github.com/aavshr/aws-sdk-go@v1.41.3/service/iam/api.go

// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.

package iam

import (
	"fmt"
	"time"

	"github.com/aavshr/aws-sdk-go/aws"
	"github.com/aavshr/aws-sdk-go/aws/awsutil"
	"github.com/aavshr/aws-sdk-go/aws/request"
	"github.com/aavshr/aws-sdk-go/private/protocol"
	"github.com/aavshr/aws-sdk-go/private/protocol/query"
)

const opAddClientIDToOpenIDConnectProvider = "AddClientIDToOpenIDConnectProvider"

// AddClientIDToOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the AddClientIDToOpenIDConnectProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AddClientIDToOpenIDConnectProvider for more information on using the AddClientIDToOpenIDConnectProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the AddClientIDToOpenIDConnectProviderRequest method.
//    req, resp := client.AddClientIDToOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddClientIDToOpenIDConnectProvider
func (c *IAM) AddClientIDToOpenIDConnectProviderRequest(input *AddClientIDToOpenIDConnectProviderInput) (req *request.Request, output *AddClientIDToOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opAddClientIDToOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AddClientIDToOpenIDConnectProviderInput{}
	}

	output = &AddClientIDToOpenIDConnectProviderOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// AddClientIDToOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Adds a new client ID (also known as audience) to the list of client IDs already
// registered for the specified IAM OpenID Connect (OIDC) provider resource.
//
// This operation is idempotent; it does not fail or return an error if you
// add an existing client ID to the provider.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AddClientIDToOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddClientIDToOpenIDConnectProvider
func (c *IAM) AddClientIDToOpenIDConnectProvider(input *AddClientIDToOpenIDConnectProviderInput) (*AddClientIDToOpenIDConnectProviderOutput, error) {
	req, out := c.AddClientIDToOpenIDConnectProviderRequest(input)
	return out, req.Send()
}

// AddClientIDToOpenIDConnectProviderWithContext is the same as AddClientIDToOpenIDConnectProvider with the addition of
// the ability to pass a context and additional request options.
//
// See AddClientIDToOpenIDConnectProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) AddClientIDToOpenIDConnectProviderWithContext(ctx aws.Context, input *AddClientIDToOpenIDConnectProviderInput, opts ...request.Option) (*AddClientIDToOpenIDConnectProviderOutput, error) {
	req, out := c.AddClientIDToOpenIDConnectProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opAddRoleToInstanceProfile = "AddRoleToInstanceProfile"

// AddRoleToInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the AddRoleToInstanceProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AddRoleToInstanceProfile for more information on using the AddRoleToInstanceProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the AddRoleToInstanceProfileRequest method.
//    req, resp := client.AddRoleToInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddRoleToInstanceProfile
func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInput) (req *request.Request, output *AddRoleToInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opAddRoleToInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AddRoleToInstanceProfileInput{}
	}

	output = &AddRoleToInstanceProfileOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// AddRoleToInstanceProfile API operation for AWS Identity and Access Management.
//
// Adds the specified IAM role to the specified instance profile. An instance
// profile can contain only one role, and this quota cannot be increased. You
// can remove the existing role and then add a different role to an instance
// profile. You must then wait for the change to appear across all of Amazon
// Web Services because of eventual consistency (https://en.wikipedia.org/wiki/Eventual_consistency).
// To force the change, you must disassociate the instance profile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html)
// and then associate the instance profile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html),
// or you can stop your instance and then restart it.
//
// The caller of this operation must be granted the PassRole permission on the
// IAM role by a permissions policy.
//
// For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
// For more information about instance profiles, see About instance profiles
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AddRoleToInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddRoleToInstanceProfile
func (c *IAM) AddRoleToInstanceProfile(input *AddRoleToInstanceProfileInput) (*AddRoleToInstanceProfileOutput, error) {
	req, out := c.AddRoleToInstanceProfileRequest(input)
	return out, req.Send()
}

// AddRoleToInstanceProfileWithContext is the same as AddRoleToInstanceProfile with the addition of
// the ability to pass a context and additional request options.
//
// See AddRoleToInstanceProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) AddRoleToInstanceProfileWithContext(ctx aws.Context, input *AddRoleToInstanceProfileInput, opts ...request.Option) (*AddRoleToInstanceProfileOutput, error) {
	req, out := c.AddRoleToInstanceProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opAddUserToGroup = "AddUserToGroup"

// AddUserToGroupRequest generates a "aws/request.Request" representing the
// client's request for the AddUserToGroup operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AddUserToGroup for more information on using the AddUserToGroup
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the AddUserToGroupRequest method.
//    req, resp := client.AddUserToGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddUserToGroup
func (c *IAM) AddUserToGroupRequest(input *AddUserToGroupInput) (req *request.Request, output *AddUserToGroupOutput) {
	op := &request.Operation{
		Name:       opAddUserToGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AddUserToGroupInput{}
	}

	output = &AddUserToGroupOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// AddUserToGroup API operation for AWS Identity and Access Management.
//
// Adds the specified user to the specified group.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AddUserToGroup for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddUserToGroup
func (c *IAM) AddUserToGroup(input *AddUserToGroupInput) (*AddUserToGroupOutput, error) {
	req, out := c.AddUserToGroupRequest(input)
	return out, req.Send()
}

// AddUserToGroupWithContext is the same as AddUserToGroup with the addition of
// the ability to pass a context and additional request options.
//
// See AddUserToGroup for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) AddUserToGroupWithContext(ctx aws.Context, input *AddUserToGroupInput, opts ...request.Option) (*AddUserToGroupOutput, error) {
	req, out := c.AddUserToGroupRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opAttachGroupPolicy = "AttachGroupPolicy"

// AttachGroupPolicyRequest generates a "aws/request.Request" representing the
// client's request for the AttachGroupPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AttachGroupPolicy for more information on using the AttachGroupPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the AttachGroupPolicyRequest method.
//    req, resp := client.AttachGroupPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachGroupPolicy
func (c *IAM) AttachGroupPolicyRequest(input *AttachGroupPolicyInput) (req *request.Request, output *AttachGroupPolicyOutput) {
	op := &request.Operation{
		Name:       opAttachGroupPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AttachGroupPolicyInput{}
	}

	output = &AttachGroupPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// AttachGroupPolicy API operation for AWS Identity and Access Management.
//
// Attaches the specified managed policy to the specified IAM group.
//
// You use this operation to attach a managed policy to a group. To embed an
// inline policy in a group, use PutGroupPolicy.
//
// As a best practice, you can validate your IAM policies. To learn more, see
// Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
// in the IAM User Guide.
//
// For more information about policies, see Managed policies and inline policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AttachGroupPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodePolicyNotAttachableException "PolicyNotAttachable"
//   The request failed because Amazon Web Services service role policies can
//   only be attached to the service-linked role for that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachGroupPolicy
func (c *IAM) AttachGroupPolicy(input *AttachGroupPolicyInput) (*AttachGroupPolicyOutput, error) {
	req, out := c.AttachGroupPolicyRequest(input)
	return out, req.Send()
}

// AttachGroupPolicyWithContext is the same as AttachGroupPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See AttachGroupPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) AttachGroupPolicyWithContext(ctx aws.Context, input *AttachGroupPolicyInput, opts ...request.Option) (*AttachGroupPolicyOutput, error) {
	req, out := c.AttachGroupPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opAttachRolePolicy = "AttachRolePolicy"

// AttachRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the AttachRolePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AttachRolePolicy for more information on using the AttachRolePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the AttachRolePolicyRequest method.
//    req, resp := client.AttachRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachRolePolicy
func (c *IAM) AttachRolePolicyRequest(input *AttachRolePolicyInput) (req *request.Request, output *AttachRolePolicyOutput) {
	op := &request.Operation{
		Name:       opAttachRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AttachRolePolicyInput{}
	}

	output = &AttachRolePolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// AttachRolePolicy API operation for AWS Identity and Access Management.
//
// Attaches the specified managed policy to the specified IAM role. When you
// attach a managed policy to a role, the managed policy becomes part of the
// role's permission (access) policy.
//
// You cannot use a managed policy as the role's trust policy. The role's trust
// policy is created at the same time as the role, using CreateRole. You can
// update a role's trust policy using UpdateAssumeRolePolicy.
//
// Use this operation to attach a managed policy to a role. To embed an inline
// policy in a role, use PutRolePolicy. For more information about policies,
// see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// As a best practice, you can validate your IAM policies. To learn more, see
// Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AttachRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodePolicyNotAttachableException "PolicyNotAttachable"
//   The request failed because Amazon Web Services service role policies can
//   only be attached to the service-linked role for that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachRolePolicy
func (c *IAM) AttachRolePolicy(input *AttachRolePolicyInput) (*AttachRolePolicyOutput, error) {
	req, out := c.AttachRolePolicyRequest(input)
	return out, req.Send()
}

// AttachRolePolicyWithContext is the same as AttachRolePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See AttachRolePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) AttachRolePolicyWithContext(ctx aws.Context, input *AttachRolePolicyInput, opts ...request.Option) (*AttachRolePolicyOutput, error) {
	req, out := c.AttachRolePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opAttachUserPolicy = "AttachUserPolicy"

// AttachUserPolicyRequest generates a "aws/request.Request" representing the
// client's request for the AttachUserPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AttachUserPolicy for more information on using the AttachUserPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the AttachUserPolicyRequest method.
//    req, resp := client.AttachUserPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachUserPolicy
func (c *IAM) AttachUserPolicyRequest(input *AttachUserPolicyInput) (req *request.Request, output *AttachUserPolicyOutput) {
	op := &request.Operation{
		Name:       opAttachUserPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AttachUserPolicyInput{}
	}

	output = &AttachUserPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// AttachUserPolicy API operation for AWS Identity and Access Management.
//
// Attaches the specified managed policy to the specified user.
//
// You use this operation to attach a managed policy to a user. To embed an
// inline policy in a user, use PutUserPolicy.
//
// As a best practice, you can validate your IAM policies. To learn more, see
// Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
// in the IAM User Guide.
//
// For more information about policies, see Managed policies and inline policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AttachUserPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodePolicyNotAttachableException "PolicyNotAttachable"
//   The request failed because Amazon Web Services service role policies can
//   only be attached to the service-linked role for that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachUserPolicy
func (c *IAM) AttachUserPolicy(input *AttachUserPolicyInput) (*AttachUserPolicyOutput, error) {
	req, out := c.AttachUserPolicyRequest(input)
	return out, req.Send()
}

// AttachUserPolicyWithContext is the same as AttachUserPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See AttachUserPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) AttachUserPolicyWithContext(ctx aws.Context, input *AttachUserPolicyInput, opts ...request.Option) (*AttachUserPolicyOutput, error) {
	req, out := c.AttachUserPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opChangePassword = "ChangePassword"

// ChangePasswordRequest generates a "aws/request.Request" representing the
// client's request for the ChangePassword operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ChangePassword for more information on using the ChangePassword
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ChangePasswordRequest method.
//    req, resp := client.ChangePasswordRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ChangePassword
func (c *IAM) ChangePasswordRequest(input *ChangePasswordInput) (req *request.Request, output *ChangePasswordOutput) {
	op := &request.Operation{
		Name:       opChangePassword,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ChangePasswordInput{}
	}

	output = &ChangePasswordOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// ChangePassword API operation for AWS Identity and Access Management.
//
// Changes the password of the IAM user who is calling this operation. This
// operation can be performed using the CLI, the Amazon Web Services API, or
// the My Security Credentials page in the Amazon Web Services Management Console.
// The Amazon Web Services account root user password is not affected by this
// operation.
//
// Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the
// Users page in the IAM console to change the password for any IAM user. For
// more information about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ChangePassword for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidUserTypeException "InvalidUserType"
//   The request was rejected because the type of user for the transaction was
//   incorrect.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable"
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * ErrCodePasswordPolicyViolationException "PasswordPolicyViolation"
//   The request was rejected because the provided password did not meet the requirements
//   imposed by the account password policy.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ChangePassword
func (c *IAM) ChangePassword(input *ChangePasswordInput) (*ChangePasswordOutput, error) {
	req, out := c.ChangePasswordRequest(input)
	return out, req.Send()
}

// ChangePasswordWithContext is the same as ChangePassword with the addition of
// the ability to pass a context and additional request options.
//
// See ChangePassword for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ChangePasswordWithContext(ctx aws.Context, input *ChangePasswordInput, opts ...request.Option) (*ChangePasswordOutput, error) {
	req, out := c.ChangePasswordRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateAccessKey = "CreateAccessKey"

// CreateAccessKeyRequest generates a "aws/request.Request" representing the
// client's request for the CreateAccessKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateAccessKey for more information on using the CreateAccessKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateAccessKeyRequest method.
//    req, resp := client.CreateAccessKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccessKey
func (c *IAM) CreateAccessKeyRequest(input *CreateAccessKeyInput) (req *request.Request, output *CreateAccessKeyOutput) {
	op := &request.Operation{
		Name:       opCreateAccessKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateAccessKeyInput{}
	}

	output = &CreateAccessKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateAccessKey API operation for AWS Identity and Access Management.
//
// Creates a new Amazon Web Services secret access key and corresponding Amazon
// Web Services access key ID for the specified user. The default status for
// new keys is Active.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request. This
// operation works for access keys under the Amazon Web Services account. Consequently,
// you can use this operation to manage Amazon Web Services account root user
// credentials. This is true even if the Amazon Web Services account has no
// associated users.
//
// For information about quotas on the number of keys you can create, see IAM
// and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// To ensure the security of your Amazon Web Services account, the secret access
// key is accessible only during key and user creation. You must save the key
// (for example, in a text file) if you want to be able to access it again.
// If a secret key is lost, you can delete the access keys for the associated
// user and then create new keys.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateAccessKey for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccessKey
func (c *IAM) CreateAccessKey(input *CreateAccessKeyInput) (*CreateAccessKeyOutput, error) {
	req, out := c.CreateAccessKeyRequest(input)
	return out, req.Send()
}

// CreateAccessKeyWithContext is the same as CreateAccessKey with the addition of
// the ability to pass a context and additional request options.
//
// See CreateAccessKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateAccessKeyWithContext(ctx aws.Context, input *CreateAccessKeyInput, opts ...request.Option) (*CreateAccessKeyOutput, error) {
	req, out := c.CreateAccessKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateAccountAlias = "CreateAccountAlias"

// CreateAccountAliasRequest generates a "aws/request.Request" representing the
// client's request for the CreateAccountAlias operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateAccountAlias for more information on using the CreateAccountAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateAccountAliasRequest method.
//    req, resp := client.CreateAccountAliasRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccountAlias
func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *request.Request, output *CreateAccountAliasOutput) {
	op := &request.Operation{
		Name:       opCreateAccountAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateAccountAliasInput{}
	}

	output = &CreateAccountAliasOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// CreateAccountAlias API operation for AWS Identity and Access Management.
//
// Creates an alias for your Amazon Web Services account. For information about
// using an Amazon Web Services account alias, see Using an alias for your Amazon
// Web Services account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateAccountAlias for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccountAlias
func (c *IAM) CreateAccountAlias(input *CreateAccountAliasInput) (*CreateAccountAliasOutput, error) {
	req, out := c.CreateAccountAliasRequest(input)
	return out, req.Send()
}

// CreateAccountAliasWithContext is the same as CreateAccountAlias with the addition of
// the ability to pass a context and additional request options.
//
// See CreateAccountAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateAccountAliasWithContext(ctx aws.Context, input *CreateAccountAliasInput, opts ...request.Option) (*CreateAccountAliasOutput, error) {
	req, out := c.CreateAccountAliasRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateGroup = "CreateGroup"

// CreateGroupRequest generates a "aws/request.Request" representing the
// client's request for the CreateGroup operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateGroup for more information on using the CreateGroup
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateGroupRequest method.
//    req, resp := client.CreateGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateGroup
func (c *IAM) CreateGroupRequest(input *CreateGroupInput) (req *request.Request, output *CreateGroupOutput) {
	op := &request.Operation{
		Name:       opCreateGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateGroupInput{}
	}

	output = &CreateGroupOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateGroup API operation for AWS Identity and Access Management.
//
// Creates a new group.
//
// For information about the number of groups you can create, see IAM and STS
// quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateGroup for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateGroup
func (c *IAM) CreateGroup(input *CreateGroupInput) (*CreateGroupOutput, error) {
	req, out := c.CreateGroupRequest(input)
	return out, req.Send()
}

// CreateGroupWithContext is the same as CreateGroup with the addition of
// the ability to pass a context and additional request options.
//
// See CreateGroup for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateGroupWithContext(ctx aws.Context, input *CreateGroupInput, opts ...request.Option) (*CreateGroupOutput, error) {
	req, out := c.CreateGroupRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateInstanceProfile = "CreateInstanceProfile"

// CreateInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the CreateInstanceProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateInstanceProfile for more information on using the CreateInstanceProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateInstanceProfileRequest method.
//    req, resp := client.CreateInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile
func (c *IAM) CreateInstanceProfileRequest(input *CreateInstanceProfileInput) (req *request.Request, output *CreateInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opCreateInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateInstanceProfileInput{}
	}

	output = &CreateInstanceProfileOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateInstanceProfile API operation for AWS Identity and Access Management.
//
// Creates a new instance profile. For information about instance profiles,
// see Using roles for applications on Amazon EC2 (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html)
// in the IAM User Guide, and Instance profiles (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile)
// in the Amazon EC2 User Guide.
//
// For information about the number of instance profiles you can create, see
// IAM object quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile
func (c *IAM) CreateInstanceProfile(input *CreateInstanceProfileInput) (*CreateInstanceProfileOutput, error) {
	req, out := c.CreateInstanceProfileRequest(input)
	return out, req.Send()
}

// CreateInstanceProfileWithContext is the same as CreateInstanceProfile with the addition of
// the ability to pass a context and additional request options.
//
// See CreateInstanceProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateInstanceProfileWithContext(ctx aws.Context, input *CreateInstanceProfileInput, opts ...request.Option) (*CreateInstanceProfileOutput, error) {
	req, out := c.CreateInstanceProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateLoginProfile = "CreateLoginProfile"

// CreateLoginProfileRequest generates a "aws/request.Request" representing the
// client's request for the CreateLoginProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateLoginProfile for more information on using the CreateLoginProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateLoginProfileRequest method.
//    req, resp := client.CreateLoginProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateLoginProfile
func (c *IAM) CreateLoginProfileRequest(input *CreateLoginProfileInput) (req *request.Request, output *CreateLoginProfileOutput) {
	op := &request.Operation{
		Name:       opCreateLoginProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateLoginProfileInput{}
	}

	output = &CreateLoginProfileOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateLoginProfile API operation for AWS Identity and Access Management.
//
// Creates a password for the specified IAM user. A password allows an IAM user
// to access Amazon Web Services services through the Amazon Web Services Management
// Console.
//
// You can use the CLI, the Amazon Web Services API, or the Users page in the
// IAM console to create a password for any IAM user. Use ChangePassword to
// update your own existing password in the My Security Credentials page in
// the Amazon Web Services Management Console.
//
// For more information about managing passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateLoginProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodePasswordPolicyViolationException "PasswordPolicyViolation"
//   The request was rejected because the provided password did not meet the requirements
//   imposed by the account password policy.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateLoginProfile
func (c *IAM) CreateLoginProfile(input *CreateLoginProfileInput) (*CreateLoginProfileOutput, error) {
	req, out := c.CreateLoginProfileRequest(input)
	return out, req.Send()
}

// CreateLoginProfileWithContext is the same as CreateLoginProfile with the addition of
// the ability to pass a context and additional request options.
//
// See CreateLoginProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateLoginProfileWithContext(ctx aws.Context, input *CreateLoginProfileInput, opts ...request.Option) (*CreateLoginProfileOutput, error) {
	req, out := c.CreateLoginProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateOpenIDConnectProvider = "CreateOpenIDConnectProvider"

// CreateOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the CreateOpenIDConnectProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateOpenIDConnectProvider for more information on using the CreateOpenIDConnectProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateOpenIDConnectProviderRequest method.
//    req, resp := client.CreateOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProvider
func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProviderInput) (req *request.Request, output *CreateOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opCreateOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateOpenIDConnectProviderInput{}
	}

	output = &CreateOpenIDConnectProviderOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Creates an IAM entity to describe an identity provider (IdP) that supports
// OpenID Connect (OIDC) (http://openid.net/connect/).
//
// The OIDC provider that you create with this operation can be used as a principal
// in a role's trust policy. Such a policy establishes a trust relationship
// between Amazon Web Services and the OIDC provider.
//
// If you are using an OIDC identity provider from Google, Facebook, or Amazon
// Cognito, you don't need to create a separate IAM identity provider. These
// OIDC identity providers are already built-in to Amazon Web Services and are
// available for your use. Instead, you can move directly to creating new roles
// using your identity provider. To learn more, see Creating a role for web
// identity or OpenID connect federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html)
// in the IAM User Guide.
//
// When you create the IAM OIDC provider, you specify the following:
//
//    * The URL of the OIDC identity provider (IdP) to trust
//
//    * A list of client IDs (also known as audiences) that identify the application
//    or applications allowed to authenticate using the OIDC provider
//
//    * A list of thumbprints of one or more server certificates that the IdP
//    uses
//
// You get all of this information from the OIDC IdP you want to use to access
// Amazon Web Services.
//
// Amazon Web Services secures communication with some OIDC identity providers
// (IdPs) through our library of trusted certificate authorities (CAs) instead
// of using a certificate thumbprint to verify your IdP server certificate.
// These OIDC IdPs include Google, and those that use an Amazon S3 bucket to
// host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint
// remains in your configuration, but is no longer used for validation.
//
// The trust for the OIDC provider is derived from the IAM provider that this
// operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider
// operation to highly privileged users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProvider
func (c *IAM) CreateOpenIDConnectProvider(input *CreateOpenIDConnectProviderInput) (*CreateOpenIDConnectProviderOutput, error) {
	req, out := c.CreateOpenIDConnectProviderRequest(input)
	return out, req.Send()
}

// CreateOpenIDConnectProviderWithContext is the same as CreateOpenIDConnectProvider with the addition of
// the ability to pass a context and additional request options.
//
// See CreateOpenIDConnectProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateOpenIDConnectProviderWithContext(ctx aws.Context, input *CreateOpenIDConnectProviderInput, opts ...request.Option) (*CreateOpenIDConnectProviderOutput, error) {
	req, out := c.CreateOpenIDConnectProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreatePolicy = "CreatePolicy"

// CreatePolicyRequest generates a "aws/request.Request" representing the
// client's request for the CreatePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreatePolicy for more information on using the CreatePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreatePolicyRequest method.
//    req, resp := client.CreatePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicy
func (c *IAM) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) {
	op := &request.Operation{
		Name:       opCreatePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreatePolicyInput{}
	}

	output = &CreatePolicyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreatePolicy API operation for AWS Identity and Access Management.
//
// Creates a new managed policy for your Amazon Web Services account.
//
// This operation creates a policy version with a version identifier of v1 and
// sets v1 as the policy's default version. For more information about policy
// versions, see Versioning for managed policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
//
// As a best practice, you can validate your IAM policies. To learn more, see
// Validating IAM policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html)
// in the IAM User Guide.
//
// For more information about managed policies in general, see Managed policies
// and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreatePolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicy
func (c *IAM) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) {
	req, out := c.CreatePolicyRequest(input)
	return out, req.Send()
}

// CreatePolicyWithContext is the same as CreatePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See CreatePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) {
	req, out := c.CreatePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreatePolicyVersion = "CreatePolicyVersion"

// CreatePolicyVersionRequest generates a "aws/request.Request" representing the
// client's request for the CreatePolicyVersion operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreatePolicyVersion for more information on using the CreatePolicyVersion
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreatePolicyVersionRequest method.
//    req, resp := client.CreatePolicyVersionRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicyVersion
func (c *IAM) CreatePolicyVersionRequest(input *CreatePolicyVersionInput) (req *request.Request, output *CreatePolicyVersionOutput) {
	op := &request.Operation{
		Name:       opCreatePolicyVersion,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreatePolicyVersionInput{}
	}

	output = &CreatePolicyVersionOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreatePolicyVersion API operation for AWS Identity and Access Management.
//
// Creates a new version of the specified managed policy. To update a managed
// policy, you create a new policy version. A managed policy can have up to
// five versions. If the policy has five versions, you must delete an existing
// version using DeletePolicyVersion before you create a new version.
//
// Optionally, you can set the new version as the policy's default version.
// The default version is the version that is in effect for the IAM users, groups,
// and roles to which the policy is attached.
//
// For more information about managed policy versions, see Versioning for managed
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreatePolicyVersion for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicyVersion
func (c *IAM) CreatePolicyVersion(input *CreatePolicyVersionInput) (*CreatePolicyVersionOutput, error) {
	req, out := c.CreatePolicyVersionRequest(input)
	return out, req.Send()
}

// CreatePolicyVersionWithContext is the same as CreatePolicyVersion with the addition of
// the ability to pass a context and additional request options.
//
// See CreatePolicyVersion for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreatePolicyVersionWithContext(ctx aws.Context, input *CreatePolicyVersionInput, opts ...request.Option) (*CreatePolicyVersionOutput, error) {
	req, out := c.CreatePolicyVersionRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateRole = "CreateRole"

// CreateRoleRequest generates a "aws/request.Request" representing the
// client's request for the CreateRole operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateRole for more information on using the CreateRole
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateRoleRequest method.
//    req, resp := client.CreateRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRole
func (c *IAM) CreateRoleRequest(input *CreateRoleInput) (req *request.Request, output *CreateRoleOutput) {
	op := &request.Operation{
		Name:       opCreateRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateRoleInput{}
	}

	output = &CreateRoleOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateRole API operation for AWS Identity and Access Management.
//
// Creates a new role for your Amazon Web Services account. For more information
// about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
// For information about quotas for role names and the number of roles you can
// create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateRole for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRole
func (c *IAM) CreateRole(input *CreateRoleInput) (*CreateRoleOutput, error) {
	req, out := c.CreateRoleRequest(input)
	return out, req.Send()
}

// CreateRoleWithContext is the same as CreateRole with the addition of
// the ability to pass a context and additional request options.
//
// See CreateRole for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateRoleWithContext(ctx aws.Context, input *CreateRoleInput, opts ...request.Option) (*CreateRoleOutput, error) {
	req, out := c.CreateRoleRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateSAMLProvider = "CreateSAMLProvider"

// CreateSAMLProviderRequest generates a "aws/request.Request" representing the
// client's request for the CreateSAMLProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateSAMLProvider for more information on using the CreateSAMLProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateSAMLProviderRequest method.
//    req, resp := client.CreateSAMLProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProvider
func (c *IAM) CreateSAMLProviderRequest(input *CreateSAMLProviderInput) (req *request.Request, output *CreateSAMLProviderOutput) {
	op := &request.Operation{
		Name:       opCreateSAMLProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateSAMLProviderInput{}
	}

	output = &CreateSAMLProviderOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateSAMLProvider API operation for AWS Identity and Access Management.
//
// Creates an IAM resource that describes an identity provider (IdP) that supports
// SAML 2.0.
//
// The SAML provider resource that you create with this operation can be used
// as a principal in an IAM role's trust policy. Such a policy can enable federated
// users who sign in using the SAML IdP to assume the role. You can create an
// IAM role that supports Web-based single sign-on (SSO) to the Amazon Web Services
// Management Console or one that supports API access to Amazon Web Services.
//
// When you create the SAML provider resource, you upload a SAML metadata document
// that you get from your IdP. That document includes the issuer's name, expiration
// information, and keys that can be used to validate the SAML authentication
// response (assertions) that the IdP sends. You must generate the metadata
// document using the identity management software that is used as your organization's
// IdP.
//
// This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// For more information, see Enabling SAML 2.0 federated users to access the
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html)
// and About SAML 2.0-based federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateSAMLProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProvider
func (c *IAM) CreateSAMLProvider(input *CreateSAMLProviderInput) (*CreateSAMLProviderOutput, error) {
	req, out := c.CreateSAMLProviderRequest(input)
	return out, req.Send()
}

// CreateSAMLProviderWithContext is the same as CreateSAMLProvider with the addition of
// the ability to pass a context and additional request options.
//
// See CreateSAMLProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateSAMLProviderWithContext(ctx aws.Context, input *CreateSAMLProviderInput, opts ...request.Option) (*CreateSAMLProviderOutput, error) {
	req, out := c.CreateSAMLProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateServiceLinkedRole = "CreateServiceLinkedRole"

// CreateServiceLinkedRoleRequest generates a "aws/request.Request" representing the
// client's request for the CreateServiceLinkedRole operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateServiceLinkedRole for more information on using the CreateServiceLinkedRole
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateServiceLinkedRoleRequest method.
//    req, resp := client.CreateServiceLinkedRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRole
func (c *IAM) CreateServiceLinkedRoleRequest(input *CreateServiceLinkedRoleInput) (req *request.Request, output *CreateServiceLinkedRoleOutput) {
	op := &request.Operation{
		Name:       opCreateServiceLinkedRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateServiceLinkedRoleInput{}
	}

	output = &CreateServiceLinkedRoleOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateServiceLinkedRole API operation for AWS Identity and Access Management.
//
// Creates an IAM role that is linked to a specific Amazon Web Services service.
// The service controls the attached policies and when the role can be deleted.
// This helps ensure that the service is not broken by an unexpectedly changed
// or deleted role, which could put your Amazon Web Services resources into
// an unknown state. Allowing the service to control the role helps improve
// service stability and proper cleanup when a service and its role are no longer
// needed. For more information, see Using service-linked roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
// in the IAM User Guide.
//
// To attach a policy to this service-linked role, you must make the request
// using the Amazon Web Services service that depends on this role.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateServiceLinkedRole for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRole
func (c *IAM) CreateServiceLinkedRole(input *CreateServiceLinkedRoleInput) (*CreateServiceLinkedRoleOutput, error) {
	req, out := c.CreateServiceLinkedRoleRequest(input)
	return out, req.Send()
}

// CreateServiceLinkedRoleWithContext is the same as CreateServiceLinkedRole with the addition of
// the ability to pass a context and additional request options.
//
// See CreateServiceLinkedRole for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateServiceLinkedRoleWithContext(ctx aws.Context, input *CreateServiceLinkedRoleInput, opts ...request.Option) (*CreateServiceLinkedRoleOutput, error) {
	req, out := c.CreateServiceLinkedRoleRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateServiceSpecificCredential = "CreateServiceSpecificCredential"

// CreateServiceSpecificCredentialRequest generates a "aws/request.Request" representing the
// client's request for the CreateServiceSpecificCredential operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateServiceSpecificCredential for more information on using the CreateServiceSpecificCredential
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateServiceSpecificCredentialRequest method.
//    req, resp := client.CreateServiceSpecificCredentialRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceSpecificCredential
func (c *IAM) CreateServiceSpecificCredentialRequest(input *CreateServiceSpecificCredentialInput) (req *request.Request, output *CreateServiceSpecificCredentialOutput) {
	op := &request.Operation{
		Name:       opCreateServiceSpecificCredential,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateServiceSpecificCredentialInput{}
	}

	output = &CreateServiceSpecificCredentialOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateServiceSpecificCredential API operation for AWS Identity and Access Management.
//
// Generates a set of credentials consisting of a user name and password that
// can be used to access the service specified in the request. These credentials
// are generated by IAM, and can be used only for the specified service.
//
// You can have a maximum of two sets of service-specific credentials for each
// supported service per user.
//
// You can create service-specific credentials for CodeCommit and Amazon Keyspaces
// (for Apache Cassandra).
//
// You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.
//
// For more information about service-specific credentials, see Using IAM with
// CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateServiceSpecificCredential for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceNotSupportedException "NotSupportedService"
//   The specified service does not support service-specific credentials.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceSpecificCredential
func (c *IAM) CreateServiceSpecificCredential(input *CreateServiceSpecificCredentialInput) (*CreateServiceSpecificCredentialOutput, error) {
	req, out := c.CreateServiceSpecificCredentialRequest(input)
	return out, req.Send()
}

// CreateServiceSpecificCredentialWithContext is the same as CreateServiceSpecificCredential with the addition of
// the ability to pass a context and additional request options.
//
// See CreateServiceSpecificCredential for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateServiceSpecificCredentialWithContext(ctx aws.Context, input *CreateServiceSpecificCredentialInput, opts ...request.Option) (*CreateServiceSpecificCredentialOutput, error) {
	req, out := c.CreateServiceSpecificCredentialRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateUser = "CreateUser"

// CreateUserRequest generates a "aws/request.Request" representing the
// client's request for the CreateUser operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateUser for more information on using the CreateUser
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateUserRequest method.
//    req, resp := client.CreateUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateUser
func (c *IAM) CreateUserRequest(input *CreateUserInput) (req *request.Request, output *CreateUserOutput) {
	op := &request.Operation{
		Name:       opCreateUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateUserInput{}
	}

	output = &CreateUserOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateUser API operation for AWS Identity and Access Management.
//
// Creates a new IAM user for your Amazon Web Services account.
//
// For information about quotas for the number of IAM users you can create,
// see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateUser for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateUser
func (c *IAM) CreateUser(input *CreateUserInput) (*CreateUserOutput, error) {
	req, out := c.CreateUserRequest(input)
	return out, req.Send()
}

// CreateUserWithContext is the same as CreateUser with the addition of
// the ability to pass a context and additional request options.
//
// See CreateUser for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateUserWithContext(ctx aws.Context, input *CreateUserInput, opts ...request.Option) (*CreateUserOutput, error) {
	req, out := c.CreateUserRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateVirtualMFADevice = "CreateVirtualMFADevice"

// CreateVirtualMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the CreateVirtualMFADevice operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateVirtualMFADevice for more information on using the CreateVirtualMFADevice
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the CreateVirtualMFADeviceRequest method.
//    req, resp := client.CreateVirtualMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADevice
func (c *IAM) CreateVirtualMFADeviceRequest(input *CreateVirtualMFADeviceInput) (req *request.Request, output *CreateVirtualMFADeviceOutput) {
	op := &request.Operation{
		Name:       opCreateVirtualMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateVirtualMFADeviceInput{}
	}

	output = &CreateVirtualMFADeviceOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateVirtualMFADevice API operation for AWS Identity and Access Management.
//
// Creates a new virtual MFA device for the Amazon Web Services account. After
// creating the virtual MFA, use EnableMFADevice to attach the MFA device to
// an IAM user. For more information about creating and working with virtual
// MFA devices, see Using a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the IAM User Guide.
//
// For information about the maximum number of MFA devices you can create, see
// IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// The seed information contained in the QR code and the Base32 string should
// be treated like any other secret access information. In other words, protect
// the seed information as you would your Amazon Web Services access keys or
// your passwords. After you provision your virtual device, you should ensure
// that the information is destroyed following secure procedures.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateVirtualMFADevice for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADevice
func (c *IAM) CreateVirtualMFADevice(input *CreateVirtualMFADeviceInput) (*CreateVirtualMFADeviceOutput, error) {
	req, out := c.CreateVirtualMFADeviceRequest(input)
	return out, req.Send()
}

// CreateVirtualMFADeviceWithContext is the same as CreateVirtualMFADevice with the addition of
// the ability to pass a context and additional request options.
//
// See CreateVirtualMFADevice for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) CreateVirtualMFADeviceWithContext(ctx aws.Context, input *CreateVirtualMFADeviceInput, opts ...request.Option) (*CreateVirtualMFADeviceOutput, error) {
	req, out := c.CreateVirtualMFADeviceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeactivateMFADevice = "DeactivateMFADevice"

// DeactivateMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the DeactivateMFADevice operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeactivateMFADevice for more information on using the DeactivateMFADevice
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeactivateMFADeviceRequest method.
//    req, resp := client.DeactivateMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeactivateMFADevice
func (c *IAM) DeactivateMFADeviceRequest(input *DeactivateMFADeviceInput) (req *request.Request, output *DeactivateMFADeviceOutput) {
	op := &request.Operation{
		Name:       opDeactivateMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeactivateMFADeviceInput{}
	}

	output = &DeactivateMFADeviceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeactivateMFADevice API operation for AWS Identity and Access Management.
//
// Deactivates the specified MFA device and removes it from association with
// the user name for which it was originally enabled.
//
// For more information about creating and working with virtual MFA devices,
// see Enabling a virtual multi-factor authentication (MFA) device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeactivateMFADevice for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable"
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeactivateMFADevice
func (c *IAM) DeactivateMFADevice(input *DeactivateMFADeviceInput) (*DeactivateMFADeviceOutput, error) {
	req, out := c.DeactivateMFADeviceRequest(input)
	return out, req.Send()
}

// DeactivateMFADeviceWithContext is the same as DeactivateMFADevice with the addition of
// the ability to pass a context and additional request options.
//
// See DeactivateMFADevice for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeactivateMFADeviceWithContext(ctx aws.Context, input *DeactivateMFADeviceInput, opts ...request.Option) (*DeactivateMFADeviceOutput, error) {
	req, out := c.DeactivateMFADeviceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteAccessKey = "DeleteAccessKey"

// DeleteAccessKeyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteAccessKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteAccessKey for more information on using the DeleteAccessKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteAccessKeyRequest method.
//    req, resp := client.DeleteAccessKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccessKey
func (c *IAM) DeleteAccessKeyRequest(input *DeleteAccessKeyInput) (req *request.Request, output *DeleteAccessKeyOutput) {
	op := &request.Operation{
		Name:       opDeleteAccessKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteAccessKeyInput{}
	}

	output = &DeleteAccessKeyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteAccessKey API operation for AWS Identity and Access Management.
//
// Deletes the access key pair associated with the specified IAM user.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request. This
// operation works for access keys under the Amazon Web Services account. Consequently,
// you can use this operation to manage Amazon Web Services account root user
// credentials even if the Amazon Web Services account has no associated users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteAccessKey for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccessKey
func (c *IAM) DeleteAccessKey(input *DeleteAccessKeyInput) (*DeleteAccessKeyOutput, error) {
	req, out := c.DeleteAccessKeyRequest(input)
	return out, req.Send()
}

// DeleteAccessKeyWithContext is the same as DeleteAccessKey with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteAccessKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteAccessKeyWithContext(ctx aws.Context, input *DeleteAccessKeyInput, opts ...request.Option) (*DeleteAccessKeyOutput, error) {
	req, out := c.DeleteAccessKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteAccountAlias = "DeleteAccountAlias"

// DeleteAccountAliasRequest generates a "aws/request.Request" representing the
// client's request for the DeleteAccountAlias operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteAccountAlias for more information on using the DeleteAccountAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteAccountAliasRequest method.
//    req, resp := client.DeleteAccountAliasRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccountAlias
func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *request.Request, output *DeleteAccountAliasOutput) {
	op := &request.Operation{
		Name:       opDeleteAccountAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteAccountAliasInput{}
	}

	output = &DeleteAccountAliasOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteAccountAlias API operation for AWS Identity and Access Management.
//
// Deletes the specified Amazon Web Services account alias. For information
// about using an Amazon Web Services account alias, see Using an alias for
// your Amazon Web Services account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteAccountAlias for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccountAlias
func (c *IAM) DeleteAccountAlias(input *DeleteAccountAliasInput) (*DeleteAccountAliasOutput, error) {
	req, out := c.DeleteAccountAliasRequest(input)
	return out, req.Send()
}

// DeleteAccountAliasWithContext is the same as DeleteAccountAlias with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteAccountAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteAccountAliasWithContext(ctx aws.Context, input *DeleteAccountAliasInput, opts ...request.Option) (*DeleteAccountAliasOutput, error) {
	req, out := c.DeleteAccountAliasRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteAccountPasswordPolicy = "DeleteAccountPasswordPolicy"

// DeleteAccountPasswordPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteAccountPasswordPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteAccountPasswordPolicy for more information on using the DeleteAccountPasswordPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteAccountPasswordPolicyRequest method.
//    req, resp := client.DeleteAccountPasswordPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccountPasswordPolicy
func (c *IAM) DeleteAccountPasswordPolicyRequest(input *DeleteAccountPasswordPolicyInput) (req *request.Request, output *DeleteAccountPasswordPolicyOutput) {
	op := &request.Operation{
		Name:       opDeleteAccountPasswordPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteAccountPasswordPolicyInput{}
	}

	output = &DeleteAccountPasswordPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteAccountPasswordPolicy API operation for AWS Identity and Access Management.
//
// Deletes the password policy for the Amazon Web Services account. There are
// no parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteAccountPasswordPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccountPasswordPolicy
func (c *IAM) DeleteAccountPasswordPolicy(input *DeleteAccountPasswordPolicyInput) (*DeleteAccountPasswordPolicyOutput, error) {
	req, out := c.DeleteAccountPasswordPolicyRequest(input)
	return out, req.Send()
}

// DeleteAccountPasswordPolicyWithContext is the same as DeleteAccountPasswordPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteAccountPasswordPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteAccountPasswordPolicyWithContext(ctx aws.Context, input *DeleteAccountPasswordPolicyInput, opts ...request.Option) (*DeleteAccountPasswordPolicyOutput, error) {
	req, out := c.DeleteAccountPasswordPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteGroup = "DeleteGroup"

// DeleteGroupRequest generates a "aws/request.Request" representing the
// client's request for the DeleteGroup operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteGroup for more information on using the DeleteGroup
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteGroupRequest method.
//    req, resp := client.DeleteGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteGroup
func (c *IAM) DeleteGroupRequest(input *DeleteGroupInput) (req *request.Request, output *DeleteGroupOutput) {
	op := &request.Operation{
		Name:       opDeleteGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteGroupInput{}
	}

	output = &DeleteGroupOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteGroup API operation for AWS Identity and Access Management.
//
// Deletes the specified IAM group. The group must not contain any users or
// have any attached policies.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteGroup for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeDeleteConflictException "DeleteConflict"
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteGroup
func (c *IAM) DeleteGroup(input *DeleteGroupInput) (*DeleteGroupOutput, error) {
	req, out := c.DeleteGroupRequest(input)
	return out, req.Send()
}

// DeleteGroupWithContext is the same as DeleteGroup with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteGroup for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteGroupWithContext(ctx aws.Context, input *DeleteGroupInput, opts ...request.Option) (*DeleteGroupOutput, error) {
	req, out := c.DeleteGroupRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteGroupPolicy = "DeleteGroupPolicy"

// DeleteGroupPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteGroupPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteGroupPolicy for more information on using the DeleteGroupPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteGroupPolicyRequest method.
//    req, resp := client.DeleteGroupPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteGroupPolicy
func (c *IAM) DeleteGroupPolicyRequest(input *DeleteGroupPolicyInput) (req *request.Request, output *DeleteGroupPolicyOutput) {
	op := &request.Operation{
		Name:       opDeleteGroupPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteGroupPolicyInput{}
	}

	output = &DeleteGroupPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteGroupPolicy API operation for AWS Identity and Access Management.
//
// Deletes the specified inline policy that is embedded in the specified IAM
// group.
//
// A group can also have managed policies attached to it. To detach a managed
// policy from a group, use DetachGroupPolicy. For more information about policies,
// refer to Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteGroupPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteGroupPolicy
func (c *IAM) DeleteGroupPolicy(input *DeleteGroupPolicyInput) (*DeleteGroupPolicyOutput, error) {
	req, out := c.DeleteGroupPolicyRequest(input)
	return out, req.Send()
}

// DeleteGroupPolicyWithContext is the same as DeleteGroupPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteGroupPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteGroupPolicyWithContext(ctx aws.Context, input *DeleteGroupPolicyInput, opts ...request.Option) (*DeleteGroupPolicyOutput, error) {
	req, out := c.DeleteGroupPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteInstanceProfile = "DeleteInstanceProfile"

// DeleteInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the DeleteInstanceProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteInstanceProfile for more information on using the DeleteInstanceProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteInstanceProfileRequest method.
//    req, resp := client.DeleteInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteInstanceProfile
func (c *IAM) DeleteInstanceProfileRequest(input *DeleteInstanceProfileInput) (req *request.Request, output *DeleteInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opDeleteInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteInstanceProfileInput{}
	}

	output = &DeleteInstanceProfileOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteInstanceProfile API operation for AWS Identity and Access Management.
//
// Deletes the specified instance profile. The instance profile must not have
// an associated role.
//
// Make sure that you do not have any Amazon EC2 instances running with the
// instance profile you are about to delete. Deleting a role or instance profile
// that is associated with a running instance will break any applications running
// on the instance.
//
// For more information about instance profiles, see About instance profiles
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeDeleteConflictException "DeleteConflict"
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteInstanceProfile
func (c *IAM) DeleteInstanceProfile(input *DeleteInstanceProfileInput) (*DeleteInstanceProfileOutput, error) {
	req, out := c.DeleteInstanceProfileRequest(input)
	return out, req.Send()
}

// DeleteInstanceProfileWithContext is the same as DeleteInstanceProfile with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteInstanceProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteInstanceProfileWithContext(ctx aws.Context, input *DeleteInstanceProfileInput, opts ...request.Option) (*DeleteInstanceProfileOutput, error) {
	req, out := c.DeleteInstanceProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteLoginProfile = "DeleteLoginProfile"

// DeleteLoginProfileRequest generates a "aws/request.Request" representing the
// client's request for the DeleteLoginProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteLoginProfile for more information on using the DeleteLoginProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteLoginProfileRequest method.
//    req, resp := client.DeleteLoginProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteLoginProfile
func (c *IAM) DeleteLoginProfileRequest(input *DeleteLoginProfileInput) (req *request.Request, output *DeleteLoginProfileOutput) {
	op := &request.Operation{
		Name:       opDeleteLoginProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteLoginProfileInput{}
	}

	output = &DeleteLoginProfileOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteLoginProfile API operation for AWS Identity and Access Management.
//
// Deletes the password for the specified IAM user, which terminates the user's
// ability to access Amazon Web Services services through the Amazon Web Services
// Management Console.
//
// You can use the CLI, the Amazon Web Services API, or the Users page in the
// IAM console to delete a password for any IAM user. You can use ChangePassword
// to update, but not delete, your own password in the My Security Credentials
// page in the Amazon Web Services Management Console.
//
// Deleting a user's password does not prevent a user from accessing Amazon
// Web Services through the command line interface or the API. To prevent all
// user access, you must also either make any access keys inactive or delete
// them. For more information about making keys inactive or deleting them, see
// UpdateAccessKey and DeleteAccessKey.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteLoginProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable"
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteLoginProfile
func (c *IAM) DeleteLoginProfile(input *DeleteLoginProfileInput) (*DeleteLoginProfileOutput, error) {
	req, out := c.DeleteLoginProfileRequest(input)
	return out, req.Send()
}

// DeleteLoginProfileWithContext is the same as DeleteLoginProfile with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteLoginProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteLoginProfileWithContext(ctx aws.Context, input *DeleteLoginProfileInput, opts ...request.Option) (*DeleteLoginProfileOutput, error) {
	req, out := c.DeleteLoginProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteOpenIDConnectProvider = "DeleteOpenIDConnectProvider"

// DeleteOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the DeleteOpenIDConnectProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteOpenIDConnectProvider for more information on using the DeleteOpenIDConnectProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteOpenIDConnectProviderRequest method.
//    req, resp := client.DeleteOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteOpenIDConnectProvider
func (c *IAM) DeleteOpenIDConnectProviderRequest(input *DeleteOpenIDConnectProviderInput) (req *request.Request, output *DeleteOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opDeleteOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteOpenIDConnectProviderInput{}
	}

	output = &DeleteOpenIDConnectProviderOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Deletes an OpenID Connect identity provider (IdP) resource object in IAM.
//
// Deleting an IAM OIDC provider resource does not update any roles that reference
// the provider as a principal in their trust policies. Any attempt to assume
// a role that references a deleted provider fails.
//
// This operation is idempotent; it does not fail or return an error if you
// call the operation for a provider that does not exist.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteOpenIDConnectProvider
func (c *IAM) DeleteOpenIDConnectProvider(input *DeleteOpenIDConnectProviderInput) (*DeleteOpenIDConnectProviderOutput, error) {
	req, out := c.DeleteOpenIDConnectProviderRequest(input)
	return out, req.Send()
}

// DeleteOpenIDConnectProviderWithContext is the same as DeleteOpenIDConnectProvider with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteOpenIDConnectProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteOpenIDConnectProviderWithContext(ctx aws.Context, input *DeleteOpenIDConnectProviderInput, opts ...request.Option) (*DeleteOpenIDConnectProviderOutput, error) {
	req, out := c.DeleteOpenIDConnectProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeletePolicy = "DeletePolicy"

// DeletePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeletePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeletePolicy for more information on using the DeletePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeletePolicyRequest method.
//    req, resp := client.DeletePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletePolicy
func (c *IAM) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) {
	op := &request.Operation{
		Name:       opDeletePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeletePolicyInput{}
	}

	output = &DeletePolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeletePolicy API operation for AWS Identity and Access Management.
//
// Deletes the specified managed policy.
//
// Before you can delete a managed policy, you must first detach the policy
// from all users, groups, and roles that it is attached to. In addition, you
// must delete all the policy's versions. The following steps describe the process
// for deleting a managed policy:
//
//    * Detach the policy from all users, groups, and roles that the policy
//    is attached to, using DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy.
//    To list all the users, groups, and roles that a policy is attached to,
//    use ListEntitiesForPolicy.
//
//    * Delete all versions of the policy using DeletePolicyVersion. To list
//    the policy's versions, use ListPolicyVersions. You cannot use DeletePolicyVersion
//    to delete the version that is marked as the default version. You delete
//    the policy's default version in the next step of the process.
//
//    * Delete the policy (this automatically deletes the policy's default version)
//    using this operation.
//
// For information about managed policies, see Managed policies and inline policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeletePolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeDeleteConflictException "DeleteConflict"
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletePolicy
func (c *IAM) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) {
	req, out := c.DeletePolicyRequest(input)
	return out, req.Send()
}

// DeletePolicyWithContext is the same as DeletePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeletePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) {
	req, out := c.DeletePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeletePolicyVersion = "DeletePolicyVersion"

// DeletePolicyVersionRequest generates a "aws/request.Request" representing the
// client's request for the DeletePolicyVersion operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeletePolicyVersion for more information on using the DeletePolicyVersion
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeletePolicyVersionRequest method.
//    req, resp := client.DeletePolicyVersionRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletePolicyVersion
func (c *IAM) DeletePolicyVersionRequest(input *DeletePolicyVersionInput) (req *request.Request, output *DeletePolicyVersionOutput) {
	op := &request.Operation{
		Name:       opDeletePolicyVersion,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeletePolicyVersionInput{}
	}

	output = &DeletePolicyVersionOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeletePolicyVersion API operation for AWS Identity and Access Management.
//
// Deletes the specified version from the specified managed policy.
//
// You cannot delete the default version from a policy using this operation.
// To delete the default version from a policy, use DeletePolicy. To find out
// which version of a policy is marked as the default version, use ListPolicyVersions.
//
// For information about versions for managed policies, see Versioning for managed
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeletePolicyVersion for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeDeleteConflictException "DeleteConflict"
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletePolicyVersion
func (c *IAM) DeletePolicyVersion(input *DeletePolicyVersionInput) (*DeletePolicyVersionOutput, error) {
	req, out := c.DeletePolicyVersionRequest(input)
	return out, req.Send()
}

// DeletePolicyVersionWithContext is the same as DeletePolicyVersion with the addition of
// the ability to pass a context and additional request options.
//
// See DeletePolicyVersion for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeletePolicyVersionWithContext(ctx aws.Context, input *DeletePolicyVersionInput, opts ...request.Option) (*DeletePolicyVersionOutput, error) {
	req, out := c.DeletePolicyVersionRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteRole = "DeleteRole"

// DeleteRoleRequest generates a "aws/request.Request" representing the
// client's request for the DeleteRole operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteRole for more information on using the DeleteRole
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteRoleRequest method.
//    req, resp := client.DeleteRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRole
func (c *IAM) DeleteRoleRequest(input *DeleteRoleInput) (req *request.Request, output *DeleteRoleOutput) {
	op := &request.Operation{
		Name:       opDeleteRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteRoleInput{}
	}

	output = &DeleteRoleOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteRole API operation for AWS Identity and Access Management.
//
// Deletes the specified role. The role must not have any policies attached.
// For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
//
// Make sure that you do not have any Amazon EC2 instances running with the
// role you are about to delete. Deleting a role or instance profile that is
// associated with a running instance will break any applications running on
// the instance.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteRole for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeDeleteConflictException "DeleteConflict"
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRole
func (c *IAM) DeleteRole(input *DeleteRoleInput) (*DeleteRoleOutput, error) {
	req, out := c.DeleteRoleRequest(input)
	return out, req.Send()
}

// DeleteRoleWithContext is the same as DeleteRole with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteRole for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteRoleWithContext(ctx aws.Context, input *DeleteRoleInput, opts ...request.Option) (*DeleteRoleOutput, error) {
	req, out := c.DeleteRoleRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteRolePermissionsBoundary = "DeleteRolePermissionsBoundary"

// DeleteRolePermissionsBoundaryRequest generates a "aws/request.Request" representing the
// client's request for the DeleteRolePermissionsBoundary operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteRolePermissionsBoundary for more information on using the DeleteRolePermissionsBoundary
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteRolePermissionsBoundaryRequest method.
//    req, resp := client.DeleteRolePermissionsBoundaryRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRolePermissionsBoundary
func (c *IAM) DeleteRolePermissionsBoundaryRequest(input *DeleteRolePermissionsBoundaryInput) (req *request.Request, output *DeleteRolePermissionsBoundaryOutput) {
	op := &request.Operation{
		Name:       opDeleteRolePermissionsBoundary,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteRolePermissionsBoundaryInput{}
	}

	output = &DeleteRolePermissionsBoundaryOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteRolePermissionsBoundary API operation for AWS Identity and Access Management.
//
// Deletes the permissions boundary for the specified IAM role.
//
// Deleting the permissions boundary for a role might increase its permissions.
// For example, it might allow anyone who assumes the role to perform all the
// actions granted in its permissions policies.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteRolePermissionsBoundary for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRolePermissionsBoundary
func (c *IAM) DeleteRolePermissionsBoundary(input *DeleteRolePermissionsBoundaryInput) (*DeleteRolePermissionsBoundaryOutput, error) {
	req, out := c.DeleteRolePermissionsBoundaryRequest(input)
	return out, req.Send()
}

// DeleteRolePermissionsBoundaryWithContext is the same as DeleteRolePermissionsBoundary with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteRolePermissionsBoundary for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteRolePermissionsBoundaryWithContext(ctx aws.Context, input *DeleteRolePermissionsBoundaryInput, opts ...request.Option) (*DeleteRolePermissionsBoundaryOutput, error) {
	req, out := c.DeleteRolePermissionsBoundaryRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteRolePolicy = "DeleteRolePolicy"

// DeleteRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteRolePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteRolePolicy for more information on using the DeleteRolePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteRolePolicyRequest method.
//    req, resp := client.DeleteRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRolePolicy
func (c *IAM) DeleteRolePolicyRequest(input *DeleteRolePolicyInput) (req *request.Request, output *DeleteRolePolicyOutput) {
	op := &request.Operation{
		Name:       opDeleteRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteRolePolicyInput{}
	}

	output = &DeleteRolePolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteRolePolicy API operation for AWS Identity and Access Management.
//
// Deletes the specified inline policy that is embedded in the specified IAM
// role.
//
// A role can also have managed policies attached to it. To detach a managed
// policy from a role, use DetachRolePolicy. For more information about policies,
// refer to Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRolePolicy
func (c *IAM) DeleteRolePolicy(input *DeleteRolePolicyInput) (*DeleteRolePolicyOutput, error) {
	req, out := c.DeleteRolePolicyRequest(input)
	return out, req.Send()
}

// DeleteRolePolicyWithContext is the same as DeleteRolePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteRolePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteRolePolicyWithContext(ctx aws.Context, input *DeleteRolePolicyInput, opts ...request.Option) (*DeleteRolePolicyOutput, error) {
	req, out := c.DeleteRolePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteSAMLProvider = "DeleteSAMLProvider"

// DeleteSAMLProviderRequest generates a "aws/request.Request" representing the
// client's request for the DeleteSAMLProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteSAMLProvider for more information on using the DeleteSAMLProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteSAMLProviderRequest method.
//    req, resp := client.DeleteSAMLProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSAMLProvider
func (c *IAM) DeleteSAMLProviderRequest(input *DeleteSAMLProviderInput) (req *request.Request, output *DeleteSAMLProviderOutput) {
	op := &request.Operation{
		Name:       opDeleteSAMLProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteSAMLProviderInput{}
	}

	output = &DeleteSAMLProviderOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteSAMLProvider API operation for AWS Identity and Access Management.
//
// Deletes a SAML provider resource in IAM.
//
// Deleting the provider resource from IAM does not update any roles that reference
// the SAML provider resource's ARN as a principal in their trust policies.
// Any attempt to assume a role that references a non-existent provider resource
// ARN fails.
//
// This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteSAMLProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSAMLProvider
func (c *IAM) DeleteSAMLProvider(input *DeleteSAMLProviderInput) (*DeleteSAMLProviderOutput, error) {
	req, out := c.DeleteSAMLProviderRequest(input)
	return out, req.Send()
}

// DeleteSAMLProviderWithContext is the same as DeleteSAMLProvider with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteSAMLProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteSAMLProviderWithContext(ctx aws.Context, input *DeleteSAMLProviderInput, opts ...request.Option) (*DeleteSAMLProviderOutput, error) {
	req, out := c.DeleteSAMLProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteSSHPublicKey = "DeleteSSHPublicKey"

// DeleteSSHPublicKeyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteSSHPublicKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteSSHPublicKey for more information on using the DeleteSSHPublicKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteSSHPublicKeyRequest method.
//    req, resp := client.DeleteSSHPublicKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSSHPublicKey
func (c *IAM) DeleteSSHPublicKeyRequest(input *DeleteSSHPublicKeyInput) (req *request.Request, output *DeleteSSHPublicKeyOutput) {
	op := &request.Operation{
		Name:       opDeleteSSHPublicKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteSSHPublicKeyInput{}
	}

	output = &DeleteSSHPublicKeyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteSSHPublicKey API operation for AWS Identity and Access Management.
//
// Deletes the specified SSH public key.
//
// The SSH public key deleted by this operation is used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information
// about using SSH keys to authenticate to an CodeCommit repository, see Set
// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the CodeCommit User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteSSHPublicKey for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSSHPublicKey
func (c *IAM) DeleteSSHPublicKey(input *DeleteSSHPublicKeyInput) (*DeleteSSHPublicKeyOutput, error) {
	req, out := c.DeleteSSHPublicKeyRequest(input)
	return out, req.Send()
}

// DeleteSSHPublicKeyWithContext is the same as DeleteSSHPublicKey with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteSSHPublicKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteSSHPublicKeyWithContext(ctx aws.Context, input *DeleteSSHPublicKeyInput, opts ...request.Option) (*DeleteSSHPublicKeyOutput, error) {
	req, out := c.DeleteSSHPublicKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteServerCertificate = "DeleteServerCertificate"

// DeleteServerCertificateRequest generates a "aws/request.Request" representing the
// client's request for the DeleteServerCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteServerCertificate for more information on using the DeleteServerCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteServerCertificateRequest method.
//    req, resp := client.DeleteServerCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServerCertificate
func (c *IAM) DeleteServerCertificateRequest(input *DeleteServerCertificateInput) (req *request.Request, output *DeleteServerCertificateOutput) {
	op := &request.Operation{
		Name:       opDeleteServerCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteServerCertificateInput{}
	}

	output = &DeleteServerCertificateOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteServerCertificate API operation for AWS Identity and Access Management.
//
// Deletes the specified server certificate.
//
// For more information about working with server certificates, see Working
// with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. This topic also includes a list of Amazon Web Services
// services that can use the server certificates that you manage with IAM.
//
// If you are using a server certificate with Elastic Load Balancing, deleting
// the certificate could have implications for your application. If Elastic
// Load Balancing doesn't detect the deletion of bound certificates, it may
// continue to use the certificates. This could cause Elastic Load Balancing
// to stop accepting traffic. We recommend that you remove the reference to
// the certificate from Elastic Load Balancing before using this command to
// delete the certificate. For more information, see DeleteLoadBalancerListeners
// (https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html)
// in the Elastic Load Balancing API Reference.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteServerCertificate for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeDeleteConflictException "DeleteConflict"
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServerCertificate
func (c *IAM) DeleteServerCertificate(input *DeleteServerCertificateInput) (*DeleteServerCertificateOutput, error) {
	req, out := c.DeleteServerCertificateRequest(input)
	return out, req.Send()
}

// DeleteServerCertificateWithContext is the same as DeleteServerCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteServerCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteServerCertificateWithContext(ctx aws.Context, input *DeleteServerCertificateInput, opts ...request.Option) (*DeleteServerCertificateOutput, error) {
	req, out := c.DeleteServerCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteServiceLinkedRole = "DeleteServiceLinkedRole"

// DeleteServiceLinkedRoleRequest generates a "aws/request.Request" representing the
// client's request for the DeleteServiceLinkedRole operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteServiceLinkedRole for more information on using the DeleteServiceLinkedRole
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteServiceLinkedRoleRequest method.
//    req, resp := client.DeleteServiceLinkedRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceLinkedRole
func (c *IAM) DeleteServiceLinkedRoleRequest(input *DeleteServiceLinkedRoleInput) (req *request.Request, output *DeleteServiceLinkedRoleOutput) {
	op := &request.Operation{
		Name:       opDeleteServiceLinkedRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteServiceLinkedRoleInput{}
	}

	output = &DeleteServiceLinkedRoleOutput{}
	req = c.newRequest(op, input, output)
	return
}

// DeleteServiceLinkedRole API operation for AWS Identity and Access Management.
//
// Submits a service-linked role deletion request and returns a DeletionTaskId,
// which you can use to check the status of the deletion. Before you call this
// operation, confirm that the role has no active sessions and that any resources
// used by the role in the linked service are deleted. If you call this operation
// more than once for the same service-linked role and an earlier deletion task
// is not complete, then the DeletionTaskId of the earlier request is returned.
//
// If you submit a deletion request for a service-linked role whose linked service
// is still accessing a resource, then the deletion task fails. If it fails,
// the GetServiceLinkedRoleDeletionStatus operation returns the reason for the
// failure, usually including the resources that must be deleted. To delete
// the service-linked role, you must first remove those resources from the linked
// service and then submit the deletion request again. Resources are specific
// to the service that is linked to the role. For more information about removing
// resources from a service, see the Amazon Web Services documentation (http://docs.aws.amazon.com/)
// for your service.
//
// For more information about service-linked roles, see Roles terms and concepts:
// Amazon Web Services service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteServiceLinkedRole for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceLinkedRole
func (c *IAM) DeleteServiceLinkedRole(input *DeleteServiceLinkedRoleInput) (*DeleteServiceLinkedRoleOutput, error) {
	req, out := c.DeleteServiceLinkedRoleRequest(input)
	return out, req.Send()
}

// DeleteServiceLinkedRoleWithContext is the same as DeleteServiceLinkedRole with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteServiceLinkedRole for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteServiceLinkedRoleWithContext(ctx aws.Context, input *DeleteServiceLinkedRoleInput, opts ...request.Option) (*DeleteServiceLinkedRoleOutput, error) {
	req, out := c.DeleteServiceLinkedRoleRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteServiceSpecificCredential = "DeleteServiceSpecificCredential"

// DeleteServiceSpecificCredentialRequest generates a "aws/request.Request" representing the
// client's request for the DeleteServiceSpecificCredential operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteServiceSpecificCredential for more information on using the DeleteServiceSpecificCredential
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteServiceSpecificCredentialRequest method.
//    req, resp := client.DeleteServiceSpecificCredentialRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceSpecificCredential
func (c *IAM) DeleteServiceSpecificCredentialRequest(input *DeleteServiceSpecificCredentialInput) (req *request.Request, output *DeleteServiceSpecificCredentialOutput) {
	op := &request.Operation{
		Name:       opDeleteServiceSpecificCredential,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteServiceSpecificCredentialInput{}
	}

	output = &DeleteServiceSpecificCredentialOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteServiceSpecificCredential API operation for AWS Identity and Access Management.
//
// Deletes the specified service-specific credential.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteServiceSpecificCredential for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceSpecificCredential
func (c *IAM) DeleteServiceSpecificCredential(input *DeleteServiceSpecificCredentialInput) (*DeleteServiceSpecificCredentialOutput, error) {
	req, out := c.DeleteServiceSpecificCredentialRequest(input)
	return out, req.Send()
}

// DeleteServiceSpecificCredentialWithContext is the same as DeleteServiceSpecificCredential with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteServiceSpecificCredential for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteServiceSpecificCredentialWithContext(ctx aws.Context, input *DeleteServiceSpecificCredentialInput, opts ...request.Option) (*DeleteServiceSpecificCredentialOutput, error) {
	req, out := c.DeleteServiceSpecificCredentialRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteSigningCertificate = "DeleteSigningCertificate"

// DeleteSigningCertificateRequest generates a "aws/request.Request" representing the
// client's request for the DeleteSigningCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteSigningCertificate for more information on using the DeleteSigningCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteSigningCertificateRequest method.
//    req, resp := client.DeleteSigningCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSigningCertificate
func (c *IAM) DeleteSigningCertificateRequest(input *DeleteSigningCertificateInput) (req *request.Request, output *DeleteSigningCertificateOutput) {
	op := &request.Operation{
		Name:       opDeleteSigningCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteSigningCertificateInput{}
	}

	output = &DeleteSigningCertificateOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteSigningCertificate API operation for AWS Identity and Access Management.
//
// Deletes a signing certificate associated with the specified IAM user.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request. This
// operation works for access keys under the Amazon Web Services account. Consequently,
// you can use this operation to manage Amazon Web Services account root user
// credentials even if the Amazon Web Services account has no associated IAM
// users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteSigningCertificate for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSigningCertificate
func (c *IAM) DeleteSigningCertificate(input *DeleteSigningCertificateInput) (*DeleteSigningCertificateOutput, error) {
	req, out := c.DeleteSigningCertificateRequest(input)
	return out, req.Send()
}

// DeleteSigningCertificateWithContext is the same as DeleteSigningCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteSigningCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteSigningCertificateWithContext(ctx aws.Context, input *DeleteSigningCertificateInput, opts ...request.Option) (*DeleteSigningCertificateOutput, error) {
	req, out := c.DeleteSigningCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteUser = "DeleteUser"

// DeleteUserRequest generates a "aws/request.Request" representing the
// client's request for the DeleteUser operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteUser for more information on using the DeleteUser
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteUserRequest method.
//    req, resp := client.DeleteUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUser
func (c *IAM) DeleteUserRequest(input *DeleteUserInput) (req *request.Request, output *DeleteUserOutput) {
	op := &request.Operation{
		Name:       opDeleteUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteUserInput{}
	}

	output = &DeleteUserOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteUser API operation for AWS Identity and Access Management.
//
// Deletes the specified IAM user. Unlike the Amazon Web Services Management
// Console, when you delete a user programmatically, you must delete the items
// attached to the user manually, or the deletion fails. For more information,
// see Deleting an IAM user (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli).
// Before attempting to delete a user, remove the following items:
//
//    * Password (DeleteLoginProfile)
//
//    * Access keys (DeleteAccessKey)
//
//    * Signing certificate (DeleteSigningCertificate)
//
//    * SSH public key (DeleteSSHPublicKey)
//
//    * Git credentials (DeleteServiceSpecificCredential)
//
//    * Multi-factor authentication (MFA) device (DeactivateMFADevice, DeleteVirtualMFADevice)
//
//    * Inline policies (DeleteUserPolicy)
//
//    * Attached managed policies (DetachUserPolicy)
//
//    * Group memberships (RemoveUserFromGroup)
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteUser for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeDeleteConflictException "DeleteConflict"
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUser
func (c *IAM) DeleteUser(input *DeleteUserInput) (*DeleteUserOutput, error) {
	req, out := c.DeleteUserRequest(input)
	return out, req.Send()
}

// DeleteUserWithContext is the same as DeleteUser with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteUser for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteUserWithContext(ctx aws.Context, input *DeleteUserInput, opts ...request.Option) (*DeleteUserOutput, error) {
	req, out := c.DeleteUserRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteUserPermissionsBoundary = "DeleteUserPermissionsBoundary"

// DeleteUserPermissionsBoundaryRequest generates a "aws/request.Request" representing the
// client's request for the DeleteUserPermissionsBoundary operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteUserPermissionsBoundary for more information on using the DeleteUserPermissionsBoundary
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteUserPermissionsBoundaryRequest method.
//    req, resp := client.DeleteUserPermissionsBoundaryRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUserPermissionsBoundary
func (c *IAM) DeleteUserPermissionsBoundaryRequest(input *DeleteUserPermissionsBoundaryInput) (req *request.Request, output *DeleteUserPermissionsBoundaryOutput) {
	op := &request.Operation{
		Name:       opDeleteUserPermissionsBoundary,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteUserPermissionsBoundaryInput{}
	}

	output = &DeleteUserPermissionsBoundaryOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteUserPermissionsBoundary API operation for AWS Identity and Access Management.
//
// Deletes the permissions boundary for the specified IAM user.
//
// Deleting the permissions boundary for a user might increase its permissions
// by allowing the user to perform all the actions granted in its permissions
// policies.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteUserPermissionsBoundary for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUserPermissionsBoundary
func (c *IAM) DeleteUserPermissionsBoundary(input *DeleteUserPermissionsBoundaryInput) (*DeleteUserPermissionsBoundaryOutput, error) {
	req, out := c.DeleteUserPermissionsBoundaryRequest(input)
	return out, req.Send()
}

// DeleteUserPermissionsBoundaryWithContext is the same as DeleteUserPermissionsBoundary with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteUserPermissionsBoundary for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteUserPermissionsBoundaryWithContext(ctx aws.Context, input *DeleteUserPermissionsBoundaryInput, opts ...request.Option) (*DeleteUserPermissionsBoundaryOutput, error) {
	req, out := c.DeleteUserPermissionsBoundaryRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteUserPolicy = "DeleteUserPolicy"

// DeleteUserPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteUserPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteUserPolicy for more information on using the DeleteUserPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteUserPolicyRequest method.
//    req, resp := client.DeleteUserPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUserPolicy
func (c *IAM) DeleteUserPolicyRequest(input *DeleteUserPolicyInput) (req *request.Request, output *DeleteUserPolicyOutput) {
	op := &request.Operation{
		Name:       opDeleteUserPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteUserPolicyInput{}
	}

	output = &DeleteUserPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteUserPolicy API operation for AWS Identity and Access Management.
//
// Deletes the specified inline policy that is embedded in the specified IAM
// user.
//
// A user can also have managed policies attached to it. To detach a managed
// policy from a user, use DetachUserPolicy. For more information about policies,
// refer to Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteUserPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUserPolicy
func (c *IAM) DeleteUserPolicy(input *DeleteUserPolicyInput) (*DeleteUserPolicyOutput, error) {
	req, out := c.DeleteUserPolicyRequest(input)
	return out, req.Send()
}

// DeleteUserPolicyWithContext is the same as DeleteUserPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteUserPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteUserPolicyWithContext(ctx aws.Context, input *DeleteUserPolicyInput, opts ...request.Option) (*DeleteUserPolicyOutput, error) {
	req, out := c.DeleteUserPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteVirtualMFADevice = "DeleteVirtualMFADevice"

// DeleteVirtualMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the DeleteVirtualMFADevice operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteVirtualMFADevice for more information on using the DeleteVirtualMFADevice
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DeleteVirtualMFADeviceRequest method.
//    req, resp := client.DeleteVirtualMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteVirtualMFADevice
func (c *IAM) DeleteVirtualMFADeviceRequest(input *DeleteVirtualMFADeviceInput) (req *request.Request, output *DeleteVirtualMFADeviceOutput) {
	op := &request.Operation{
		Name:       opDeleteVirtualMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteVirtualMFADeviceInput{}
	}

	output = &DeleteVirtualMFADeviceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteVirtualMFADevice API operation for AWS Identity and Access Management.
//
// Deletes a virtual MFA device.
//
// You must deactivate a user's virtual MFA device before you can delete it.
// For information about deactivating MFA devices, see DeactivateMFADevice.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteVirtualMFADevice for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeDeleteConflictException "DeleteConflict"
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteVirtualMFADevice
func (c *IAM) DeleteVirtualMFADevice(input *DeleteVirtualMFADeviceInput) (*DeleteVirtualMFADeviceOutput, error) {
	req, out := c.DeleteVirtualMFADeviceRequest(input)
	return out, req.Send()
}

// DeleteVirtualMFADeviceWithContext is the same as DeleteVirtualMFADevice with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteVirtualMFADevice for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DeleteVirtualMFADeviceWithContext(ctx aws.Context, input *DeleteVirtualMFADeviceInput, opts ...request.Option) (*DeleteVirtualMFADeviceOutput, error) {
	req, out := c.DeleteVirtualMFADeviceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDetachGroupPolicy = "DetachGroupPolicy"

// DetachGroupPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DetachGroupPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DetachGroupPolicy for more information on using the DetachGroupPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DetachGroupPolicyRequest method.
//    req, resp := client.DetachGroupPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachGroupPolicy
func (c *IAM) DetachGroupPolicyRequest(input *DetachGroupPolicyInput) (req *request.Request, output *DetachGroupPolicyOutput) {
	op := &request.Operation{
		Name:       opDetachGroupPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DetachGroupPolicyInput{}
	}

	output = &DetachGroupPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DetachGroupPolicy API operation for AWS Identity and Access Management.
//
// Removes the specified managed policy from the specified IAM group.
//
// A group can also have inline policies embedded with it. To delete an inline
// policy, use DeleteGroupPolicy. For information about policies, see Managed
// policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DetachGroupPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachGroupPolicy
func (c *IAM) DetachGroupPolicy(input *DetachGroupPolicyInput) (*DetachGroupPolicyOutput, error) {
	req, out := c.DetachGroupPolicyRequest(input)
	return out, req.Send()
}

// DetachGroupPolicyWithContext is the same as DetachGroupPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DetachGroupPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DetachGroupPolicyWithContext(ctx aws.Context, input *DetachGroupPolicyInput, opts ...request.Option) (*DetachGroupPolicyOutput, error) {
	req, out := c.DetachGroupPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDetachRolePolicy = "DetachRolePolicy"

// DetachRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DetachRolePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DetachRolePolicy for more information on using the DetachRolePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DetachRolePolicyRequest method.
//    req, resp := client.DetachRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachRolePolicy
func (c *IAM) DetachRolePolicyRequest(input *DetachRolePolicyInput) (req *request.Request, output *DetachRolePolicyOutput) {
	op := &request.Operation{
		Name:       opDetachRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DetachRolePolicyInput{}
	}

	output = &DetachRolePolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DetachRolePolicy API operation for AWS Identity and Access Management.
//
// Removes the specified managed policy from the specified role.
//
// A role can also have inline policies embedded with it. To delete an inline
// policy, use DeleteRolePolicy. For information about policies, see Managed
// policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DetachRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachRolePolicy
func (c *IAM) DetachRolePolicy(input *DetachRolePolicyInput) (*DetachRolePolicyOutput, error) {
	req, out := c.DetachRolePolicyRequest(input)
	return out, req.Send()
}

// DetachRolePolicyWithContext is the same as DetachRolePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DetachRolePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DetachRolePolicyWithContext(ctx aws.Context, input *DetachRolePolicyInput, opts ...request.Option) (*DetachRolePolicyOutput, error) {
	req, out := c.DetachRolePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDetachUserPolicy = "DetachUserPolicy"

// DetachUserPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DetachUserPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DetachUserPolicy for more information on using the DetachUserPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the DetachUserPolicyRequest method.
//    req, resp := client.DetachUserPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachUserPolicy
func (c *IAM) DetachUserPolicyRequest(input *DetachUserPolicyInput) (req *request.Request, output *DetachUserPolicyOutput) {
	op := &request.Operation{
		Name:       opDetachUserPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DetachUserPolicyInput{}
	}

	output = &DetachUserPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DetachUserPolicy API operation for AWS Identity and Access Management.
//
// Removes the specified managed policy from the specified user.
//
// A user can also have inline policies embedded with it. To delete an inline
// policy, use DeleteUserPolicy. For information about policies, see Managed
// policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DetachUserPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachUserPolicy
func (c *IAM) DetachUserPolicy(input *DetachUserPolicyInput) (*DetachUserPolicyOutput, error) {
	req, out := c.DetachUserPolicyRequest(input)
	return out, req.Send()
}

// DetachUserPolicyWithContext is the same as DetachUserPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DetachUserPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) DetachUserPolicyWithContext(ctx aws.Context, input *DetachUserPolicyInput, opts ...request.Option) (*DetachUserPolicyOutput, error) {
	req, out := c.DetachUserPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opEnableMFADevice = "EnableMFADevice"

// EnableMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the EnableMFADevice operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See EnableMFADevice for more information on using the EnableMFADevice
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the EnableMFADeviceRequest method.
//    req, resp := client.EnableMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableMFADevice
func (c *IAM) EnableMFADeviceRequest(input *EnableMFADeviceInput) (req *request.Request, output *EnableMFADeviceOutput) {
	op := &request.Operation{
		Name:       opEnableMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &EnableMFADeviceInput{}
	}

	output = &EnableMFADeviceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// EnableMFADevice API operation for AWS Identity and Access Management.
//
// Enables the specified MFA device and associates it with the specified IAM
// user. When enabled, the MFA device is required for every subsequent login
// by the IAM user associated with the device.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation EnableMFADevice for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable"
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * ErrCodeInvalidAuthenticationCodeException "InvalidAuthenticationCode"
//   The request was rejected because the authentication code was not recognized.
//   The error message describes the specific error.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableMFADevice
func (c *IAM) EnableMFADevice(input *EnableMFADeviceInput) (*EnableMFADeviceOutput, error) {
	req, out := c.EnableMFADeviceRequest(input)
	return out, req.Send()
}

// EnableMFADeviceWithContext is the same as EnableMFADevice with the addition of
// the ability to pass a context and additional request options.
//
// See EnableMFADevice for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) EnableMFADeviceWithContext(ctx aws.Context, input *EnableMFADeviceInput, opts ...request.Option) (*EnableMFADeviceOutput, error) {
	req, out := c.EnableMFADeviceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGenerateCredentialReport = "GenerateCredentialReport"

// GenerateCredentialReportRequest generates a "aws/request.Request" representing the
// client's request for the GenerateCredentialReport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GenerateCredentialReport for more information on using the GenerateCredentialReport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GenerateCredentialReportRequest method.
//    req, resp := client.GenerateCredentialReportRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateCredentialReport
func (c *IAM) GenerateCredentialReportRequest(input *GenerateCredentialReportInput) (req *request.Request, output *GenerateCredentialReportOutput) {
	op := &request.Operation{
		Name:       opGenerateCredentialReport,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GenerateCredentialReportInput{}
	}

	output = &GenerateCredentialReportOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GenerateCredentialReport API operation for AWS Identity and Access Management.
//
// Generates a credential report for the Amazon Web Services account. For more
// information about the credential report, see Getting credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GenerateCredentialReport for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateCredentialReport
func (c *IAM) GenerateCredentialReport(input *GenerateCredentialReportInput) (*GenerateCredentialReportOutput, error) {
	req, out := c.GenerateCredentialReportRequest(input)
	return out, req.Send()
}

// GenerateCredentialReportWithContext is the same as GenerateCredentialReport with the addition of
// the ability to pass a context and additional request options.
//
// See GenerateCredentialReport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GenerateCredentialReportWithContext(ctx aws.Context, input *GenerateCredentialReportInput, opts ...request.Option) (*GenerateCredentialReportOutput, error) {
	req, out := c.GenerateCredentialReportRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGenerateOrganizationsAccessReport = "GenerateOrganizationsAccessReport"

// GenerateOrganizationsAccessReportRequest generates a "aws/request.Request" representing the
// client's request for the GenerateOrganizationsAccessReport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GenerateOrganizationsAccessReport for more information on using the GenerateOrganizationsAccessReport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GenerateOrganizationsAccessReportRequest method.
//    req, resp := client.GenerateOrganizationsAccessReportRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateOrganizationsAccessReport
func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizationsAccessReportInput) (req *request.Request, output *GenerateOrganizationsAccessReportOutput) {
	op := &request.Operation{
		Name:       opGenerateOrganizationsAccessReport,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GenerateOrganizationsAccessReportInput{}
	}

	output = &GenerateOrganizationsAccessReportOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GenerateOrganizationsAccessReport API operation for AWS Identity and Access Management.
//
// Generates a report for service last accessed data for Organizations. You
// can generate a report for any entities (organization root, organizational
// unit, or account) or policies in your organization.
//
// To call this operation, you must be signed in using your Organizations management
// account credentials. You can use your long-term IAM user or root user credentials,
// or temporary credentials from assuming an IAM role. SCPs must be enabled
// for your organization root. You must have the required IAM and Organizations
// permissions. For more information, see Refining permissions using service
// last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// You can generate a service last accessed data report for entities by specifying
// only the entity's path. This data includes a list of services that are allowed
// by any service control policies (SCPs) that apply to the entity.
//
// You can generate a service last accessed data report for a policy by specifying
// an entity's path and an optional Organizations policy ID. This data includes
// a list of services that are allowed by the specified SCP.
//
// For each service in both report types, the data includes the most recent
// account activity that the policy allows to account principals in the entity
// or the entity's children. For important information about the data, reporting
// period, permissions required, troubleshooting, and supported Regions see
// Reducing permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// The data includes all attempts to access Amazon Web Services, not just the
// successful ones. This includes all attempts that were made using the Amazon
// Web Services Management Console, the Amazon Web Services API through any
// of the SDKs, or any of the command line tools. An unexpected entry in the
// service last accessed data does not mean that an account has been compromised,
// because the request might have been denied. Refer to your CloudTrail logs
// as the authoritative source for information about all API calls and whether
// they were successful or denied access. For more information, see Logging
// IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
// in the IAM User Guide.
//
// This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport
// operation to check the status of the report generation. To check the status
// of this request, use the JobId parameter in the GetOrganizationsAccessReport
// operation and test the JobStatus response parameter. When the job is complete,
// you can retrieve the report.
//
// To generate a service last accessed data report for entities, specify an
// entity path without specifying the optional Organizations policy ID. The
// type of entity that you specify determines the data returned in the report.
//
//    * Root – When you specify the organizations root as the entity, the
//    resulting report lists all of the services allowed by SCPs that are attached
//    to your root. For each service, the report includes data for all accounts
//    in your organization except the management account, because the management
//    account is not limited by SCPs.
//
//    * OU – When you specify an organizational unit (OU) as the entity, the
//    resulting report lists all of the services allowed by SCPs that are attached
//    to the OU and its parents. For each service, the report includes data
//    for all accounts in the OU or its children. This data excludes the management
//    account, because the management account is not limited by SCPs.
//
//    * management account – When you specify the management account, the
//    resulting report lists all Amazon Web Services services, because the management
//    account is not limited by SCPs. For each service, the report includes
//    data for only the management account.
//
//    * Account – When you specify another account as the entity, the resulting
//    report lists all of the services allowed by SCPs that are attached to
//    the account and its parents. For each service, the report includes data
//    for only the specified account.
//
// To generate a service last accessed data report for policies, specify an
// entity path and the optional Organizations policy ID. The type of entity
// that you specify determines the data returned for each service.
//
//    * Root – When you specify the root entity and a policy ID, the resulting
//    report lists all of the services that are allowed by the specified SCP.
//    For each service, the report includes data for all accounts in your organization
//    to which the SCP applies. This data excludes the management account, because
//    the management account is not limited by SCPs. If the SCP is not attached
//    to any entities in the organization, then the report will return a list
//    of services with no data.
//
//    * OU – When you specify an OU entity and a policy ID, the resulting
//    report lists all of the services that are allowed by the specified SCP.
//    For each service, the report includes data for all accounts in the OU
//    or its children to which the SCP applies. This means that other accounts
//    outside the OU that are affected by the SCP might not be included in the
//    data. This data excludes the management account, because the management
//    account is not limited by SCPs. If the SCP is not attached to the OU or
//    one of its children, the report will return a list of services with no
//    data.
//
//    * management account – When you specify the management account, the
//    resulting report lists all Amazon Web Services services, because the management
//    account is not limited by SCPs. If you specify a policy ID in the CLI
//    or API, the policy is ignored. For each service, the report includes data
//    for only the management account.
//
//    * Account – When you specify another account entity and a policy ID,
//    the resulting report lists all of the services that are allowed by the
//    specified SCP. For each service, the report includes data for only the
//    specified account. This means that other accounts in the organization
//    that are affected by the SCP might not be included in the data. If the
//    SCP is not attached to the account, the report will return a list of services
//    with no data.
//
// Service last accessed data does not use other policy types when determining
// whether a principal could access a service. These other policy types include
// identity-based policies, resource-based policies, access control lists, IAM
// permissions boundaries, and STS assume role policies. It only applies SCP
// logic. For more about the evaluation of policy types, see Evaluating policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
// in the IAM User Guide.
//
// For more information about service last accessed data, see Reducing policy
// scope by viewing user activity (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GenerateOrganizationsAccessReport for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeReportGenerationLimitExceededException "ReportGenerationLimitExceeded"
//   The request failed because the maximum number of concurrent requests for
//   this account are already running.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateOrganizationsAccessReport
func (c *IAM) GenerateOrganizationsAccessReport(input *GenerateOrganizationsAccessReportInput) (*GenerateOrganizationsAccessReportOutput, error) {
	req, out := c.GenerateOrganizationsAccessReportRequest(input)
	return out, req.Send()
}

// GenerateOrganizationsAccessReportWithContext is the same as GenerateOrganizationsAccessReport with the addition of
// the ability to pass a context and additional request options.
//
// See GenerateOrganizationsAccessReport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GenerateOrganizationsAccessReportWithContext(ctx aws.Context, input *GenerateOrganizationsAccessReportInput, opts ...request.Option) (*GenerateOrganizationsAccessReportOutput, error) {
	req, out := c.GenerateOrganizationsAccessReportRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGenerateServiceLastAccessedDetails = "GenerateServiceLastAccessedDetails"

// GenerateServiceLastAccessedDetailsRequest generates a "aws/request.Request" representing the
// client's request for the GenerateServiceLastAccessedDetails operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GenerateServiceLastAccessedDetails for more information on using the GenerateServiceLastAccessedDetails
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GenerateServiceLastAccessedDetailsRequest method.
//    req, resp := client.GenerateServiceLastAccessedDetailsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateServiceLastAccessedDetails
func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLastAccessedDetailsInput) (req *request.Request, output *GenerateServiceLastAccessedDetailsOutput) {
	op := &request.Operation{
		Name:       opGenerateServiceLastAccessedDetails,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GenerateServiceLastAccessedDetailsInput{}
	}

	output = &GenerateServiceLastAccessedDetailsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GenerateServiceLastAccessedDetails API operation for AWS Identity and Access Management.
//
// Generates a report that includes details about when an IAM resource (user,
// group, role, or policy) was last used in an attempt to access Amazon Web
// Services services. Recent activity usually appears within four hours. IAM
// reports activity for the last 365 days, or less if your Region began supporting
// this feature within the last year. For more information, see Regions where
// data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period).
//
// The service last accessed data includes all attempts to access an Amazon
// Web Services API, not just the successful ones. This includes all attempts
// that were made using the Amazon Web Services Management Console, the Amazon
// Web Services API through any of the SDKs, or any of the command line tools.
// An unexpected entry in the service last accessed data does not mean that
// your account has been compromised, because the request might have been denied.
// Refer to your CloudTrail logs as the authoritative source for information
// about all API calls and whether they were successful or denied access. For
// more information, see Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
// in the IAM User Guide.
//
// The GenerateServiceLastAccessedDetails operation returns a JobId. Use this
// parameter in the following operations to retrieve the following details from
// your report:
//
//    * GetServiceLastAccessedDetails – Use this operation for users, groups,
//    roles, or policies to list every Amazon Web Services service that the
//    resource could access using permissions policies. For each service, the
//    response includes information about the most recent access attempt. The
//    JobId returned by GenerateServiceLastAccessedDetail must be used by the
//    same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.
//
//    * GetServiceLastAccessedDetailsWithEntities – Use this operation for
//    groups and policies to list information about the associated entities
//    (users or roles) that attempted to access a specific Amazon Web Services
//    service.
//
// To check the status of the GenerateServiceLastAccessedDetails request, use
// the JobId parameter in the same operations and test the JobStatus response
// parameter.
//
// For additional information about the permissions policies that allow an identity
// (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess
// operation.
//
// Service last accessed data does not use other policy types when determining
// whether a resource could access a service. These other policy types include
// resource-based policies, access control lists, Organizations policies, IAM
// permissions boundaries, and STS assume role policies. It only applies permissions
// policy logic. For more about the evaluation of policy types, see Evaluating
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
// in the IAM User Guide.
//
// For more information about service and action last accessed data, see Reducing
// permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GenerateServiceLastAccessedDetails for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateServiceLastAccessedDetails
func (c *IAM) GenerateServiceLastAccessedDetails(input *GenerateServiceLastAccessedDetailsInput) (*GenerateServiceLastAccessedDetailsOutput, error) {
	req, out := c.GenerateServiceLastAccessedDetailsRequest(input)
	return out, req.Send()
}

// GenerateServiceLastAccessedDetailsWithContext is the same as GenerateServiceLastAccessedDetails with the addition of
// the ability to pass a context and additional request options.
//
// See GenerateServiceLastAccessedDetails for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GenerateServiceLastAccessedDetailsWithContext(ctx aws.Context, input *GenerateServiceLastAccessedDetailsInput, opts ...request.Option) (*GenerateServiceLastAccessedDetailsOutput, error) {
	req, out := c.GenerateServiceLastAccessedDetailsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetAccessKeyLastUsed = "GetAccessKeyLastUsed"

// GetAccessKeyLastUsedRequest generates a "aws/request.Request" representing the
// client's request for the GetAccessKeyLastUsed operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetAccessKeyLastUsed for more information on using the GetAccessKeyLastUsed
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetAccessKeyLastUsedRequest method.
//    req, resp := client.GetAccessKeyLastUsedRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccessKeyLastUsed
func (c *IAM) GetAccessKeyLastUsedRequest(input *GetAccessKeyLastUsedInput) (req *request.Request, output *GetAccessKeyLastUsedOutput) {
	op := &request.Operation{
		Name:       opGetAccessKeyLastUsed,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetAccessKeyLastUsedInput{}
	}

	output = &GetAccessKeyLastUsedOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetAccessKeyLastUsed API operation for AWS Identity and Access Management.
//
// Retrieves information about when the specified access key was last used.
// The information includes the date and time of last use, along with the Amazon
// Web Services service and Region that were specified in the last request made
// with that key.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetAccessKeyLastUsed for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccessKeyLastUsed
func (c *IAM) GetAccessKeyLastUsed(input *GetAccessKeyLastUsedInput) (*GetAccessKeyLastUsedOutput, error) {
	req, out := c.GetAccessKeyLastUsedRequest(input)
	return out, req.Send()
}

// GetAccessKeyLastUsedWithContext is the same as GetAccessKeyLastUsed with the addition of
// the ability to pass a context and additional request options.
//
// See GetAccessKeyLastUsed for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetAccessKeyLastUsedWithContext(ctx aws.Context, input *GetAccessKeyLastUsedInput, opts ...request.Option) (*GetAccessKeyLastUsedOutput, error) {
	req, out := c.GetAccessKeyLastUsedRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetAccountAuthorizationDetails = "GetAccountAuthorizationDetails"

// GetAccountAuthorizationDetailsRequest generates a "aws/request.Request" representing the
// client's request for the GetAccountAuthorizationDetails operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetAccountAuthorizationDetails for more information on using the GetAccountAuthorizationDetails
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetAccountAuthorizationDetailsRequest method.
//    req, resp := client.GetAccountAuthorizationDetailsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountAuthorizationDetails
func (c *IAM) GetAccountAuthorizationDetailsRequest(input *GetAccountAuthorizationDetailsInput) (req *request.Request, output *GetAccountAuthorizationDetailsOutput) {
	op := &request.Operation{
		Name:       opGetAccountAuthorizationDetails,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &GetAccountAuthorizationDetailsInput{}
	}

	output = &GetAccountAuthorizationDetailsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetAccountAuthorizationDetails API operation for AWS Identity and Access Management.
//
// Retrieves information about all IAM users, groups, roles, and policies in
// your Amazon Web Services account, including their relationships to one another.
// Use this operation to obtain a snapshot of the configuration of IAM permissions
// (users, groups, roles, and policies) in your account.
//
// Policies returned by this operation are URL-encoded compliant with RFC 3986
// (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method
// to convert the policy back to plain JSON text. For example, if you use Java,
// you can use the decode method of the java.net.URLDecoder utility class in
// the Java SDK. Other languages and SDKs provide similar functionality.
//
// You can optionally filter the results using the Filter parameter. You can
// paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetAccountAuthorizationDetails for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountAuthorizationDetails
func (c *IAM) GetAccountAuthorizationDetails(input *GetAccountAuthorizationDetailsInput) (*GetAccountAuthorizationDetailsOutput, error) {
	req, out := c.GetAccountAuthorizationDetailsRequest(input)
	return out, req.Send()
}

// GetAccountAuthorizationDetailsWithContext is the same as GetAccountAuthorizationDetails with the addition of
// the ability to pass a context and additional request options.
//
// See GetAccountAuthorizationDetails for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetAccountAuthorizationDetailsWithContext(ctx aws.Context, input *GetAccountAuthorizationDetailsInput, opts ...request.Option) (*GetAccountAuthorizationDetailsOutput, error) {
	req, out := c.GetAccountAuthorizationDetailsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// GetAccountAuthorizationDetailsPages iterates over the pages of a GetAccountAuthorizationDetails operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See GetAccountAuthorizationDetails method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a GetAccountAuthorizationDetails operation.
//    pageNum := 0
//    err := client.GetAccountAuthorizationDetailsPages(params,
//        func(page *iam.GetAccountAuthorizationDetailsOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) GetAccountAuthorizationDetailsPages(input *GetAccountAuthorizationDetailsInput, fn func(*GetAccountAuthorizationDetailsOutput, bool) bool) error {
	return c.GetAccountAuthorizationDetailsPagesWithContext(aws.BackgroundContext(), input, fn)
}

// GetAccountAuthorizationDetailsPagesWithContext same as GetAccountAuthorizationDetailsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetAccountAuthorizationDetailsPagesWithContext(ctx aws.Context, input *GetAccountAuthorizationDetailsInput, fn func(*GetAccountAuthorizationDetailsOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *GetAccountAuthorizationDetailsInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.GetAccountAuthorizationDetailsRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*GetAccountAuthorizationDetailsOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opGetAccountPasswordPolicy = "GetAccountPasswordPolicy"

// GetAccountPasswordPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetAccountPasswordPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetAccountPasswordPolicy for more information on using the GetAccountPasswordPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetAccountPasswordPolicyRequest method.
//    req, resp := client.GetAccountPasswordPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountPasswordPolicy
func (c *IAM) GetAccountPasswordPolicyRequest(input *GetAccountPasswordPolicyInput) (req *request.Request, output *GetAccountPasswordPolicyOutput) {
	op := &request.Operation{
		Name:       opGetAccountPasswordPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetAccountPasswordPolicyInput{}
	}

	output = &GetAccountPasswordPolicyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetAccountPasswordPolicy API operation for AWS Identity and Access Management.
//
// Retrieves the password policy for the Amazon Web Services account. This tells
// you the complexity requirements and mandatory rotation periods for the IAM
// user passwords in your account. For more information about using a password
// policy, see Managing an IAM password policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetAccountPasswordPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountPasswordPolicy
func (c *IAM) GetAccountPasswordPolicy(input *GetAccountPasswordPolicyInput) (*GetAccountPasswordPolicyOutput, error) {
	req, out := c.GetAccountPasswordPolicyRequest(input)
	return out, req.Send()
}

// GetAccountPasswordPolicyWithContext is the same as GetAccountPasswordPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See GetAccountPasswordPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetAccountPasswordPolicyWithContext(ctx aws.Context, input *GetAccountPasswordPolicyInput, opts ...request.Option) (*GetAccountPasswordPolicyOutput, error) {
	req, out := c.GetAccountPasswordPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetAccountSummary = "GetAccountSummary"

// GetAccountSummaryRequest generates a "aws/request.Request" representing the
// client's request for the GetAccountSummary operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetAccountSummary for more information on using the GetAccountSummary
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetAccountSummaryRequest method.
//    req, resp := client.GetAccountSummaryRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountSummary
func (c *IAM) GetAccountSummaryRequest(input *GetAccountSummaryInput) (req *request.Request, output *GetAccountSummaryOutput) {
	op := &request.Operation{
		Name:       opGetAccountSummary,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetAccountSummaryInput{}
	}

	output = &GetAccountSummaryOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetAccountSummary API operation for AWS Identity and Access Management.
//
// Retrieves information about IAM entity usage and IAM quotas in the Amazon
// Web Services account.
//
// For information about IAM quotas, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetAccountSummary for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountSummary
func (c *IAM) GetAccountSummary(input *GetAccountSummaryInput) (*GetAccountSummaryOutput, error) {
	req, out := c.GetAccountSummaryRequest(input)
	return out, req.Send()
}

// GetAccountSummaryWithContext is the same as GetAccountSummary with the addition of
// the ability to pass a context and additional request options.
//
// See GetAccountSummary for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetAccountSummaryWithContext(ctx aws.Context, input *GetAccountSummaryInput, opts ...request.Option) (*GetAccountSummaryOutput, error) {
	req, out := c.GetAccountSummaryRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetContextKeysForCustomPolicy = "GetContextKeysForCustomPolicy"

// GetContextKeysForCustomPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetContextKeysForCustomPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetContextKeysForCustomPolicy for more information on using the GetContextKeysForCustomPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetContextKeysForCustomPolicyRequest method.
//    req, resp := client.GetContextKeysForCustomPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetContextKeysForCustomPolicy
func (c *IAM) GetContextKeysForCustomPolicyRequest(input *GetContextKeysForCustomPolicyInput) (req *request.Request, output *GetContextKeysForPolicyResponse) {
	op := &request.Operation{
		Name:       opGetContextKeysForCustomPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetContextKeysForCustomPolicyInput{}
	}

	output = &GetContextKeysForPolicyResponse{}
	req = c.newRequest(op, input, output)
	return
}

// GetContextKeysForCustomPolicy API operation for AWS Identity and Access Management.
//
// Gets a list of all of the context keys referenced in the input policies.
// The policies are supplied as a list of one or more strings. To get the context
// keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.
//
// Context keys are variables maintained by Amazon Web Services and its services
// that provide details about the context of an API query request. Context keys
// can be evaluated by testing against a value specified in an IAM policy. Use
// GetContextKeysForCustomPolicy to understand what key names and values you
// must supply when you call SimulateCustomPolicy. Note that all parameters
// are shown in unencoded form here for clarity but must be URL encoded to be
// included as a part of a real HTML request.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetContextKeysForCustomPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetContextKeysForCustomPolicy
func (c *IAM) GetContextKeysForCustomPolicy(input *GetContextKeysForCustomPolicyInput) (*GetContextKeysForPolicyResponse, error) {
	req, out := c.GetContextKeysForCustomPolicyRequest(input)
	return out, req.Send()
}

// GetContextKeysForCustomPolicyWithContext is the same as GetContextKeysForCustomPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See GetContextKeysForCustomPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetContextKeysForCustomPolicyWithContext(ctx aws.Context, input *GetContextKeysForCustomPolicyInput, opts ...request.Option) (*GetContextKeysForPolicyResponse, error) {
	req, out := c.GetContextKeysForCustomPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetContextKeysForPrincipalPolicy = "GetContextKeysForPrincipalPolicy"

// GetContextKeysForPrincipalPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetContextKeysForPrincipalPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetContextKeysForPrincipalPolicy for more information on using the GetContextKeysForPrincipalPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetContextKeysForPrincipalPolicyRequest method.
//    req, resp := client.GetContextKeysForPrincipalPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetContextKeysForPrincipalPolicy
func (c *IAM) GetContextKeysForPrincipalPolicyRequest(input *GetContextKeysForPrincipalPolicyInput) (req *request.Request, output *GetContextKeysForPolicyResponse) {
	op := &request.Operation{
		Name:       opGetContextKeysForPrincipalPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetContextKeysForPrincipalPolicyInput{}
	}

	output = &GetContextKeysForPolicyResponse{}
	req = c.newRequest(op, input, output)
	return
}

// GetContextKeysForPrincipalPolicy API operation for AWS Identity and Access Management.
//
// Gets a list of all of the context keys referenced in all the IAM policies
// that are attached to the specified IAM entity. The entity can be an IAM user,
// group, or role. If you specify a user, then the request also includes all
// of the policies attached to groups that the user is a member of.
//
// You can optionally include a list of one or more additional policies, specified
// as strings. If you want to include only a list of policies by string, use
// GetContextKeysForCustomPolicy instead.
//
// Note: This operation discloses information about the permissions granted
// to other users. If you do not want users to see other user's permissions,
// then consider allowing them to use GetContextKeysForCustomPolicy instead.
//
// Context keys are variables maintained by Amazon Web Services and its services
// that provide details about the context of an API query request. Context keys
// can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy
// to understand what key names and values you must supply when you call SimulatePrincipalPolicy.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetContextKeysForPrincipalPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetContextKeysForPrincipalPolicy
func (c *IAM) GetContextKeysForPrincipalPolicy(input *GetContextKeysForPrincipalPolicyInput) (*GetContextKeysForPolicyResponse, error) {
	req, out := c.GetContextKeysForPrincipalPolicyRequest(input)
	return out, req.Send()
}

// GetContextKeysForPrincipalPolicyWithContext is the same as GetContextKeysForPrincipalPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See GetContextKeysForPrincipalPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetContextKeysForPrincipalPolicyWithContext(ctx aws.Context, input *GetContextKeysForPrincipalPolicyInput, opts ...request.Option) (*GetContextKeysForPolicyResponse, error) {
	req, out := c.GetContextKeysForPrincipalPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetCredentialReport = "GetCredentialReport"

// GetCredentialReportRequest generates a "aws/request.Request" representing the
// client's request for the GetCredentialReport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetCredentialReport for more information on using the GetCredentialReport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetCredentialReportRequest method.
//    req, resp := client.GetCredentialReportRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetCredentialReport
func (c *IAM) GetCredentialReportRequest(input *GetCredentialReportInput) (req *request.Request, output *GetCredentialReportOutput) {
	op := &request.Operation{
		Name:       opGetCredentialReport,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetCredentialReportInput{}
	}

	output = &GetCredentialReportOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetCredentialReport API operation for AWS Identity and Access Management.
//
// Retrieves a credential report for the Amazon Web Services account. For more
// information about the credential report, see Getting credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetCredentialReport for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeCredentialReportNotPresentException "ReportNotPresent"
//   The request was rejected because the credential report does not exist. To
//   generate a credential report, use GenerateCredentialReport.
//
//   * ErrCodeCredentialReportExpiredException "ReportExpired"
//   The request was rejected because the most recent credential report has expired.
//   To generate a new credential report, use GenerateCredentialReport. For more
//   information about credential report expiration, see Getting credential reports
//   (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
//   in the IAM User Guide.
//
//   * ErrCodeCredentialReportNotReadyException "ReportInProgress"
//   The request was rejected because the credential report is still being generated.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetCredentialReport
func (c *IAM) GetCredentialReport(input *GetCredentialReportInput) (*GetCredentialReportOutput, error) {
	req, out := c.GetCredentialReportRequest(input)
	return out, req.Send()
}

// GetCredentialReportWithContext is the same as GetCredentialReport with the addition of
// the ability to pass a context and additional request options.
//
// See GetCredentialReport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetCredentialReportWithContext(ctx aws.Context, input *GetCredentialReportInput, opts ...request.Option) (*GetCredentialReportOutput, error) {
	req, out := c.GetCredentialReportRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetGroup = "GetGroup"

// GetGroupRequest generates a "aws/request.Request" representing the
// client's request for the GetGroup operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetGroup for more information on using the GetGroup
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetGroupRequest method.
//    req, resp := client.GetGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroup
func (c *IAM) GetGroupRequest(input *GetGroupInput) (req *request.Request, output *GetGroupOutput) {
	op := &request.Operation{
		Name:       opGetGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &GetGroupInput{}
	}

	output = &GetGroupOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetGroup API operation for AWS Identity and Access Management.
//
// Returns a list of IAM users that are in the specified IAM group. You can
// paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetGroup for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroup
func (c *IAM) GetGroup(input *GetGroupInput) (*GetGroupOutput, error) {
	req, out := c.GetGroupRequest(input)
	return out, req.Send()
}

// GetGroupWithContext is the same as GetGroup with the addition of
// the ability to pass a context and additional request options.
//
// See GetGroup for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetGroupWithContext(ctx aws.Context, input *GetGroupInput, opts ...request.Option) (*GetGroupOutput, error) {
	req, out := c.GetGroupRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// GetGroupPages iterates over the pages of a GetGroup operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See GetGroup method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a GetGroup operation.
//    pageNum := 0
//    err := client.GetGroupPages(params,
//        func(page *iam.GetGroupOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) GetGroupPages(input *GetGroupInput, fn func(*GetGroupOutput, bool) bool) error {
	return c.GetGroupPagesWithContext(aws.BackgroundContext(), input, fn)
}

// GetGroupPagesWithContext same as GetGroupPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetGroupPagesWithContext(ctx aws.Context, input *GetGroupInput, fn func(*GetGroupOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *GetGroupInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.GetGroupRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*GetGroupOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opGetGroupPolicy = "GetGroupPolicy"

// GetGroupPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetGroupPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetGroupPolicy for more information on using the GetGroupPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetGroupPolicyRequest method.
//    req, resp := client.GetGroupPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroupPolicy
func (c *IAM) GetGroupPolicyRequest(input *GetGroupPolicyInput) (req *request.Request, output *GetGroupPolicyOutput) {
	op := &request.Operation{
		Name:       opGetGroupPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetGroupPolicyInput{}
	}

	output = &GetGroupPolicyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetGroupPolicy API operation for AWS Identity and Access Management.
//
// Retrieves the specified inline policy document that is embedded in the specified
// IAM group.
//
// Policies returned by this operation are URL-encoded compliant with RFC 3986
// (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method
// to convert the policy back to plain JSON text. For example, if you use Java,
// you can use the decode method of the java.net.URLDecoder utility class in
// the Java SDK. Other languages and SDKs provide similar functionality.
//
// An IAM group can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a group, use GetPolicy to determine
// the policy's default version, then use GetPolicyVersion to retrieve the policy
// document.
//
// For more information about policies, see Managed policies and inline policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetGroupPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroupPolicy
func (c *IAM) GetGroupPolicy(input *GetGroupPolicyInput) (*GetGroupPolicyOutput, error) {
	req, out := c.GetGroupPolicyRequest(input)
	return out, req.Send()
}

// GetGroupPolicyWithContext is the same as GetGroupPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See GetGroupPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetGroupPolicyWithContext(ctx aws.Context, input *GetGroupPolicyInput, opts ...request.Option) (*GetGroupPolicyOutput, error) {
	req, out := c.GetGroupPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetInstanceProfile = "GetInstanceProfile"

// GetInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the GetInstanceProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetInstanceProfile for more information on using the GetInstanceProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetInstanceProfileRequest method.
//    req, resp := client.GetInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetInstanceProfile
func (c *IAM) GetInstanceProfileRequest(input *GetInstanceProfileInput) (req *request.Request, output *GetInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opGetInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetInstanceProfileInput{}
	}

	output = &GetInstanceProfileOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetInstanceProfile API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified instance profile, including the
// instance profile's path, GUID, ARN, and role. For more information about
// instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetInstanceProfile
func (c *IAM) GetInstanceProfile(input *GetInstanceProfileInput) (*GetInstanceProfileOutput, error) {
	req, out := c.GetInstanceProfileRequest(input)
	return out, req.Send()
}

// GetInstanceProfileWithContext is the same as GetInstanceProfile with the addition of
// the ability to pass a context and additional request options.
//
// See GetInstanceProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetInstanceProfileWithContext(ctx aws.Context, input *GetInstanceProfileInput, opts ...request.Option) (*GetInstanceProfileOutput, error) {
	req, out := c.GetInstanceProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetLoginProfile = "GetLoginProfile"

// GetLoginProfileRequest generates a "aws/request.Request" representing the
// client's request for the GetLoginProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetLoginProfile for more information on using the GetLoginProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetLoginProfileRequest method.
//    req, resp := client.GetLoginProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetLoginProfile
func (c *IAM) GetLoginProfileRequest(input *GetLoginProfileInput) (req *request.Request, output *GetLoginProfileOutput) {
	op := &request.Operation{
		Name:       opGetLoginProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetLoginProfileInput{}
	}

	output = &GetLoginProfileOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetLoginProfile API operation for AWS Identity and Access Management.
//
// Retrieves the user name for the specified IAM user. A login profile is created
// when you create a password for the user to access the Amazon Web Services
// Management Console. If the user does not exist or does not have a password,
// the operation returns a 404 (NoSuchEntity) error.
//
// If you create an IAM user with access to the console, the CreateDate reflects
// the date you created the initial password for the user.
//
// If you create an IAM user with programmatic access, and then later add a
// password for the user to access the Amazon Web Services Management Console,
// the CreateDate reflects the initial password creation date. A user with programmatic
// access does not have a login profile unless you create a password for the
// user to access the Amazon Web Services Management Console.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetLoginProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetLoginProfile
func (c *IAM) GetLoginProfile(input *GetLoginProfileInput) (*GetLoginProfileOutput, error) {
	req, out := c.GetLoginProfileRequest(input)
	return out, req.Send()
}

// GetLoginProfileWithContext is the same as GetLoginProfile with the addition of
// the ability to pass a context and additional request options.
//
// See GetLoginProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetLoginProfileWithContext(ctx aws.Context, input *GetLoginProfileInput, opts ...request.Option) (*GetLoginProfileOutput, error) {
	req, out := c.GetLoginProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetOpenIDConnectProvider = "GetOpenIDConnectProvider"

// GetOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the GetOpenIDConnectProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetOpenIDConnectProvider for more information on using the GetOpenIDConnectProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetOpenIDConnectProviderRequest method.
//    req, resp := client.GetOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProvider
func (c *IAM) GetOpenIDConnectProviderRequest(input *GetOpenIDConnectProviderInput) (req *request.Request, output *GetOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opGetOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetOpenIDConnectProviderInput{}
	}

	output = &GetOpenIDConnectProviderOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Returns information about the specified OpenID Connect (OIDC) provider resource
// object in IAM.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProvider
func (c *IAM) GetOpenIDConnectProvider(input *GetOpenIDConnectProviderInput) (*GetOpenIDConnectProviderOutput, error) {
	req, out := c.GetOpenIDConnectProviderRequest(input)
	return out, req.Send()
}

// GetOpenIDConnectProviderWithContext is the same as GetOpenIDConnectProvider with the addition of
// the ability to pass a context and additional request options.
//
// See GetOpenIDConnectProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetOpenIDConnectProviderWithContext(ctx aws.Context, input *GetOpenIDConnectProviderInput, opts ...request.Option) (*GetOpenIDConnectProviderOutput, error) {
	req, out := c.GetOpenIDConnectProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetOrganizationsAccessReport = "GetOrganizationsAccessReport"

// GetOrganizationsAccessReportRequest generates a "aws/request.Request" representing the
// client's request for the GetOrganizationsAccessReport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetOrganizationsAccessReport for more information on using the GetOrganizationsAccessReport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetOrganizationsAccessReportRequest method.
//    req, resp := client.GetOrganizationsAccessReportRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOrganizationsAccessReport
func (c *IAM) GetOrganizationsAccessReportRequest(input *GetOrganizationsAccessReportInput) (req *request.Request, output *GetOrganizationsAccessReportOutput) {
	op := &request.Operation{
		Name:       opGetOrganizationsAccessReport,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetOrganizationsAccessReportInput{}
	}

	output = &GetOrganizationsAccessReportOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetOrganizationsAccessReport API operation for AWS Identity and Access Management.
//
// Retrieves the service last accessed data report for Organizations that was
// previously generated using the GenerateOrganizationsAccessReport operation.
// This operation retrieves the status of your report job and the report contents.
//
// Depending on the parameters that you passed when you generated the report,
// the data returned could include different information. For details, see GenerateOrganizationsAccessReport.
//
// To call this operation, you must be signed in to the management account in
// your organization. SCPs must be enabled for your organization root. You must
// have permissions to perform this operation. For more information, see Refining
// permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// For each service that principals in an account (root users, IAM users, or
// IAM roles) could access using SCPs, the operation returns details about the
// most recent access attempt. If there was no attempt, the service is listed
// without details about the most recent attempt to access the service. If the
// operation fails, it returns the reason that it failed.
//
// By default, the list is sorted by service namespace.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetOrganizationsAccessReport for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOrganizationsAccessReport
func (c *IAM) GetOrganizationsAccessReport(input *GetOrganizationsAccessReportInput) (*GetOrganizationsAccessReportOutput, error) {
	req, out := c.GetOrganizationsAccessReportRequest(input)
	return out, req.Send()
}

// GetOrganizationsAccessReportWithContext is the same as GetOrganizationsAccessReport with the addition of
// the ability to pass a context and additional request options.
//
// See GetOrganizationsAccessReport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetOrganizationsAccessReportWithContext(ctx aws.Context, input *GetOrganizationsAccessReportInput, opts ...request.Option) (*GetOrganizationsAccessReportOutput, error) {
	req, out := c.GetOrganizationsAccessReportRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetPolicy = "GetPolicy"

// GetPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetPolicy for more information on using the GetPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetPolicyRequest method.
//    req, resp := client.GetPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetPolicy
func (c *IAM) GetPolicyRequest(input *GetPolicyInput) (req *request.Request, output *GetPolicyOutput) {
	op := &request.Operation{
		Name:       opGetPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetPolicyInput{}
	}

	output = &GetPolicyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetPolicy API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified managed policy, including the policy's
// default version and the total number of IAM users, groups, and roles to which
// the policy is attached. To retrieve the list of the specific users, groups,
// and roles that the policy is attached to, use ListEntitiesForPolicy. This
// operation returns metadata about the policy. To retrieve the actual policy
// document for a specific version of the policy, use GetPolicyVersion.
//
// This operation retrieves information about managed policies. To retrieve
// information about an inline policy that is embedded with an IAM user, group,
// or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.
//
// For more information about policies, see Managed policies and inline policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetPolicy
func (c *IAM) GetPolicy(input *GetPolicyInput) (*GetPolicyOutput, error) {
	req, out := c.GetPolicyRequest(input)
	return out, req.Send()
}

// GetPolicyWithContext is the same as GetPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See GetPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetPolicyWithContext(ctx aws.Context, input *GetPolicyInput, opts ...request.Option) (*GetPolicyOutput, error) {
	req, out := c.GetPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetPolicyVersion = "GetPolicyVersion"

// GetPolicyVersionRequest generates a "aws/request.Request" representing the
// client's request for the GetPolicyVersion operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetPolicyVersion for more information on using the GetPolicyVersion
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetPolicyVersionRequest method.
//    req, resp := client.GetPolicyVersionRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetPolicyVersion
func (c *IAM) GetPolicyVersionRequest(input *GetPolicyVersionInput) (req *request.Request, output *GetPolicyVersionOutput) {
	op := &request.Operation{
		Name:       opGetPolicyVersion,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetPolicyVersionInput{}
	}

	output = &GetPolicyVersionOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetPolicyVersion API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified version of the specified managed
// policy, including the policy document.
//
// Policies returned by this operation are URL-encoded compliant with RFC 3986
// (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method
// to convert the policy back to plain JSON text. For example, if you use Java,
// you can use the decode method of the java.net.URLDecoder utility class in
// the Java SDK. Other languages and SDKs provide similar functionality.
//
// To list the available versions for a policy, use ListPolicyVersions.
//
// This operation retrieves information about managed policies. To retrieve
// information about an inline policy that is embedded in a user, group, or
// role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.
//
// For more information about the types of policies, see Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// For more information about managed policy versions, see Versioning for managed
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetPolicyVersion for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetPolicyVersion
func (c *IAM) GetPolicyVersion(input *GetPolicyVersionInput) (*GetPolicyVersionOutput, error) {
	req, out := c.GetPolicyVersionRequest(input)
	return out, req.Send()
}

// GetPolicyVersionWithContext is the same as GetPolicyVersion with the addition of
// the ability to pass a context and additional request options.
//
// See GetPolicyVersion for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetPolicyVersionWithContext(ctx aws.Context, input *GetPolicyVersionInput, opts ...request.Option) (*GetPolicyVersionOutput, error) {
	req, out := c.GetPolicyVersionRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetRole = "GetRole"

// GetRoleRequest generates a "aws/request.Request" representing the
// client's request for the GetRole operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetRole for more information on using the GetRole
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetRoleRequest method.
//    req, resp := client.GetRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRole
func (c *IAM) GetRoleRequest(input *GetRoleInput) (req *request.Request, output *GetRoleOutput) {
	op := &request.Operation{
		Name:       opGetRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetRoleInput{}
	}

	output = &GetRoleOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetRole API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified role, including the role's path,
// GUID, ARN, and the role's trust policy that grants permission to assume the
// role. For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
//
// Policies returned by this operation are URL-encoded compliant with RFC 3986
// (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method
// to convert the policy back to plain JSON text. For example, if you use Java,
// you can use the decode method of the java.net.URLDecoder utility class in
// the Java SDK. Other languages and SDKs provide similar functionality.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetRole for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRole
func (c *IAM) GetRole(input *GetRoleInput) (*GetRoleOutput, error) {
	req, out := c.GetRoleRequest(input)
	return out, req.Send()
}

// GetRoleWithContext is the same as GetRole with the addition of
// the ability to pass a context and additional request options.
//
// See GetRole for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetRoleWithContext(ctx aws.Context, input *GetRoleInput, opts ...request.Option) (*GetRoleOutput, error) {
	req, out := c.GetRoleRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetRolePolicy = "GetRolePolicy"

// GetRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetRolePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetRolePolicy for more information on using the GetRolePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetRolePolicyRequest method.
//    req, resp := client.GetRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRolePolicy
func (c *IAM) GetRolePolicyRequest(input *GetRolePolicyInput) (req *request.Request, output *GetRolePolicyOutput) {
	op := &request.Operation{
		Name:       opGetRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetRolePolicyInput{}
	}

	output = &GetRolePolicyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetRolePolicy API operation for AWS Identity and Access Management.
//
// Retrieves the specified inline policy document that is embedded with the
// specified IAM role.
//
// Policies returned by this operation are URL-encoded compliant with RFC 3986
// (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method
// to convert the policy back to plain JSON text. For example, if you use Java,
// you can use the decode method of the java.net.URLDecoder utility class in
// the Java SDK. Other languages and SDKs provide similar functionality.
//
// An IAM role can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a role, use GetPolicy to determine
// the policy's default version, then use GetPolicyVersion to retrieve the policy
// document.
//
// For more information about policies, see Managed policies and inline policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// For more information about roles, see Using roles to delegate permissions
// and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRolePolicy
func (c *IAM) GetRolePolicy(input *GetRolePolicyInput) (*GetRolePolicyOutput, error) {
	req, out := c.GetRolePolicyRequest(input)
	return out, req.Send()
}

// GetRolePolicyWithContext is the same as GetRolePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See GetRolePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetRolePolicyWithContext(ctx aws.Context, input *GetRolePolicyInput, opts ...request.Option) (*GetRolePolicyOutput, error) {
	req, out := c.GetRolePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetSAMLProvider = "GetSAMLProvider"

// GetSAMLProviderRequest generates a "aws/request.Request" representing the
// client's request for the GetSAMLProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetSAMLProvider for more information on using the GetSAMLProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetSAMLProviderRequest method.
//    req, resp := client.GetSAMLProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProvider
func (c *IAM) GetSAMLProviderRequest(input *GetSAMLProviderInput) (req *request.Request, output *GetSAMLProviderOutput) {
	op := &request.Operation{
		Name:       opGetSAMLProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetSAMLProviderInput{}
	}

	output = &GetSAMLProviderOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetSAMLProvider API operation for AWS Identity and Access Management.
//
// Returns the SAML provider metadocument that was uploaded when the IAM SAML
// provider resource object was created or updated.
//
// This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetSAMLProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProvider
func (c *IAM) GetSAMLProvider(input *GetSAMLProviderInput) (*GetSAMLProviderOutput, error) {
	req, out := c.GetSAMLProviderRequest(input)
	return out, req.Send()
}

// GetSAMLProviderWithContext is the same as GetSAMLProvider with the addition of
// the ability to pass a context and additional request options.
//
// See GetSAMLProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetSAMLProviderWithContext(ctx aws.Context, input *GetSAMLProviderInput, opts ...request.Option) (*GetSAMLProviderOutput, error) {
	req, out := c.GetSAMLProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetSSHPublicKey = "GetSSHPublicKey"

// GetSSHPublicKeyRequest generates a "aws/request.Request" representing the
// client's request for the GetSSHPublicKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetSSHPublicKey for more information on using the GetSSHPublicKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetSSHPublicKeyRequest method.
//    req, resp := client.GetSSHPublicKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSSHPublicKey
func (c *IAM) GetSSHPublicKeyRequest(input *GetSSHPublicKeyInput) (req *request.Request, output *GetSSHPublicKeyOutput) {
	op := &request.Operation{
		Name:       opGetSSHPublicKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetSSHPublicKeyInput{}
	}

	output = &GetSSHPublicKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetSSHPublicKey API operation for AWS Identity and Access Management.
//
// Retrieves the specified SSH public key, including metadata about the key.
//
// The SSH public key retrieved by this operation is used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information
// about using SSH keys to authenticate to an CodeCommit repository, see Set
// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the CodeCommit User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetSSHPublicKey for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeUnrecognizedPublicKeyEncodingException "UnrecognizedPublicKeyEncoding"
//   The request was rejected because the public key encoding format is unsupported
//   or unrecognized.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSSHPublicKey
func (c *IAM) GetSSHPublicKey(input *GetSSHPublicKeyInput) (*GetSSHPublicKeyOutput, error) {
	req, out := c.GetSSHPublicKeyRequest(input)
	return out, req.Send()
}

// GetSSHPublicKeyWithContext is the same as GetSSHPublicKey with the addition of
// the ability to pass a context and additional request options.
//
// See GetSSHPublicKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetSSHPublicKeyWithContext(ctx aws.Context, input *GetSSHPublicKeyInput, opts ...request.Option) (*GetSSHPublicKeyOutput, error) {
	req, out := c.GetSSHPublicKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetServerCertificate = "GetServerCertificate"

// GetServerCertificateRequest generates a "aws/request.Request" representing the
// client's request for the GetServerCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetServerCertificate for more information on using the GetServerCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetServerCertificateRequest method.
//    req, resp := client.GetServerCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServerCertificate
func (c *IAM) GetServerCertificateRequest(input *GetServerCertificateInput) (req *request.Request, output *GetServerCertificateOutput) {
	op := &request.Operation{
		Name:       opGetServerCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetServerCertificateInput{}
	}

	output = &GetServerCertificateOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetServerCertificate API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified server certificate stored in IAM.
//
// For more information about working with server certificates, see Working
// with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. This topic includes a list of Amazon Web Services
// services that can use the server certificates that you manage with IAM.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetServerCertificate for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServerCertificate
func (c *IAM) GetServerCertificate(input *GetServerCertificateInput) (*GetServerCertificateOutput, error) {
	req, out := c.GetServerCertificateRequest(input)
	return out, req.Send()
}

// GetServerCertificateWithContext is the same as GetServerCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See GetServerCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetServerCertificateWithContext(ctx aws.Context, input *GetServerCertificateInput, opts ...request.Option) (*GetServerCertificateOutput, error) {
	req, out := c.GetServerCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetServiceLastAccessedDetails = "GetServiceLastAccessedDetails"

// GetServiceLastAccessedDetailsRequest generates a "aws/request.Request" representing the
// client's request for the GetServiceLastAccessedDetails operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetServiceLastAccessedDetails for more information on using the GetServiceLastAccessedDetails
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetServiceLastAccessedDetailsRequest method.
//    req, resp := client.GetServiceLastAccessedDetailsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetails
func (c *IAM) GetServiceLastAccessedDetailsRequest(input *GetServiceLastAccessedDetailsInput) (req *request.Request, output *GetServiceLastAccessedDetailsOutput) {
	op := &request.Operation{
		Name:       opGetServiceLastAccessedDetails,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetServiceLastAccessedDetailsInput{}
	}

	output = &GetServiceLastAccessedDetailsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetServiceLastAccessedDetails API operation for AWS Identity and Access Management.
//
// Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails
// operation. You can use the JobId parameter in GetServiceLastAccessedDetails
// to retrieve the status of your report job. When the report is complete, you
// can retrieve the generated report. The report includes a list of Amazon Web
// Services services that the resource (user, group, role, or managed policy)
// can access.
//
// Service last accessed data does not use other policy types when determining
// whether a resource could access a service. These other policy types include
// resource-based policies, access control lists, Organizations policies, IAM
// permissions boundaries, and STS assume role policies. It only applies permissions
// policy logic. For more about the evaluation of policy types, see Evaluating
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
// in the IAM User Guide.
//
// For each service that the resource could access using permissions policies,
// the operation returns details about the most recent access attempt. If there
// was no attempt, the service is listed without details about the most recent
// attempt to access the service. If the operation fails, the GetServiceLastAccessedDetails
// operation returns the reason that it failed.
//
// The GetServiceLastAccessedDetails operation returns a list of services. This
// list includes the number of entities that have attempted to access the service
// and the date and time of the last attempt. It also returns the ARN of the
// following entity, depending on the resource ARN that you used to generate
// the report:
//
//    * User – Returns the user ARN that you used to generate the report
//
//    * Group – Returns the ARN of the group member (user) that last attempted
//    to access the service
//
//    * Role – Returns the role ARN that you used to generate the report
//
//    * Policy – Returns the ARN of the user or role that last used the policy
//    to attempt to access the service
//
// By default, the list is sorted by service namespace.
//
// If you specified ACTION_LEVEL granularity when you generated the report,
// this operation returns service and action last accessed data. This includes
// the most recent access attempt for each tracked action within a service.
// Otherwise, this operation returns only service data.
//
// For more information about service and action last accessed data, see Reducing
// permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetServiceLastAccessedDetails for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetails
func (c *IAM) GetServiceLastAccessedDetails(input *GetServiceLastAccessedDetailsInput) (*GetServiceLastAccessedDetailsOutput, error) {
	req, out := c.GetServiceLastAccessedDetailsRequest(input)
	return out, req.Send()
}

// GetServiceLastAccessedDetailsWithContext is the same as GetServiceLastAccessedDetails with the addition of
// the ability to pass a context and additional request options.
//
// See GetServiceLastAccessedDetails for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetServiceLastAccessedDetailsWithContext(ctx aws.Context, input *GetServiceLastAccessedDetailsInput, opts ...request.Option) (*GetServiceLastAccessedDetailsOutput, error) {
	req, out := c.GetServiceLastAccessedDetailsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetServiceLastAccessedDetailsWithEntities = "GetServiceLastAccessedDetailsWithEntities"

// GetServiceLastAccessedDetailsWithEntitiesRequest generates a "aws/request.Request" representing the
// client's request for the GetServiceLastAccessedDetailsWithEntities operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetServiceLastAccessedDetailsWithEntities for more information on using the GetServiceLastAccessedDetailsWithEntities
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetServiceLastAccessedDetailsWithEntitiesRequest method.
//    req, resp := client.GetServiceLastAccessedDetailsWithEntitiesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetailsWithEntities
func (c *IAM) GetServiceLastAccessedDetailsWithEntitiesRequest(input *GetServiceLastAccessedDetailsWithEntitiesInput) (req *request.Request, output *GetServiceLastAccessedDetailsWithEntitiesOutput) {
	op := &request.Operation{
		Name:       opGetServiceLastAccessedDetailsWithEntities,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetServiceLastAccessedDetailsWithEntitiesInput{}
	}

	output = &GetServiceLastAccessedDetailsWithEntitiesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetServiceLastAccessedDetailsWithEntities API operation for AWS Identity and Access Management.
//
// After you generate a group or policy report using the GenerateServiceLastAccessedDetails
// operation, you can use the JobId parameter in GetServiceLastAccessedDetailsWithEntities.
// This operation retrieves the status of your report job and a list of entities
// that could have used group or policy permissions to access the specified
// service.
//
//    * Group – For a group report, this operation returns a list of users
//    in the group that could have used the group’s policies in an attempt
//    to access the service.
//
//    * Policy – For a policy report, this operation returns a list of entities
//    (users or roles) that could have used the policy in an attempt to access
//    the service.
//
// You can also use this operation for user or role reports to retrieve details
// about those entities.
//
// If the operation fails, the GetServiceLastAccessedDetailsWithEntities operation
// returns the reason that it failed.
//
// By default, the list of associated entities is sorted by date, with the most
// recent access listed first.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetServiceLastAccessedDetailsWithEntities for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetailsWithEntities
func (c *IAM) GetServiceLastAccessedDetailsWithEntities(input *GetServiceLastAccessedDetailsWithEntitiesInput) (*GetServiceLastAccessedDetailsWithEntitiesOutput, error) {
	req, out := c.GetServiceLastAccessedDetailsWithEntitiesRequest(input)
	return out, req.Send()
}

// GetServiceLastAccessedDetailsWithEntitiesWithContext is the same as GetServiceLastAccessedDetailsWithEntities with the addition of
// the ability to pass a context and additional request options.
//
// See GetServiceLastAccessedDetailsWithEntities for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetServiceLastAccessedDetailsWithEntitiesWithContext(ctx aws.Context, input *GetServiceLastAccessedDetailsWithEntitiesInput, opts ...request.Option) (*GetServiceLastAccessedDetailsWithEntitiesOutput, error) {
	req, out := c.GetServiceLastAccessedDetailsWithEntitiesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetServiceLinkedRoleDeletionStatus = "GetServiceLinkedRoleDeletionStatus"

// GetServiceLinkedRoleDeletionStatusRequest generates a "aws/request.Request" representing the
// client's request for the GetServiceLinkedRoleDeletionStatus operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetServiceLinkedRoleDeletionStatus for more information on using the GetServiceLinkedRoleDeletionStatus
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetServiceLinkedRoleDeletionStatusRequest method.
//    req, resp := client.GetServiceLinkedRoleDeletionStatusRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLinkedRoleDeletionStatus
func (c *IAM) GetServiceLinkedRoleDeletionStatusRequest(input *GetServiceLinkedRoleDeletionStatusInput) (req *request.Request, output *GetServiceLinkedRoleDeletionStatusOutput) {
	op := &request.Operation{
		Name:       opGetServiceLinkedRoleDeletionStatus,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetServiceLinkedRoleDeletionStatusInput{}
	}

	output = &GetServiceLinkedRoleDeletionStatusOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetServiceLinkedRoleDeletionStatus API operation for AWS Identity and Access Management.
//
// Retrieves the status of your service-linked role deletion. After you use
// DeleteServiceLinkedRole to submit a service-linked role for deletion, you
// can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus
// to check the status of the deletion. If the deletion fails, this operation
// returns the reason that it failed, if that information is returned by the
// service.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetServiceLinkedRoleDeletionStatus for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLinkedRoleDeletionStatus
func (c *IAM) GetServiceLinkedRoleDeletionStatus(input *GetServiceLinkedRoleDeletionStatusInput) (*GetServiceLinkedRoleDeletionStatusOutput, error) {
	req, out := c.GetServiceLinkedRoleDeletionStatusRequest(input)
	return out, req.Send()
}

// GetServiceLinkedRoleDeletionStatusWithContext is the same as GetServiceLinkedRoleDeletionStatus with the addition of
// the ability to pass a context and additional request options.
//
// See GetServiceLinkedRoleDeletionStatus for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetServiceLinkedRoleDeletionStatusWithContext(ctx aws.Context, input *GetServiceLinkedRoleDeletionStatusInput, opts ...request.Option) (*GetServiceLinkedRoleDeletionStatusOutput, error) {
	req, out := c.GetServiceLinkedRoleDeletionStatusRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetUser = "GetUser"

// GetUserRequest generates a "aws/request.Request" representing the
// client's request for the GetUser operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetUser for more information on using the GetUser
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetUserRequest method.
//    req, resp := client.GetUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUser
func (c *IAM) GetUserRequest(input *GetUserInput) (req *request.Request, output *GetUserOutput) {
	op := &request.Operation{
		Name:       opGetUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetUserInput{}
	}

	output = &GetUserOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetUser API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified IAM user, including the user's
// creation date, path, unique ID, and ARN.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID used to sign the request to
// this operation.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetUser for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUser
func (c *IAM) GetUser(input *GetUserInput) (*GetUserOutput, error) {
	req, out := c.GetUserRequest(input)
	return out, req.Send()
}

// GetUserWithContext is the same as GetUser with the addition of
// the ability to pass a context and additional request options.
//
// See GetUser for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetUserWithContext(ctx aws.Context, input *GetUserInput, opts ...request.Option) (*GetUserOutput, error) {
	req, out := c.GetUserRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetUserPolicy = "GetUserPolicy"

// GetUserPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetUserPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetUserPolicy for more information on using the GetUserPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the GetUserPolicyRequest method.
//    req, resp := client.GetUserPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUserPolicy
func (c *IAM) GetUserPolicyRequest(input *GetUserPolicyInput) (req *request.Request, output *GetUserPolicyOutput) {
	op := &request.Operation{
		Name:       opGetUserPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetUserPolicyInput{}
	}

	output = &GetUserPolicyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetUserPolicy API operation for AWS Identity and Access Management.
//
// Retrieves the specified inline policy document that is embedded in the specified
// IAM user.
//
// Policies returned by this operation are URL-encoded compliant with RFC 3986
// (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method
// to convert the policy back to plain JSON text. For example, if you use Java,
// you can use the decode method of the java.net.URLDecoder utility class in
// the Java SDK. Other languages and SDKs provide similar functionality.
//
// An IAM user can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a user, use GetPolicy to determine
// the policy's default version. Then use GetPolicyVersion to retrieve the policy
// document.
//
// For more information about policies, see Managed policies and inline policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetUserPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUserPolicy
func (c *IAM) GetUserPolicy(input *GetUserPolicyInput) (*GetUserPolicyOutput, error) {
	req, out := c.GetUserPolicyRequest(input)
	return out, req.Send()
}

// GetUserPolicyWithContext is the same as GetUserPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See GetUserPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetUserPolicyWithContext(ctx aws.Context, input *GetUserPolicyInput, opts ...request.Option) (*GetUserPolicyOutput, error) {
	req, out := c.GetUserPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListAccessKeys = "ListAccessKeys"

// ListAccessKeysRequest generates a "aws/request.Request" representing the
// client's request for the ListAccessKeys operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAccessKeys for more information on using the ListAccessKeys
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListAccessKeysRequest method.
//    req, resp := client.ListAccessKeysRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccessKeys
func (c *IAM) ListAccessKeysRequest(input *ListAccessKeysInput) (req *request.Request, output *ListAccessKeysOutput) {
	op := &request.Operation{
		Name:       opListAccessKeys,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListAccessKeysInput{}
	}

	output = &ListAccessKeysOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListAccessKeys API operation for AWS Identity and Access Management.
//
// Returns information about the access key IDs associated with the specified
// IAM user. If there is none, the operation returns an empty list.
//
// Although each user is limited to a small number of keys, you can still paginate
// the results using the MaxItems and Marker parameters.
//
// If the UserName field is not specified, the user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request.
// This operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users.
//
// To ensure the security of your Amazon Web Services account, the secret access
// key is accessible only during key and user creation.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListAccessKeys for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccessKeys
func (c *IAM) ListAccessKeys(input *ListAccessKeysInput) (*ListAccessKeysOutput, error) {
	req, out := c.ListAccessKeysRequest(input)
	return out, req.Send()
}

// ListAccessKeysWithContext is the same as ListAccessKeys with the addition of
// the ability to pass a context and additional request options.
//
// See ListAccessKeys for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListAccessKeysWithContext(ctx aws.Context, input *ListAccessKeysInput, opts ...request.Option) (*ListAccessKeysOutput, error) {
	req, out := c.ListAccessKeysRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListAccessKeysPages iterates over the pages of a ListAccessKeys operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAccessKeys method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListAccessKeys operation.
//    pageNum := 0
//    err := client.ListAccessKeysPages(params,
//        func(page *iam.ListAccessKeysOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListAccessKeysPages(input *ListAccessKeysInput, fn func(*ListAccessKeysOutput, bool) bool) error {
	return c.ListAccessKeysPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListAccessKeysPagesWithContext same as ListAccessKeysPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListAccessKeysPagesWithContext(ctx aws.Context, input *ListAccessKeysInput, fn func(*ListAccessKeysOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListAccessKeysInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListAccessKeysRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListAccessKeysOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListAccountAliases = "ListAccountAliases"

// ListAccountAliasesRequest generates a "aws/request.Request" representing the
// client's request for the ListAccountAliases operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAccountAliases for more information on using the ListAccountAliases
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListAccountAliasesRequest method.
//    req, resp := client.ListAccountAliasesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccountAliases
func (c *IAM) ListAccountAliasesRequest(input *ListAccountAliasesInput) (req *request.Request, output *ListAccountAliasesOutput) {
	op := &request.Operation{
		Name:       opListAccountAliases,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListAccountAliasesInput{}
	}

	output = &ListAccountAliasesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListAccountAliases API operation for AWS Identity and Access Management.
//
// Lists the account alias associated with the Amazon Web Services account (Note:
// you can have only one). For information about using an Amazon Web Services
// account alias, see Using an alias for your Amazon Web Services account ID
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) in the
// IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListAccountAliases for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccountAliases
func (c *IAM) ListAccountAliases(input *ListAccountAliasesInput) (*ListAccountAliasesOutput, error) {
	req, out := c.ListAccountAliasesRequest(input)
	return out, req.Send()
}

// ListAccountAliasesWithContext is the same as ListAccountAliases with the addition of
// the ability to pass a context and additional request options.
//
// See ListAccountAliases for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListAccountAliasesWithContext(ctx aws.Context, input *ListAccountAliasesInput, opts ...request.Option) (*ListAccountAliasesOutput, error) {
	req, out := c.ListAccountAliasesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListAccountAliasesPages iterates over the pages of a ListAccountAliases operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAccountAliases method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListAccountAliases operation.
//    pageNum := 0
//    err := client.ListAccountAliasesPages(params,
//        func(page *iam.ListAccountAliasesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListAccountAliasesPages(input *ListAccountAliasesInput, fn func(*ListAccountAliasesOutput, bool) bool) error {
	return c.ListAccountAliasesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListAccountAliasesPagesWithContext same as ListAccountAliasesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListAccountAliasesPagesWithContext(ctx aws.Context, input *ListAccountAliasesInput, fn func(*ListAccountAliasesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListAccountAliasesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListAccountAliasesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListAccountAliasesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListAttachedGroupPolicies = "ListAttachedGroupPolicies"

// ListAttachedGroupPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListAttachedGroupPolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAttachedGroupPolicies for more information on using the ListAttachedGroupPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListAttachedGroupPoliciesRequest method.
//    req, resp := client.ListAttachedGroupPoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedGroupPolicies
func (c *IAM) ListAttachedGroupPoliciesRequest(input *ListAttachedGroupPoliciesInput) (req *request.Request, output *ListAttachedGroupPoliciesOutput) {
	op := &request.Operation{
		Name:       opListAttachedGroupPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListAttachedGroupPoliciesInput{}
	}

	output = &ListAttachedGroupPoliciesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListAttachedGroupPolicies API operation for AWS Identity and Access Management.
//
// Lists all managed policies that are attached to the specified IAM group.
//
// An IAM group can also have inline policies embedded with it. To list the
// inline policies for a group, use ListGroupPolicies. For information about
// policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You
// can use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to
// the specified group (or none that match the specified path prefix), the operation
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListAttachedGroupPolicies for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedGroupPolicies
func (c *IAM) ListAttachedGroupPolicies(input *ListAttachedGroupPoliciesInput) (*ListAttachedGroupPoliciesOutput, error) {
	req, out := c.ListAttachedGroupPoliciesRequest(input)
	return out, req.Send()
}

// ListAttachedGroupPoliciesWithContext is the same as ListAttachedGroupPolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListAttachedGroupPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListAttachedGroupPoliciesWithContext(ctx aws.Context, input *ListAttachedGroupPoliciesInput, opts ...request.Option) (*ListAttachedGroupPoliciesOutput, error) {
	req, out := c.ListAttachedGroupPoliciesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListAttachedGroupPoliciesPages iterates over the pages of a ListAttachedGroupPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAttachedGroupPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListAttachedGroupPolicies operation.
//    pageNum := 0
//    err := client.ListAttachedGroupPoliciesPages(params,
//        func(page *iam.ListAttachedGroupPoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListAttachedGroupPoliciesPages(input *ListAttachedGroupPoliciesInput, fn func(*ListAttachedGroupPoliciesOutput, bool) bool) error {
	return c.ListAttachedGroupPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListAttachedGroupPoliciesPagesWithContext same as ListAttachedGroupPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListAttachedGroupPoliciesPagesWithContext(ctx aws.Context, input *ListAttachedGroupPoliciesInput, fn func(*ListAttachedGroupPoliciesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListAttachedGroupPoliciesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListAttachedGroupPoliciesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListAttachedGroupPoliciesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListAttachedRolePolicies = "ListAttachedRolePolicies"

// ListAttachedRolePoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListAttachedRolePolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAttachedRolePolicies for more information on using the ListAttachedRolePolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListAttachedRolePoliciesRequest method.
//    req, resp := client.ListAttachedRolePoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedRolePolicies
func (c *IAM) ListAttachedRolePoliciesRequest(input *ListAttachedRolePoliciesInput) (req *request.Request, output *ListAttachedRolePoliciesOutput) {
	op := &request.Operation{
		Name:       opListAttachedRolePolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListAttachedRolePoliciesInput{}
	}

	output = &ListAttachedRolePoliciesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListAttachedRolePolicies API operation for AWS Identity and Access Management.
//
// Lists all managed policies that are attached to the specified IAM role.
//
// An IAM role can also have inline policies embedded with it. To list the inline
// policies for a role, use ListRolePolicies. For information about policies,
// see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You
// can use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to
// the specified role (or none that match the specified path prefix), the operation
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListAttachedRolePolicies for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedRolePolicies
func (c *IAM) ListAttachedRolePolicies(input *ListAttachedRolePoliciesInput) (*ListAttachedRolePoliciesOutput, error) {
	req, out := c.ListAttachedRolePoliciesRequest(input)
	return out, req.Send()
}

// ListAttachedRolePoliciesWithContext is the same as ListAttachedRolePolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListAttachedRolePolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListAttachedRolePoliciesWithContext(ctx aws.Context, input *ListAttachedRolePoliciesInput, opts ...request.Option) (*ListAttachedRolePoliciesOutput, error) {
	req, out := c.ListAttachedRolePoliciesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListAttachedRolePoliciesPages iterates over the pages of a ListAttachedRolePolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAttachedRolePolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListAttachedRolePolicies operation.
//    pageNum := 0
//    err := client.ListAttachedRolePoliciesPages(params,
//        func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListAttachedRolePoliciesPages(input *ListAttachedRolePoliciesInput, fn func(*ListAttachedRolePoliciesOutput, bool) bool) error {
	return c.ListAttachedRolePoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListAttachedRolePoliciesPagesWithContext same as ListAttachedRolePoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListAttachedRolePoliciesPagesWithContext(ctx aws.Context, input *ListAttachedRolePoliciesInput, fn func(*ListAttachedRolePoliciesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListAttachedRolePoliciesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListAttachedRolePoliciesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListAttachedRolePoliciesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListAttachedUserPolicies = "ListAttachedUserPolicies"

// ListAttachedUserPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListAttachedUserPolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAttachedUserPolicies for more information on using the ListAttachedUserPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListAttachedUserPoliciesRequest method.
//    req, resp := client.ListAttachedUserPoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedUserPolicies
func (c *IAM) ListAttachedUserPoliciesRequest(input *ListAttachedUserPoliciesInput) (req *request.Request, output *ListAttachedUserPoliciesOutput) {
	op := &request.Operation{
		Name:       opListAttachedUserPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListAttachedUserPoliciesInput{}
	}

	output = &ListAttachedUserPoliciesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListAttachedUserPolicies API operation for AWS Identity and Access Management.
//
// Lists all managed policies that are attached to the specified IAM user.
//
// An IAM user can also have inline policies embedded with it. To list the inline
// policies for a user, use ListUserPolicies. For information about policies,
// see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You
// can use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to
// the specified group (or none that match the specified path prefix), the operation
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListAttachedUserPolicies for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedUserPolicies
func (c *IAM) ListAttachedUserPolicies(input *ListAttachedUserPoliciesInput) (*ListAttachedUserPoliciesOutput, error) {
	req, out := c.ListAttachedUserPoliciesRequest(input)
	return out, req.Send()
}

// ListAttachedUserPoliciesWithContext is the same as ListAttachedUserPolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListAttachedUserPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListAttachedUserPoliciesWithContext(ctx aws.Context, input *ListAttachedUserPoliciesInput, opts ...request.Option) (*ListAttachedUserPoliciesOutput, error) {
	req, out := c.ListAttachedUserPoliciesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListAttachedUserPoliciesPages iterates over the pages of a ListAttachedUserPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAttachedUserPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListAttachedUserPolicies operation.
//    pageNum := 0
//    err := client.ListAttachedUserPoliciesPages(params,
//        func(page *iam.ListAttachedUserPoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListAttachedUserPoliciesPages(input *ListAttachedUserPoliciesInput, fn func(*ListAttachedUserPoliciesOutput, bool) bool) error {
	return c.ListAttachedUserPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListAttachedUserPoliciesPagesWithContext same as ListAttachedUserPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListAttachedUserPoliciesPagesWithContext(ctx aws.Context, input *ListAttachedUserPoliciesInput, fn func(*ListAttachedUserPoliciesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListAttachedUserPoliciesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListAttachedUserPoliciesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListAttachedUserPoliciesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListEntitiesForPolicy = "ListEntitiesForPolicy"

// ListEntitiesForPolicyRequest generates a "aws/request.Request" representing the
// client's request for the ListEntitiesForPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListEntitiesForPolicy for more information on using the ListEntitiesForPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListEntitiesForPolicyRequest method.
//    req, resp := client.ListEntitiesForPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListEntitiesForPolicy
func (c *IAM) ListEntitiesForPolicyRequest(input *ListEntitiesForPolicyInput) (req *request.Request, output *ListEntitiesForPolicyOutput) {
	op := &request.Operation{
		Name:       opListEntitiesForPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListEntitiesForPolicyInput{}
	}

	output = &ListEntitiesForPolicyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListEntitiesForPolicy API operation for AWS Identity and Access Management.
//
// Lists all IAM users, groups, and roles that the specified managed policy
// is attached to.
//
// You can use the optional EntityFilter parameter to limit the results to a
// particular type of entity (users, groups, or roles). For example, to list
// only the roles that are attached to the specified policy, set EntityFilter
// to Role.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListEntitiesForPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListEntitiesForPolicy
func (c *IAM) ListEntitiesForPolicy(input *ListEntitiesForPolicyInput) (*ListEntitiesForPolicyOutput, error) {
	req, out := c.ListEntitiesForPolicyRequest(input)
	return out, req.Send()
}

// ListEntitiesForPolicyWithContext is the same as ListEntitiesForPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See ListEntitiesForPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListEntitiesForPolicyWithContext(ctx aws.Context, input *ListEntitiesForPolicyInput, opts ...request.Option) (*ListEntitiesForPolicyOutput, error) {
	req, out := c.ListEntitiesForPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListEntitiesForPolicyPages iterates over the pages of a ListEntitiesForPolicy operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListEntitiesForPolicy method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListEntitiesForPolicy operation.
//    pageNum := 0
//    err := client.ListEntitiesForPolicyPages(params,
//        func(page *iam.ListEntitiesForPolicyOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListEntitiesForPolicyPages(input *ListEntitiesForPolicyInput, fn func(*ListEntitiesForPolicyOutput, bool) bool) error {
	return c.ListEntitiesForPolicyPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListEntitiesForPolicyPagesWithContext same as ListEntitiesForPolicyPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListEntitiesForPolicyPagesWithContext(ctx aws.Context, input *ListEntitiesForPolicyInput, fn func(*ListEntitiesForPolicyOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListEntitiesForPolicyInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListEntitiesForPolicyRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListEntitiesForPolicyOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListGroupPolicies = "ListGroupPolicies"

// ListGroupPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListGroupPolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListGroupPolicies for more information on using the ListGroupPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListGroupPoliciesRequest method.
//    req, resp := client.ListGroupPoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupPolicies
func (c *IAM) ListGroupPoliciesRequest(input *ListGroupPoliciesInput) (req *request.Request, output *ListGroupPoliciesOutput) {
	op := &request.Operation{
		Name:       opListGroupPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListGroupPoliciesInput{}
	}

	output = &ListGroupPoliciesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListGroupPolicies API operation for AWS Identity and Access Management.
//
// Lists the names of the inline policies that are embedded in the specified
// IAM group.
//
// An IAM group can also have managed policies attached to it. To list the managed
// policies that are attached to a group, use ListAttachedGroupPolicies. For
// more information about policies, see Managed policies and inline policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If
// there are no inline policies embedded with the specified group, the operation
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListGroupPolicies for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupPolicies
func (c *IAM) ListGroupPolicies(input *ListGroupPoliciesInput) (*ListGroupPoliciesOutput, error) {
	req, out := c.ListGroupPoliciesRequest(input)
	return out, req.Send()
}

// ListGroupPoliciesWithContext is the same as ListGroupPolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListGroupPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListGroupPoliciesWithContext(ctx aws.Context, input *ListGroupPoliciesInput, opts ...request.Option) (*ListGroupPoliciesOutput, error) {
	req, out := c.ListGroupPoliciesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListGroupPoliciesPages iterates over the pages of a ListGroupPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListGroupPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListGroupPolicies operation.
//    pageNum := 0
//    err := client.ListGroupPoliciesPages(params,
//        func(page *iam.ListGroupPoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListGroupPoliciesPages(input *ListGroupPoliciesInput, fn func(*ListGroupPoliciesOutput, bool) bool) error {
	return c.ListGroupPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListGroupPoliciesPagesWithContext same as ListGroupPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListGroupPoliciesPagesWithContext(ctx aws.Context, input *ListGroupPoliciesInput, fn func(*ListGroupPoliciesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListGroupPoliciesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListGroupPoliciesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListGroupPoliciesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListGroups = "ListGroups"

// ListGroupsRequest generates a "aws/request.Request" representing the
// client's request for the ListGroups operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListGroups for more information on using the ListGroups
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListGroupsRequest method.
//    req, resp := client.ListGroupsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroups
func (c *IAM) ListGroupsRequest(input *ListGroupsInput) (req *request.Request, output *ListGroupsOutput) {
	op := &request.Operation{
		Name:       opListGroups,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListGroupsInput{}
	}

	output = &ListGroupsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListGroups API operation for AWS Identity and Access Management.
//
// Lists the IAM groups that have the specified path prefix.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListGroups for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroups
func (c *IAM) ListGroups(input *ListGroupsInput) (*ListGroupsOutput, error) {
	req, out := c.ListGroupsRequest(input)
	return out, req.Send()
}

// ListGroupsWithContext is the same as ListGroups with the addition of
// the ability to pass a context and additional request options.
//
// See ListGroups for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListGroupsWithContext(ctx aws.Context, input *ListGroupsInput, opts ...request.Option) (*ListGroupsOutput, error) {
	req, out := c.ListGroupsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListGroupsPages iterates over the pages of a ListGroups operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListGroups method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListGroups operation.
//    pageNum := 0
//    err := client.ListGroupsPages(params,
//        func(page *iam.ListGroupsOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListGroupsPages(input *ListGroupsInput, fn func(*ListGroupsOutput, bool) bool) error {
	return c.ListGroupsPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListGroupsPagesWithContext same as ListGroupsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListGroupsPagesWithContext(ctx aws.Context, input *ListGroupsInput, fn func(*ListGroupsOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListGroupsInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListGroupsRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListGroupsOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListGroupsForUser = "ListGroupsForUser"

// ListGroupsForUserRequest generates a "aws/request.Request" representing the
// client's request for the ListGroupsForUser operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListGroupsForUser for more information on using the ListGroupsForUser
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListGroupsForUserRequest method.
//    req, resp := client.ListGroupsForUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupsForUser
func (c *IAM) ListGroupsForUserRequest(input *ListGroupsForUserInput) (req *request.Request, output *ListGroupsForUserOutput) {
	op := &request.Operation{
		Name:       opListGroupsForUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListGroupsForUserInput{}
	}

	output = &ListGroupsForUserOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListGroupsForUser API operation for AWS Identity and Access Management.
//
// Lists the IAM groups that the specified IAM user belongs to.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListGroupsForUser for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupsForUser
func (c *IAM) ListGroupsForUser(input *ListGroupsForUserInput) (*ListGroupsForUserOutput, error) {
	req, out := c.ListGroupsForUserRequest(input)
	return out, req.Send()
}

// ListGroupsForUserWithContext is the same as ListGroupsForUser with the addition of
// the ability to pass a context and additional request options.
//
// See ListGroupsForUser for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListGroupsForUserWithContext(ctx aws.Context, input *ListGroupsForUserInput, opts ...request.Option) (*ListGroupsForUserOutput, error) {
	req, out := c.ListGroupsForUserRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListGroupsForUserPages iterates over the pages of a ListGroupsForUser operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListGroupsForUser method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListGroupsForUser operation.
//    pageNum := 0
//    err := client.ListGroupsForUserPages(params,
//        func(page *iam.ListGroupsForUserOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListGroupsForUserPages(input *ListGroupsForUserInput, fn func(*ListGroupsForUserOutput, bool) bool) error {
	return c.ListGroupsForUserPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListGroupsForUserPagesWithContext same as ListGroupsForUserPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListGroupsForUserPagesWithContext(ctx aws.Context, input *ListGroupsForUserInput, fn func(*ListGroupsForUserOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListGroupsForUserInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListGroupsForUserRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListGroupsForUserOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListInstanceProfileTags = "ListInstanceProfileTags"

// ListInstanceProfileTagsRequest generates a "aws/request.Request" representing the
// client's request for the ListInstanceProfileTags operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListInstanceProfileTags for more information on using the ListInstanceProfileTags
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListInstanceProfileTagsRequest method.
//    req, resp := client.ListInstanceProfileTagsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfileTags
func (c *IAM) ListInstanceProfileTagsRequest(input *ListInstanceProfileTagsInput) (req *request.Request, output *ListInstanceProfileTagsOutput) {
	op := &request.Operation{
		Name:       opListInstanceProfileTags,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListInstanceProfileTagsInput{}
	}

	output = &ListInstanceProfileTagsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListInstanceProfileTags API operation for AWS Identity and Access Management.
//
// Lists the tags that are attached to the specified IAM instance profile. The
// returned list of tags is sorted by tag key. For more information about tagging,
// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListInstanceProfileTags for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfileTags
func (c *IAM) ListInstanceProfileTags(input *ListInstanceProfileTagsInput) (*ListInstanceProfileTagsOutput, error) {
	req, out := c.ListInstanceProfileTagsRequest(input)
	return out, req.Send()
}

// ListInstanceProfileTagsWithContext is the same as ListInstanceProfileTags with the addition of
// the ability to pass a context and additional request options.
//
// See ListInstanceProfileTags for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListInstanceProfileTagsWithContext(ctx aws.Context, input *ListInstanceProfileTagsInput, opts ...request.Option) (*ListInstanceProfileTagsOutput, error) {
	req, out := c.ListInstanceProfileTagsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListInstanceProfiles = "ListInstanceProfiles"

// ListInstanceProfilesRequest generates a "aws/request.Request" representing the
// client's request for the ListInstanceProfiles operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListInstanceProfiles for more information on using the ListInstanceProfiles
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListInstanceProfilesRequest method.
//    req, resp := client.ListInstanceProfilesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfiles
func (c *IAM) ListInstanceProfilesRequest(input *ListInstanceProfilesInput) (req *request.Request, output *ListInstanceProfilesOutput) {
	op := &request.Operation{
		Name:       opListInstanceProfiles,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListInstanceProfilesInput{}
	}

	output = &ListInstanceProfilesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListInstanceProfiles API operation for AWS Identity and Access Management.
//
// Lists the instance profiles that have the specified path prefix. If there
// are none, the operation returns an empty list. For more information about
// instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// IAM resource-listing operations return a subset of the available attributes
// for the resource. For example, this operation does not return tags, even
// though they are an attribute of the returned object. To view all of the information
// for an instance profile, see GetInstanceProfile.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListInstanceProfiles for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfiles
func (c *IAM) ListInstanceProfiles(input *ListInstanceProfilesInput) (*ListInstanceProfilesOutput, error) {
	req, out := c.ListInstanceProfilesRequest(input)
	return out, req.Send()
}

// ListInstanceProfilesWithContext is the same as ListInstanceProfiles with the addition of
// the ability to pass a context and additional request options.
//
// See ListInstanceProfiles for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListInstanceProfilesWithContext(ctx aws.Context, input *ListInstanceProfilesInput, opts ...request.Option) (*ListInstanceProfilesOutput, error) {
	req, out := c.ListInstanceProfilesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListInstanceProfilesPages iterates over the pages of a ListInstanceProfiles operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListInstanceProfiles method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListInstanceProfiles operation.
//    pageNum := 0
//    err := client.ListInstanceProfilesPages(params,
//        func(page *iam.ListInstanceProfilesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListInstanceProfilesPages(input *ListInstanceProfilesInput, fn func(*ListInstanceProfilesOutput, bool) bool) error {
	return c.ListInstanceProfilesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListInstanceProfilesPagesWithContext same as ListInstanceProfilesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListInstanceProfilesPagesWithContext(ctx aws.Context, input *ListInstanceProfilesInput, fn func(*ListInstanceProfilesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListInstanceProfilesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListInstanceProfilesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListInstanceProfilesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListInstanceProfilesForRole = "ListInstanceProfilesForRole"

// ListInstanceProfilesForRoleRequest generates a "aws/request.Request" representing the
// client's request for the ListInstanceProfilesForRole operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListInstanceProfilesForRole for more information on using the ListInstanceProfilesForRole
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListInstanceProfilesForRoleRequest method.
//    req, resp := client.ListInstanceProfilesForRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesForRole
func (c *IAM) ListInstanceProfilesForRoleRequest(input *ListInstanceProfilesForRoleInput) (req *request.Request, output *ListInstanceProfilesForRoleOutput) {
	op := &request.Operation{
		Name:       opListInstanceProfilesForRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListInstanceProfilesForRoleInput{}
	}

	output = &ListInstanceProfilesForRoleOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListInstanceProfilesForRole API operation for AWS Identity and Access Management.
//
// Lists the instance profiles that have the specified associated IAM role.
// If there are none, the operation returns an empty list. For more information
// about instance profiles, go to About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListInstanceProfilesForRole for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesForRole
func (c *IAM) ListInstanceProfilesForRole(input *ListInstanceProfilesForRoleInput) (*ListInstanceProfilesForRoleOutput, error) {
	req, out := c.ListInstanceProfilesForRoleRequest(input)
	return out, req.Send()
}

// ListInstanceProfilesForRoleWithContext is the same as ListInstanceProfilesForRole with the addition of
// the ability to pass a context and additional request options.
//
// See ListInstanceProfilesForRole for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListInstanceProfilesForRoleWithContext(ctx aws.Context, input *ListInstanceProfilesForRoleInput, opts ...request.Option) (*ListInstanceProfilesForRoleOutput, error) {
	req, out := c.ListInstanceProfilesForRoleRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListInstanceProfilesForRolePages iterates over the pages of a ListInstanceProfilesForRole operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListInstanceProfilesForRole method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListInstanceProfilesForRole operation.
//    pageNum := 0
//    err := client.ListInstanceProfilesForRolePages(params,
//        func(page *iam.ListInstanceProfilesForRoleOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListInstanceProfilesForRolePages(input *ListInstanceProfilesForRoleInput, fn func(*ListInstanceProfilesForRoleOutput, bool) bool) error {
	return c.ListInstanceProfilesForRolePagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListInstanceProfilesForRolePagesWithContext same as ListInstanceProfilesForRolePages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListInstanceProfilesForRolePagesWithContext(ctx aws.Context, input *ListInstanceProfilesForRoleInput, fn func(*ListInstanceProfilesForRoleOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListInstanceProfilesForRoleInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListInstanceProfilesForRoleRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListInstanceProfilesForRoleOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListMFADeviceTags = "ListMFADeviceTags"

// ListMFADeviceTagsRequest generates a "aws/request.Request" representing the
// client's request for the ListMFADeviceTags operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListMFADeviceTags for more information on using the ListMFADeviceTags
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListMFADeviceTagsRequest method.
//    req, resp := client.ListMFADeviceTagsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADeviceTags
func (c *IAM) ListMFADeviceTagsRequest(input *ListMFADeviceTagsInput) (req *request.Request, output *ListMFADeviceTagsOutput) {
	op := &request.Operation{
		Name:       opListMFADeviceTags,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListMFADeviceTagsInput{}
	}

	output = &ListMFADeviceTagsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListMFADeviceTags API operation for AWS Identity and Access Management.
//
// Lists the tags that are attached to the specified IAM virtual multi-factor
// authentication (MFA) device. The returned list of tags is sorted by tag key.
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListMFADeviceTags for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADeviceTags
func (c *IAM) ListMFADeviceTags(input *ListMFADeviceTagsInput) (*ListMFADeviceTagsOutput, error) {
	req, out := c.ListMFADeviceTagsRequest(input)
	return out, req.Send()
}

// ListMFADeviceTagsWithContext is the same as ListMFADeviceTags with the addition of
// the ability to pass a context and additional request options.
//
// See ListMFADeviceTags for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListMFADeviceTagsWithContext(ctx aws.Context, input *ListMFADeviceTagsInput, opts ...request.Option) (*ListMFADeviceTagsOutput, error) {
	req, out := c.ListMFADeviceTagsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListMFADevices = "ListMFADevices"

// ListMFADevicesRequest generates a "aws/request.Request" representing the
// client's request for the ListMFADevices operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListMFADevices for more information on using the ListMFADevices
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListMFADevicesRequest method.
//    req, resp := client.ListMFADevicesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADevices
func (c *IAM) ListMFADevicesRequest(input *ListMFADevicesInput) (req *request.Request, output *ListMFADevicesOutput) {
	op := &request.Operation{
		Name:       opListMFADevices,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListMFADevicesInput{}
	}

	output = &ListMFADevicesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListMFADevices API operation for AWS Identity and Access Management.
//
// Lists the MFA devices for an IAM user. If the request includes a IAM user
// name, then this operation lists all the MFA devices associated with the specified
// user. If you do not specify a user name, IAM determines the user name implicitly
// based on the Amazon Web Services access key ID signing the request for this
// operation.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListMFADevices for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADevices
func (c *IAM) ListMFADevices(input *ListMFADevicesInput) (*ListMFADevicesOutput, error) {
	req, out := c.ListMFADevicesRequest(input)
	return out, req.Send()
}

// ListMFADevicesWithContext is the same as ListMFADevices with the addition of
// the ability to pass a context and additional request options.
//
// See ListMFADevices for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListMFADevicesWithContext(ctx aws.Context, input *ListMFADevicesInput, opts ...request.Option) (*ListMFADevicesOutput, error) {
	req, out := c.ListMFADevicesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListMFADevicesPages iterates over the pages of a ListMFADevices operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListMFADevices method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListMFADevices operation.
//    pageNum := 0
//    err := client.ListMFADevicesPages(params,
//        func(page *iam.ListMFADevicesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListMFADevicesPages(input *ListMFADevicesInput, fn func(*ListMFADevicesOutput, bool) bool) error {
	return c.ListMFADevicesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListMFADevicesPagesWithContext same as ListMFADevicesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListMFADevicesPagesWithContext(ctx aws.Context, input *ListMFADevicesInput, fn func(*ListMFADevicesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListMFADevicesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListMFADevicesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListMFADevicesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListOpenIDConnectProviderTags = "ListOpenIDConnectProviderTags"

// ListOpenIDConnectProviderTagsRequest generates a "aws/request.Request" representing the
// client's request for the ListOpenIDConnectProviderTags operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListOpenIDConnectProviderTags for more information on using the ListOpenIDConnectProviderTags
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListOpenIDConnectProviderTagsRequest method.
//    req, resp := client.ListOpenIDConnectProviderTagsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviderTags
func (c *IAM) ListOpenIDConnectProviderTagsRequest(input *ListOpenIDConnectProviderTagsInput) (req *request.Request, output *ListOpenIDConnectProviderTagsOutput) {
	op := &request.Operation{
		Name:       opListOpenIDConnectProviderTags,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListOpenIDConnectProviderTagsInput{}
	}

	output = &ListOpenIDConnectProviderTagsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListOpenIDConnectProviderTags API operation for AWS Identity and Access Management.
//
// Lists the tags that are attached to the specified OpenID Connect (OIDC)-compatible
// identity provider. The returned list of tags is sorted by tag key. For more
// information, see About web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html).
//
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListOpenIDConnectProviderTags for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviderTags
func (c *IAM) ListOpenIDConnectProviderTags(input *ListOpenIDConnectProviderTagsInput) (*ListOpenIDConnectProviderTagsOutput, error) {
	req, out := c.ListOpenIDConnectProviderTagsRequest(input)
	return out, req.Send()
}

// ListOpenIDConnectProviderTagsWithContext is the same as ListOpenIDConnectProviderTags with the addition of
// the ability to pass a context and additional request options.
//
// See ListOpenIDConnectProviderTags for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListOpenIDConnectProviderTagsWithContext(ctx aws.Context, input *ListOpenIDConnectProviderTagsInput, opts ...request.Option) (*ListOpenIDConnectProviderTagsOutput, error) {
	req, out := c.ListOpenIDConnectProviderTagsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListOpenIDConnectProviders = "ListOpenIDConnectProviders"

// ListOpenIDConnectProvidersRequest generates a "aws/request.Request" representing the
// client's request for the ListOpenIDConnectProviders operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListOpenIDConnectProviders for more information on using the ListOpenIDConnectProviders
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListOpenIDConnectProvidersRequest method.
//    req, resp := client.ListOpenIDConnectProvidersRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviders
func (c *IAM) ListOpenIDConnectProvidersRequest(input *ListOpenIDConnectProvidersInput) (req *request.Request, output *ListOpenIDConnectProvidersOutput) {
	op := &request.Operation{
		Name:       opListOpenIDConnectProviders,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListOpenIDConnectProvidersInput{}
	}

	output = &ListOpenIDConnectProvidersOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListOpenIDConnectProviders API operation for AWS Identity and Access Management.
//
// Lists information about the IAM OpenID Connect (OIDC) provider resource objects
// defined in the Amazon Web Services account.
//
// IAM resource-listing operations return a subset of the available attributes
// for the resource. For example, this operation does not return tags, even
// though they are an attribute of the returned object. To view all of the information
// for an OIDC provider, see GetOpenIDConnectProvider.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListOpenIDConnectProviders for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviders
func (c *IAM) ListOpenIDConnectProviders(input *ListOpenIDConnectProvidersInput) (*ListOpenIDConnectProvidersOutput, error) {
	req, out := c.ListOpenIDConnectProvidersRequest(input)
	return out, req.Send()
}

// ListOpenIDConnectProvidersWithContext is the same as ListOpenIDConnectProviders with the addition of
// the ability to pass a context and additional request options.
//
// See ListOpenIDConnectProviders for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListOpenIDConnectProvidersWithContext(ctx aws.Context, input *ListOpenIDConnectProvidersInput, opts ...request.Option) (*ListOpenIDConnectProvidersOutput, error) {
	req, out := c.ListOpenIDConnectProvidersRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListPolicies = "ListPolicies"

// ListPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListPolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListPolicies for more information on using the ListPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListPoliciesRequest method.
//    req, resp := client.ListPoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicies
func (c *IAM) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) {
	op := &request.Operation{
		Name:       opListPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListPoliciesInput{}
	}

	output = &ListPoliciesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListPolicies API operation for AWS Identity and Access Management.
//
// Lists all the managed policies that are available in your Amazon Web Services
// account, including your own customer-defined managed policies and all Amazon
// Web Services managed policies.
//
// You can filter the list of policies that is returned using the optional OnlyAttached,
// Scope, and PathPrefix parameters. For example, to list only the customer
// managed policies in your Amazon Web Services account, set Scope to Local.
// To list only Amazon Web Services managed policies, set Scope to AWS.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// For more information about managed policies, see Managed policies and inline
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// IAM resource-listing operations return a subset of the available attributes
// for the resource. For example, this operation does not return tags, even
// though they are an attribute of the returned object. To view all of the information
// for a customer manged policy, see GetPolicy.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListPolicies for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicies
func (c *IAM) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) {
	req, out := c.ListPoliciesRequest(input)
	return out, req.Send()
}

// ListPoliciesWithContext is the same as ListPolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) {
	req, out := c.ListPoliciesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListPoliciesPages iterates over the pages of a ListPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListPolicies operation.
//    pageNum := 0
//    err := client.ListPoliciesPages(params,
//        func(page *iam.ListPoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error {
	return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListPoliciesPagesWithContext same as ListPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListPoliciesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListPoliciesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListPoliciesGrantingServiceAccess = "ListPoliciesGrantingServiceAccess"

// ListPoliciesGrantingServiceAccessRequest generates a "aws/request.Request" representing the
// client's request for the ListPoliciesGrantingServiceAccess operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListPoliciesGrantingServiceAccess for more information on using the ListPoliciesGrantingServiceAccess
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListPoliciesGrantingServiceAccessRequest method.
//    req, resp := client.ListPoliciesGrantingServiceAccessRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPoliciesGrantingServiceAccess
func (c *IAM) ListPoliciesGrantingServiceAccessRequest(input *ListPoliciesGrantingServiceAccessInput) (req *request.Request, output *ListPoliciesGrantingServiceAccessOutput) {
	op := &request.Operation{
		Name:       opListPoliciesGrantingServiceAccess,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListPoliciesGrantingServiceAccessInput{}
	}

	output = &ListPoliciesGrantingServiceAccessOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListPoliciesGrantingServiceAccess API operation for AWS Identity and Access Management.
//
// Retrieves a list of policies that the IAM identity (user, group, or role)
// can use to access each specified service.
//
// This operation does not use other policy types when determining whether a
// resource could access a service. These other policy types include resource-based
// policies, access control lists, Organizations policies, IAM permissions boundaries,
// and STS assume role policies. It only applies permissions policy logic. For
// more about the evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
// in the IAM User Guide.
//
// The list of policies returned by the operation depends on the ARN of the
// identity that you provide.
//
//    * User – The list of policies includes the managed and inline policies
//    that are attached to the user directly. The list also includes any additional
//    managed and inline policies that are attached to the group to which the
//    user belongs.
//
//    * Group – The list of policies includes only the managed and inline
//    policies that are attached to the group directly. Policies that are attached
//    to the group’s user are not included.
//
//    * Role – The list of policies includes only the managed and inline policies
//    that are attached to the role.
//
// For each managed policy, this operation returns the ARN and policy name.
// For each inline policy, it returns the policy name and the entity to which
// it is attached. Inline policies do not have an ARN. For more information
// about these policy types, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html)
// in the IAM User Guide.
//
// Policies that are attached to users and roles as permissions boundaries are
// not returned. To view which managed policy is currently used to set the permissions
// boundary for a user or role, use the GetUser or GetRole operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListPoliciesGrantingServiceAccess for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPoliciesGrantingServiceAccess
func (c *IAM) ListPoliciesGrantingServiceAccess(input *ListPoliciesGrantingServiceAccessInput) (*ListPoliciesGrantingServiceAccessOutput, error) {
	req, out := c.ListPoliciesGrantingServiceAccessRequest(input)
	return out, req.Send()
}

// ListPoliciesGrantingServiceAccessWithContext is the same as ListPoliciesGrantingServiceAccess with the addition of
// the ability to pass a context and additional request options.
//
// See ListPoliciesGrantingServiceAccess for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListPoliciesGrantingServiceAccessWithContext(ctx aws.Context, input *ListPoliciesGrantingServiceAccessInput, opts ...request.Option) (*ListPoliciesGrantingServiceAccessOutput, error) {
	req, out := c.ListPoliciesGrantingServiceAccessRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListPolicyTags = "ListPolicyTags"

// ListPolicyTagsRequest generates a "aws/request.Request" representing the
// client's request for the ListPolicyTags operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListPolicyTags for more information on using the ListPolicyTags
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListPolicyTagsRequest method.
//    req, resp := client.ListPolicyTagsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyTags
func (c *IAM) ListPolicyTagsRequest(input *ListPolicyTagsInput) (req *request.Request, output *ListPolicyTagsOutput) {
	op := &request.Operation{
		Name:       opListPolicyTags,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListPolicyTagsInput{}
	}

	output = &ListPolicyTagsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListPolicyTags API operation for AWS Identity and Access Management.
//
// Lists the tags that are attached to the specified IAM customer managed policy.
// The returned list of tags is sorted by tag key. For more information about
// tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListPolicyTags for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyTags
func (c *IAM) ListPolicyTags(input *ListPolicyTagsInput) (*ListPolicyTagsOutput, error) {
	req, out := c.ListPolicyTagsRequest(input)
	return out, req.Send()
}

// ListPolicyTagsWithContext is the same as ListPolicyTags with the addition of
// the ability to pass a context and additional request options.
//
// See ListPolicyTags for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListPolicyTagsWithContext(ctx aws.Context, input *ListPolicyTagsInput, opts ...request.Option) (*ListPolicyTagsOutput, error) {
	req, out := c.ListPolicyTagsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListPolicyVersions = "ListPolicyVersions"

// ListPolicyVersionsRequest generates a "aws/request.Request" representing the
// client's request for the ListPolicyVersions operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListPolicyVersions for more information on using the ListPolicyVersions
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListPolicyVersionsRequest method.
//    req, resp := client.ListPolicyVersionsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyVersions
func (c *IAM) ListPolicyVersionsRequest(input *ListPolicyVersionsInput) (req *request.Request, output *ListPolicyVersionsOutput) {
	op := &request.Operation{
		Name:       opListPolicyVersions,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListPolicyVersionsInput{}
	}

	output = &ListPolicyVersionsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListPolicyVersions API operation for AWS Identity and Access Management.
//
// Lists information about the versions of the specified managed policy, including
// the version that is currently set as the policy's default version.
//
// For more information about managed policies, see Managed policies and inline
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListPolicyVersions for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyVersions
func (c *IAM) ListPolicyVersions(input *ListPolicyVersionsInput) (*ListPolicyVersionsOutput, error) {
	req, out := c.ListPolicyVersionsRequest(input)
	return out, req.Send()
}

// ListPolicyVersionsWithContext is the same as ListPolicyVersions with the addition of
// the ability to pass a context and additional request options.
//
// See ListPolicyVersions for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListPolicyVersionsWithContext(ctx aws.Context, input *ListPolicyVersionsInput, opts ...request.Option) (*ListPolicyVersionsOutput, error) {
	req, out := c.ListPolicyVersionsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListPolicyVersionsPages iterates over the pages of a ListPolicyVersions operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListPolicyVersions method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListPolicyVersions operation.
//    pageNum := 0
//    err := client.ListPolicyVersionsPages(params,
//        func(page *iam.ListPolicyVersionsOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListPolicyVersionsPages(input *ListPolicyVersionsInput, fn func(*ListPolicyVersionsOutput, bool) bool) error {
	return c.ListPolicyVersionsPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListPolicyVersionsPagesWithContext same as ListPolicyVersionsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListPolicyVersionsPagesWithContext(ctx aws.Context, input *ListPolicyVersionsInput, fn func(*ListPolicyVersionsOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListPolicyVersionsInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListPolicyVersionsRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListPolicyVersionsOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListRolePolicies = "ListRolePolicies"

// ListRolePoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListRolePolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListRolePolicies for more information on using the ListRolePolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListRolePoliciesRequest method.
//    req, resp := client.ListRolePoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRolePolicies
func (c *IAM) ListRolePoliciesRequest(input *ListRolePoliciesInput) (req *request.Request, output *ListRolePoliciesOutput) {
	op := &request.Operation{
		Name:       opListRolePolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListRolePoliciesInput{}
	}

	output = &ListRolePoliciesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListRolePolicies API operation for AWS Identity and Access Management.
//
// Lists the names of the inline policies that are embedded in the specified
// IAM role.
//
// An IAM role can also have managed policies attached to it. To list the managed
// policies that are attached to a role, use ListAttachedRolePolicies. For more
// information about policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If
// there are no inline policies embedded with the specified role, the operation
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListRolePolicies for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRolePolicies
func (c *IAM) ListRolePolicies(input *ListRolePoliciesInput) (*ListRolePoliciesOutput, error) {
	req, out := c.ListRolePoliciesRequest(input)
	return out, req.Send()
}

// ListRolePoliciesWithContext is the same as ListRolePolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListRolePolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListRolePoliciesWithContext(ctx aws.Context, input *ListRolePoliciesInput, opts ...request.Option) (*ListRolePoliciesOutput, error) {
	req, out := c.ListRolePoliciesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListRolePoliciesPages iterates over the pages of a ListRolePolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListRolePolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListRolePolicies operation.
//    pageNum := 0
//    err := client.ListRolePoliciesPages(params,
//        func(page *iam.ListRolePoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListRolePoliciesPages(input *ListRolePoliciesInput, fn func(*ListRolePoliciesOutput, bool) bool) error {
	return c.ListRolePoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListRolePoliciesPagesWithContext same as ListRolePoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListRolePoliciesPagesWithContext(ctx aws.Context, input *ListRolePoliciesInput, fn func(*ListRolePoliciesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListRolePoliciesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListRolePoliciesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListRolePoliciesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListRoleTags = "ListRoleTags"

// ListRoleTagsRequest generates a "aws/request.Request" representing the
// client's request for the ListRoleTags operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListRoleTags for more information on using the ListRoleTags
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListRoleTagsRequest method.
//    req, resp := client.ListRoleTagsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRoleTags
func (c *IAM) ListRoleTagsRequest(input *ListRoleTagsInput) (req *request.Request, output *ListRoleTagsOutput) {
	op := &request.Operation{
		Name:       opListRoleTags,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListRoleTagsInput{}
	}

	output = &ListRoleTagsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListRoleTags API operation for AWS Identity and Access Management.
//
// Lists the tags that are attached to the specified role. The returned list
// of tags is sorted by tag key. For more information about tagging, see Tagging
// IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListRoleTags for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRoleTags
func (c *IAM) ListRoleTags(input *ListRoleTagsInput) (*ListRoleTagsOutput, error) {
	req, out := c.ListRoleTagsRequest(input)
	return out, req.Send()
}

// ListRoleTagsWithContext is the same as ListRoleTags with the addition of
// the ability to pass a context and additional request options.
//
// See ListRoleTags for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListRoleTagsWithContext(ctx aws.Context, input *ListRoleTagsInput, opts ...request.Option) (*ListRoleTagsOutput, error) {
	req, out := c.ListRoleTagsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListRoles = "ListRoles"

// ListRolesRequest generates a "aws/request.Request" representing the
// client's request for the ListRoles operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListRoles for more information on using the ListRoles
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListRolesRequest method.
//    req, resp := client.ListRolesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRoles
func (c *IAM) ListRolesRequest(input *ListRolesInput) (req *request.Request, output *ListRolesOutput) {
	op := &request.Operation{
		Name:       opListRoles,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListRolesInput{}
	}

	output = &ListRolesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListRoles API operation for AWS Identity and Access Management.
//
// Lists the IAM roles that have the specified path prefix. If there are none,
// the operation returns an empty list. For more information about roles, see
// Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
//
// IAM resource-listing operations return a subset of the available attributes
// for the resource. For example, this operation does not return tags, even
// though they are an attribute of the returned object. To view all of the information
// for a role, see GetRole.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListRoles for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRoles
func (c *IAM) ListRoles(input *ListRolesInput) (*ListRolesOutput, error) {
	req, out := c.ListRolesRequest(input)
	return out, req.Send()
}

// ListRolesWithContext is the same as ListRoles with the addition of
// the ability to pass a context and additional request options.
//
// See ListRoles for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListRolesWithContext(ctx aws.Context, input *ListRolesInput, opts ...request.Option) (*ListRolesOutput, error) {
	req, out := c.ListRolesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListRolesPages iterates over the pages of a ListRoles operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListRoles method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListRoles operation.
//    pageNum := 0
//    err := client.ListRolesPages(params,
//        func(page *iam.ListRolesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListRolesPages(input *ListRolesInput, fn func(*ListRolesOutput, bool) bool) error {
	return c.ListRolesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListRolesPagesWithContext same as ListRolesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListRolesPagesWithContext(ctx aws.Context, input *ListRolesInput, fn func(*ListRolesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListRolesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListRolesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListRolesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListSAMLProviderTags = "ListSAMLProviderTags"

// ListSAMLProviderTagsRequest generates a "aws/request.Request" representing the
// client's request for the ListSAMLProviderTags operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListSAMLProviderTags for more information on using the ListSAMLProviderTags
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListSAMLProviderTagsRequest method.
//    req, resp := client.ListSAMLProviderTagsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviderTags
func (c *IAM) ListSAMLProviderTagsRequest(input *ListSAMLProviderTagsInput) (req *request.Request, output *ListSAMLProviderTagsOutput) {
	op := &request.Operation{
		Name:       opListSAMLProviderTags,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListSAMLProviderTagsInput{}
	}

	output = &ListSAMLProviderTagsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListSAMLProviderTags API operation for AWS Identity and Access Management.
//
// Lists the tags that are attached to the specified Security Assertion Markup
// Language (SAML) identity provider. The returned list of tags is sorted by
// tag key. For more information, see About SAML 2.0-based federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html).
//
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListSAMLProviderTags for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviderTags
func (c *IAM) ListSAMLProviderTags(input *ListSAMLProviderTagsInput) (*ListSAMLProviderTagsOutput, error) {
	req, out := c.ListSAMLProviderTagsRequest(input)
	return out, req.Send()
}

// ListSAMLProviderTagsWithContext is the same as ListSAMLProviderTags with the addition of
// the ability to pass a context and additional request options.
//
// See ListSAMLProviderTags for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListSAMLProviderTagsWithContext(ctx aws.Context, input *ListSAMLProviderTagsInput, opts ...request.Option) (*ListSAMLProviderTagsOutput, error) {
	req, out := c.ListSAMLProviderTagsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListSAMLProviders = "ListSAMLProviders"

// ListSAMLProvidersRequest generates a "aws/request.Request" representing the
// client's request for the ListSAMLProviders operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListSAMLProviders for more information on using the ListSAMLProviders
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListSAMLProvidersRequest method.
//    req, resp := client.ListSAMLProvidersRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviders
func (c *IAM) ListSAMLProvidersRequest(input *ListSAMLProvidersInput) (req *request.Request, output *ListSAMLProvidersOutput) {
	op := &request.Operation{
		Name:       opListSAMLProviders,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListSAMLProvidersInput{}
	}

	output = &ListSAMLProvidersOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListSAMLProviders API operation for AWS Identity and Access Management.
//
// Lists the SAML provider resource objects defined in IAM in the account. IAM
// resource-listing operations return a subset of the available attributes for
// the resource. For example, this operation does not return tags, even though
// they are an attribute of the returned object. To view all of the information
// for a SAML provider, see GetSAMLProvider.
//
// This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListSAMLProviders for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviders
func (c *IAM) ListSAMLProviders(input *ListSAMLProvidersInput) (*ListSAMLProvidersOutput, error) {
	req, out := c.ListSAMLProvidersRequest(input)
	return out, req.Send()
}

// ListSAMLProvidersWithContext is the same as ListSAMLProviders with the addition of
// the ability to pass a context and additional request options.
//
// See ListSAMLProviders for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListSAMLProvidersWithContext(ctx aws.Context, input *ListSAMLProvidersInput, opts ...request.Option) (*ListSAMLProvidersOutput, error) {
	req, out := c.ListSAMLProvidersRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListSSHPublicKeys = "ListSSHPublicKeys"

// ListSSHPublicKeysRequest generates a "aws/request.Request" representing the
// client's request for the ListSSHPublicKeys operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListSSHPublicKeys for more information on using the ListSSHPublicKeys
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListSSHPublicKeysRequest method.
//    req, resp := client.ListSSHPublicKeysRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSSHPublicKeys
func (c *IAM) ListSSHPublicKeysRequest(input *ListSSHPublicKeysInput) (req *request.Request, output *ListSSHPublicKeysOutput) {
	op := &request.Operation{
		Name:       opListSSHPublicKeys,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListSSHPublicKeysInput{}
	}

	output = &ListSSHPublicKeysOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListSSHPublicKeys API operation for AWS Identity and Access Management.
//
// Returns information about the SSH public keys associated with the specified
// IAM user. If none exists, the operation returns an empty list.
//
// The SSH public keys returned by this operation are used only for authenticating
// the IAM user to an CodeCommit repository. For more information about using
// SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit
// for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the CodeCommit User Guide.
//
// Although each user is limited to a small number of keys, you can still paginate
// the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListSSHPublicKeys for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSSHPublicKeys
func (c *IAM) ListSSHPublicKeys(input *ListSSHPublicKeysInput) (*ListSSHPublicKeysOutput, error) {
	req, out := c.ListSSHPublicKeysRequest(input)
	return out, req.Send()
}

// ListSSHPublicKeysWithContext is the same as ListSSHPublicKeys with the addition of
// the ability to pass a context and additional request options.
//
// See ListSSHPublicKeys for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListSSHPublicKeysWithContext(ctx aws.Context, input *ListSSHPublicKeysInput, opts ...request.Option) (*ListSSHPublicKeysOutput, error) {
	req, out := c.ListSSHPublicKeysRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListSSHPublicKeysPages iterates over the pages of a ListSSHPublicKeys operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListSSHPublicKeys method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListSSHPublicKeys operation.
//    pageNum := 0
//    err := client.ListSSHPublicKeysPages(params,
//        func(page *iam.ListSSHPublicKeysOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListSSHPublicKeysPages(input *ListSSHPublicKeysInput, fn func(*ListSSHPublicKeysOutput, bool) bool) error {
	return c.ListSSHPublicKeysPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListSSHPublicKeysPagesWithContext same as ListSSHPublicKeysPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListSSHPublicKeysPagesWithContext(ctx aws.Context, input *ListSSHPublicKeysInput, fn func(*ListSSHPublicKeysOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListSSHPublicKeysInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListSSHPublicKeysRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListSSHPublicKeysOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListServerCertificateTags = "ListServerCertificateTags"

// ListServerCertificateTagsRequest generates a "aws/request.Request" representing the
// client's request for the ListServerCertificateTags operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListServerCertificateTags for more information on using the ListServerCertificateTags
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListServerCertificateTagsRequest method.
//    req, resp := client.ListServerCertificateTagsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificateTags
func (c *IAM) ListServerCertificateTagsRequest(input *ListServerCertificateTagsInput) (req *request.Request, output *ListServerCertificateTagsOutput) {
	op := &request.Operation{
		Name:       opListServerCertificateTags,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListServerCertificateTagsInput{}
	}

	output = &ListServerCertificateTagsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListServerCertificateTags API operation for AWS Identity and Access Management.
//
// Lists the tags that are attached to the specified IAM server certificate.
// The returned list of tags is sorted by tag key. For more information about
// tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// For certificates in a Region supported by Certificate Manager (ACM), we recommend
// that you don't use IAM server certificates. Instead, use ACM to provision,
// manage, and deploy your server certificates. For more information about IAM
// server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListServerCertificateTags for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificateTags
func (c *IAM) ListServerCertificateTags(input *ListServerCertificateTagsInput) (*ListServerCertificateTagsOutput, error) {
	req, out := c.ListServerCertificateTagsRequest(input)
	return out, req.Send()
}

// ListServerCertificateTagsWithContext is the same as ListServerCertificateTags with the addition of
// the ability to pass a context and additional request options.
//
// See ListServerCertificateTags for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListServerCertificateTagsWithContext(ctx aws.Context, input *ListServerCertificateTagsInput, opts ...request.Option) (*ListServerCertificateTagsOutput, error) {
	req, out := c.ListServerCertificateTagsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListServerCertificates = "ListServerCertificates"

// ListServerCertificatesRequest generates a "aws/request.Request" representing the
// client's request for the ListServerCertificates operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListServerCertificates for more information on using the ListServerCertificates
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListServerCertificatesRequest method.
//    req, resp := client.ListServerCertificatesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificates
func (c *IAM) ListServerCertificatesRequest(input *ListServerCertificatesInput) (req *request.Request, output *ListServerCertificatesOutput) {
	op := &request.Operation{
		Name:       opListServerCertificates,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListServerCertificatesInput{}
	}

	output = &ListServerCertificatesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListServerCertificates API operation for AWS Identity and Access Management.
//
// Lists the server certificates stored in IAM that have the specified path
// prefix. If none exist, the operation returns an empty list.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// For more information about working with server certificates, see Working
// with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. This topic also includes a list of Amazon Web Services
// services that can use the server certificates that you manage with IAM.
//
// IAM resource-listing operations return a subset of the available attributes
// for the resource. For example, this operation does not return tags, even
// though they are an attribute of the returned object. To view all of the information
// for a servercertificate, see GetServerCertificate.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListServerCertificates for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificates
func (c *IAM) ListServerCertificates(input *ListServerCertificatesInput) (*ListServerCertificatesOutput, error) {
	req, out := c.ListServerCertificatesRequest(input)
	return out, req.Send()
}

// ListServerCertificatesWithContext is the same as ListServerCertificates with the addition of
// the ability to pass a context and additional request options.
//
// See ListServerCertificates for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListServerCertificatesWithContext(ctx aws.Context, input *ListServerCertificatesInput, opts ...request.Option) (*ListServerCertificatesOutput, error) {
	req, out := c.ListServerCertificatesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListServerCertificatesPages iterates over the pages of a ListServerCertificates operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListServerCertificates method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListServerCertificates operation.
//    pageNum := 0
//    err := client.ListServerCertificatesPages(params,
//        func(page *iam.ListServerCertificatesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListServerCertificatesPages(input *ListServerCertificatesInput, fn func(*ListServerCertificatesOutput, bool) bool) error {
	return c.ListServerCertificatesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListServerCertificatesPagesWithContext same as ListServerCertificatesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListServerCertificatesPagesWithContext(ctx aws.Context, input *ListServerCertificatesInput, fn func(*ListServerCertificatesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListServerCertificatesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListServerCertificatesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListServerCertificatesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListServiceSpecificCredentials = "ListServiceSpecificCredentials"

// ListServiceSpecificCredentialsRequest generates a "aws/request.Request" representing the
// client's request for the ListServiceSpecificCredentials operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListServiceSpecificCredentials for more information on using the ListServiceSpecificCredentials
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListServiceSpecificCredentialsRequest method.
//    req, resp := client.ListServiceSpecificCredentialsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServiceSpecificCredentials
func (c *IAM) ListServiceSpecificCredentialsRequest(input *ListServiceSpecificCredentialsInput) (req *request.Request, output *ListServiceSpecificCredentialsOutput) {
	op := &request.Operation{
		Name:       opListServiceSpecificCredentials,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListServiceSpecificCredentialsInput{}
	}

	output = &ListServiceSpecificCredentialsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListServiceSpecificCredentials API operation for AWS Identity and Access Management.
//
// Returns information about the service-specific credentials associated with
// the specified IAM user. If none exists, the operation returns an empty list.
// The service-specific credentials returned by this operation are used only
// for authenticating the IAM user to a specific service. For more information
// about using service-specific credentials to authenticate to an Amazon Web
// Services service, see Set up service-specific credentials (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html)
// in the CodeCommit User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListServiceSpecificCredentials for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceNotSupportedException "NotSupportedService"
//   The specified service does not support service-specific credentials.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServiceSpecificCredentials
func (c *IAM) ListServiceSpecificCredentials(input *ListServiceSpecificCredentialsInput) (*ListServiceSpecificCredentialsOutput, error) {
	req, out := c.ListServiceSpecificCredentialsRequest(input)
	return out, req.Send()
}

// ListServiceSpecificCredentialsWithContext is the same as ListServiceSpecificCredentials with the addition of
// the ability to pass a context and additional request options.
//
// See ListServiceSpecificCredentials for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListServiceSpecificCredentialsWithContext(ctx aws.Context, input *ListServiceSpecificCredentialsInput, opts ...request.Option) (*ListServiceSpecificCredentialsOutput, error) {
	req, out := c.ListServiceSpecificCredentialsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListSigningCertificates = "ListSigningCertificates"

// ListSigningCertificatesRequest generates a "aws/request.Request" representing the
// client's request for the ListSigningCertificates operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListSigningCertificates for more information on using the ListSigningCertificates
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListSigningCertificatesRequest method.
//    req, resp := client.ListSigningCertificatesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSigningCertificates
func (c *IAM) ListSigningCertificatesRequest(input *ListSigningCertificatesInput) (req *request.Request, output *ListSigningCertificatesOutput) {
	op := &request.Operation{
		Name:       opListSigningCertificates,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListSigningCertificatesInput{}
	}

	output = &ListSigningCertificatesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListSigningCertificates API operation for AWS Identity and Access Management.
//
// Returns information about the signing certificates associated with the specified
// IAM user. If none exists, the operation returns an empty list.
//
// Although each user is limited to a small number of signing certificates,
// you can still paginate the results using the MaxItems and Marker parameters.
//
// If the UserName field is not specified, the user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request for
// this operation. This operation works for access keys under the Amazon Web
// Services account. Consequently, you can use this operation to manage Amazon
// Web Services account root user credentials even if the Amazon Web Services
// account has no associated users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListSigningCertificates for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSigningCertificates
func (c *IAM) ListSigningCertificates(input *ListSigningCertificatesInput) (*ListSigningCertificatesOutput, error) {
	req, out := c.ListSigningCertificatesRequest(input)
	return out, req.Send()
}

// ListSigningCertificatesWithContext is the same as ListSigningCertificates with the addition of
// the ability to pass a context and additional request options.
//
// See ListSigningCertificates for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListSigningCertificatesWithContext(ctx aws.Context, input *ListSigningCertificatesInput, opts ...request.Option) (*ListSigningCertificatesOutput, error) {
	req, out := c.ListSigningCertificatesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListSigningCertificatesPages iterates over the pages of a ListSigningCertificates operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListSigningCertificates method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListSigningCertificates operation.
//    pageNum := 0
//    err := client.ListSigningCertificatesPages(params,
//        func(page *iam.ListSigningCertificatesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListSigningCertificatesPages(input *ListSigningCertificatesInput, fn func(*ListSigningCertificatesOutput, bool) bool) error {
	return c.ListSigningCertificatesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListSigningCertificatesPagesWithContext same as ListSigningCertificatesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListSigningCertificatesPagesWithContext(ctx aws.Context, input *ListSigningCertificatesInput, fn func(*ListSigningCertificatesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListSigningCertificatesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListSigningCertificatesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListSigningCertificatesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListUserPolicies = "ListUserPolicies"

// ListUserPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListUserPolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListUserPolicies for more information on using the ListUserPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListUserPoliciesRequest method.
//    req, resp := client.ListUserPoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserPolicies
func (c *IAM) ListUserPoliciesRequest(input *ListUserPoliciesInput) (req *request.Request, output *ListUserPoliciesOutput) {
	op := &request.Operation{
		Name:       opListUserPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListUserPoliciesInput{}
	}

	output = &ListUserPoliciesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListUserPolicies API operation for AWS Identity and Access Management.
//
// Lists the names of the inline policies embedded in the specified IAM user.
//
// An IAM user can also have managed policies attached to it. To list the managed
// policies that are attached to a user, use ListAttachedUserPolicies. For more
// information about policies, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If
// there are no inline policies embedded with the specified user, the operation
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListUserPolicies for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserPolicies
func (c *IAM) ListUserPolicies(input *ListUserPoliciesInput) (*ListUserPoliciesOutput, error) {
	req, out := c.ListUserPoliciesRequest(input)
	return out, req.Send()
}

// ListUserPoliciesWithContext is the same as ListUserPolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListUserPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListUserPoliciesWithContext(ctx aws.Context, input *ListUserPoliciesInput, opts ...request.Option) (*ListUserPoliciesOutput, error) {
	req, out := c.ListUserPoliciesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListUserPoliciesPages iterates over the pages of a ListUserPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListUserPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListUserPolicies operation.
//    pageNum := 0
//    err := client.ListUserPoliciesPages(params,
//        func(page *iam.ListUserPoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListUserPoliciesPages(input *ListUserPoliciesInput, fn func(*ListUserPoliciesOutput, bool) bool) error {
	return c.ListUserPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListUserPoliciesPagesWithContext same as ListUserPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListUserPoliciesPagesWithContext(ctx aws.Context, input *ListUserPoliciesInput, fn func(*ListUserPoliciesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListUserPoliciesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListUserPoliciesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListUserPoliciesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListUserTags = "ListUserTags"

// ListUserTagsRequest generates a "aws/request.Request" representing the
// client's request for the ListUserTags operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListUserTags for more information on using the ListUserTags
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListUserTagsRequest method.
//    req, resp := client.ListUserTagsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserTags
func (c *IAM) ListUserTagsRequest(input *ListUserTagsInput) (req *request.Request, output *ListUserTagsOutput) {
	op := &request.Operation{
		Name:       opListUserTags,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListUserTagsInput{}
	}

	output = &ListUserTagsOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListUserTags API operation for AWS Identity and Access Management.
//
// Lists the tags that are attached to the specified IAM user. The returned
// list of tags is sorted by tag key. For more information about tagging, see
// Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListUserTags for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserTags
func (c *IAM) ListUserTags(input *ListUserTagsInput) (*ListUserTagsOutput, error) {
	req, out := c.ListUserTagsRequest(input)
	return out, req.Send()
}

// ListUserTagsWithContext is the same as ListUserTags with the addition of
// the ability to pass a context and additional request options.
//
// See ListUserTags for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListUserTagsWithContext(ctx aws.Context, input *ListUserTagsInput, opts ...request.Option) (*ListUserTagsOutput, error) {
	req, out := c.ListUserTagsRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListUserTagsPages iterates over the pages of a ListUserTags operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListUserTags method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListUserTags operation.
//    pageNum := 0
//    err := client.ListUserTagsPages(params,
//        func(page *iam.ListUserTagsOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListUserTagsPages(input *ListUserTagsInput, fn func(*ListUserTagsOutput, bool) bool) error {
	return c.ListUserTagsPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListUserTagsPagesWithContext same as ListUserTagsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListUserTagsPagesWithContext(ctx aws.Context, input *ListUserTagsInput, fn func(*ListUserTagsOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListUserTagsInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListUserTagsRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListUserTagsOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListUsers = "ListUsers"

// ListUsersRequest generates a "aws/request.Request" representing the
// client's request for the ListUsers operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListUsers for more information on using the ListUsers
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListUsersRequest method.
//    req, resp := client.ListUsersRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUsers
func (c *IAM) ListUsersRequest(input *ListUsersInput) (req *request.Request, output *ListUsersOutput) {
	op := &request.Operation{
		Name:       opListUsers,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListUsersInput{}
	}

	output = &ListUsersOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListUsers API operation for AWS Identity and Access Management.
//
// Lists the IAM users that have the specified path prefix. If no path prefix
// is specified, the operation returns all users in the Amazon Web Services
// account. If there are none, the operation returns an empty list.
//
// IAM resource-listing operations return a subset of the available attributes
// for the resource. For example, this operation does not return tags, even
// though they are an attribute of the returned object. To view all of the information
// for a user, see GetUser.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListUsers for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUsers
func (c *IAM) ListUsers(input *ListUsersInput) (*ListUsersOutput, error) {
	req, out := c.ListUsersRequest(input)
	return out, req.Send()
}

// ListUsersWithContext is the same as ListUsers with the addition of
// the ability to pass a context and additional request options.
//
// See ListUsers for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListUsersWithContext(ctx aws.Context, input *ListUsersInput, opts ...request.Option) (*ListUsersOutput, error) {
	req, out := c.ListUsersRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListUsersPages iterates over the pages of a ListUsers operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListUsers method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListUsers operation.
//    pageNum := 0
//    err := client.ListUsersPages(params,
//        func(page *iam.ListUsersOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListUsersPages(input *ListUsersInput, fn func(*ListUsersOutput, bool) bool) error {
	return c.ListUsersPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListUsersPagesWithContext same as ListUsersPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListUsersPagesWithContext(ctx aws.Context, input *ListUsersInput, fn func(*ListUsersOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListUsersInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListUsersRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListUsersOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListVirtualMFADevices = "ListVirtualMFADevices"

// ListVirtualMFADevicesRequest generates a "aws/request.Request" representing the
// client's request for the ListVirtualMFADevices operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListVirtualMFADevices for more information on using the ListVirtualMFADevices
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ListVirtualMFADevicesRequest method.
//    req, resp := client.ListVirtualMFADevicesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListVirtualMFADevices
func (c *IAM) ListVirtualMFADevicesRequest(input *ListVirtualMFADevicesInput) (req *request.Request, output *ListVirtualMFADevicesOutput) {
	op := &request.Operation{
		Name:       opListVirtualMFADevices,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListVirtualMFADevicesInput{}
	}

	output = &ListVirtualMFADevicesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListVirtualMFADevices API operation for AWS Identity and Access Management.
//
// Lists the virtual MFA devices defined in the Amazon Web Services account
// by assignment status. If you do not specify an assignment status, the operation
// returns a list of all virtual MFA devices. Assignment status can be Assigned,
// Unassigned, or Any.
//
// IAM resource-listing operations return a subset of the available attributes
// for the resource. For example, this operation does not return tags, even
// though they are an attribute of the returned object. To view all of the information
// for a virtual MFA device, see ListVirtualMFADevices.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListVirtualMFADevices for usage and error information.
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListVirtualMFADevices
func (c *IAM) ListVirtualMFADevices(input *ListVirtualMFADevicesInput) (*ListVirtualMFADevicesOutput, error) {
	req, out := c.ListVirtualMFADevicesRequest(input)
	return out, req.Send()
}

// ListVirtualMFADevicesWithContext is the same as ListVirtualMFADevices with the addition of
// the ability to pass a context and additional request options.
//
// See ListVirtualMFADevices for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListVirtualMFADevicesWithContext(ctx aws.Context, input *ListVirtualMFADevicesInput, opts ...request.Option) (*ListVirtualMFADevicesOutput, error) {
	req, out := c.ListVirtualMFADevicesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListVirtualMFADevicesPages iterates over the pages of a ListVirtualMFADevices operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListVirtualMFADevices method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListVirtualMFADevices operation.
//    pageNum := 0
//    err := client.ListVirtualMFADevicesPages(params,
//        func(page *iam.ListVirtualMFADevicesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListVirtualMFADevicesPages(input *ListVirtualMFADevicesInput, fn func(*ListVirtualMFADevicesOutput, bool) bool) error {
	return c.ListVirtualMFADevicesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListVirtualMFADevicesPagesWithContext same as ListVirtualMFADevicesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ListVirtualMFADevicesPagesWithContext(ctx aws.Context, input *ListVirtualMFADevicesInput, fn func(*ListVirtualMFADevicesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListVirtualMFADevicesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListVirtualMFADevicesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListVirtualMFADevicesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opPutGroupPolicy = "PutGroupPolicy"

// PutGroupPolicyRequest generates a "aws/request.Request" representing the
// client's request for the PutGroupPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See PutGroupPolicy for more information on using the PutGroupPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the PutGroupPolicyRequest method.
//    req, resp := client.PutGroupPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutGroupPolicy
func (c *IAM) PutGroupPolicyRequest(input *PutGroupPolicyInput) (req *request.Request, output *PutGroupPolicyOutput) {
	op := &request.Operation{
		Name:       opPutGroupPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &PutGroupPolicyInput{}
	}

	output = &PutGroupPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// PutGroupPolicy API operation for AWS Identity and Access Management.
//
// Adds or updates an inline policy document that is embedded in the specified
// IAM group.
//
// A user can also have managed policies attached to it. To attach a managed
// policy to a group, use AttachGroupPolicy. To create a new managed policy,
// use CreatePolicy. For information about policies, see Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// For information about the maximum number of inline policies that you can
// embed in a group, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET
// when calling PutGroupPolicy. For general information about using the Query
// API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation PutGroupPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutGroupPolicy
func (c *IAM) PutGroupPolicy(input *PutGroupPolicyInput) (*PutGroupPolicyOutput, error) {
	req, out := c.PutGroupPolicyRequest(input)
	return out, req.Send()
}

// PutGroupPolicyWithContext is the same as PutGroupPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See PutGroupPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) PutGroupPolicyWithContext(ctx aws.Context, input *PutGroupPolicyInput, opts ...request.Option) (*PutGroupPolicyOutput, error) {
	req, out := c.PutGroupPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opPutRolePermissionsBoundary = "PutRolePermissionsBoundary"

// PutRolePermissionsBoundaryRequest generates a "aws/request.Request" representing the
// client's request for the PutRolePermissionsBoundary operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See PutRolePermissionsBoundary for more information on using the PutRolePermissionsBoundary
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the PutRolePermissionsBoundaryRequest method.
//    req, resp := client.PutRolePermissionsBoundaryRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutRolePermissionsBoundary
func (c *IAM) PutRolePermissionsBoundaryRequest(input *PutRolePermissionsBoundaryInput) (req *request.Request, output *PutRolePermissionsBoundaryOutput) {
	op := &request.Operation{
		Name:       opPutRolePermissionsBoundary,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &PutRolePermissionsBoundaryInput{}
	}

	output = &PutRolePermissionsBoundaryOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// PutRolePermissionsBoundary API operation for AWS Identity and Access Management.
//
// Adds or updates the policy that is specified as the IAM role's permissions
// boundary. You can use an Amazon Web Services managed policy or a customer
// managed policy to set the boundary for a role. Use the boundary to control
// the maximum permissions that the role can have. Setting a permissions boundary
// is an advanced feature that can affect the permissions for the role.
//
// You cannot set the boundary for a service-linked role.
//
// Policies used as permissions boundaries do not provide permissions. You must
// also attach a permissions policy to the role. To learn how the effective
// permissions for a role are evaluated, see IAM JSON policy evaluation logic
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation PutRolePermissionsBoundary for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodePolicyNotAttachableException "PolicyNotAttachable"
//   The request failed because Amazon Web Services service role policies can
//   only be attached to the service-linked role for that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutRolePermissionsBoundary
func (c *IAM) PutRolePermissionsBoundary(input *PutRolePermissionsBoundaryInput) (*PutRolePermissionsBoundaryOutput, error) {
	req, out := c.PutRolePermissionsBoundaryRequest(input)
	return out, req.Send()
}

// PutRolePermissionsBoundaryWithContext is the same as PutRolePermissionsBoundary with the addition of
// the ability to pass a context and additional request options.
//
// See PutRolePermissionsBoundary for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) PutRolePermissionsBoundaryWithContext(ctx aws.Context, input *PutRolePermissionsBoundaryInput, opts ...request.Option) (*PutRolePermissionsBoundaryOutput, error) {
	req, out := c.PutRolePermissionsBoundaryRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opPutRolePolicy = "PutRolePolicy"

// PutRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the PutRolePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See PutRolePolicy for more information on using the PutRolePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the PutRolePolicyRequest method.
//    req, resp := client.PutRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutRolePolicy
func (c *IAM) PutRolePolicyRequest(input *PutRolePolicyInput) (req *request.Request, output *PutRolePolicyOutput) {
	op := &request.Operation{
		Name:       opPutRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &PutRolePolicyInput{}
	}

	output = &PutRolePolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// PutRolePolicy API operation for AWS Identity and Access Management.
//
// Adds or updates an inline policy document that is embedded in the specified
// IAM role.
//
// When you embed an inline policy in a role, the inline policy is used as part
// of the role's access (permissions) policy. The role's trust policy is created
// at the same time as the role, using CreateRole. You can update a role's trust
// policy using UpdateAssumeRolePolicy. For more information about IAM roles,
// see Using roles to delegate permissions and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
//
// A role can also have a managed policy attached to it. To attach a managed
// policy to a role, use AttachRolePolicy. To create a new managed policy, use
// CreatePolicy. For information about policies, see Managed policies and inline
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// For information about the maximum number of inline policies that you can
// embed with a role, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET
// when calling PutRolePolicy. For general information about using the Query
// API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation PutRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutRolePolicy
func (c *IAM) PutRolePolicy(input *PutRolePolicyInput) (*PutRolePolicyOutput, error) {
	req, out := c.PutRolePolicyRequest(input)
	return out, req.Send()
}

// PutRolePolicyWithContext is the same as PutRolePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See PutRolePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) PutRolePolicyWithContext(ctx aws.Context, input *PutRolePolicyInput, opts ...request.Option) (*PutRolePolicyOutput, error) {
	req, out := c.PutRolePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opPutUserPermissionsBoundary = "PutUserPermissionsBoundary"

// PutUserPermissionsBoundaryRequest generates a "aws/request.Request" representing the
// client's request for the PutUserPermissionsBoundary operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See PutUserPermissionsBoundary for more information on using the PutUserPermissionsBoundary
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the PutUserPermissionsBoundaryRequest method.
//    req, resp := client.PutUserPermissionsBoundaryRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutUserPermissionsBoundary
func (c *IAM) PutUserPermissionsBoundaryRequest(input *PutUserPermissionsBoundaryInput) (req *request.Request, output *PutUserPermissionsBoundaryOutput) {
	op := &request.Operation{
		Name:       opPutUserPermissionsBoundary,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &PutUserPermissionsBoundaryInput{}
	}

	output = &PutUserPermissionsBoundaryOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// PutUserPermissionsBoundary API operation for AWS Identity and Access Management.
//
// Adds or updates the policy that is specified as the IAM user's permissions
// boundary. You can use an Amazon Web Services managed policy or a customer
// managed policy to set the boundary for a user. Use the boundary to control
// the maximum permissions that the user can have. Setting a permissions boundary
// is an advanced feature that can affect the permissions for the user.
//
// Policies that are used as permissions boundaries do not provide permissions.
// You must also attach a permissions policy to the user. To learn how the effective
// permissions for a user are evaluated, see IAM JSON policy evaluation logic
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation PutUserPermissionsBoundary for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodePolicyNotAttachableException "PolicyNotAttachable"
//   The request failed because Amazon Web Services service role policies can
//   only be attached to the service-linked role for that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutUserPermissionsBoundary
func (c *IAM) PutUserPermissionsBoundary(input *PutUserPermissionsBoundaryInput) (*PutUserPermissionsBoundaryOutput, error) {
	req, out := c.PutUserPermissionsBoundaryRequest(input)
	return out, req.Send()
}

// PutUserPermissionsBoundaryWithContext is the same as PutUserPermissionsBoundary with the addition of
// the ability to pass a context and additional request options.
//
// See PutUserPermissionsBoundary for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) PutUserPermissionsBoundaryWithContext(ctx aws.Context, input *PutUserPermissionsBoundaryInput, opts ...request.Option) (*PutUserPermissionsBoundaryOutput, error) {
	req, out := c.PutUserPermissionsBoundaryRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opPutUserPolicy = "PutUserPolicy"

// PutUserPolicyRequest generates a "aws/request.Request" representing the
// client's request for the PutUserPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See PutUserPolicy for more information on using the PutUserPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the PutUserPolicyRequest method.
//    req, resp := client.PutUserPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutUserPolicy
func (c *IAM) PutUserPolicyRequest(input *PutUserPolicyInput) (req *request.Request, output *PutUserPolicyOutput) {
	op := &request.Operation{
		Name:       opPutUserPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &PutUserPolicyInput{}
	}

	output = &PutUserPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// PutUserPolicy API operation for AWS Identity and Access Management.
//
// Adds or updates an inline policy document that is embedded in the specified
// IAM user.
//
// An IAM user can also have a managed policy attached to it. To attach a managed
// policy to a user, use AttachUserPolicy. To create a new managed policy, use
// CreatePolicy. For information about policies, see Managed policies and inline
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// For information about the maximum number of inline policies that you can
// embed in a user, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET
// when calling PutUserPolicy. For general information about using the Query
// API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation PutUserPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutUserPolicy
func (c *IAM) PutUserPolicy(input *PutUserPolicyInput) (*PutUserPolicyOutput, error) {
	req, out := c.PutUserPolicyRequest(input)
	return out, req.Send()
}

// PutUserPolicyWithContext is the same as PutUserPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See PutUserPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) PutUserPolicyWithContext(ctx aws.Context, input *PutUserPolicyInput, opts ...request.Option) (*PutUserPolicyOutput, error) {
	req, out := c.PutUserPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opRemoveClientIDFromOpenIDConnectProvider = "RemoveClientIDFromOpenIDConnectProvider"

// RemoveClientIDFromOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the RemoveClientIDFromOpenIDConnectProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See RemoveClientIDFromOpenIDConnectProvider for more information on using the RemoveClientIDFromOpenIDConnectProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the RemoveClientIDFromOpenIDConnectProviderRequest method.
//    req, resp := client.RemoveClientIDFromOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveClientIDFromOpenIDConnectProvider
func (c *IAM) RemoveClientIDFromOpenIDConnectProviderRequest(input *RemoveClientIDFromOpenIDConnectProviderInput) (req *request.Request, output *RemoveClientIDFromOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opRemoveClientIDFromOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &RemoveClientIDFromOpenIDConnectProviderInput{}
	}

	output = &RemoveClientIDFromOpenIDConnectProviderOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// RemoveClientIDFromOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Removes the specified client ID (also known as audience) from the list of
// client IDs registered for the specified IAM OpenID Connect (OIDC) provider
// resource object.
//
// This operation is idempotent; it does not fail or return an error if you
// try to remove a client ID that does not exist.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation RemoveClientIDFromOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveClientIDFromOpenIDConnectProvider
func (c *IAM) RemoveClientIDFromOpenIDConnectProvider(input *RemoveClientIDFromOpenIDConnectProviderInput) (*RemoveClientIDFromOpenIDConnectProviderOutput, error) {
	req, out := c.RemoveClientIDFromOpenIDConnectProviderRequest(input)
	return out, req.Send()
}

// RemoveClientIDFromOpenIDConnectProviderWithContext is the same as RemoveClientIDFromOpenIDConnectProvider with the addition of
// the ability to pass a context and additional request options.
//
// See RemoveClientIDFromOpenIDConnectProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) RemoveClientIDFromOpenIDConnectProviderWithContext(ctx aws.Context, input *RemoveClientIDFromOpenIDConnectProviderInput, opts ...request.Option) (*RemoveClientIDFromOpenIDConnectProviderOutput, error) {
	req, out := c.RemoveClientIDFromOpenIDConnectProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opRemoveRoleFromInstanceProfile = "RemoveRoleFromInstanceProfile"

// RemoveRoleFromInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the RemoveRoleFromInstanceProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See RemoveRoleFromInstanceProfile for more information on using the RemoveRoleFromInstanceProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the RemoveRoleFromInstanceProfileRequest method.
//    req, resp := client.RemoveRoleFromInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveRoleFromInstanceProfile
func (c *IAM) RemoveRoleFromInstanceProfileRequest(input *RemoveRoleFromInstanceProfileInput) (req *request.Request, output *RemoveRoleFromInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opRemoveRoleFromInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &RemoveRoleFromInstanceProfileInput{}
	}

	output = &RemoveRoleFromInstanceProfileOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// RemoveRoleFromInstanceProfile API operation for AWS Identity and Access Management.
//
// Removes the specified IAM role from the specified EC2 instance profile.
//
// Make sure that you do not have any Amazon EC2 instances running with the
// role you are about to remove from the instance profile. Removing a role from
// an instance profile that is associated with a running instance might break
// any applications running on the instance.
//
// For more information about IAM roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
// For more information about instance profiles, see About instance profiles
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation RemoveRoleFromInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveRoleFromInstanceProfile
func (c *IAM) RemoveRoleFromInstanceProfile(input *RemoveRoleFromInstanceProfileInput) (*RemoveRoleFromInstanceProfileOutput, error) {
	req, out := c.RemoveRoleFromInstanceProfileRequest(input)
	return out, req.Send()
}

// RemoveRoleFromInstanceProfileWithContext is the same as RemoveRoleFromInstanceProfile with the addition of
// the ability to pass a context and additional request options.
//
// See RemoveRoleFromInstanceProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) RemoveRoleFromInstanceProfileWithContext(ctx aws.Context, input *RemoveRoleFromInstanceProfileInput, opts ...request.Option) (*RemoveRoleFromInstanceProfileOutput, error) {
	req, out := c.RemoveRoleFromInstanceProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opRemoveUserFromGroup = "RemoveUserFromGroup"

// RemoveUserFromGroupRequest generates a "aws/request.Request" representing the
// client's request for the RemoveUserFromGroup operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See RemoveUserFromGroup for more information on using the RemoveUserFromGroup
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the RemoveUserFromGroupRequest method.
//    req, resp := client.RemoveUserFromGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveUserFromGroup
func (c *IAM) RemoveUserFromGroupRequest(input *RemoveUserFromGroupInput) (req *request.Request, output *RemoveUserFromGroupOutput) {
	op := &request.Operation{
		Name:       opRemoveUserFromGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &RemoveUserFromGroupInput{}
	}

	output = &RemoveUserFromGroupOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// RemoveUserFromGroup API operation for AWS Identity and Access Management.
//
// Removes the specified user from the specified group.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation RemoveUserFromGroup for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveUserFromGroup
func (c *IAM) RemoveUserFromGroup(input *RemoveUserFromGroupInput) (*RemoveUserFromGroupOutput, error) {
	req, out := c.RemoveUserFromGroupRequest(input)
	return out, req.Send()
}

// RemoveUserFromGroupWithContext is the same as RemoveUserFromGroup with the addition of
// the ability to pass a context and additional request options.
//
// See RemoveUserFromGroup for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) RemoveUserFromGroupWithContext(ctx aws.Context, input *RemoveUserFromGroupInput, opts ...request.Option) (*RemoveUserFromGroupOutput, error) {
	req, out := c.RemoveUserFromGroupRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opResetServiceSpecificCredential = "ResetServiceSpecificCredential"

// ResetServiceSpecificCredentialRequest generates a "aws/request.Request" representing the
// client's request for the ResetServiceSpecificCredential operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ResetServiceSpecificCredential for more information on using the ResetServiceSpecificCredential
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ResetServiceSpecificCredentialRequest method.
//    req, resp := client.ResetServiceSpecificCredentialRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResetServiceSpecificCredential
func (c *IAM) ResetServiceSpecificCredentialRequest(input *ResetServiceSpecificCredentialInput) (req *request.Request, output *ResetServiceSpecificCredentialOutput) {
	op := &request.Operation{
		Name:       opResetServiceSpecificCredential,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ResetServiceSpecificCredentialInput{}
	}

	output = &ResetServiceSpecificCredentialOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ResetServiceSpecificCredential API operation for AWS Identity and Access Management.
//
// Resets the password for a service-specific credential. The new password is
// Amazon Web Services generated and cryptographically strong. It cannot be
// configured by the user. Resetting the password immediately invalidates the
// previous password associated with this user.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ResetServiceSpecificCredential for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResetServiceSpecificCredential
func (c *IAM) ResetServiceSpecificCredential(input *ResetServiceSpecificCredentialInput) (*ResetServiceSpecificCredentialOutput, error) {
	req, out := c.ResetServiceSpecificCredentialRequest(input)
	return out, req.Send()
}

// ResetServiceSpecificCredentialWithContext is the same as ResetServiceSpecificCredential with the addition of
// the ability to pass a context and additional request options.
//
// See ResetServiceSpecificCredential for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ResetServiceSpecificCredentialWithContext(ctx aws.Context, input *ResetServiceSpecificCredentialInput, opts ...request.Option) (*ResetServiceSpecificCredentialOutput, error) {
	req, out := c.ResetServiceSpecificCredentialRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opResyncMFADevice = "ResyncMFADevice"

// ResyncMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the ResyncMFADevice operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ResyncMFADevice for more information on using the ResyncMFADevice
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the ResyncMFADeviceRequest method.
//    req, resp := client.ResyncMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResyncMFADevice
func (c *IAM) ResyncMFADeviceRequest(input *ResyncMFADeviceInput) (req *request.Request, output *ResyncMFADeviceOutput) {
	op := &request.Operation{
		Name:       opResyncMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ResyncMFADeviceInput{}
	}

	output = &ResyncMFADeviceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// ResyncMFADevice API operation for AWS Identity and Access Management.
//
// Synchronizes the specified MFA device with its IAM resource object on the
// Amazon Web Services servers.
//
// For more information about creating and working with virtual MFA devices,
// see Using a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ResyncMFADevice for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidAuthenticationCodeException "InvalidAuthenticationCode"
//   The request was rejected because the authentication code was not recognized.
//   The error message describes the specific error.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResyncMFADevice
func (c *IAM) ResyncMFADevice(input *ResyncMFADeviceInput) (*ResyncMFADeviceOutput, error) {
	req, out := c.ResyncMFADeviceRequest(input)
	return out, req.Send()
}

// ResyncMFADeviceWithContext is the same as ResyncMFADevice with the addition of
// the ability to pass a context and additional request options.
//
// See ResyncMFADevice for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) ResyncMFADeviceWithContext(ctx aws.Context, input *ResyncMFADeviceInput, opts ...request.Option) (*ResyncMFADeviceOutput, error) {
	req, out := c.ResyncMFADeviceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opSetDefaultPolicyVersion = "SetDefaultPolicyVersion"

// SetDefaultPolicyVersionRequest generates a "aws/request.Request" representing the
// client's request for the SetDefaultPolicyVersion operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See SetDefaultPolicyVersion for more information on using the SetDefaultPolicyVersion
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the SetDefaultPolicyVersionRequest method.
//    req, resp := client.SetDefaultPolicyVersionRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetDefaultPolicyVersion
func (c *IAM) SetDefaultPolicyVersionRequest(input *SetDefaultPolicyVersionInput) (req *request.Request, output *SetDefaultPolicyVersionOutput) {
	op := &request.Operation{
		Name:       opSetDefaultPolicyVersion,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &SetDefaultPolicyVersionInput{}
	}

	output = &SetDefaultPolicyVersionOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// SetDefaultPolicyVersion API operation for AWS Identity and Access Management.
//
// Sets the specified version of the specified policy as the policy's default
// (operative) version.
//
// This operation affects all users, groups, and roles that the policy is attached
// to. To list the users, groups, and roles that the policy is attached to,
// use ListEntitiesForPolicy.
//
// For information about managed policies, see Managed policies and inline policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation SetDefaultPolicyVersion for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetDefaultPolicyVersion
func (c *IAM) SetDefaultPolicyVersion(input *SetDefaultPolicyVersionInput) (*SetDefaultPolicyVersionOutput, error) {
	req, out := c.SetDefaultPolicyVersionRequest(input)
	return out, req.Send()
}

// SetDefaultPolicyVersionWithContext is the same as SetDefaultPolicyVersion with the addition of
// the ability to pass a context and additional request options.
//
// See SetDefaultPolicyVersion for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) SetDefaultPolicyVersionWithContext(ctx aws.Context, input *SetDefaultPolicyVersionInput, opts ...request.Option) (*SetDefaultPolicyVersionOutput, error) {
	req, out := c.SetDefaultPolicyVersionRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opSetSecurityTokenServicePreferences = "SetSecurityTokenServicePreferences"

// SetSecurityTokenServicePreferencesRequest generates a "aws/request.Request" representing the
// client's request for the SetSecurityTokenServicePreferences operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See SetSecurityTokenServicePreferences for more information on using the SetSecurityTokenServicePreferences
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the SetSecurityTokenServicePreferencesRequest method.
//    req, resp := client.SetSecurityTokenServicePreferencesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetSecurityTokenServicePreferences
func (c *IAM) SetSecurityTokenServicePreferencesRequest(input *SetSecurityTokenServicePreferencesInput) (req *request.Request, output *SetSecurityTokenServicePreferencesOutput) {
	op := &request.Operation{
		Name:       opSetSecurityTokenServicePreferences,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &SetSecurityTokenServicePreferencesInput{}
	}

	output = &SetSecurityTokenServicePreferencesOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// SetSecurityTokenServicePreferences API operation for AWS Identity and Access Management.
//
// Sets the specified version of the global endpoint token as the token version
// used for the Amazon Web Services account.
//
// By default, Security Token Service (STS) is available as a global service,
// and all STS requests go to a single endpoint at https://sts.amazonaws.com.
// Amazon Web Services recommends using Regional STS endpoints to reduce latency,
// build in redundancy, and increase session token availability. For information
// about Regional endpoints for STS, see Security Token Service endpoints and
// quotas (https://docs.aws.amazon.com/general/latest/gr/sts.html) in the Amazon
// Web Services General Reference.
//
// If you make an STS call to the global endpoint, the resulting session tokens
// might be valid in some Regions but not others. It depends on the version
// that is set in this operation. Version 1 tokens are valid only in Amazon
// Web Services Regions that are available by default. These tokens do not work
// in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2
// tokens are valid in all Regions. However, version 2 tokens are longer and
// might affect systems where you temporarily store tokens. For information,
// see Activating and deactivating STS in an Amazon Web Services Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// in the IAM User Guide.
//
// To view the current session token version, see the GlobalEndpointTokenVersion
// entry in the response of the GetAccountSummary operation.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation SetSecurityTokenServicePreferences for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetSecurityTokenServicePreferences
func (c *IAM) SetSecurityTokenServicePreferences(input *SetSecurityTokenServicePreferencesInput) (*SetSecurityTokenServicePreferencesOutput, error) {
	req, out := c.SetSecurityTokenServicePreferencesRequest(input)
	return out, req.Send()
}

// SetSecurityTokenServicePreferencesWithContext is the same as SetSecurityTokenServicePreferences with the addition of
// the ability to pass a context and additional request options.
//
// See SetSecurityTokenServicePreferences for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) SetSecurityTokenServicePreferencesWithContext(ctx aws.Context, input *SetSecurityTokenServicePreferencesInput, opts ...request.Option) (*SetSecurityTokenServicePreferencesOutput, error) {
	req, out := c.SetSecurityTokenServicePreferencesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opSimulateCustomPolicy = "SimulateCustomPolicy"

// SimulateCustomPolicyRequest generates a "aws/request.Request" representing the
// client's request for the SimulateCustomPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See SimulateCustomPolicy for more information on using the SimulateCustomPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the SimulateCustomPolicyRequest method.
//    req, resp := client.SimulateCustomPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SimulateCustomPolicy
func (c *IAM) SimulateCustomPolicyRequest(input *SimulateCustomPolicyInput) (req *request.Request, output *SimulatePolicyResponse) {
	op := &request.Operation{
		Name:       opSimulateCustomPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &SimulateCustomPolicyInput{}
	}

	output = &SimulatePolicyResponse{}
	req = c.newRequest(op, input, output)
	return
}

// SimulateCustomPolicy API operation for AWS Identity and Access Management.
//
// Simulate how a set of IAM policies and optionally a resource-based policy
// works with a list of API operations and Amazon Web Services resources to
// determine the policies' effective permissions. The policies are provided
// as strings.
//
// The simulation does not perform the API operations; it only checks the authorization
// to determine if the simulated policies allow or deny the operations. You
// can simulate resources that don't exist in your account.
//
// If you want to simulate existing policies that are attached to an IAM user,
// group, or role, use SimulatePrincipalPolicy instead.
//
// Context keys are variables that are maintained by Amazon Web Services and
// its services and which provide details about the context of an API query
// request. You can use the Condition element of an IAM policy to evaluate context
// keys. To get the list of context keys that the policies require for correct
// simulation, use GetContextKeysForCustomPolicy.
//
// If the output is long, you can use MaxItems and Marker parameters to paginate
// the results.
//
// For more information about using the policy simulator, see Testing IAM policies
// with the IAM policy simulator (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html)in
// the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation SimulateCustomPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodePolicyEvaluationException "PolicyEvaluation"
//   The request failed because a provided policy could not be successfully evaluated.
//   An additional detailed message indicates the source of the failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SimulateCustomPolicy
func (c *IAM) SimulateCustomPolicy(input *SimulateCustomPolicyInput) (*SimulatePolicyResponse, error) {
	req, out := c.SimulateCustomPolicyRequest(input)
	return out, req.Send()
}

// SimulateCustomPolicyWithContext is the same as SimulateCustomPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See SimulateCustomPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) SimulateCustomPolicyWithContext(ctx aws.Context, input *SimulateCustomPolicyInput, opts ...request.Option) (*SimulatePolicyResponse, error) {
	req, out := c.SimulateCustomPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// SimulateCustomPolicyPages iterates over the pages of a SimulateCustomPolicy operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See SimulateCustomPolicy method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a SimulateCustomPolicy operation.
//    pageNum := 0
//    err := client.SimulateCustomPolicyPages(params,
//        func(page *iam.SimulatePolicyResponse, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) SimulateCustomPolicyPages(input *SimulateCustomPolicyInput, fn func(*SimulatePolicyResponse, bool) bool) error {
	return c.SimulateCustomPolicyPagesWithContext(aws.BackgroundContext(), input, fn)
}

// SimulateCustomPolicyPagesWithContext same as SimulateCustomPolicyPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) SimulateCustomPolicyPagesWithContext(ctx aws.Context, input *SimulateCustomPolicyInput, fn func(*SimulatePolicyResponse, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *SimulateCustomPolicyInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.SimulateCustomPolicyRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*SimulatePolicyResponse), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opSimulatePrincipalPolicy = "SimulatePrincipalPolicy"

// SimulatePrincipalPolicyRequest generates a "aws/request.Request" representing the
// client's request for the SimulatePrincipalPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See SimulatePrincipalPolicy for more information on using the SimulatePrincipalPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the SimulatePrincipalPolicyRequest method.
//    req, resp := client.SimulatePrincipalPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SimulatePrincipalPolicy
func (c *IAM) SimulatePrincipalPolicyRequest(input *SimulatePrincipalPolicyInput) (req *request.Request, output *SimulatePolicyResponse) {
	op := &request.Operation{
		Name:       opSimulatePrincipalPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &SimulatePrincipalPolicyInput{}
	}

	output = &SimulatePolicyResponse{}
	req = c.newRequest(op, input, output)
	return
}

// SimulatePrincipalPolicy API operation for AWS Identity and Access Management.
//
// Simulate how a set of IAM policies attached to an IAM entity works with a
// list of API operations and Amazon Web Services resources to determine the
// policies' effective permissions. The entity can be an IAM user, group, or
// role. If you specify a user, then the simulation also includes all of the
// policies that are attached to groups that the user belongs to. You can simulate
// resources that don't exist in your account.
//
// You can optionally include a list of one or more additional policies specified
// as strings to include in the simulation. If you want to simulate only policies
// specified as strings, use SimulateCustomPolicy instead.
//
// You can also optionally include one resource-based policy to be evaluated
// with each of the resources included in the simulation.
//
// The simulation does not perform the API operations; it only checks the authorization
// to determine if the simulated policies allow or deny the operations.
//
// Note: This operation discloses information about the permissions granted
// to other users. If you do not want users to see other user's permissions,
// then consider allowing them to use SimulateCustomPolicy instead.
//
// Context keys are variables maintained by Amazon Web Services and its services
// that provide details about the context of an API query request. You can use
// the Condition element of an IAM policy to evaluate context keys. To get the
// list of context keys that the policies require for correct simulation, use
// GetContextKeysForPrincipalPolicy.
//
// If the output is long, you can use the MaxItems and Marker parameters to
// paginate the results.
//
// For more information about using the policy simulator, see Testing IAM policies
// with the IAM policy simulator (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html)in
// the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation SimulatePrincipalPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodePolicyEvaluationException "PolicyEvaluation"
//   The request failed because a provided policy could not be successfully evaluated.
//   An additional detailed message indicates the source of the failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SimulatePrincipalPolicy
func (c *IAM) SimulatePrincipalPolicy(input *SimulatePrincipalPolicyInput) (*SimulatePolicyResponse, error) {
	req, out := c.SimulatePrincipalPolicyRequest(input)
	return out, req.Send()
}

// SimulatePrincipalPolicyWithContext is the same as SimulatePrincipalPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See SimulatePrincipalPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) SimulatePrincipalPolicyWithContext(ctx aws.Context, input *SimulatePrincipalPolicyInput, opts ...request.Option) (*SimulatePolicyResponse, error) {
	req, out := c.SimulatePrincipalPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// SimulatePrincipalPolicyPages iterates over the pages of a SimulatePrincipalPolicy operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See SimulatePrincipalPolicy method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a SimulatePrincipalPolicy operation.
//    pageNum := 0
//    err := client.SimulatePrincipalPolicyPages(params,
//        func(page *iam.SimulatePolicyResponse, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) SimulatePrincipalPolicyPages(input *SimulatePrincipalPolicyInput, fn func(*SimulatePolicyResponse, bool) bool) error {
	return c.SimulatePrincipalPolicyPagesWithContext(aws.BackgroundContext(), input, fn)
}

// SimulatePrincipalPolicyPagesWithContext same as SimulatePrincipalPolicyPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) SimulatePrincipalPolicyPagesWithContext(ctx aws.Context, input *SimulatePrincipalPolicyInput, fn func(*SimulatePolicyResponse, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *SimulatePrincipalPolicyInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.SimulatePrincipalPolicyRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*SimulatePolicyResponse), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opTagInstanceProfile = "TagInstanceProfile"

// TagInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the TagInstanceProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagInstanceProfile for more information on using the TagInstanceProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the TagInstanceProfileRequest method.
//    req, resp := client.TagInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagInstanceProfile
func (c *IAM) TagInstanceProfileRequest(input *TagInstanceProfileInput) (req *request.Request, output *TagInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opTagInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagInstanceProfileInput{}
	}

	output = &TagInstanceProfileOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// TagInstanceProfile API operation for AWS Identity and Access Management.
//
// Adds one or more tags to an IAM instance profile. If a tag with the same
// key name already exists, then that tag is overwritten with the new value.
//
// Each tag consists of a key name and an associated value. By assigning tags
// to your resources, you can do the following:
//
//    * Administrative grouping and discovery - Attach tags to resources to
//    aid in organization and search. For example, you could search for all
//    resources with the key name Project and the value MyImportantProject.
//    Or search for all resources with the key name Cost Center and the value
//    41200.
//
//    * Access control - Include tags in IAM user-based and resource-based policies.
//    You can use tags to restrict access to only an IAM instance profile that
//    has a specified tag attached. For examples of policies that show how to
//    use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
//    in the IAM User Guide.
//
//    * If any one of the tags is invalid or if you exceed the allowed maximum
//    number of tags, then the entire request fails and the resource is not
//    created. For more information about tagging, see Tagging IAM resources
//    (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
//    IAM User Guide.
//
//    * Amazon Web Services always interprets the tag Value as a single string.
//    If you need to store an array, you can store comma-separated values in
//    the string. However, you must interpret the value in your code.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation TagInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagInstanceProfile
func (c *IAM) TagInstanceProfile(input *TagInstanceProfileInput) (*TagInstanceProfileOutput, error) {
	req, out := c.TagInstanceProfileRequest(input)
	return out, req.Send()
}

// TagInstanceProfileWithContext is the same as TagInstanceProfile with the addition of
// the ability to pass a context and additional request options.
//
// See TagInstanceProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) TagInstanceProfileWithContext(ctx aws.Context, input *TagInstanceProfileInput, opts ...request.Option) (*TagInstanceProfileOutput, error) {
	req, out := c.TagInstanceProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opTagMFADevice = "TagMFADevice"

// TagMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the TagMFADevice operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagMFADevice for more information on using the TagMFADevice
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the TagMFADeviceRequest method.
//    req, resp := client.TagMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagMFADevice
func (c *IAM) TagMFADeviceRequest(input *TagMFADeviceInput) (req *request.Request, output *TagMFADeviceOutput) {
	op := &request.Operation{
		Name:       opTagMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagMFADeviceInput{}
	}

	output = &TagMFADeviceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// TagMFADevice API operation for AWS Identity and Access Management.
//
// Adds one or more tags to an IAM virtual multi-factor authentication (MFA)
// device. If a tag with the same key name already exists, then that tag is
// overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to
// your resources, you can do the following:
//
//    * Administrative grouping and discovery - Attach tags to resources to
//    aid in organization and search. For example, you could search for all
//    resources with the key name Project and the value MyImportantProject.
//    Or search for all resources with the key name Cost Center and the value
//    41200.
//
//    * Access control - Include tags in IAM user-based and resource-based policies.
//    You can use tags to restrict access to only an IAM virtual MFA device
//    that has a specified tag attached. For examples of policies that show
//    how to use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
//    in the IAM User Guide.
//
//    * If any one of the tags is invalid or if you exceed the allowed maximum
//    number of tags, then the entire request fails and the resource is not
//    created. For more information about tagging, see Tagging IAM resources
//    (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
//    IAM User Guide.
//
//    * Amazon Web Services always interprets the tag Value as a single string.
//    If you need to store an array, you can store comma-separated values in
//    the string. However, you must interpret the value in your code.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation TagMFADevice for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagMFADevice
func (c *IAM) TagMFADevice(input *TagMFADeviceInput) (*TagMFADeviceOutput, error) {
	req, out := c.TagMFADeviceRequest(input)
	return out, req.Send()
}

// TagMFADeviceWithContext is the same as TagMFADevice with the addition of
// the ability to pass a context and additional request options.
//
// See TagMFADevice for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) TagMFADeviceWithContext(ctx aws.Context, input *TagMFADeviceInput, opts ...request.Option) (*TagMFADeviceOutput, error) {
	req, out := c.TagMFADeviceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opTagOpenIDConnectProvider = "TagOpenIDConnectProvider"

// TagOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the TagOpenIDConnectProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagOpenIDConnectProvider for more information on using the TagOpenIDConnectProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the TagOpenIDConnectProviderRequest method.
//    req, resp := client.TagOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagOpenIDConnectProvider
func (c *IAM) TagOpenIDConnectProviderRequest(input *TagOpenIDConnectProviderInput) (req *request.Request, output *TagOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opTagOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagOpenIDConnectProviderInput{}
	}

	output = &TagOpenIDConnectProviderOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// TagOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider.
// For more information about these providers, see About web identity federation
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html).
// If a tag with the same key name already exists, then that tag is overwritten
// with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to
// your resources, you can do the following:
//
//    * Administrative grouping and discovery - Attach tags to resources to
//    aid in organization and search. For example, you could search for all
//    resources with the key name Project and the value MyImportantProject.
//    Or search for all resources with the key name Cost Center and the value
//    41200.
//
//    * Access control - Include tags in IAM user-based and resource-based policies.
//    You can use tags to restrict access to only an OIDC provider that has
//    a specified tag attached. For examples of policies that show how to use
//    tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
//    in the IAM User Guide.
//
//    * If any one of the tags is invalid or if you exceed the allowed maximum
//    number of tags, then the entire request fails and the resource is not
//    created. For more information about tagging, see Tagging IAM resources
//    (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
//    IAM User Guide.
//
//    * Amazon Web Services always interprets the tag Value as a single string.
//    If you need to store an array, you can store comma-separated values in
//    the string. However, you must interpret the value in your code.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation TagOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagOpenIDConnectProvider
func (c *IAM) TagOpenIDConnectProvider(input *TagOpenIDConnectProviderInput) (*TagOpenIDConnectProviderOutput, error) {
	req, out := c.TagOpenIDConnectProviderRequest(input)
	return out, req.Send()
}

// TagOpenIDConnectProviderWithContext is the same as TagOpenIDConnectProvider with the addition of
// the ability to pass a context and additional request options.
//
// See TagOpenIDConnectProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) TagOpenIDConnectProviderWithContext(ctx aws.Context, input *TagOpenIDConnectProviderInput, opts ...request.Option) (*TagOpenIDConnectProviderOutput, error) {
	req, out := c.TagOpenIDConnectProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opTagPolicy = "TagPolicy"

// TagPolicyRequest generates a "aws/request.Request" representing the
// client's request for the TagPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagPolicy for more information on using the TagPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the TagPolicyRequest method.
//    req, resp := client.TagPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagPolicy
func (c *IAM) TagPolicyRequest(input *TagPolicyInput) (req *request.Request, output *TagPolicyOutput) {
	op := &request.Operation{
		Name:       opTagPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagPolicyInput{}
	}

	output = &TagPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// TagPolicy API operation for AWS Identity and Access Management.
//
// Adds one or more tags to an IAM customer managed policy. If a tag with the
// same key name already exists, then that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to
// your resources, you can do the following:
//
//    * Administrative grouping and discovery - Attach tags to resources to
//    aid in organization and search. For example, you could search for all
//    resources with the key name Project and the value MyImportantProject.
//    Or search for all resources with the key name Cost Center and the value
//    41200.
//
//    * Access control - Include tags in IAM user-based and resource-based policies.
//    You can use tags to restrict access to only an IAM customer managed policy
//    that has a specified tag attached. For examples of policies that show
//    how to use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
//    in the IAM User Guide.
//
//    * If any one of the tags is invalid or if you exceed the allowed maximum
//    number of tags, then the entire request fails and the resource is not
//    created. For more information about tagging, see Tagging IAM resources
//    (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
//    IAM User Guide.
//
//    * Amazon Web Services always interprets the tag Value as a single string.
//    If you need to store an array, you can store comma-separated values in
//    the string. However, you must interpret the value in your code.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation TagPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagPolicy
func (c *IAM) TagPolicy(input *TagPolicyInput) (*TagPolicyOutput, error) {
	req, out := c.TagPolicyRequest(input)
	return out, req.Send()
}

// TagPolicyWithContext is the same as TagPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See TagPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) TagPolicyWithContext(ctx aws.Context, input *TagPolicyInput, opts ...request.Option) (*TagPolicyOutput, error) {
	req, out := c.TagPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opTagRole = "TagRole"

// TagRoleRequest generates a "aws/request.Request" representing the
// client's request for the TagRole operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagRole for more information on using the TagRole
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the TagRoleRequest method.
//    req, resp := client.TagRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole
func (c *IAM) TagRoleRequest(input *TagRoleInput) (req *request.Request, output *TagRoleOutput) {
	op := &request.Operation{
		Name:       opTagRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagRoleInput{}
	}

	output = &TagRoleOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// TagRole API operation for AWS Identity and Access Management.
//
// Adds one or more tags to an IAM role. The role can be a regular role or a
// service-linked role. If a tag with the same key name already exists, then
// that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to
// your resources, you can do the following:
//
//    * Administrative grouping and discovery - Attach tags to resources to
//    aid in organization and search. For example, you could search for all
//    resources with the key name Project and the value MyImportantProject.
//    Or search for all resources with the key name Cost Center and the value
//    41200.
//
//    * Access control - Include tags in IAM user-based and resource-based policies.
//    You can use tags to restrict access to only an IAM role that has a specified
//    tag attached. You can also restrict access to only those resources that
//    have a certain tag attached. For examples of policies that show how to
//    use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
//    in the IAM User Guide.
//
//    * Cost allocation - Use tags to help track which individuals and teams
//    are using which Amazon Web Services resources.
//
//    * If any one of the tags is invalid or if you exceed the allowed maximum
//    number of tags, then the entire request fails and the resource is not
//    created. For more information about tagging, see Tagging IAM resources
//    (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
//    IAM User Guide.
//
//    * Amazon Web Services always interprets the tag Value as a single string.
//    If you need to store an array, you can store comma-separated values in
//    the string. However, you must interpret the value in your code.
//
// For more information about tagging, see Tagging IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation TagRole for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole
func (c *IAM) TagRole(input *TagRoleInput) (*TagRoleOutput, error) {
	req, out := c.TagRoleRequest(input)
	return out, req.Send()
}

// TagRoleWithContext is the same as TagRole with the addition of
// the ability to pass a context and additional request options.
//
// See TagRole for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) TagRoleWithContext(ctx aws.Context, input *TagRoleInput, opts ...request.Option) (*TagRoleOutput, error) {
	req, out := c.TagRoleRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opTagSAMLProvider = "TagSAMLProvider"

// TagSAMLProviderRequest generates a "aws/request.Request" representing the
// client's request for the TagSAMLProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagSAMLProvider for more information on using the TagSAMLProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the TagSAMLProviderRequest method.
//    req, resp := client.TagSAMLProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagSAMLProvider
func (c *IAM) TagSAMLProviderRequest(input *TagSAMLProviderInput) (req *request.Request, output *TagSAMLProviderOutput) {
	op := &request.Operation{
		Name:       opTagSAMLProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagSAMLProviderInput{}
	}

	output = &TagSAMLProviderOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// TagSAMLProvider API operation for AWS Identity and Access Management.
//
// Adds one or more tags to a Security Assertion Markup Language (SAML) identity
// provider. For more information about these providers, see About SAML 2.0-based
// federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html).
// If a tag with the same key name already exists, then that tag is overwritten
// with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to
// your resources, you can do the following:
//
//    * Administrative grouping and discovery - Attach tags to resources to
//    aid in organization and search. For example, you could search for all
//    resources with the key name Project and the value MyImportantProject.
//    Or search for all resources with the key name Cost Center and the value
//    41200.
//
//    * Access control - Include tags in IAM user-based and resource-based policies.
//    You can use tags to restrict access to only a SAML identity provider that
//    has a specified tag attached. For examples of policies that show how to
//    use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
//    in the IAM User Guide.
//
//    * If any one of the tags is invalid or if you exceed the allowed maximum
//    number of tags, then the entire request fails and the resource is not
//    created. For more information about tagging, see Tagging IAM resources
//    (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
//    IAM User Guide.
//
//    * Amazon Web Services always interprets the tag Value as a single string.
//    If you need to store an array, you can store comma-separated values in
//    the string. However, you must interpret the value in your code.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation TagSAMLProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagSAMLProvider
func (c *IAM) TagSAMLProvider(input *TagSAMLProviderInput) (*TagSAMLProviderOutput, error) {
	req, out := c.TagSAMLProviderRequest(input)
	return out, req.Send()
}

// TagSAMLProviderWithContext is the same as TagSAMLProvider with the addition of
// the ability to pass a context and additional request options.
//
// See TagSAMLProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) TagSAMLProviderWithContext(ctx aws.Context, input *TagSAMLProviderInput, opts ...request.Option) (*TagSAMLProviderOutput, error) {
	req, out := c.TagSAMLProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opTagServerCertificate = "TagServerCertificate"

// TagServerCertificateRequest generates a "aws/request.Request" representing the
// client's request for the TagServerCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagServerCertificate for more information on using the TagServerCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the TagServerCertificateRequest method.
//    req, resp := client.TagServerCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagServerCertificate
func (c *IAM) TagServerCertificateRequest(input *TagServerCertificateInput) (req *request.Request, output *TagServerCertificateOutput) {
	op := &request.Operation{
		Name:       opTagServerCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagServerCertificateInput{}
	}

	output = &TagServerCertificateOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// TagServerCertificate API operation for AWS Identity and Access Management.
//
// Adds one or more tags to an IAM server certificate. If a tag with the same
// key name already exists, then that tag is overwritten with the new value.
//
// For certificates in a Region supported by Certificate Manager (ACM), we recommend
// that you don't use IAM server certificates. Instead, use ACM to provision,
// manage, and deploy your server certificates. For more information about IAM
// server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
//
// A tag consists of a key name and an associated value. By assigning tags to
// your resources, you can do the following:
//
//    * Administrative grouping and discovery - Attach tags to resources to
//    aid in organization and search. For example, you could search for all
//    resources with the key name Project and the value MyImportantProject.
//    Or search for all resources with the key name Cost Center and the value
//    41200.
//
//    * Access control - Include tags in IAM user-based and resource-based policies.
//    You can use tags to restrict access to only a server certificate that
//    has a specified tag attached. For examples of policies that show how to
//    use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html)
//    in the IAM User Guide.
//
//    * Cost allocation - Use tags to help track which individuals and teams
//    are using which Amazon Web Services resources.
//
//    * If any one of the tags is invalid or if you exceed the allowed maximum
//    number of tags, then the entire request fails and the resource is not
//    created. For more information about tagging, see Tagging IAM resources
//    (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
//    IAM User Guide.
//
//    * Amazon Web Services always interprets the tag Value as a single string.
//    If you need to store an array, you can store comma-separated values in
//    the string. However, you must interpret the value in your code.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation TagServerCertificate for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagServerCertificate
func (c *IAM) TagServerCertificate(input *TagServerCertificateInput) (*TagServerCertificateOutput, error) {
	req, out := c.TagServerCertificateRequest(input)
	return out, req.Send()
}

// TagServerCertificateWithContext is the same as TagServerCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See TagServerCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) TagServerCertificateWithContext(ctx aws.Context, input *TagServerCertificateInput, opts ...request.Option) (*TagServerCertificateOutput, error) {
	req, out := c.TagServerCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opTagUser = "TagUser"

// TagUserRequest generates a "aws/request.Request" representing the
// client's request for the TagUser operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagUser for more information on using the TagUser
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the TagUserRequest method.
//    req, resp := client.TagUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagUser
func (c *IAM) TagUserRequest(input *TagUserInput) (req *request.Request, output *TagUserOutput) {
	op := &request.Operation{
		Name:       opTagUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagUserInput{}
	}

	output = &TagUserOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// TagUser API operation for AWS Identity and Access Management.
//
// Adds one or more tags to an IAM user. If a tag with the same key name already
// exists, then that tag is overwritten with the new value.
//
// A tag consists of a key name and an associated value. By assigning tags to
// your resources, you can do the following:
//
//    * Administrative grouping and discovery - Attach tags to resources to
//    aid in organization and search. For example, you could search for all
//    resources with the key name Project and the value MyImportantProject.
//    Or search for all resources with the key name Cost Center and the value
//    41200.
//
//    * Access control - Include tags in IAM user-based and resource-based policies.
//    You can use tags to restrict access to only an IAM requesting user that
//    has a specified tag attached. You can also restrict access to only those
//    resources that have a certain tag attached. For examples of policies that
//    show how to use tags to control access, see Control access using IAM tags
//    (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in
//    the IAM User Guide.
//
//    * Cost allocation - Use tags to help track which individuals and teams
//    are using which Amazon Web Services resources.
//
//    * If any one of the tags is invalid or if you exceed the allowed maximum
//    number of tags, then the entire request fails and the resource is not
//    created. For more information about tagging, see Tagging IAM resources
//    (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the
//    IAM User Guide.
//
//    * Amazon Web Services always interprets the tag Value as a single string.
//    If you need to store an array, you can store comma-separated values in
//    the string. However, you must interpret the value in your code.
//
// For more information about tagging, see Tagging IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation TagUser for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagUser
func (c *IAM) TagUser(input *TagUserInput) (*TagUserOutput, error) {
	req, out := c.TagUserRequest(input)
	return out, req.Send()
}

// TagUserWithContext is the same as TagUser with the addition of
// the ability to pass a context and additional request options.
//
// See TagUser for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) TagUserWithContext(ctx aws.Context, input *TagUserInput, opts ...request.Option) (*TagUserOutput, error) {
	req, out := c.TagUserRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUntagInstanceProfile = "UntagInstanceProfile"

// UntagInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the UntagInstanceProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagInstanceProfile for more information on using the UntagInstanceProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UntagInstanceProfileRequest method.
//    req, resp := client.UntagInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagInstanceProfile
func (c *IAM) UntagInstanceProfileRequest(input *UntagInstanceProfileInput) (req *request.Request, output *UntagInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opUntagInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagInstanceProfileInput{}
	}

	output = &UntagInstanceProfileOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UntagInstanceProfile API operation for AWS Identity and Access Management.
//
// Removes the specified tags from the IAM instance profile. For more information
// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UntagInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagInstanceProfile
func (c *IAM) UntagInstanceProfile(input *UntagInstanceProfileInput) (*UntagInstanceProfileOutput, error) {
	req, out := c.UntagInstanceProfileRequest(input)
	return out, req.Send()
}

// UntagInstanceProfileWithContext is the same as UntagInstanceProfile with the addition of
// the ability to pass a context and additional request options.
//
// See UntagInstanceProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UntagInstanceProfileWithContext(ctx aws.Context, input *UntagInstanceProfileInput, opts ...request.Option) (*UntagInstanceProfileOutput, error) {
	req, out := c.UntagInstanceProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUntagMFADevice = "UntagMFADevice"

// UntagMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the UntagMFADevice operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagMFADevice for more information on using the UntagMFADevice
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UntagMFADeviceRequest method.
//    req, resp := client.UntagMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagMFADevice
func (c *IAM) UntagMFADeviceRequest(input *UntagMFADeviceInput) (req *request.Request, output *UntagMFADeviceOutput) {
	op := &request.Operation{
		Name:       opUntagMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagMFADeviceInput{}
	}

	output = &UntagMFADeviceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UntagMFADevice API operation for AWS Identity and Access Management.
//
// Removes the specified tags from the IAM virtual multi-factor authentication
// (MFA) device. For more information about tagging, see Tagging IAM resources
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM
// User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UntagMFADevice for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagMFADevice
func (c *IAM) UntagMFADevice(input *UntagMFADeviceInput) (*UntagMFADeviceOutput, error) {
	req, out := c.UntagMFADeviceRequest(input)
	return out, req.Send()
}

// UntagMFADeviceWithContext is the same as UntagMFADevice with the addition of
// the ability to pass a context and additional request options.
//
// See UntagMFADevice for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UntagMFADeviceWithContext(ctx aws.Context, input *UntagMFADeviceInput, opts ...request.Option) (*UntagMFADeviceOutput, error) {
	req, out := c.UntagMFADeviceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUntagOpenIDConnectProvider = "UntagOpenIDConnectProvider"

// UntagOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the UntagOpenIDConnectProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagOpenIDConnectProvider for more information on using the UntagOpenIDConnectProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UntagOpenIDConnectProviderRequest method.
//    req, resp := client.UntagOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagOpenIDConnectProvider
func (c *IAM) UntagOpenIDConnectProviderRequest(input *UntagOpenIDConnectProviderInput) (req *request.Request, output *UntagOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opUntagOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagOpenIDConnectProviderInput{}
	}

	output = &UntagOpenIDConnectProviderOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UntagOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Removes the specified tags from the specified OpenID Connect (OIDC)-compatible
// identity provider in IAM. For more information about OIDC providers, see
// About web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html).
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UntagOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagOpenIDConnectProvider
func (c *IAM) UntagOpenIDConnectProvider(input *UntagOpenIDConnectProviderInput) (*UntagOpenIDConnectProviderOutput, error) {
	req, out := c.UntagOpenIDConnectProviderRequest(input)
	return out, req.Send()
}

// UntagOpenIDConnectProviderWithContext is the same as UntagOpenIDConnectProvider with the addition of
// the ability to pass a context and additional request options.
//
// See UntagOpenIDConnectProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UntagOpenIDConnectProviderWithContext(ctx aws.Context, input *UntagOpenIDConnectProviderInput, opts ...request.Option) (*UntagOpenIDConnectProviderOutput, error) {
	req, out := c.UntagOpenIDConnectProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUntagPolicy = "UntagPolicy"

// UntagPolicyRequest generates a "aws/request.Request" representing the
// client's request for the UntagPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagPolicy for more information on using the UntagPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UntagPolicyRequest method.
//    req, resp := client.UntagPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagPolicy
func (c *IAM) UntagPolicyRequest(input *UntagPolicyInput) (req *request.Request, output *UntagPolicyOutput) {
	op := &request.Operation{
		Name:       opUntagPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagPolicyInput{}
	}

	output = &UntagPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UntagPolicy API operation for AWS Identity and Access Management.
//
// Removes the specified tags from the customer managed policy. For more information
// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UntagPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagPolicy
func (c *IAM) UntagPolicy(input *UntagPolicyInput) (*UntagPolicyOutput, error) {
	req, out := c.UntagPolicyRequest(input)
	return out, req.Send()
}

// UntagPolicyWithContext is the same as UntagPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See UntagPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UntagPolicyWithContext(ctx aws.Context, input *UntagPolicyInput, opts ...request.Option) (*UntagPolicyOutput, error) {
	req, out := c.UntagPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUntagRole = "UntagRole"

// UntagRoleRequest generates a "aws/request.Request" representing the
// client's request for the UntagRole operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagRole for more information on using the UntagRole
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UntagRoleRequest method.
//    req, resp := client.UntagRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagRole
func (c *IAM) UntagRoleRequest(input *UntagRoleInput) (req *request.Request, output *UntagRoleOutput) {
	op := &request.Operation{
		Name:       opUntagRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagRoleInput{}
	}

	output = &UntagRoleOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UntagRole API operation for AWS Identity and Access Management.
//
// Removes the specified tags from the role. For more information about tagging,
// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UntagRole for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagRole
func (c *IAM) UntagRole(input *UntagRoleInput) (*UntagRoleOutput, error) {
	req, out := c.UntagRoleRequest(input)
	return out, req.Send()
}

// UntagRoleWithContext is the same as UntagRole with the addition of
// the ability to pass a context and additional request options.
//
// See UntagRole for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UntagRoleWithContext(ctx aws.Context, input *UntagRoleInput, opts ...request.Option) (*UntagRoleOutput, error) {
	req, out := c.UntagRoleRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUntagSAMLProvider = "UntagSAMLProvider"

// UntagSAMLProviderRequest generates a "aws/request.Request" representing the
// client's request for the UntagSAMLProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagSAMLProvider for more information on using the UntagSAMLProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UntagSAMLProviderRequest method.
//    req, resp := client.UntagSAMLProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagSAMLProvider
func (c *IAM) UntagSAMLProviderRequest(input *UntagSAMLProviderInput) (req *request.Request, output *UntagSAMLProviderOutput) {
	op := &request.Operation{
		Name:       opUntagSAMLProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagSAMLProviderInput{}
	}

	output = &UntagSAMLProviderOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UntagSAMLProvider API operation for AWS Identity and Access Management.
//
// Removes the specified tags from the specified Security Assertion Markup Language
// (SAML) identity provider in IAM. For more information about these providers,
// see About web identity federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html).
// For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UntagSAMLProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagSAMLProvider
func (c *IAM) UntagSAMLProvider(input *UntagSAMLProviderInput) (*UntagSAMLProviderOutput, error) {
	req, out := c.UntagSAMLProviderRequest(input)
	return out, req.Send()
}

// UntagSAMLProviderWithContext is the same as UntagSAMLProvider with the addition of
// the ability to pass a context and additional request options.
//
// See UntagSAMLProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UntagSAMLProviderWithContext(ctx aws.Context, input *UntagSAMLProviderInput, opts ...request.Option) (*UntagSAMLProviderOutput, error) {
	req, out := c.UntagSAMLProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUntagServerCertificate = "UntagServerCertificate"

// UntagServerCertificateRequest generates a "aws/request.Request" representing the
// client's request for the UntagServerCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagServerCertificate for more information on using the UntagServerCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UntagServerCertificateRequest method.
//    req, resp := client.UntagServerCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagServerCertificate
func (c *IAM) UntagServerCertificateRequest(input *UntagServerCertificateInput) (req *request.Request, output *UntagServerCertificateOutput) {
	op := &request.Operation{
		Name:       opUntagServerCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagServerCertificateInput{}
	}

	output = &UntagServerCertificateOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UntagServerCertificate API operation for AWS Identity and Access Management.
//
// Removes the specified tags from the IAM server certificate. For more information
// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// For certificates in a Region supported by Certificate Manager (ACM), we recommend
// that you don't use IAM server certificates. Instead, use ACM to provision,
// manage, and deploy your server certificates. For more information about IAM
// server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UntagServerCertificate for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagServerCertificate
func (c *IAM) UntagServerCertificate(input *UntagServerCertificateInput) (*UntagServerCertificateOutput, error) {
	req, out := c.UntagServerCertificateRequest(input)
	return out, req.Send()
}

// UntagServerCertificateWithContext is the same as UntagServerCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See UntagServerCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UntagServerCertificateWithContext(ctx aws.Context, input *UntagServerCertificateInput, opts ...request.Option) (*UntagServerCertificateOutput, error) {
	req, out := c.UntagServerCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUntagUser = "UntagUser"

// UntagUserRequest generates a "aws/request.Request" representing the
// client's request for the UntagUser operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagUser for more information on using the UntagUser
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UntagUserRequest method.
//    req, resp := client.UntagUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagUser
func (c *IAM) UntagUserRequest(input *UntagUserInput) (req *request.Request, output *UntagUserOutput) {
	op := &request.Operation{
		Name:       opUntagUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagUserInput{}
	}

	output = &UntagUserOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UntagUser API operation for AWS Identity and Access Management.
//
// Removes the specified tags from the user. For more information about tagging,
// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UntagUser for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagUser
func (c *IAM) UntagUser(input *UntagUserInput) (*UntagUserOutput, error) {
	req, out := c.UntagUserRequest(input)
	return out, req.Send()
}

// UntagUserWithContext is the same as UntagUser with the addition of
// the ability to pass a context and additional request options.
//
// See UntagUser for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UntagUserWithContext(ctx aws.Context, input *UntagUserInput, opts ...request.Option) (*UntagUserOutput, error) {
	req, out := c.UntagUserRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateAccessKey = "UpdateAccessKey"

// UpdateAccessKeyRequest generates a "aws/request.Request" representing the
// client's request for the UpdateAccessKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateAccessKey for more information on using the UpdateAccessKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateAccessKeyRequest method.
//    req, resp := client.UpdateAccessKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccessKey
func (c *IAM) UpdateAccessKeyRequest(input *UpdateAccessKeyInput) (req *request.Request, output *UpdateAccessKeyOutput) {
	op := &request.Operation{
		Name:       opUpdateAccessKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateAccessKeyInput{}
	}

	output = &UpdateAccessKeyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateAccessKey API operation for AWS Identity and Access Management.
//
// Changes the status of the specified access key from Active to Inactive, or
// vice versa. This operation can be used to disable a user's key as part of
// a key rotation workflow.
//
// If the UserName is not specified, the user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request.
// This operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users.
//
// For information about rotating keys, see Managing keys and certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateAccessKey for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccessKey
func (c *IAM) UpdateAccessKey(input *UpdateAccessKeyInput) (*UpdateAccessKeyOutput, error) {
	req, out := c.UpdateAccessKeyRequest(input)
	return out, req.Send()
}

// UpdateAccessKeyWithContext is the same as UpdateAccessKey with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateAccessKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateAccessKeyWithContext(ctx aws.Context, input *UpdateAccessKeyInput, opts ...request.Option) (*UpdateAccessKeyOutput, error) {
	req, out := c.UpdateAccessKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateAccountPasswordPolicy = "UpdateAccountPasswordPolicy"

// UpdateAccountPasswordPolicyRequest generates a "aws/request.Request" representing the
// client's request for the UpdateAccountPasswordPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateAccountPasswordPolicy for more information on using the UpdateAccountPasswordPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateAccountPasswordPolicyRequest method.
//    req, resp := client.UpdateAccountPasswordPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccountPasswordPolicy
func (c *IAM) UpdateAccountPasswordPolicyRequest(input *UpdateAccountPasswordPolicyInput) (req *request.Request, output *UpdateAccountPasswordPolicyOutput) {
	op := &request.Operation{
		Name:       opUpdateAccountPasswordPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateAccountPasswordPolicyInput{}
	}

	output = &UpdateAccountPasswordPolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateAccountPasswordPolicy API operation for AWS Identity and Access Management.
//
// Updates the password policy settings for the Amazon Web Services account.
//
//    * This operation does not support partial updates. No parameters are required,
//    but if you do not specify a parameter, that parameter's value reverts
//    to its default value. See the Request Parameters section for each parameter's
//    default value. Also note that some parameters do not allow the default
//    parameter to be explicitly set. Instead, to invoke the default value,
//    do not include that parameter when you invoke the operation.
//
// For more information about using a password policy, see Managing an IAM password
// policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateAccountPasswordPolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccountPasswordPolicy
func (c *IAM) UpdateAccountPasswordPolicy(input *UpdateAccountPasswordPolicyInput) (*UpdateAccountPasswordPolicyOutput, error) {
	req, out := c.UpdateAccountPasswordPolicyRequest(input)
	return out, req.Send()
}

// UpdateAccountPasswordPolicyWithContext is the same as UpdateAccountPasswordPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateAccountPasswordPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateAccountPasswordPolicyWithContext(ctx aws.Context, input *UpdateAccountPasswordPolicyInput, opts ...request.Option) (*UpdateAccountPasswordPolicyOutput, error) {
	req, out := c.UpdateAccountPasswordPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateAssumeRolePolicy = "UpdateAssumeRolePolicy"

// UpdateAssumeRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the UpdateAssumeRolePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateAssumeRolePolicy for more information on using the UpdateAssumeRolePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateAssumeRolePolicyRequest method.
//    req, resp := client.UpdateAssumeRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAssumeRolePolicy
func (c *IAM) UpdateAssumeRolePolicyRequest(input *UpdateAssumeRolePolicyInput) (req *request.Request, output *UpdateAssumeRolePolicyOutput) {
	op := &request.Operation{
		Name:       opUpdateAssumeRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateAssumeRolePolicyInput{}
	}

	output = &UpdateAssumeRolePolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateAssumeRolePolicy API operation for AWS Identity and Access Management.
//
// Updates the policy that grants an IAM entity permission to assume a role.
// This is typically referred to as the "role trust policy". For more information
// about roles, see Using roles to delegate permissions and federate identities
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateAssumeRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAssumeRolePolicy
func (c *IAM) UpdateAssumeRolePolicy(input *UpdateAssumeRolePolicyInput) (*UpdateAssumeRolePolicyOutput, error) {
	req, out := c.UpdateAssumeRolePolicyRequest(input)
	return out, req.Send()
}

// UpdateAssumeRolePolicyWithContext is the same as UpdateAssumeRolePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateAssumeRolePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateAssumeRolePolicyWithContext(ctx aws.Context, input *UpdateAssumeRolePolicyInput, opts ...request.Option) (*UpdateAssumeRolePolicyOutput, error) {
	req, out := c.UpdateAssumeRolePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateGroup = "UpdateGroup"

// UpdateGroupRequest generates a "aws/request.Request" representing the
// client's request for the UpdateGroup operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateGroup for more information on using the UpdateGroup
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateGroupRequest method.
//    req, resp := client.UpdateGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateGroup
func (c *IAM) UpdateGroupRequest(input *UpdateGroupInput) (req *request.Request, output *UpdateGroupOutput) {
	op := &request.Operation{
		Name:       opUpdateGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateGroupInput{}
	}

	output = &UpdateGroupOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateGroup API operation for AWS Identity and Access Management.
//
// Updates the name and/or the path of the specified IAM group.
//
// You should understand the implications of changing a group's path or name.
// For more information, see Renaming users and groups (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html)
// in the IAM User Guide.
//
// The person making the request (the principal), must have permission to change
// the role group with the old name and the new name. For example, to change
// the group named Managers to MGRs, the principal must have a policy that allows
// them to update both groups. If the principal has permission to update the
// Managers group, but not the MGRs group, then the update fails. For more information
// about permissions, see Access management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateGroup for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateGroup
func (c *IAM) UpdateGroup(input *UpdateGroupInput) (*UpdateGroupOutput, error) {
	req, out := c.UpdateGroupRequest(input)
	return out, req.Send()
}

// UpdateGroupWithContext is the same as UpdateGroup with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateGroup for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateGroupWithContext(ctx aws.Context, input *UpdateGroupInput, opts ...request.Option) (*UpdateGroupOutput, error) {
	req, out := c.UpdateGroupRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateLoginProfile = "UpdateLoginProfile"

// UpdateLoginProfileRequest generates a "aws/request.Request" representing the
// client's request for the UpdateLoginProfile operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateLoginProfile for more information on using the UpdateLoginProfile
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateLoginProfileRequest method.
//    req, resp := client.UpdateLoginProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateLoginProfile
func (c *IAM) UpdateLoginProfileRequest(input *UpdateLoginProfileInput) (req *request.Request, output *UpdateLoginProfileOutput) {
	op := &request.Operation{
		Name:       opUpdateLoginProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateLoginProfileInput{}
	}

	output = &UpdateLoginProfileOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateLoginProfile API operation for AWS Identity and Access Management.
//
// Changes the password for the specified IAM user. You can use the CLI, the
// Amazon Web Services API, or the Users page in the IAM console to change the
// password for any IAM user. Use ChangePassword to change your own password
// in the My Security Credentials page in the Amazon Web Services Management
// Console.
//
// For more information about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateLoginProfile for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable"
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodePasswordPolicyViolationException "PasswordPolicyViolation"
//   The request was rejected because the provided password did not meet the requirements
//   imposed by the account password policy.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateLoginProfile
func (c *IAM) UpdateLoginProfile(input *UpdateLoginProfileInput) (*UpdateLoginProfileOutput, error) {
	req, out := c.UpdateLoginProfileRequest(input)
	return out, req.Send()
}

// UpdateLoginProfileWithContext is the same as UpdateLoginProfile with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateLoginProfile for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateLoginProfileWithContext(ctx aws.Context, input *UpdateLoginProfileInput, opts ...request.Option) (*UpdateLoginProfileOutput, error) {
	req, out := c.UpdateLoginProfileRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateOpenIDConnectProviderThumbprint = "UpdateOpenIDConnectProviderThumbprint"

// UpdateOpenIDConnectProviderThumbprintRequest generates a "aws/request.Request" representing the
// client's request for the UpdateOpenIDConnectProviderThumbprint operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateOpenIDConnectProviderThumbprint for more information on using the UpdateOpenIDConnectProviderThumbprint
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateOpenIDConnectProviderThumbprintRequest method.
//    req, resp := client.UpdateOpenIDConnectProviderThumbprintRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateOpenIDConnectProviderThumbprint
func (c *IAM) UpdateOpenIDConnectProviderThumbprintRequest(input *UpdateOpenIDConnectProviderThumbprintInput) (req *request.Request, output *UpdateOpenIDConnectProviderThumbprintOutput) {
	op := &request.Operation{
		Name:       opUpdateOpenIDConnectProviderThumbprint,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateOpenIDConnectProviderThumbprintInput{}
	}

	output = &UpdateOpenIDConnectProviderThumbprintOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateOpenIDConnectProviderThumbprint API operation for AWS Identity and Access Management.
//
// Replaces the existing list of server certificate thumbprints associated with
// an OpenID Connect (OIDC) provider resource object with a new list of thumbprints.
//
// The list that you pass with this operation completely replaces the existing
// list of thumbprints. (The lists are not merged.)
//
// Typically, you need to update a thumbprint only when the identity provider
// certificate changes, which occurs rarely. However, if the provider's certificate
// does change, any attempt to assume an IAM role that specifies the OIDC provider
// as a principal fails until the certificate thumbprint is updated.
//
// Amazon Web Services secures communication with some OIDC identity providers
// (IdPs) through our library of trusted certificate authorities (CAs) instead
// of using a certificate thumbprint to verify your IdP server certificate.
// These OIDC IdPs include Google, and those that use an Amazon S3 bucket to
// host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint
// remains in your configuration, but is no longer used for validation.
//
// Trust for the OIDC provider is derived from the provider certificate and
// is validated by the thumbprint. Therefore, it is best to limit access to
// the UpdateOpenIDConnectProviderThumbprint operation to highly privileged
// users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateOpenIDConnectProviderThumbprint for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateOpenIDConnectProviderThumbprint
func (c *IAM) UpdateOpenIDConnectProviderThumbprint(input *UpdateOpenIDConnectProviderThumbprintInput) (*UpdateOpenIDConnectProviderThumbprintOutput, error) {
	req, out := c.UpdateOpenIDConnectProviderThumbprintRequest(input)
	return out, req.Send()
}

// UpdateOpenIDConnectProviderThumbprintWithContext is the same as UpdateOpenIDConnectProviderThumbprint with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateOpenIDConnectProviderThumbprint for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateOpenIDConnectProviderThumbprintWithContext(ctx aws.Context, input *UpdateOpenIDConnectProviderThumbprintInput, opts ...request.Option) (*UpdateOpenIDConnectProviderThumbprintOutput, error) {
	req, out := c.UpdateOpenIDConnectProviderThumbprintRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateRole = "UpdateRole"

// UpdateRoleRequest generates a "aws/request.Request" representing the
// client's request for the UpdateRole operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateRole for more information on using the UpdateRole
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateRoleRequest method.
//    req, resp := client.UpdateRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRole
func (c *IAM) UpdateRoleRequest(input *UpdateRoleInput) (req *request.Request, output *UpdateRoleOutput) {
	op := &request.Operation{
		Name:       opUpdateRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateRoleInput{}
	}

	output = &UpdateRoleOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateRole API operation for AWS Identity and Access Management.
//
// Updates the description or maximum session duration setting of a role.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateRole for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRole
func (c *IAM) UpdateRole(input *UpdateRoleInput) (*UpdateRoleOutput, error) {
	req, out := c.UpdateRoleRequest(input)
	return out, req.Send()
}

// UpdateRoleWithContext is the same as UpdateRole with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateRole for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateRoleWithContext(ctx aws.Context, input *UpdateRoleInput, opts ...request.Option) (*UpdateRoleOutput, error) {
	req, out := c.UpdateRoleRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateRoleDescription = "UpdateRoleDescription"

// UpdateRoleDescriptionRequest generates a "aws/request.Request" representing the
// client's request for the UpdateRoleDescription operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateRoleDescription for more information on using the UpdateRoleDescription
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateRoleDescriptionRequest method.
//    req, resp := client.UpdateRoleDescriptionRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescription
func (c *IAM) UpdateRoleDescriptionRequest(input *UpdateRoleDescriptionInput) (req *request.Request, output *UpdateRoleDescriptionOutput) {
	op := &request.Operation{
		Name:       opUpdateRoleDescription,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateRoleDescriptionInput{}
	}

	output = &UpdateRoleDescriptionOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UpdateRoleDescription API operation for AWS Identity and Access Management.
//
// Use UpdateRole instead.
//
// Modifies only the description of a role. This operation performs the same
// function as the Description parameter in the UpdateRole operation.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateRoleDescription for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeUnmodifiableEntityException "UnmodifiableEntity"
//   The request was rejected because only the service that depends on the service-linked
//   role can modify or delete the role on your behalf. The error message includes
//   the name of the service that depends on this service-linked role. You must
//   request the change through that service.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescription
func (c *IAM) UpdateRoleDescription(input *UpdateRoleDescriptionInput) (*UpdateRoleDescriptionOutput, error) {
	req, out := c.UpdateRoleDescriptionRequest(input)
	return out, req.Send()
}

// UpdateRoleDescriptionWithContext is the same as UpdateRoleDescription with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateRoleDescription for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateRoleDescriptionWithContext(ctx aws.Context, input *UpdateRoleDescriptionInput, opts ...request.Option) (*UpdateRoleDescriptionOutput, error) {
	req, out := c.UpdateRoleDescriptionRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateSAMLProvider = "UpdateSAMLProvider"

// UpdateSAMLProviderRequest generates a "aws/request.Request" representing the
// client's request for the UpdateSAMLProvider operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateSAMLProvider for more information on using the UpdateSAMLProvider
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateSAMLProviderRequest method.
//    req, resp := client.UpdateSAMLProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSAMLProvider
func (c *IAM) UpdateSAMLProviderRequest(input *UpdateSAMLProviderInput) (req *request.Request, output *UpdateSAMLProviderOutput) {
	op := &request.Operation{
		Name:       opUpdateSAMLProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateSAMLProviderInput{}
	}

	output = &UpdateSAMLProviderOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UpdateSAMLProvider API operation for AWS Identity and Access Management.
//
// Updates the metadata document for an existing SAML provider resource object.
//
// This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateSAMLProvider for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSAMLProvider
func (c *IAM) UpdateSAMLProvider(input *UpdateSAMLProviderInput) (*UpdateSAMLProviderOutput, error) {
	req, out := c.UpdateSAMLProviderRequest(input)
	return out, req.Send()
}

// UpdateSAMLProviderWithContext is the same as UpdateSAMLProvider with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateSAMLProvider for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateSAMLProviderWithContext(ctx aws.Context, input *UpdateSAMLProviderInput, opts ...request.Option) (*UpdateSAMLProviderOutput, error) {
	req, out := c.UpdateSAMLProviderRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateSSHPublicKey = "UpdateSSHPublicKey"

// UpdateSSHPublicKeyRequest generates a "aws/request.Request" representing the
// client's request for the UpdateSSHPublicKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateSSHPublicKey for more information on using the UpdateSSHPublicKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateSSHPublicKeyRequest method.
//    req, resp := client.UpdateSSHPublicKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSSHPublicKey
func (c *IAM) UpdateSSHPublicKeyRequest(input *UpdateSSHPublicKeyInput) (req *request.Request, output *UpdateSSHPublicKeyOutput) {
	op := &request.Operation{
		Name:       opUpdateSSHPublicKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateSSHPublicKeyInput{}
	}

	output = &UpdateSSHPublicKeyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateSSHPublicKey API operation for AWS Identity and Access Management.
//
// Sets the status of an IAM user's SSH public key to active or inactive. SSH
// public keys that are inactive cannot be used for authentication. This operation
// can be used to disable a user's SSH public key as part of a key rotation
// work flow.
//
// The SSH public key affected by this operation is used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information
// about using SSH keys to authenticate to an CodeCommit repository, see Set
// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the CodeCommit User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateSSHPublicKey for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSSHPublicKey
func (c *IAM) UpdateSSHPublicKey(input *UpdateSSHPublicKeyInput) (*UpdateSSHPublicKeyOutput, error) {
	req, out := c.UpdateSSHPublicKeyRequest(input)
	return out, req.Send()
}

// UpdateSSHPublicKeyWithContext is the same as UpdateSSHPublicKey with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateSSHPublicKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateSSHPublicKeyWithContext(ctx aws.Context, input *UpdateSSHPublicKeyInput, opts ...request.Option) (*UpdateSSHPublicKeyOutput, error) {
	req, out := c.UpdateSSHPublicKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateServerCertificate = "UpdateServerCertificate"

// UpdateServerCertificateRequest generates a "aws/request.Request" representing the
// client's request for the UpdateServerCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateServerCertificate for more information on using the UpdateServerCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateServerCertificateRequest method.
//    req, resp := client.UpdateServerCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServerCertificate
func (c *IAM) UpdateServerCertificateRequest(input *UpdateServerCertificateInput) (req *request.Request, output *UpdateServerCertificateOutput) {
	op := &request.Operation{
		Name:       opUpdateServerCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateServerCertificateInput{}
	}

	output = &UpdateServerCertificateOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateServerCertificate API operation for AWS Identity and Access Management.
//
// Updates the name and/or the path of the specified server certificate stored
// in IAM.
//
// For more information about working with server certificates, see Working
// with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. This topic also includes a list of Amazon Web Services
// services that can use the server certificates that you manage with IAM.
//
// You should understand the implications of changing a server certificate's
// path or name. For more information, see Renaming a server certificate (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts)
// in the IAM User Guide.
//
// The person making the request (the principal), must have permission to change
// the server certificate with the old name and the new name. For example, to
// change the certificate named ProductionCert to ProdCert, the principal must
// have a policy that allows them to update both certificates. If the principal
// has permission to update the ProductionCert group, but not the ProdCert certificate,
// then the update fails. For more information about permissions, see Access
// management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateServerCertificate for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServerCertificate
func (c *IAM) UpdateServerCertificate(input *UpdateServerCertificateInput) (*UpdateServerCertificateOutput, error) {
	req, out := c.UpdateServerCertificateRequest(input)
	return out, req.Send()
}

// UpdateServerCertificateWithContext is the same as UpdateServerCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateServerCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateServerCertificateWithContext(ctx aws.Context, input *UpdateServerCertificateInput, opts ...request.Option) (*UpdateServerCertificateOutput, error) {
	req, out := c.UpdateServerCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateServiceSpecificCredential = "UpdateServiceSpecificCredential"

// UpdateServiceSpecificCredentialRequest generates a "aws/request.Request" representing the
// client's request for the UpdateServiceSpecificCredential operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateServiceSpecificCredential for more information on using the UpdateServiceSpecificCredential
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateServiceSpecificCredentialRequest method.
//    req, resp := client.UpdateServiceSpecificCredentialRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServiceSpecificCredential
func (c *IAM) UpdateServiceSpecificCredentialRequest(input *UpdateServiceSpecificCredentialInput) (req *request.Request, output *UpdateServiceSpecificCredentialOutput) {
	op := &request.Operation{
		Name:       opUpdateServiceSpecificCredential,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateServiceSpecificCredentialInput{}
	}

	output = &UpdateServiceSpecificCredentialOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateServiceSpecificCredential API operation for AWS Identity and Access Management.
//
// Sets the status of a service-specific credential to Active or Inactive. Service-specific
// credentials that are inactive cannot be used for authentication to the service.
// This operation can be used to disable a user's service-specific credential
// as part of a credential rotation work flow.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateServiceSpecificCredential for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServiceSpecificCredential
func (c *IAM) UpdateServiceSpecificCredential(input *UpdateServiceSpecificCredentialInput) (*UpdateServiceSpecificCredentialOutput, error) {
	req, out := c.UpdateServiceSpecificCredentialRequest(input)
	return out, req.Send()
}

// UpdateServiceSpecificCredentialWithContext is the same as UpdateServiceSpecificCredential with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateServiceSpecificCredential for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateServiceSpecificCredentialWithContext(ctx aws.Context, input *UpdateServiceSpecificCredentialInput, opts ...request.Option) (*UpdateServiceSpecificCredentialOutput, error) {
	req, out := c.UpdateServiceSpecificCredentialRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateSigningCertificate = "UpdateSigningCertificate"

// UpdateSigningCertificateRequest generates a "aws/request.Request" representing the
// client's request for the UpdateSigningCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateSigningCertificate for more information on using the UpdateSigningCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateSigningCertificateRequest method.
//    req, resp := client.UpdateSigningCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSigningCertificate
func (c *IAM) UpdateSigningCertificateRequest(input *UpdateSigningCertificateInput) (req *request.Request, output *UpdateSigningCertificateOutput) {
	op := &request.Operation{
		Name:       opUpdateSigningCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateSigningCertificateInput{}
	}

	output = &UpdateSigningCertificateOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateSigningCertificate API operation for AWS Identity and Access Management.
//
// Changes the status of the specified user signing certificate from active
// to disabled, or vice versa. This operation can be used to disable an IAM
// user's signing certificate as part of a certificate rotation work flow.
//
// If the UserName field is not specified, the user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request.
// This operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateSigningCertificate for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSigningCertificate
func (c *IAM) UpdateSigningCertificate(input *UpdateSigningCertificateInput) (*UpdateSigningCertificateOutput, error) {
	req, out := c.UpdateSigningCertificateRequest(input)
	return out, req.Send()
}

// UpdateSigningCertificateWithContext is the same as UpdateSigningCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateSigningCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateSigningCertificateWithContext(ctx aws.Context, input *UpdateSigningCertificateInput, opts ...request.Option) (*UpdateSigningCertificateOutput, error) {
	req, out := c.UpdateSigningCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateUser = "UpdateUser"

// UpdateUserRequest generates a "aws/request.Request" representing the
// client's request for the UpdateUser operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateUser for more information on using the UpdateUser
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UpdateUserRequest method.
//    req, resp := client.UpdateUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateUser
func (c *IAM) UpdateUserRequest(input *UpdateUserInput) (req *request.Request, output *UpdateUserOutput) {
	op := &request.Operation{
		Name:       opUpdateUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateUserInput{}
	}

	output = &UpdateUserOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UpdateUser API operation for AWS Identity and Access Management.
//
// Updates the name and/or the path of the specified IAM user.
//
// You should understand the implications of changing an IAM user's path or
// name. For more information, see Renaming an IAM user (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_renaming)
// and Renaming an IAM group (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_rename.html)
// in the IAM User Guide.
//
// To change a user name, the requester must have appropriate permissions on
// both the source object and the target object. For example, to change Bob
// to Robert, the entity making the request must have permission on Bob and
// Robert, or must have permission on all (*). For more information about permissions,
// see Permissions and policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateUser for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable"
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateUser
func (c *IAM) UpdateUser(input *UpdateUserInput) (*UpdateUserOutput, error) {
	req, out := c.UpdateUserRequest(input)
	return out, req.Send()
}

// UpdateUserWithContext is the same as UpdateUser with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateUser for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UpdateUserWithContext(ctx aws.Context, input *UpdateUserInput, opts ...request.Option) (*UpdateUserOutput, error) {
	req, out := c.UpdateUserRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUploadSSHPublicKey = "UploadSSHPublicKey"

// UploadSSHPublicKeyRequest generates a "aws/request.Request" representing the
// client's request for the UploadSSHPublicKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UploadSSHPublicKey for more information on using the UploadSSHPublicKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UploadSSHPublicKeyRequest method.
//    req, resp := client.UploadSSHPublicKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSSHPublicKey
func (c *IAM) UploadSSHPublicKeyRequest(input *UploadSSHPublicKeyInput) (req *request.Request, output *UploadSSHPublicKeyOutput) {
	op := &request.Operation{
		Name:       opUploadSSHPublicKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UploadSSHPublicKeyInput{}
	}

	output = &UploadSSHPublicKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UploadSSHPublicKey API operation for AWS Identity and Access Management.
//
// Uploads an SSH public key and associates it with the specified IAM user.
//
// The SSH public key uploaded by this operation can be used only for authenticating
// the associated IAM user to an CodeCommit repository. For more information
// about using SSH keys to authenticate to an CodeCommit repository, see Set
// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the CodeCommit User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UploadSSHPublicKey for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeInvalidPublicKeyException "InvalidPublicKey"
//   The request was rejected because the public key is malformed or otherwise
//   invalid.
//
//   * ErrCodeDuplicateSSHPublicKeyException "DuplicateSSHPublicKey"
//   The request was rejected because the SSH public key is already associated
//   with the specified IAM user.
//
//   * ErrCodeUnrecognizedPublicKeyEncodingException "UnrecognizedPublicKeyEncoding"
//   The request was rejected because the public key encoding format is unsupported
//   or unrecognized.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSSHPublicKey
func (c *IAM) UploadSSHPublicKey(input *UploadSSHPublicKeyInput) (*UploadSSHPublicKeyOutput, error) {
	req, out := c.UploadSSHPublicKeyRequest(input)
	return out, req.Send()
}

// UploadSSHPublicKeyWithContext is the same as UploadSSHPublicKey with the addition of
// the ability to pass a context and additional request options.
//
// See UploadSSHPublicKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UploadSSHPublicKeyWithContext(ctx aws.Context, input *UploadSSHPublicKeyInput, opts ...request.Option) (*UploadSSHPublicKeyOutput, error) {
	req, out := c.UploadSSHPublicKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUploadServerCertificate = "UploadServerCertificate"

// UploadServerCertificateRequest generates a "aws/request.Request" representing the
// client's request for the UploadServerCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UploadServerCertificate for more information on using the UploadServerCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UploadServerCertificateRequest method.
//    req, resp := client.UploadServerCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificate
func (c *IAM) UploadServerCertificateRequest(input *UploadServerCertificateInput) (req *request.Request, output *UploadServerCertificateOutput) {
	op := &request.Operation{
		Name:       opUploadServerCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UploadServerCertificateInput{}
	}

	output = &UploadServerCertificateOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UploadServerCertificate API operation for AWS Identity and Access Management.
//
// Uploads a server certificate entity for the Amazon Web Services account.
// The server certificate entity includes a public key certificate, a private
// key, and an optional certificate chain, which should all be PEM-encoded.
//
// We recommend that you use Certificate Manager (https://docs.aws.amazon.com/acm/)
// to provision, manage, and deploy your server certificates. With ACM you can
// request a certificate, deploy it to Amazon Web Services resources, and let
// ACM handle certificate renewals for you. Certificates provided by ACM are
// free. For more information about using ACM, see the Certificate Manager User
// Guide (https://docs.aws.amazon.com/acm/latest/userguide/).
//
// For more information about working with server certificates, see Working
// with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide. This topic includes a list of Amazon Web Services
// services that can use the server certificates that you manage with IAM.
//
// For information about the number of server certificates you can upload, see
// IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html)
// in the IAM User Guide.
//
// Because the body of the public key certificate, private key, and the certificate
// chain can be large, you should use POST rather than GET when calling UploadServerCertificate.
// For information about setting up signatures and authorization through the
// API, see Signing Amazon Web Services API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
// in the Amazon Web Services General Reference. For general information about
// using the Query API with IAM, see Calling the API by making HTTP query requests
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) in the
// IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UploadServerCertificate for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeInvalidInputException "InvalidInput"
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeMalformedCertificateException "MalformedCertificate"
//   The request was rejected because the certificate was malformed or expired.
//   The error message describes the specific error.
//
//   * ErrCodeKeyPairMismatchException "KeyPairMismatch"
//   The request was rejected because the public key certificate and the private
//   key do not match.
//
//   * ErrCodeConcurrentModificationException "ConcurrentModification"
//   The request was rejected because multiple requests to change this object
//   were submitted simultaneously. Wait a few minutes and submit your request
//   again.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificate
func (c *IAM) UploadServerCertificate(input *UploadServerCertificateInput) (*UploadServerCertificateOutput, error) {
	req, out := c.UploadServerCertificateRequest(input)
	return out, req.Send()
}

// UploadServerCertificateWithContext is the same as UploadServerCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See UploadServerCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UploadServerCertificateWithContext(ctx aws.Context, input *UploadServerCertificateInput, opts ...request.Option) (*UploadServerCertificateOutput, error) {
	req, out := c.UploadServerCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUploadSigningCertificate = "UploadSigningCertificate"

// UploadSigningCertificateRequest generates a "aws/request.Request" representing the
// client's request for the UploadSigningCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UploadSigningCertificate for more information on using the UploadSigningCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
//    // Example sending a request using the UploadSigningCertificateRequest method.
//    req, resp := client.UploadSigningCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSigningCertificate
func (c *IAM) UploadSigningCertificateRequest(input *UploadSigningCertificateInput) (req *request.Request, output *UploadSigningCertificateOutput) {
	op := &request.Operation{
		Name:       opUploadSigningCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UploadSigningCertificateInput{}
	}

	output = &UploadSigningCertificateOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UploadSigningCertificate API operation for AWS Identity and Access Management.
//
// Uploads an X.509 signing certificate and associates it with the specified
// IAM user. Some Amazon Web Services services require you to use certificates
// to validate requests that are signed with a corresponding private key. When
// you upload the certificate, its default status is Active.
//
// For information about when you would use an X.509 signing certificate, see
// Managing server certificates in IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
//
// If the UserName is not specified, the IAM user name is determined implicitly
// based on the Amazon Web Services access key ID used to sign the request.
// This operation works for access keys under the Amazon Web Services account.
// Consequently, you can use this operation to manage Amazon Web Services account
// root user credentials even if the Amazon Web Services account has no associated
// users.
//
// Because the body of an X.509 certificate can be large, you should use POST
// rather than GET when calling UploadSigningCertificate. For information about
// setting up signatures and authorization through the API, see Signing Amazon
// Web Services API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
// in the Amazon Web Services General Reference. For general information about
// using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UploadSigningCertificate for usage and error information.
//
// Returned Error Codes:
//   * ErrCodeLimitExceededException "LimitExceeded"
//   The request was rejected because it attempted to create resources beyond
//   the current Amazon Web Services account limits. The error message describes
//   the limit exceeded.
//
//   * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists"
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ErrCodeMalformedCertificateException "MalformedCertificate"
//   The request was rejected because the certificate was malformed or expired.
//   The error message describes the specific error.
//
//   * ErrCodeInvalidCertificateException "InvalidCertificate"
//   The request was rejected because the certificate is invalid.
//
//   * ErrCodeDuplicateCertificateException "DuplicateCertificate"
//   The request was rejected because the same certificate is associated with
//   an IAM user in the account.
//
//   * ErrCodeNoSuchEntityException "NoSuchEntity"
//   The request was rejected because it referenced a resource entity that does
//   not exist. The error message describes the resource.
//
//   * ErrCodeServiceFailureException "ServiceFailure"
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSigningCertificate
func (c *IAM) UploadSigningCertificate(input *UploadSigningCertificateInput) (*UploadSigningCertificateOutput, error) {
	req, out := c.UploadSigningCertificateRequest(input)
	return out, req.Send()
}

// UploadSigningCertificateWithContext is the same as UploadSigningCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See UploadSigningCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) UploadSigningCertificateWithContext(ctx aws.Context, input *UploadSigningCertificateInput, opts ...request.Option) (*UploadSigningCertificateOutput, error) {
	req, out := c.UploadSigningCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// An object that contains details about when a principal in the reported Organizations
// entity last attempted to access an Amazon Web Services service. A principal
// can be an IAM user, an IAM role, or the Amazon Web Services account root
// user within the reported Organizations entity.
//
// This data type is a response element in the GetOrganizationsAccessReport
// operation.
type AccessDetail struct {
	_ struct{} `type:"structure"`

	// The path of the Organizations entity (root, organizational unit, or account)
	// from which an authenticated principal last attempted to access the service.
	// Amazon Web Services does not report unauthenticated requests.
	//
	// This field is null if no principals (IAM users, IAM roles, or root users)
	// in the reported Organizations entity attempted to access the service within
	// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	EntityPath *string `min:"19" type:"string"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when an authenticated principal most recently attempted to access the service.
	// Amazon Web Services does not report unauthenticated requests.
	//
	// This field is null if no principals in the reported Organizations entity
	// attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	LastAuthenticatedTime *time.Time `type:"timestamp"`

	// The Region where the last service access attempt occurred.
	//
	// This field is null if no principals in the reported Organizations entity
	// attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	Region *string `type:"string"`

	// The name of the service in which access was attempted.
	//
	// ServiceName is a required field
	ServiceName *string `type:"string" required:"true"`

	// The namespace of the service in which access was attempted.
	//
	// To learn the service namespace of a service, see Actions, resources, and
	// condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)
	// in the Service Authorization Reference. Choose the name of the service to
	// view details for that service. In the first paragraph, find the service prefix.
	// For example, (service prefix: a4b). For more information about service namespaces,
	// see Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces)
	// in the Amazon Web Services General Reference.
	//
	// ServiceNamespace is a required field
	ServiceNamespace *string `min:"1" type:"string" required:"true"`

	// The number of accounts with authenticated principals (root users, IAM users,
	// and IAM roles) that attempted to access the service in the reporting period.
	TotalAuthenticatedEntities *int64 `type:"integer"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDetail) GoString() string {
	return s.String()
}

// SetEntityPath sets the EntityPath field's value.
func (s *AccessDetail) SetEntityPath(v string) *AccessDetail {
	s.EntityPath = &v
	return s
}

// SetLastAuthenticatedTime sets the LastAuthenticatedTime field's value.
func (s *AccessDetail) SetLastAuthenticatedTime(v time.Time) *AccessDetail {
	s.LastAuthenticatedTime = &v
	return s
}

// SetRegion sets the Region field's value.
func (s *AccessDetail) SetRegion(v string) *AccessDetail {
	s.Region = &v
	return s
}

// SetServiceName sets the ServiceName field's value.
func (s *AccessDetail) SetServiceName(v string) *AccessDetail {
	s.ServiceName = &v
	return s
}

// SetServiceNamespace sets the ServiceNamespace field's value.
func (s *AccessDetail) SetServiceNamespace(v string) *AccessDetail {
	s.ServiceNamespace = &v
	return s
}

// SetTotalAuthenticatedEntities sets the TotalAuthenticatedEntities field's value.
func (s *AccessDetail) SetTotalAuthenticatedEntities(v int64) *AccessDetail {
	s.TotalAuthenticatedEntities = &v
	return s
}

// Contains information about an Amazon Web Services access key.
//
// This data type is used as a response element in the CreateAccessKey and ListAccessKeys
// operations.
//
// The SecretAccessKey value is returned only in response to CreateAccessKey.
// You can get a secret access key only when you first create an access key;
// you cannot recover the secret access key later. If you lose a secret access
// key, you must create a new access key.
type AccessKey struct {
	_ struct{} `type:"structure"`

	// The ID for this access key.
	//
	// AccessKeyId is a required field
	AccessKeyId *string `min:"16" type:"string" required:"true"`

	// The date when the access key was created.
	CreateDate *time.Time `type:"timestamp"`

	// The secret key used to sign requests.
	//
	// SecretAccessKey is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by AccessKey's
	// String and GoString methods.
	//
	// SecretAccessKey is a required field
	SecretAccessKey *string `type:"string" required:"true" sensitive:"true"`

	// The status of the access key. Active means that the key is valid for API
	// calls, while Inactive means it is not.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"StatusType"`

	// The name of the IAM user that the access key is associated with.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessKey) GoString() string {
	return s.String()
}

// SetAccessKeyId sets the AccessKeyId field's value.
func (s *AccessKey) SetAccessKeyId(v string) *AccessKey {
	s.AccessKeyId = &v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *AccessKey) SetCreateDate(v time.Time) *AccessKey {
	s.CreateDate = &v
	return s
}

// SetSecretAccessKey sets the SecretAccessKey field's value.
func (s *AccessKey) SetSecretAccessKey(v string) *AccessKey {
	s.SecretAccessKey = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *AccessKey) SetStatus(v string) *AccessKey {
	s.Status = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *AccessKey) SetUserName(v string) *AccessKey {
	s.UserName = &v
	return s
}

// Contains information about the last time an Amazon Web Services access key
// was used since IAM began tracking this information on April 22, 2015.
//
// This data type is used as a response element in the GetAccessKeyLastUsed
// operation.
type AccessKeyLastUsed struct {
	_ struct{} `type:"structure"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the access key was most recently used. This field is null in the following
	// situations:
	//
	//    * The user does not have an access key.
	//
	//    * An access key exists but has not been used since IAM began tracking
	//    this information.
	//
	//    * There is no sign-in data associated with the user.
	//
	// LastUsedDate is a required field
	LastUsedDate *time.Time `type:"timestamp" required:"true"`

	// The Amazon Web Services Region where this access key was most recently used.
	// The value for this field is "N/A" in the following situations:
	//
	//    * The user does not have an access key.
	//
	//    * An access key exists but has not been used since IAM began tracking
	//    this information.
	//
	//    * There is no sign-in data associated with the user.
	//
	// For more information about Amazon Web Services Regions, see Regions and endpoints
	// (https://docs.aws.amazon.com/general/latest/gr/rande.html) in the Amazon
	// Web Services General Reference.
	//
	// Region is a required field
	Region *string `type:"string" required:"true"`

	// The name of the Amazon Web Services service with which this access key was
	// most recently used. The value of this field is "N/A" in the following situations:
	//
	//    * The user does not have an access key.
	//
	//    * An access key exists but has not been used since IAM started tracking
	//    this information.
	//
	//    * There is no sign-in data associated with the user.
	//
	// ServiceName is a required field
	ServiceName *string `type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessKeyLastUsed) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessKeyLastUsed) GoString() string {
	return s.String()
}

// SetLastUsedDate sets the LastUsedDate field's value.
func (s *AccessKeyLastUsed) SetLastUsedDate(v time.Time) *AccessKeyLastUsed {
	s.LastUsedDate = &v
	return s
}

// SetRegion sets the Region field's value.
func (s *AccessKeyLastUsed) SetRegion(v string) *AccessKeyLastUsed {
	s.Region = &v
	return s
}

// SetServiceName sets the ServiceName field's value.
func (s *AccessKeyLastUsed) SetServiceName(v string) *AccessKeyLastUsed {
	s.ServiceName = &v
	return s
}

// Contains information about an Amazon Web Services access key, without its
// secret key.
//
// This data type is used as a response element in the ListAccessKeys operation.
type AccessKeyMetadata struct {
	_ struct{} `type:"structure"`

	// The ID for this access key.
	AccessKeyId *string `min:"16" type:"string"`

	// The date when the access key was created.
	CreateDate *time.Time `type:"timestamp"`

	// The status of the access key. Active means that the key is valid for API
	// calls; Inactive means it is not.
	Status *string `type:"string" enum:"StatusType"`

	// The name of the IAM user that the key is associated with.
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessKeyMetadata) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessKeyMetadata) GoString() string {
	return s.String()
}

// SetAccessKeyId sets the AccessKeyId field's value.
func (s *AccessKeyMetadata) SetAccessKeyId(v string) *AccessKeyMetadata {
	s.AccessKeyId = &v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *AccessKeyMetadata) SetCreateDate(v time.Time) *AccessKeyMetadata {
	s.CreateDate = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *AccessKeyMetadata) SetStatus(v string) *AccessKeyMetadata {
	s.Status = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *AccessKeyMetadata) SetUserName(v string) *AccessKeyMetadata {
	s.UserName = &v
	return s
}

type AddClientIDToOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// The client ID (also known as audience) to add to the IAM OpenID Connect provider
	// resource.
	//
	// ClientID is a required field
	ClientID *string `min:"1" type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider
	// resource to add the client ID to. You can get a list of OIDC provider ARNs
	// by using the ListOpenIDConnectProviders operation.
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddClientIDToOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddClientIDToOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AddClientIDToOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AddClientIDToOpenIDConnectProviderInput"}
	if s.ClientID == nil {
		invalidParams.Add(request.NewErrParamRequired("ClientID"))
	}
	if s.ClientID != nil && len(*s.ClientID) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ClientID", 1))
	}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetClientID sets the ClientID field's value.
func (s *AddClientIDToOpenIDConnectProviderInput) SetClientID(v string) *AddClientIDToOpenIDConnectProviderInput {
	s.ClientID = &v
	return s
}

// SetOpenIDConnectProviderArn sets the OpenIDConnectProviderArn field's value.
func (s *AddClientIDToOpenIDConnectProviderInput) SetOpenIDConnectProviderArn(v string) *AddClientIDToOpenIDConnectProviderInput {
	s.OpenIDConnectProviderArn = &v
	return s
}

type AddClientIDToOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddClientIDToOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddClientIDToOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

type AddRoleToInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the instance profile to update.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// The name of the role to add.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddRoleToInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddRoleToInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AddRoleToInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AddRoleToInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetInstanceProfileName sets the InstanceProfileName field's value.
func (s *AddRoleToInstanceProfileInput) SetInstanceProfileName(v string) *AddRoleToInstanceProfileInput {
	s.InstanceProfileName = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *AddRoleToInstanceProfileInput) SetRoleName(v string) *AddRoleToInstanceProfileInput {
	s.RoleName = &v
	return s
}

type AddRoleToInstanceProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddRoleToInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddRoleToInstanceProfileOutput) GoString() string {
	return s.String()
}

type AddUserToGroupInput struct {
	_ struct{} `type:"structure"`

	// The name of the group to update.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The name of the user to add.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddUserToGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddUserToGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AddUserToGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AddUserToGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *AddUserToGroupInput) SetGroupName(v string) *AddUserToGroupInput {
	s.GroupName = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *AddUserToGroupInput) SetUserName(v string) *AddUserToGroupInput {
	s.UserName = &v
	return s
}

type AddUserToGroupOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddUserToGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AddUserToGroupOutput) GoString() string {
	return s.String()
}

type AttachGroupPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name (friendly name, not ARN) of the group to attach the policy to.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to attach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachGroupPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachGroupPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AttachGroupPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AttachGroupPolicyInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *AttachGroupPolicyInput) SetGroupName(v string) *AttachGroupPolicyInput {
	s.GroupName = &v
	return s
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *AttachGroupPolicyInput) SetPolicyArn(v string) *AttachGroupPolicyInput {
	s.PolicyArn = &v
	return s
}

type AttachGroupPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachGroupPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachGroupPolicyOutput) GoString() string {
	return s.String()
}

type AttachRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to attach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the role to attach the policy to.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AttachRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AttachRolePolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *AttachRolePolicyInput) SetPolicyArn(v string) *AttachRolePolicyInput {
	s.PolicyArn = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *AttachRolePolicyInput) SetRoleName(v string) *AttachRolePolicyInput {
	s.RoleName = &v
	return s
}

type AttachRolePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachRolePolicyOutput) GoString() string {
	return s.String()
}

type AttachUserPolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to attach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the IAM user to attach the policy to.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachUserPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachUserPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AttachUserPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AttachUserPolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *AttachUserPolicyInput) SetPolicyArn(v string) *AttachUserPolicyInput {
	s.PolicyArn = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *AttachUserPolicyInput) SetUserName(v string) *AttachUserPolicyInput {
	s.UserName = &v
	return s
}

type AttachUserPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachUserPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachUserPolicyOutput) GoString() string {
	return s.String()
}

// Contains information about an attached permissions boundary.
//
// An attached permissions boundary is a managed policy that has been attached
// to a user or role to set the permissions boundary.
//
// For more information about permissions boundaries, see Permissions boundaries
// for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
// in the IAM User Guide.
type AttachedPermissionsBoundary struct {
	_ struct{} `type:"structure"`

	// The ARN of the policy used to set the permissions boundary for the user or
	// role.
	PermissionsBoundaryArn *string `min:"20" type:"string"`

	// The permissions boundary usage type that indicates what type of IAM resource
	// is used as the permissions boundary for an entity. This data type can only
	// have a value of Policy.
	PermissionsBoundaryType *string `type:"string" enum:"PermissionsBoundaryAttachmentType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachedPermissionsBoundary) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachedPermissionsBoundary) GoString() string {
	return s.String()
}

// SetPermissionsBoundaryArn sets the PermissionsBoundaryArn field's value.
func (s *AttachedPermissionsBoundary) SetPermissionsBoundaryArn(v string) *AttachedPermissionsBoundary {
	s.PermissionsBoundaryArn = &v
	return s
}

// SetPermissionsBoundaryType sets the PermissionsBoundaryType field's value.
func (s *AttachedPermissionsBoundary) SetPermissionsBoundaryType(v string) *AttachedPermissionsBoundary {
	s.PermissionsBoundaryType = &v
	return s
}

// Contains information about an attached policy.
//
// An attached policy is a managed policy that has been attached to a user,
// group, or role. This data type is used as a response element in the ListAttachedGroupPolicies,
// ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails
// operations.
//
// For more information about managed policies, refer to Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
type AttachedPolicy struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	PolicyArn *string `min:"20" type:"string"`

	// The friendly name of the attached policy.
	PolicyName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachedPolicy) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttachedPolicy) GoString() string {
	return s.String()
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *AttachedPolicy) SetPolicyArn(v string) *AttachedPolicy {
	s.PolicyArn = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *AttachedPolicy) SetPolicyName(v string) *AttachedPolicy {
	s.PolicyName = &v
	return s
}

type ChangePasswordInput struct {
	_ struct{} `type:"structure"`

	// The new password. The new password must conform to the Amazon Web Services
	// account's password policy, if one exists.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
	// this parameter is a string of characters. That string can include almost
	// any printable ASCII character from the space (\u0020) through the end of
	// the ASCII character range (\u00FF). You can also include the tab (\u0009),
	// line feed (\u000A), and carriage return (\u000D) characters. Any of these
	// characters are valid in a password. However, many tools, such as the Amazon
	// Web Services Management Console, might restrict the ability to type certain
	// characters because they have special meaning within that tool.
	//
	// NewPassword is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by ChangePasswordInput's
	// String and GoString methods.
	//
	// NewPassword is a required field
	NewPassword *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The IAM user's current password.
	//
	// OldPassword is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by ChangePasswordInput's
	// String and GoString methods.
	//
	// OldPassword is a required field
	OldPassword *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ChangePasswordInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ChangePasswordInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ChangePasswordInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ChangePasswordInput"}
	if s.NewPassword == nil {
		invalidParams.Add(request.NewErrParamRequired("NewPassword"))
	}
	if s.NewPassword != nil && len(*s.NewPassword) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewPassword", 1))
	}
	if s.OldPassword == nil {
		invalidParams.Add(request.NewErrParamRequired("OldPassword"))
	}
	if s.OldPassword != nil && len(*s.OldPassword) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("OldPassword", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetNewPassword sets the NewPassword field's value.
func (s *ChangePasswordInput) SetNewPassword(v string) *ChangePasswordInput {
	s.NewPassword = &v
	return s
}

// SetOldPassword sets the OldPassword field's value.
func (s *ChangePasswordInput) SetOldPassword(v string) *ChangePasswordInput {
	s.OldPassword = &v
	return s
}

type ChangePasswordOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ChangePasswordOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ChangePasswordOutput) GoString() string {
	return s.String()
}

// Contains information about a condition context key. It includes the name
// of the key and specifies the value (or values, if the context key supports
// multiple values) to use in the simulation. This information is used when
// evaluating the Condition elements of the input policies.
//
// This data type is used as an input parameter to SimulateCustomPolicy and
// SimulatePrincipalPolicy.
type ContextEntry struct {
	_ struct{} `type:"structure"`

	// The full name of a condition context key, including the service prefix. For
	// example, aws:SourceIp or s3:VersionId.
	ContextKeyName *string `min:"5" type:"string"`

	// The data type of the value (or values) specified in the ContextKeyValues
	// parameter.
	ContextKeyType *string `type:"string" enum:"ContextKeyTypeEnum"`

	// The value (or values, if the condition context key supports multiple values)
	// to provide to the simulation when the key is referenced by a Condition element
	// in an input policy.
	ContextKeyValues []*string `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ContextEntry) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ContextEntry) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ContextEntry) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ContextEntry"}
	if s.ContextKeyName != nil && len(*s.ContextKeyName) < 5 {
		invalidParams.Add(request.NewErrParamMinLen("ContextKeyName", 5))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetContextKeyName sets the ContextKeyName field's value.
func (s *ContextEntry) SetContextKeyName(v string) *ContextEntry {
	s.ContextKeyName = &v
	return s
}

// SetContextKeyType sets the ContextKeyType field's value.
func (s *ContextEntry) SetContextKeyType(v string) *ContextEntry {
	s.ContextKeyType = &v
	return s
}

// SetContextKeyValues sets the ContextKeyValues field's value.
func (s *ContextEntry) SetContextKeyValues(v []*string) *ContextEntry {
	s.ContextKeyValues = v
	return s
}

type CreateAccessKeyInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM user that the new key will belong to.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccessKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccessKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateAccessKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateAccessKeyInput"}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetUserName sets the UserName field's value.
func (s *CreateAccessKeyInput) SetUserName(v string) *CreateAccessKeyInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful CreateAccessKey request.
type CreateAccessKeyOutput struct {
	_ struct{} `type:"structure"`

	// A structure with details about the access key.
	//
	// AccessKey is a required field
	AccessKey *AccessKey `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccessKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccessKeyOutput) GoString() string {
	return s.String()
}

// SetAccessKey sets the AccessKey field's value.
func (s *CreateAccessKeyOutput) SetAccessKey(v *AccessKey) *CreateAccessKeyOutput {
	s.AccessKey = v
	return s
}

type CreateAccountAliasInput struct {
	_ struct{} `type:"structure"`

	// The account alias to create.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of lowercase letters, digits, and dashes.
	// You cannot start or finish with a dash, nor can you have two dashes in a
	// row.
	//
	// AccountAlias is a required field
	AccountAlias *string `min:"3" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateAccountAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateAccountAliasInput"}
	if s.AccountAlias == nil {
		invalidParams.Add(request.NewErrParamRequired("AccountAlias"))
	}
	if s.AccountAlias != nil && len(*s.AccountAlias) < 3 {
		invalidParams.Add(request.NewErrParamMinLen("AccountAlias", 3))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAccountAlias sets the AccountAlias field's value.
func (s *CreateAccountAliasInput) SetAccountAlias(v string) *CreateAccountAliasInput {
	s.AccountAlias = &v
	return s
}

type CreateAccountAliasOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAccountAliasOutput) GoString() string {
	return s.String()
}

type CreateGroupInput struct {
	_ struct{} `type:"structure"`

	// The name of the group to create. Do not include the path in this value.
	//
	// IAM user, group, role, and policy names must be unique within the account.
	// Names are not distinguished by case. For example, you cannot create resources
	// named both "MyResource" and "myresource".
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The path to the group. For more information about paths, see IAM identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	Path *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *CreateGroupInput) SetGroupName(v string) *CreateGroupInput {
	s.GroupName = &v
	return s
}

// SetPath sets the Path field's value.
func (s *CreateGroupInput) SetPath(v string) *CreateGroupInput {
	s.Path = &v
	return s
}

// Contains the response to a successful CreateGroup request.
type CreateGroupOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new group.
	//
	// Group is a required field
	Group *Group `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateGroupOutput) GoString() string {
	return s.String()
}

// SetGroup sets the Group field's value.
func (s *CreateGroupOutput) SetGroup(v *Group) *CreateGroupOutput {
	s.Group = v
	return s
}

type CreateInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the instance profile to create.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// The path to the instance profile. For more information about paths, see IAM
	// Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	Path *string `min:"1" type:"string"`

	// A list of tags that you want to attach to the newly created IAM instance
	// profile. Each tag consists of a key name and an associated value. For more
	// information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	//
	// If any one of the tags is invalid or if you exceed the allowed maximum number
	// of tags, then the entire request fails and the resource is not created.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetInstanceProfileName sets the InstanceProfileName field's value.
func (s *CreateInstanceProfileInput) SetInstanceProfileName(v string) *CreateInstanceProfileInput {
	s.InstanceProfileName = &v
	return s
}

// SetPath sets the Path field's value.
func (s *CreateInstanceProfileInput) SetPath(v string) *CreateInstanceProfileInput {
	s.Path = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreateInstanceProfileInput) SetTags(v []*Tag) *CreateInstanceProfileInput {
	s.Tags = v
	return s
}

// Contains the response to a successful CreateInstanceProfile request.
type CreateInstanceProfileOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new instance profile.
	//
	// InstanceProfile is a required field
	InstanceProfile *InstanceProfile `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateInstanceProfileOutput) GoString() string {
	return s.String()
}

// SetInstanceProfile sets the InstanceProfile field's value.
func (s *CreateInstanceProfileOutput) SetInstanceProfile(v *InstanceProfile) *CreateInstanceProfileOutput {
	s.InstanceProfile = v
	return s
}

type CreateLoginProfileInput struct {
	_ struct{} `type:"structure"`

	// The new password for the user.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
	// this parameter is a string of characters. That string can include almost
	// any printable ASCII character from the space (\u0020) through the end of
	// the ASCII character range (\u00FF). You can also include the tab (\u0009),
	// line feed (\u000A), and carriage return (\u000D) characters. Any of these
	// characters are valid in a password. However, many tools, such as the Amazon
	// Web Services Management Console, might restrict the ability to type certain
	// characters because they have special meaning within that tool.
	//
	// Password is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateLoginProfileInput's
	// String and GoString methods.
	//
	// Password is a required field
	Password *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// Specifies whether the user is required to set a new password on next sign-in.
	PasswordResetRequired *bool `type:"boolean"`

	// The name of the IAM user to create a password for. The user must already
	// exist.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateLoginProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateLoginProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateLoginProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateLoginProfileInput"}
	if s.Password == nil {
		invalidParams.Add(request.NewErrParamRequired("Password"))
	}
	if s.Password != nil && len(*s.Password) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Password", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPassword sets the Password field's value.
func (s *CreateLoginProfileInput) SetPassword(v string) *CreateLoginProfileInput {
	s.Password = &v
	return s
}

// SetPasswordResetRequired sets the PasswordResetRequired field's value.
func (s *CreateLoginProfileInput) SetPasswordResetRequired(v bool) *CreateLoginProfileInput {
	s.PasswordResetRequired = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *CreateLoginProfileInput) SetUserName(v string) *CreateLoginProfileInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful CreateLoginProfile request.
type CreateLoginProfileOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing the user name and password create date.
	//
	// LoginProfile is a required field
	LoginProfile *LoginProfile `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateLoginProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateLoginProfileOutput) GoString() string {
	return s.String()
}

// SetLoginProfile sets the LoginProfile field's value.
func (s *CreateLoginProfileOutput) SetLoginProfile(v *LoginProfile) *CreateLoginProfileOutput {
	s.LoginProfile = v
	return s
}

type CreateOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// Provides a list of client IDs, also known as audiences. When a mobile or
	// web app registers with an OpenID Connect provider, they establish a value
	// that identifies the application. This is the value that's sent as the client_id
	// parameter on OAuth requests.
	//
	// You can register multiple client IDs with the same provider. For example,
	// you might have multiple applications that use the same OIDC provider. You
	// cannot register more than 100 client IDs with a single IAM OIDC provider.
	//
	// There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest
	// operation accepts client IDs up to 255 characters long.
	ClientIDList []*string `type:"list"`

	// A list of tags that you want to attach to the new IAM OpenID Connect (OIDC)
	// provider. Each tag consists of a key name and an associated value. For more
	// information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	//
	// If any one of the tags is invalid or if you exceed the allowed maximum number
	// of tags, then the entire request fails and the resource is not created.
	Tags []*Tag `type:"list"`

	// A list of server certificate thumbprints for the OpenID Connect (OIDC) identity
	// provider's server certificates. Typically this list includes only one entry.
	// However, IAM lets you have up to five thumbprints for an OIDC provider. This
	// lets you maintain multiple thumbprints if the identity provider is rotating
	// certificates.
	//
	// The server certificate thumbprint is the hex-encoded SHA-1 hash value of
	// the X.509 certificate used by the domain where the OpenID Connect provider
	// makes its keys available. It is always a 40-character string.
	//
	// You must provide at least one thumbprint when creating an IAM OIDC provider.
	// For example, assume that the OIDC provider is server.example.com and the
	// provider stores its keys at https://keys.server.example.com/openid-connect.
	// In that case, the thumbprint string would be the hex-encoded SHA-1 hash value
	// of the certificate used by https://keys.server.example.com.
	//
	// For more information about obtaining the OIDC provider thumbprint, see Obtaining
	// the thumbprint for an OpenID Connect provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html)
	// in the IAM User Guide.
	//
	// ThumbprintList is a required field
	ThumbprintList []*string `type:"list" required:"true"`

	// The URL of the identity provider. The URL must begin with https:// and should
	// correspond to the iss claim in the provider's OpenID Connect ID tokens. Per
	// the OIDC standard, path components are allowed but query parameters are not.
	// Typically the URL consists of only a hostname, like https://server.example.org
	// or https://example.com. The URL should not contain a port number.
	//
	// You cannot register the same provider multiple times in a single Amazon Web
	// Services account. If you try to submit a URL that has already been used for
	// an OpenID Connect provider in the Amazon Web Services account, you will get
	// an error.
	//
	// Url is a required field
	Url *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateOpenIDConnectProviderInput"}
	if s.ThumbprintList == nil {
		invalidParams.Add(request.NewErrParamRequired("ThumbprintList"))
	}
	if s.Url == nil {
		invalidParams.Add(request.NewErrParamRequired("Url"))
	}
	if s.Url != nil && len(*s.Url) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Url", 1))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetClientIDList sets the ClientIDList field's value.
func (s *CreateOpenIDConnectProviderInput) SetClientIDList(v []*string) *CreateOpenIDConnectProviderInput {
	s.ClientIDList = v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreateOpenIDConnectProviderInput) SetTags(v []*Tag) *CreateOpenIDConnectProviderInput {
	s.Tags = v
	return s
}

// SetThumbprintList sets the ThumbprintList field's value.
func (s *CreateOpenIDConnectProviderInput) SetThumbprintList(v []*string) *CreateOpenIDConnectProviderInput {
	s.ThumbprintList = v
	return s
}

// SetUrl sets the Url field's value.
func (s *CreateOpenIDConnectProviderInput) SetUrl(v string) *CreateOpenIDConnectProviderInput {
	s.Url = &v
	return s
}

// Contains the response to a successful CreateOpenIDConnectProvider request.
type CreateOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider that
	// is created. For more information, see OpenIDConnectProviderListEntry.
	OpenIDConnectProviderArn *string `min:"20" type:"string"`

	// A list of tags that are attached to the new IAM OIDC provider. The returned
	// list of tags is sorted by tag key. For more information about tagging, see
	// Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

// SetOpenIDConnectProviderArn sets the OpenIDConnectProviderArn field's value.
func (s *CreateOpenIDConnectProviderOutput) SetOpenIDConnectProviderArn(v string) *CreateOpenIDConnectProviderOutput {
	s.OpenIDConnectProviderArn = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreateOpenIDConnectProviderOutput) SetTags(v []*Tag) *CreateOpenIDConnectProviderOutput {
	s.Tags = v
	return s
}

type CreatePolicyInput struct {
	_ struct{} `type:"structure"`

	// A friendly description of the policy.
	//
	// Typically used to store information about the permissions defined in the
	// policy. For example, "Grants access to production DynamoDB tables."
	//
	// The policy description is immutable. After a value is assigned, it cannot
	// be changed.
	Description *string `type:"string"`

	// The path for the policy.
	//
	// For more information about paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	//
	// You cannot use an asterisk (*) in the path name.
	Path *string `min:"1" type:"string"`

	// The JSON policy document that you want to use as the content for the new
	// policy.
	//
	// You must provide policies in JSON format in IAM. However, for CloudFormation
	// templates formatted in YAML, you can provide the policy in JSON or YAML format.
	// CloudFormation always converts a YAML policy to JSON format before submitting
	// it to IAM.
	//
	// The maximum length of the policy document that you can pass in this operation,
	// including whitespace, is listed below. To view the maximum character counts
	// of a managed policy with no whitespaces, see IAM and STS character quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//
	// To learn more about JSON policy grammar, see Grammar of the IAM JSON policy
	// language (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html)
	// in the IAM User Guide.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The friendly name of the policy.
	//
	// IAM user, group, role, and policy names must be unique within the account.
	// Names are not distinguished by case. For example, you cannot create resources
	// named both "MyResource" and "myresource".
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// A list of tags that you want to attach to the new IAM customer managed policy.
	// Each tag consists of a key name and an associated value. For more information
	// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	//
	// If any one of the tags is invalid or if you exceed the allowed maximum number
	// of tags, then the entire request fails and the resource is not created.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreatePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDescription sets the Description field's value.
func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput {
	s.Description = &v
	return s
}

// SetPath sets the Path field's value.
func (s *CreatePolicyInput) SetPath(v string) *CreatePolicyInput {
	s.Path = &v
	return s
}

// SetPolicyDocument sets the PolicyDocument field's value.
func (s *CreatePolicyInput) SetPolicyDocument(v string) *CreatePolicyInput {
	s.PolicyDocument = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *CreatePolicyInput) SetPolicyName(v string) *CreatePolicyInput {
	s.PolicyName = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreatePolicyInput) SetTags(v []*Tag) *CreatePolicyInput {
	s.Tags = v
	return s
}

// Contains the response to a successful CreatePolicy request.
type CreatePolicyOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new policy.
	Policy *Policy `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyOutput) GoString() string {
	return s.String()
}

// SetPolicy sets the Policy field's value.
func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput {
	s.Policy = v
	return s
}

type CreatePolicyVersionInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy to which you want to add
	// a new version.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The JSON policy document that you want to use as the content for this new
	// version of the policy.
	//
	// You must provide policies in JSON format in IAM. However, for CloudFormation
	// templates formatted in YAML, you can provide the policy in JSON or YAML format.
	// CloudFormation always converts a YAML policy to JSON format before submitting
	// it to IAM.
	//
	// The maximum length of the policy document that you can pass in this operation,
	// including whitespace, is listed below. To view the maximum character counts
	// of a managed policy with no whitespaces, see IAM and STS character quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// Specifies whether to set this version as the policy's default version.
	//
	// When this parameter is true, the new policy version becomes the operative
	// version. That is, it becomes the version that is in effect for the IAM users,
	// groups, and roles that the policy is attached to.
	//
	// For more information about managed policy versions, see Versioning for managed
	// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	SetAsDefault *bool `type:"boolean"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyVersionInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyVersionInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreatePolicyVersionInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyVersionInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *CreatePolicyVersionInput) SetPolicyArn(v string) *CreatePolicyVersionInput {
	s.PolicyArn = &v
	return s
}

// SetPolicyDocument sets the PolicyDocument field's value.
func (s *CreatePolicyVersionInput) SetPolicyDocument(v string) *CreatePolicyVersionInput {
	s.PolicyDocument = &v
	return s
}

// SetSetAsDefault sets the SetAsDefault field's value.
func (s *CreatePolicyVersionInput) SetSetAsDefault(v bool) *CreatePolicyVersionInput {
	s.SetAsDefault = &v
	return s
}

// Contains the response to a successful CreatePolicyVersion request.
type CreatePolicyVersionOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new policy version.
	PolicyVersion *PolicyVersion `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyVersionOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyVersionOutput) GoString() string {
	return s.String()
}

// SetPolicyVersion sets the PolicyVersion field's value.
func (s *CreatePolicyVersionOutput) SetPolicyVersion(v *PolicyVersion) *CreatePolicyVersionOutput {
	s.PolicyVersion = v
	return s
}

type CreateRoleInput struct {
	_ struct{} `type:"structure"`

	// The trust relationship policy document that grants an entity permission to
	// assume the role.
	//
	// In IAM, you must provide a JSON policy that has been converted to a string.
	// However, for CloudFormation templates formatted in YAML, you can provide
	// the policy in JSON or YAML format. CloudFormation always converts a YAML
	// policy to JSON format before submitting it to IAM.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// Upon success, the response includes the same trust policy in JSON format.
	//
	// AssumeRolePolicyDocument is a required field
	AssumeRolePolicyDocument *string `min:"1" type:"string" required:"true"`

	// A description of the role.
	Description *string `type:"string"`

	// The maximum session duration (in seconds) that you want to set for the specified
	// role. If you do not specify a value for this setting, the default maximum
	// of one hour is applied. This setting can have a value from 1 hour to 12 hours.
	//
	// Anyone who assumes the role from the or API can use the DurationSeconds API
	// parameter or the duration-seconds CLI parameter to request a longer session.
	// The MaxSessionDuration setting determines the maximum duration that can be
	// requested using the DurationSeconds parameter. If users don't specify a value
	// for the DurationSeconds parameter, their security credentials are valid for
	// one hour by default. This applies when you use the AssumeRole* API operations
	// or the assume-role* CLI operations but does not apply when you use those
	// operations to create a console URL. For more information, see Using IAM roles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the
	// IAM User Guide.
	MaxSessionDuration *int64 `min:"3600" type:"integer"`

	// The path to the role. For more information about paths, see IAM Identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	Path *string `min:"1" type:"string"`

	// The ARN of the policy that is used to set the permissions boundary for the
	// role.
	PermissionsBoundary *string `min:"20" type:"string"`

	// The name of the role to create.
	//
	// IAM user, group, role, and policy names must be unique within the account.
	// Names are not distinguished by case. For example, you cannot create resources
	// named both "MyResource" and "myresource".
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`

	// A list of tags that you want to attach to the new role. Each tag consists
	// of a key name and an associated value. For more information about tagging,
	// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	//
	// If any one of the tags is invalid or if you exceed the allowed maximum number
	// of tags, then the entire request fails and the resource is not created.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateRoleInput"}
	if s.AssumeRolePolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("AssumeRolePolicyDocument"))
	}
	if s.AssumeRolePolicyDocument != nil && len(*s.AssumeRolePolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("AssumeRolePolicyDocument", 1))
	}
	if s.MaxSessionDuration != nil && *s.MaxSessionDuration < 3600 {
		invalidParams.Add(request.NewErrParamMinValue("MaxSessionDuration", 3600))
	}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}
	if s.PermissionsBoundary != nil && len(*s.PermissionsBoundary) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PermissionsBoundary", 20))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAssumeRolePolicyDocument sets the AssumeRolePolicyDocument field's value.
func (s *CreateRoleInput) SetAssumeRolePolicyDocument(v string) *CreateRoleInput {
	s.AssumeRolePolicyDocument = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *CreateRoleInput) SetDescription(v string) *CreateRoleInput {
	s.Description = &v
	return s
}

// SetMaxSessionDuration sets the MaxSessionDuration field's value.
func (s *CreateRoleInput) SetMaxSessionDuration(v int64) *CreateRoleInput {
	s.MaxSessionDuration = &v
	return s
}

// SetPath sets the Path field's value.
func (s *CreateRoleInput) SetPath(v string) *CreateRoleInput {
	s.Path = &v
	return s
}

// SetPermissionsBoundary sets the PermissionsBoundary field's value.
func (s *CreateRoleInput) SetPermissionsBoundary(v string) *CreateRoleInput {
	s.PermissionsBoundary = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *CreateRoleInput) SetRoleName(v string) *CreateRoleInput {
	s.RoleName = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreateRoleInput) SetTags(v []*Tag) *CreateRoleInput {
	s.Tags = v
	return s
}

// Contains the response to a successful CreateRole request.
type CreateRoleOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new role.
	//
	// Role is a required field
	Role *Role `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateRoleOutput) GoString() string {
	return s.String()
}

// SetRole sets the Role field's value.
func (s *CreateRoleOutput) SetRole(v *Role) *CreateRoleOutput {
	s.Role = v
	return s
}

type CreateSAMLProviderInput struct {
	_ struct{} `type:"structure"`

	// The name of the provider to create.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// Name is a required field
	Name *string `min:"1" type:"string" required:"true"`

	// An XML document generated by an identity provider (IdP) that supports SAML
	// 2.0. The document includes the issuer's name, expiration information, and
	// keys that can be used to validate the SAML authentication response (assertions)
	// that are received from the IdP. You must generate the metadata document using
	// the identity management software that is used as your organization's IdP.
	//
	// For more information, see About SAML 2.0-based federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
	// in the IAM User Guide
	//
	// SAMLMetadataDocument is a required field
	SAMLMetadataDocument *string `min:"1000" type:"string" required:"true"`

	// A list of tags that you want to attach to the new IAM SAML provider. Each
	// tag consists of a key name and an associated value. For more information
	// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	//
	// If any one of the tags is invalid or if you exceed the allowed maximum number
	// of tags, then the entire request fails and the resource is not created.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateSAMLProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateSAMLProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateSAMLProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateSAMLProviderInput"}
	if s.Name == nil {
		invalidParams.Add(request.NewErrParamRequired("Name"))
	}
	if s.Name != nil && len(*s.Name) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
	}
	if s.SAMLMetadataDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLMetadataDocument"))
	}
	if s.SAMLMetadataDocument != nil && len(*s.SAMLMetadataDocument) < 1000 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLMetadataDocument", 1000))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetName sets the Name field's value.
func (s *CreateSAMLProviderInput) SetName(v string) *CreateSAMLProviderInput {
	s.Name = &v
	return s
}

// SetSAMLMetadataDocument sets the SAMLMetadataDocument field's value.
func (s *CreateSAMLProviderInput) SetSAMLMetadataDocument(v string) *CreateSAMLProviderInput {
	s.SAMLMetadataDocument = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreateSAMLProviderInput) SetTags(v []*Tag) *CreateSAMLProviderInput {
	s.Tags = v
	return s
}

// Contains the response to a successful CreateSAMLProvider request.
type CreateSAMLProviderOutput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the new SAML provider resource in IAM.
	SAMLProviderArn *string `min:"20" type:"string"`

	// A list of tags that are attached to the new IAM SAML provider. The returned
	// list of tags is sorted by tag key. For more information about tagging, see
	// Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateSAMLProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateSAMLProviderOutput) GoString() string {
	return s.String()
}

// SetSAMLProviderArn sets the SAMLProviderArn field's value.
func (s *CreateSAMLProviderOutput) SetSAMLProviderArn(v string) *CreateSAMLProviderOutput {
	s.SAMLProviderArn = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreateSAMLProviderOutput) SetTags(v []*Tag) *CreateSAMLProviderOutput {
	s.Tags = v
	return s
}

type CreateServiceLinkedRoleInput struct {
	_ struct{} `type:"structure"`

	// The service principal for the Amazon Web Services service to which this role
	// is attached. You use a string similar to a URL but without the http:// in
	// front. For example: elasticbeanstalk.amazonaws.com.
	//
	// Service principals are unique and case-sensitive. To find the exact service
	// principal for your service-linked role, see Amazon Web Services services
	// that work with IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
	// in the IAM User Guide. Look for the services that have Yes in the Service-Linked
	// Role column. Choose the Yes link to view the service-linked role documentation
	// for that service.
	//
	// AWSServiceName is a required field
	AWSServiceName *string `min:"1" type:"string" required:"true"`

	// A string that you provide, which is combined with the service-provided prefix
	// to form the complete role name. If you make multiple requests for the same
	// service, then you must supply a different CustomSuffix for each request.
	// Otherwise the request fails with a duplicate role name error. For example,
	// you could add -1 or -debug to the suffix.
	//
	// Some services do not support the CustomSuffix parameter. If you provide an
	// optional suffix and the operation fails, try the operation again without
	// the suffix.
	CustomSuffix *string `min:"1" type:"string"`

	// The description of the role.
	Description *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateServiceLinkedRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateServiceLinkedRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateServiceLinkedRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateServiceLinkedRoleInput"}
	if s.AWSServiceName == nil {
		invalidParams.Add(request.NewErrParamRequired("AWSServiceName"))
	}
	if s.AWSServiceName != nil && len(*s.AWSServiceName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("AWSServiceName", 1))
	}
	if s.CustomSuffix != nil && len(*s.CustomSuffix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CustomSuffix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAWSServiceName sets the AWSServiceName field's value.
func (s *CreateServiceLinkedRoleInput) SetAWSServiceName(v string) *CreateServiceLinkedRoleInput {
	s.AWSServiceName = &v
	return s
}

// SetCustomSuffix sets the CustomSuffix field's value.
func (s *CreateServiceLinkedRoleInput) SetCustomSuffix(v string) *CreateServiceLinkedRoleInput {
	s.CustomSuffix = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *CreateServiceLinkedRoleInput) SetDescription(v string) *CreateServiceLinkedRoleInput {
	s.Description = &v
	return s
}

type CreateServiceLinkedRoleOutput struct {
	_ struct{} `type:"structure"`

	// A Role object that contains details about the newly created role.
	Role *Role `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateServiceLinkedRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateServiceLinkedRoleOutput) GoString() string {
	return s.String()
}

// SetRole sets the Role field's value.
func (s *CreateServiceLinkedRoleOutput) SetRole(v *Role) *CreateServiceLinkedRoleOutput {
	s.Role = v
	return s
}

type CreateServiceSpecificCredentialInput struct {
	_ struct{} `type:"structure"`

	// The name of the Amazon Web Services service that is to be associated with
	// the credentials. The service you specify here is the only service that can
	// be accessed using these credentials.
	//
	// ServiceName is a required field
	ServiceName *string `type:"string" required:"true"`

	// The name of the IAM user that is to be associated with the credentials. The
	// new service-specific credentials have the same permissions as the associated
	// user except that they can be used only to access the specified service.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateServiceSpecificCredentialInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateServiceSpecificCredentialInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateServiceSpecificCredentialInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateServiceSpecificCredentialInput"}
	if s.ServiceName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServiceName"))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetServiceName sets the ServiceName field's value.
func (s *CreateServiceSpecificCredentialInput) SetServiceName(v string) *CreateServiceSpecificCredentialInput {
	s.ServiceName = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *CreateServiceSpecificCredentialInput) SetUserName(v string) *CreateServiceSpecificCredentialInput {
	s.UserName = &v
	return s
}

type CreateServiceSpecificCredentialOutput struct {
	_ struct{} `type:"structure"`

	// A structure that contains information about the newly created service-specific
	// credential.
	//
	// This is the only time that the password for this credential set is available.
	// It cannot be recovered later. Instead, you must reset the password with ResetServiceSpecificCredential.
	ServiceSpecificCredential *ServiceSpecificCredential `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateServiceSpecificCredentialOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateServiceSpecificCredentialOutput) GoString() string {
	return s.String()
}

// SetServiceSpecificCredential sets the ServiceSpecificCredential field's value.
func (s *CreateServiceSpecificCredentialOutput) SetServiceSpecificCredential(v *ServiceSpecificCredential) *CreateServiceSpecificCredentialOutput {
	s.ServiceSpecificCredential = v
	return s
}

type CreateUserInput struct {
	_ struct{} `type:"structure"`

	// The path for the user name. For more information about paths, see IAM identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	Path *string `min:"1" type:"string"`

	// The ARN of the policy that is used to set the permissions boundary for the
	// user.
	PermissionsBoundary *string `min:"20" type:"string"`

	// A list of tags that you want to attach to the new user. Each tag consists
	// of a key name and an associated value. For more information about tagging,
	// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	//
	// If any one of the tags is invalid or if you exceed the allowed maximum number
	// of tags, then the entire request fails and the resource is not created.
	Tags []*Tag `type:"list"`

	// The name of the user to create.
	//
	// IAM user, group, role, and policy names must be unique within the account.
	// Names are not distinguished by case. For example, you cannot create resources
	// named both "MyResource" and "myresource".
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateUserInput"}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}
	if s.PermissionsBoundary != nil && len(*s.PermissionsBoundary) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PermissionsBoundary", 20))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPath sets the Path field's value.
func (s *CreateUserInput) SetPath(v string) *CreateUserInput {
	s.Path = &v
	return s
}

// SetPermissionsBoundary sets the PermissionsBoundary field's value.
func (s *CreateUserInput) SetPermissionsBoundary(v string) *CreateUserInput {
	s.PermissionsBoundary = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreateUserInput) SetTags(v []*Tag) *CreateUserInput {
	s.Tags = v
	return s
}

// SetUserName sets the UserName field's value.
func (s *CreateUserInput) SetUserName(v string) *CreateUserInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful CreateUser request.
type CreateUserOutput struct {
	_ struct{} `type:"structure"`

	// A structure with details about the new IAM user.
	User *User `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateUserOutput) GoString() string {
	return s.String()
}

// SetUser sets the User field's value.
func (s *CreateUserOutput) SetUser(v *User) *CreateUserOutput {
	s.User = v
	return s
}

type CreateVirtualMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// The path for the virtual MFA device. For more information about paths, see
	// IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	Path *string `min:"1" type:"string"`

	// A list of tags that you want to attach to the new IAM virtual MFA device.
	// Each tag consists of a key name and an associated value. For more information
	// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	//
	// If any one of the tags is invalid or if you exceed the allowed maximum number
	// of tags, then the entire request fails and the resource is not created.
	Tags []*Tag `type:"list"`

	// The name of the virtual MFA device. Use with path to uniquely identify a
	// virtual MFA device.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// VirtualMFADeviceName is a required field
	VirtualMFADeviceName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateVirtualMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateVirtualMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateVirtualMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateVirtualMFADeviceInput"}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}
	if s.VirtualMFADeviceName == nil {
		invalidParams.Add(request.NewErrParamRequired("VirtualMFADeviceName"))
	}
	if s.VirtualMFADeviceName != nil && len(*s.VirtualMFADeviceName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("VirtualMFADeviceName", 1))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPath sets the Path field's value.
func (s *CreateVirtualMFADeviceInput) SetPath(v string) *CreateVirtualMFADeviceInput {
	s.Path = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreateVirtualMFADeviceInput) SetTags(v []*Tag) *CreateVirtualMFADeviceInput {
	s.Tags = v
	return s
}

// SetVirtualMFADeviceName sets the VirtualMFADeviceName field's value.
func (s *CreateVirtualMFADeviceInput) SetVirtualMFADeviceName(v string) *CreateVirtualMFADeviceInput {
	s.VirtualMFADeviceName = &v
	return s
}

// Contains the response to a successful CreateVirtualMFADevice request.
type CreateVirtualMFADeviceOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new virtual MFA device.
	//
	// VirtualMFADevice is a required field
	VirtualMFADevice *VirtualMFADevice `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateVirtualMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateVirtualMFADeviceOutput) GoString() string {
	return s.String()
}

// SetVirtualMFADevice sets the VirtualMFADevice field's value.
func (s *CreateVirtualMFADeviceOutput) SetVirtualMFADevice(v *VirtualMFADevice) *CreateVirtualMFADeviceOutput {
	s.VirtualMFADevice = v
	return s
}

type DeactivateMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the device ARN.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@:/-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// The name of the user whose MFA device you want to deactivate.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeactivateMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeactivateMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeactivateMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeactivateMFADeviceInput"}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSerialNumber sets the SerialNumber field's value.
func (s *DeactivateMFADeviceInput) SetSerialNumber(v string) *DeactivateMFADeviceInput {
	s.SerialNumber = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *DeactivateMFADeviceInput) SetUserName(v string) *DeactivateMFADeviceInput {
	s.UserName = &v
	return s
}

type DeactivateMFADeviceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeactivateMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeactivateMFADeviceOutput) GoString() string {
	return s.String()
}

type DeleteAccessKeyInput struct {
	_ struct{} `type:"structure"`

	// The access key ID for the access key ID and secret access key you want to
	// delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// AccessKeyId is a required field
	AccessKeyId *string `min:"16" type:"string" required:"true"`

	// The name of the user whose access key pair you want to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccessKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccessKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteAccessKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteAccessKeyInput"}
	if s.AccessKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
	}
	if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAccessKeyId sets the AccessKeyId field's value.
func (s *DeleteAccessKeyInput) SetAccessKeyId(v string) *DeleteAccessKeyInput {
	s.AccessKeyId = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *DeleteAccessKeyInput) SetUserName(v string) *DeleteAccessKeyInput {
	s.UserName = &v
	return s
}

type DeleteAccessKeyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccessKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccessKeyOutput) GoString() string {
	return s.String()
}

type DeleteAccountAliasInput struct {
	_ struct{} `type:"structure"`

	// The name of the account alias to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of lowercase letters, digits, and dashes.
	// You cannot start or finish with a dash, nor can you have two dashes in a
	// row.
	//
	// AccountAlias is a required field
	AccountAlias *string `min:"3" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccountAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccountAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteAccountAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteAccountAliasInput"}
	if s.AccountAlias == nil {
		invalidParams.Add(request.NewErrParamRequired("AccountAlias"))
	}
	if s.AccountAlias != nil && len(*s.AccountAlias) < 3 {
		invalidParams.Add(request.NewErrParamMinLen("AccountAlias", 3))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAccountAlias sets the AccountAlias field's value.
func (s *DeleteAccountAliasInput) SetAccountAlias(v string) *DeleteAccountAliasInput {
	s.AccountAlias = &v
	return s
}

type DeleteAccountAliasOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccountAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccountAliasOutput) GoString() string {
	return s.String()
}

type DeleteAccountPasswordPolicyInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccountPasswordPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccountPasswordPolicyInput) GoString() string {
	return s.String()
}

type DeleteAccountPasswordPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccountPasswordPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAccountPasswordPolicyOutput) GoString() string {
	return s.String()
}

type DeleteGroupInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM group to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *DeleteGroupInput) SetGroupName(v string) *DeleteGroupInput {
	s.GroupName = &v
	return s
}

type DeleteGroupOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteGroupOutput) GoString() string {
	return s.String()
}

type DeleteGroupPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name (friendly name, not ARN) identifying the group that the policy is
	// embedded in.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The name identifying the policy document to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteGroupPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteGroupPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteGroupPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteGroupPolicyInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *DeleteGroupPolicyInput) SetGroupName(v string) *DeleteGroupPolicyInput {
	s.GroupName = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *DeleteGroupPolicyInput) SetPolicyName(v string) *DeleteGroupPolicyInput {
	s.PolicyName = &v
	return s
}

type DeleteGroupPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteGroupPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteGroupPolicyOutput) GoString() string {
	return s.String()
}

type DeleteInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the instance profile to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetInstanceProfileName sets the InstanceProfileName field's value.
func (s *DeleteInstanceProfileInput) SetInstanceProfileName(v string) *DeleteInstanceProfileInput {
	s.InstanceProfileName = &v
	return s
}

type DeleteInstanceProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteInstanceProfileOutput) GoString() string {
	return s.String()
}

type DeleteLoginProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the user whose password you want to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteLoginProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteLoginProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteLoginProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteLoginProfileInput"}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetUserName sets the UserName field's value.
func (s *DeleteLoginProfileInput) SetUserName(v string) *DeleteLoginProfileInput {
	s.UserName = &v
	return s
}

type DeleteLoginProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteLoginProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteLoginProfileOutput) GoString() string {
	return s.String()
}

type DeleteOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource
	// object to delete. You can get a list of OpenID Connect provider resource
	// ARNs by using the ListOpenIDConnectProviders operation.
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteOpenIDConnectProviderInput"}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetOpenIDConnectProviderArn sets the OpenIDConnectProviderArn field's value.
func (s *DeleteOpenIDConnectProviderInput) SetOpenIDConnectProviderArn(v string) *DeleteOpenIDConnectProviderInput {
	s.OpenIDConnectProviderArn = &v
	return s
}

type DeleteOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

type DeletePolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to delete.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeletePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *DeletePolicyInput) SetPolicyArn(v string) *DeletePolicyInput {
	s.PolicyArn = &v
	return s
}

type DeletePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyOutput) GoString() string {
	return s.String()
}

type DeletePolicyVersionInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy from which you want to delete
	// a version.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The policy version to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that consists of the lowercase letter 'v' followed
	// by one or two digits, and optionally followed by a period '.' and a string
	// of letters and digits.
	//
	// For more information about managed policy versions, see Versioning for managed
	// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	//
	// VersionId is a required field
	VersionId *string `type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyVersionInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyVersionInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeletePolicyVersionInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyVersionInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.VersionId == nil {
		invalidParams.Add(request.NewErrParamRequired("VersionId"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *DeletePolicyVersionInput) SetPolicyArn(v string) *DeletePolicyVersionInput {
	s.PolicyArn = &v
	return s
}

// SetVersionId sets the VersionId field's value.
func (s *DeletePolicyVersionInput) SetVersionId(v string) *DeletePolicyVersionInput {
	s.VersionId = &v
	return s
}

type DeletePolicyVersionOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyVersionOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyVersionOutput) GoString() string {
	return s.String()
}

type DeleteRoleInput struct {
	_ struct{} `type:"structure"`

	// The name of the role to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteRoleInput"}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetRoleName sets the RoleName field's value.
func (s *DeleteRoleInput) SetRoleName(v string) *DeleteRoleInput {
	s.RoleName = &v
	return s
}

type DeleteRoleOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRoleOutput) GoString() string {
	return s.String()
}

type DeleteRolePermissionsBoundaryInput struct {
	_ struct{} `type:"structure"`

	// The name (friendly name, not ARN) of the IAM role from which you want to
	// remove the permissions boundary.
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRolePermissionsBoundaryInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRolePermissionsBoundaryInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteRolePermissionsBoundaryInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteRolePermissionsBoundaryInput"}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetRoleName sets the RoleName field's value.
func (s *DeleteRolePermissionsBoundaryInput) SetRoleName(v string) *DeleteRolePermissionsBoundaryInput {
	s.RoleName = &v
	return s
}

type DeleteRolePermissionsBoundaryOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRolePermissionsBoundaryOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRolePermissionsBoundaryOutput) GoString() string {
	return s.String()
}

type DeleteRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The name of the inline policy to delete from the specified IAM role.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name (friendly name, not ARN) identifying the role that the policy is
	// embedded in.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteRolePolicyInput"}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyName sets the PolicyName field's value.
func (s *DeleteRolePolicyInput) SetPolicyName(v string) *DeleteRolePolicyInput {
	s.PolicyName = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *DeleteRolePolicyInput) SetRoleName(v string) *DeleteRolePolicyInput {
	s.RoleName = &v
	return s
}

type DeleteRolePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRolePolicyOutput) GoString() string {
	return s.String()
}

type DeleteSAMLProviderInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the SAML provider to delete.
	//
	// SAMLProviderArn is a required field
	SAMLProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSAMLProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSAMLProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteSAMLProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteSAMLProviderInput"}
	if s.SAMLProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLProviderArn"))
	}
	if s.SAMLProviderArn != nil && len(*s.SAMLProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSAMLProviderArn sets the SAMLProviderArn field's value.
func (s *DeleteSAMLProviderInput) SetSAMLProviderArn(v string) *DeleteSAMLProviderInput {
	s.SAMLProviderArn = &v
	return s
}

type DeleteSAMLProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSAMLProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSAMLProviderOutput) GoString() string {
	return s.String()
}

type DeleteSSHPublicKeyInput struct {
	_ struct{} `type:"structure"`

	// The unique identifier for the SSH public key.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// SSHPublicKeyId is a required field
	SSHPublicKeyId *string `min:"20" type:"string" required:"true"`

	// The name of the IAM user associated with the SSH public key.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSSHPublicKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSSHPublicKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteSSHPublicKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteSSHPublicKeyInput"}
	if s.SSHPublicKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("SSHPublicKeyId"))
	}
	if s.SSHPublicKeyId != nil && len(*s.SSHPublicKeyId) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SSHPublicKeyId", 20))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSSHPublicKeyId sets the SSHPublicKeyId field's value.
func (s *DeleteSSHPublicKeyInput) SetSSHPublicKeyId(v string) *DeleteSSHPublicKeyInput {
	s.SSHPublicKeyId = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *DeleteSSHPublicKeyInput) SetUserName(v string) *DeleteSSHPublicKeyInput {
	s.UserName = &v
	return s
}

type DeleteSSHPublicKeyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSSHPublicKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSSHPublicKeyOutput) GoString() string {
	return s.String()
}

type DeleteServerCertificateInput struct {
	_ struct{} `type:"structure"`

	// The name of the server certificate you want to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServerCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServerCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteServerCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteServerCertificateInput"}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetServerCertificateName sets the ServerCertificateName field's value.
func (s *DeleteServerCertificateInput) SetServerCertificateName(v string) *DeleteServerCertificateInput {
	s.ServerCertificateName = &v
	return s
}

type DeleteServerCertificateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServerCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServerCertificateOutput) GoString() string {
	return s.String()
}

type DeleteServiceLinkedRoleInput struct {
	_ struct{} `type:"structure"`

	// The name of the service-linked role to be deleted.
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServiceLinkedRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServiceLinkedRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteServiceLinkedRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteServiceLinkedRoleInput"}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetRoleName sets the RoleName field's value.
func (s *DeleteServiceLinkedRoleInput) SetRoleName(v string) *DeleteServiceLinkedRoleInput {
	s.RoleName = &v
	return s
}

type DeleteServiceLinkedRoleOutput struct {
	_ struct{} `type:"structure"`

	// The deletion task identifier that you can use to check the status of the
	// deletion. This identifier is returned in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>.
	//
	// DeletionTaskId is a required field
	DeletionTaskId *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServiceLinkedRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServiceLinkedRoleOutput) GoString() string {
	return s.String()
}

// SetDeletionTaskId sets the DeletionTaskId field's value.
func (s *DeleteServiceLinkedRoleOutput) SetDeletionTaskId(v string) *DeleteServiceLinkedRoleOutput {
	s.DeletionTaskId = &v
	return s
}

type DeleteServiceSpecificCredentialInput struct {
	_ struct{} `type:"structure"`

	// The unique identifier of the service-specific credential. You can get this
	// value by calling ListServiceSpecificCredentials.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// ServiceSpecificCredentialId is a required field
	ServiceSpecificCredentialId *string `min:"20" type:"string" required:"true"`

	// The name of the IAM user associated with the service-specific credential.
	// If this value is not specified, then the operation assumes the user whose
	// credentials are used to call the operation.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServiceSpecificCredentialInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServiceSpecificCredentialInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteServiceSpecificCredentialInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteServiceSpecificCredentialInput"}
	if s.ServiceSpecificCredentialId == nil {
		invalidParams.Add(request.NewErrParamRequired("ServiceSpecificCredentialId"))
	}
	if s.ServiceSpecificCredentialId != nil && len(*s.ServiceSpecificCredentialId) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("ServiceSpecificCredentialId", 20))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetServiceSpecificCredentialId sets the ServiceSpecificCredentialId field's value.
func (s *DeleteServiceSpecificCredentialInput) SetServiceSpecificCredentialId(v string) *DeleteServiceSpecificCredentialInput {
	s.ServiceSpecificCredentialId = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *DeleteServiceSpecificCredentialInput) SetUserName(v string) *DeleteServiceSpecificCredentialInput {
	s.UserName = &v
	return s
}

type DeleteServiceSpecificCredentialOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServiceSpecificCredentialOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteServiceSpecificCredentialOutput) GoString() string {
	return s.String()
}

type DeleteSigningCertificateInput struct {
	_ struct{} `type:"structure"`

	// The ID of the signing certificate to delete.
	//
	// The format of this parameter, as described by its regex (http://wikipedia.org/wiki/regex)
	// pattern, is a string of characters that can be upper- or lower-cased letters
	// or digits.
	//
	// CertificateId is a required field
	CertificateId *string `min:"24" type:"string" required:"true"`

	// The name of the user the signing certificate belongs to.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSigningCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSigningCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteSigningCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteSigningCertificateInput"}
	if s.CertificateId == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateId"))
	}
	if s.CertificateId != nil && len(*s.CertificateId) < 24 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateId", 24))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateId sets the CertificateId field's value.
func (s *DeleteSigningCertificateInput) SetCertificateId(v string) *DeleteSigningCertificateInput {
	s.CertificateId = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *DeleteSigningCertificateInput) SetUserName(v string) *DeleteSigningCertificateInput {
	s.UserName = &v
	return s
}

type DeleteSigningCertificateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSigningCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteSigningCertificateOutput) GoString() string {
	return s.String()
}

type DeleteUserInput struct {
	_ struct{} `type:"structure"`

	// The name of the user to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteUserInput"}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetUserName sets the UserName field's value.
func (s *DeleteUserInput) SetUserName(v string) *DeleteUserInput {
	s.UserName = &v
	return s
}

type DeleteUserOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserOutput) GoString() string {
	return s.String()
}

type DeleteUserPermissionsBoundaryInput struct {
	_ struct{} `type:"structure"`

	// The name (friendly name, not ARN) of the IAM user from which you want to
	// remove the permissions boundary.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserPermissionsBoundaryInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserPermissionsBoundaryInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteUserPermissionsBoundaryInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteUserPermissionsBoundaryInput"}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetUserName sets the UserName field's value.
func (s *DeleteUserPermissionsBoundaryInput) SetUserName(v string) *DeleteUserPermissionsBoundaryInput {
	s.UserName = &v
	return s
}

type DeleteUserPermissionsBoundaryOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserPermissionsBoundaryOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserPermissionsBoundaryOutput) GoString() string {
	return s.String()
}

type DeleteUserPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name identifying the policy document to delete.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name (friendly name, not ARN) identifying the user that the policy is
	// embedded in.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteUserPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteUserPolicyInput"}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyName sets the PolicyName field's value.
func (s *DeleteUserPolicyInput) SetPolicyName(v string) *DeleteUserPolicyInput {
	s.PolicyName = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *DeleteUserPolicyInput) SetUserName(v string) *DeleteUserPolicyInput {
	s.UserName = &v
	return s
}

type DeleteUserPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteUserPolicyOutput) GoString() string {
	return s.String()
}

type DeleteVirtualMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the same as the ARN.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@:/-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteVirtualMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteVirtualMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteVirtualMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteVirtualMFADeviceInput"}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSerialNumber sets the SerialNumber field's value.
func (s *DeleteVirtualMFADeviceInput) SetSerialNumber(v string) *DeleteVirtualMFADeviceInput {
	s.SerialNumber = &v
	return s
}

type DeleteVirtualMFADeviceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteVirtualMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteVirtualMFADeviceOutput) GoString() string {
	return s.String()
}

// The reason that the service-linked role deletion failed.
//
// This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus
// operation.
type DeletionTaskFailureReasonType struct {
	_ struct{} `type:"structure"`

	// A short description of the reason that the service-linked role deletion failed.
	Reason *string `type:"string"`

	// A list of objects that contains details about the service-linked role deletion
	// failure, if that information is returned by the service. If the service-linked
	// role has active sessions or if any resources that were used by the role have
	// not been deleted from the linked service, the role can't be deleted. This
	// parameter includes a list of the resources that are associated with the role
	// and the Region in which the resources are being used.
	RoleUsageList []*RoleUsageType `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletionTaskFailureReasonType) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletionTaskFailureReasonType) GoString() string {
	return s.String()
}

// SetReason sets the Reason field's value.
func (s *DeletionTaskFailureReasonType) SetReason(v string) *DeletionTaskFailureReasonType {
	s.Reason = &v
	return s
}

// SetRoleUsageList sets the RoleUsageList field's value.
func (s *DeletionTaskFailureReasonType) SetRoleUsageList(v []*RoleUsageType) *DeletionTaskFailureReasonType {
	s.RoleUsageList = v
	return s
}

type DetachGroupPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name (friendly name, not ARN) of the IAM group to detach the policy from.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to detach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachGroupPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachGroupPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DetachGroupPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DetachGroupPolicyInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *DetachGroupPolicyInput) SetGroupName(v string) *DetachGroupPolicyInput {
	s.GroupName = &v
	return s
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *DetachGroupPolicyInput) SetPolicyArn(v string) *DetachGroupPolicyInput {
	s.PolicyArn = &v
	return s
}

type DetachGroupPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachGroupPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachGroupPolicyOutput) GoString() string {
	return s.String()
}

type DetachRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to detach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the IAM role to detach the policy from.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DetachRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DetachRolePolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *DetachRolePolicyInput) SetPolicyArn(v string) *DetachRolePolicyInput {
	s.PolicyArn = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *DetachRolePolicyInput) SetRoleName(v string) *DetachRolePolicyInput {
	s.RoleName = &v
	return s
}

type DetachRolePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachRolePolicyOutput) GoString() string {
	return s.String()
}

type DetachUserPolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to detach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the IAM user to detach the policy from.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachUserPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachUserPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DetachUserPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DetachUserPolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *DetachUserPolicyInput) SetPolicyArn(v string) *DetachUserPolicyInput {
	s.PolicyArn = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *DetachUserPolicyInput) SetUserName(v string) *DetachUserPolicyInput {
	s.UserName = &v
	return s
}

type DetachUserPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachUserPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DetachUserPolicyOutput) GoString() string {
	return s.String()
}

type EnableMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// An authentication code emitted by the device.
	//
	// The format for this parameter is a string of six digits.
	//
	// Submit your request immediately after generating the authentication codes.
	// If you generate the codes and then wait too long to submit the request, the
	// MFA device successfully associates with the user but the MFA device becomes
	// out of sync. This happens because time-based one-time passwords (TOTP) expire
	// after a short period of time. If this happens, you can resync the device
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html).
	//
	// AuthenticationCode1 is a required field
	AuthenticationCode1 *string `min:"6" type:"string" required:"true"`

	// A subsequent authentication code emitted by the device.
	//
	// The format for this parameter is a string of six digits.
	//
	// Submit your request immediately after generating the authentication codes.
	// If you generate the codes and then wait too long to submit the request, the
	// MFA device successfully associates with the user but the MFA device becomes
	// out of sync. This happens because time-based one-time passwords (TOTP) expire
	// after a short period of time. If this happens, you can resync the device
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html).
	//
	// AuthenticationCode2 is a required field
	AuthenticationCode2 *string `min:"6" type:"string" required:"true"`

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the device ARN.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@:/-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// The name of the IAM user for whom you want to enable the MFA device.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *EnableMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "EnableMFADeviceInput"}
	if s.AuthenticationCode1 == nil {
		invalidParams.Add(request.NewErrParamRequired("AuthenticationCode1"))
	}
	if s.AuthenticationCode1 != nil && len(*s.AuthenticationCode1) < 6 {
		invalidParams.Add(request.NewErrParamMinLen("AuthenticationCode1", 6))
	}
	if s.AuthenticationCode2 == nil {
		invalidParams.Add(request.NewErrParamRequired("AuthenticationCode2"))
	}
	if s.AuthenticationCode2 != nil && len(*s.AuthenticationCode2) < 6 {
		invalidParams.Add(request.NewErrParamMinLen("AuthenticationCode2", 6))
	}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAuthenticationCode1 sets the AuthenticationCode1 field's value.
func (s *EnableMFADeviceInput) SetAuthenticationCode1(v string) *EnableMFADeviceInput {
	s.AuthenticationCode1 = &v
	return s
}

// SetAuthenticationCode2 sets the AuthenticationCode2 field's value.
func (s *EnableMFADeviceInput) SetAuthenticationCode2(v string) *EnableMFADeviceInput {
	s.AuthenticationCode2 = &v
	return s
}

// SetSerialNumber sets the SerialNumber field's value.
func (s *EnableMFADeviceInput) SetSerialNumber(v string) *EnableMFADeviceInput {
	s.SerialNumber = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *EnableMFADeviceInput) SetUserName(v string) *EnableMFADeviceInput {
	s.UserName = &v
	return s
}

type EnableMFADeviceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EnableMFADeviceOutput) GoString() string {
	return s.String()
}

// An object that contains details about when the IAM entities (users or roles)
// were last used in an attempt to access the specified Amazon Web Services
// service.
//
// This data type is a response element in the GetServiceLastAccessedDetailsWithEntities
// operation.
type EntityDetails struct {
	_ struct{} `type:"structure"`

	// The EntityInfo object that contains details about the entity (user or role).
	//
	// EntityInfo is a required field
	EntityInfo *EntityInfo `type:"structure" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the authenticated entity last attempted to access Amazon Web Services.
	// Amazon Web Services does not report unauthenticated requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	LastAuthenticated *time.Time `type:"timestamp"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntityDetails) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntityDetails) GoString() string {
	return s.String()
}

// SetEntityInfo sets the EntityInfo field's value.
func (s *EntityDetails) SetEntityInfo(v *EntityInfo) *EntityDetails {
	s.EntityInfo = v
	return s
}

// SetLastAuthenticated sets the LastAuthenticated field's value.
func (s *EntityDetails) SetLastAuthenticated(v time.Time) *EntityDetails {
	s.LastAuthenticated = &v
	return s
}

// Contains details about the specified entity (user or role).
//
// This data type is an element of the EntityDetails object.
type EntityInfo struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The identifier of the entity (user or role).
	//
	// Id is a required field
	Id *string `min:"16" type:"string" required:"true"`

	// The name of the entity (user or role).
	//
	// Name is a required field
	Name *string `min:"1" type:"string" required:"true"`

	// The path to the entity (user or role). For more information about paths,
	// see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	Path *string `min:"1" type:"string"`

	// The type of entity (user or role).
	//
	// Type is a required field
	Type *string `type:"string" required:"true" enum:"PolicyOwnerEntityType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntityInfo) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntityInfo) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *EntityInfo) SetArn(v string) *EntityInfo {
	s.Arn = &v
	return s
}

// SetId sets the Id field's value.
func (s *EntityInfo) SetId(v string) *EntityInfo {
	s.Id = &v
	return s
}

// SetName sets the Name field's value.
func (s *EntityInfo) SetName(v string) *EntityInfo {
	s.Name = &v
	return s
}

// SetPath sets the Path field's value.
func (s *EntityInfo) SetPath(v string) *EntityInfo {
	s.Path = &v
	return s
}

// SetType sets the Type field's value.
func (s *EntityInfo) SetType(v string) *EntityInfo {
	s.Type = &v
	return s
}

// Contains information about the reason that the operation failed.
//
// This data type is used as a response element in the GetOrganizationsAccessReport,
// GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities
// operations.
type ErrorDetails struct {
	_ struct{} `type:"structure"`

	// The error code associated with the operation failure.
	//
	// Code is a required field
	Code *string `type:"string" required:"true"`

	// Detailed information about the reason that the operation failed.
	//
	// Message is a required field
	Message *string `type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ErrorDetails) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ErrorDetails) GoString() string {
	return s.String()
}

// SetCode sets the Code field's value.
func (s *ErrorDetails) SetCode(v string) *ErrorDetails {
	s.Code = &v
	return s
}

// SetMessage sets the Message field's value.
func (s *ErrorDetails) SetMessage(v string) *ErrorDetails {
	s.Message = &v
	return s
}

// Contains the results of a simulation.
//
// This data type is used by the return parameter of SimulateCustomPolicy and
// SimulatePrincipalPolicy .
type EvaluationResult struct {
	_ struct{} `type:"structure"`

	// The name of the API operation tested on the indicated resource.
	//
	// EvalActionName is a required field
	EvalActionName *string `min:"3" type:"string" required:"true"`

	// The result of the simulation.
	//
	// EvalDecision is a required field
	EvalDecision *string `type:"string" required:"true" enum:"PolicyEvaluationDecisionType"`

	// Additional details about the results of the cross-account evaluation decision.
	// This parameter is populated for only cross-account simulations. It contains
	// a brief summary of how each policy type contributes to the final evaluation
	// decision.
	//
	// If the simulation evaluates policies within the same account and includes
	// a resource ARN, then the parameter is present but the response is empty.
	// If the simulation evaluates policies within the same account and specifies
	// all resources (*), then the parameter is not returned.
	//
	// When you make a cross-account request, Amazon Web Services evaluates the
	// request in the trusting account and the trusted account. The request is allowed
	// only if both evaluations return true. For more information about how policies
	// are evaluated, see Evaluating policies within a single account (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics).
	//
	// If an Organizations SCP included in the evaluation denies access, the simulation
	// ends. In this case, policy evaluation does not proceed any further and this
	// parameter is not returned.
	EvalDecisionDetails map[string]*string `type:"map"`

	// The ARN of the resource that the indicated API operation was tested on.
	EvalResourceName *string `min:"1" type:"string"`

	// A list of the statements in the input policies that determine the result
	// for this scenario. Remember that even if multiple statements allow the operation
	// on the resource, if only one statement denies that operation, then the explicit
	// deny overrides any allow. In addition, the deny statement is the only entry
	// included in the result.
	MatchedStatements []*Statement `type:"list"`

	// A list of context keys that are required by the included input policies but
	// that were not provided by one of the input parameters. This list is used
	// when the resource in a simulation is "*", either explicitly, or when the
	// ResourceArns parameter blank. If you include a list of resources, then any
	// missing context values are instead included under the ResourceSpecificResults
	// section. To discover the context keys used by a set of policies, you can
	// call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
	MissingContextValues []*string `type:"list"`

	// A structure that details how Organizations and its service control policies
	// affect the results of the simulation. Only applies if the simulated user's
	// account is part of an organization.
	OrganizationsDecisionDetail *OrganizationsDecisionDetail `type:"structure"`

	// Contains information about the effect that a permissions boundary has on
	// a policy simulation when the boundary is applied to an IAM entity.
	PermissionsBoundaryDecisionDetail *PermissionsBoundaryDecisionDetail `type:"structure"`

	// The individual results of the simulation of the API operation specified in
	// EvalActionName on each resource.
	ResourceSpecificResults []*ResourceSpecificResult `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EvaluationResult) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EvaluationResult) GoString() string {
	return s.String()
}

// SetEvalActionName sets the EvalActionName field's value.
func (s *EvaluationResult) SetEvalActionName(v string) *EvaluationResult {
	s.EvalActionName = &v
	return s
}

// SetEvalDecision sets the EvalDecision field's value.
func (s *EvaluationResult) SetEvalDecision(v string) *EvaluationResult {
	s.EvalDecision = &v
	return s
}

// SetEvalDecisionDetails sets the EvalDecisionDetails field's value.
func (s *EvaluationResult) SetEvalDecisionDetails(v map[string]*string) *EvaluationResult {
	s.EvalDecisionDetails = v
	return s
}

// SetEvalResourceName sets the EvalResourceName field's value.
func (s *EvaluationResult) SetEvalResourceName(v string) *EvaluationResult {
	s.EvalResourceName = &v
	return s
}

// SetMatchedStatements sets the MatchedStatements field's value.
func (s *EvaluationResult) SetMatchedStatements(v []*Statement) *EvaluationResult {
	s.MatchedStatements = v
	return s
}

// SetMissingContextValues sets the MissingContextValues field's value.
func (s *EvaluationResult) SetMissingContextValues(v []*string) *EvaluationResult {
	s.MissingContextValues = v
	return s
}

// SetOrganizationsDecisionDetail sets the OrganizationsDecisionDetail field's value.
func (s *EvaluationResult) SetOrganizationsDecisionDetail(v *OrganizationsDecisionDetail) *EvaluationResult {
	s.OrganizationsDecisionDetail = v
	return s
}

// SetPermissionsBoundaryDecisionDetail sets the PermissionsBoundaryDecisionDetail field's value.
func (s *EvaluationResult) SetPermissionsBoundaryDecisionDetail(v *PermissionsBoundaryDecisionDetail) *EvaluationResult {
	s.PermissionsBoundaryDecisionDetail = v
	return s
}

// SetResourceSpecificResults sets the ResourceSpecificResults field's value.
func (s *EvaluationResult) SetResourceSpecificResults(v []*ResourceSpecificResult) *EvaluationResult {
	s.ResourceSpecificResults = v
	return s
}

type GenerateCredentialReportInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateCredentialReportInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateCredentialReportInput) GoString() string {
	return s.String()
}

// Contains the response to a successful GenerateCredentialReport request.
type GenerateCredentialReportOutput struct {
	_ struct{} `type:"structure"`

	// Information about the credential report.
	Description *string `type:"string"`

	// Information about the state of the credential report.
	State *string `type:"string" enum:"ReportStateType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateCredentialReportOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateCredentialReportOutput) GoString() string {
	return s.String()
}

// SetDescription sets the Description field's value.
func (s *GenerateCredentialReportOutput) SetDescription(v string) *GenerateCredentialReportOutput {
	s.Description = &v
	return s
}

// SetState sets the State field's value.
func (s *GenerateCredentialReportOutput) SetState(v string) *GenerateCredentialReportOutput {
	s.State = &v
	return s
}

type GenerateOrganizationsAccessReportInput struct {
	_ struct{} `type:"structure"`

	// The path of the Organizations entity (root, OU, or account). You can build
	// an entity path using the known structure of your organization. For example,
	// assume that your account ID is 123456789012 and its parent OU ID is ou-rge0-awsabcde.
	// The organization root ID is r-f6g7h8i9j0example and your organization ID
	// is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012.
	//
	// EntityPath is a required field
	EntityPath *string `min:"19" type:"string" required:"true"`

	// The identifier of the Organizations service control policy (SCP). This parameter
	// is optional.
	//
	// This ID is used to generate information about when an account principal that
	// is limited by the SCP attempted to access an Amazon Web Services service.
	OrganizationsPolicyId *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateOrganizationsAccessReportInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateOrganizationsAccessReportInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GenerateOrganizationsAccessReportInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GenerateOrganizationsAccessReportInput"}
	if s.EntityPath == nil {
		invalidParams.Add(request.NewErrParamRequired("EntityPath"))
	}
	if s.EntityPath != nil && len(*s.EntityPath) < 19 {
		invalidParams.Add(request.NewErrParamMinLen("EntityPath", 19))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetEntityPath sets the EntityPath field's value.
func (s *GenerateOrganizationsAccessReportInput) SetEntityPath(v string) *GenerateOrganizationsAccessReportInput {
	s.EntityPath = &v
	return s
}

// SetOrganizationsPolicyId sets the OrganizationsPolicyId field's value.
func (s *GenerateOrganizationsAccessReportInput) SetOrganizationsPolicyId(v string) *GenerateOrganizationsAccessReportInput {
	s.OrganizationsPolicyId = &v
	return s
}

type GenerateOrganizationsAccessReportOutput struct {
	_ struct{} `type:"structure"`

	// The job identifier that you can use in the GetOrganizationsAccessReport operation.
	JobId *string `min:"36" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateOrganizationsAccessReportOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateOrganizationsAccessReportOutput) GoString() string {
	return s.String()
}

// SetJobId sets the JobId field's value.
func (s *GenerateOrganizationsAccessReportOutput) SetJobId(v string) *GenerateOrganizationsAccessReportOutput {
	s.JobId = &v
	return s
}

type GenerateServiceLastAccessedDetailsInput struct {
	_ struct{} `type:"structure"`

	// The ARN of the IAM resource (user, group, role, or managed policy) used to
	// generate information about when the resource was last used in an attempt
	// to access an Amazon Web Services service.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The level of detail that you want to generate. You can specify whether you
	// want to generate information about the last attempt to access services or
	// actions. If you specify service-level granularity, this operation generates
	// only service data. If you specify action-level granularity, it generates
	// service and action data. If you don't include this optional parameter, the
	// operation generates service data.
	Granularity *string `type:"string" enum:"AccessAdvisorUsageGranularityType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateServiceLastAccessedDetailsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateServiceLastAccessedDetailsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GenerateServiceLastAccessedDetailsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GenerateServiceLastAccessedDetailsInput"}
	if s.Arn == nil {
		invalidParams.Add(request.NewErrParamRequired("Arn"))
	}
	if s.Arn != nil && len(*s.Arn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("Arn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetArn sets the Arn field's value.
func (s *GenerateServiceLastAccessedDetailsInput) SetArn(v string) *GenerateServiceLastAccessedDetailsInput {
	s.Arn = &v
	return s
}

// SetGranularity sets the Granularity field's value.
func (s *GenerateServiceLastAccessedDetailsInput) SetGranularity(v string) *GenerateServiceLastAccessedDetailsInput {
	s.Granularity = &v
	return s
}

type GenerateServiceLastAccessedDetailsOutput struct {
	_ struct{} `type:"structure"`

	// The JobId that you can use in the GetServiceLastAccessedDetails or GetServiceLastAccessedDetailsWithEntities
	// operations. The JobId returned by GenerateServiceLastAccessedDetail must
	// be used by the same role within a session, or by the same user when used
	// to call GetServiceLastAccessedDetail.
	JobId *string `min:"36" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateServiceLastAccessedDetailsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GenerateServiceLastAccessedDetailsOutput) GoString() string {
	return s.String()
}

// SetJobId sets the JobId field's value.
func (s *GenerateServiceLastAccessedDetailsOutput) SetJobId(v string) *GenerateServiceLastAccessedDetailsOutput {
	s.JobId = &v
	return s
}

type GetAccessKeyLastUsedInput struct {
	_ struct{} `type:"structure"`

	// The identifier of an access key.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// AccessKeyId is a required field
	AccessKeyId *string `min:"16" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccessKeyLastUsedInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccessKeyLastUsedInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetAccessKeyLastUsedInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetAccessKeyLastUsedInput"}
	if s.AccessKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
	}
	if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAccessKeyId sets the AccessKeyId field's value.
func (s *GetAccessKeyLastUsedInput) SetAccessKeyId(v string) *GetAccessKeyLastUsedInput {
	s.AccessKeyId = &v
	return s
}

// Contains the response to a successful GetAccessKeyLastUsed request. It is
// also returned as a member of the AccessKeyMetaData structure returned by
// the ListAccessKeys action.
type GetAccessKeyLastUsedOutput struct {
	_ struct{} `type:"structure"`

	// Contains information about the last time the access key was used.
	AccessKeyLastUsed *AccessKeyLastUsed `type:"structure"`

	// The name of the IAM user that owns this access key.
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccessKeyLastUsedOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccessKeyLastUsedOutput) GoString() string {
	return s.String()
}

// SetAccessKeyLastUsed sets the AccessKeyLastUsed field's value.
func (s *GetAccessKeyLastUsedOutput) SetAccessKeyLastUsed(v *AccessKeyLastUsed) *GetAccessKeyLastUsedOutput {
	s.AccessKeyLastUsed = v
	return s
}

// SetUserName sets the UserName field's value.
func (s *GetAccessKeyLastUsedOutput) SetUserName(v string) *GetAccessKeyLastUsedOutput {
	s.UserName = &v
	return s
}

type GetAccountAuthorizationDetailsInput struct {
	_ struct{} `type:"structure"`

	// A list of entity types used to filter the results. Only the entities that
	// match the types you specify are included in the output. Use the value LocalManagedPolicy
	// to include customer managed policies.
	//
	// The format for this parameter is a comma-separated (if more than one) list
	// of strings. Each string value in the list must be one of the valid values
	// listed below.
	Filter []*string `type:"list"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountAuthorizationDetailsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountAuthorizationDetailsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetAccountAuthorizationDetailsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetAccountAuthorizationDetailsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetFilter sets the Filter field's value.
func (s *GetAccountAuthorizationDetailsInput) SetFilter(v []*string) *GetAccountAuthorizationDetailsInput {
	s.Filter = v
	return s
}

// SetMarker sets the Marker field's value.
func (s *GetAccountAuthorizationDetailsInput) SetMarker(v string) *GetAccountAuthorizationDetailsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *GetAccountAuthorizationDetailsInput) SetMaxItems(v int64) *GetAccountAuthorizationDetailsInput {
	s.MaxItems = &v
	return s
}

// Contains the response to a successful GetAccountAuthorizationDetails request.
type GetAccountAuthorizationDetailsOutput struct {
	_ struct{} `type:"structure"`

	// A list containing information about IAM groups.
	GroupDetailList []*GroupDetail `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list containing information about managed policies.
	Policies []*ManagedPolicyDetail `type:"list"`

	// A list containing information about IAM roles.
	RoleDetailList []*RoleDetail `type:"list"`

	// A list containing information about IAM users.
	UserDetailList []*UserDetail `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountAuthorizationDetailsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountAuthorizationDetailsOutput) GoString() string {
	return s.String()
}

// SetGroupDetailList sets the GroupDetailList field's value.
func (s *GetAccountAuthorizationDetailsOutput) SetGroupDetailList(v []*GroupDetail) *GetAccountAuthorizationDetailsOutput {
	s.GroupDetailList = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *GetAccountAuthorizationDetailsOutput) SetIsTruncated(v bool) *GetAccountAuthorizationDetailsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *GetAccountAuthorizationDetailsOutput) SetMarker(v string) *GetAccountAuthorizationDetailsOutput {
	s.Marker = &v
	return s
}

// SetPolicies sets the Policies field's value.
func (s *GetAccountAuthorizationDetailsOutput) SetPolicies(v []*ManagedPolicyDetail) *GetAccountAuthorizationDetailsOutput {
	s.Policies = v
	return s
}

// SetRoleDetailList sets the RoleDetailList field's value.
func (s *GetAccountAuthorizationDetailsOutput) SetRoleDetailList(v []*RoleDetail) *GetAccountAuthorizationDetailsOutput {
	s.RoleDetailList = v
	return s
}

// SetUserDetailList sets the UserDetailList field's value.
func (s *GetAccountAuthorizationDetailsOutput) SetUserDetailList(v []*UserDetail) *GetAccountAuthorizationDetailsOutput {
	s.UserDetailList = v
	return s
}

type GetAccountPasswordPolicyInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountPasswordPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountPasswordPolicyInput) GoString() string {
	return s.String()
}

// Contains the response to a successful GetAccountPasswordPolicy request.
type GetAccountPasswordPolicyOutput struct {
	_ struct{} `type:"structure"`

	// A structure that contains details about the account's password policy.
	//
	// PasswordPolicy is a required field
	PasswordPolicy *PasswordPolicy `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountPasswordPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountPasswordPolicyOutput) GoString() string {
	return s.String()
}

// SetPasswordPolicy sets the PasswordPolicy field's value.
func (s *GetAccountPasswordPolicyOutput) SetPasswordPolicy(v *PasswordPolicy) *GetAccountPasswordPolicyOutput {
	s.PasswordPolicy = v
	return s
}

type GetAccountSummaryInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountSummaryInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountSummaryInput) GoString() string {
	return s.String()
}

// Contains the response to a successful GetAccountSummary request.
type GetAccountSummaryOutput struct {
	_ struct{} `type:"structure"`

	// A set of key–value pairs containing information about IAM entity usage
	// and IAM quotas.
	SummaryMap map[string]*int64 `type:"map"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountSummaryOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAccountSummaryOutput) GoString() string {
	return s.String()
}

// SetSummaryMap sets the SummaryMap field's value.
func (s *GetAccountSummaryOutput) SetSummaryMap(v map[string]*int64) *GetAccountSummaryOutput {
	s.SummaryMap = v
	return s
}

type GetContextKeysForCustomPolicyInput struct {
	_ struct{} `type:"structure"`

	// A list of policies for which you want the list of context keys referenced
	// in those policies. Each document is specified as a string containing the
	// complete, valid JSON text of an IAM policy.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// PolicyInputList is a required field
	PolicyInputList []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetContextKeysForCustomPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetContextKeysForCustomPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetContextKeysForCustomPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetContextKeysForCustomPolicyInput"}
	if s.PolicyInputList == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyInputList"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyInputList sets the PolicyInputList field's value.
func (s *GetContextKeysForCustomPolicyInput) SetPolicyInputList(v []*string) *GetContextKeysForCustomPolicyInput {
	s.PolicyInputList = v
	return s
}

// Contains the response to a successful GetContextKeysForPrincipalPolicy or
// GetContextKeysForCustomPolicy request.
type GetContextKeysForPolicyResponse struct {
	_ struct{} `type:"structure"`

	// The list of context keys that are referenced in the input policies.
	ContextKeyNames []*string `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetContextKeysForPolicyResponse) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetContextKeysForPolicyResponse) GoString() string {
	return s.String()
}

// SetContextKeyNames sets the ContextKeyNames field's value.
func (s *GetContextKeysForPolicyResponse) SetContextKeyNames(v []*string) *GetContextKeysForPolicyResponse {
	s.ContextKeyNames = v
	return s
}

type GetContextKeysForPrincipalPolicyInput struct {
	_ struct{} `type:"structure"`

	// An optional list of additional policies for which you want the list of context
	// keys that are referenced.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	PolicyInputList []*string `type:"list"`

	// The ARN of a user, group, or role whose policies contain the context keys
	// that you want listed. If you specify a user, the list includes context keys
	// that are found in all policies that are attached to the user. The list also
	// includes all groups that the user is a member of. If you pick a group or
	// a role, then it includes only those context keys that are found in policies
	// attached to that entity. Note that all parameters are shown in unencoded
	// form here for clarity, but must be URL encoded to be included as a part of
	// a real HTML request.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicySourceArn is a required field
	PolicySourceArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetContextKeysForPrincipalPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetContextKeysForPrincipalPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetContextKeysForPrincipalPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetContextKeysForPrincipalPolicyInput"}
	if s.PolicySourceArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicySourceArn"))
	}
	if s.PolicySourceArn != nil && len(*s.PolicySourceArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicySourceArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyInputList sets the PolicyInputList field's value.
func (s *GetContextKeysForPrincipalPolicyInput) SetPolicyInputList(v []*string) *GetContextKeysForPrincipalPolicyInput {
	s.PolicyInputList = v
	return s
}

// SetPolicySourceArn sets the PolicySourceArn field's value.
func (s *GetContextKeysForPrincipalPolicyInput) SetPolicySourceArn(v string) *GetContextKeysForPrincipalPolicyInput {
	s.PolicySourceArn = &v
	return s
}

type GetCredentialReportInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetCredentialReportInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetCredentialReportInput) GoString() string {
	return s.String()
}

// Contains the response to a successful GetCredentialReport request.
type GetCredentialReportOutput struct {
	_ struct{} `type:"structure"`

	// Contains the credential report. The report is Base64-encoded.
	// Content is automatically base64 encoded/decoded by the SDK.
	Content []byte `type:"blob"`

	// The date and time when the credential report was created, in ISO 8601 date-time
	// format (http://www.iso.org/iso/iso8601).
	GeneratedTime *time.Time `type:"timestamp"`

	// The format (MIME type) of the credential report.
	ReportFormat *string `type:"string" enum:"ReportFormatType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetCredentialReportOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetCredentialReportOutput) GoString() string {
	return s.String()
}

// SetContent sets the Content field's value.
func (s *GetCredentialReportOutput) SetContent(v []byte) *GetCredentialReportOutput {
	s.Content = v
	return s
}

// SetGeneratedTime sets the GeneratedTime field's value.
func (s *GetCredentialReportOutput) SetGeneratedTime(v time.Time) *GetCredentialReportOutput {
	s.GeneratedTime = &v
	return s
}

// SetReportFormat sets the ReportFormat field's value.
func (s *GetCredentialReportOutput) SetReportFormat(v string) *GetCredentialReportOutput {
	s.ReportFormat = &v
	return s
}

type GetGroupInput struct {
	_ struct{} `type:"structure"`

	// The name of the group.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *GetGroupInput) SetGroupName(v string) *GetGroupInput {
	s.GroupName = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *GetGroupInput) SetMarker(v string) *GetGroupInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *GetGroupInput) SetMaxItems(v int64) *GetGroupInput {
	s.MaxItems = &v
	return s
}

// Contains the response to a successful GetGroup request.
type GetGroupOutput struct {
	_ struct{} `type:"structure"`

	// A structure that contains details about the group.
	//
	// Group is a required field
	Group *Group `type:"structure" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of users in the group.
	//
	// Users is a required field
	Users []*User `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetGroupOutput) GoString() string {
	return s.String()
}

// SetGroup sets the Group field's value.
func (s *GetGroupOutput) SetGroup(v *Group) *GetGroupOutput {
	s.Group = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *GetGroupOutput) SetIsTruncated(v bool) *GetGroupOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *GetGroupOutput) SetMarker(v string) *GetGroupOutput {
	s.Marker = &v
	return s
}

// SetUsers sets the Users field's value.
func (s *GetGroupOutput) SetUsers(v []*User) *GetGroupOutput {
	s.Users = v
	return s
}

type GetGroupPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name of the group the policy is associated with.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The name of the policy document to get.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetGroupPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetGroupPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetGroupPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetGroupPolicyInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *GetGroupPolicyInput) SetGroupName(v string) *GetGroupPolicyInput {
	s.GroupName = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *GetGroupPolicyInput) SetPolicyName(v string) *GetGroupPolicyInput {
	s.PolicyName = &v
	return s
}

// Contains the response to a successful GetGroupPolicy request.
type GetGroupPolicyOutput struct {
	_ struct{} `type:"structure"`

	// The group the policy is associated with.
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The policy document.
	//
	// IAM stores policies in JSON format. However, resources that were created
	// using CloudFormation templates can be formatted in YAML. CloudFormation always
	// converts a YAML policy to JSON format before submitting it to IAM.
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy.
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetGroupPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetGroupPolicyOutput) GoString() string {
	return s.String()
}

// SetGroupName sets the GroupName field's value.
func (s *GetGroupPolicyOutput) SetGroupName(v string) *GetGroupPolicyOutput {
	s.GroupName = &v
	return s
}

// SetPolicyDocument sets the PolicyDocument field's value.
func (s *GetGroupPolicyOutput) SetPolicyDocument(v string) *GetGroupPolicyOutput {
	s.PolicyDocument = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *GetGroupPolicyOutput) SetPolicyName(v string) *GetGroupPolicyOutput {
	s.PolicyName = &v
	return s
}

type GetInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the instance profile to get information about.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetInstanceProfileName sets the InstanceProfileName field's value.
func (s *GetInstanceProfileInput) SetInstanceProfileName(v string) *GetInstanceProfileInput {
	s.InstanceProfileName = &v
	return s
}

// Contains the response to a successful GetInstanceProfile request.
type GetInstanceProfileOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the instance profile.
	//
	// InstanceProfile is a required field
	InstanceProfile *InstanceProfile `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetInstanceProfileOutput) GoString() string {
	return s.String()
}

// SetInstanceProfile sets the InstanceProfile field's value.
func (s *GetInstanceProfileOutput) SetInstanceProfile(v *InstanceProfile) *GetInstanceProfileOutput {
	s.InstanceProfile = v
	return s
}

type GetLoginProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the user whose login profile you want to retrieve.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetLoginProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetLoginProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetLoginProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetLoginProfileInput"}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetUserName sets the UserName field's value.
func (s *GetLoginProfileInput) SetUserName(v string) *GetLoginProfileInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful GetLoginProfile request.
type GetLoginProfileOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing the user name and the profile creation date for the
	// user.
	//
	// LoginProfile is a required field
	LoginProfile *LoginProfile `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetLoginProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetLoginProfileOutput) GoString() string {
	return s.String()
}

// SetLoginProfile sets the LoginProfile field's value.
func (s *GetLoginProfileOutput) SetLoginProfile(v *LoginProfile) *GetLoginProfileOutput {
	s.LoginProfile = v
	return s
}

type GetOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM
	// to get information for. You can get a list of OIDC provider resource ARNs
	// by using the ListOpenIDConnectProviders operation.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetOpenIDConnectProviderInput"}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetOpenIDConnectProviderArn sets the OpenIDConnectProviderArn field's value.
func (s *GetOpenIDConnectProviderInput) SetOpenIDConnectProviderArn(v string) *GetOpenIDConnectProviderInput {
	s.OpenIDConnectProviderArn = &v
	return s
}

// Contains the response to a successful GetOpenIDConnectProvider request.
type GetOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`

	// A list of client IDs (also known as audiences) that are associated with the
	// specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
	ClientIDList []*string `type:"list"`

	// The date and time when the IAM OIDC provider resource object was created
	// in the Amazon Web Services account.
	CreateDate *time.Time `type:"timestamp"`

	// A list of tags that are attached to the specified IAM OIDC provider. The
	// returned list of tags is sorted by tag key. For more information about tagging,
	// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`

	// A list of certificate thumbprints that are associated with the specified
	// IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
	ThumbprintList []*string `type:"list"`

	// The URL that the IAM OIDC provider resource object is associated with. For
	// more information, see CreateOpenIDConnectProvider.
	Url *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

// SetClientIDList sets the ClientIDList field's value.
func (s *GetOpenIDConnectProviderOutput) SetClientIDList(v []*string) *GetOpenIDConnectProviderOutput {
	s.ClientIDList = v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *GetOpenIDConnectProviderOutput) SetCreateDate(v time.Time) *GetOpenIDConnectProviderOutput {
	s.CreateDate = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *GetOpenIDConnectProviderOutput) SetTags(v []*Tag) *GetOpenIDConnectProviderOutput {
	s.Tags = v
	return s
}

// SetThumbprintList sets the ThumbprintList field's value.
func (s *GetOpenIDConnectProviderOutput) SetThumbprintList(v []*string) *GetOpenIDConnectProviderOutput {
	s.ThumbprintList = v
	return s
}

// SetUrl sets the Url field's value.
func (s *GetOpenIDConnectProviderOutput) SetUrl(v string) *GetOpenIDConnectProviderOutput {
	s.Url = &v
	return s
}

type GetOrganizationsAccessReportInput struct {
	_ struct{} `type:"structure"`

	// The identifier of the request generated by the GenerateOrganizationsAccessReport
	// operation.
	//
	// JobId is a required field
	JobId *string `min:"36" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The key that is used to sort the results. If you choose the namespace key,
	// the results are returned in alphabetical order. If you choose the time key,
	// the results are sorted numerically by the date and time.
	SortKey *string `type:"string" enum:"SortKeyType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetOrganizationsAccessReportInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetOrganizationsAccessReportInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetOrganizationsAccessReportInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetOrganizationsAccessReportInput"}
	if s.JobId == nil {
		invalidParams.Add(request.NewErrParamRequired("JobId"))
	}
	if s.JobId != nil && len(*s.JobId) < 36 {
		invalidParams.Add(request.NewErrParamMinLen("JobId", 36))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetJobId sets the JobId field's value.
func (s *GetOrganizationsAccessReportInput) SetJobId(v string) *GetOrganizationsAccessReportInput {
	s.JobId = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *GetOrganizationsAccessReportInput) SetMarker(v string) *GetOrganizationsAccessReportInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *GetOrganizationsAccessReportInput) SetMaxItems(v int64) *GetOrganizationsAccessReportInput {
	s.MaxItems = &v
	return s
}

// SetSortKey sets the SortKey field's value.
func (s *GetOrganizationsAccessReportInput) SetSortKey(v string) *GetOrganizationsAccessReportInput {
	s.SortKey = &v
	return s
}

type GetOrganizationsAccessReportOutput struct {
	_ struct{} `type:"structure"`

	// An object that contains details about the most recent attempt to access the
	// service.
	AccessDetails []*AccessDetail `type:"list"`

	// Contains information about the reason that the operation failed.
	//
	// This data type is used as a response element in the GetOrganizationsAccessReport,
	// GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities
	// operations.
	ErrorDetails *ErrorDetails `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the generated report job was completed or failed.
	//
	// This field is null if the job is still in progress, as indicated by a job
	// status value of IN_PROGRESS.
	JobCompletionDate *time.Time `type:"timestamp"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the report job was created.
	//
	// JobCreationDate is a required field
	JobCreationDate *time.Time `type:"timestamp" required:"true"`

	// The status of the job.
	//
	// JobStatus is a required field
	JobStatus *string `type:"string" required:"true" enum:"JobStatusType"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// The number of services that the applicable SCPs allow account principals
	// to access.
	NumberOfServicesAccessible *int64 `type:"integer"`

	// The number of services that account principals are allowed but did not attempt
	// to access.
	NumberOfServicesNotAccessed *int64 `type:"integer"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetOrganizationsAccessReportOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetOrganizationsAccessReportOutput) GoString() string {
	return s.String()
}

// SetAccessDetails sets the AccessDetails field's value.
func (s *GetOrganizationsAccessReportOutput) SetAccessDetails(v []*AccessDetail) *GetOrganizationsAccessReportOutput {
	s.AccessDetails = v
	return s
}

// SetErrorDetails sets the ErrorDetails field's value.
func (s *GetOrganizationsAccessReportOutput) SetErrorDetails(v *ErrorDetails) *GetOrganizationsAccessReportOutput {
	s.ErrorDetails = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *GetOrganizationsAccessReportOutput) SetIsTruncated(v bool) *GetOrganizationsAccessReportOutput {
	s.IsTruncated = &v
	return s
}

// SetJobCompletionDate sets the JobCompletionDate field's value.
func (s *GetOrganizationsAccessReportOutput) SetJobCompletionDate(v time.Time) *GetOrganizationsAccessReportOutput {
	s.JobCompletionDate = &v
	return s
}

// SetJobCreationDate sets the JobCreationDate field's value.
func (s *GetOrganizationsAccessReportOutput) SetJobCreationDate(v time.Time) *GetOrganizationsAccessReportOutput {
	s.JobCreationDate = &v
	return s
}

// SetJobStatus sets the JobStatus field's value.
func (s *GetOrganizationsAccessReportOutput) SetJobStatus(v string) *GetOrganizationsAccessReportOutput {
	s.JobStatus = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *GetOrganizationsAccessReportOutput) SetMarker(v string) *GetOrganizationsAccessReportOutput {
	s.Marker = &v
	return s
}

// SetNumberOfServicesAccessible sets the NumberOfServicesAccessible field's value.
func (s *GetOrganizationsAccessReportOutput) SetNumberOfServicesAccessible(v int64) *GetOrganizationsAccessReportOutput {
	s.NumberOfServicesAccessible = &v
	return s
}

// SetNumberOfServicesNotAccessed sets the NumberOfServicesNotAccessed field's value.
func (s *GetOrganizationsAccessReportOutput) SetNumberOfServicesNotAccessed(v int64) *GetOrganizationsAccessReportOutput {
	s.NumberOfServicesNotAccessed = &v
	return s
}

type GetPolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the managed policy that you want information
	// about.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetPolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *GetPolicyInput) SetPolicyArn(v string) *GetPolicyInput {
	s.PolicyArn = &v
	return s
}

// Contains the response to a successful GetPolicy request.
type GetPolicyOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the policy.
	Policy *Policy `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyOutput) GoString() string {
	return s.String()
}

// SetPolicy sets the Policy field's value.
func (s *GetPolicyOutput) SetPolicy(v *Policy) *GetPolicyOutput {
	s.Policy = v
	return s
}

type GetPolicyVersionInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the managed policy that you want information
	// about.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// Identifies the policy version to retrieve.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that consists of the lowercase letter 'v' followed
	// by one or two digits, and optionally followed by a period '.' and a string
	// of letters and digits.
	//
	// VersionId is a required field
	VersionId *string `type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyVersionInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyVersionInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetPolicyVersionInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetPolicyVersionInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.VersionId == nil {
		invalidParams.Add(request.NewErrParamRequired("VersionId"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *GetPolicyVersionInput) SetPolicyArn(v string) *GetPolicyVersionInput {
	s.PolicyArn = &v
	return s
}

// SetVersionId sets the VersionId field's value.
func (s *GetPolicyVersionInput) SetVersionId(v string) *GetPolicyVersionInput {
	s.VersionId = &v
	return s
}

// Contains the response to a successful GetPolicyVersion request.
type GetPolicyVersionOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the policy version.
	PolicyVersion *PolicyVersion `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyVersionOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyVersionOutput) GoString() string {
	return s.String()
}

// SetPolicyVersion sets the PolicyVersion field's value.
func (s *GetPolicyVersionOutput) SetPolicyVersion(v *PolicyVersion) *GetPolicyVersionOutput {
	s.PolicyVersion = v
	return s
}

type GetRoleInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM role to get information about.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetRoleInput"}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetRoleName sets the RoleName field's value.
func (s *GetRoleInput) SetRoleName(v string) *GetRoleInput {
	s.RoleName = &v
	return s
}

// Contains the response to a successful GetRole request.
type GetRoleOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the IAM role.
	//
	// Role is a required field
	Role *Role `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetRoleOutput) GoString() string {
	return s.String()
}

// SetRole sets the Role field's value.
func (s *GetRoleOutput) SetRole(v *Role) *GetRoleOutput {
	s.Role = v
	return s
}

type GetRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The name of the policy document to get.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name of the role associated with the policy.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetRolePolicyInput"}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyName sets the PolicyName field's value.
func (s *GetRolePolicyInput) SetPolicyName(v string) *GetRolePolicyInput {
	s.PolicyName = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *GetRolePolicyInput) SetRoleName(v string) *GetRolePolicyInput {
	s.RoleName = &v
	return s
}

// Contains the response to a successful GetRolePolicy request.
type GetRolePolicyOutput struct {
	_ struct{} `type:"structure"`

	// The policy document.
	//
	// IAM stores policies in JSON format. However, resources that were created
	// using CloudFormation templates can be formatted in YAML. CloudFormation always
	// converts a YAML policy to JSON format before submitting it to IAM.
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy.
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The role the policy is associated with.
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetRolePolicyOutput) GoString() string {
	return s.String()
}

// SetPolicyDocument sets the PolicyDocument field's value.
func (s *GetRolePolicyOutput) SetPolicyDocument(v string) *GetRolePolicyOutput {
	s.PolicyDocument = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *GetRolePolicyOutput) SetPolicyName(v string) *GetRolePolicyOutput {
	s.PolicyName = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *GetRolePolicyOutput) SetRoleName(v string) *GetRolePolicyOutput {
	s.RoleName = &v
	return s
}

type GetSAMLProviderInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the SAML provider resource object in IAM
	// to get information about.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// SAMLProviderArn is a required field
	SAMLProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSAMLProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSAMLProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetSAMLProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetSAMLProviderInput"}
	if s.SAMLProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLProviderArn"))
	}
	if s.SAMLProviderArn != nil && len(*s.SAMLProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSAMLProviderArn sets the SAMLProviderArn field's value.
func (s *GetSAMLProviderInput) SetSAMLProviderArn(v string) *GetSAMLProviderInput {
	s.SAMLProviderArn = &v
	return s
}

// Contains the response to a successful GetSAMLProvider request.
type GetSAMLProviderOutput struct {
	_ struct{} `type:"structure"`

	// The date and time when the SAML provider was created.
	CreateDate *time.Time `type:"timestamp"`

	// The XML metadata document that includes information about an identity provider.
	SAMLMetadataDocument *string `min:"1000" type:"string"`

	// A list of tags that are attached to the specified IAM SAML provider. The
	// returned list of tags is sorted by tag key. For more information about tagging,
	// see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`

	// The expiration date and time for the SAML provider.
	ValidUntil *time.Time `type:"timestamp"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSAMLProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSAMLProviderOutput) GoString() string {
	return s.String()
}

// SetCreateDate sets the CreateDate field's value.
func (s *GetSAMLProviderOutput) SetCreateDate(v time.Time) *GetSAMLProviderOutput {
	s.CreateDate = &v
	return s
}

// SetSAMLMetadataDocument sets the SAMLMetadataDocument field's value.
func (s *GetSAMLProviderOutput) SetSAMLMetadataDocument(v string) *GetSAMLProviderOutput {
	s.SAMLMetadataDocument = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *GetSAMLProviderOutput) SetTags(v []*Tag) *GetSAMLProviderOutput {
	s.Tags = v
	return s
}

// SetValidUntil sets the ValidUntil field's value.
func (s *GetSAMLProviderOutput) SetValidUntil(v time.Time) *GetSAMLProviderOutput {
	s.ValidUntil = &v
	return s
}

type GetSSHPublicKeyInput struct {
	_ struct{} `type:"structure"`

	// Specifies the public key encoding format to use in the response. To retrieve
	// the public key in ssh-rsa format, use SSH. To retrieve the public key in
	// PEM format, use PEM.
	//
	// Encoding is a required field
	Encoding *string `type:"string" required:"true" enum:"EncodingType"`

	// The unique identifier for the SSH public key.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// SSHPublicKeyId is a required field
	SSHPublicKeyId *string `min:"20" type:"string" required:"true"`

	// The name of the IAM user associated with the SSH public key.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSSHPublicKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSSHPublicKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetSSHPublicKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetSSHPublicKeyInput"}
	if s.Encoding == nil {
		invalidParams.Add(request.NewErrParamRequired("Encoding"))
	}
	if s.SSHPublicKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("SSHPublicKeyId"))
	}
	if s.SSHPublicKeyId != nil && len(*s.SSHPublicKeyId) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SSHPublicKeyId", 20))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetEncoding sets the Encoding field's value.
func (s *GetSSHPublicKeyInput) SetEncoding(v string) *GetSSHPublicKeyInput {
	s.Encoding = &v
	return s
}

// SetSSHPublicKeyId sets the SSHPublicKeyId field's value.
func (s *GetSSHPublicKeyInput) SetSSHPublicKeyId(v string) *GetSSHPublicKeyInput {
	s.SSHPublicKeyId = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *GetSSHPublicKeyInput) SetUserName(v string) *GetSSHPublicKeyInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful GetSSHPublicKey request.
type GetSSHPublicKeyOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the SSH public key.
	SSHPublicKey *SSHPublicKey `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSSHPublicKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSSHPublicKeyOutput) GoString() string {
	return s.String()
}

// SetSSHPublicKey sets the SSHPublicKey field's value.
func (s *GetSSHPublicKeyOutput) SetSSHPublicKey(v *SSHPublicKey) *GetSSHPublicKeyOutput {
	s.SSHPublicKey = v
	return s
}

type GetServerCertificateInput struct {
	_ struct{} `type:"structure"`

	// The name of the server certificate you want to retrieve information about.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServerCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServerCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetServerCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetServerCertificateInput"}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetServerCertificateName sets the ServerCertificateName field's value.
func (s *GetServerCertificateInput) SetServerCertificateName(v string) *GetServerCertificateInput {
	s.ServerCertificateName = &v
	return s
}

// Contains the response to a successful GetServerCertificate request.
type GetServerCertificateOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the server certificate.
	//
	// ServerCertificate is a required field
	ServerCertificate *ServerCertificate `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServerCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServerCertificateOutput) GoString() string {
	return s.String()
}

// SetServerCertificate sets the ServerCertificate field's value.
func (s *GetServerCertificateOutput) SetServerCertificate(v *ServerCertificate) *GetServerCertificateOutput {
	s.ServerCertificate = v
	return s
}

type GetServiceLastAccessedDetailsInput struct {
	_ struct{} `type:"structure"`

	// The ID of the request generated by the GenerateServiceLastAccessedDetails
	// operation. The JobId returned by GenerateServiceLastAccessedDetail must be
	// used by the same role within a session, or by the same user when used to
	// call GetServiceLastAccessedDetail.
	//
	// JobId is a required field
	JobId *string `min:"36" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLastAccessedDetailsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLastAccessedDetailsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetServiceLastAccessedDetailsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetServiceLastAccessedDetailsInput"}
	if s.JobId == nil {
		invalidParams.Add(request.NewErrParamRequired("JobId"))
	}
	if s.JobId != nil && len(*s.JobId) < 36 {
		invalidParams.Add(request.NewErrParamMinLen("JobId", 36))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetJobId sets the JobId field's value.
func (s *GetServiceLastAccessedDetailsInput) SetJobId(v string) *GetServiceLastAccessedDetailsInput {
	s.JobId = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *GetServiceLastAccessedDetailsInput) SetMarker(v string) *GetServiceLastAccessedDetailsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *GetServiceLastAccessedDetailsInput) SetMaxItems(v int64) *GetServiceLastAccessedDetailsInput {
	s.MaxItems = &v
	return s
}

type GetServiceLastAccessedDetailsOutput struct {
	_ struct{} `type:"structure"`

	// An object that contains details about the reason the operation failed.
	Error *ErrorDetails `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the generated report job was completed or failed.
	//
	// This field is null if the job is still in progress, as indicated by a job
	// status value of IN_PROGRESS.
	//
	// JobCompletionDate is a required field
	JobCompletionDate *time.Time `type:"timestamp" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the report job was created.
	//
	// JobCreationDate is a required field
	JobCreationDate *time.Time `type:"timestamp" required:"true"`

	// The status of the job.
	//
	// JobStatus is a required field
	JobStatus *string `type:"string" required:"true" enum:"JobStatusType"`

	// The type of job. Service jobs return information about when each service
	// was last accessed. Action jobs also include information about when tracked
	// actions within the service were last accessed.
	JobType *string `type:"string" enum:"AccessAdvisorUsageGranularityType"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A ServiceLastAccessed object that contains details about the most recent
	// attempt to access the service.
	//
	// ServicesLastAccessed is a required field
	ServicesLastAccessed []*ServiceLastAccessed `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLastAccessedDetailsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLastAccessedDetailsOutput) GoString() string {
	return s.String()
}

// SetError sets the Error field's value.
func (s *GetServiceLastAccessedDetailsOutput) SetError(v *ErrorDetails) *GetServiceLastAccessedDetailsOutput {
	s.Error = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *GetServiceLastAccessedDetailsOutput) SetIsTruncated(v bool) *GetServiceLastAccessedDetailsOutput {
	s.IsTruncated = &v
	return s
}

// SetJobCompletionDate sets the JobCompletionDate field's value.
func (s *GetServiceLastAccessedDetailsOutput) SetJobCompletionDate(v time.Time) *GetServiceLastAccessedDetailsOutput {
	s.JobCompletionDate = &v
	return s
}

// SetJobCreationDate sets the JobCreationDate field's value.
func (s *GetServiceLastAccessedDetailsOutput) SetJobCreationDate(v time.Time) *GetServiceLastAccessedDetailsOutput {
	s.JobCreationDate = &v
	return s
}

// SetJobStatus sets the JobStatus field's value.
func (s *GetServiceLastAccessedDetailsOutput) SetJobStatus(v string) *GetServiceLastAccessedDetailsOutput {
	s.JobStatus = &v
	return s
}

// SetJobType sets the JobType field's value.
func (s *GetServiceLastAccessedDetailsOutput) SetJobType(v string) *GetServiceLastAccessedDetailsOutput {
	s.JobType = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *GetServiceLastAccessedDetailsOutput) SetMarker(v string) *GetServiceLastAccessedDetailsOutput {
	s.Marker = &v
	return s
}

// SetServicesLastAccessed sets the ServicesLastAccessed field's value.
func (s *GetServiceLastAccessedDetailsOutput) SetServicesLastAccessed(v []*ServiceLastAccessed) *GetServiceLastAccessedDetailsOutput {
	s.ServicesLastAccessed = v
	return s
}

type GetServiceLastAccessedDetailsWithEntitiesInput struct {
	_ struct{} `type:"structure"`

	// The ID of the request generated by the GenerateServiceLastAccessedDetails
	// operation.
	//
	// JobId is a required field
	JobId *string `min:"36" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The service namespace for an Amazon Web Services service. Provide the service
	// namespace to learn when the IAM entity last attempted to access the specified
	// service.
	//
	// To learn the service namespace for a service, see Actions, resources, and
	// condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)
	// in the IAM User Guide. Choose the name of the service to view details for
	// that service. In the first paragraph, find the service prefix. For example,
	// (service prefix: a4b). For more information about service namespaces, see
	// Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces)
	// in the Amazon Web Services General Reference.
	//
	// ServiceNamespace is a required field
	ServiceNamespace *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLastAccessedDetailsWithEntitiesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLastAccessedDetailsWithEntitiesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetServiceLastAccessedDetailsWithEntitiesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetServiceLastAccessedDetailsWithEntitiesInput"}
	if s.JobId == nil {
		invalidParams.Add(request.NewErrParamRequired("JobId"))
	}
	if s.JobId != nil && len(*s.JobId) < 36 {
		invalidParams.Add(request.NewErrParamMinLen("JobId", 36))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.ServiceNamespace == nil {
		invalidParams.Add(request.NewErrParamRequired("ServiceNamespace"))
	}
	if s.ServiceNamespace != nil && len(*s.ServiceNamespace) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServiceNamespace", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetJobId sets the JobId field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesInput) SetJobId(v string) *GetServiceLastAccessedDetailsWithEntitiesInput {
	s.JobId = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesInput) SetMarker(v string) *GetServiceLastAccessedDetailsWithEntitiesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesInput) SetMaxItems(v int64) *GetServiceLastAccessedDetailsWithEntitiesInput {
	s.MaxItems = &v
	return s
}

// SetServiceNamespace sets the ServiceNamespace field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesInput) SetServiceNamespace(v string) *GetServiceLastAccessedDetailsWithEntitiesInput {
	s.ServiceNamespace = &v
	return s
}

type GetServiceLastAccessedDetailsWithEntitiesOutput struct {
	_ struct{} `type:"structure"`

	// An EntityDetailsList object that contains details about when an IAM entity
	// (user or role) used group or policy permissions in an attempt to access the
	// specified Amazon Web Services service.
	//
	// EntityDetailsList is a required field
	EntityDetailsList []*EntityDetails `type:"list" required:"true"`

	// An object that contains details about the reason the operation failed.
	Error *ErrorDetails `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the generated report job was completed or failed.
	//
	// This field is null if the job is still in progress, as indicated by a job
	// status value of IN_PROGRESS.
	//
	// JobCompletionDate is a required field
	JobCompletionDate *time.Time `type:"timestamp" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the report job was created.
	//
	// JobCreationDate is a required field
	JobCreationDate *time.Time `type:"timestamp" required:"true"`

	// The status of the job.
	//
	// JobStatus is a required field
	JobStatus *string `type:"string" required:"true" enum:"JobStatusType"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLastAccessedDetailsWithEntitiesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLastAccessedDetailsWithEntitiesOutput) GoString() string {
	return s.String()
}

// SetEntityDetailsList sets the EntityDetailsList field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesOutput) SetEntityDetailsList(v []*EntityDetails) *GetServiceLastAccessedDetailsWithEntitiesOutput {
	s.EntityDetailsList = v
	return s
}

// SetError sets the Error field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesOutput) SetError(v *ErrorDetails) *GetServiceLastAccessedDetailsWithEntitiesOutput {
	s.Error = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesOutput) SetIsTruncated(v bool) *GetServiceLastAccessedDetailsWithEntitiesOutput {
	s.IsTruncated = &v
	return s
}

// SetJobCompletionDate sets the JobCompletionDate field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesOutput) SetJobCompletionDate(v time.Time) *GetServiceLastAccessedDetailsWithEntitiesOutput {
	s.JobCompletionDate = &v
	return s
}

// SetJobCreationDate sets the JobCreationDate field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesOutput) SetJobCreationDate(v time.Time) *GetServiceLastAccessedDetailsWithEntitiesOutput {
	s.JobCreationDate = &v
	return s
}

// SetJobStatus sets the JobStatus field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesOutput) SetJobStatus(v string) *GetServiceLastAccessedDetailsWithEntitiesOutput {
	s.JobStatus = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *GetServiceLastAccessedDetailsWithEntitiesOutput) SetMarker(v string) *GetServiceLastAccessedDetailsWithEntitiesOutput {
	s.Marker = &v
	return s
}

type GetServiceLinkedRoleDeletionStatusInput struct {
	_ struct{} `type:"structure"`

	// The deletion task identifier. This identifier is returned by the DeleteServiceLinkedRole
	// operation in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>.
	//
	// DeletionTaskId is a required field
	DeletionTaskId *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLinkedRoleDeletionStatusInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLinkedRoleDeletionStatusInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetServiceLinkedRoleDeletionStatusInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetServiceLinkedRoleDeletionStatusInput"}
	if s.DeletionTaskId == nil {
		invalidParams.Add(request.NewErrParamRequired("DeletionTaskId"))
	}
	if s.DeletionTaskId != nil && len(*s.DeletionTaskId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("DeletionTaskId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDeletionTaskId sets the DeletionTaskId field's value.
func (s *GetServiceLinkedRoleDeletionStatusInput) SetDeletionTaskId(v string) *GetServiceLinkedRoleDeletionStatusInput {
	s.DeletionTaskId = &v
	return s
}

type GetServiceLinkedRoleDeletionStatusOutput struct {
	_ struct{} `type:"structure"`

	// An object that contains details about the reason the deletion failed.
	Reason *DeletionTaskFailureReasonType `type:"structure"`

	// The status of the deletion.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"DeletionTaskStatusType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLinkedRoleDeletionStatusOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetServiceLinkedRoleDeletionStatusOutput) GoString() string {
	return s.String()
}

// SetReason sets the Reason field's value.
func (s *GetServiceLinkedRoleDeletionStatusOutput) SetReason(v *DeletionTaskFailureReasonType) *GetServiceLinkedRoleDeletionStatusOutput {
	s.Reason = v
	return s
}

// SetStatus sets the Status field's value.
func (s *GetServiceLinkedRoleDeletionStatusOutput) SetStatus(v string) *GetServiceLinkedRoleDeletionStatusOutput {
	s.Status = &v
	return s
}

type GetUserInput struct {
	_ struct{} `type:"structure"`

	// The name of the user to get information about.
	//
	// This parameter is optional. If it is not included, it defaults to the user
	// making the request. This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetUserInput"}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetUserName sets the UserName field's value.
func (s *GetUserInput) SetUserName(v string) *GetUserInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful GetUser request.
type GetUserOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the IAM user.
	//
	// Due to a service issue, password last used data does not include password
	// use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT. This affects last
	// sign-in (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html)
	// dates shown in the IAM console and password last used dates in the IAM credential
	// report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html),
	// and returned by this operation. If users signed in during the affected time,
	// the password last used date that is returned is the date the user last signed
	// in before May 3, 2018. For users that signed in after May 23, 2018 14:08
	// PDT, the returned password last used date is accurate.
	//
	// You can use password last used information to identify unused credentials
	// for deletion. For example, you might delete users who did not sign in to
	// Amazon Web Services in the last 90 days. In cases like this, we recommend
	// that you adjust your evaluation window to include dates after May 23, 2018.
	// Alternatively, if your users use access keys to access Amazon Web Services
	// programmatically you can refer to access key last used information because
	// it is accurate for all dates.
	//
	// User is a required field
	User *User `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetUserOutput) GoString() string {
	return s.String()
}

// SetUser sets the User field's value.
func (s *GetUserOutput) SetUser(v *User) *GetUserOutput {
	s.User = v
	return s
}

type GetUserPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name of the policy document to get.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name of the user who the policy is associated with.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetUserPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetUserPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetUserPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetUserPolicyInput"}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyName sets the PolicyName field's value.
func (s *GetUserPolicyInput) SetPolicyName(v string) *GetUserPolicyInput {
	s.PolicyName = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *GetUserPolicyInput) SetUserName(v string) *GetUserPolicyInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful GetUserPolicy request.
type GetUserPolicyOutput struct {
	_ struct{} `type:"structure"`

	// The policy document.
	//
	// IAM stores policies in JSON format. However, resources that were created
	// using CloudFormation templates can be formatted in YAML. CloudFormation always
	// converts a YAML policy to JSON format before submitting it to IAM.
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy.
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The user the policy is associated with.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetUserPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetUserPolicyOutput) GoString() string {
	return s.String()
}

// SetPolicyDocument sets the PolicyDocument field's value.
func (s *GetUserPolicyOutput) SetPolicyDocument(v string) *GetUserPolicyOutput {
	s.PolicyDocument = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *GetUserPolicyOutput) SetPolicyName(v string) *GetUserPolicyOutput {
	s.PolicyName = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *GetUserPolicyOutput) SetUserName(v string) *GetUserPolicyOutput {
	s.UserName = &v
	return s
}

// Contains information about an IAM group entity.
//
// This data type is used as a response element in the following operations:
//
//    * CreateGroup
//
//    * GetGroup
//
//    * ListGroups
type Group struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) specifying the group. For more information
	// about ARNs and how to use them in policies, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the group was created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" required:"true"`

	// The stable and unique string identifying the group. For more information
	// about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// GroupId is a required field
	GroupId *string `min:"16" type:"string" required:"true"`

	// The friendly name that identifies the group.
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The path to the group. For more information about paths, see IAM identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// Path is a required field
	Path *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Group) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Group) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *Group) SetArn(v string) *Group {
	s.Arn = &v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *Group) SetCreateDate(v time.Time) *Group {
	s.CreateDate = &v
	return s
}

// SetGroupId sets the GroupId field's value.
func (s *Group) SetGroupId(v string) *Group {
	s.GroupId = &v
	return s
}

// SetGroupName sets the GroupName field's value.
func (s *Group) SetGroupName(v string) *Group {
	s.GroupName = &v
	return s
}

// SetPath sets the Path field's value.
func (s *Group) SetPath(v string) *Group {
	s.Path = &v
	return s
}

// Contains information about an IAM group, including all of the group's policies.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// operation.
type GroupDetail struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	Arn *string `min:"20" type:"string"`

	// A list of the managed policies attached to the group.
	AttachedManagedPolicies []*AttachedPolicy `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the group was created.
	CreateDate *time.Time `type:"timestamp"`

	// The stable and unique string identifying the group. For more information
	// about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	GroupId *string `min:"16" type:"string"`

	// The friendly name that identifies the group.
	GroupName *string `min:"1" type:"string"`

	// A list of the inline policies embedded in the group.
	GroupPolicyList []*PolicyDetail `type:"list"`

	// The path to the group. For more information about paths, see IAM identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	Path *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GroupDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GroupDetail) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *GroupDetail) SetArn(v string) *GroupDetail {
	s.Arn = &v
	return s
}

// SetAttachedManagedPolicies sets the AttachedManagedPolicies field's value.
func (s *GroupDetail) SetAttachedManagedPolicies(v []*AttachedPolicy) *GroupDetail {
	s.AttachedManagedPolicies = v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *GroupDetail) SetCreateDate(v time.Time) *GroupDetail {
	s.CreateDate = &v
	return s
}

// SetGroupId sets the GroupId field's value.
func (s *GroupDetail) SetGroupId(v string) *GroupDetail {
	s.GroupId = &v
	return s
}

// SetGroupName sets the GroupName field's value.
func (s *GroupDetail) SetGroupName(v string) *GroupDetail {
	s.GroupName = &v
	return s
}

// SetGroupPolicyList sets the GroupPolicyList field's value.
func (s *GroupDetail) SetGroupPolicyList(v []*PolicyDetail) *GroupDetail {
	s.GroupPolicyList = v
	return s
}

// SetPath sets the Path field's value.
func (s *GroupDetail) SetPath(v string) *GroupDetail {
	s.Path = &v
	return s
}

// Contains information about an instance profile.
//
// This data type is used as a response element in the following operations:
//
//    * CreateInstanceProfile
//
//    * GetInstanceProfile
//
//    * ListInstanceProfiles
//
//    * ListInstanceProfilesForRole
type InstanceProfile struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) specifying the instance profile. For more
	// information about ARNs and how to use them in policies, see IAM identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The date when the instance profile was created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" required:"true"`

	// The stable and unique string identifying the instance profile. For more information
	// about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// InstanceProfileId is a required field
	InstanceProfileId *string `min:"16" type:"string" required:"true"`

	// The name identifying the instance profile.
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// The path to the instance profile. For more information about paths, see IAM
	// identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// Path is a required field
	Path *string `min:"1" type:"string" required:"true"`

	// The role associated with the instance profile.
	//
	// Roles is a required field
	Roles []*Role `type:"list" required:"true"`

	// A list of tags that are attached to the instance profile. For more information
	// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InstanceProfile) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InstanceProfile) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *InstanceProfile) SetArn(v string) *InstanceProfile {
	s.Arn = &v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *InstanceProfile) SetCreateDate(v time.Time) *InstanceProfile {
	s.CreateDate = &v
	return s
}

// SetInstanceProfileId sets the InstanceProfileId field's value.
func (s *InstanceProfile) SetInstanceProfileId(v string) *InstanceProfile {
	s.InstanceProfileId = &v
	return s
}

// SetInstanceProfileName sets the InstanceProfileName field's value.
func (s *InstanceProfile) SetInstanceProfileName(v string) *InstanceProfile {
	s.InstanceProfileName = &v
	return s
}

// SetPath sets the Path field's value.
func (s *InstanceProfile) SetPath(v string) *InstanceProfile {
	s.Path = &v
	return s
}

// SetRoles sets the Roles field's value.
func (s *InstanceProfile) SetRoles(v []*Role) *InstanceProfile {
	s.Roles = v
	return s
}

// SetTags sets the Tags field's value.
func (s *InstanceProfile) SetTags(v []*Tag) *InstanceProfile {
	s.Tags = v
	return s
}

type ListAccessKeysInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the user.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccessKeysInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccessKeysInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAccessKeysInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAccessKeysInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListAccessKeysInput) SetMarker(v string) *ListAccessKeysInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListAccessKeysInput) SetMaxItems(v int64) *ListAccessKeysInput {
	s.MaxItems = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ListAccessKeysInput) SetUserName(v string) *ListAccessKeysInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful ListAccessKeys request.
type ListAccessKeysOutput struct {
	_ struct{} `type:"structure"`

	// A list of objects containing metadata about the access keys.
	//
	// AccessKeyMetadata is a required field
	AccessKeyMetadata []*AccessKeyMetadata `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccessKeysOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccessKeysOutput) GoString() string {
	return s.String()
}

// SetAccessKeyMetadata sets the AccessKeyMetadata field's value.
func (s *ListAccessKeysOutput) SetAccessKeyMetadata(v []*AccessKeyMetadata) *ListAccessKeysOutput {
	s.AccessKeyMetadata = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListAccessKeysOutput) SetIsTruncated(v bool) *ListAccessKeysOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListAccessKeysOutput) SetMarker(v string) *ListAccessKeysOutput {
	s.Marker = &v
	return s
}

type ListAccountAliasesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountAliasesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountAliasesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAccountAliasesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAccountAliasesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListAccountAliasesInput) SetMarker(v string) *ListAccountAliasesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListAccountAliasesInput) SetMaxItems(v int64) *ListAccountAliasesInput {
	s.MaxItems = &v
	return s
}

// Contains the response to a successful ListAccountAliases request.
type ListAccountAliasesOutput struct {
	_ struct{} `type:"structure"`

	// A list of aliases associated with the account. Amazon Web Services supports
	// only one alias per account.
	//
	// AccountAliases is a required field
	AccountAliases []*string `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountAliasesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAccountAliasesOutput) GoString() string {
	return s.String()
}

// SetAccountAliases sets the AccountAliases field's value.
func (s *ListAccountAliasesOutput) SetAccountAliases(v []*string) *ListAccountAliasesOutput {
	s.AccountAliases = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListAccountAliasesOutput) SetIsTruncated(v bool) *ListAccountAliasesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListAccountAliasesOutput) SetMarker(v string) *ListAccountAliasesOutput {
	s.Marker = &v
	return s
}

type ListAttachedGroupPoliciesInput struct {
	_ struct{} `type:"structure"`

	// The name (friendly name, not ARN) of the group to list attached policies
	// for.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedGroupPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedGroupPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAttachedGroupPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAttachedGroupPoliciesInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *ListAttachedGroupPoliciesInput) SetGroupName(v string) *ListAttachedGroupPoliciesInput {
	s.GroupName = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListAttachedGroupPoliciesInput) SetMarker(v string) *ListAttachedGroupPoliciesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListAttachedGroupPoliciesInput) SetMaxItems(v int64) *ListAttachedGroupPoliciesInput {
	s.MaxItems = &v
	return s
}

// SetPathPrefix sets the PathPrefix field's value.
func (s *ListAttachedGroupPoliciesInput) SetPathPrefix(v string) *ListAttachedGroupPoliciesInput {
	s.PathPrefix = &v
	return s
}

// Contains the response to a successful ListAttachedGroupPolicies request.
type ListAttachedGroupPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A list of the attached policies.
	AttachedPolicies []*AttachedPolicy `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedGroupPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedGroupPoliciesOutput) GoString() string {
	return s.String()
}

// SetAttachedPolicies sets the AttachedPolicies field's value.
func (s *ListAttachedGroupPoliciesOutput) SetAttachedPolicies(v []*AttachedPolicy) *ListAttachedGroupPoliciesOutput {
	s.AttachedPolicies = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListAttachedGroupPoliciesOutput) SetIsTruncated(v bool) *ListAttachedGroupPoliciesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListAttachedGroupPoliciesOutput) SetMarker(v string) *ListAttachedGroupPoliciesOutput {
	s.Marker = &v
	return s
}

type ListAttachedRolePoliciesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	PathPrefix *string `min:"1" type:"string"`

	// The name (friendly name, not ARN) of the role to list attached policies for.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedRolePoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedRolePoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAttachedRolePoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAttachedRolePoliciesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListAttachedRolePoliciesInput) SetMarker(v string) *ListAttachedRolePoliciesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListAttachedRolePoliciesInput) SetMaxItems(v int64) *ListAttachedRolePoliciesInput {
	s.MaxItems = &v
	return s
}

// SetPathPrefix sets the PathPrefix field's value.
func (s *ListAttachedRolePoliciesInput) SetPathPrefix(v string) *ListAttachedRolePoliciesInput {
	s.PathPrefix = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *ListAttachedRolePoliciesInput) SetRoleName(v string) *ListAttachedRolePoliciesInput {
	s.RoleName = &v
	return s
}

// Contains the response to a successful ListAttachedRolePolicies request.
type ListAttachedRolePoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A list of the attached policies.
	AttachedPolicies []*AttachedPolicy `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedRolePoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedRolePoliciesOutput) GoString() string {
	return s.String()
}

// SetAttachedPolicies sets the AttachedPolicies field's value.
func (s *ListAttachedRolePoliciesOutput) SetAttachedPolicies(v []*AttachedPolicy) *ListAttachedRolePoliciesOutput {
	s.AttachedPolicies = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListAttachedRolePoliciesOutput) SetIsTruncated(v bool) *ListAttachedRolePoliciesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListAttachedRolePoliciesOutput) SetMarker(v string) *ListAttachedRolePoliciesOutput {
	s.Marker = &v
	return s
}

type ListAttachedUserPoliciesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	PathPrefix *string `min:"1" type:"string"`

	// The name (friendly name, not ARN) of the user to list attached policies for.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedUserPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedUserPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAttachedUserPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAttachedUserPoliciesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListAttachedUserPoliciesInput) SetMarker(v string) *ListAttachedUserPoliciesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListAttachedUserPoliciesInput) SetMaxItems(v int64) *ListAttachedUserPoliciesInput {
	s.MaxItems = &v
	return s
}

// SetPathPrefix sets the PathPrefix field's value.
func (s *ListAttachedUserPoliciesInput) SetPathPrefix(v string) *ListAttachedUserPoliciesInput {
	s.PathPrefix = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ListAttachedUserPoliciesInput) SetUserName(v string) *ListAttachedUserPoliciesInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful ListAttachedUserPolicies request.
type ListAttachedUserPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A list of the attached policies.
	AttachedPolicies []*AttachedPolicy `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedUserPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAttachedUserPoliciesOutput) GoString() string {
	return s.String()
}

// SetAttachedPolicies sets the AttachedPolicies field's value.
func (s *ListAttachedUserPoliciesOutput) SetAttachedPolicies(v []*AttachedPolicy) *ListAttachedUserPoliciesOutput {
	s.AttachedPolicies = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListAttachedUserPoliciesOutput) SetIsTruncated(v bool) *ListAttachedUserPoliciesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListAttachedUserPoliciesOutput) SetMarker(v string) *ListAttachedUserPoliciesOutput {
	s.Marker = &v
	return s
}

type ListEntitiesForPolicyInput struct {
	_ struct{} `type:"structure"`

	// The entity type to use for filtering the results.
	//
	// For example, when EntityFilter is Role, only the roles that are attached
	// to the specified policy are returned. This parameter is optional. If it is
	// not included, all attached entities (users, groups, and roles) are returned.
	// The argument for this parameter must be one of the valid values listed below.
	EntityFilter *string `type:"string" enum:"EntityType"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all entities.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	PathPrefix *string `min:"1" type:"string"`

	// The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The policy usage method to use for filtering the results.
	//
	// To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy.
	// To list only the policies used to set permissions boundaries, set the value
	// to PermissionsBoundary.
	//
	// This parameter is optional. If it is not included, all policies are returned.
	PolicyUsageFilter *string `type:"string" enum:"PolicyUsageType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListEntitiesForPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListEntitiesForPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListEntitiesForPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListEntitiesForPolicyInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetEntityFilter sets the EntityFilter field's value.
func (s *ListEntitiesForPolicyInput) SetEntityFilter(v string) *ListEntitiesForPolicyInput {
	s.EntityFilter = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListEntitiesForPolicyInput) SetMarker(v string) *ListEntitiesForPolicyInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListEntitiesForPolicyInput) SetMaxItems(v int64) *ListEntitiesForPolicyInput {
	s.MaxItems = &v
	return s
}

// SetPathPrefix sets the PathPrefix field's value.
func (s *ListEntitiesForPolicyInput) SetPathPrefix(v string) *ListEntitiesForPolicyInput {
	s.PathPrefix = &v
	return s
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *ListEntitiesForPolicyInput) SetPolicyArn(v string) *ListEntitiesForPolicyInput {
	s.PolicyArn = &v
	return s
}

// SetPolicyUsageFilter sets the PolicyUsageFilter field's value.
func (s *ListEntitiesForPolicyInput) SetPolicyUsageFilter(v string) *ListEntitiesForPolicyInput {
	s.PolicyUsageFilter = &v
	return s
}

// Contains the response to a successful ListEntitiesForPolicy request.
type ListEntitiesForPolicyOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of IAM groups that the policy is attached to.
	PolicyGroups []*PolicyGroup `type:"list"`

	// A list of IAM roles that the policy is attached to.
	PolicyRoles []*PolicyRole `type:"list"`

	// A list of IAM users that the policy is attached to.
	PolicyUsers []*PolicyUser `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListEntitiesForPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListEntitiesForPolicyOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListEntitiesForPolicyOutput) SetIsTruncated(v bool) *ListEntitiesForPolicyOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListEntitiesForPolicyOutput) SetMarker(v string) *ListEntitiesForPolicyOutput {
	s.Marker = &v
	return s
}

// SetPolicyGroups sets the PolicyGroups field's value.
func (s *ListEntitiesForPolicyOutput) SetPolicyGroups(v []*PolicyGroup) *ListEntitiesForPolicyOutput {
	s.PolicyGroups = v
	return s
}

// SetPolicyRoles sets the PolicyRoles field's value.
func (s *ListEntitiesForPolicyOutput) SetPolicyRoles(v []*PolicyRole) *ListEntitiesForPolicyOutput {
	s.PolicyRoles = v
	return s
}

// SetPolicyUsers sets the PolicyUsers field's value.
func (s *ListEntitiesForPolicyOutput) SetPolicyUsers(v []*PolicyUser) *ListEntitiesForPolicyOutput {
	s.PolicyUsers = v
	return s
}

type ListGroupPoliciesInput struct {
	_ struct{} `type:"structure"`

	// The name of the group to list policies for.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListGroupPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListGroupPoliciesInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *ListGroupPoliciesInput) SetGroupName(v string) *ListGroupPoliciesInput {
	s.GroupName = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListGroupPoliciesInput) SetMarker(v string) *ListGroupPoliciesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListGroupPoliciesInput) SetMaxItems(v int64) *ListGroupPoliciesInput {
	s.MaxItems = &v
	return s
}

// Contains the response to a successful ListGroupPolicies request.
type ListGroupPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of policy names.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyNames is a required field
	PolicyNames []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupPoliciesOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListGroupPoliciesOutput) SetIsTruncated(v bool) *ListGroupPoliciesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListGroupPoliciesOutput) SetMarker(v string) *ListGroupPoliciesOutput {
	s.Marker = &v
	return s
}

// SetPolicyNames sets the PolicyNames field's value.
func (s *ListGroupPoliciesOutput) SetPolicyNames(v []*string) *ListGroupPoliciesOutput {
	s.PolicyNames = v
	return s
}

type ListGroupsForUserInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the user to list groups for.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupsForUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupsForUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListGroupsForUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListGroupsForUserInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListGroupsForUserInput) SetMarker(v string) *ListGroupsForUserInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListGroupsForUserInput) SetMaxItems(v int64) *ListGroupsForUserInput {
	s.MaxItems = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ListGroupsForUserInput) SetUserName(v string) *ListGroupsForUserInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful ListGroupsForUser request.
type ListGroupsForUserOutput struct {
	_ struct{} `type:"structure"`

	// A list of groups.
	//
	// Groups is a required field
	Groups []*Group `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupsForUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupsForUserOutput) GoString() string {
	return s.String()
}

// SetGroups sets the Groups field's value.
func (s *ListGroupsForUserOutput) SetGroups(v []*Group) *ListGroupsForUserOutput {
	s.Groups = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListGroupsForUserOutput) SetIsTruncated(v bool) *ListGroupsForUserOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListGroupsForUserOutput) SetMarker(v string) *ListGroupsForUserOutput {
	s.Marker = &v
	return s
}

type ListGroupsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. For example, the prefix /division_abc/subdivision_xyz/
	// gets all groups whose path starts with /division_abc/subdivision_xyz/.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all groups. This parameter allows (through its regex pattern
	// (http://wikipedia.org/wiki/regex)) a string of characters consisting of either
	// a forward slash (/) by itself or a string that must begin and end with forward
	// slashes. In addition, it can contain any ASCII character from the ! (\u0021)
	// through the DEL character (\u007F), including most punctuation characters,
	// digits, and upper and lowercased letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListGroupsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListGroupsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListGroupsInput) SetMarker(v string) *ListGroupsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListGroupsInput) SetMaxItems(v int64) *ListGroupsInput {
	s.MaxItems = &v
	return s
}

// SetPathPrefix sets the PathPrefix field's value.
func (s *ListGroupsInput) SetPathPrefix(v string) *ListGroupsInput {
	s.PathPrefix = &v
	return s
}

// Contains the response to a successful ListGroups request.
type ListGroupsOutput struct {
	_ struct{} `type:"structure"`

	// A list of groups.
	//
	// Groups is a required field
	Groups []*Group `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListGroupsOutput) GoString() string {
	return s.String()
}

// SetGroups sets the Groups field's value.
func (s *ListGroupsOutput) SetGroups(v []*Group) *ListGroupsOutput {
	s.Groups = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListGroupsOutput) SetIsTruncated(v bool) *ListGroupsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListGroupsOutput) SetMarker(v string) *ListGroupsOutput {
	s.Marker = &v
	return s
}

type ListInstanceProfileTagsInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM instance profile whose tags you want to see.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfileTagsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfileTagsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListInstanceProfileTagsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListInstanceProfileTagsInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetInstanceProfileName sets the InstanceProfileName field's value.
func (s *ListInstanceProfileTagsInput) SetInstanceProfileName(v string) *ListInstanceProfileTagsInput {
	s.InstanceProfileName = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListInstanceProfileTagsInput) SetMarker(v string) *ListInstanceProfileTagsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListInstanceProfileTagsInput) SetMaxItems(v int64) *ListInstanceProfileTagsInput {
	s.MaxItems = &v
	return s
}

type ListInstanceProfileTagsOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// The list of tags that are currently attached to the IAM instance profile.
	// Each tag consists of a key name and an associated value. If no tags are attached
	// to the specified resource, the response contains an empty list.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfileTagsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfileTagsOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListInstanceProfileTagsOutput) SetIsTruncated(v bool) *ListInstanceProfileTagsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListInstanceProfileTagsOutput) SetMarker(v string) *ListInstanceProfileTagsOutput {
	s.Marker = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *ListInstanceProfileTagsOutput) SetTags(v []*Tag) *ListInstanceProfileTagsOutput {
	s.Tags = v
	return s
}

type ListInstanceProfilesForRoleInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the role to list instance profiles for.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfilesForRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfilesForRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListInstanceProfilesForRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListInstanceProfilesForRoleInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListInstanceProfilesForRoleInput) SetMarker(v string) *ListInstanceProfilesForRoleInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListInstanceProfilesForRoleInput) SetMaxItems(v int64) *ListInstanceProfilesForRoleInput {
	s.MaxItems = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *ListInstanceProfilesForRoleInput) SetRoleName(v string) *ListInstanceProfilesForRoleInput {
	s.RoleName = &v
	return s
}

// Contains the response to a successful ListInstanceProfilesForRole request.
type ListInstanceProfilesForRoleOutput struct {
	_ struct{} `type:"structure"`

	// A list of instance profiles.
	//
	// InstanceProfiles is a required field
	InstanceProfiles []*InstanceProfile `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfilesForRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfilesForRoleOutput) GoString() string {
	return s.String()
}

// SetInstanceProfiles sets the InstanceProfiles field's value.
func (s *ListInstanceProfilesForRoleOutput) SetInstanceProfiles(v []*InstanceProfile) *ListInstanceProfilesForRoleOutput {
	s.InstanceProfiles = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListInstanceProfilesForRoleOutput) SetIsTruncated(v bool) *ListInstanceProfilesForRoleOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListInstanceProfilesForRoleOutput) SetMarker(v string) *ListInstanceProfilesForRoleOutput {
	s.Marker = &v
	return s
}

type ListInstanceProfilesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/
	// gets all instance profiles whose path starts with /application_abc/component_xyz/.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all instance profiles. This parameter allows (through its regex
	// pattern (http://wikipedia.org/wiki/regex)) a string of characters consisting
	// of either a forward slash (/) by itself or a string that must begin and end
	// with forward slashes. In addition, it can contain any ASCII character from
	// the ! (\u0021) through the DEL character (\u007F), including most punctuation
	// characters, digits, and upper and lowercased letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfilesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfilesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListInstanceProfilesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListInstanceProfilesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListInstanceProfilesInput) SetMarker(v string) *ListInstanceProfilesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListInstanceProfilesInput) SetMaxItems(v int64) *ListInstanceProfilesInput {
	s.MaxItems = &v
	return s
}

// SetPathPrefix sets the PathPrefix field's value.
func (s *ListInstanceProfilesInput) SetPathPrefix(v string) *ListInstanceProfilesInput {
	s.PathPrefix = &v
	return s
}

// Contains the response to a successful ListInstanceProfiles request.
type ListInstanceProfilesOutput struct {
	_ struct{} `type:"structure"`

	// A list of instance profiles.
	//
	// InstanceProfiles is a required field
	InstanceProfiles []*InstanceProfile `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfilesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListInstanceProfilesOutput) GoString() string {
	return s.String()
}

// SetInstanceProfiles sets the InstanceProfiles field's value.
func (s *ListInstanceProfilesOutput) SetInstanceProfiles(v []*InstanceProfile) *ListInstanceProfilesOutput {
	s.InstanceProfiles = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListInstanceProfilesOutput) SetIsTruncated(v bool) *ListInstanceProfilesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListInstanceProfilesOutput) SetMarker(v string) *ListInstanceProfilesOutput {
	s.Marker = &v
	return s
}

type ListMFADeviceTagsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The unique identifier for the IAM virtual MFA device whose tags you want
	// to see. For virtual MFA devices, the serial number is the same as the ARN.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListMFADeviceTagsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListMFADeviceTagsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListMFADeviceTagsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListMFADeviceTagsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListMFADeviceTagsInput) SetMarker(v string) *ListMFADeviceTagsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListMFADeviceTagsInput) SetMaxItems(v int64) *ListMFADeviceTagsInput {
	s.MaxItems = &v
	return s
}

// SetSerialNumber sets the SerialNumber field's value.
func (s *ListMFADeviceTagsInput) SetSerialNumber(v string) *ListMFADeviceTagsInput {
	s.SerialNumber = &v
	return s
}

type ListMFADeviceTagsOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// The list of tags that are currently attached to the virtual MFA device. Each
	// tag consists of a key name and an associated value. If no tags are attached
	// to the specified resource, the response contains an empty list.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListMFADeviceTagsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListMFADeviceTagsOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListMFADeviceTagsOutput) SetIsTruncated(v bool) *ListMFADeviceTagsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListMFADeviceTagsOutput) SetMarker(v string) *ListMFADeviceTagsOutput {
	s.Marker = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *ListMFADeviceTagsOutput) SetTags(v []*Tag) *ListMFADeviceTagsOutput {
	s.Tags = v
	return s
}

type ListMFADevicesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the user whose MFA devices you want to list.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListMFADevicesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListMFADevicesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListMFADevicesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListMFADevicesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListMFADevicesInput) SetMarker(v string) *ListMFADevicesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListMFADevicesInput) SetMaxItems(v int64) *ListMFADevicesInput {
	s.MaxItems = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ListMFADevicesInput) SetUserName(v string) *ListMFADevicesInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful ListMFADevices request.
type ListMFADevicesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// A list of MFA devices.
	//
	// MFADevices is a required field
	MFADevices []*MFADevice `type:"list" required:"true"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListMFADevicesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListMFADevicesOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListMFADevicesOutput) SetIsTruncated(v bool) *ListMFADevicesOutput {
	s.IsTruncated = &v
	return s
}

// SetMFADevices sets the MFADevices field's value.
func (s *ListMFADevicesOutput) SetMFADevices(v []*MFADevice) *ListMFADevicesOutput {
	s.MFADevices = v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListMFADevicesOutput) SetMarker(v string) *ListMFADevicesOutput {
	s.Marker = &v
	return s
}

type ListOpenIDConnectProviderTagsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The ARN of the OpenID Connect (OIDC) identity provider whose tags you want
	// to see.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOpenIDConnectProviderTagsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOpenIDConnectProviderTagsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListOpenIDConnectProviderTagsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListOpenIDConnectProviderTagsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListOpenIDConnectProviderTagsInput) SetMarker(v string) *ListOpenIDConnectProviderTagsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListOpenIDConnectProviderTagsInput) SetMaxItems(v int64) *ListOpenIDConnectProviderTagsInput {
	s.MaxItems = &v
	return s
}

// SetOpenIDConnectProviderArn sets the OpenIDConnectProviderArn field's value.
func (s *ListOpenIDConnectProviderTagsInput) SetOpenIDConnectProviderArn(v string) *ListOpenIDConnectProviderTagsInput {
	s.OpenIDConnectProviderArn = &v
	return s
}

type ListOpenIDConnectProviderTagsOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// The list of tags that are currently attached to the OpenID Connect (OIDC)
	// identity provider. Each tag consists of a key name and an associated value.
	// If no tags are attached to the specified resource, the response contains
	// an empty list.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOpenIDConnectProviderTagsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOpenIDConnectProviderTagsOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListOpenIDConnectProviderTagsOutput) SetIsTruncated(v bool) *ListOpenIDConnectProviderTagsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListOpenIDConnectProviderTagsOutput) SetMarker(v string) *ListOpenIDConnectProviderTagsOutput {
	s.Marker = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *ListOpenIDConnectProviderTagsOutput) SetTags(v []*Tag) *ListOpenIDConnectProviderTagsOutput {
	s.Tags = v
	return s
}

type ListOpenIDConnectProvidersInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOpenIDConnectProvidersInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOpenIDConnectProvidersInput) GoString() string {
	return s.String()
}

// Contains the response to a successful ListOpenIDConnectProviders request.
type ListOpenIDConnectProvidersOutput struct {
	_ struct{} `type:"structure"`

	// The list of IAM OIDC provider resource objects defined in the Amazon Web
	// Services account.
	OpenIDConnectProviderList []*OpenIDConnectProviderListEntry `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOpenIDConnectProvidersOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListOpenIDConnectProvidersOutput) GoString() string {
	return s.String()
}

// SetOpenIDConnectProviderList sets the OpenIDConnectProviderList field's value.
func (s *ListOpenIDConnectProvidersOutput) SetOpenIDConnectProviderList(v []*OpenIDConnectProviderListEntry) *ListOpenIDConnectProvidersOutput {
	s.OpenIDConnectProviderList = v
	return s
}

// Contains details about the permissions policies that are attached to the
// specified identity (user, group, or role).
//
// This data type is used as a response element in the ListPoliciesGrantingServiceAccess
// operation.
type ListPoliciesGrantingServiceAccessEntry struct {
	_ struct{} `type:"structure"`

	// The PoliciesGrantingServiceAccess object that contains details about the
	// policy.
	Policies []*PolicyGrantingServiceAccess `type:"list"`

	// The namespace of the service that was accessed.
	//
	// To learn the service namespace of a service, see Actions, resources, and
	// condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)
	// in the Service Authorization Reference. Choose the name of the service to
	// view details for that service. In the first paragraph, find the service prefix.
	// For example, (service prefix: a4b). For more information about service namespaces,
	// see Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces)
	// in the Amazon Web Services General Reference.
	ServiceNamespace *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesGrantingServiceAccessEntry) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesGrantingServiceAccessEntry) GoString() string {
	return s.String()
}

// SetPolicies sets the Policies field's value.
func (s *ListPoliciesGrantingServiceAccessEntry) SetPolicies(v []*PolicyGrantingServiceAccess) *ListPoliciesGrantingServiceAccessEntry {
	s.Policies = v
	return s
}

// SetServiceNamespace sets the ServiceNamespace field's value.
func (s *ListPoliciesGrantingServiceAccessEntry) SetServiceNamespace(v string) *ListPoliciesGrantingServiceAccessEntry {
	s.ServiceNamespace = &v
	return s
}

type ListPoliciesGrantingServiceAccessInput struct {
	_ struct{} `type:"structure"`

	// The ARN of the IAM identity (user, group, or role) whose policies you want
	// to list.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// The service namespace for the Amazon Web Services services whose policies
	// you want to list.
	//
	// To learn the service namespace for a service, see Actions, resources, and
	// condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)
	// in the IAM User Guide. Choose the name of the service to view details for
	// that service. In the first paragraph, find the service prefix. For example,
	// (service prefix: a4b). For more information about service namespaces, see
	// Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces)
	// in the Amazon Web Services General Reference.
	//
	// ServiceNamespaces is a required field
	ServiceNamespaces []*string `min:"1" type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesGrantingServiceAccessInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesGrantingServiceAccessInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPoliciesGrantingServiceAccessInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesGrantingServiceAccessInput"}
	if s.Arn == nil {
		invalidParams.Add(request.NewErrParamRequired("Arn"))
	}
	if s.Arn != nil && len(*s.Arn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("Arn", 20))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.ServiceNamespaces == nil {
		invalidParams.Add(request.NewErrParamRequired("ServiceNamespaces"))
	}
	if s.ServiceNamespaces != nil && len(s.ServiceNamespaces) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServiceNamespaces", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetArn sets the Arn field's value.
func (s *ListPoliciesGrantingServiceAccessInput) SetArn(v string) *ListPoliciesGrantingServiceAccessInput {
	s.Arn = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListPoliciesGrantingServiceAccessInput) SetMarker(v string) *ListPoliciesGrantingServiceAccessInput {
	s.Marker = &v
	return s
}

// SetServiceNamespaces sets the ServiceNamespaces field's value.
func (s *ListPoliciesGrantingServiceAccessInput) SetServiceNamespaces(v []*string) *ListPoliciesGrantingServiceAccessInput {
	s.ServiceNamespaces = v
	return s
}

type ListPoliciesGrantingServiceAccessOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. We recommend that you check IsTruncated
	// after every call to ensure that you receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A ListPoliciesGrantingServiceAccess object that contains details about the
	// permissions policies attached to the specified identity (user, group, or
	// role).
	//
	// PoliciesGrantingServiceAccess is a required field
	PoliciesGrantingServiceAccess []*ListPoliciesGrantingServiceAccessEntry `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesGrantingServiceAccessOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesGrantingServiceAccessOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListPoliciesGrantingServiceAccessOutput) SetIsTruncated(v bool) *ListPoliciesGrantingServiceAccessOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListPoliciesGrantingServiceAccessOutput) SetMarker(v string) *ListPoliciesGrantingServiceAccessOutput {
	s.Marker = &v
	return s
}

// SetPoliciesGrantingServiceAccess sets the PoliciesGrantingServiceAccess field's value.
func (s *ListPoliciesGrantingServiceAccessOutput) SetPoliciesGrantingServiceAccess(v []*ListPoliciesGrantingServiceAccessEntry) *ListPoliciesGrantingServiceAccessOutput {
	s.PoliciesGrantingServiceAccess = v
	return s
}

type ListPoliciesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// A flag to filter the results to only the attached policies.
	//
	// When OnlyAttached is true, the returned list contains only the policies that
	// are attached to an IAM user, group, or role. When OnlyAttached is false,
	// or when the parameter is not included, all policies are returned.
	OnlyAttached *bool `type:"boolean"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies. This
	// parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	PathPrefix *string `min:"1" type:"string"`

	// The policy usage method to use for filtering the results.
	//
	// To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy.
	// To list only the policies used to set permissions boundaries, set the value
	// to PermissionsBoundary.
	//
	// This parameter is optional. If it is not included, all policies are returned.
	PolicyUsageFilter *string `type:"string" enum:"PolicyUsageType"`

	// The scope to use for filtering the results.
	//
	// To list only Amazon Web Services managed policies, set Scope to AWS. To list
	// only the customer managed policies in your Amazon Web Services account, set
	// Scope to Local.
	//
	// This parameter is optional. If it is not included, or if it is set to All,
	// all policies are returned.
	Scope *string `type:"string" enum:"PolicyScopeType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListPoliciesInput) SetMarker(v string) *ListPoliciesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListPoliciesInput) SetMaxItems(v int64) *ListPoliciesInput {
	s.MaxItems = &v
	return s
}

// SetOnlyAttached sets the OnlyAttached field's value.
func (s *ListPoliciesInput) SetOnlyAttached(v bool) *ListPoliciesInput {
	s.OnlyAttached = &v
	return s
}

// SetPathPrefix sets the PathPrefix field's value.
func (s *ListPoliciesInput) SetPathPrefix(v string) *ListPoliciesInput {
	s.PathPrefix = &v
	return s
}

// SetPolicyUsageFilter sets the PolicyUsageFilter field's value.
func (s *ListPoliciesInput) SetPolicyUsageFilter(v string) *ListPoliciesInput {
	s.PolicyUsageFilter = &v
	return s
}

// SetScope sets the Scope field's value.
func (s *ListPoliciesInput) SetScope(v string) *ListPoliciesInput {
	s.Scope = &v
	return s
}

// Contains the response to a successful ListPolicies request.
type ListPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of policies.
	Policies []*Policy `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListPoliciesOutput) SetIsTruncated(v bool) *ListPoliciesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListPoliciesOutput) SetMarker(v string) *ListPoliciesOutput {
	s.Marker = &v
	return s
}

// SetPolicies sets the Policies field's value.
func (s *ListPoliciesOutput) SetPolicies(v []*Policy) *ListPoliciesOutput {
	s.Policies = v
	return s
}

type ListPolicyTagsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The ARN of the IAM customer managed policy whose tags you want to see.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyTagsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyTagsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPolicyTagsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListPolicyTagsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListPolicyTagsInput) SetMarker(v string) *ListPolicyTagsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListPolicyTagsInput) SetMaxItems(v int64) *ListPolicyTagsInput {
	s.MaxItems = &v
	return s
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *ListPolicyTagsInput) SetPolicyArn(v string) *ListPolicyTagsInput {
	s.PolicyArn = &v
	return s
}

type ListPolicyTagsOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// The list of tags that are currently attached to the IAM customer managed
	// policy. Each tag consists of a key name and an associated value. If no tags
	// are attached to the specified resource, the response contains an empty list.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyTagsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyTagsOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListPolicyTagsOutput) SetIsTruncated(v bool) *ListPolicyTagsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListPolicyTagsOutput) SetMarker(v string) *ListPolicyTagsOutput {
	s.Marker = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *ListPolicyTagsOutput) SetTags(v []*Tag) *ListPolicyTagsOutput {
	s.Tags = v
	return s
}

type ListPolicyVersionsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyVersionsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyVersionsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPolicyVersionsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListPolicyVersionsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListPolicyVersionsInput) SetMarker(v string) *ListPolicyVersionsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListPolicyVersionsInput) SetMaxItems(v int64) *ListPolicyVersionsInput {
	s.MaxItems = &v
	return s
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *ListPolicyVersionsInput) SetPolicyArn(v string) *ListPolicyVersionsInput {
	s.PolicyArn = &v
	return s
}

// Contains the response to a successful ListPolicyVersions request.
type ListPolicyVersionsOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of policy versions.
	//
	// For more information about managed policy versions, see Versioning for managed
	// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	Versions []*PolicyVersion `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyVersionsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyVersionsOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListPolicyVersionsOutput) SetIsTruncated(v bool) *ListPolicyVersionsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListPolicyVersionsOutput) SetMarker(v string) *ListPolicyVersionsOutput {
	s.Marker = &v
	return s
}

// SetVersions sets the Versions field's value.
func (s *ListPolicyVersionsOutput) SetVersions(v []*PolicyVersion) *ListPolicyVersionsOutput {
	s.Versions = v
	return s
}

type ListRolePoliciesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the role to list policies for.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRolePoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRolePoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListRolePoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListRolePoliciesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListRolePoliciesInput) SetMarker(v string) *ListRolePoliciesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListRolePoliciesInput) SetMaxItems(v int64) *ListRolePoliciesInput {
	s.MaxItems = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *ListRolePoliciesInput) SetRoleName(v string) *ListRolePoliciesInput {
	s.RoleName = &v
	return s
}

// Contains the response to a successful ListRolePolicies request.
type ListRolePoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of policy names.
	//
	// PolicyNames is a required field
	PolicyNames []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRolePoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRolePoliciesOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListRolePoliciesOutput) SetIsTruncated(v bool) *ListRolePoliciesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListRolePoliciesOutput) SetMarker(v string) *ListRolePoliciesOutput {
	s.Marker = &v
	return s
}

// SetPolicyNames sets the PolicyNames field's value.
func (s *ListRolePoliciesOutput) SetPolicyNames(v []*string) *ListRolePoliciesOutput {
	s.PolicyNames = v
	return s
}

type ListRoleTagsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the IAM role for which you want to see the list of tags.
	//
	// This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that consist of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRoleTagsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRoleTagsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListRoleTagsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListRoleTagsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListRoleTagsInput) SetMarker(v string) *ListRoleTagsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListRoleTagsInput) SetMaxItems(v int64) *ListRoleTagsInput {
	s.MaxItems = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *ListRoleTagsInput) SetRoleName(v string) *ListRoleTagsInput {
	s.RoleName = &v
	return s
}

type ListRoleTagsOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// The list of tags that are currently attached to the role. Each tag consists
	// of a key name and an associated value. If no tags are attached to the specified
	// resource, the response contains an empty list.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRoleTagsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRoleTagsOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListRoleTagsOutput) SetIsTruncated(v bool) *ListRoleTagsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListRoleTagsOutput) SetMarker(v string) *ListRoleTagsOutput {
	s.Marker = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *ListRoleTagsOutput) SetTags(v []*Tag) *ListRoleTagsOutput {
	s.Tags = v
	return s
}

type ListRolesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/
	// gets all roles whose path starts with /application_abc/component_xyz/.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all roles. This parameter allows (through its regex pattern
	// (http://wikipedia.org/wiki/regex)) a string of characters consisting of either
	// a forward slash (/) by itself or a string that must begin and end with forward
	// slashes. In addition, it can contain any ASCII character from the ! (\u0021)
	// through the DEL character (\u007F), including most punctuation characters,
	// digits, and upper and lowercased letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRolesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRolesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListRolesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListRolesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListRolesInput) SetMarker(v string) *ListRolesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListRolesInput) SetMaxItems(v int64) *ListRolesInput {
	s.MaxItems = &v
	return s
}

// SetPathPrefix sets the PathPrefix field's value.
func (s *ListRolesInput) SetPathPrefix(v string) *ListRolesInput {
	s.PathPrefix = &v
	return s
}

// Contains the response to a successful ListRoles request.
type ListRolesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of roles.
	//
	// Roles is a required field
	Roles []*Role `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRolesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRolesOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListRolesOutput) SetIsTruncated(v bool) *ListRolesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListRolesOutput) SetMarker(v string) *ListRolesOutput {
	s.Marker = &v
	return s
}

// SetRoles sets the Roles field's value.
func (s *ListRolesOutput) SetRoles(v []*Role) *ListRolesOutput {
	s.Roles = v
	return s
}

type ListSAMLProviderTagsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The ARN of the Security Assertion Markup Language (SAML) identity provider
	// whose tags you want to see.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// SAMLProviderArn is a required field
	SAMLProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSAMLProviderTagsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSAMLProviderTagsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListSAMLProviderTagsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListSAMLProviderTagsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.SAMLProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLProviderArn"))
	}
	if s.SAMLProviderArn != nil && len(*s.SAMLProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListSAMLProviderTagsInput) SetMarker(v string) *ListSAMLProviderTagsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListSAMLProviderTagsInput) SetMaxItems(v int64) *ListSAMLProviderTagsInput {
	s.MaxItems = &v
	return s
}

// SetSAMLProviderArn sets the SAMLProviderArn field's value.
func (s *ListSAMLProviderTagsInput) SetSAMLProviderArn(v string) *ListSAMLProviderTagsInput {
	s.SAMLProviderArn = &v
	return s
}

type ListSAMLProviderTagsOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// The list of tags that are currently attached to the Security Assertion Markup
	// Language (SAML) identity provider. Each tag consists of a key name and an
	// associated value. If no tags are attached to the specified resource, the
	// response contains an empty list.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSAMLProviderTagsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSAMLProviderTagsOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListSAMLProviderTagsOutput) SetIsTruncated(v bool) *ListSAMLProviderTagsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListSAMLProviderTagsOutput) SetMarker(v string) *ListSAMLProviderTagsOutput {
	s.Marker = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *ListSAMLProviderTagsOutput) SetTags(v []*Tag) *ListSAMLProviderTagsOutput {
	s.Tags = v
	return s
}

type ListSAMLProvidersInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSAMLProvidersInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSAMLProvidersInput) GoString() string {
	return s.String()
}

// Contains the response to a successful ListSAMLProviders request.
type ListSAMLProvidersOutput struct {
	_ struct{} `type:"structure"`

	// The list of SAML provider resource objects defined in IAM for this Amazon
	// Web Services account.
	SAMLProviderList []*SAMLProviderListEntry `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSAMLProvidersOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSAMLProvidersOutput) GoString() string {
	return s.String()
}

// SetSAMLProviderList sets the SAMLProviderList field's value.
func (s *ListSAMLProvidersOutput) SetSAMLProviderList(v []*SAMLProviderListEntry) *ListSAMLProvidersOutput {
	s.SAMLProviderList = v
	return s
}

type ListSSHPublicKeysInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the IAM user to list SSH public keys for. If none is specified,
	// the UserName field is determined implicitly based on the Amazon Web Services
	// access key used to sign the request.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSSHPublicKeysInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSSHPublicKeysInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListSSHPublicKeysInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListSSHPublicKeysInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListSSHPublicKeysInput) SetMarker(v string) *ListSSHPublicKeysInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListSSHPublicKeysInput) SetMaxItems(v int64) *ListSSHPublicKeysInput {
	s.MaxItems = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ListSSHPublicKeysInput) SetUserName(v string) *ListSSHPublicKeysInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful ListSSHPublicKeys request.
type ListSSHPublicKeysOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of the SSH public keys assigned to IAM user.
	SSHPublicKeys []*SSHPublicKeyMetadata `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSSHPublicKeysOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSSHPublicKeysOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListSSHPublicKeysOutput) SetIsTruncated(v bool) *ListSSHPublicKeysOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListSSHPublicKeysOutput) SetMarker(v string) *ListSSHPublicKeysOutput {
	s.Marker = &v
	return s
}

// SetSSHPublicKeys sets the SSHPublicKeys field's value.
func (s *ListSSHPublicKeysOutput) SetSSHPublicKeys(v []*SSHPublicKeyMetadata) *ListSSHPublicKeysOutput {
	s.SSHPublicKeys = v
	return s
}

type ListServerCertificateTagsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the IAM server certificate whose tags you want to see.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServerCertificateTagsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServerCertificateTagsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListServerCertificateTagsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListServerCertificateTagsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListServerCertificateTagsInput) SetMarker(v string) *ListServerCertificateTagsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListServerCertificateTagsInput) SetMaxItems(v int64) *ListServerCertificateTagsInput {
	s.MaxItems = &v
	return s
}

// SetServerCertificateName sets the ServerCertificateName field's value.
func (s *ListServerCertificateTagsInput) SetServerCertificateName(v string) *ListServerCertificateTagsInput {
	s.ServerCertificateName = &v
	return s
}

type ListServerCertificateTagsOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// The list of tags that are currently attached to the IAM server certificate.
	// Each tag consists of a key name and an associated value. If no tags are attached
	// to the specified resource, the response contains an empty list.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServerCertificateTagsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServerCertificateTagsOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListServerCertificateTagsOutput) SetIsTruncated(v bool) *ListServerCertificateTagsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListServerCertificateTagsOutput) SetMarker(v string) *ListServerCertificateTagsOutput {
	s.Marker = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *ListServerCertificateTagsOutput) SetTags(v []*Tag) *ListServerCertificateTagsOutput {
	s.Tags = v
	return s
}

type ListServerCertificatesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. For example: /company/servercerts
	// would get all server certificates for which the path starts with /company/servercerts.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all server certificates. This parameter allows (through its
	// regex pattern (http://wikipedia.org/wiki/regex)) a string of characters consisting
	// of either a forward slash (/) by itself or a string that must begin and end
	// with forward slashes. In addition, it can contain any ASCII character from
	// the ! (\u0021) through the DEL character (\u007F), including most punctuation
	// characters, digits, and upper and lowercased letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServerCertificatesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServerCertificatesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListServerCertificatesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListServerCertificatesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListServerCertificatesInput) SetMarker(v string) *ListServerCertificatesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListServerCertificatesInput) SetMaxItems(v int64) *ListServerCertificatesInput {
	s.MaxItems = &v
	return s
}

// SetPathPrefix sets the PathPrefix field's value.
func (s *ListServerCertificatesInput) SetPathPrefix(v string) *ListServerCertificatesInput {
	s.PathPrefix = &v
	return s
}

// Contains the response to a successful ListServerCertificates request.
type ListServerCertificatesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of server certificates.
	//
	// ServerCertificateMetadataList is a required field
	ServerCertificateMetadataList []*ServerCertificateMetadata `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServerCertificatesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServerCertificatesOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListServerCertificatesOutput) SetIsTruncated(v bool) *ListServerCertificatesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListServerCertificatesOutput) SetMarker(v string) *ListServerCertificatesOutput {
	s.Marker = &v
	return s
}

// SetServerCertificateMetadataList sets the ServerCertificateMetadataList field's value.
func (s *ListServerCertificatesOutput) SetServerCertificateMetadataList(v []*ServerCertificateMetadata) *ListServerCertificatesOutput {
	s.ServerCertificateMetadataList = v
	return s
}

type ListServiceSpecificCredentialsInput struct {
	_ struct{} `type:"structure"`

	// Filters the returned results to only those for the specified Amazon Web Services
	// service. If not specified, then Amazon Web Services returns service-specific
	// credentials for all services.
	ServiceName *string `type:"string"`

	// The name of the user whose service-specific credentials you want information
	// about. If this value is not specified, then the operation assumes the user
	// whose credentials are used to call the operation.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServiceSpecificCredentialsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServiceSpecificCredentialsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListServiceSpecificCredentialsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListServiceSpecificCredentialsInput"}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetServiceName sets the ServiceName field's value.
func (s *ListServiceSpecificCredentialsInput) SetServiceName(v string) *ListServiceSpecificCredentialsInput {
	s.ServiceName = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ListServiceSpecificCredentialsInput) SetUserName(v string) *ListServiceSpecificCredentialsInput {
	s.UserName = &v
	return s
}

type ListServiceSpecificCredentialsOutput struct {
	_ struct{} `type:"structure"`

	// A list of structures that each contain details about a service-specific credential.
	ServiceSpecificCredentials []*ServiceSpecificCredentialMetadata `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServiceSpecificCredentialsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListServiceSpecificCredentialsOutput) GoString() string {
	return s.String()
}

// SetServiceSpecificCredentials sets the ServiceSpecificCredentials field's value.
func (s *ListServiceSpecificCredentialsOutput) SetServiceSpecificCredentials(v []*ServiceSpecificCredentialMetadata) *ListServiceSpecificCredentialsOutput {
	s.ServiceSpecificCredentials = v
	return s
}

type ListSigningCertificatesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the IAM user whose signing certificates you want to examine.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSigningCertificatesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSigningCertificatesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListSigningCertificatesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListSigningCertificatesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListSigningCertificatesInput) SetMarker(v string) *ListSigningCertificatesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListSigningCertificatesInput) SetMaxItems(v int64) *ListSigningCertificatesInput {
	s.MaxItems = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ListSigningCertificatesInput) SetUserName(v string) *ListSigningCertificatesInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful ListSigningCertificates request.
type ListSigningCertificatesOutput struct {
	_ struct{} `type:"structure"`

	// A list of the user's signing certificate information.
	//
	// Certificates is a required field
	Certificates []*SigningCertificate `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSigningCertificatesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListSigningCertificatesOutput) GoString() string {
	return s.String()
}

// SetCertificates sets the Certificates field's value.
func (s *ListSigningCertificatesOutput) SetCertificates(v []*SigningCertificate) *ListSigningCertificatesOutput {
	s.Certificates = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListSigningCertificatesOutput) SetIsTruncated(v bool) *ListSigningCertificatesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListSigningCertificatesOutput) SetMarker(v string) *ListSigningCertificatesOutput {
	s.Marker = &v
	return s
}

type ListUserPoliciesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the user to list policies for.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUserPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUserPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListUserPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListUserPoliciesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListUserPoliciesInput) SetMarker(v string) *ListUserPoliciesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListUserPoliciesInput) SetMaxItems(v int64) *ListUserPoliciesInput {
	s.MaxItems = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ListUserPoliciesInput) SetUserName(v string) *ListUserPoliciesInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful ListUserPolicies request.
type ListUserPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of policy names.
	//
	// PolicyNames is a required field
	PolicyNames []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUserPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUserPoliciesOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListUserPoliciesOutput) SetIsTruncated(v bool) *ListUserPoliciesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListUserPoliciesOutput) SetMarker(v string) *ListUserPoliciesOutput {
	s.Marker = &v
	return s
}

// SetPolicyNames sets the PolicyNames field's value.
func (s *ListUserPoliciesOutput) SetPolicyNames(v []*string) *ListUserPoliciesOutput {
	s.PolicyNames = v
	return s
}

type ListUserTagsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the IAM user whose tags you want to see.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUserTagsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUserTagsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListUserTagsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListUserTagsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListUserTagsInput) SetMarker(v string) *ListUserTagsInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListUserTagsInput) SetMaxItems(v int64) *ListUserTagsInput {
	s.MaxItems = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ListUserTagsInput) SetUserName(v string) *ListUserTagsInput {
	s.UserName = &v
	return s
}

type ListUserTagsOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// The list of tags that are currently attached to the user. Each tag consists
	// of a key name and an associated value. If no tags are attached to the specified
	// resource, the response contains an empty list.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUserTagsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUserTagsOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListUserTagsOutput) SetIsTruncated(v bool) *ListUserTagsOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListUserTagsOutput) SetMarker(v string) *ListUserTagsOutput {
	s.Marker = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *ListUserTagsOutput) SetTags(v []*Tag) *ListUserTagsOutput {
	s.Tags = v
	return s
}

type ListUsersInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. For example: /division_abc/subdivision_xyz/,
	// which would get all user names whose path starts with /division_abc/subdivision_xyz/.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all user names. This parameter allows (through its regex pattern
	// (http://wikipedia.org/wiki/regex)) a string of characters consisting of either
	// a forward slash (/) by itself or a string that must begin and end with forward
	// slashes. In addition, it can contain any ASCII character from the ! (\u0021)
	// through the DEL character (\u007F), including most punctuation characters,
	// digits, and upper and lowercased letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUsersInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUsersInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListUsersInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListUsersInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMarker sets the Marker field's value.
func (s *ListUsersInput) SetMarker(v string) *ListUsersInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListUsersInput) SetMaxItems(v int64) *ListUsersInput {
	s.MaxItems = &v
	return s
}

// SetPathPrefix sets the PathPrefix field's value.
func (s *ListUsersInput) SetPathPrefix(v string) *ListUsersInput {
	s.PathPrefix = &v
	return s
}

// Contains the response to a successful ListUsers request.
type ListUsersOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// A list of users.
	//
	// Users is a required field
	Users []*User `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUsersOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListUsersOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListUsersOutput) SetIsTruncated(v bool) *ListUsersOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListUsersOutput) SetMarker(v string) *ListUsersOutput {
	s.Marker = &v
	return s
}

// SetUsers sets the Users field's value.
func (s *ListUsersOutput) SetUsers(v []*User) *ListUsersOutput {
	s.Users = v
	return s
}

type ListVirtualMFADevicesInput struct {
	_ struct{} `type:"structure"`

	// The status (Unassigned or Assigned) of the devices to list. If you do not
	// specify an AssignmentStatus, the operation defaults to Any, which lists both
	// assigned and unassigned virtual MFA devices.,
	AssignmentStatus *string `type:"string" enum:"AssignmentStatusType"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListVirtualMFADevicesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListVirtualMFADevicesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListVirtualMFADevicesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListVirtualMFADevicesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAssignmentStatus sets the AssignmentStatus field's value.
func (s *ListVirtualMFADevicesInput) SetAssignmentStatus(v string) *ListVirtualMFADevicesInput {
	s.AssignmentStatus = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListVirtualMFADevicesInput) SetMarker(v string) *ListVirtualMFADevicesInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *ListVirtualMFADevicesInput) SetMaxItems(v int64) *ListVirtualMFADevicesInput {
	s.MaxItems = &v
	return s
}

// Contains the response to a successful ListVirtualMFADevices request.
type ListVirtualMFADevicesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`

	// The list of virtual MFA devices in the current account that match the AssignmentStatus
	// value that was passed in the request.
	//
	// VirtualMFADevices is a required field
	VirtualMFADevices []*VirtualMFADevice `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListVirtualMFADevicesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListVirtualMFADevicesOutput) GoString() string {
	return s.String()
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *ListVirtualMFADevicesOutput) SetIsTruncated(v bool) *ListVirtualMFADevicesOutput {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *ListVirtualMFADevicesOutput) SetMarker(v string) *ListVirtualMFADevicesOutput {
	s.Marker = &v
	return s
}

// SetVirtualMFADevices sets the VirtualMFADevices field's value.
func (s *ListVirtualMFADevicesOutput) SetVirtualMFADevices(v []*VirtualMFADevice) *ListVirtualMFADevicesOutput {
	s.VirtualMFADevices = v
	return s
}

// Contains the user name and password create date for a user.
//
// This data type is used as a response element in the CreateLoginProfile and
// GetLoginProfile operations.
type LoginProfile struct {
	_ struct{} `type:"structure"`

	// The date when the password for the user was created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" required:"true"`

	// Specifies whether the user is required to set a new password on next sign-in.
	PasswordResetRequired *bool `type:"boolean"`

	// The name of the user, which can be used for signing in to the Amazon Web
	// Services Management Console.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LoginProfile) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LoginProfile) GoString() string {
	return s.String()
}

// SetCreateDate sets the CreateDate field's value.
func (s *LoginProfile) SetCreateDate(v time.Time) *LoginProfile {
	s.CreateDate = &v
	return s
}

// SetPasswordResetRequired sets the PasswordResetRequired field's value.
func (s *LoginProfile) SetPasswordResetRequired(v bool) *LoginProfile {
	s.PasswordResetRequired = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *LoginProfile) SetUserName(v string) *LoginProfile {
	s.UserName = &v
	return s
}

// Contains information about an MFA device.
//
// This data type is used as a response element in the ListMFADevices operation.
type MFADevice struct {
	_ struct{} `type:"structure"`

	// The date when the MFA device was enabled for the user.
	//
	// EnableDate is a required field
	EnableDate *time.Time `type:"timestamp" required:"true"`

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the device ARN.
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// The user with whom the MFA device is associated.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MFADevice) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MFADevice) GoString() string {
	return s.String()
}

// SetEnableDate sets the EnableDate field's value.
func (s *MFADevice) SetEnableDate(v time.Time) *MFADevice {
	s.EnableDate = &v
	return s
}

// SetSerialNumber sets the SerialNumber field's value.
func (s *MFADevice) SetSerialNumber(v string) *MFADevice {
	s.SerialNumber = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *MFADevice) SetUserName(v string) *MFADevice {
	s.UserName = &v
	return s
}

// Contains information about a managed policy, including the policy's ARN,
// versions, and the number of principal entities (users, groups, and roles)
// that the policy is attached to.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// operation.
//
// For more information about managed policies, see Managed policies and inline
// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
type ManagedPolicyDetail struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	Arn *string `min:"20" type:"string"`

	// The number of principal entities (users, groups, and roles) that the policy
	// is attached to.
	AttachmentCount *int64 `type:"integer"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was created.
	CreateDate *time.Time `type:"timestamp"`

	// The identifier for the version of the policy that is set as the default (operative)
	// version.
	//
	// For more information about policy versions, see Versioning for managed policies
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	DefaultVersionId *string `type:"string"`

	// A friendly description of the policy.
	Description *string `type:"string"`

	// Specifies whether the policy can be attached to an IAM user, group, or role.
	IsAttachable *bool `type:"boolean"`

	// The path to the policy.
	//
	// For more information about paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	Path *string `min:"1" type:"string"`

	// The number of entities (users and roles) for which the policy is used as
	// the permissions boundary.
	//
	// For more information about permissions boundaries, see Permissions boundaries
	// for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
	// in the IAM User Guide.
	PermissionsBoundaryUsageCount *int64 `type:"integer"`

	// The stable and unique string identifying the policy.
	//
	// For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	PolicyId *string `min:"16" type:"string"`

	// The friendly name (not ARN) identifying the policy.
	PolicyName *string `min:"1" type:"string"`

	// A list containing information about the versions of the policy.
	PolicyVersionList []*PolicyVersion `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was last updated.
	//
	// When a policy has only one version, this field contains the date and time
	// when the policy was created. When a policy has more than one version, this
	// field contains the date and time when the most recent policy version was
	// created.
	UpdateDate *time.Time `type:"timestamp"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ManagedPolicyDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ManagedPolicyDetail) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *ManagedPolicyDetail) SetArn(v string) *ManagedPolicyDetail {
	s.Arn = &v
	return s
}

// SetAttachmentCount sets the AttachmentCount field's value.
func (s *ManagedPolicyDetail) SetAttachmentCount(v int64) *ManagedPolicyDetail {
	s.AttachmentCount = &v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *ManagedPolicyDetail) SetCreateDate(v time.Time) *ManagedPolicyDetail {
	s.CreateDate = &v
	return s
}

// SetDefaultVersionId sets the DefaultVersionId field's value.
func (s *ManagedPolicyDetail) SetDefaultVersionId(v string) *ManagedPolicyDetail {
	s.DefaultVersionId = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *ManagedPolicyDetail) SetDescription(v string) *ManagedPolicyDetail {
	s.Description = &v
	return s
}

// SetIsAttachable sets the IsAttachable field's value.
func (s *ManagedPolicyDetail) SetIsAttachable(v bool) *ManagedPolicyDetail {
	s.IsAttachable = &v
	return s
}

// SetPath sets the Path field's value.
func (s *ManagedPolicyDetail) SetPath(v string) *ManagedPolicyDetail {
	s.Path = &v
	return s
}

// SetPermissionsBoundaryUsageCount sets the PermissionsBoundaryUsageCount field's value.
func (s *ManagedPolicyDetail) SetPermissionsBoundaryUsageCount(v int64) *ManagedPolicyDetail {
	s.PermissionsBoundaryUsageCount = &v
	return s
}

// SetPolicyId sets the PolicyId field's value.
func (s *ManagedPolicyDetail) SetPolicyId(v string) *ManagedPolicyDetail {
	s.PolicyId = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *ManagedPolicyDetail) SetPolicyName(v string) *ManagedPolicyDetail {
	s.PolicyName = &v
	return s
}

// SetPolicyVersionList sets the PolicyVersionList field's value.
func (s *ManagedPolicyDetail) SetPolicyVersionList(v []*PolicyVersion) *ManagedPolicyDetail {
	s.PolicyVersionList = v
	return s
}

// SetUpdateDate sets the UpdateDate field's value.
func (s *ManagedPolicyDetail) SetUpdateDate(v time.Time) *ManagedPolicyDetail {
	s.UpdateDate = &v
	return s
}

// Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider.
type OpenIDConnectProviderListEntry struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	Arn *string `min:"20" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OpenIDConnectProviderListEntry) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OpenIDConnectProviderListEntry) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *OpenIDConnectProviderListEntry) SetArn(v string) *OpenIDConnectProviderListEntry {
	s.Arn = &v
	return s
}

// Contains information about the effect that Organizations has on a policy
// simulation.
type OrganizationsDecisionDetail struct {
	_ struct{} `type:"structure"`

	// Specifies whether the simulated operation is allowed by the Organizations
	// service control policies that impact the simulated user's account.
	AllowedByOrganizations *bool `type:"boolean"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OrganizationsDecisionDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s OrganizationsDecisionDetail) GoString() string {
	return s.String()
}

// SetAllowedByOrganizations sets the AllowedByOrganizations field's value.
func (s *OrganizationsDecisionDetail) SetAllowedByOrganizations(v bool) *OrganizationsDecisionDetail {
	s.AllowedByOrganizations = &v
	return s
}

// Contains information about the account password policy.
//
// This data type is used as a response element in the GetAccountPasswordPolicy
// operation.
type PasswordPolicy struct {
	_ struct{} `type:"structure"`

	// Specifies whether IAM users are allowed to change their own password.
	AllowUsersToChangePassword *bool `type:"boolean"`

	// Indicates whether passwords in the account expire. Returns true if MaxPasswordAge
	// contains a value greater than 0. Returns false if MaxPasswordAge is 0 or
	// not present.
	ExpirePasswords *bool `type:"boolean"`

	// Specifies whether IAM users are prevented from setting a new password after
	// their password has expired.
	HardExpiry *bool `type:"boolean"`

	// The number of days that an IAM user password is valid.
	MaxPasswordAge *int64 `min:"1" type:"integer"`

	// Minimum length to require for IAM user passwords.
	MinimumPasswordLength *int64 `min:"6" type:"integer"`

	// Specifies the number of previous passwords that IAM users are prevented from
	// reusing.
	PasswordReusePrevention *int64 `min:"1" type:"integer"`

	// Specifies whether IAM user passwords must contain at least one lowercase
	// character (a to z).
	RequireLowercaseCharacters *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one numeric character
	// (0 to 9).
	RequireNumbers *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one of the following
	// symbols:
	//
	// ! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
	RequireSymbols *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one uppercase
	// character (A to Z).
	RequireUppercaseCharacters *bool `type:"boolean"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PasswordPolicy) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PasswordPolicy) GoString() string {
	return s.String()
}

// SetAllowUsersToChangePassword sets the AllowUsersToChangePassword field's value.
func (s *PasswordPolicy) SetAllowUsersToChangePassword(v bool) *PasswordPolicy {
	s.AllowUsersToChangePassword = &v
	return s
}

// SetExpirePasswords sets the ExpirePasswords field's value.
func (s *PasswordPolicy) SetExpirePasswords(v bool) *PasswordPolicy {
	s.ExpirePasswords = &v
	return s
}

// SetHardExpiry sets the HardExpiry field's value.
func (s *PasswordPolicy) SetHardExpiry(v bool) *PasswordPolicy {
	s.HardExpiry = &v
	return s
}

// SetMaxPasswordAge sets the MaxPasswordAge field's value.
func (s *PasswordPolicy) SetMaxPasswordAge(v int64) *PasswordPolicy {
	s.MaxPasswordAge = &v
	return s
}

// SetMinimumPasswordLength sets the MinimumPasswordLength field's value.
func (s *PasswordPolicy) SetMinimumPasswordLength(v int64) *PasswordPolicy {
	s.MinimumPasswordLength = &v
	return s
}

// SetPasswordReusePrevention sets the PasswordReusePrevention field's value.
func (s *PasswordPolicy) SetPasswordReusePrevention(v int64) *PasswordPolicy {
	s.PasswordReusePrevention = &v
	return s
}

// SetRequireLowercaseCharacters sets the RequireLowercaseCharacters field's value.
func (s *PasswordPolicy) SetRequireLowercaseCharacters(v bool) *PasswordPolicy {
	s.RequireLowercaseCharacters = &v
	return s
}

// SetRequireNumbers sets the RequireNumbers field's value.
func (s *PasswordPolicy) SetRequireNumbers(v bool) *PasswordPolicy {
	s.RequireNumbers = &v
	return s
}

// SetRequireSymbols sets the RequireSymbols field's value.
func (s *PasswordPolicy) SetRequireSymbols(v bool) *PasswordPolicy {
	s.RequireSymbols = &v
	return s
}

// SetRequireUppercaseCharacters sets the RequireUppercaseCharacters field's value.
func (s *PasswordPolicy) SetRequireUppercaseCharacters(v bool) *PasswordPolicy {
	s.RequireUppercaseCharacters = &v
	return s
}

// Contains information about the effect that a permissions boundary has on
// a policy simulation when the boundary is applied to an IAM entity.
type PermissionsBoundaryDecisionDetail struct {
	_ struct{} `type:"structure"`

	// Specifies whether an action is allowed by a permissions boundary that is
	// applied to an IAM entity (user or role). A value of true means that the permissions
	// boundary does not deny the action. This means that the policy includes an
	// Allow statement that matches the request. In this case, if an identity-based
	// policy also allows the action, the request is allowed. A value of false means
	// that either the requested action is not allowed (implicitly denied) or that
	// the action is explicitly denied by the permissions boundary. In both of these
	// cases, the action is not allowed, regardless of the identity-based policy.
	AllowedByPermissionsBoundary *bool `type:"boolean"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PermissionsBoundaryDecisionDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PermissionsBoundaryDecisionDetail) GoString() string {
	return s.String()
}

// SetAllowedByPermissionsBoundary sets the AllowedByPermissionsBoundary field's value.
func (s *PermissionsBoundaryDecisionDetail) SetAllowedByPermissionsBoundary(v bool) *PermissionsBoundaryDecisionDetail {
	s.AllowedByPermissionsBoundary = &v
	return s
}

// Contains information about a managed policy.
//
// This data type is used as a response element in the CreatePolicy, GetPolicy,
// and ListPolicies operations.
//
// For more information about managed policies, refer to Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
type Policy struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	Arn *string `min:"20" type:"string"`

	// The number of entities (users, groups, and roles) that the policy is attached
	// to.
	AttachmentCount *int64 `type:"integer"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was created.
	CreateDate *time.Time `type:"timestamp"`

	// The identifier for the version of the policy that is set as the default version.
	DefaultVersionId *string `type:"string"`

	// A friendly description of the policy.
	//
	// This element is included in the response to the GetPolicy operation. It is
	// not included in the response to the ListPolicies operation.
	Description *string `type:"string"`

	// Specifies whether the policy can be attached to an IAM user, group, or role.
	IsAttachable *bool `type:"boolean"`

	// The path to the policy.
	//
	// For more information about paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	Path *string `min:"1" type:"string"`

	// The number of entities (users and roles) for which the policy is used to
	// set the permissions boundary.
	//
	// For more information about permissions boundaries, see Permissions boundaries
	// for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
	// in the IAM User Guide.
	PermissionsBoundaryUsageCount *int64 `type:"integer"`

	// The stable and unique string identifying the policy.
	//
	// For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	PolicyId *string `min:"16" type:"string"`

	// The friendly name (not ARN) identifying the policy.
	PolicyName *string `min:"1" type:"string"`

	// A list of tags that are attached to the instance profile. For more information
	// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was last updated.
	//
	// When a policy has only one version, this field contains the date and time
	// when the policy was created. When a policy has more than one version, this
	// field contains the date and time when the most recent policy version was
	// created.
	UpdateDate *time.Time `type:"timestamp"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Policy) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Policy) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *Policy) SetArn(v string) *Policy {
	s.Arn = &v
	return s
}

// SetAttachmentCount sets the AttachmentCount field's value.
func (s *Policy) SetAttachmentCount(v int64) *Policy {
	s.AttachmentCount = &v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *Policy) SetCreateDate(v time.Time) *Policy {
	s.CreateDate = &v
	return s
}

// SetDefaultVersionId sets the DefaultVersionId field's value.
func (s *Policy) SetDefaultVersionId(v string) *Policy {
	s.DefaultVersionId = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *Policy) SetDescription(v string) *Policy {
	s.Description = &v
	return s
}

// SetIsAttachable sets the IsAttachable field's value.
func (s *Policy) SetIsAttachable(v bool) *Policy {
	s.IsAttachable = &v
	return s
}

// SetPath sets the Path field's value.
func (s *Policy) SetPath(v string) *Policy {
	s.Path = &v
	return s
}

// SetPermissionsBoundaryUsageCount sets the PermissionsBoundaryUsageCount field's value.
func (s *Policy) SetPermissionsBoundaryUsageCount(v int64) *Policy {
	s.PermissionsBoundaryUsageCount = &v
	return s
}

// SetPolicyId sets the PolicyId field's value.
func (s *Policy) SetPolicyId(v string) *Policy {
	s.PolicyId = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *Policy) SetPolicyName(v string) *Policy {
	s.PolicyName = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *Policy) SetTags(v []*Tag) *Policy {
	s.Tags = v
	return s
}

// SetUpdateDate sets the UpdateDate field's value.
func (s *Policy) SetUpdateDate(v time.Time) *Policy {
	s.UpdateDate = &v
	return s
}

// Contains information about an IAM policy, including the policy document.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// operation.
type PolicyDetail struct {
	_ struct{} `type:"structure"`

	// The policy document.
	PolicyDocument *string `min:"1" type:"string"`

	// The name of the policy.
	PolicyName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyDetail) GoString() string {
	return s.String()
}

// SetPolicyDocument sets the PolicyDocument field's value.
func (s *PolicyDetail) SetPolicyDocument(v string) *PolicyDetail {
	s.PolicyDocument = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *PolicyDetail) SetPolicyName(v string) *PolicyDetail {
	s.PolicyName = &v
	return s
}

// Contains details about the permissions policies that are attached to the
// specified identity (user, group, or role).
//
// This data type is an element of the ListPoliciesGrantingServiceAccessEntry
// object.
type PolicyGrantingServiceAccess struct {
	_ struct{} `type:"structure"`

	// The name of the entity (user or role) to which the inline policy is attached.
	//
	// This field is null for managed policies. For more information about these
	// policy types, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html)
	// in the IAM User Guide.
	EntityName *string `min:"1" type:"string"`

	// The type of entity (user or role) that used the policy to access the service
	// to which the inline policy is attached.
	//
	// This field is null for managed policies. For more information about these
	// policy types, see Managed policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html)
	// in the IAM User Guide.
	EntityType *string `type:"string" enum:"PolicyOwnerEntityType"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	PolicyArn *string `min:"20" type:"string"`

	// The policy name.
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The policy type. For more information about these policy types, see Managed
	// policies and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html)
	// in the IAM User Guide.
	//
	// PolicyType is a required field
	PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyGrantingServiceAccess) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyGrantingServiceAccess) GoString() string {
	return s.String()
}

// SetEntityName sets the EntityName field's value.
func (s *PolicyGrantingServiceAccess) SetEntityName(v string) *PolicyGrantingServiceAccess {
	s.EntityName = &v
	return s
}

// SetEntityType sets the EntityType field's value.
func (s *PolicyGrantingServiceAccess) SetEntityType(v string) *PolicyGrantingServiceAccess {
	s.EntityType = &v
	return s
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *PolicyGrantingServiceAccess) SetPolicyArn(v string) *PolicyGrantingServiceAccess {
	s.PolicyArn = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *PolicyGrantingServiceAccess) SetPolicyName(v string) *PolicyGrantingServiceAccess {
	s.PolicyName = &v
	return s
}

// SetPolicyType sets the PolicyType field's value.
func (s *PolicyGrantingServiceAccess) SetPolicyType(v string) *PolicyGrantingServiceAccess {
	s.PolicyType = &v
	return s
}

// Contains information about a group that a managed policy is attached to.
//
// This data type is used as a response element in the ListEntitiesForPolicy
// operation.
//
// For more information about managed policies, refer to Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
type PolicyGroup struct {
	_ struct{} `type:"structure"`

	// The stable and unique string identifying the group. For more information
	// about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
	// in the IAM User Guide.
	GroupId *string `min:"16" type:"string"`

	// The name (friendly name, not ARN) identifying the group.
	GroupName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyGroup) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyGroup) GoString() string {
	return s.String()
}

// SetGroupId sets the GroupId field's value.
func (s *PolicyGroup) SetGroupId(v string) *PolicyGroup {
	s.GroupId = &v
	return s
}

// SetGroupName sets the GroupName field's value.
func (s *PolicyGroup) SetGroupName(v string) *PolicyGroup {
	s.GroupName = &v
	return s
}

// Contains information about a role that a managed policy is attached to.
//
// This data type is used as a response element in the ListEntitiesForPolicy
// operation.
//
// For more information about managed policies, refer to Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
type PolicyRole struct {
	_ struct{} `type:"structure"`

	// The stable and unique string identifying the role. For more information about
	// IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
	// in the IAM User Guide.
	RoleId *string `min:"16" type:"string"`

	// The name (friendly name, not ARN) identifying the role.
	RoleName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyRole) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyRole) GoString() string {
	return s.String()
}

// SetRoleId sets the RoleId field's value.
func (s *PolicyRole) SetRoleId(v string) *PolicyRole {
	s.RoleId = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *PolicyRole) SetRoleName(v string) *PolicyRole {
	s.RoleName = &v
	return s
}

// Contains information about a user that a managed policy is attached to.
//
// This data type is used as a response element in the ListEntitiesForPolicy
// operation.
//
// For more information about managed policies, refer to Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
type PolicyUser struct {
	_ struct{} `type:"structure"`

	// The stable and unique string identifying the user. For more information about
	// IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
	// in the IAM User Guide.
	UserId *string `min:"16" type:"string"`

	// The name (friendly name, not ARN) identifying the user.
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyUser) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyUser) GoString() string {
	return s.String()
}

// SetUserId sets the UserId field's value.
func (s *PolicyUser) SetUserId(v string) *PolicyUser {
	s.UserId = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *PolicyUser) SetUserName(v string) *PolicyUser {
	s.UserName = &v
	return s
}

// Contains information about a version of a managed policy.
//
// This data type is used as a response element in the CreatePolicyVersion,
// GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails
// operations.
//
// For more information about managed policies, refer to Managed policies and
// inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
type PolicyVersion struct {
	_ struct{} `type:"structure"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy version was created.
	CreateDate *time.Time `type:"timestamp"`

	// The policy document.
	//
	// The policy document is returned in the response to the GetPolicyVersion and
	// GetAccountAuthorizationDetails operations. It is not returned in the response
	// to the CreatePolicyVersion or ListPolicyVersions operations.
	//
	// The policy document returned in this structure is URL-encoded compliant with
	// RFC 3986 (https://tools.ietf.org/html/rfc3986). You can use a URL decoding
	// method to convert the policy back to plain JSON text. For example, if you
	// use Java, you can use the decode method of the java.net.URLDecoder utility
	// class in the Java SDK. Other languages and SDKs provide similar functionality.
	Document *string `min:"1" type:"string"`

	// Specifies whether the policy version is set as the policy's default version.
	IsDefaultVersion *bool `type:"boolean"`

	// The identifier for the policy version.
	//
	// Policy version identifiers always begin with v (always lowercase). When a
	// policy is created, the first policy version is v1.
	VersionId *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyVersion) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyVersion) GoString() string {
	return s.String()
}

// SetCreateDate sets the CreateDate field's value.
func (s *PolicyVersion) SetCreateDate(v time.Time) *PolicyVersion {
	s.CreateDate = &v
	return s
}

// SetDocument sets the Document field's value.
func (s *PolicyVersion) SetDocument(v string) *PolicyVersion {
	s.Document = &v
	return s
}

// SetIsDefaultVersion sets the IsDefaultVersion field's value.
func (s *PolicyVersion) SetIsDefaultVersion(v bool) *PolicyVersion {
	s.IsDefaultVersion = &v
	return s
}

// SetVersionId sets the VersionId field's value.
func (s *PolicyVersion) SetVersionId(v string) *PolicyVersion {
	s.VersionId = &v
	return s
}

// Contains the row and column of a location of a Statement element in a policy
// document.
//
// This data type is used as a member of the Statement type.
type Position struct {
	_ struct{} `type:"structure"`

	// The column in the line containing the specified position in the document.
	Column *int64 `type:"integer"`

	// The line containing the specified position in the document.
	Line *int64 `type:"integer"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Position) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Position) GoString() string {
	return s.String()
}

// SetColumn sets the Column field's value.
func (s *Position) SetColumn(v int64) *Position {
	s.Column = &v
	return s
}

// SetLine sets the Line field's value.
func (s *Position) SetLine(v int64) *Position {
	s.Line = &v
	return s
}

type PutGroupPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name of the group to associate the policy with.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-.
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The policy document.
	//
	// You must provide policies in JSON format in IAM. However, for CloudFormation
	// templates formatted in YAML, you can provide the policy in JSON or YAML format.
	// CloudFormation always converts a YAML policy to JSON format before submitting
	// it to = IAM.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy document.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutGroupPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutGroupPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PutGroupPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PutGroupPolicyInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *PutGroupPolicyInput) SetGroupName(v string) *PutGroupPolicyInput {
	s.GroupName = &v
	return s
}

// SetPolicyDocument sets the PolicyDocument field's value.
func (s *PutGroupPolicyInput) SetPolicyDocument(v string) *PutGroupPolicyInput {
	s.PolicyDocument = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *PutGroupPolicyInput) SetPolicyName(v string) *PutGroupPolicyInput {
	s.PolicyName = &v
	return s
}

type PutGroupPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutGroupPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutGroupPolicyOutput) GoString() string {
	return s.String()
}

type PutRolePermissionsBoundaryInput struct {
	_ struct{} `type:"structure"`

	// The ARN of the policy that is used to set the permissions boundary for the
	// role.
	//
	// PermissionsBoundary is a required field
	PermissionsBoundary *string `min:"20" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the IAM role for which you want to set
	// the permissions boundary.
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutRolePermissionsBoundaryInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutRolePermissionsBoundaryInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PutRolePermissionsBoundaryInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PutRolePermissionsBoundaryInput"}
	if s.PermissionsBoundary == nil {
		invalidParams.Add(request.NewErrParamRequired("PermissionsBoundary"))
	}
	if s.PermissionsBoundary != nil && len(*s.PermissionsBoundary) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PermissionsBoundary", 20))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPermissionsBoundary sets the PermissionsBoundary field's value.
func (s *PutRolePermissionsBoundaryInput) SetPermissionsBoundary(v string) *PutRolePermissionsBoundaryInput {
	s.PermissionsBoundary = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *PutRolePermissionsBoundaryInput) SetRoleName(v string) *PutRolePermissionsBoundaryInput {
	s.RoleName = &v
	return s
}

type PutRolePermissionsBoundaryOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutRolePermissionsBoundaryOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutRolePermissionsBoundaryOutput) GoString() string {
	return s.String()
}

type PutRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The policy document.
	//
	// You must provide policies in JSON format in IAM. However, for CloudFormation
	// templates formatted in YAML, you can provide the policy in JSON or YAML format.
	// CloudFormation always converts a YAML policy to JSON format before submitting
	// it to IAM.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy document.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name of the role to associate the policy with.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PutRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PutRolePolicyInput"}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyDocument sets the PolicyDocument field's value.
func (s *PutRolePolicyInput) SetPolicyDocument(v string) *PutRolePolicyInput {
	s.PolicyDocument = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *PutRolePolicyInput) SetPolicyName(v string) *PutRolePolicyInput {
	s.PolicyName = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *PutRolePolicyInput) SetRoleName(v string) *PutRolePolicyInput {
	s.RoleName = &v
	return s
}

type PutRolePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutRolePolicyOutput) GoString() string {
	return s.String()
}

type PutUserPermissionsBoundaryInput struct {
	_ struct{} `type:"structure"`

	// The ARN of the policy that is used to set the permissions boundary for the
	// user.
	//
	// PermissionsBoundary is a required field
	PermissionsBoundary *string `min:"20" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the IAM user for which you want to set
	// the permissions boundary.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutUserPermissionsBoundaryInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutUserPermissionsBoundaryInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PutUserPermissionsBoundaryInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PutUserPermissionsBoundaryInput"}
	if s.PermissionsBoundary == nil {
		invalidParams.Add(request.NewErrParamRequired("PermissionsBoundary"))
	}
	if s.PermissionsBoundary != nil && len(*s.PermissionsBoundary) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PermissionsBoundary", 20))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPermissionsBoundary sets the PermissionsBoundary field's value.
func (s *PutUserPermissionsBoundaryInput) SetPermissionsBoundary(v string) *PutUserPermissionsBoundaryInput {
	s.PermissionsBoundary = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *PutUserPermissionsBoundaryInput) SetUserName(v string) *PutUserPermissionsBoundaryInput {
	s.UserName = &v
	return s
}

type PutUserPermissionsBoundaryOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutUserPermissionsBoundaryOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutUserPermissionsBoundaryOutput) GoString() string {
	return s.String()
}

type PutUserPolicyInput struct {
	_ struct{} `type:"structure"`

	// The policy document.
	//
	// You must provide policies in JSON format in IAM. However, for CloudFormation
	// templates formatted in YAML, you can provide the policy in JSON or YAML format.
	// CloudFormation always converts a YAML policy to JSON format before submitting
	// it to IAM.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy document.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name of the user to associate the policy with.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutUserPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutUserPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PutUserPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PutUserPolicyInput"}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyDocument sets the PolicyDocument field's value.
func (s *PutUserPolicyInput) SetPolicyDocument(v string) *PutUserPolicyInput {
	s.PolicyDocument = &v
	return s
}

// SetPolicyName sets the PolicyName field's value.
func (s *PutUserPolicyInput) SetPolicyName(v string) *PutUserPolicyInput {
	s.PolicyName = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *PutUserPolicyInput) SetUserName(v string) *PutUserPolicyInput {
	s.UserName = &v
	return s
}

type PutUserPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutUserPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutUserPolicyOutput) GoString() string {
	return s.String()
}

type RemoveClientIDFromOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// The client ID (also known as audience) to remove from the IAM OIDC provider
	// resource. For more information about client IDs, see CreateOpenIDConnectProvider.
	//
	// ClientID is a required field
	ClientID *string `min:"1" type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove
	// the client ID from. You can get a list of OIDC provider ARNs by using the
	// ListOpenIDConnectProviders operation.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveClientIDFromOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveClientIDFromOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RemoveClientIDFromOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "RemoveClientIDFromOpenIDConnectProviderInput"}
	if s.ClientID == nil {
		invalidParams.Add(request.NewErrParamRequired("ClientID"))
	}
	if s.ClientID != nil && len(*s.ClientID) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ClientID", 1))
	}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetClientID sets the ClientID field's value.
func (s *RemoveClientIDFromOpenIDConnectProviderInput) SetClientID(v string) *RemoveClientIDFromOpenIDConnectProviderInput {
	s.ClientID = &v
	return s
}

// SetOpenIDConnectProviderArn sets the OpenIDConnectProviderArn field's value.
func (s *RemoveClientIDFromOpenIDConnectProviderInput) SetOpenIDConnectProviderArn(v string) *RemoveClientIDFromOpenIDConnectProviderInput {
	s.OpenIDConnectProviderArn = &v
	return s
}

type RemoveClientIDFromOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveClientIDFromOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveClientIDFromOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

type RemoveRoleFromInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the instance profile to update.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// The name of the role to remove.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveRoleFromInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveRoleFromInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RemoveRoleFromInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "RemoveRoleFromInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetInstanceProfileName sets the InstanceProfileName field's value.
func (s *RemoveRoleFromInstanceProfileInput) SetInstanceProfileName(v string) *RemoveRoleFromInstanceProfileInput {
	s.InstanceProfileName = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *RemoveRoleFromInstanceProfileInput) SetRoleName(v string) *RemoveRoleFromInstanceProfileInput {
	s.RoleName = &v
	return s
}

type RemoveRoleFromInstanceProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveRoleFromInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveRoleFromInstanceProfileOutput) GoString() string {
	return s.String()
}

type RemoveUserFromGroupInput struct {
	_ struct{} `type:"structure"`

	// The name of the group to update.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The name of the user to remove.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveUserFromGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveUserFromGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RemoveUserFromGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "RemoveUserFromGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *RemoveUserFromGroupInput) SetGroupName(v string) *RemoveUserFromGroupInput {
	s.GroupName = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *RemoveUserFromGroupInput) SetUserName(v string) *RemoveUserFromGroupInput {
	s.UserName = &v
	return s
}

type RemoveUserFromGroupOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveUserFromGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RemoveUserFromGroupOutput) GoString() string {
	return s.String()
}

type ResetServiceSpecificCredentialInput struct {
	_ struct{} `type:"structure"`

	// The unique identifier of the service-specific credential.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// ServiceSpecificCredentialId is a required field
	ServiceSpecificCredentialId *string `min:"20" type:"string" required:"true"`

	// The name of the IAM user associated with the service-specific credential.
	// If this value is not specified, then the operation assumes the user whose
	// credentials are used to call the operation.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResetServiceSpecificCredentialInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResetServiceSpecificCredentialInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ResetServiceSpecificCredentialInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ResetServiceSpecificCredentialInput"}
	if s.ServiceSpecificCredentialId == nil {
		invalidParams.Add(request.NewErrParamRequired("ServiceSpecificCredentialId"))
	}
	if s.ServiceSpecificCredentialId != nil && len(*s.ServiceSpecificCredentialId) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("ServiceSpecificCredentialId", 20))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetServiceSpecificCredentialId sets the ServiceSpecificCredentialId field's value.
func (s *ResetServiceSpecificCredentialInput) SetServiceSpecificCredentialId(v string) *ResetServiceSpecificCredentialInput {
	s.ServiceSpecificCredentialId = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ResetServiceSpecificCredentialInput) SetUserName(v string) *ResetServiceSpecificCredentialInput {
	s.UserName = &v
	return s
}

type ResetServiceSpecificCredentialOutput struct {
	_ struct{} `type:"structure"`

	// A structure with details about the updated service-specific credential, including
	// the new password.
	//
	// This is the only time that you can access the password. You cannot recover
	// the password later, but you can reset it again.
	ServiceSpecificCredential *ServiceSpecificCredential `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResetServiceSpecificCredentialOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResetServiceSpecificCredentialOutput) GoString() string {
	return s.String()
}

// SetServiceSpecificCredential sets the ServiceSpecificCredential field's value.
func (s *ResetServiceSpecificCredentialOutput) SetServiceSpecificCredential(v *ServiceSpecificCredential) *ResetServiceSpecificCredentialOutput {
	s.ServiceSpecificCredential = v
	return s
}

// Contains the result of the simulation of a single API operation call on a
// single resource.
//
// This data type is used by a member of the EvaluationResult data type.
type ResourceSpecificResult struct {
	_ struct{} `type:"structure"`

	// Additional details about the results of the evaluation decision on a single
	// resource. This parameter is returned only for cross-account simulations.
	// This parameter explains how each policy type contributes to the resource-specific
	// evaluation decision.
	EvalDecisionDetails map[string]*string `type:"map"`

	// The result of the simulation of the simulated API operation on the resource
	// specified in EvalResourceName.
	//
	// EvalResourceDecision is a required field
	EvalResourceDecision *string `type:"string" required:"true" enum:"PolicyEvaluationDecisionType"`

	// The name of the simulated resource, in Amazon Resource Name (ARN) format.
	//
	// EvalResourceName is a required field
	EvalResourceName *string `min:"1" type:"string" required:"true"`

	// A list of the statements in the input policies that determine the result
	// for this part of the simulation. Remember that even if multiple statements
	// allow the operation on the resource, if any statement denies that operation,
	// then the explicit deny overrides any allow. In addition, the deny statement
	// is the only entry included in the result.
	MatchedStatements []*Statement `type:"list"`

	// A list of context keys that are required by the included input policies but
	// that were not provided by one of the input parameters. This list is used
	// when a list of ARNs is included in the ResourceArns parameter instead of
	// "*". If you do not specify individual resources, by setting ResourceArns
	// to "*" or by not including the ResourceArns parameter, then any missing context
	// values are instead included under the EvaluationResults section. To discover
	// the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy
	// or GetContextKeysForPrincipalPolicy.
	MissingContextValues []*string `type:"list"`

	// Contains information about the effect that a permissions boundary has on
	// a policy simulation when that boundary is applied to an IAM entity.
	PermissionsBoundaryDecisionDetail *PermissionsBoundaryDecisionDetail `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceSpecificResult) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceSpecificResult) GoString() string {
	return s.String()
}

// SetEvalDecisionDetails sets the EvalDecisionDetails field's value.
func (s *ResourceSpecificResult) SetEvalDecisionDetails(v map[string]*string) *ResourceSpecificResult {
	s.EvalDecisionDetails = v
	return s
}

// SetEvalResourceDecision sets the EvalResourceDecision field's value.
func (s *ResourceSpecificResult) SetEvalResourceDecision(v string) *ResourceSpecificResult {
	s.EvalResourceDecision = &v
	return s
}

// SetEvalResourceName sets the EvalResourceName field's value.
func (s *ResourceSpecificResult) SetEvalResourceName(v string) *ResourceSpecificResult {
	s.EvalResourceName = &v
	return s
}

// SetMatchedStatements sets the MatchedStatements field's value.
func (s *ResourceSpecificResult) SetMatchedStatements(v []*Statement) *ResourceSpecificResult {
	s.MatchedStatements = v
	return s
}

// SetMissingContextValues sets the MissingContextValues field's value.
func (s *ResourceSpecificResult) SetMissingContextValues(v []*string) *ResourceSpecificResult {
	s.MissingContextValues = v
	return s
}

// SetPermissionsBoundaryDecisionDetail sets the PermissionsBoundaryDecisionDetail field's value.
func (s *ResourceSpecificResult) SetPermissionsBoundaryDecisionDetail(v *PermissionsBoundaryDecisionDetail) *ResourceSpecificResult {
	s.PermissionsBoundaryDecisionDetail = v
	return s
}

type ResyncMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// An authentication code emitted by the device.
	//
	// The format for this parameter is a sequence of six digits.
	//
	// AuthenticationCode1 is a required field
	AuthenticationCode1 *string `min:"6" type:"string" required:"true"`

	// A subsequent authentication code emitted by the device.
	//
	// The format for this parameter is a sequence of six digits.
	//
	// AuthenticationCode2 is a required field
	AuthenticationCode2 *string `min:"6" type:"string" required:"true"`

	// Serial number that uniquely identifies the MFA device.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// The name of the user whose MFA device you want to resynchronize.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResyncMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResyncMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ResyncMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ResyncMFADeviceInput"}
	if s.AuthenticationCode1 == nil {
		invalidParams.Add(request.NewErrParamRequired("AuthenticationCode1"))
	}
	if s.AuthenticationCode1 != nil && len(*s.AuthenticationCode1) < 6 {
		invalidParams.Add(request.NewErrParamMinLen("AuthenticationCode1", 6))
	}
	if s.AuthenticationCode2 == nil {
		invalidParams.Add(request.NewErrParamRequired("AuthenticationCode2"))
	}
	if s.AuthenticationCode2 != nil && len(*s.AuthenticationCode2) < 6 {
		invalidParams.Add(request.NewErrParamMinLen("AuthenticationCode2", 6))
	}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAuthenticationCode1 sets the AuthenticationCode1 field's value.
func (s *ResyncMFADeviceInput) SetAuthenticationCode1(v string) *ResyncMFADeviceInput {
	s.AuthenticationCode1 = &v
	return s
}

// SetAuthenticationCode2 sets the AuthenticationCode2 field's value.
func (s *ResyncMFADeviceInput) SetAuthenticationCode2(v string) *ResyncMFADeviceInput {
	s.AuthenticationCode2 = &v
	return s
}

// SetSerialNumber sets the SerialNumber field's value.
func (s *ResyncMFADeviceInput) SetSerialNumber(v string) *ResyncMFADeviceInput {
	s.SerialNumber = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ResyncMFADeviceInput) SetUserName(v string) *ResyncMFADeviceInput {
	s.UserName = &v
	return s
}

type ResyncMFADeviceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResyncMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResyncMFADeviceOutput) GoString() string {
	return s.String()
}

// Contains information about an IAM role. This structure is returned as a response
// element in several API operations that interact with roles.
type Role struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) specifying the role. For more information
	// about ARNs and how to use them in policies, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide guide.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The policy that grants an entity permission to assume the role.
	AssumeRolePolicyDocument *string `min:"1" type:"string"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the role was created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" required:"true"`

	// A description of the role that you provide.
	Description *string `type:"string"`

	// The maximum session duration (in seconds) for the specified role. Anyone
	// who uses the CLI, or API to assume the role can specify the duration using
	// the optional DurationSeconds API parameter or duration-seconds CLI parameter.
	MaxSessionDuration *int64 `min:"3600" type:"integer"`

	// The path to the role. For more information about paths, see IAM identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// Path is a required field
	Path *string `min:"1" type:"string" required:"true"`

	// The ARN of the policy used to set the permissions boundary for the role.
	//
	// For more information about permissions boundaries, see Permissions boundaries
	// for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
	// in the IAM User Guide.
	PermissionsBoundary *AttachedPermissionsBoundary `type:"structure"`

	// The stable and unique string identifying the role. For more information about
	// IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// RoleId is a required field
	RoleId *string `min:"16" type:"string" required:"true"`

	// Contains information about the last time that an IAM role was used. This
	// includes the date and time and the Region in which the role was last used.
	// Activity is only reported for the trailing 400 days. This period can be shorter
	// if your Region began supporting these features within the last year. The
	// role might have been used more than 400 days ago. For more information, see
	// Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period)
	// in the IAM User Guide.
	RoleLastUsed *RoleLastUsed `type:"structure"`

	// The friendly name that identifies the role.
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`

	// A list of tags that are attached to the role. For more information about
	// tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Role) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Role) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *Role) SetArn(v string) *Role {
	s.Arn = &v
	return s
}

// SetAssumeRolePolicyDocument sets the AssumeRolePolicyDocument field's value.
func (s *Role) SetAssumeRolePolicyDocument(v string) *Role {
	s.AssumeRolePolicyDocument = &v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *Role) SetCreateDate(v time.Time) *Role {
	s.CreateDate = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *Role) SetDescription(v string) *Role {
	s.Description = &v
	return s
}

// SetMaxSessionDuration sets the MaxSessionDuration field's value.
func (s *Role) SetMaxSessionDuration(v int64) *Role {
	s.MaxSessionDuration = &v
	return s
}

// SetPath sets the Path field's value.
func (s *Role) SetPath(v string) *Role {
	s.Path = &v
	return s
}

// SetPermissionsBoundary sets the PermissionsBoundary field's value.
func (s *Role) SetPermissionsBoundary(v *AttachedPermissionsBoundary) *Role {
	s.PermissionsBoundary = v
	return s
}

// SetRoleId sets the RoleId field's value.
func (s *Role) SetRoleId(v string) *Role {
	s.RoleId = &v
	return s
}

// SetRoleLastUsed sets the RoleLastUsed field's value.
func (s *Role) SetRoleLastUsed(v *RoleLastUsed) *Role {
	s.RoleLastUsed = v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *Role) SetRoleName(v string) *Role {
	s.RoleName = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *Role) SetTags(v []*Tag) *Role {
	s.Tags = v
	return s
}

// Contains information about an IAM role, including all of the role's policies.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// operation.
type RoleDetail struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	Arn *string `min:"20" type:"string"`

	// The trust policy that grants permission to assume the role.
	AssumeRolePolicyDocument *string `min:"1" type:"string"`

	// A list of managed policies attached to the role. These policies are the role's
	// access (permissions) policies.
	AttachedManagedPolicies []*AttachedPolicy `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the role was created.
	CreateDate *time.Time `type:"timestamp"`

	// A list of instance profiles that contain this role.
	InstanceProfileList []*InstanceProfile `type:"list"`

	// The path to the role. For more information about paths, see IAM identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	Path *string `min:"1" type:"string"`

	// The ARN of the policy used to set the permissions boundary for the role.
	//
	// For more information about permissions boundaries, see Permissions boundaries
	// for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
	// in the IAM User Guide.
	PermissionsBoundary *AttachedPermissionsBoundary `type:"structure"`

	// The stable and unique string identifying the role. For more information about
	// IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	RoleId *string `min:"16" type:"string"`

	// Contains information about the last time that an IAM role was used. This
	// includes the date and time and the Region in which the role was last used.
	// Activity is only reported for the trailing 400 days. This period can be shorter
	// if your Region began supporting these features within the last year. The
	// role might have been used more than 400 days ago. For more information, see
	// Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period)
	// in the IAM User Guide.
	RoleLastUsed *RoleLastUsed `type:"structure"`

	// The friendly name that identifies the role.
	RoleName *string `min:"1" type:"string"`

	// A list of inline policies embedded in the role. These policies are the role's
	// access (permissions) policies.
	RolePolicyList []*PolicyDetail `type:"list"`

	// A list of tags that are attached to the role. For more information about
	// tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RoleDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RoleDetail) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *RoleDetail) SetArn(v string) *RoleDetail {
	s.Arn = &v
	return s
}

// SetAssumeRolePolicyDocument sets the AssumeRolePolicyDocument field's value.
func (s *RoleDetail) SetAssumeRolePolicyDocument(v string) *RoleDetail {
	s.AssumeRolePolicyDocument = &v
	return s
}

// SetAttachedManagedPolicies sets the AttachedManagedPolicies field's value.
func (s *RoleDetail) SetAttachedManagedPolicies(v []*AttachedPolicy) *RoleDetail {
	s.AttachedManagedPolicies = v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *RoleDetail) SetCreateDate(v time.Time) *RoleDetail {
	s.CreateDate = &v
	return s
}

// SetInstanceProfileList sets the InstanceProfileList field's value.
func (s *RoleDetail) SetInstanceProfileList(v []*InstanceProfile) *RoleDetail {
	s.InstanceProfileList = v
	return s
}

// SetPath sets the Path field's value.
func (s *RoleDetail) SetPath(v string) *RoleDetail {
	s.Path = &v
	return s
}

// SetPermissionsBoundary sets the PermissionsBoundary field's value.
func (s *RoleDetail) SetPermissionsBoundary(v *AttachedPermissionsBoundary) *RoleDetail {
	s.PermissionsBoundary = v
	return s
}

// SetRoleId sets the RoleId field's value.
func (s *RoleDetail) SetRoleId(v string) *RoleDetail {
	s.RoleId = &v
	return s
}

// SetRoleLastUsed sets the RoleLastUsed field's value.
func (s *RoleDetail) SetRoleLastUsed(v *RoleLastUsed) *RoleDetail {
	s.RoleLastUsed = v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *RoleDetail) SetRoleName(v string) *RoleDetail {
	s.RoleName = &v
	return s
}

// SetRolePolicyList sets the RolePolicyList field's value.
func (s *RoleDetail) SetRolePolicyList(v []*PolicyDetail) *RoleDetail {
	s.RolePolicyList = v
	return s
}

// SetTags sets the Tags field's value.
func (s *RoleDetail) SetTags(v []*Tag) *RoleDetail {
	s.Tags = v
	return s
}

// Contains information about the last time that an IAM role was used. This
// includes the date and time and the Region in which the role was last used.
// Activity is only reported for the trailing 400 days. This period can be shorter
// if your Region began supporting these features within the last year. The
// role might have been used more than 400 days ago. For more information, see
// Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period)
// in the IAM User Guide.
//
// This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails
// operations.
type RoleLastUsed struct {
	_ struct{} `type:"structure"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601)
	// that the role was last used.
	//
	// This field is null if the role has not been used within the IAM tracking
	// period. For more information about the tracking period, see Regions where
	// data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period)
	// in the IAM User Guide.
	LastUsedDate *time.Time `type:"timestamp"`

	// The name of the Amazon Web Services Region in which the role was last used.
	Region *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RoleLastUsed) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RoleLastUsed) GoString() string {
	return s.String()
}

// SetLastUsedDate sets the LastUsedDate field's value.
func (s *RoleLastUsed) SetLastUsedDate(v time.Time) *RoleLastUsed {
	s.LastUsedDate = &v
	return s
}

// SetRegion sets the Region field's value.
func (s *RoleLastUsed) SetRegion(v string) *RoleLastUsed {
	s.Region = &v
	return s
}

// An object that contains details about how a service-linked role is used,
// if that information is returned by the service.
//
// This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus
// operation.
type RoleUsageType struct {
	_ struct{} `type:"structure"`

	// The name of the Region where the service-linked role is being used.
	Region *string `min:"1" type:"string"`

	// The name of the resource that is using the service-linked role.
	Resources []*string `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RoleUsageType) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RoleUsageType) GoString() string {
	return s.String()
}

// SetRegion sets the Region field's value.
func (s *RoleUsageType) SetRegion(v string) *RoleUsageType {
	s.Region = &v
	return s
}

// SetResources sets the Resources field's value.
func (s *RoleUsageType) SetResources(v []*string) *RoleUsageType {
	s.Resources = v
	return s
}

// Contains the list of SAML providers for this account.
type SAMLProviderListEntry struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the SAML provider.
	Arn *string `min:"20" type:"string"`

	// The date and time when the SAML provider was created.
	CreateDate *time.Time `type:"timestamp"`

	// The expiration date and time for the SAML provider.
	ValidUntil *time.Time `type:"timestamp"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SAMLProviderListEntry) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SAMLProviderListEntry) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *SAMLProviderListEntry) SetArn(v string) *SAMLProviderListEntry {
	s.Arn = &v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *SAMLProviderListEntry) SetCreateDate(v time.Time) *SAMLProviderListEntry {
	s.CreateDate = &v
	return s
}

// SetValidUntil sets the ValidUntil field's value.
func (s *SAMLProviderListEntry) SetValidUntil(v time.Time) *SAMLProviderListEntry {
	s.ValidUntil = &v
	return s
}

// Contains information about an SSH public key.
//
// This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey
// operations.
type SSHPublicKey struct {
	_ struct{} `type:"structure"`

	// The MD5 message digest of the SSH public key.
	//
	// Fingerprint is a required field
	Fingerprint *string `min:"48" type:"string" required:"true"`

	// The SSH public key.
	//
	// SSHPublicKeyBody is a required field
	SSHPublicKeyBody *string `min:"1" type:"string" required:"true"`

	// The unique identifier for the SSH public key.
	//
	// SSHPublicKeyId is a required field
	SSHPublicKeyId *string `min:"20" type:"string" required:"true"`

	// The status of the SSH public key. Active means that the key can be used for
	// authentication with an CodeCommit repository. Inactive means that the key
	// cannot be used.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"StatusType"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the SSH public key was uploaded.
	UploadDate *time.Time `type:"timestamp"`

	// The name of the IAM user associated with the SSH public key.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SSHPublicKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SSHPublicKey) GoString() string {
	return s.String()
}

// SetFingerprint sets the Fingerprint field's value.
func (s *SSHPublicKey) SetFingerprint(v string) *SSHPublicKey {
	s.Fingerprint = &v
	return s
}

// SetSSHPublicKeyBody sets the SSHPublicKeyBody field's value.
func (s *SSHPublicKey) SetSSHPublicKeyBody(v string) *SSHPublicKey {
	s.SSHPublicKeyBody = &v
	return s
}

// SetSSHPublicKeyId sets the SSHPublicKeyId field's value.
func (s *SSHPublicKey) SetSSHPublicKeyId(v string) *SSHPublicKey {
	s.SSHPublicKeyId = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *SSHPublicKey) SetStatus(v string) *SSHPublicKey {
	s.Status = &v
	return s
}

// SetUploadDate sets the UploadDate field's value.
func (s *SSHPublicKey) SetUploadDate(v time.Time) *SSHPublicKey {
	s.UploadDate = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *SSHPublicKey) SetUserName(v string) *SSHPublicKey {
	s.UserName = &v
	return s
}

// Contains information about an SSH public key, without the key's body or fingerprint.
//
// This data type is used as a response element in the ListSSHPublicKeys operation.
type SSHPublicKeyMetadata struct {
	_ struct{} `type:"structure"`

	// The unique identifier for the SSH public key.
	//
	// SSHPublicKeyId is a required field
	SSHPublicKeyId *string `min:"20" type:"string" required:"true"`

	// The status of the SSH public key. Active means that the key can be used for
	// authentication with an CodeCommit repository. Inactive means that the key
	// cannot be used.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"StatusType"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the SSH public key was uploaded.
	//
	// UploadDate is a required field
	UploadDate *time.Time `type:"timestamp" required:"true"`

	// The name of the IAM user associated with the SSH public key.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SSHPublicKeyMetadata) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SSHPublicKeyMetadata) GoString() string {
	return s.String()
}

// SetSSHPublicKeyId sets the SSHPublicKeyId field's value.
func (s *SSHPublicKeyMetadata) SetSSHPublicKeyId(v string) *SSHPublicKeyMetadata {
	s.SSHPublicKeyId = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *SSHPublicKeyMetadata) SetStatus(v string) *SSHPublicKeyMetadata {
	s.Status = &v
	return s
}

// SetUploadDate sets the UploadDate field's value.
func (s *SSHPublicKeyMetadata) SetUploadDate(v time.Time) *SSHPublicKeyMetadata {
	s.UploadDate = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *SSHPublicKeyMetadata) SetUserName(v string) *SSHPublicKeyMetadata {
	s.UserName = &v
	return s
}

// Contains information about a server certificate.
//
// This data type is used as a response element in the GetServerCertificate
// operation.
type ServerCertificate struct {
	_ struct{} `type:"structure"`

	// The contents of the public key certificate.
	//
	// CertificateBody is a required field
	CertificateBody *string `min:"1" type:"string" required:"true"`

	// The contents of the public key certificate chain.
	CertificateChain *string `min:"1" type:"string"`

	// The meta information of the server certificate, such as its name, path, ID,
	// and ARN.
	//
	// ServerCertificateMetadata is a required field
	ServerCertificateMetadata *ServerCertificateMetadata `type:"structure" required:"true"`

	// A list of tags that are attached to the server certificate. For more information
	// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServerCertificate) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServerCertificate) GoString() string {
	return s.String()
}

// SetCertificateBody sets the CertificateBody field's value.
func (s *ServerCertificate) SetCertificateBody(v string) *ServerCertificate {
	s.CertificateBody = &v
	return s
}

// SetCertificateChain sets the CertificateChain field's value.
func (s *ServerCertificate) SetCertificateChain(v string) *ServerCertificate {
	s.CertificateChain = &v
	return s
}

// SetServerCertificateMetadata sets the ServerCertificateMetadata field's value.
func (s *ServerCertificate) SetServerCertificateMetadata(v *ServerCertificateMetadata) *ServerCertificate {
	s.ServerCertificateMetadata = v
	return s
}

// SetTags sets the Tags field's value.
func (s *ServerCertificate) SetTags(v []*Tag) *ServerCertificate {
	s.Tags = v
	return s
}

// Contains information about a server certificate without its certificate body,
// certificate chain, and private key.
//
// This data type is used as a response element in the UploadServerCertificate
// and ListServerCertificates operations.
type ServerCertificateMetadata struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) specifying the server certificate. For more
	// information about ARNs and how to use them in policies, see IAM identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The date on which the certificate is set to expire.
	Expiration *time.Time `type:"timestamp"`

	// The path to the server certificate. For more information about paths, see
	// IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// Path is a required field
	Path *string `min:"1" type:"string" required:"true"`

	// The stable and unique string identifying the server certificate. For more
	// information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// ServerCertificateId is a required field
	ServerCertificateId *string `min:"16" type:"string" required:"true"`

	// The name that identifies the server certificate.
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`

	// The date when the server certificate was uploaded.
	UploadDate *time.Time `type:"timestamp"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServerCertificateMetadata) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServerCertificateMetadata) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *ServerCertificateMetadata) SetArn(v string) *ServerCertificateMetadata {
	s.Arn = &v
	return s
}

// SetExpiration sets the Expiration field's value.
func (s *ServerCertificateMetadata) SetExpiration(v time.Time) *ServerCertificateMetadata {
	s.Expiration = &v
	return s
}

// SetPath sets the Path field's value.
func (s *ServerCertificateMetadata) SetPath(v string) *ServerCertificateMetadata {
	s.Path = &v
	return s
}

// SetServerCertificateId sets the ServerCertificateId field's value.
func (s *ServerCertificateMetadata) SetServerCertificateId(v string) *ServerCertificateMetadata {
	s.ServerCertificateId = &v
	return s
}

// SetServerCertificateName sets the ServerCertificateName field's value.
func (s *ServerCertificateMetadata) SetServerCertificateName(v string) *ServerCertificateMetadata {
	s.ServerCertificateName = &v
	return s
}

// SetUploadDate sets the UploadDate field's value.
func (s *ServerCertificateMetadata) SetUploadDate(v time.Time) *ServerCertificateMetadata {
	s.UploadDate = &v
	return s
}

// Contains details about the most recent attempt to access the service.
//
// This data type is used as a response element in the GetServiceLastAccessedDetails
// operation.
type ServiceLastAccessed struct {
	_ struct{} `type:"structure"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when an authenticated entity most recently attempted to access the service.
	// Amazon Web Services does not report unauthenticated requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	LastAuthenticated *time.Time `type:"timestamp"`

	// The ARN of the authenticated entity (user or role) that last attempted to
	// access the service. Amazon Web Services does not report unauthenticated requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	LastAuthenticatedEntity *string `min:"20" type:"string"`

	// The Region from which the authenticated entity (user or role) last attempted
	// to access the service. Amazon Web Services does not report unauthenticated
	// requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	LastAuthenticatedRegion *string `type:"string"`

	// The name of the service in which access was attempted.
	//
	// ServiceName is a required field
	ServiceName *string `type:"string" required:"true"`

	// The namespace of the service in which access was attempted.
	//
	// To learn the service namespace of a service, see Actions, resources, and
	// condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)
	// in the Service Authorization Reference. Choose the name of the service to
	// view details for that service. In the first paragraph, find the service prefix.
	// For example, (service prefix: a4b). For more information about service namespaces,
	// see Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces)
	// in the Amazon Web Services General Reference.
	//
	// ServiceNamespace is a required field
	ServiceNamespace *string `min:"1" type:"string" required:"true"`

	// The total number of authenticated principals (root user, IAM users, or IAM
	// roles) that have attempted to access the service.
	//
	// This field is null if no principals attempted to access the service within
	// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	TotalAuthenticatedEntities *int64 `type:"integer"`

	// An object that contains details about the most recent attempt to access a
	// tracked action within the service.
	//
	// This field is null if there no tracked actions or if the principal did not
	// use the tracked actions within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	// This field is also null if the report was generated at the service level
	// and not the action level. For more information, see the Granularity field
	// in GenerateServiceLastAccessedDetails.
	TrackedActionsLastAccessed []*TrackedActionLastAccessed `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceLastAccessed) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceLastAccessed) GoString() string {
	return s.String()
}

// SetLastAuthenticated sets the LastAuthenticated field's value.
func (s *ServiceLastAccessed) SetLastAuthenticated(v time.Time) *ServiceLastAccessed {
	s.LastAuthenticated = &v
	return s
}

// SetLastAuthenticatedEntity sets the LastAuthenticatedEntity field's value.
func (s *ServiceLastAccessed) SetLastAuthenticatedEntity(v string) *ServiceLastAccessed {
	s.LastAuthenticatedEntity = &v
	return s
}

// SetLastAuthenticatedRegion sets the LastAuthenticatedRegion field's value.
func (s *ServiceLastAccessed) SetLastAuthenticatedRegion(v string) *ServiceLastAccessed {
	s.LastAuthenticatedRegion = &v
	return s
}

// SetServiceName sets the ServiceName field's value.
func (s *ServiceLastAccessed) SetServiceName(v string) *ServiceLastAccessed {
	s.ServiceName = &v
	return s
}

// SetServiceNamespace sets the ServiceNamespace field's value.
func (s *ServiceLastAccessed) SetServiceNamespace(v string) *ServiceLastAccessed {
	s.ServiceNamespace = &v
	return s
}

// SetTotalAuthenticatedEntities sets the TotalAuthenticatedEntities field's value.
func (s *ServiceLastAccessed) SetTotalAuthenticatedEntities(v int64) *ServiceLastAccessed {
	s.TotalAuthenticatedEntities = &v
	return s
}

// SetTrackedActionsLastAccessed sets the TrackedActionsLastAccessed field's value.
func (s *ServiceLastAccessed) SetTrackedActionsLastAccessed(v []*TrackedActionLastAccessed) *ServiceLastAccessed {
	s.TrackedActionsLastAccessed = v
	return s
}

// Contains the details of a service-specific credential.
type ServiceSpecificCredential struct {
	_ struct{} `type:"structure"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the service-specific credential were created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" required:"true"`

	// The name of the service associated with the service-specific credential.
	//
	// ServiceName is a required field
	ServiceName *string `type:"string" required:"true"`

	// The generated password for the service-specific credential.
	//
	// ServicePassword is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by ServiceSpecificCredential's
	// String and GoString methods.
	//
	// ServicePassword is a required field
	ServicePassword *string `type:"string" required:"true" sensitive:"true"`

	// The unique identifier for the service-specific credential.
	//
	// ServiceSpecificCredentialId is a required field
	ServiceSpecificCredentialId *string `min:"20" type:"string" required:"true"`

	// The generated user name for the service-specific credential. This value is
	// generated by combining the IAM user's name combined with the ID number of
	// the Amazon Web Services account, as in jane-at-123456789012, for example.
	// This value cannot be configured by the user.
	//
	// ServiceUserName is a required field
	ServiceUserName *string `min:"17" type:"string" required:"true"`

	// The status of the service-specific credential. Active means that the key
	// is valid for API calls, while Inactive means it is not.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"StatusType"`

	// The name of the IAM user associated with the service-specific credential.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceSpecificCredential) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceSpecificCredential) GoString() string {
	return s.String()
}

// SetCreateDate sets the CreateDate field's value.
func (s *ServiceSpecificCredential) SetCreateDate(v time.Time) *ServiceSpecificCredential {
	s.CreateDate = &v
	return s
}

// SetServiceName sets the ServiceName field's value.
func (s *ServiceSpecificCredential) SetServiceName(v string) *ServiceSpecificCredential {
	s.ServiceName = &v
	return s
}

// SetServicePassword sets the ServicePassword field's value.
func (s *ServiceSpecificCredential) SetServicePassword(v string) *ServiceSpecificCredential {
	s.ServicePassword = &v
	return s
}

// SetServiceSpecificCredentialId sets the ServiceSpecificCredentialId field's value.
func (s *ServiceSpecificCredential) SetServiceSpecificCredentialId(v string) *ServiceSpecificCredential {
	s.ServiceSpecificCredentialId = &v
	return s
}

// SetServiceUserName sets the ServiceUserName field's value.
func (s *ServiceSpecificCredential) SetServiceUserName(v string) *ServiceSpecificCredential {
	s.ServiceUserName = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *ServiceSpecificCredential) SetStatus(v string) *ServiceSpecificCredential {
	s.Status = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ServiceSpecificCredential) SetUserName(v string) *ServiceSpecificCredential {
	s.UserName = &v
	return s
}

// Contains additional details about a service-specific credential.
type ServiceSpecificCredentialMetadata struct {
	_ struct{} `type:"structure"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the service-specific credential were created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" required:"true"`

	// The name of the service associated with the service-specific credential.
	//
	// ServiceName is a required field
	ServiceName *string `type:"string" required:"true"`

	// The unique identifier for the service-specific credential.
	//
	// ServiceSpecificCredentialId is a required field
	ServiceSpecificCredentialId *string `min:"20" type:"string" required:"true"`

	// The generated user name for the service-specific credential.
	//
	// ServiceUserName is a required field
	ServiceUserName *string `min:"17" type:"string" required:"true"`

	// The status of the service-specific credential. Active means that the key
	// is valid for API calls, while Inactive means it is not.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"StatusType"`

	// The name of the IAM user associated with the service-specific credential.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceSpecificCredentialMetadata) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceSpecificCredentialMetadata) GoString() string {
	return s.String()
}

// SetCreateDate sets the CreateDate field's value.
func (s *ServiceSpecificCredentialMetadata) SetCreateDate(v time.Time) *ServiceSpecificCredentialMetadata {
	s.CreateDate = &v
	return s
}

// SetServiceName sets the ServiceName field's value.
func (s *ServiceSpecificCredentialMetadata) SetServiceName(v string) *ServiceSpecificCredentialMetadata {
	s.ServiceName = &v
	return s
}

// SetServiceSpecificCredentialId sets the ServiceSpecificCredentialId field's value.
func (s *ServiceSpecificCredentialMetadata) SetServiceSpecificCredentialId(v string) *ServiceSpecificCredentialMetadata {
	s.ServiceSpecificCredentialId = &v
	return s
}

// SetServiceUserName sets the ServiceUserName field's value.
func (s *ServiceSpecificCredentialMetadata) SetServiceUserName(v string) *ServiceSpecificCredentialMetadata {
	s.ServiceUserName = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *ServiceSpecificCredentialMetadata) SetStatus(v string) *ServiceSpecificCredentialMetadata {
	s.Status = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *ServiceSpecificCredentialMetadata) SetUserName(v string) *ServiceSpecificCredentialMetadata {
	s.UserName = &v
	return s
}

type SetDefaultPolicyVersionInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy whose default version you
	// want to set.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The version of the policy to set as the default (operative) version.
	//
	// For more information about managed policy versions, see Versioning for managed
	// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	//
	// VersionId is a required field
	VersionId *string `type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SetDefaultPolicyVersionInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SetDefaultPolicyVersionInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *SetDefaultPolicyVersionInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "SetDefaultPolicyVersionInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.VersionId == nil {
		invalidParams.Add(request.NewErrParamRequired("VersionId"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *SetDefaultPolicyVersionInput) SetPolicyArn(v string) *SetDefaultPolicyVersionInput {
	s.PolicyArn = &v
	return s
}

// SetVersionId sets the VersionId field's value.
func (s *SetDefaultPolicyVersionInput) SetVersionId(v string) *SetDefaultPolicyVersionInput {
	s.VersionId = &v
	return s
}

type SetDefaultPolicyVersionOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SetDefaultPolicyVersionOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SetDefaultPolicyVersionOutput) GoString() string {
	return s.String()
}

type SetSecurityTokenServicePreferencesInput struct {
	_ struct{} `type:"structure"`

	// The version of the global endpoint token. Version 1 tokens are valid only
	// in Amazon Web Services Regions that are available by default. These tokens
	// do not work in manually enabled Regions, such as Asia Pacific (Hong Kong).
	// Version 2 tokens are valid in all Regions. However, version 2 tokens are
	// longer and might affect systems where you temporarily store tokens.
	//
	// For information, see Activating and deactivating STS in an Amazon Web Services
	// Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
	// in the IAM User Guide.
	//
	// GlobalEndpointTokenVersion is a required field
	GlobalEndpointTokenVersion *string `type:"string" required:"true" enum:"GlobalEndpointTokenVersion"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SetSecurityTokenServicePreferencesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SetSecurityTokenServicePreferencesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *SetSecurityTokenServicePreferencesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "SetSecurityTokenServicePreferencesInput"}
	if s.GlobalEndpointTokenVersion == nil {
		invalidParams.Add(request.NewErrParamRequired("GlobalEndpointTokenVersion"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGlobalEndpointTokenVersion sets the GlobalEndpointTokenVersion field's value.
func (s *SetSecurityTokenServicePreferencesInput) SetGlobalEndpointTokenVersion(v string) *SetSecurityTokenServicePreferencesInput {
	s.GlobalEndpointTokenVersion = &v
	return s
}

type SetSecurityTokenServicePreferencesOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SetSecurityTokenServicePreferencesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SetSecurityTokenServicePreferencesOutput) GoString() string {
	return s.String()
}

// Contains information about an X.509 signing certificate.
//
// This data type is used as a response element in the UploadSigningCertificate
// and ListSigningCertificates operations.
type SigningCertificate struct {
	_ struct{} `type:"structure"`

	// The contents of the signing certificate.
	//
	// CertificateBody is a required field
	CertificateBody *string `min:"1" type:"string" required:"true"`

	// The ID for the signing certificate.
	//
	// CertificateId is a required field
	CertificateId *string `min:"24" type:"string" required:"true"`

	// The status of the signing certificate. Active means that the key is valid
	// for API calls, while Inactive means it is not.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"StatusType"`

	// The date when the signing certificate was uploaded.
	UploadDate *time.Time `type:"timestamp"`

	// The name of the user the signing certificate is associated with.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SigningCertificate) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SigningCertificate) GoString() string {
	return s.String()
}

// SetCertificateBody sets the CertificateBody field's value.
func (s *SigningCertificate) SetCertificateBody(v string) *SigningCertificate {
	s.CertificateBody = &v
	return s
}

// SetCertificateId sets the CertificateId field's value.
func (s *SigningCertificate) SetCertificateId(v string) *SigningCertificate {
	s.CertificateId = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *SigningCertificate) SetStatus(v string) *SigningCertificate {
	s.Status = &v
	return s
}

// SetUploadDate sets the UploadDate field's value.
func (s *SigningCertificate) SetUploadDate(v time.Time) *SigningCertificate {
	s.UploadDate = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *SigningCertificate) SetUserName(v string) *SigningCertificate {
	s.UserName = &v
	return s
}

type SimulateCustomPolicyInput struct {
	_ struct{} `type:"structure"`

	// A list of names of API operations to evaluate in the simulation. Each operation
	// is evaluated against each resource. Each operation must include the service
	// identifier, such as iam:CreateUser. This operation does not support using
	// wildcards (*) in an action name.
	//
	// ActionNames is a required field
	ActionNames []*string `type:"list" required:"true"`

	// The ARN of the IAM user that you want to use as the simulated caller of the
	// API operations. CallerArn is required if you include a ResourcePolicy so
	// that the policy's Principal element has a value to use in evaluating the
	// policy.
	//
	// You can specify only the ARN of an IAM user. You cannot specify the ARN of
	// an assumed role, federated user, or a service principal.
	CallerArn *string `min:"1" type:"string"`

	// A list of context keys and corresponding values for the simulation to use.
	// Whenever a context key is evaluated in one of the simulated IAM permissions
	// policies, the corresponding value is supplied.
	ContextEntries []*ContextEntry `type:"list"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The IAM permissions boundary policy to simulate. The permissions boundary
	// sets the maximum permissions that an IAM entity can have. You can input only
	// one permissions boundary when you pass a policy to this operation. For more
	// information about permissions boundaries, see Permissions boundaries for
	// IAM entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
	// in the IAM User Guide. The policy input is specified as a string that contains
	// the complete, valid JSON text of a permissions boundary policy.
	//
	// The maximum length of the policy document that you can pass in this operation,
	// including whitespace, is listed below. To view the maximum character counts
	// of a managed policy with no whitespaces, see IAM and STS character quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	PermissionsBoundaryPolicyInputList []*string `type:"list"`

	// A list of policy documents to include in the simulation. Each document is
	// specified as a string containing the complete, valid JSON text of an IAM
	// policy. Do not include any resource-based policies in this parameter. Any
	// resource-based policy must be submitted with the ResourcePolicy parameter.
	// The policies cannot be "scope-down" policies, such as you could include in
	// a call to GetFederationToken (https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html)
	// or one of the AssumeRole (https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html)
	// API operations. In other words, do not use policies designed to restrict
	// what a user can do while using the temporary credentials.
	//
	// The maximum length of the policy document that you can pass in this operation,
	// including whitespace, is listed below. To view the maximum character counts
	// of a managed policy with no whitespaces, see IAM and STS character quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// PolicyInputList is a required field
	PolicyInputList []*string `type:"list" required:"true"`

	// A list of ARNs of Amazon Web Services resources to include in the simulation.
	// If this parameter is not provided, then the value defaults to * (all resources).
	// Each API in the ActionNames parameter is evaluated for each resource in this
	// list. The simulation determines the access result (allowed or denied) of
	// each combination and reports it in the response. You can simulate resources
	// that don't exist in your account.
	//
	// The simulation does not automatically retrieve policies for the specified
	// resources. If you want to include a resource policy in the simulation, then
	// you must include the policy as a string in the ResourcePolicy parameter.
	//
	// If you include a ResourcePolicy, then it must be applicable to all of the
	// resources included in the simulation or you receive an invalid input error.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	ResourceArns []*string `type:"list"`

	// Specifies the type of simulation to run. Different API operations that support
	// resource-based policies require different combinations of resources. By specifying
	// the type of simulation to run, you enable the policy simulator to enforce
	// the presence of the required resources to ensure reliable simulation results.
	// If your simulation does not match one of the following scenarios, then you
	// can omit this parameter. The following list shows each of the supported scenario
	// values and the resources that you must define to run the simulation.
	//
	// Each of the EC2 scenarios requires that you specify instance, image, and
	// security-group resources. If your scenario includes an EBS volume, then you
	// must specify that volume as a resource. If the EC2 scenario includes VPC,
	// then you must supply the network-interface resource. If it includes an IP
	// subnet, then you must specify the subnet resource. For more information on
	// the EC2 scenario options, see Supported platforms (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html)
	// in the Amazon EC2 User Guide.
	//
	//    * EC2-Classic-InstanceStore instance, image, security-group
	//
	//    * EC2-Classic-EBS instance, image, security-group, volume
	//
	//    * EC2-VPC-InstanceStore instance, image, security-group, network-interface
	//
	//    * EC2-VPC-InstanceStore-Subnet instance, image, security-group, network-interface,
	//    subnet
	//
	//    * EC2-VPC-EBS instance, image, security-group, network-interface, volume
	//
	//    * EC2-VPC-EBS-Subnet instance, image, security-group, network-interface,
	//    subnet, volume
	ResourceHandlingOption *string `min:"1" type:"string"`

	// An ARN representing the Amazon Web Services account ID that specifies the
	// owner of any simulated resource that does not identify its owner in the resource
	// ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner
	// is specified, it is also used as the account owner of any ResourcePolicy
	// included in the simulation. If the ResourceOwner parameter is not specified,
	// then the owner of the resources and the resource policy defaults to the account
	// of the identity provided in CallerArn. This parameter is required only if
	// you specify a resource-based policy and account that owns the resource is
	// different from the account that owns the simulated calling user CallerArn.
	//
	// The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root.
	// For example, to represent the account with the 112233445566 ID, use the following
	// ARN: arn:aws:iam::112233445566-ID:root.
	ResourceOwner *string `min:"1" type:"string"`

	// A resource-based policy to include in the simulation provided as a string.
	// Each resource in the simulation is treated as if it had this policy attached.
	// You can include only one resource-based policy in a simulation.
	//
	// The maximum length of the policy document that you can pass in this operation,
	// including whitespace, is listed below. To view the maximum character counts
	// of a managed policy with no whitespaces, see IAM and STS character quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	ResourcePolicy *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SimulateCustomPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SimulateCustomPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *SimulateCustomPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "SimulateCustomPolicyInput"}
	if s.ActionNames == nil {
		invalidParams.Add(request.NewErrParamRequired("ActionNames"))
	}
	if s.CallerArn != nil && len(*s.CallerArn) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CallerArn", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PolicyInputList == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyInputList"))
	}
	if s.ResourceHandlingOption != nil && len(*s.ResourceHandlingOption) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceHandlingOption", 1))
	}
	if s.ResourceOwner != nil && len(*s.ResourceOwner) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceOwner", 1))
	}
	if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1))
	}
	if s.ContextEntries != nil {
		for i, v := range s.ContextEntries {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ContextEntries", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetActionNames sets the ActionNames field's value.
func (s *SimulateCustomPolicyInput) SetActionNames(v []*string) *SimulateCustomPolicyInput {
	s.ActionNames = v
	return s
}

// SetCallerArn sets the CallerArn field's value.
func (s *SimulateCustomPolicyInput) SetCallerArn(v string) *SimulateCustomPolicyInput {
	s.CallerArn = &v
	return s
}

// SetContextEntries sets the ContextEntries field's value.
func (s *SimulateCustomPolicyInput) SetContextEntries(v []*ContextEntry) *SimulateCustomPolicyInput {
	s.ContextEntries = v
	return s
}

// SetMarker sets the Marker field's value.
func (s *SimulateCustomPolicyInput) SetMarker(v string) *SimulateCustomPolicyInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *SimulateCustomPolicyInput) SetMaxItems(v int64) *SimulateCustomPolicyInput {
	s.MaxItems = &v
	return s
}

// SetPermissionsBoundaryPolicyInputList sets the PermissionsBoundaryPolicyInputList field's value.
func (s *SimulateCustomPolicyInput) SetPermissionsBoundaryPolicyInputList(v []*string) *SimulateCustomPolicyInput {
	s.PermissionsBoundaryPolicyInputList = v
	return s
}

// SetPolicyInputList sets the PolicyInputList field's value.
func (s *SimulateCustomPolicyInput) SetPolicyInputList(v []*string) *SimulateCustomPolicyInput {
	s.PolicyInputList = v
	return s
}

// SetResourceArns sets the ResourceArns field's value.
func (s *SimulateCustomPolicyInput) SetResourceArns(v []*string) *SimulateCustomPolicyInput {
	s.ResourceArns = v
	return s
}

// SetResourceHandlingOption sets the ResourceHandlingOption field's value.
func (s *SimulateCustomPolicyInput) SetResourceHandlingOption(v string) *SimulateCustomPolicyInput {
	s.ResourceHandlingOption = &v
	return s
}

// SetResourceOwner sets the ResourceOwner field's value.
func (s *SimulateCustomPolicyInput) SetResourceOwner(v string) *SimulateCustomPolicyInput {
	s.ResourceOwner = &v
	return s
}

// SetResourcePolicy sets the ResourcePolicy field's value.
func (s *SimulateCustomPolicyInput) SetResourcePolicy(v string) *SimulateCustomPolicyInput {
	s.ResourcePolicy = &v
	return s
}

// Contains the response to a successful SimulatePrincipalPolicy or SimulateCustomPolicy
// request.
type SimulatePolicyResponse struct {
	_ struct{} `type:"structure"`

	// The results of the simulation.
	EvaluationResults []*EvaluationResult `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SimulatePolicyResponse) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SimulatePolicyResponse) GoString() string {
	return s.String()
}

// SetEvaluationResults sets the EvaluationResults field's value.
func (s *SimulatePolicyResponse) SetEvaluationResults(v []*EvaluationResult) *SimulatePolicyResponse {
	s.EvaluationResults = v
	return s
}

// SetIsTruncated sets the IsTruncated field's value.
func (s *SimulatePolicyResponse) SetIsTruncated(v bool) *SimulatePolicyResponse {
	s.IsTruncated = &v
	return s
}

// SetMarker sets the Marker field's value.
func (s *SimulatePolicyResponse) SetMarker(v string) *SimulatePolicyResponse {
	s.Marker = &v
	return s
}

type SimulatePrincipalPolicyInput struct {
	_ struct{} `type:"structure"`

	// A list of names of API operations to evaluate in the simulation. Each operation
	// is evaluated for each resource. Each operation must include the service identifier,
	// such as iam:CreateUser.
	//
	// ActionNames is a required field
	ActionNames []*string `type:"list" required:"true"`

	// The ARN of the IAM user that you want to specify as the simulated caller
	// of the API operations. If you do not specify a CallerArn, it defaults to
	// the ARN of the user that you specify in PolicySourceArn, if you specified
	// a user. If you include both a PolicySourceArn (for example, arn:aws:iam::123456789012:user/David)
	// and a CallerArn (for example, arn:aws:iam::123456789012:user/Bob), the result
	// is that you simulate calling the API operations as Bob, as if Bob had David's
	// policies.
	//
	// You can specify only the ARN of an IAM user. You cannot specify the ARN of
	// an assumed role, federated user, or a service principal.
	//
	// CallerArn is required if you include a ResourcePolicy and the PolicySourceArn
	// is not the ARN for an IAM user. This is required so that the resource-based
	// policy's Principal element has a value to use in evaluating the policy.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	CallerArn *string `min:"1" type:"string"`

	// A list of context keys and corresponding values for the simulation to use.
	// Whenever a context key is evaluated in one of the simulated IAM permissions
	// policies, the corresponding value is supplied.
	ContextEntries []*ContextEntry `type:"list"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// If you do not include this parameter, the number of items defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true, and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The IAM permissions boundary policy to simulate. The permissions boundary
	// sets the maximum permissions that the entity can have. You can input only
	// one permissions boundary when you pass a policy to this operation. An IAM
	// entity can only have one permissions boundary in effect at a time. For example,
	// if a permissions boundary is attached to an entity and you pass in a different
	// permissions boundary policy using this parameter, then the new permissions
	// boundary policy is used for the simulation. For more information about permissions
	// boundaries, see Permissions boundaries for IAM entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
	// in the IAM User Guide. The policy input is specified as a string containing
	// the complete, valid JSON text of a permissions boundary policy.
	//
	// The maximum length of the policy document that you can pass in this operation,
	// including whitespace, is listed below. To view the maximum character counts
	// of a managed policy with no whitespaces, see IAM and STS character quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	PermissionsBoundaryPolicyInputList []*string `type:"list"`

	// An optional list of additional policy documents to include in the simulation.
	// Each document is specified as a string containing the complete, valid JSON
	// text of an IAM policy.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	PolicyInputList []*string `type:"list"`

	// The Amazon Resource Name (ARN) of a user, group, or role whose policies you
	// want to include in the simulation. If you specify a user, group, or role,
	// the simulation includes all policies that are associated with that entity.
	// If you specify a user, the simulation also includes all policies that are
	// attached to any groups the user belongs to.
	//
	// The maximum length of the policy document that you can pass in this operation,
	// including whitespace, is listed below. To view the maximum character counts
	// of a managed policy with no whitespaces, see IAM and STS character quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// PolicySourceArn is a required field
	PolicySourceArn *string `min:"20" type:"string" required:"true"`

	// A list of ARNs of Amazon Web Services resources to include in the simulation.
	// If this parameter is not provided, then the value defaults to * (all resources).
	// Each API in the ActionNames parameter is evaluated for each resource in this
	// list. The simulation determines the access result (allowed or denied) of
	// each combination and reports it in the response. You can simulate resources
	// that don't exist in your account.
	//
	// The simulation does not automatically retrieve policies for the specified
	// resources. If you want to include a resource policy in the simulation, then
	// you must include the policy as a string in the ResourcePolicy parameter.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	ResourceArns []*string `type:"list"`

	// Specifies the type of simulation to run. Different API operations that support
	// resource-based policies require different combinations of resources. By specifying
	// the type of simulation to run, you enable the policy simulator to enforce
	// the presence of the required resources to ensure reliable simulation results.
	// If your simulation does not match one of the following scenarios, then you
	// can omit this parameter. The following list shows each of the supported scenario
	// values and the resources that you must define to run the simulation.
	//
	// Each of the EC2 scenarios requires that you specify instance, image, and
	// security group resources. If your scenario includes an EBS volume, then you
	// must specify that volume as a resource. If the EC2 scenario includes VPC,
	// then you must supply the network interface resource. If it includes an IP
	// subnet, then you must specify the subnet resource. For more information on
	// the EC2 scenario options, see Supported platforms (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html)
	// in the Amazon EC2 User Guide.
	//
	//    * EC2-Classic-InstanceStore instance, image, security group
	//
	//    * EC2-Classic-EBS instance, image, security group, volume
	//
	//    * EC2-VPC-InstanceStore instance, image, security group, network interface
	//
	//    * EC2-VPC-InstanceStore-Subnet instance, image, security group, network
	//    interface, subnet
	//
	//    * EC2-VPC-EBS instance, image, security group, network interface, volume
	//
	//    * EC2-VPC-EBS-Subnet instance, image, security group, network interface,
	//    subnet, volume
	ResourceHandlingOption *string `min:"1" type:"string"`

	// An Amazon Web Services account ID that specifies the owner of any simulated
	// resource that does not identify its owner in the resource ARN. Examples of
	// resource ARNs include an S3 bucket or object. If ResourceOwner is specified,
	// it is also used as the account owner of any ResourcePolicy included in the
	// simulation. If the ResourceOwner parameter is not specified, then the owner
	// of the resources and the resource policy defaults to the account of the identity
	// provided in CallerArn. This parameter is required only if you specify a resource-based
	// policy and account that owns the resource is different from the account that
	// owns the simulated calling user CallerArn.
	ResourceOwner *string `min:"1" type:"string"`

	// A resource-based policy to include in the simulation provided as a string.
	// Each resource in the simulation is treated as if it had this policy attached.
	// You can include only one resource-based policy in a simulation.
	//
	// The maximum length of the policy document that you can pass in this operation,
	// including whitespace, is listed below. To view the maximum character counts
	// of a managed policy with no whitespaces, see IAM and STS character quotas
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	ResourcePolicy *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SimulatePrincipalPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SimulatePrincipalPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *SimulatePrincipalPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "SimulatePrincipalPolicyInput"}
	if s.ActionNames == nil {
		invalidParams.Add(request.NewErrParamRequired("ActionNames"))
	}
	if s.CallerArn != nil && len(*s.CallerArn) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CallerArn", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PolicySourceArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicySourceArn"))
	}
	if s.PolicySourceArn != nil && len(*s.PolicySourceArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicySourceArn", 20))
	}
	if s.ResourceHandlingOption != nil && len(*s.ResourceHandlingOption) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceHandlingOption", 1))
	}
	if s.ResourceOwner != nil && len(*s.ResourceOwner) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceOwner", 1))
	}
	if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1))
	}
	if s.ContextEntries != nil {
		for i, v := range s.ContextEntries {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ContextEntries", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetActionNames sets the ActionNames field's value.
func (s *SimulatePrincipalPolicyInput) SetActionNames(v []*string) *SimulatePrincipalPolicyInput {
	s.ActionNames = v
	return s
}

// SetCallerArn sets the CallerArn field's value.
func (s *SimulatePrincipalPolicyInput) SetCallerArn(v string) *SimulatePrincipalPolicyInput {
	s.CallerArn = &v
	return s
}

// SetContextEntries sets the ContextEntries field's value.
func (s *SimulatePrincipalPolicyInput) SetContextEntries(v []*ContextEntry) *SimulatePrincipalPolicyInput {
	s.ContextEntries = v
	return s
}

// SetMarker sets the Marker field's value.
func (s *SimulatePrincipalPolicyInput) SetMarker(v string) *SimulatePrincipalPolicyInput {
	s.Marker = &v
	return s
}

// SetMaxItems sets the MaxItems field's value.
func (s *SimulatePrincipalPolicyInput) SetMaxItems(v int64) *SimulatePrincipalPolicyInput {
	s.MaxItems = &v
	return s
}

// SetPermissionsBoundaryPolicyInputList sets the PermissionsBoundaryPolicyInputList field's value.
func (s *SimulatePrincipalPolicyInput) SetPermissionsBoundaryPolicyInputList(v []*string) *SimulatePrincipalPolicyInput {
	s.PermissionsBoundaryPolicyInputList = v
	return s
}

// SetPolicyInputList sets the PolicyInputList field's value.
func (s *SimulatePrincipalPolicyInput) SetPolicyInputList(v []*string) *SimulatePrincipalPolicyInput {
	s.PolicyInputList = v
	return s
}

// SetPolicySourceArn sets the PolicySourceArn field's value.
func (s *SimulatePrincipalPolicyInput) SetPolicySourceArn(v string) *SimulatePrincipalPolicyInput {
	s.PolicySourceArn = &v
	return s
}

// SetResourceArns sets the ResourceArns field's value.
func (s *SimulatePrincipalPolicyInput) SetResourceArns(v []*string) *SimulatePrincipalPolicyInput {
	s.ResourceArns = v
	return s
}

// SetResourceHandlingOption sets the ResourceHandlingOption field's value.
func (s *SimulatePrincipalPolicyInput) SetResourceHandlingOption(v string) *SimulatePrincipalPolicyInput {
	s.ResourceHandlingOption = &v
	return s
}

// SetResourceOwner sets the ResourceOwner field's value.
func (s *SimulatePrincipalPolicyInput) SetResourceOwner(v string) *SimulatePrincipalPolicyInput {
	s.ResourceOwner = &v
	return s
}

// SetResourcePolicy sets the ResourcePolicy field's value.
func (s *SimulatePrincipalPolicyInput) SetResourcePolicy(v string) *SimulatePrincipalPolicyInput {
	s.ResourcePolicy = &v
	return s
}

// Contains a reference to a Statement element in a policy document that determines
// the result of the simulation.
//
// This data type is used by the MatchedStatements member of the EvaluationResult
// type.
type Statement struct {
	_ struct{} `type:"structure"`

	// The row and column of the end of a Statement in an IAM policy.
	EndPosition *Position `type:"structure"`

	// The identifier of the policy that was provided as an input.
	SourcePolicyId *string `type:"string"`

	// The type of the policy.
	SourcePolicyType *string `type:"string" enum:"PolicySourceType"`

	// The row and column of the beginning of the Statement in an IAM policy.
	StartPosition *Position `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Statement) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Statement) GoString() string {
	return s.String()
}

// SetEndPosition sets the EndPosition field's value.
func (s *Statement) SetEndPosition(v *Position) *Statement {
	s.EndPosition = v
	return s
}

// SetSourcePolicyId sets the SourcePolicyId field's value.
func (s *Statement) SetSourcePolicyId(v string) *Statement {
	s.SourcePolicyId = &v
	return s
}

// SetSourcePolicyType sets the SourcePolicyType field's value.
func (s *Statement) SetSourcePolicyType(v string) *Statement {
	s.SourcePolicyType = &v
	return s
}

// SetStartPosition sets the StartPosition field's value.
func (s *Statement) SetStartPosition(v *Position) *Statement {
	s.StartPosition = v
	return s
}

// A structure that represents user-provided metadata that can be associated
// with an IAM resource. For more information about tagging, see Tagging IAM
// resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
// in the IAM User Guide.
type Tag struct {
	_ struct{} `type:"structure"`

	// The key name that can be used to look up or retrieve the associated value.
	// For example, Department or Cost Center are common choices.
	//
	// Key is a required field
	Key *string `min:"1" type:"string" required:"true"`

	// The value associated with this tag. For example, tags with a key name of
	// Department could have values such as Human Resources, Accounting, and Support.
	// Tags with a key name of Cost Center might have values that consist of the
	// number associated with the different cost centers in your company. Typically,
	// many resources have tags with the same key name but with different values.
	//
	// Amazon Web Services always interprets the tag Value as a single string. If
	// you need to store an array, you can store comma-separated values in the string.
	// However, you must interpret the value in your code.
	//
	// Value is a required field
	Value *string `type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Tag) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Tag) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *Tag) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "Tag"}
	if s.Key == nil {
		invalidParams.Add(request.NewErrParamRequired("Key"))
	}
	if s.Key != nil && len(*s.Key) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
	}
	if s.Value == nil {
		invalidParams.Add(request.NewErrParamRequired("Value"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKey sets the Key field's value.
func (s *Tag) SetKey(v string) *Tag {
	s.Key = &v
	return s
}

// SetValue sets the Value field's value.
func (s *Tag) SetValue(v string) *Tag {
	s.Value = &v
	return s
}

type TagInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM instance profile to which you want to add tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// The list of tags that you want to attach to the IAM instance profile. Each
	// tag consists of a key name and an associated value.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TagInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}
	if s.Tags == nil {
		invalidParams.Add(request.NewErrParamRequired("Tags"))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetInstanceProfileName sets the InstanceProfileName field's value.
func (s *TagInstanceProfileInput) SetInstanceProfileName(v string) *TagInstanceProfileInput {
	s.InstanceProfileName = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *TagInstanceProfileInput) SetTags(v []*Tag) *TagInstanceProfileInput {
	s.Tags = v
	return s
}

type TagInstanceProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagInstanceProfileOutput) GoString() string {
	return s.String()
}

type TagMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// The unique identifier for the IAM virtual MFA device to which you want to
	// add tags. For virtual MFA devices, the serial number is the same as the ARN.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// The list of tags that you want to attach to the IAM virtual MFA device. Each
	// tag consists of a key name and an associated value.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TagMFADeviceInput"}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}
	if s.Tags == nil {
		invalidParams.Add(request.NewErrParamRequired("Tags"))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSerialNumber sets the SerialNumber field's value.
func (s *TagMFADeviceInput) SetSerialNumber(v string) *TagMFADeviceInput {
	s.SerialNumber = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *TagMFADeviceInput) SetTags(v []*Tag) *TagMFADeviceInput {
	s.Tags = v
	return s
}

type TagMFADeviceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagMFADeviceOutput) GoString() string {
	return s.String()
}

type TagOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// The ARN of the OIDC identity provider in IAM to which you want to add tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`

	// The list of tags that you want to attach to the OIDC identity provider in
	// IAM. Each tag consists of a key name and an associated value.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TagOpenIDConnectProviderInput"}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}
	if s.Tags == nil {
		invalidParams.Add(request.NewErrParamRequired("Tags"))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetOpenIDConnectProviderArn sets the OpenIDConnectProviderArn field's value.
func (s *TagOpenIDConnectProviderInput) SetOpenIDConnectProviderArn(v string) *TagOpenIDConnectProviderInput {
	s.OpenIDConnectProviderArn = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *TagOpenIDConnectProviderInput) SetTags(v []*Tag) *TagOpenIDConnectProviderInput {
	s.Tags = v
	return s
}

type TagOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

type TagPolicyInput struct {
	_ struct{} `type:"structure"`

	// The ARN of the IAM customer managed policy to which you want to add tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The list of tags that you want to attach to the IAM customer managed policy.
	// Each tag consists of a key name and an associated value.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TagPolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.Tags == nil {
		invalidParams.Add(request.NewErrParamRequired("Tags"))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *TagPolicyInput) SetPolicyArn(v string) *TagPolicyInput {
	s.PolicyArn = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *TagPolicyInput) SetTags(v []*Tag) *TagPolicyInput {
	s.Tags = v
	return s
}

type TagPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagPolicyOutput) GoString() string {
	return s.String()
}

type TagRoleInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM role to which you want to add tags.
	//
	// This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that consist of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`

	// The list of tags that you want to attach to the IAM role. Each tag consists
	// of a key name and an associated value.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TagRoleInput"}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}
	if s.Tags == nil {
		invalidParams.Add(request.NewErrParamRequired("Tags"))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetRoleName sets the RoleName field's value.
func (s *TagRoleInput) SetRoleName(v string) *TagRoleInput {
	s.RoleName = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *TagRoleInput) SetTags(v []*Tag) *TagRoleInput {
	s.Tags = v
	return s
}

type TagRoleOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagRoleOutput) GoString() string {
	return s.String()
}

type TagSAMLProviderInput struct {
	_ struct{} `type:"structure"`

	// The ARN of the SAML identity provider in IAM to which you want to add tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// SAMLProviderArn is a required field
	SAMLProviderArn *string `min:"20" type:"string" required:"true"`

	// The list of tags that you want to attach to the SAML identity provider in
	// IAM. Each tag consists of a key name and an associated value.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagSAMLProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagSAMLProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagSAMLProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TagSAMLProviderInput"}
	if s.SAMLProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLProviderArn"))
	}
	if s.SAMLProviderArn != nil && len(*s.SAMLProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLProviderArn", 20))
	}
	if s.Tags == nil {
		invalidParams.Add(request.NewErrParamRequired("Tags"))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSAMLProviderArn sets the SAMLProviderArn field's value.
func (s *TagSAMLProviderInput) SetSAMLProviderArn(v string) *TagSAMLProviderInput {
	s.SAMLProviderArn = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *TagSAMLProviderInput) SetTags(v []*Tag) *TagSAMLProviderInput {
	s.Tags = v
	return s
}

type TagSAMLProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagSAMLProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagSAMLProviderOutput) GoString() string {
	return s.String()
}

type TagServerCertificateInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM server certificate to which you want to add tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`

	// The list of tags that you want to attach to the IAM server certificate. Each
	// tag consists of a key name and an associated value.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagServerCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagServerCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagServerCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TagServerCertificateInput"}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}
	if s.Tags == nil {
		invalidParams.Add(request.NewErrParamRequired("Tags"))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetServerCertificateName sets the ServerCertificateName field's value.
func (s *TagServerCertificateInput) SetServerCertificateName(v string) *TagServerCertificateInput {
	s.ServerCertificateName = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *TagServerCertificateInput) SetTags(v []*Tag) *TagServerCertificateInput {
	s.Tags = v
	return s
}

type TagServerCertificateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagServerCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagServerCertificateOutput) GoString() string {
	return s.String()
}

type TagUserInput struct {
	_ struct{} `type:"structure"`

	// The list of tags that you want to attach to the IAM user. Each tag consists
	// of a key name and an associated value.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`

	// The name of the IAM user to which you want to add tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TagUserInput"}
	if s.Tags == nil {
		invalidParams.Add(request.NewErrParamRequired("Tags"))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetTags sets the Tags field's value.
func (s *TagUserInput) SetTags(v []*Tag) *TagUserInput {
	s.Tags = v
	return s
}

// SetUserName sets the UserName field's value.
func (s *TagUserInput) SetUserName(v string) *TagUserInput {
	s.UserName = &v
	return s
}

type TagUserOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagUserOutput) GoString() string {
	return s.String()
}

// Contains details about the most recent attempt to access an action within
// the service.
//
// This data type is used as a response element in the GetServiceLastAccessedDetails
// operation.
type TrackedActionLastAccessed struct {
	_ struct{} `type:"structure"`

	// The name of the tracked action to which access was attempted. Tracked actions
	// are actions that report activity to IAM.
	ActionName *string `type:"string"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	LastAccessedEntity *string `min:"20" type:"string"`

	// The Region from which the authenticated entity (user or role) last attempted
	// to access the tracked action. Amazon Web Services does not report unauthenticated
	// requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	LastAccessedRegion *string `type:"string"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when an authenticated entity most recently attempted to access the tracked
	// service. Amazon Web Services does not report unauthenticated requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
	LastAccessedTime *time.Time `type:"timestamp"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TrackedActionLastAccessed) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TrackedActionLastAccessed) GoString() string {
	return s.String()
}

// SetActionName sets the ActionName field's value.
func (s *TrackedActionLastAccessed) SetActionName(v string) *TrackedActionLastAccessed {
	s.ActionName = &v
	return s
}

// SetLastAccessedEntity sets the LastAccessedEntity field's value.
func (s *TrackedActionLastAccessed) SetLastAccessedEntity(v string) *TrackedActionLastAccessed {
	s.LastAccessedEntity = &v
	return s
}

// SetLastAccessedRegion sets the LastAccessedRegion field's value.
func (s *TrackedActionLastAccessed) SetLastAccessedRegion(v string) *TrackedActionLastAccessed {
	s.LastAccessedRegion = &v
	return s
}

// SetLastAccessedTime sets the LastAccessedTime field's value.
func (s *TrackedActionLastAccessed) SetLastAccessedTime(v time.Time) *TrackedActionLastAccessed {
	s.LastAccessedTime = &v
	return s
}

type UntagInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM instance profile from which you want to remove tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// A list of key names as a simple array of strings. The tags with matching
	// keys are removed from the specified instance profile.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UntagInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}
	if s.TagKeys == nil {
		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetInstanceProfileName sets the InstanceProfileName field's value.
func (s *UntagInstanceProfileInput) SetInstanceProfileName(v string) *UntagInstanceProfileInput {
	s.InstanceProfileName = &v
	return s
}

// SetTagKeys sets the TagKeys field's value.
func (s *UntagInstanceProfileInput) SetTagKeys(v []*string) *UntagInstanceProfileInput {
	s.TagKeys = v
	return s
}

type UntagInstanceProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagInstanceProfileOutput) GoString() string {
	return s.String()
}

type UntagMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// The unique identifier for the IAM virtual MFA device from which you want
	// to remove tags. For virtual MFA devices, the serial number is the same as
	// the ARN.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// A list of key names as a simple array of strings. The tags with matching
	// keys are removed from the specified instance profile.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UntagMFADeviceInput"}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}
	if s.TagKeys == nil {
		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSerialNumber sets the SerialNumber field's value.
func (s *UntagMFADeviceInput) SetSerialNumber(v string) *UntagMFADeviceInput {
	s.SerialNumber = &v
	return s
}

// SetTagKeys sets the TagKeys field's value.
func (s *UntagMFADeviceInput) SetTagKeys(v []*string) *UntagMFADeviceInput {
	s.TagKeys = v
	return s
}

type UntagMFADeviceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagMFADeviceOutput) GoString() string {
	return s.String()
}

type UntagOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// The ARN of the OIDC provider in IAM from which you want to remove tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`

	// A list of key names as a simple array of strings. The tags with matching
	// keys are removed from the specified OIDC provider.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UntagOpenIDConnectProviderInput"}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}
	if s.TagKeys == nil {
		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetOpenIDConnectProviderArn sets the OpenIDConnectProviderArn field's value.
func (s *UntagOpenIDConnectProviderInput) SetOpenIDConnectProviderArn(v string) *UntagOpenIDConnectProviderInput {
	s.OpenIDConnectProviderArn = &v
	return s
}

// SetTagKeys sets the TagKeys field's value.
func (s *UntagOpenIDConnectProviderInput) SetTagKeys(v []*string) *UntagOpenIDConnectProviderInput {
	s.TagKeys = v
	return s
}

type UntagOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

type UntagPolicyInput struct {
	_ struct{} `type:"structure"`

	// The ARN of the IAM customer managed policy from which you want to remove
	// tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// A list of key names as a simple array of strings. The tags with matching
	// keys are removed from the specified policy.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UntagPolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.TagKeys == nil {
		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyArn sets the PolicyArn field's value.
func (s *UntagPolicyInput) SetPolicyArn(v string) *UntagPolicyInput {
	s.PolicyArn = &v
	return s
}

// SetTagKeys sets the TagKeys field's value.
func (s *UntagPolicyInput) SetTagKeys(v []*string) *UntagPolicyInput {
	s.TagKeys = v
	return s
}

type UntagPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagPolicyOutput) GoString() string {
	return s.String()
}

type UntagRoleInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM role from which you want to remove tags.
	//
	// This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that consist of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`

	// A list of key names as a simple array of strings. The tags with matching
	// keys are removed from the specified role.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UntagRoleInput"}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}
	if s.TagKeys == nil {
		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetRoleName sets the RoleName field's value.
func (s *UntagRoleInput) SetRoleName(v string) *UntagRoleInput {
	s.RoleName = &v
	return s
}

// SetTagKeys sets the TagKeys field's value.
func (s *UntagRoleInput) SetTagKeys(v []*string) *UntagRoleInput {
	s.TagKeys = v
	return s
}

type UntagRoleOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagRoleOutput) GoString() string {
	return s.String()
}

type UntagSAMLProviderInput struct {
	_ struct{} `type:"structure"`

	// The ARN of the SAML identity provider in IAM from which you want to remove
	// tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// SAMLProviderArn is a required field
	SAMLProviderArn *string `min:"20" type:"string" required:"true"`

	// A list of key names as a simple array of strings. The tags with matching
	// keys are removed from the specified SAML identity provider.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagSAMLProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagSAMLProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagSAMLProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UntagSAMLProviderInput"}
	if s.SAMLProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLProviderArn"))
	}
	if s.SAMLProviderArn != nil && len(*s.SAMLProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLProviderArn", 20))
	}
	if s.TagKeys == nil {
		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSAMLProviderArn sets the SAMLProviderArn field's value.
func (s *UntagSAMLProviderInput) SetSAMLProviderArn(v string) *UntagSAMLProviderInput {
	s.SAMLProviderArn = &v
	return s
}

// SetTagKeys sets the TagKeys field's value.
func (s *UntagSAMLProviderInput) SetTagKeys(v []*string) *UntagSAMLProviderInput {
	s.TagKeys = v
	return s
}

type UntagSAMLProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagSAMLProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagSAMLProviderOutput) GoString() string {
	return s.String()
}

type UntagServerCertificateInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM server certificate from which you want to remove tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`

	// A list of key names as a simple array of strings. The tags with matching
	// keys are removed from the specified IAM server certificate.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagServerCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagServerCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagServerCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UntagServerCertificateInput"}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}
	if s.TagKeys == nil {
		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetServerCertificateName sets the ServerCertificateName field's value.
func (s *UntagServerCertificateInput) SetServerCertificateName(v string) *UntagServerCertificateInput {
	s.ServerCertificateName = &v
	return s
}

// SetTagKeys sets the TagKeys field's value.
func (s *UntagServerCertificateInput) SetTagKeys(v []*string) *UntagServerCertificateInput {
	s.TagKeys = v
	return s
}

type UntagServerCertificateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagServerCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagServerCertificateOutput) GoString() string {
	return s.String()
}

type UntagUserInput struct {
	_ struct{} `type:"structure"`

	// A list of key names as a simple array of strings. The tags with matching
	// keys are removed from the specified user.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`

	// The name of the IAM user from which you want to remove tags.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UntagUserInput"}
	if s.TagKeys == nil {
		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetTagKeys sets the TagKeys field's value.
func (s *UntagUserInput) SetTagKeys(v []*string) *UntagUserInput {
	s.TagKeys = v
	return s
}

// SetUserName sets the UserName field's value.
func (s *UntagUserInput) SetUserName(v string) *UntagUserInput {
	s.UserName = &v
	return s
}

type UntagUserOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagUserOutput) GoString() string {
	return s.String()
}

type UpdateAccessKeyInput struct {
	_ struct{} `type:"structure"`

	// The access key ID of the secret access key you want to update.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// AccessKeyId is a required field
	AccessKeyId *string `min:"16" type:"string" required:"true"`

	// The status you want to assign to the secret access key. Active means that
	// the key can be used for programmatic calls to Amazon Web Services, while
	// Inactive means that the key cannot be used.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"StatusType"`

	// The name of the user whose key you want to update.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAccessKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAccessKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateAccessKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateAccessKeyInput"}
	if s.AccessKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
	}
	if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
	}
	if s.Status == nil {
		invalidParams.Add(request.NewErrParamRequired("Status"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAccessKeyId sets the AccessKeyId field's value.
func (s *UpdateAccessKeyInput) SetAccessKeyId(v string) *UpdateAccessKeyInput {
	s.AccessKeyId = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *UpdateAccessKeyInput) SetStatus(v string) *UpdateAccessKeyInput {
	s.Status = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *UpdateAccessKeyInput) SetUserName(v string) *UpdateAccessKeyInput {
	s.UserName = &v
	return s
}

type UpdateAccessKeyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAccessKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAccessKeyOutput) GoString() string {
	return s.String()
}

type UpdateAccountPasswordPolicyInput struct {
	_ struct{} `type:"structure"`

	// Allows all IAM users in your account to use the Amazon Web Services Management
	// Console to change their own passwords. For more information, see Letting
	// IAM users change their own passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html)
	// in the IAM User Guide.
	//
	// If you do not specify a value for this parameter, then the operation uses
	// the default value of false. The result is that IAM users in the account do
	// not automatically have permissions to change their own password.
	AllowUsersToChangePassword *bool `type:"boolean"`

	// Prevents IAM users from setting a new password after their password has expired.
	// The IAM user cannot be accessed until an administrator resets the password.
	//
	// If you do not specify a value for this parameter, then the operation uses
	// the default value of false. The result is that IAM users can change their
	// passwords after they expire and continue to sign in as the user.
	HardExpiry *bool `type:"boolean"`

	// The number of days that an IAM user password is valid.
	//
	// If you do not specify a value for this parameter, then the operation uses
	// the default value of 0. The result is that IAM user passwords never expire.
	MaxPasswordAge *int64 `min:"1" type:"integer"`

	// The minimum number of characters allowed in an IAM user password.
	//
	// If you do not specify a value for this parameter, then the operation uses
	// the default value of 6.
	MinimumPasswordLength *int64 `min:"6" type:"integer"`

	// Specifies the number of previous passwords that IAM users are prevented from
	// reusing.
	//
	// If you do not specify a value for this parameter, then the operation uses
	// the default value of 0. The result is that IAM users are not prevented from
	// reusing previous passwords.
	PasswordReusePrevention *int64 `min:"1" type:"integer"`

	// Specifies whether IAM user passwords must contain at least one lowercase
	// character from the ISO basic Latin alphabet (a to z).
	//
	// If you do not specify a value for this parameter, then the operation uses
	// the default value of false. The result is that passwords do not require at
	// least one lowercase character.
	RequireLowercaseCharacters *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one numeric character
	// (0 to 9).
	//
	// If you do not specify a value for this parameter, then the operation uses
	// the default value of false. The result is that passwords do not require at
	// least one numeric character.
	RequireNumbers *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one of the following
	// non-alphanumeric characters:
	//
	// ! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
	//
	// If you do not specify a value for this parameter, then the operation uses
	// the default value of false. The result is that passwords do not require at
	// least one symbol character.
	RequireSymbols *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one uppercase
	// character from the ISO basic Latin alphabet (A to Z).
	//
	// If you do not specify a value for this parameter, then the operation uses
	// the default value of false. The result is that passwords do not require at
	// least one uppercase character.
	RequireUppercaseCharacters *bool `type:"boolean"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAccountPasswordPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAccountPasswordPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateAccountPasswordPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateAccountPasswordPolicyInput"}
	if s.MaxPasswordAge != nil && *s.MaxPasswordAge < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxPasswordAge", 1))
	}
	if s.MinimumPasswordLength != nil && *s.MinimumPasswordLength < 6 {
		invalidParams.Add(request.NewErrParamMinValue("MinimumPasswordLength", 6))
	}
	if s.PasswordReusePrevention != nil && *s.PasswordReusePrevention < 1 {
		invalidParams.Add(request.NewErrParamMinValue("PasswordReusePrevention", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAllowUsersToChangePassword sets the AllowUsersToChangePassword field's value.
func (s *UpdateAccountPasswordPolicyInput) SetAllowUsersToChangePassword(v bool) *UpdateAccountPasswordPolicyInput {
	s.AllowUsersToChangePassword = &v
	return s
}

// SetHardExpiry sets the HardExpiry field's value.
func (s *UpdateAccountPasswordPolicyInput) SetHardExpiry(v bool) *UpdateAccountPasswordPolicyInput {
	s.HardExpiry = &v
	return s
}

// SetMaxPasswordAge sets the MaxPasswordAge field's value.
func (s *UpdateAccountPasswordPolicyInput) SetMaxPasswordAge(v int64) *UpdateAccountPasswordPolicyInput {
	s.MaxPasswordAge = &v
	return s
}

// SetMinimumPasswordLength sets the MinimumPasswordLength field's value.
func (s *UpdateAccountPasswordPolicyInput) SetMinimumPasswordLength(v int64) *UpdateAccountPasswordPolicyInput {
	s.MinimumPasswordLength = &v
	return s
}

// SetPasswordReusePrevention sets the PasswordReusePrevention field's value.
func (s *UpdateAccountPasswordPolicyInput) SetPasswordReusePrevention(v int64) *UpdateAccountPasswordPolicyInput {
	s.PasswordReusePrevention = &v
	return s
}

// SetRequireLowercaseCharacters sets the RequireLowercaseCharacters field's value.
func (s *UpdateAccountPasswordPolicyInput) SetRequireLowercaseCharacters(v bool) *UpdateAccountPasswordPolicyInput {
	s.RequireLowercaseCharacters = &v
	return s
}

// SetRequireNumbers sets the RequireNumbers field's value.
func (s *UpdateAccountPasswordPolicyInput) SetRequireNumbers(v bool) *UpdateAccountPasswordPolicyInput {
	s.RequireNumbers = &v
	return s
}

// SetRequireSymbols sets the RequireSymbols field's value.
func (s *UpdateAccountPasswordPolicyInput) SetRequireSymbols(v bool) *UpdateAccountPasswordPolicyInput {
	s.RequireSymbols = &v
	return s
}

// SetRequireUppercaseCharacters sets the RequireUppercaseCharacters field's value.
func (s *UpdateAccountPasswordPolicyInput) SetRequireUppercaseCharacters(v bool) *UpdateAccountPasswordPolicyInput {
	s.RequireUppercaseCharacters = &v
	return s
}

type UpdateAccountPasswordPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAccountPasswordPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAccountPasswordPolicyOutput) GoString() string {
	return s.String()
}

type UpdateAssumeRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The policy that grants an entity permission to assume the role.
	//
	// You must provide policies in JSON format in IAM. However, for CloudFormation
	// templates formatted in YAML, you can provide the policy in JSON or YAML format.
	// CloudFormation always converts a YAML policy to JSON format before submitting
	// it to IAM.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the role to update with the new policy.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAssumeRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAssumeRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateAssumeRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateAssumeRolePolicyInput"}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyDocument sets the PolicyDocument field's value.
func (s *UpdateAssumeRolePolicyInput) SetPolicyDocument(v string) *UpdateAssumeRolePolicyInput {
	s.PolicyDocument = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *UpdateAssumeRolePolicyInput) SetRoleName(v string) *UpdateAssumeRolePolicyInput {
	s.RoleName = &v
	return s
}

type UpdateAssumeRolePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAssumeRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAssumeRolePolicyOutput) GoString() string {
	return s.String()
}

type UpdateGroupInput struct {
	_ struct{} `type:"structure"`

	// Name of the IAM group to update. If you're changing the name of the group,
	// this is the original name.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// New name for the IAM group. Only include this if changing the group's name.
	//
	// IAM user, group, role, and policy names must be unique within the account.
	// Names are not distinguished by case. For example, you cannot create resources
	// named both "MyResource" and "myresource".
	NewGroupName *string `min:"1" type:"string"`

	// New path for the IAM group. Only include this if changing the group's path.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	NewPath *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.NewGroupName != nil && len(*s.NewGroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewGroupName", 1))
	}
	if s.NewPath != nil && len(*s.NewPath) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewPath", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetGroupName sets the GroupName field's value.
func (s *UpdateGroupInput) SetGroupName(v string) *UpdateGroupInput {
	s.GroupName = &v
	return s
}

// SetNewGroupName sets the NewGroupName field's value.
func (s *UpdateGroupInput) SetNewGroupName(v string) *UpdateGroupInput {
	s.NewGroupName = &v
	return s
}

// SetNewPath sets the NewPath field's value.
func (s *UpdateGroupInput) SetNewPath(v string) *UpdateGroupInput {
	s.NewPath = &v
	return s
}

type UpdateGroupOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateGroupOutput) GoString() string {
	return s.String()
}

type UpdateLoginProfileInput struct {
	_ struct{} `type:"structure"`

	// The new password for the specified IAM user.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// However, the format can be further restricted by the account administrator
	// by setting a password policy on the Amazon Web Services account. For more
	// information, see UpdateAccountPasswordPolicy.
	//
	// Password is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by UpdateLoginProfileInput's
	// String and GoString methods.
	Password *string `min:"1" type:"string" sensitive:"true"`

	// Allows this new password to be used only once by requiring the specified
	// IAM user to set a new password on next sign-in.
	PasswordResetRequired *bool `type:"boolean"`

	// The name of the user whose password you want to update.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateLoginProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateLoginProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateLoginProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateLoginProfileInput"}
	if s.Password != nil && len(*s.Password) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Password", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPassword sets the Password field's value.
func (s *UpdateLoginProfileInput) SetPassword(v string) *UpdateLoginProfileInput {
	s.Password = &v
	return s
}

// SetPasswordResetRequired sets the PasswordResetRequired field's value.
func (s *UpdateLoginProfileInput) SetPasswordResetRequired(v bool) *UpdateLoginProfileInput {
	s.PasswordResetRequired = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *UpdateLoginProfileInput) SetUserName(v string) *UpdateLoginProfileInput {
	s.UserName = &v
	return s
}

type UpdateLoginProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateLoginProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateLoginProfileOutput) GoString() string {
	return s.String()
}

type UpdateOpenIDConnectProviderThumbprintInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for
	// which you want to update the thumbprint. You can get a list of OIDC provider
	// ARNs by using the ListOpenIDConnectProviders operation.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`

	// A list of certificate thumbprints that are associated with the specified
	// IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
	//
	// ThumbprintList is a required field
	ThumbprintList []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateOpenIDConnectProviderThumbprintInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateOpenIDConnectProviderThumbprintInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateOpenIDConnectProviderThumbprintInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateOpenIDConnectProviderThumbprintInput"}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}
	if s.ThumbprintList == nil {
		invalidParams.Add(request.NewErrParamRequired("ThumbprintList"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetOpenIDConnectProviderArn sets the OpenIDConnectProviderArn field's value.
func (s *UpdateOpenIDConnectProviderThumbprintInput) SetOpenIDConnectProviderArn(v string) *UpdateOpenIDConnectProviderThumbprintInput {
	s.OpenIDConnectProviderArn = &v
	return s
}

// SetThumbprintList sets the ThumbprintList field's value.
func (s *UpdateOpenIDConnectProviderThumbprintInput) SetThumbprintList(v []*string) *UpdateOpenIDConnectProviderThumbprintInput {
	s.ThumbprintList = v
	return s
}

type UpdateOpenIDConnectProviderThumbprintOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateOpenIDConnectProviderThumbprintOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateOpenIDConnectProviderThumbprintOutput) GoString() string {
	return s.String()
}

type UpdateRoleDescriptionInput struct {
	_ struct{} `type:"structure"`

	// The new description that you want to apply to the specified role.
	//
	// Description is a required field
	Description *string `type:"string" required:"true"`

	// The name of the role that you want to modify.
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRoleDescriptionInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRoleDescriptionInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateRoleDescriptionInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateRoleDescriptionInput"}
	if s.Description == nil {
		invalidParams.Add(request.NewErrParamRequired("Description"))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDescription sets the Description field's value.
func (s *UpdateRoleDescriptionInput) SetDescription(v string) *UpdateRoleDescriptionInput {
	s.Description = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *UpdateRoleDescriptionInput) SetRoleName(v string) *UpdateRoleDescriptionInput {
	s.RoleName = &v
	return s
}

type UpdateRoleDescriptionOutput struct {
	_ struct{} `type:"structure"`

	// A structure that contains details about the modified role.
	Role *Role `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRoleDescriptionOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRoleDescriptionOutput) GoString() string {
	return s.String()
}

// SetRole sets the Role field's value.
func (s *UpdateRoleDescriptionOutput) SetRole(v *Role) *UpdateRoleDescriptionOutput {
	s.Role = v
	return s
}

type UpdateRoleInput struct {
	_ struct{} `type:"structure"`

	// The new description that you want to apply to the specified role.
	Description *string `type:"string"`

	// The maximum session duration (in seconds) that you want to set for the specified
	// role. If you do not specify a value for this setting, the default maximum
	// of one hour is applied. This setting can have a value from 1 hour to 12 hours.
	//
	// Anyone who assumes the role from the CLI or API can use the DurationSeconds
	// API parameter or the duration-seconds CLI parameter to request a longer session.
	// The MaxSessionDuration setting determines the maximum duration that can be
	// requested using the DurationSeconds parameter. If users don't specify a value
	// for the DurationSeconds parameter, their security credentials are valid for
	// one hour by default. This applies when you use the AssumeRole* API operations
	// or the assume-role* CLI operations but does not apply when you use those
	// operations to create a console URL. For more information, see Using IAM roles
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the
	// IAM User Guide.
	MaxSessionDuration *int64 `min:"3600" type:"integer"`

	// The name of the role that you want to modify.
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateRoleInput"}
	if s.MaxSessionDuration != nil && *s.MaxSessionDuration < 3600 {
		invalidParams.Add(request.NewErrParamMinValue("MaxSessionDuration", 3600))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDescription sets the Description field's value.
func (s *UpdateRoleInput) SetDescription(v string) *UpdateRoleInput {
	s.Description = &v
	return s
}

// SetMaxSessionDuration sets the MaxSessionDuration field's value.
func (s *UpdateRoleInput) SetMaxSessionDuration(v int64) *UpdateRoleInput {
	s.MaxSessionDuration = &v
	return s
}

// SetRoleName sets the RoleName field's value.
func (s *UpdateRoleInput) SetRoleName(v string) *UpdateRoleInput {
	s.RoleName = &v
	return s
}

type UpdateRoleOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRoleOutput) GoString() string {
	return s.String()
}

type UpdateSAMLProviderInput struct {
	_ struct{} `type:"structure"`

	// An XML document generated by an identity provider (IdP) that supports SAML
	// 2.0. The document includes the issuer's name, expiration information, and
	// keys that can be used to validate the SAML authentication response (assertions)
	// that are received from the IdP. You must generate the metadata document using
	// the identity management software that is used as your organization's IdP.
	//
	// SAMLMetadataDocument is a required field
	SAMLMetadataDocument *string `min:"1000" type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the SAML provider to update.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	//
	// SAMLProviderArn is a required field
	SAMLProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSAMLProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSAMLProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateSAMLProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateSAMLProviderInput"}
	if s.SAMLMetadataDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLMetadataDocument"))
	}
	if s.SAMLMetadataDocument != nil && len(*s.SAMLMetadataDocument) < 1000 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLMetadataDocument", 1000))
	}
	if s.SAMLProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLProviderArn"))
	}
	if s.SAMLProviderArn != nil && len(*s.SAMLProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSAMLMetadataDocument sets the SAMLMetadataDocument field's value.
func (s *UpdateSAMLProviderInput) SetSAMLMetadataDocument(v string) *UpdateSAMLProviderInput {
	s.SAMLMetadataDocument = &v
	return s
}

// SetSAMLProviderArn sets the SAMLProviderArn field's value.
func (s *UpdateSAMLProviderInput) SetSAMLProviderArn(v string) *UpdateSAMLProviderInput {
	s.SAMLProviderArn = &v
	return s
}

// Contains the response to a successful UpdateSAMLProvider request.
type UpdateSAMLProviderOutput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the SAML provider that was updated.
	SAMLProviderArn *string `min:"20" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSAMLProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSAMLProviderOutput) GoString() string {
	return s.String()
}

// SetSAMLProviderArn sets the SAMLProviderArn field's value.
func (s *UpdateSAMLProviderOutput) SetSAMLProviderArn(v string) *UpdateSAMLProviderOutput {
	s.SAMLProviderArn = &v
	return s
}

type UpdateSSHPublicKeyInput struct {
	_ struct{} `type:"structure"`

	// The unique identifier for the SSH public key.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// SSHPublicKeyId is a required field
	SSHPublicKeyId *string `min:"20" type:"string" required:"true"`

	// The status to assign to the SSH public key. Active means that the key can
	// be used for authentication with an CodeCommit repository. Inactive means
	// that the key cannot be used.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"StatusType"`

	// The name of the IAM user associated with the SSH public key.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSSHPublicKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSSHPublicKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateSSHPublicKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateSSHPublicKeyInput"}
	if s.SSHPublicKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("SSHPublicKeyId"))
	}
	if s.SSHPublicKeyId != nil && len(*s.SSHPublicKeyId) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SSHPublicKeyId", 20))
	}
	if s.Status == nil {
		invalidParams.Add(request.NewErrParamRequired("Status"))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSSHPublicKeyId sets the SSHPublicKeyId field's value.
func (s *UpdateSSHPublicKeyInput) SetSSHPublicKeyId(v string) *UpdateSSHPublicKeyInput {
	s.SSHPublicKeyId = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *UpdateSSHPublicKeyInput) SetStatus(v string) *UpdateSSHPublicKeyInput {
	s.Status = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *UpdateSSHPublicKeyInput) SetUserName(v string) *UpdateSSHPublicKeyInput {
	s.UserName = &v
	return s
}

type UpdateSSHPublicKeyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSSHPublicKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSSHPublicKeyOutput) GoString() string {
	return s.String()
}

type UpdateServerCertificateInput struct {
	_ struct{} `type:"structure"`

	// The new path for the server certificate. Include this only if you are updating
	// the server certificate's path.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	NewPath *string `min:"1" type:"string"`

	// The new name for the server certificate. Include this only if you are updating
	// the server certificate's name. The name of the certificate cannot contain
	// any spaces.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	NewServerCertificateName *string `min:"1" type:"string"`

	// The name of the server certificate that you want to update.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateServerCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateServerCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateServerCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateServerCertificateInput"}
	if s.NewPath != nil && len(*s.NewPath) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewPath", 1))
	}
	if s.NewServerCertificateName != nil && len(*s.NewServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewServerCertificateName", 1))
	}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetNewPath sets the NewPath field's value.
func (s *UpdateServerCertificateInput) SetNewPath(v string) *UpdateServerCertificateInput {
	s.NewPath = &v
	return s
}

// SetNewServerCertificateName sets the NewServerCertificateName field's value.
func (s *UpdateServerCertificateInput) SetNewServerCertificateName(v string) *UpdateServerCertificateInput {
	s.NewServerCertificateName = &v
	return s
}

// SetServerCertificateName sets the ServerCertificateName field's value.
func (s *UpdateServerCertificateInput) SetServerCertificateName(v string) *UpdateServerCertificateInput {
	s.ServerCertificateName = &v
	return s
}

type UpdateServerCertificateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateServerCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateServerCertificateOutput) GoString() string {
	return s.String()
}

type UpdateServiceSpecificCredentialInput struct {
	_ struct{} `type:"structure"`

	// The unique identifier of the service-specific credential.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// ServiceSpecificCredentialId is a required field
	ServiceSpecificCredentialId *string `min:"20" type:"string" required:"true"`

	// The status to be assigned to the service-specific credential.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"StatusType"`

	// The name of the IAM user associated with the service-specific credential.
	// If you do not specify this value, then the operation assumes the user whose
	// credentials are used to call the operation.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateServiceSpecificCredentialInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateServiceSpecificCredentialInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateServiceSpecificCredentialInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateServiceSpecificCredentialInput"}
	if s.ServiceSpecificCredentialId == nil {
		invalidParams.Add(request.NewErrParamRequired("ServiceSpecificCredentialId"))
	}
	if s.ServiceSpecificCredentialId != nil && len(*s.ServiceSpecificCredentialId) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("ServiceSpecificCredentialId", 20))
	}
	if s.Status == nil {
		invalidParams.Add(request.NewErrParamRequired("Status"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetServiceSpecificCredentialId sets the ServiceSpecificCredentialId field's value.
func (s *UpdateServiceSpecificCredentialInput) SetServiceSpecificCredentialId(v string) *UpdateServiceSpecificCredentialInput {
	s.ServiceSpecificCredentialId = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *UpdateServiceSpecificCredentialInput) SetStatus(v string) *UpdateServiceSpecificCredentialInput {
	s.Status = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *UpdateServiceSpecificCredentialInput) SetUserName(v string) *UpdateServiceSpecificCredentialInput {
	s.UserName = &v
	return s
}

type UpdateServiceSpecificCredentialOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateServiceSpecificCredentialOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateServiceSpecificCredentialOutput) GoString() string {
	return s.String()
}

type UpdateSigningCertificateInput struct {
	_ struct{} `type:"structure"`

	// The ID of the signing certificate you want to update.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// CertificateId is a required field
	CertificateId *string `min:"24" type:"string" required:"true"`

	// The status you want to assign to the certificate. Active means that the certificate
	// can be used for programmatic calls to Amazon Web Services Inactive means
	// that the certificate cannot be used.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"StatusType"`

	// The name of the IAM user the signing certificate belongs to.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSigningCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSigningCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateSigningCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateSigningCertificateInput"}
	if s.CertificateId == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateId"))
	}
	if s.CertificateId != nil && len(*s.CertificateId) < 24 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateId", 24))
	}
	if s.Status == nil {
		invalidParams.Add(request.NewErrParamRequired("Status"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateId sets the CertificateId field's value.
func (s *UpdateSigningCertificateInput) SetCertificateId(v string) *UpdateSigningCertificateInput {
	s.CertificateId = &v
	return s
}

// SetStatus sets the Status field's value.
func (s *UpdateSigningCertificateInput) SetStatus(v string) *UpdateSigningCertificateInput {
	s.Status = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *UpdateSigningCertificateInput) SetUserName(v string) *UpdateSigningCertificateInput {
	s.UserName = &v
	return s
}

type UpdateSigningCertificateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSigningCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSigningCertificateOutput) GoString() string {
	return s.String()
}

type UpdateUserInput struct {
	_ struct{} `type:"structure"`

	// New path for the IAM user. Include this parameter only if you're changing
	// the user's path.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	NewPath *string `min:"1" type:"string"`

	// New name for the user. Include this parameter only if you're changing the
	// user's name.
	//
	// IAM user, group, role, and policy names must be unique within the account.
	// Names are not distinguished by case. For example, you cannot create resources
	// named both "MyResource" and "myresource".
	NewUserName *string `min:"1" type:"string"`

	// Name of the user to update. If you're changing the name of the user, this
	// is the original user name.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateUserInput"}
	if s.NewPath != nil && len(*s.NewPath) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewPath", 1))
	}
	if s.NewUserName != nil && len(*s.NewUserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewUserName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetNewPath sets the NewPath field's value.
func (s *UpdateUserInput) SetNewPath(v string) *UpdateUserInput {
	s.NewPath = &v
	return s
}

// SetNewUserName sets the NewUserName field's value.
func (s *UpdateUserInput) SetNewUserName(v string) *UpdateUserInput {
	s.NewUserName = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *UpdateUserInput) SetUserName(v string) *UpdateUserInput {
	s.UserName = &v
	return s
}

type UpdateUserOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateUserOutput) GoString() string {
	return s.String()
}

type UploadSSHPublicKeyInput struct {
	_ struct{} `type:"structure"`

	// The SSH public key. The public key must be encoded in ssh-rsa format or PEM
	// format. The minimum bit-length of the public key is 2048 bits. For example,
	// you can generate a 2048-bit key, and the resulting PEM file is 1679 bytes
	// long.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// SSHPublicKeyBody is a required field
	SSHPublicKeyBody *string `min:"1" type:"string" required:"true"`

	// The name of the IAM user to associate the SSH public key with.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadSSHPublicKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadSSHPublicKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UploadSSHPublicKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UploadSSHPublicKeyInput"}
	if s.SSHPublicKeyBody == nil {
		invalidParams.Add(request.NewErrParamRequired("SSHPublicKeyBody"))
	}
	if s.SSHPublicKeyBody != nil && len(*s.SSHPublicKeyBody) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("SSHPublicKeyBody", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetSSHPublicKeyBody sets the SSHPublicKeyBody field's value.
func (s *UploadSSHPublicKeyInput) SetSSHPublicKeyBody(v string) *UploadSSHPublicKeyInput {
	s.SSHPublicKeyBody = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *UploadSSHPublicKeyInput) SetUserName(v string) *UploadSSHPublicKeyInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful UploadSSHPublicKey request.
type UploadSSHPublicKeyOutput struct {
	_ struct{} `type:"structure"`

	// Contains information about the SSH public key.
	SSHPublicKey *SSHPublicKey `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadSSHPublicKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadSSHPublicKeyOutput) GoString() string {
	return s.String()
}

// SetSSHPublicKey sets the SSHPublicKey field's value.
func (s *UploadSSHPublicKeyOutput) SetSSHPublicKey(v *SSHPublicKey) *UploadSSHPublicKeyOutput {
	s.SSHPublicKey = v
	return s
}

type UploadServerCertificateInput struct {
	_ struct{} `type:"structure"`

	// The contents of the public key certificate in PEM-encoded format.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// CertificateBody is a required field
	CertificateBody *string `min:"1" type:"string" required:"true"`

	// The contents of the certificate chain. This is typically a concatenation
	// of the PEM-encoded public key certificates of the chain.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	CertificateChain *string `min:"1" type:"string"`

	// The path for the server certificate. For more information about paths, see
	// IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/). This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes. In addition, it
	// can contain any ASCII character from the ! (\u0021) through the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	//
	// If you are uploading a server certificate specifically for use with Amazon
	// CloudFront distributions, you must specify a path using the path parameter.
	// The path must begin with /cloudfront and must include a trailing slash (for
	// example, /cloudfront/test/).
	Path *string `min:"1" type:"string"`

	// The contents of the private key in PEM-encoded format.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// PrivateKey is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by UploadServerCertificateInput's
	// String and GoString methods.
	//
	// PrivateKey is a required field
	PrivateKey *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The name for the server certificate. Do not include the path in this value.
	// The name of the certificate cannot contain any spaces.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`

	// A list of tags that you want to attach to the new IAM server certificate
	// resource. Each tag consists of a key name and an associated value. For more
	// information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	//
	// If any one of the tags is invalid or if you exceed the allowed maximum number
	// of tags, then the entire request fails and the resource is not created.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadServerCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadServerCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UploadServerCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UploadServerCertificateInput"}
	if s.CertificateBody == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateBody"))
	}
	if s.CertificateBody != nil && len(*s.CertificateBody) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateBody", 1))
	}
	if s.CertificateChain != nil && len(*s.CertificateChain) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateChain", 1))
	}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}
	if s.PrivateKey == nil {
		invalidParams.Add(request.NewErrParamRequired("PrivateKey"))
	}
	if s.PrivateKey != nil && len(*s.PrivateKey) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PrivateKey", 1))
	}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateBody sets the CertificateBody field's value.
func (s *UploadServerCertificateInput) SetCertificateBody(v string) *UploadServerCertificateInput {
	s.CertificateBody = &v
	return s
}

// SetCertificateChain sets the CertificateChain field's value.
func (s *UploadServerCertificateInput) SetCertificateChain(v string) *UploadServerCertificateInput {
	s.CertificateChain = &v
	return s
}

// SetPath sets the Path field's value.
func (s *UploadServerCertificateInput) SetPath(v string) *UploadServerCertificateInput {
	s.Path = &v
	return s
}

// SetPrivateKey sets the PrivateKey field's value.
func (s *UploadServerCertificateInput) SetPrivateKey(v string) *UploadServerCertificateInput {
	s.PrivateKey = &v
	return s
}

// SetServerCertificateName sets the ServerCertificateName field's value.
func (s *UploadServerCertificateInput) SetServerCertificateName(v string) *UploadServerCertificateInput {
	s.ServerCertificateName = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *UploadServerCertificateInput) SetTags(v []*Tag) *UploadServerCertificateInput {
	s.Tags = v
	return s
}

// Contains the response to a successful UploadServerCertificate request.
type UploadServerCertificateOutput struct {
	_ struct{} `type:"structure"`

	// The meta information of the uploaded server certificate without its certificate
	// body, certificate chain, and private key.
	ServerCertificateMetadata *ServerCertificateMetadata `type:"structure"`

	// A list of tags that are attached to the new IAM server certificate. The returned
	// list of tags is sorted by tag key. For more information about tagging, see
	// Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadServerCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadServerCertificateOutput) GoString() string {
	return s.String()
}

// SetServerCertificateMetadata sets the ServerCertificateMetadata field's value.
func (s *UploadServerCertificateOutput) SetServerCertificateMetadata(v *ServerCertificateMetadata) *UploadServerCertificateOutput {
	s.ServerCertificateMetadata = v
	return s
}

// SetTags sets the Tags field's value.
func (s *UploadServerCertificateOutput) SetTags(v []*Tag) *UploadServerCertificateOutput {
	s.Tags = v
	return s
}

type UploadSigningCertificateInput struct {
	_ struct{} `type:"structure"`

	// The contents of the signing certificate.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	//    * Any printable ASCII character ranging from the space character (\u0020)
	//    through the end of the ASCII character range
	//
	//    * The printable characters in the Basic Latin and Latin-1 Supplement character
	//    set (through \u00FF)
	//
	//    * The special characters tab (\u0009), line feed (\u000A), and carriage
	//    return (\u000D)
	//
	// CertificateBody is a required field
	CertificateBody *string `min:"1" type:"string" required:"true"`

	// The name of the user the signing certificate is for.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadSigningCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadSigningCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UploadSigningCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UploadSigningCertificateInput"}
	if s.CertificateBody == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateBody"))
	}
	if s.CertificateBody != nil && len(*s.CertificateBody) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateBody", 1))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateBody sets the CertificateBody field's value.
func (s *UploadSigningCertificateInput) SetCertificateBody(v string) *UploadSigningCertificateInput {
	s.CertificateBody = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *UploadSigningCertificateInput) SetUserName(v string) *UploadSigningCertificateInput {
	s.UserName = &v
	return s
}

// Contains the response to a successful UploadSigningCertificate request.
type UploadSigningCertificateOutput struct {
	_ struct{} `type:"structure"`

	// Information about the certificate.
	//
	// Certificate is a required field
	Certificate *SigningCertificate `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadSigningCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UploadSigningCertificateOutput) GoString() string {
	return s.String()
}

// SetCertificate sets the Certificate field's value.
func (s *UploadSigningCertificateOutput) SetCertificate(v *SigningCertificate) *UploadSigningCertificateOutput {
	s.Certificate = v
	return s
}

// Contains information about an IAM user entity.
//
// This data type is used as a response element in the following operations:
//
//    * CreateUser
//
//    * GetUser
//
//    * ListUsers
type User struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) that identifies the user. For more information
	// about ARNs and how to use ARNs in policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the user was created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the user's password was last used to sign in to an Amazon Web Services
	// website. For a list of Amazon Web Services websites that capture a user's
	// last sign-in time, see the Credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
	// topic in the IAM User Guide. If a password is used more than once in a five-minute
	// span, only the first use is returned in this field. If the field is null
	// (no value), then it indicates that they never signed in with a password.
	// This can be because:
	//
	//    * The user never had a password.
	//
	//    * A password exists but has not been used since IAM started tracking this
	//    information on October 20, 2014.
	//
	// A null value does not mean that the user never had a password. Also, if the
	// user does not currently have a password but had one in the past, then this
	// field contains the date and time the most recent password was used.
	//
	// This value is returned only in the GetUser and ListUsers operations.
	PasswordLastUsed *time.Time `type:"timestamp"`

	// The path to the user. For more information about paths, see IAM identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// The ARN of the policy used to set the permissions boundary for the user.
	//
	// Path is a required field
	Path *string `min:"1" type:"string" required:"true"`

	// For more information about permissions boundaries, see Permissions boundaries
	// for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
	// in the IAM User Guide.
	PermissionsBoundary *AttachedPermissionsBoundary `type:"structure"`

	// A list of tags that are associated with the user. For more information about
	// tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`

	// The stable and unique string identifying the user. For more information about
	// IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// UserId is a required field
	UserId *string `min:"16" type:"string" required:"true"`

	// The friendly name identifying the user.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s User) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s User) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *User) SetArn(v string) *User {
	s.Arn = &v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *User) SetCreateDate(v time.Time) *User {
	s.CreateDate = &v
	return s
}

// SetPasswordLastUsed sets the PasswordLastUsed field's value.
func (s *User) SetPasswordLastUsed(v time.Time) *User {
	s.PasswordLastUsed = &v
	return s
}

// SetPath sets the Path field's value.
func (s *User) SetPath(v string) *User {
	s.Path = &v
	return s
}

// SetPermissionsBoundary sets the PermissionsBoundary field's value.
func (s *User) SetPermissionsBoundary(v *AttachedPermissionsBoundary) *User {
	s.PermissionsBoundary = v
	return s
}

// SetTags sets the Tags field's value.
func (s *User) SetTags(v []*Tag) *User {
	s.Tags = v
	return s
}

// SetUserId sets the UserId field's value.
func (s *User) SetUserId(v string) *User {
	s.UserId = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *User) SetUserName(v string) *User {
	s.UserName = &v
	return s
}

// Contains information about an IAM user, including all the user's policies
// and all the IAM groups the user is in.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// operation.
type UserDetail struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the Amazon Web Services General Reference.
	Arn *string `min:"20" type:"string"`

	// A list of the managed policies attached to the user.
	AttachedManagedPolicies []*AttachedPolicy `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the user was created.
	CreateDate *time.Time `type:"timestamp"`

	// A list of IAM groups that the user is in.
	GroupList []*string `type:"list"`

	// The path to the user. For more information about paths, see IAM identifiers
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	Path *string `min:"1" type:"string"`

	// The ARN of the policy used to set the permissions boundary for the user.
	//
	// For more information about permissions boundaries, see Permissions boundaries
	// for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
	// in the IAM User Guide.
	PermissionsBoundary *AttachedPermissionsBoundary `type:"structure"`

	// A list of tags that are associated with the user. For more information about
	// tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`

	// The stable and unique string identifying the user. For more information about
	// IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	UserId *string `min:"16" type:"string"`

	// The friendly name identifying the user.
	UserName *string `min:"1" type:"string"`

	// A list of the inline policies embedded in the user.
	UserPolicyList []*PolicyDetail `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UserDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UserDetail) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *UserDetail) SetArn(v string) *UserDetail {
	s.Arn = &v
	return s
}

// SetAttachedManagedPolicies sets the AttachedManagedPolicies field's value.
func (s *UserDetail) SetAttachedManagedPolicies(v []*AttachedPolicy) *UserDetail {
	s.AttachedManagedPolicies = v
	return s
}

// SetCreateDate sets the CreateDate field's value.
func (s *UserDetail) SetCreateDate(v time.Time) *UserDetail {
	s.CreateDate = &v
	return s
}

// SetGroupList sets the GroupList field's value.
func (s *UserDetail) SetGroupList(v []*string) *UserDetail {
	s.GroupList = v
	return s
}

// SetPath sets the Path field's value.
func (s *UserDetail) SetPath(v string) *UserDetail {
	s.Path = &v
	return s
}

// SetPermissionsBoundary sets the PermissionsBoundary field's value.
func (s *UserDetail) SetPermissionsBoundary(v *AttachedPermissionsBoundary) *UserDetail {
	s.PermissionsBoundary = v
	return s
}

// SetTags sets the Tags field's value.
func (s *UserDetail) SetTags(v []*Tag) *UserDetail {
	s.Tags = v
	return s
}

// SetUserId sets the UserId field's value.
func (s *UserDetail) SetUserId(v string) *UserDetail {
	s.UserId = &v
	return s
}

// SetUserName sets the UserName field's value.
func (s *UserDetail) SetUserName(v string) *UserDetail {
	s.UserName = &v
	return s
}

// SetUserPolicyList sets the UserPolicyList field's value.
func (s *UserDetail) SetUserPolicyList(v []*PolicyDetail) *UserDetail {
	s.UserPolicyList = v
	return s
}

// Contains information about a virtual MFA device.
type VirtualMFADevice struct {
	_ struct{} `type:"structure"`

	// The base32 seed defined as specified in RFC3548 (https://tools.ietf.org/html/rfc3548.txt).
	// The Base32StringSeed is base64-encoded.
	//
	// Base32StringSeed is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by VirtualMFADevice's
	// String and GoString methods.
	//
	// Base32StringSeed is automatically base64 encoded/decoded by the SDK.
	Base32StringSeed []byte `type:"blob" sensitive:"true"`

	// The date and time on which the virtual MFA device was enabled.
	EnableDate *time.Time `type:"timestamp"`

	// A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String
	// where $virtualMFADeviceName is one of the create call arguments. AccountName
	// is the user name if set (otherwise, the account ID otherwise), and Base32String
	// is the seed in base32 format. The Base32String value is base64-encoded.
	//
	// QRCodePNG is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by VirtualMFADevice's
	// String and GoString methods.
	//
	// QRCodePNG is automatically base64 encoded/decoded by the SDK.
	QRCodePNG []byte `type:"blob" sensitive:"true"`

	// The serial number associated with VirtualMFADevice.
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// A list of tags that are attached to the virtual MFA device. For more information
	// about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
	// in the IAM User Guide.
	Tags []*Tag `type:"list"`

	// The IAM user associated with this virtual MFA device.
	User *User `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s VirtualMFADevice) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s VirtualMFADevice) GoString() string {
	return s.String()
}

// SetBase32StringSeed sets the Base32StringSeed field's value.
func (s *VirtualMFADevice) SetBase32StringSeed(v []byte) *VirtualMFADevice {
	s.Base32StringSeed = v
	return s
}

// SetEnableDate sets the EnableDate field's value.
func (s *VirtualMFADevice) SetEnableDate(v time.Time) *VirtualMFADevice {
	s.EnableDate = &v
	return s
}

// SetQRCodePNG sets the QRCodePNG field's value.
func (s *VirtualMFADevice) SetQRCodePNG(v []byte) *VirtualMFADevice {
	s.QRCodePNG = v
	return s
}

// SetSerialNumber sets the SerialNumber field's value.
func (s *VirtualMFADevice) SetSerialNumber(v string) *VirtualMFADevice {
	s.SerialNumber = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *VirtualMFADevice) SetTags(v []*Tag) *VirtualMFADevice {
	s.Tags = v
	return s
}

// SetUser sets the User field's value.
func (s *VirtualMFADevice) SetUser(v *User) *VirtualMFADevice {
	s.User = v
	return s
}

const (
	// AccessAdvisorUsageGranularityTypeServiceLevel is a AccessAdvisorUsageGranularityType enum value
	AccessAdvisorUsageGranularityTypeServiceLevel = "SERVICE_LEVEL"

	// AccessAdvisorUsageGranularityTypeActionLevel is a AccessAdvisorUsageGranularityType enum value
	AccessAdvisorUsageGranularityTypeActionLevel = "ACTION_LEVEL"
)

// AccessAdvisorUsageGranularityType_Values returns all elements of the AccessAdvisorUsageGranularityType enum
func AccessAdvisorUsageGranularityType_Values() []string {
	return []string{
		AccessAdvisorUsageGranularityTypeServiceLevel,
		AccessAdvisorUsageGranularityTypeActionLevel,
	}
}

const (
	// AssignmentStatusTypeAssigned is a AssignmentStatusType enum value
	AssignmentStatusTypeAssigned = "Assigned"

	// AssignmentStatusTypeUnassigned is a AssignmentStatusType enum value
	AssignmentStatusTypeUnassigned = "Unassigned"

	// AssignmentStatusTypeAny is a AssignmentStatusType enum value
	AssignmentStatusTypeAny = "Any"
)

// AssignmentStatusType_Values returns all elements of the AssignmentStatusType enum
func AssignmentStatusType_Values() []string {
	return []string{
		AssignmentStatusTypeAssigned,
		AssignmentStatusTypeUnassigned,
		AssignmentStatusTypeAny,
	}
}

const (
	// ContextKeyTypeEnumString is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumString = "string"

	// ContextKeyTypeEnumStringList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumStringList = "stringList"

	// ContextKeyTypeEnumNumeric is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumNumeric = "numeric"

	// ContextKeyTypeEnumNumericList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumNumericList = "numericList"

	// ContextKeyTypeEnumBoolean is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumBoolean = "boolean"

	// ContextKeyTypeEnumBooleanList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumBooleanList = "booleanList"

	// ContextKeyTypeEnumIp is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumIp = "ip"

	// ContextKeyTypeEnumIpList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumIpList = "ipList"

	// ContextKeyTypeEnumBinary is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumBinary = "binary"

	// ContextKeyTypeEnumBinaryList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumBinaryList = "binaryList"

	// ContextKeyTypeEnumDate is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumDate = "date"

	// ContextKeyTypeEnumDateList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumDateList = "dateList"
)

// ContextKeyTypeEnum_Values returns all elements of the ContextKeyTypeEnum enum
func ContextKeyTypeEnum_Values() []string {
	return []string{
		ContextKeyTypeEnumString,
		ContextKeyTypeEnumStringList,
		ContextKeyTypeEnumNumeric,
		ContextKeyTypeEnumNumericList,
		ContextKeyTypeEnumBoolean,
		ContextKeyTypeEnumBooleanList,
		ContextKeyTypeEnumIp,
		ContextKeyTypeEnumIpList,
		ContextKeyTypeEnumBinary,
		ContextKeyTypeEnumBinaryList,
		ContextKeyTypeEnumDate,
		ContextKeyTypeEnumDateList,
	}
}

const (
	// DeletionTaskStatusTypeSucceeded is a DeletionTaskStatusType enum value
	DeletionTaskStatusTypeSucceeded = "SUCCEEDED"

	// DeletionTaskStatusTypeInProgress is a DeletionTaskStatusType enum value
	DeletionTaskStatusTypeInProgress = "IN_PROGRESS"

	// DeletionTaskStatusTypeFailed is a DeletionTaskStatusType enum value
	DeletionTaskStatusTypeFailed = "FAILED"

	// DeletionTaskStatusTypeNotStarted is a DeletionTaskStatusType enum value
	DeletionTaskStatusTypeNotStarted = "NOT_STARTED"
)

// DeletionTaskStatusType_Values returns all elements of the DeletionTaskStatusType enum
func DeletionTaskStatusType_Values() []string {
	return []string{
		DeletionTaskStatusTypeSucceeded,
		DeletionTaskStatusTypeInProgress,
		DeletionTaskStatusTypeFailed,
		DeletionTaskStatusTypeNotStarted,
	}
}

const (
	// EncodingTypeSsh is a EncodingType enum value
	EncodingTypeSsh = "SSH"

	// EncodingTypePem is a EncodingType enum value
	EncodingTypePem = "PEM"
)

// EncodingType_Values returns all elements of the EncodingType enum
func EncodingType_Values() []string {
	return []string{
		EncodingTypeSsh,
		EncodingTypePem,
	}
}

const (
	// EntityTypeUser is a EntityType enum value
	EntityTypeUser = "User"

	// EntityTypeRole is a EntityType enum value
	EntityTypeRole = "Role"

	// EntityTypeGroup is a EntityType enum value
	EntityTypeGroup = "Group"

	// EntityTypeLocalManagedPolicy is a EntityType enum value
	EntityTypeLocalManagedPolicy = "LocalManagedPolicy"

	// EntityTypeAwsmanagedPolicy is a EntityType enum value
	EntityTypeAwsmanagedPolicy = "AWSManagedPolicy"
)

// EntityType_Values returns all elements of the EntityType enum
func EntityType_Values() []string {
	return []string{
		EntityTypeUser,
		EntityTypeRole,
		EntityTypeGroup,
		EntityTypeLocalManagedPolicy,
		EntityTypeAwsmanagedPolicy,
	}
}

const (
	// GlobalEndpointTokenVersionV1token is a GlobalEndpointTokenVersion enum value
	GlobalEndpointTokenVersionV1token = "v1Token"

	// GlobalEndpointTokenVersionV2token is a GlobalEndpointTokenVersion enum value
	GlobalEndpointTokenVersionV2token = "v2Token"
)

// GlobalEndpointTokenVersion_Values returns all elements of the GlobalEndpointTokenVersion enum
func GlobalEndpointTokenVersion_Values() []string {
	return []string{
		GlobalEndpointTokenVersionV1token,
		GlobalEndpointTokenVersionV2token,
	}
}

const (
	// JobStatusTypeInProgress is a JobStatusType enum value
	JobStatusTypeInProgress = "IN_PROGRESS"

	// JobStatusTypeCompleted is a JobStatusType enum value
	JobStatusTypeCompleted = "COMPLETED"

	// JobStatusTypeFailed is a JobStatusType enum value
	JobStatusTypeFailed = "FAILED"
)

// JobStatusType_Values returns all elements of the JobStatusType enum
func JobStatusType_Values() []string {
	return []string{
		JobStatusTypeInProgress,
		JobStatusTypeCompleted,
		JobStatusTypeFailed,
	}
}

const (
	// PermissionsBoundaryAttachmentTypePermissionsBoundaryPolicy is a PermissionsBoundaryAttachmentType enum value
	PermissionsBoundaryAttachmentTypePermissionsBoundaryPolicy = "PermissionsBoundaryPolicy"
)

// PermissionsBoundaryAttachmentType_Values returns all elements of the PermissionsBoundaryAttachmentType enum
func PermissionsBoundaryAttachmentType_Values() []string {
	return []string{
		PermissionsBoundaryAttachmentTypePermissionsBoundaryPolicy,
	}
}

const (
	// PolicyEvaluationDecisionTypeAllowed is a PolicyEvaluationDecisionType enum value
	PolicyEvaluationDecisionTypeAllowed = "allowed"

	// PolicyEvaluationDecisionTypeExplicitDeny is a PolicyEvaluationDecisionType enum value
	PolicyEvaluationDecisionTypeExplicitDeny = "explicitDeny"

	// PolicyEvaluationDecisionTypeImplicitDeny is a PolicyEvaluationDecisionType enum value
	PolicyEvaluationDecisionTypeImplicitDeny = "implicitDeny"
)

// PolicyEvaluationDecisionType_Values returns all elements of the PolicyEvaluationDecisionType enum
func PolicyEvaluationDecisionType_Values() []string {
	return []string{
		PolicyEvaluationDecisionTypeAllowed,
		PolicyEvaluationDecisionTypeExplicitDeny,
		PolicyEvaluationDecisionTypeImplicitDeny,
	}
}

const (
	// PolicyOwnerEntityTypeUser is a PolicyOwnerEntityType enum value
	PolicyOwnerEntityTypeUser = "USER"

	// PolicyOwnerEntityTypeRole is a PolicyOwnerEntityType enum value
	PolicyOwnerEntityTypeRole = "ROLE"

	// PolicyOwnerEntityTypeGroup is a PolicyOwnerEntityType enum value
	PolicyOwnerEntityTypeGroup = "GROUP"
)

// PolicyOwnerEntityType_Values returns all elements of the PolicyOwnerEntityType enum
func PolicyOwnerEntityType_Values() []string {
	return []string{
		PolicyOwnerEntityTypeUser,
		PolicyOwnerEntityTypeRole,
		PolicyOwnerEntityTypeGroup,
	}
}

const (
	// PolicyScopeTypeAll is a PolicyScopeType enum value
	PolicyScopeTypeAll = "All"

	// PolicyScopeTypeAws is a PolicyScopeType enum value
	PolicyScopeTypeAws = "AWS"

	// PolicyScopeTypeLocal is a PolicyScopeType enum value
	PolicyScopeTypeLocal = "Local"
)

// PolicyScopeType_Values returns all elements of the PolicyScopeType enum
func PolicyScopeType_Values() []string {
	return []string{
		PolicyScopeTypeAll,
		PolicyScopeTypeAws,
		PolicyScopeTypeLocal,
	}
}

const (
	// PolicySourceTypeUser is a PolicySourceType enum value
	PolicySourceTypeUser = "user"

	// PolicySourceTypeGroup is a PolicySourceType enum value
	PolicySourceTypeGroup = "group"

	// PolicySourceTypeRole is a PolicySourceType enum value
	PolicySourceTypeRole = "role"

	// PolicySourceTypeAwsManaged is a PolicySourceType enum value
	PolicySourceTypeAwsManaged = "aws-managed"

	// PolicySourceTypeUserManaged is a PolicySourceType enum value
	PolicySourceTypeUserManaged = "user-managed"

	// PolicySourceTypeResource is a PolicySourceType enum value
	PolicySourceTypeResource = "resource"

	// PolicySourceTypeNone is a PolicySourceType enum value
	PolicySourceTypeNone = "none"
)

// PolicySourceType_Values returns all elements of the PolicySourceType enum
func PolicySourceType_Values() []string {
	return []string{
		PolicySourceTypeUser,
		PolicySourceTypeGroup,
		PolicySourceTypeRole,
		PolicySourceTypeAwsManaged,
		PolicySourceTypeUserManaged,
		PolicySourceTypeResource,
		PolicySourceTypeNone,
	}
}

const (
	// PolicyTypeInline is a PolicyType enum value
	PolicyTypeInline = "INLINE"

	// PolicyTypeManaged is a PolicyType enum value
	PolicyTypeManaged = "MANAGED"
)

// PolicyType_Values returns all elements of the PolicyType enum
func PolicyType_Values() []string {
	return []string{
		PolicyTypeInline,
		PolicyTypeManaged,
	}
}

// The policy usage type that indicates whether the policy is used as a permissions
// policy or as the permissions boundary for an entity.
//
// For more information about permissions boundaries, see Permissions boundaries
// for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
// in the IAM User Guide.
const (
	// PolicyUsageTypePermissionsPolicy is a PolicyUsageType enum value
	PolicyUsageTypePermissionsPolicy = "PermissionsPolicy"

	// PolicyUsageTypePermissionsBoundary is a PolicyUsageType enum value
	PolicyUsageTypePermissionsBoundary = "PermissionsBoundary"
)

// PolicyUsageType_Values returns all elements of the PolicyUsageType enum
func PolicyUsageType_Values() []string {
	return []string{
		PolicyUsageTypePermissionsPolicy,
		PolicyUsageTypePermissionsBoundary,
	}
}

const (
	// ReportFormatTypeTextCsv is a ReportFormatType enum value
	ReportFormatTypeTextCsv = "text/csv"
)

// ReportFormatType_Values returns all elements of the ReportFormatType enum
func ReportFormatType_Values() []string {
	return []string{
		ReportFormatTypeTextCsv,
	}
}

const (
	// ReportStateTypeStarted is a ReportStateType enum value
	ReportStateTypeStarted = "STARTED"

	// ReportStateTypeInprogress is a ReportStateType enum value
	ReportStateTypeInprogress = "INPROGRESS"

	// ReportStateTypeComplete is a ReportStateType enum value
	ReportStateTypeComplete = "COMPLETE"
)

// ReportStateType_Values returns all elements of the ReportStateType enum
func ReportStateType_Values() []string {
	return []string{
		ReportStateTypeStarted,
		ReportStateTypeInprogress,
		ReportStateTypeComplete,
	}
}

const (
	// SortKeyTypeServiceNamespaceAscending is a SortKeyType enum value
	SortKeyTypeServiceNamespaceAscending = "SERVICE_NAMESPACE_ASCENDING"

	// SortKeyTypeServiceNamespaceDescending is a SortKeyType enum value
	SortKeyTypeServiceNamespaceDescending = "SERVICE_NAMESPACE_DESCENDING"

	// SortKeyTypeLastAuthenticatedTimeAscending is a SortKeyType enum value
	SortKeyTypeLastAuthenticatedTimeAscending = "LAST_AUTHENTICATED_TIME_ASCENDING"

	// SortKeyTypeLastAuthenticatedTimeDescending is a SortKeyType enum value
	SortKeyTypeLastAuthenticatedTimeDescending = "LAST_AUTHENTICATED_TIME_DESCENDING"
)

// SortKeyType_Values returns all elements of the SortKeyType enum
func SortKeyType_Values() []string {
	return []string{
		SortKeyTypeServiceNamespaceAscending,
		SortKeyTypeServiceNamespaceDescending,
		SortKeyTypeLastAuthenticatedTimeAscending,
		SortKeyTypeLastAuthenticatedTimeDescending,
	}
}

const (
	// StatusTypeActive is a StatusType enum value
	StatusTypeActive = "Active"

	// StatusTypeInactive is a StatusType enum value
	StatusTypeInactive = "Inactive"
)

// StatusType_Values returns all elements of the StatusType enum
func StatusType_Values() []string {
	return []string{
		StatusTypeActive,
		StatusTypeInactive,
	}
}

const (
	// SummaryKeyTypeUsers is a SummaryKeyType enum value
	SummaryKeyTypeUsers = "Users"

	// SummaryKeyTypeUsersQuota is a SummaryKeyType enum value
	SummaryKeyTypeUsersQuota = "UsersQuota"

	// SummaryKeyTypeGroups is a SummaryKeyType enum value
	SummaryKeyTypeGroups = "Groups"

	// SummaryKeyTypeGroupsQuota is a SummaryKeyType enum value
	SummaryKeyTypeGroupsQuota = "GroupsQuota"

	// SummaryKeyTypeServerCertificates is a SummaryKeyType enum value
	SummaryKeyTypeServerCertificates = "ServerCertificates"

	// SummaryKeyTypeServerCertificatesQuota is a SummaryKeyType enum value
	SummaryKeyTypeServerCertificatesQuota = "ServerCertificatesQuota"

	// SummaryKeyTypeUserPolicySizeQuota is a SummaryKeyType enum value
	SummaryKeyTypeUserPolicySizeQuota = "UserPolicySizeQuota"

	// SummaryKeyTypeGroupPolicySizeQuota is a SummaryKeyType enum value
	SummaryKeyTypeGroupPolicySizeQuota = "GroupPolicySizeQuota"

	// SummaryKeyTypeGroupsPerUserQuota is a SummaryKeyType enum value
	SummaryKeyTypeGroupsPerUserQuota = "GroupsPerUserQuota"

	// SummaryKeyTypeSigningCertificatesPerUserQuota is a SummaryKeyType enum value
	SummaryKeyTypeSigningCertificatesPerUserQuota = "SigningCertificatesPerUserQuota"

	// SummaryKeyTypeAccessKeysPerUserQuota is a SummaryKeyType enum value
	SummaryKeyTypeAccessKeysPerUserQuota = "AccessKeysPerUserQuota"

	// SummaryKeyTypeMfadevices is a SummaryKeyType enum value
	SummaryKeyTypeMfadevices = "MFADevices"

	// SummaryKeyTypeMfadevicesInUse is a SummaryKeyType enum value
	SummaryKeyTypeMfadevicesInUse = "MFADevicesInUse"

	// SummaryKeyTypeAccountMfaenabled is a SummaryKeyType enum value
	SummaryKeyTypeAccountMfaenabled = "AccountMFAEnabled"

	// SummaryKeyTypeAccountAccessKeysPresent is a SummaryKeyType enum value
	SummaryKeyTypeAccountAccessKeysPresent = "AccountAccessKeysPresent"

	// SummaryKeyTypeAccountSigningCertificatesPresent is a SummaryKeyType enum value
	SummaryKeyTypeAccountSigningCertificatesPresent = "AccountSigningCertificatesPresent"

	// SummaryKeyTypeAttachedPoliciesPerGroupQuota is a SummaryKeyType enum value
	SummaryKeyTypeAttachedPoliciesPerGroupQuota = "AttachedPoliciesPerGroupQuota"

	// SummaryKeyTypeAttachedPoliciesPerRoleQuota is a SummaryKeyType enum value
	SummaryKeyTypeAttachedPoliciesPerRoleQuota = "AttachedPoliciesPerRoleQuota"

	// SummaryKeyTypeAttachedPoliciesPerUserQuota is a SummaryKeyType enum value
	SummaryKeyTypeAttachedPoliciesPerUserQuota = "AttachedPoliciesPerUserQuota"

	// SummaryKeyTypePolicies is a SummaryKeyType enum value
	SummaryKeyTypePolicies = "Policies"

	// SummaryKeyTypePoliciesQuota is a SummaryKeyType enum value
	SummaryKeyTypePoliciesQuota = "PoliciesQuota"

	// SummaryKeyTypePolicySizeQuota is a SummaryKeyType enum value
	SummaryKeyTypePolicySizeQuota = "PolicySizeQuota"

	// SummaryKeyTypePolicyVersionsInUse is a SummaryKeyType enum value
	SummaryKeyTypePolicyVersionsInUse = "PolicyVersionsInUse"

	// SummaryKeyTypePolicyVersionsInUseQuota is a SummaryKeyType enum value
	SummaryKeyTypePolicyVersionsInUseQuota = "PolicyVersionsInUseQuota"

	// SummaryKeyTypeVersionsPerPolicyQuota is a SummaryKeyType enum value
	SummaryKeyTypeVersionsPerPolicyQuota = "VersionsPerPolicyQuota"

	// SummaryKeyTypeGlobalEndpointTokenVersion is a SummaryKeyType enum value
	SummaryKeyTypeGlobalEndpointTokenVersion = "GlobalEndpointTokenVersion"
)

// SummaryKeyType_Values returns all elements of the SummaryKeyType enum
func SummaryKeyType_Values() []string {
	return []string{
		SummaryKeyTypeUsers,
		SummaryKeyTypeUsersQuota,
		SummaryKeyTypeGroups,
		SummaryKeyTypeGroupsQuota,
		SummaryKeyTypeServerCertificates,
		SummaryKeyTypeServerCertificatesQuota,
		SummaryKeyTypeUserPolicySizeQuota,
		SummaryKeyTypeGroupPolicySizeQuota,
		SummaryKeyTypeGroupsPerUserQuota,
		SummaryKeyTypeSigningCertificatesPerUserQuota,
		SummaryKeyTypeAccessKeysPerUserQuota,
		SummaryKeyTypeMfadevices,
		SummaryKeyTypeMfadevicesInUse,
		SummaryKeyTypeAccountMfaenabled,
		SummaryKeyTypeAccountAccessKeysPresent,
		SummaryKeyTypeAccountSigningCertificatesPresent,
		SummaryKeyTypeAttachedPoliciesPerGroupQuota,
		SummaryKeyTypeAttachedPoliciesPerRoleQuota,
		SummaryKeyTypeAttachedPoliciesPerUserQuota,
		SummaryKeyTypePolicies,
		SummaryKeyTypePoliciesQuota,
		SummaryKeyTypePolicySizeQuota,
		SummaryKeyTypePolicyVersionsInUse,
		SummaryKeyTypePolicyVersionsInUseQuota,
		SummaryKeyTypeVersionsPerPolicyQuota,
		SummaryKeyTypeGlobalEndpointTokenVersion,
	}
}