	// created.
	UpdateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	metadataPolicy `json:"-" xml:"-"`
}

type metadataPolicy struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an IAM policy, including the policy document.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// action.
type PolicyDetail struct {
	// The policy document.
	PolicyDocument *string `type:"string"`

	// The name of the policy.
	PolicyName *string `type:"string"`

	metadataPolicyDetail `json:"-" xml:"-"`
}

type metadataPolicyDetail struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about a group that a managed policy is attached to.
//
// This data type is used as a response element in the ListEntitiesForPolicy
// action.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type PolicyGroup struct {
	// The name (friendly name, not ARN) identifying the group.
	GroupName *string `type:"string"`

	metadataPolicyGroup `json:"-" xml:"-"`
}

type metadataPolicyGroup struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about a role that a managed policy is attached to.
//
// This data type is used as a response element in the ListEntitiesForPolicy
// action.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type PolicyRole struct {
	// The name (friendly name, not ARN) identifying the role.
	RoleName *string `type:"string"`

	metadataPolicyRole `json:"-" xml:"-"`
}

type metadataPolicyRole struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about a user that a managed policy is attached to.
//
// This data type is used as a response element in the ListEntitiesForPolicy
// action.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type PolicyUser struct {
	// The name (friendly name, not ARN) identifying the user.
	UserName *string `type:"string"`

	metadataPolicyUser `json:"-" xml:"-"`
}

type metadataPolicyUser struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about a version of a managed policy.
//
// This data type is used as a response element in the CreatePolicyVersion,
// GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails
// actions.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type PolicyVersion struct {
	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy version was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The policy document.
	//
	// The policy document is returned in the response to the GetPolicyVersion
	// and GetAccountAuthorizationDetails operations. It is not returned in the
	// response to the CreatePolicyVersion or ListPolicyVersions operations.
	Document *string `type:"string"`

	// Specifies whether the policy version is set as the policy's default version.
	IsDefaultVersion *bool `type:"boolean"`

	// The identifier for the policy version.
	//
	// Policy version identifiers always begin with v (always lowercase). When
	// a policy is created, the first policy version is v1.
	VersionID *string `locationName:"VersionId" type:"string"`

	metadataPolicyVersion `json:"-" xml:"-"`
}

type metadataPolicyVersion struct {
	SDKShapeTraits bool `type:"structure"`
}

type PutGroupPolicyInput struct {
	// The name of the group to associate the policy with.
	GroupName *string `type:"string" required:"true"`

	// The policy document.
	PolicyDocument *string `type:"string" required:"true"`

	// The name of the policy document.
	PolicyName *string `type:"string" required:"true"`

	metadataPutGroupPolicyInput `json:"-" xml:"-"`
}

type metadataPutGroupPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type PutGroupPolicyOutput struct {
	metadataPutGroupPolicyOutput `json:"-" xml:"-"`
}

type metadataPutGroupPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type PutRolePolicyInput struct {
	// The policy document.
	PolicyDocument *string `type:"string" required:"true"`

	// The name of the policy document.
	PolicyName *string `type:"string" required:"true"`

	// The name of the role to associate the policy with.
	RoleName *string `type:"string" required:"true"`

	metadataPutRolePolicyInput `json:"-" xml:"-"`
}

type metadataPutRolePolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type PutRolePolicyOutput struct {
	metadataPutRolePolicyOutput `json:"-" xml:"-"`
}

type metadataPutRolePolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type PutUserPolicyInput struct {
	// The policy document.
	PolicyDocument *string `type:"string" required:"true"`

	// The name of the policy document.
	PolicyName *string `type:"string" required:"true"`

	// The name of the user to associate the policy with.
	UserName *string `type:"string" required:"true"`

	metadataPutUserPolicyInput `json:"-" xml:"-"`
}

type metadataPutUserPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type PutUserPolicyOutput struct {
	metadataPutUserPolicyOutput `json:"-" xml:"-"`
}

type metadataPutUserPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type RemoveClientIDFromOpenIDConnectProviderInput struct {
	// The client ID (also known as audience) to remove from the IAM OpenID Connect
	// provider. For more information about client IDs, see CreateOpenIDConnectProvider.
	ClientID *string `type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider
	// to remove the client ID from. You can get a list of OIDC provider ARNs by
	// using the ListOpenIDConnectProviders action.
	OpenIDConnectProviderARN *string `locationName:"OpenIDConnectProviderArn" type:"string" required:"true"`

	metadataRemoveClientIDFromOpenIDConnectProviderInput `json:"-" xml:"-"`
}

type metadataRemoveClientIDFromOpenIDConnectProviderInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type RemoveClientIDFromOpenIDConnectProviderOutput struct {
	metadataRemoveClientIDFromOpenIDConnectProviderOutput `json:"-" xml:"-"`
}

type metadataRemoveClientIDFromOpenIDConnectProviderOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type RemoveRoleFromInstanceProfileInput struct {
	// The name of the instance profile to update.
	InstanceProfileName *string `type:"string" required:"true"`

	// The name of the role to remove.
	RoleName *string `type:"string" required:"true"`

	metadataRemoveRoleFromInstanceProfileInput `json:"-" xml:"-"`
}

type metadataRemoveRoleFromInstanceProfileInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type RemoveRoleFromInstanceProfileOutput struct {
	metadataRemoveRoleFromInstanceProfileOutput `json:"-" xml:"-"`
}

type metadataRemoveRoleFromInstanceProfileOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type RemoveUserFromGroupInput struct {
	// The name of the group to update.
	GroupName *string `type:"string" required:"true"`

	// The name of the user to remove.
	UserName *string `type:"string" required:"true"`

	metadataRemoveUserFromGroupInput `json:"-" xml:"-"`
}

type metadataRemoveUserFromGroupInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type RemoveUserFromGroupOutput struct {
	metadataRemoveUserFromGroupOutput `json:"-" xml:"-"`
}

type metadataRemoveUserFromGroupOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ResyncMFADeviceInput struct {
	// An authentication code emitted by the device.
	AuthenticationCode1 *string `type:"string" required:"true"`

	// A subsequent authentication code emitted by the device.
	AuthenticationCode2 *string `type:"string" required:"true"`

	// Serial number that uniquely identifies the MFA device.
	SerialNumber *string `type:"string" required:"true"`

	// The name of the user whose MFA device you want to resynchronize.
	UserName *string `type:"string" required:"true"`

	metadataResyncMFADeviceInput `json:"-" xml:"-"`
}

type metadataResyncMFADeviceInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type ResyncMFADeviceOutput struct {
	metadataResyncMFADeviceOutput `json:"-" xml:"-"`
}

type metadataResyncMFADeviceOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an IAM role.
//
//  This data type is used as a response element in the following actions:
//
//    CreateRole
//
//    GetRole
//
//    ListRoles
type Role struct {
	// The Amazon Resource Name (ARN) specifying the role. For more information
	// about ARNs and how to use them in policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	ARN *string `locationName:"Arn" type:"string" required:"true"`

	// The policy that grants an entity permission to assume the role.
	AssumeRolePolicyDocument *string `type:"string"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the role was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The path to the role. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string" required:"true"`

	// The stable and unique string identifying the role. For more information about
	// IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	RoleID *string `locationName:"RoleId" type:"string" required:"true"`

	// The friendly name that identifies the role.
	RoleName *string `type:"string" required:"true"`

	metadataRole `json:"-" xml:"-"`
}

type metadataRole struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an IAM role, including all of the role's policies.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// action.
type RoleDetail struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	ARN *string `locationName:"Arn" type:"string"`

	// The trust policy that grants permission to assume the role.
	AssumeRolePolicyDocument *string `type:"string"`

	// A list of managed policies attached to the role. These policies are the role's
	// access (permissions) policies.
	AttachedManagedPolicies []*AttachedPolicy `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the role was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// Contains a list of instance profiles.
	InstanceProfileList []*InstanceProfile `type:"list"`

	// The path to the role. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string"`

	// The stable and unique string identifying the role. For more information about
	// IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	RoleID *string `locationName:"RoleId" type:"string"`

	// The friendly name that identifies the role.
	RoleName *string `type:"string"`

	// A list of inline policies embedded in the role. These policies are the role's
	// access (permissions) policies.
	RolePolicyList []*PolicyDetail `type:"list"`

	metadataRoleDetail `json:"-" xml:"-"`
}

type metadataRoleDetail struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the list of SAML providers for this account.
type SAMLProviderListEntry struct {
	// The Amazon Resource Name (ARN) of the SAML provider.
	ARN *string `locationName:"Arn" type:"string"`

	// The date and time when the SAML provider was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The expiration date and time for the SAML provider.
	ValidUntil *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	metadataSAMLProviderListEntry `json:"-" xml:"-"`
}

type metadataSAMLProviderListEntry struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about a server certificate.
//
//  This data type is used as a response element in the GetServerCertificate
// action.
type ServerCertificate struct {
	// The contents of the public key certificate.
	CertificateBody *string `type:"string" required:"true"`

	// The contents of the public key certificate chain.
	CertificateChain *string `type:"string"`

	// The meta information of the server certificate, such as its name, path, ID,
	// and ARN.
	ServerCertificateMetadata *ServerCertificateMetadata `type:"structure" required:"true"`

	metadataServerCertificate `json:"-" xml:"-"`
}

type metadataServerCertificate struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about a server certificate without its certificate body,
// certificate chain, and private key.
//
//  This data type is used as a response element in the UploadServerCertificate
// and ListServerCertificates actions.
type ServerCertificateMetadata struct {
	// The Amazon Resource Name (ARN) specifying the server certificate. For more
	// information about ARNs and how to use them in policies, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	ARN *string `locationName:"Arn" type:"string" required:"true"`

	// The date on which the certificate is set to expire.
	Expiration *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The path to the server certificate. For more information about paths, see
	// IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string" required:"true"`

	// The stable and unique string identifying the server certificate. For more
	// information about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	ServerCertificateID *string `locationName:"ServerCertificateId" type:"string" required:"true"`

	// The name that identifies the server certificate.
	ServerCertificateName *string `type:"string" required:"true"`

	// The date when the server certificate was uploaded.
	UploadDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	metadataServerCertificateMetadata `json:"-" xml:"-"`
}

type metadataServerCertificateMetadata struct {
	SDKShapeTraits bool `type:"structure"`
}

type SetDefaultPolicyVersionInput struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN *string `locationName:"PolicyArn" type:"string" required:"true"`

	// The version of the policy to set as the default (operative) version.
	//
	// For more information about managed policy versions, see Versioning for Managed
	// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the Using IAM guide.
	VersionID *string `locationName:"VersionId" type:"string" required:"true"`

	metadataSetDefaultPolicyVersionInput `json:"-" xml:"-"`
}

type metadataSetDefaultPolicyVersionInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type SetDefaultPolicyVersionOutput struct {
	metadataSetDefaultPolicyVersionOutput `json:"-" xml:"-"`
}

type metadataSetDefaultPolicyVersionOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an X.509 signing certificate.
//
// This data type is used as a response element in the UploadSigningCertificate
// and ListSigningCertificates actions.
type SigningCertificate struct {
	// The contents of the signing certificate.
	CertificateBody *string `type:"string" required:"true"`

	// The ID for the signing certificate.
	CertificateID *string `locationName:"CertificateId" type:"string" required:"true"`

	// The status of the signing certificate. Active means the key is valid for
	// API calls, while Inactive means it is not.
	Status *string `type:"string" required:"true"`

	// The date when the signing certificate was uploaded.
	UploadDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The name of the user the signing certificate is associated with.
	UserName *string `type:"string" required:"true"`

	metadataSigningCertificate `json:"-" xml:"-"`
}

type metadataSigningCertificate struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateAccessKeyInput struct {
	// The access key ID of the secret access key you want to update.
	AccessKeyID *string `locationName:"AccessKeyId" type:"string" required:"true"`

	// The status you want to assign to the secret access key. Active means the
	// key can be used for API calls to AWS, while Inactive means the key cannot
	// be used.
	Status *string `type:"string" required:"true"`

	// The name of the user whose key you want to update.
	UserName *string `type:"string"`

	metadataUpdateAccessKeyInput `json:"-" xml:"-"`
}

type metadataUpdateAccessKeyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateAccessKeyOutput struct {
	metadataUpdateAccessKeyOutput `json:"-" xml:"-"`
}

type metadataUpdateAccessKeyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateAccountPasswordPolicyInput struct {
	// Allows all IAM users in your account to use the AWS Management Console to
	// change their own passwords. For more information, see Letting IAM Users Change
	// Their Own Passwords (http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html)
	// in the Using IAM guide.
	//
	// Default value: false
	AllowUsersToChangePassword *bool `type:"boolean"`

	// Prevents IAM users from setting a new password after their password has expired.
	//
	// Default value: false
	HardExpiry *bool `type:"boolean"`

	// The number of days that an IAM user password is valid. The default value
	// of 0 means IAM user passwords never expire.
	//
	// Default value: 0
	MaxPasswordAge *int64 `type:"integer"`

	// The minimum number of characters allowed in an IAM user password.
	//
	// Default value: 6
	MinimumPasswordLength *int64 `type:"integer"`

	// Specifies the number of previous passwords that IAM users are prevented from
	// reusing. The default value of 0 means IAM users are not prevented from reusing
	// previous passwords.
	//
	// Default value: 0
	PasswordReusePrevention *int64 `type:"integer"`

	// Specifies whether IAM user passwords must contain at least one lowercase
	// character from the ISO basic Latin alphabet (a to z).
	//
	// Default value: false
	RequireLowercaseCharacters *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one numeric character
	// (0 to 9).
	//
	// Default value: false
	RequireNumbers *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one of the following
	// non-alphanumeric characters:
	//
	// ! @ # $ % ^ &amp; * ( ) _ + - = [ ] { } | '
	//
	// Default value: false
	RequireSymbols *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one uppercase
	// character from the ISO basic Latin alphabet (A to Z).
	//
	// Default value: false
	RequireUppercaseCharacters *bool `type:"boolean"`

	metadataUpdateAccountPasswordPolicyInput `json:"-" xml:"-"`
}

type metadataUpdateAccountPasswordPolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateAccountPasswordPolicyOutput struct {
	metadataUpdateAccountPasswordPolicyOutput `json:"-" xml:"-"`
}

type metadataUpdateAccountPasswordPolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateAssumeRolePolicyInput struct {
	// The policy that grants an entity permission to assume the role.
	PolicyDocument *string `type:"string" required:"true"`

	// The name of the role to update.
	RoleName *string `type:"string" required:"true"`

	metadataUpdateAssumeRolePolicyInput `json:"-" xml:"-"`
}

type metadataUpdateAssumeRolePolicyInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateAssumeRolePolicyOutput struct {
	metadataUpdateAssumeRolePolicyOutput `json:"-" xml:"-"`
}

type metadataUpdateAssumeRolePolicyOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateGroupInput struct {
	// Name of the group to update. If you're changing the name of the group, this
	// is the original name.
	GroupName *string `type:"string" required:"true"`

	// New name for the group. Only include this if changing the group's name.
	NewGroupName *string `type:"string"`

	// New path for the group. Only include this if changing the group's path.
	NewPath *string `type:"string"`

	metadataUpdateGroupInput `json:"-" xml:"-"`
}

type metadataUpdateGroupInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateGroupOutput struct {
	metadataUpdateGroupOutput `json:"-" xml:"-"`
}

type metadataUpdateGroupOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateLoginProfileInput struct {
	// The new password for the specified user.
	Password *string `type:"string"`

	// Require the specified user to set a new password on next sign-in.
	PasswordResetRequired *bool `type:"boolean"`

	// The name of the user whose password you want to update.
	UserName *string `type:"string" required:"true"`

	metadataUpdateLoginProfileInput `json:"-" xml:"-"`
}

type metadataUpdateLoginProfileInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateLoginProfileOutput struct {
	metadataUpdateLoginProfileOutput `json:"-" xml:"-"`
}

type metadataUpdateLoginProfileOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateOpenIDConnectProviderThumbprintInput struct {
	// The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider
	// to update the thumbprint for. You can get a list of OIDC provider ARNs by
	// using the ListOpenIDConnectProviders action.
	OpenIDConnectProviderARN *string `locationName:"OpenIDConnectProviderArn" type:"string" required:"true"`

	// A list of certificate thumbprints that are associated with the specified
	// IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
	ThumbprintList []*string `type:"list" required:"true"`

	metadataUpdateOpenIDConnectProviderThumbprintInput `json:"-" xml:"-"`
}

type metadataUpdateOpenIDConnectProviderThumbprintInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateOpenIDConnectProviderThumbprintOutput struct {
	metadataUpdateOpenIDConnectProviderThumbprintOutput `json:"-" xml:"-"`
}

type metadataUpdateOpenIDConnectProviderThumbprintOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateSAMLProviderInput struct {
	// An XML document generated by an identity provider (IdP) that supports SAML
	// 2.0. The document includes the issuer's name, expiration information, and
	// keys that can be used to validate the SAML authentication response (assertions)
	// that are received from the IdP. You must generate the metadata document using
	// the identity management software that is used as your organization's IdP.
	SAMLMetadataDocument *string `type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the SAML provider to update.
	SAMLProviderARN *string `locationName:"SAMLProviderArn" type:"string" required:"true"`

	metadataUpdateSAMLProviderInput `json:"-" xml:"-"`
}

type metadataUpdateSAMLProviderInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful UpdateSAMLProvider request.
type UpdateSAMLProviderOutput struct {
	// The Amazon Resource Name (ARN) of the SAML provider that was updated.
	SAMLProviderARN *string `locationName:"SAMLProviderArn" type:"string"`

	metadataUpdateSAMLProviderOutput `json:"-" xml:"-"`
}

type metadataUpdateSAMLProviderOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateServerCertificateInput struct {
	// The new path for the server certificate. Include this only if you are updating
	// the server certificate's path.
	NewPath *string `type:"string"`

	// The new name for the server certificate. Include this only if you are updating
	// the server certificate's name.
	NewServerCertificateName *string `type:"string"`

	// The name of the server certificate that you want to update.
	ServerCertificateName *string `type:"string" required:"true"`

	metadataUpdateServerCertificateInput `json:"-" xml:"-"`
}

type metadataUpdateServerCertificateInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateServerCertificateOutput struct {
	metadataUpdateServerCertificateOutput `json:"-" xml:"-"`
}

type metadataUpdateServerCertificateOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateSigningCertificateInput struct {
	// The ID of the signing certificate you want to update.
	CertificateID *string `locationName:"CertificateId" type:"string" required:"true"`

	// The status you want to assign to the certificate. Active means the certificate
	// can be used for API calls to AWS, while Inactive means the certificate cannot
	// be used.
	Status *string `type:"string" required:"true"`

	// The name of the user the signing certificate belongs to.
	UserName *string `type:"string"`

	metadataUpdateSigningCertificateInput `json:"-" xml:"-"`
}

type metadataUpdateSigningCertificateInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateSigningCertificateOutput struct {
	metadataUpdateSigningCertificateOutput `json:"-" xml:"-"`
}

type metadataUpdateSigningCertificateOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateUserInput struct {
	// New path for the user. Include this parameter only if you're changing the
	// user's path.
	NewPath *string `type:"string"`

	// New name for the user. Include this parameter only if you're changing the
	// user's name.
	NewUserName *string `type:"string"`

	// Name of the user to update. If you're changing the name of the user, this
	// is the original user name.
	UserName *string `type:"string" required:"true"`

	metadataUpdateUserInput `json:"-" xml:"-"`
}

type metadataUpdateUserInput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UpdateUserOutput struct {
	metadataUpdateUserOutput `json:"-" xml:"-"`
}

type metadataUpdateUserOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UploadServerCertificateInput struct {
	// The contents of the public key certificate in PEM-encoded format.
	CertificateBody *string `type:"string" required:"true"`

	// The contents of the certificate chain. This is typically a concatenation
	// of the PEM-encoded public key certificates of the chain.
	CertificateChain *string `type:"string"`

	// The path for the server certificate. For more information about paths, see
	// IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	//  If you are uploading a server certificate specifically for use with Amazon
	// CloudFront distributions, you must specify a path using the --path option.
	// The path must begin with /cloudfront and must include a trailing slash (for
	// example, /cloudfront/test/).
	Path *string `type:"string"`

	// The contents of the private key in PEM-encoded format.
	PrivateKey *string `type:"string" required:"true"`

	// The name for the server certificate. Do not include the path in this value.
	ServerCertificateName *string `type:"string" required:"true"`

	metadataUploadServerCertificateInput `json:"-" xml:"-"`
}

type metadataUploadServerCertificateInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful UploadServerCertificate request.
type UploadServerCertificateOutput struct {
	// The meta information of the uploaded server certificate without its certificate
	// body, certificate chain, and private key.
	ServerCertificateMetadata *ServerCertificateMetadata `type:"structure"`

	metadataUploadServerCertificateOutput `json:"-" xml:"-"`
}

type metadataUploadServerCertificateOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

type UploadSigningCertificateInput struct {
	// The contents of the signing certificate.
	CertificateBody *string `type:"string" required:"true"`

	// The name of the user the signing certificate is for.
	UserName *string `type:"string"`

	metadataUploadSigningCertificateInput `json:"-" xml:"-"`
}

type metadataUploadSigningCertificateInput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains the response to a successful UploadSigningCertificate request.
type UploadSigningCertificateOutput struct {
	// Information about the certificate.
	Certificate *SigningCertificate `type:"structure" required:"true"`

	metadataUploadSigningCertificateOutput `json:"-" xml:"-"`
}

type metadataUploadSigningCertificateOutput struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an IAM user entity.
//
//  This data type is used as a response element in the following actions:
//
//    CreateUser
//
//    GetUser
//
//    ListUsers
type User struct {
	// The Amazon Resource Name (ARN) that identifies the user. For more information
	// about ARNs and how to use ARNs in policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	ARN *string `locationName:"Arn" type:"string" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the user was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the user's password was last used to sign in to an AWS website. For
	// a list of AWS websites that capture a user's last sign-in time, see the Credential
	// Reports (http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
	// topic in the Using IAM guide. If a password is used more than once in a five-minute
	// span, only the first use is returned in this field. When the user does not
	// have a password, this field is null (not present). When a user's password
	// exists but has never been used, or when there is no sign-in data associated
	// with the user, this field is null (not present).
	//
	// This value is returned only in the GetUser and ListUsers actions.
	PasswordLastUsed *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The path to the user. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string" required:"true"`

	// The stable and unique string identifying the user. For more information about
	// IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	UserID *string `locationName:"UserId" type:"string" required:"true"`

	// The friendly name identifying the user.
	UserName *string `type:"string" required:"true"`

	metadataUser `json:"-" xml:"-"`
}

type metadataUser struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about an IAM user, including all the user's policies
// and all the IAM groups the user is in.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// action.
type UserDetail struct {
	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and
	// AWS Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	ARN *string `locationName:"Arn" type:"string"`

	// A list of the managed policies attached to the user.
	AttachedManagedPolicies []*AttachedPolicy `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the user was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// A list of IAM groups that the user is in.
	GroupList []*string `type:"list"`

	// The path to the user. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string"`

	// The stable and unique string identifying the user. For more information about
	// IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	UserID *string `locationName:"UserId" type:"string"`

	// The friendly name identifying the user.
	UserName *string `type:"string"`

	// A list of the inline policies embedded in the user.
	UserPolicyList []*PolicyDetail `type:"list"`

	metadataUserDetail `json:"-" xml:"-"`
}

type metadataUserDetail struct {
	SDKShapeTraits bool `type:"structure"`
}

// Contains information about a virtual MFA device.
type VirtualMFADevice struct {
	// The Base32 seed defined as specified in RFC3548 (http://www.ietf.org/rfc/rfc3548.txt).
	// The Base32StringSeed is Base64-encoded.
	Base32StringSeed []byte `type:"blob"`

	// The date and time on which the virtual MFA device was enabled.
	EnableDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String
	// where $virtualMFADeviceName is one of the create call arguments, AccountName
	// is the user name if set (otherwise, the account ID otherwise), and Base32String
	// is the seed in Base32 format. The Base32String value is Base64-encoded.
	QRCodePNG []byte `type:"blob"`

	// The serial number associated with VirtualMFADevice.
	SerialNumber *string `type:"string" required:"true"`

	// Contains information about an IAM user entity.
	//
	//  This data type is used as a response element in the following actions:
	//
	//    CreateUser
	//
	//    GetUser
	//
	//    ListUsers
	User *User `type:"structure"`

	metadataVirtualMFADevice `json:"-" xml:"-"`
}

type metadataVirtualMFADevice struct {
	SDKShapeTraits bool `type:"structure"`
}