flannel/vendor/github.com/aws/aws-sdk-go/service/iam/api.go

// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.

// Package iam provides a client for AWS Identity and Access Management.
package iam

import (
	"fmt"
	"time"

	"github.com/aws/aws-sdk-go/aws/awsutil"
	"github.com/aws/aws-sdk-go/aws/request"
	"github.com/aws/aws-sdk-go/private/protocol"
	"github.com/aws/aws-sdk-go/private/protocol/query"
)

const opAddClientIDToOpenIDConnectProvider = "AddClientIDToOpenIDConnectProvider"

// AddClientIDToOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the AddClientIDToOpenIDConnectProvider operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See AddClientIDToOpenIDConnectProvider for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the AddClientIDToOpenIDConnectProvider method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the AddClientIDToOpenIDConnectProviderRequest method.
//    req, resp := client.AddClientIDToOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) AddClientIDToOpenIDConnectProviderRequest(input *AddClientIDToOpenIDConnectProviderInput) (req *request.Request, output *AddClientIDToOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opAddClientIDToOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AddClientIDToOpenIDConnectProviderInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &AddClientIDToOpenIDConnectProviderOutput{}
	req.Data = output
	return
}

// AddClientIDToOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Adds a new client ID (also known as audience) to the list of client IDs already
// registered for the specified IAM OpenID Connect (OIDC) provider resource.
//
// This action is idempotent; it does not fail or return an error if you add
// an existing client ID to the provider.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AddClientIDToOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) AddClientIDToOpenIDConnectProvider(input *AddClientIDToOpenIDConnectProviderInput) (*AddClientIDToOpenIDConnectProviderOutput, error) {
	req, out := c.AddClientIDToOpenIDConnectProviderRequest(input)
	err := req.Send()
	return out, err
}

const opAddRoleToInstanceProfile = "AddRoleToInstanceProfile"

// AddRoleToInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the AddRoleToInstanceProfile operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See AddRoleToInstanceProfile for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the AddRoleToInstanceProfile method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the AddRoleToInstanceProfileRequest method.
//    req, resp := client.AddRoleToInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInput) (req *request.Request, output *AddRoleToInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opAddRoleToInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AddRoleToInstanceProfileInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &AddRoleToInstanceProfileOutput{}
	req.Data = output
	return
}

// AddRoleToInstanceProfile API operation for AWS Identity and Access Management.
//
// Adds the specified IAM role to the specified instance profile.
//
// The caller of this API must be granted the PassRole permission on the IAM
// role by a permission policy.
//
// For more information about roles, go to Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
// For more information about instance profiles, go to About Instance Profiles
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AddRoleToInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) AddRoleToInstanceProfile(input *AddRoleToInstanceProfileInput) (*AddRoleToInstanceProfileOutput, error) {
	req, out := c.AddRoleToInstanceProfileRequest(input)
	err := req.Send()
	return out, err
}

const opAddUserToGroup = "AddUserToGroup"

// AddUserToGroupRequest generates a "aws/request.Request" representing the
// client's request for the AddUserToGroup operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See AddUserToGroup for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the AddUserToGroup method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the AddUserToGroupRequest method.
//    req, resp := client.AddUserToGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) AddUserToGroupRequest(input *AddUserToGroupInput) (req *request.Request, output *AddUserToGroupOutput) {
	op := &request.Operation{
		Name:       opAddUserToGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AddUserToGroupInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &AddUserToGroupOutput{}
	req.Data = output
	return
}

// AddUserToGroup API operation for AWS Identity and Access Management.
//
// Adds the specified user to the specified group.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AddUserToGroup for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) AddUserToGroup(input *AddUserToGroupInput) (*AddUserToGroupOutput, error) {
	req, out := c.AddUserToGroupRequest(input)
	err := req.Send()
	return out, err
}

const opAttachGroupPolicy = "AttachGroupPolicy"

// AttachGroupPolicyRequest generates a "aws/request.Request" representing the
// client's request for the AttachGroupPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See AttachGroupPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the AttachGroupPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the AttachGroupPolicyRequest method.
//    req, resp := client.AttachGroupPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) AttachGroupPolicyRequest(input *AttachGroupPolicyInput) (req *request.Request, output *AttachGroupPolicyOutput) {
	op := &request.Operation{
		Name:       opAttachGroupPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AttachGroupPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &AttachGroupPolicyOutput{}
	req.Data = output
	return
}

// AttachGroupPolicy API operation for AWS Identity and Access Management.
//
// Attaches the specified managed policy to the specified IAM group.
//
// You use this API to attach a managed policy to a group. To embed an inline
// policy in a group, use PutGroupPolicy.
//
// For more information about policies, see Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AttachGroupPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) AttachGroupPolicy(input *AttachGroupPolicyInput) (*AttachGroupPolicyOutput, error) {
	req, out := c.AttachGroupPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opAttachRolePolicy = "AttachRolePolicy"

// AttachRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the AttachRolePolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See AttachRolePolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the AttachRolePolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the AttachRolePolicyRequest method.
//    req, resp := client.AttachRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) AttachRolePolicyRequest(input *AttachRolePolicyInput) (req *request.Request, output *AttachRolePolicyOutput) {
	op := &request.Operation{
		Name:       opAttachRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AttachRolePolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &AttachRolePolicyOutput{}
	req.Data = output
	return
}

// AttachRolePolicy API operation for AWS Identity and Access Management.
//
// Attaches the specified managed policy to the specified IAM role.
//
// When you attach a managed policy to a role, the managed policy becomes part
// of the role's permission (access) policy. You cannot use a managed policy
// as the role's trust policy. The role's trust policy is created at the same
// time as the role, using CreateRole. You can update a role's trust policy
// using UpdateAssumeRolePolicy.
//
// Use this API to attach a managed policy to a role. To embed an inline policy
// in a role, use PutRolePolicy. For more information about policies, see Managed
// Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AttachRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) AttachRolePolicy(input *AttachRolePolicyInput) (*AttachRolePolicyOutput, error) {
	req, out := c.AttachRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

const opAttachUserPolicy = "AttachUserPolicy"

// AttachUserPolicyRequest generates a "aws/request.Request" representing the
// client's request for the AttachUserPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See AttachUserPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the AttachUserPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the AttachUserPolicyRequest method.
//    req, resp := client.AttachUserPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) AttachUserPolicyRequest(input *AttachUserPolicyInput) (req *request.Request, output *AttachUserPolicyOutput) {
	op := &request.Operation{
		Name:       opAttachUserPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &AttachUserPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &AttachUserPolicyOutput{}
	req.Data = output
	return
}

// AttachUserPolicy API operation for AWS Identity and Access Management.
//
// Attaches the specified managed policy to the specified user.
//
// You use this API to attach a managed policy to a user. To embed an inline
// policy in a user, use PutUserPolicy.
//
// For more information about policies, see Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation AttachUserPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) AttachUserPolicy(input *AttachUserPolicyInput) (*AttachUserPolicyOutput, error) {
	req, out := c.AttachUserPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opChangePassword = "ChangePassword"

// ChangePasswordRequest generates a "aws/request.Request" representing the
// client's request for the ChangePassword operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ChangePassword for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ChangePassword method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ChangePasswordRequest method.
//    req, resp := client.ChangePasswordRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ChangePasswordRequest(input *ChangePasswordInput) (req *request.Request, output *ChangePasswordOutput) {
	op := &request.Operation{
		Name:       opChangePassword,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ChangePasswordInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &ChangePasswordOutput{}
	req.Data = output
	return
}

// ChangePassword API operation for AWS Identity and Access Management.
//
// Changes the password of the IAM user who is calling this action. The root
// account password is not affected by this action.
//
// To change the password for a different user, see UpdateLoginProfile. For
// more information about modifying passwords, see Managing Passwords (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ChangePassword for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidUserType
//   The request was rejected because the type of user for the transaction was
//   incorrect.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * EntityTemporarilyUnmodifiable
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * PasswordPolicyViolation
//   The request was rejected because the provided password did not meet the requirements
//   imposed by the account password policy.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ChangePassword(input *ChangePasswordInput) (*ChangePasswordOutput, error) {
	req, out := c.ChangePasswordRequest(input)
	err := req.Send()
	return out, err
}

const opCreateAccessKey = "CreateAccessKey"

// CreateAccessKeyRequest generates a "aws/request.Request" representing the
// client's request for the CreateAccessKey operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreateAccessKey for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreateAccessKey method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreateAccessKeyRequest method.
//    req, resp := client.CreateAccessKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreateAccessKeyRequest(input *CreateAccessKeyInput) (req *request.Request, output *CreateAccessKeyOutput) {
	op := &request.Operation{
		Name:       opCreateAccessKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateAccessKeyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreateAccessKeyOutput{}
	req.Data = output
	return
}

// CreateAccessKey API operation for AWS Identity and Access Management.
//
// Creates a new AWS secret access key and corresponding AWS access key ID for
// the specified user. The default status for new keys is Active.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the AWS access key ID signing the request. Because this action works
// for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
//
// For information about limits on the number of keys you can create, see Limitations
// on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the IAM User Guide.
//
// To ensure the security of your AWS account, the secret access key is accessible
// only during key and user creation. You must save the key (for example, in
// a text file) if you want to be able to access it again. If a secret key is
// lost, you can delete the access keys for the associated user and then create
// new keys.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateAccessKey for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreateAccessKey(input *CreateAccessKeyInput) (*CreateAccessKeyOutput, error) {
	req, out := c.CreateAccessKeyRequest(input)
	err := req.Send()
	return out, err
}

const opCreateAccountAlias = "CreateAccountAlias"

// CreateAccountAliasRequest generates a "aws/request.Request" representing the
// client's request for the CreateAccountAlias operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreateAccountAlias for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreateAccountAlias method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreateAccountAliasRequest method.
//    req, resp := client.CreateAccountAliasRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *request.Request, output *CreateAccountAliasOutput) {
	op := &request.Operation{
		Name:       opCreateAccountAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateAccountAliasInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &CreateAccountAliasOutput{}
	req.Data = output
	return
}

// CreateAccountAlias API operation for AWS Identity and Access Management.
//
// Creates an alias for your AWS account. For information about using an AWS
// account alias, see Using an Alias for Your AWS Account ID (http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateAccountAlias for usage and error information.
//
// Returned Error Codes:
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreateAccountAlias(input *CreateAccountAliasInput) (*CreateAccountAliasOutput, error) {
	req, out := c.CreateAccountAliasRequest(input)
	err := req.Send()
	return out, err
}

const opCreateGroup = "CreateGroup"

// CreateGroupRequest generates a "aws/request.Request" representing the
// client's request for the CreateGroup operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreateGroup for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreateGroup method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreateGroupRequest method.
//    req, resp := client.CreateGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreateGroupRequest(input *CreateGroupInput) (req *request.Request, output *CreateGroupOutput) {
	op := &request.Operation{
		Name:       opCreateGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateGroupInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreateGroupOutput{}
	req.Data = output
	return
}

// CreateGroup API operation for AWS Identity and Access Management.
//
// Creates a new group.
//
// For information about the number of groups you can create, see Limitations
// on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateGroup for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreateGroup(input *CreateGroupInput) (*CreateGroupOutput, error) {
	req, out := c.CreateGroupRequest(input)
	err := req.Send()
	return out, err
}

const opCreateInstanceProfile = "CreateInstanceProfile"

// CreateInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the CreateInstanceProfile operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreateInstanceProfile for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreateInstanceProfile method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreateInstanceProfileRequest method.
//    req, resp := client.CreateInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreateInstanceProfileRequest(input *CreateInstanceProfileInput) (req *request.Request, output *CreateInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opCreateInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateInstanceProfileInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreateInstanceProfileOutput{}
	req.Data = output
	return
}

// CreateInstanceProfile API operation for AWS Identity and Access Management.
//
// Creates a new instance profile. For information about instance profiles,
// go to About Instance Profiles (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// For information about the number of instance profiles you can create, see
// Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreateInstanceProfile(input *CreateInstanceProfileInput) (*CreateInstanceProfileOutput, error) {
	req, out := c.CreateInstanceProfileRequest(input)
	err := req.Send()
	return out, err
}

const opCreateLoginProfile = "CreateLoginProfile"

// CreateLoginProfileRequest generates a "aws/request.Request" representing the
// client's request for the CreateLoginProfile operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreateLoginProfile for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreateLoginProfile method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreateLoginProfileRequest method.
//    req, resp := client.CreateLoginProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreateLoginProfileRequest(input *CreateLoginProfileInput) (req *request.Request, output *CreateLoginProfileOutput) {
	op := &request.Operation{
		Name:       opCreateLoginProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateLoginProfileInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreateLoginProfileOutput{}
	req.Data = output
	return
}

// CreateLoginProfile API operation for AWS Identity and Access Management.
//
// Creates a password for the specified user, giving the user the ability to
// access AWS services through the AWS Management Console. For more information
// about managing passwords, see Managing Passwords (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateLoginProfile for usage and error information.
//
// Returned Error Codes:
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * PasswordPolicyViolation
//   The request was rejected because the provided password did not meet the requirements
//   imposed by the account password policy.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreateLoginProfile(input *CreateLoginProfileInput) (*CreateLoginProfileOutput, error) {
	req, out := c.CreateLoginProfileRequest(input)
	err := req.Send()
	return out, err
}

const opCreateOpenIDConnectProvider = "CreateOpenIDConnectProvider"

// CreateOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the CreateOpenIDConnectProvider operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreateOpenIDConnectProvider for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreateOpenIDConnectProvider method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreateOpenIDConnectProviderRequest method.
//    req, resp := client.CreateOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProviderInput) (req *request.Request, output *CreateOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opCreateOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateOpenIDConnectProviderInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreateOpenIDConnectProviderOutput{}
	req.Data = output
	return
}

// CreateOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Creates an IAM entity to describe an identity provider (IdP) that supports
// OpenID Connect (OIDC) (http://openid.net/connect/).
//
// The OIDC provider that you create with this operation can be used as a principal
// in a role's trust policy to establish a trust relationship between AWS and
// the OIDC provider.
//
// When you create the IAM OIDC provider, you specify the URL of the OIDC identity
// provider (IdP) to trust, a list of client IDs (also known as audiences) that
// identify the application or applications that are allowed to authenticate
// using the OIDC provider, and a list of thumbprints of the server certificate(s)
// that the IdP uses. You get all of this information from the OIDC IdP that
// you want to use for access to AWS.
//
// Because trust for the OIDC provider is ultimately derived from the IAM provider
// that this action creates, it is a best practice to limit access to the CreateOpenIDConnectProvider
// action to highly-privileged users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreateOpenIDConnectProvider(input *CreateOpenIDConnectProviderInput) (*CreateOpenIDConnectProviderOutput, error) {
	req, out := c.CreateOpenIDConnectProviderRequest(input)
	err := req.Send()
	return out, err
}

const opCreatePolicy = "CreatePolicy"

// CreatePolicyRequest generates a "aws/request.Request" representing the
// client's request for the CreatePolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreatePolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreatePolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreatePolicyRequest method.
//    req, resp := client.CreatePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) {
	op := &request.Operation{
		Name:       opCreatePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreatePolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreatePolicyOutput{}
	req.Data = output
	return
}

// CreatePolicy API operation for AWS Identity and Access Management.
//
// Creates a new managed policy for your AWS account.
//
// This operation creates a policy version with a version identifier of v1 and
// sets v1 as the policy's default version. For more information about policy
// versions, see Versioning for Managed Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
//
// For more information about managed policies in general, see Managed Policies
// and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreatePolicy for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * MalformedPolicyDocument
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) {
	req, out := c.CreatePolicyRequest(input)
	err := req.Send()
	return out, err
}

const opCreatePolicyVersion = "CreatePolicyVersion"

// CreatePolicyVersionRequest generates a "aws/request.Request" representing the
// client's request for the CreatePolicyVersion operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreatePolicyVersion for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreatePolicyVersion method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreatePolicyVersionRequest method.
//    req, resp := client.CreatePolicyVersionRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreatePolicyVersionRequest(input *CreatePolicyVersionInput) (req *request.Request, output *CreatePolicyVersionOutput) {
	op := &request.Operation{
		Name:       opCreatePolicyVersion,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreatePolicyVersionInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreatePolicyVersionOutput{}
	req.Data = output
	return
}

// CreatePolicyVersion API operation for AWS Identity and Access Management.
//
// Creates a new version of the specified managed policy. To update a managed
// policy, you create a new policy version. A managed policy can have up to
// five versions. If the policy has five versions, you must delete an existing
// version using DeletePolicyVersion before you create a new version.
//
// Optionally, you can set the new version as the policy's default version.
// The default version is the version that is in effect for the IAM users, groups,
// and roles to which the policy is attached.
//
// For more information about managed policy versions, see Versioning for Managed
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreatePolicyVersion for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * MalformedPolicyDocument
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreatePolicyVersion(input *CreatePolicyVersionInput) (*CreatePolicyVersionOutput, error) {
	req, out := c.CreatePolicyVersionRequest(input)
	err := req.Send()
	return out, err
}

const opCreateRole = "CreateRole"

// CreateRoleRequest generates a "aws/request.Request" representing the
// client's request for the CreateRole operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreateRole for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreateRole method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreateRoleRequest method.
//    req, resp := client.CreateRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreateRoleRequest(input *CreateRoleInput) (req *request.Request, output *CreateRoleOutput) {
	op := &request.Operation{
		Name:       opCreateRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateRoleInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreateRoleOutput{}
	req.Data = output
	return
}

// CreateRole API operation for AWS Identity and Access Management.
//
// Creates a new role for your AWS account. For more information about roles,
// go to Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
// For information about limitations on role names and the number of roles you
// can create, go to Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateRole for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * MalformedPolicyDocument
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreateRole(input *CreateRoleInput) (*CreateRoleOutput, error) {
	req, out := c.CreateRoleRequest(input)
	err := req.Send()
	return out, err
}

const opCreateSAMLProvider = "CreateSAMLProvider"

// CreateSAMLProviderRequest generates a "aws/request.Request" representing the
// client's request for the CreateSAMLProvider operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreateSAMLProvider for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreateSAMLProvider method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreateSAMLProviderRequest method.
//    req, resp := client.CreateSAMLProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreateSAMLProviderRequest(input *CreateSAMLProviderInput) (req *request.Request, output *CreateSAMLProviderOutput) {
	op := &request.Operation{
		Name:       opCreateSAMLProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateSAMLProviderInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreateSAMLProviderOutput{}
	req.Data = output
	return
}

// CreateSAMLProvider API operation for AWS Identity and Access Management.
//
// Creates an IAM resource that describes an identity provider (IdP) that supports
// SAML 2.0.
//
// The SAML provider resource that you create with this operation can be used
// as a principal in an IAM role's trust policy to enable federated users who
// sign-in using the SAML IdP to assume the role. You can create an IAM role
// that supports Web-based single sign-on (SSO) to the AWS Management Console
// or one that supports API access to AWS.
//
// When you create the SAML provider resource, you upload an a SAML metadata
// document that you get from your IdP and that includes the issuer's name,
// expiration information, and keys that can be used to validate the SAML authentication
// response (assertions) that the IdP sends. You must generate the metadata
// document using the identity management software that is used as your organization's
// IdP.
//
// This operation requires Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// For more information, see Enabling SAML 2.0 Federated Users to Access the
// AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html)
// and About SAML 2.0-based Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateSAMLProvider for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreateSAMLProvider(input *CreateSAMLProviderInput) (*CreateSAMLProviderOutput, error) {
	req, out := c.CreateSAMLProviderRequest(input)
	err := req.Send()
	return out, err
}

const opCreateUser = "CreateUser"

// CreateUserRequest generates a "aws/request.Request" representing the
// client's request for the CreateUser operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreateUser for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreateUser method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreateUserRequest method.
//    req, resp := client.CreateUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreateUserRequest(input *CreateUserInput) (req *request.Request, output *CreateUserOutput) {
	op := &request.Operation{
		Name:       opCreateUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateUserInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreateUserOutput{}
	req.Data = output
	return
}

// CreateUser API operation for AWS Identity and Access Management.
//
// Creates a new IAM user for your AWS account.
//
// For information about limitations on the number of IAM users you can create,
// see Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateUser for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreateUser(input *CreateUserInput) (*CreateUserOutput, error) {
	req, out := c.CreateUserRequest(input)
	err := req.Send()
	return out, err
}

const opCreateVirtualMFADevice = "CreateVirtualMFADevice"

// CreateVirtualMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the CreateVirtualMFADevice operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See CreateVirtualMFADevice for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the CreateVirtualMFADevice method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the CreateVirtualMFADeviceRequest method.
//    req, resp := client.CreateVirtualMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) CreateVirtualMFADeviceRequest(input *CreateVirtualMFADeviceInput) (req *request.Request, output *CreateVirtualMFADeviceOutput) {
	op := &request.Operation{
		Name:       opCreateVirtualMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateVirtualMFADeviceInput{}
	}

	req = c.newRequest(op, input, output)
	output = &CreateVirtualMFADeviceOutput{}
	req.Data = output
	return
}

// CreateVirtualMFADevice API operation for AWS Identity and Access Management.
//
// Creates a new virtual MFA device for the AWS account. After creating the
// virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user.
// For more information about creating and working with virtual MFA devices,
// go to Using a Virtual MFA Device (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the IAM User Guide.
//
// For information about limits on the number of MFA devices you can create,
// see Limitations on Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the IAM User Guide.
//
// The seed information contained in the QR code and the Base32 string should
// be treated like any other secret access information, such as your AWS access
// keys or your passwords. After you provision your virtual device, you should
// ensure that the information is destroyed following secure procedures.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation CreateVirtualMFADevice for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) CreateVirtualMFADevice(input *CreateVirtualMFADeviceInput) (*CreateVirtualMFADeviceOutput, error) {
	req, out := c.CreateVirtualMFADeviceRequest(input)
	err := req.Send()
	return out, err
}

const opDeactivateMFADevice = "DeactivateMFADevice"

// DeactivateMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the DeactivateMFADevice operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeactivateMFADevice for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeactivateMFADevice method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeactivateMFADeviceRequest method.
//    req, resp := client.DeactivateMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeactivateMFADeviceRequest(input *DeactivateMFADeviceInput) (req *request.Request, output *DeactivateMFADeviceOutput) {
	op := &request.Operation{
		Name:       opDeactivateMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeactivateMFADeviceInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeactivateMFADeviceOutput{}
	req.Data = output
	return
}

// DeactivateMFADevice API operation for AWS Identity and Access Management.
//
// Deactivates the specified MFA device and removes it from association with
// the user name for which it was originally enabled.
//
// For more information about creating and working with virtual MFA devices,
// go to Using a Virtual MFA Device (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeactivateMFADevice for usage and error information.
//
// Returned Error Codes:
//   * EntityTemporarilyUnmodifiable
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeactivateMFADevice(input *DeactivateMFADeviceInput) (*DeactivateMFADeviceOutput, error) {
	req, out := c.DeactivateMFADeviceRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteAccessKey = "DeleteAccessKey"

// DeleteAccessKeyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteAccessKey operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteAccessKey for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteAccessKey method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteAccessKeyRequest method.
//    req, resp := client.DeleteAccessKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteAccessKeyRequest(input *DeleteAccessKeyInput) (req *request.Request, output *DeleteAccessKeyOutput) {
	op := &request.Operation{
		Name:       opDeleteAccessKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteAccessKeyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteAccessKeyOutput{}
	req.Data = output
	return
}

// DeleteAccessKey API operation for AWS Identity and Access Management.
//
// Deletes the access key pair associated with the specified IAM user.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the AWS access key ID signing the request. Because this action works
// for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteAccessKey for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteAccessKey(input *DeleteAccessKeyInput) (*DeleteAccessKeyOutput, error) {
	req, out := c.DeleteAccessKeyRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteAccountAlias = "DeleteAccountAlias"

// DeleteAccountAliasRequest generates a "aws/request.Request" representing the
// client's request for the DeleteAccountAlias operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteAccountAlias for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteAccountAlias method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteAccountAliasRequest method.
//    req, resp := client.DeleteAccountAliasRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *request.Request, output *DeleteAccountAliasOutput) {
	op := &request.Operation{
		Name:       opDeleteAccountAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteAccountAliasInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteAccountAliasOutput{}
	req.Data = output
	return
}

// DeleteAccountAlias API operation for AWS Identity and Access Management.
//
// Deletes the specified AWS account alias. For information about using an AWS
// account alias, see Using an Alias for Your AWS Account ID (http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteAccountAlias for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteAccountAlias(input *DeleteAccountAliasInput) (*DeleteAccountAliasOutput, error) {
	req, out := c.DeleteAccountAliasRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteAccountPasswordPolicy = "DeleteAccountPasswordPolicy"

// DeleteAccountPasswordPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteAccountPasswordPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteAccountPasswordPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteAccountPasswordPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteAccountPasswordPolicyRequest method.
//    req, resp := client.DeleteAccountPasswordPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteAccountPasswordPolicyRequest(input *DeleteAccountPasswordPolicyInput) (req *request.Request, output *DeleteAccountPasswordPolicyOutput) {
	op := &request.Operation{
		Name:       opDeleteAccountPasswordPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteAccountPasswordPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteAccountPasswordPolicyOutput{}
	req.Data = output
	return
}

// DeleteAccountPasswordPolicy API operation for AWS Identity and Access Management.
//
// Deletes the password policy for the AWS account. There are no parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteAccountPasswordPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteAccountPasswordPolicy(input *DeleteAccountPasswordPolicyInput) (*DeleteAccountPasswordPolicyOutput, error) {
	req, out := c.DeleteAccountPasswordPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteGroup = "DeleteGroup"

// DeleteGroupRequest generates a "aws/request.Request" representing the
// client's request for the DeleteGroup operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteGroup for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteGroup method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteGroupRequest method.
//    req, resp := client.DeleteGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteGroupRequest(input *DeleteGroupInput) (req *request.Request, output *DeleteGroupOutput) {
	op := &request.Operation{
		Name:       opDeleteGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteGroupInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteGroupOutput{}
	req.Data = output
	return
}

// DeleteGroup API operation for AWS Identity and Access Management.
//
// Deletes the specified IAM group. The group must not contain any users or
// have any attached policies.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteGroup for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * DeleteConflict
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteGroup(input *DeleteGroupInput) (*DeleteGroupOutput, error) {
	req, out := c.DeleteGroupRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteGroupPolicy = "DeleteGroupPolicy"

// DeleteGroupPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteGroupPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteGroupPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteGroupPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteGroupPolicyRequest method.
//    req, resp := client.DeleteGroupPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteGroupPolicyRequest(input *DeleteGroupPolicyInput) (req *request.Request, output *DeleteGroupPolicyOutput) {
	op := &request.Operation{
		Name:       opDeleteGroupPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteGroupPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteGroupPolicyOutput{}
	req.Data = output
	return
}

// DeleteGroupPolicy API operation for AWS Identity and Access Management.
//
// Deletes the specified inline policy that is embedded in the specified IAM
// group.
//
// A group can also have managed policies attached to it. To detach a managed
// policy from a group, use DetachGroupPolicy. For more information about policies,
// refer to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteGroupPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteGroupPolicy(input *DeleteGroupPolicyInput) (*DeleteGroupPolicyOutput, error) {
	req, out := c.DeleteGroupPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteInstanceProfile = "DeleteInstanceProfile"

// DeleteInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the DeleteInstanceProfile operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteInstanceProfile for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteInstanceProfile method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteInstanceProfileRequest method.
//    req, resp := client.DeleteInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteInstanceProfileRequest(input *DeleteInstanceProfileInput) (req *request.Request, output *DeleteInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opDeleteInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteInstanceProfileInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteInstanceProfileOutput{}
	req.Data = output
	return
}

// DeleteInstanceProfile API operation for AWS Identity and Access Management.
//
// Deletes the specified instance profile. The instance profile must not have
// an associated role.
//
// Make sure you do not have any Amazon EC2 instances running with the instance
// profile you are about to delete. Deleting a role or instance profile that
// is associated with a running instance will break any applications running
// on the instance.
//
// For more information about instance profiles, go to About Instance Profiles
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * DeleteConflict
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteInstanceProfile(input *DeleteInstanceProfileInput) (*DeleteInstanceProfileOutput, error) {
	req, out := c.DeleteInstanceProfileRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteLoginProfile = "DeleteLoginProfile"

// DeleteLoginProfileRequest generates a "aws/request.Request" representing the
// client's request for the DeleteLoginProfile operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteLoginProfile for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteLoginProfile method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteLoginProfileRequest method.
//    req, resp := client.DeleteLoginProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteLoginProfileRequest(input *DeleteLoginProfileInput) (req *request.Request, output *DeleteLoginProfileOutput) {
	op := &request.Operation{
		Name:       opDeleteLoginProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteLoginProfileInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteLoginProfileOutput{}
	req.Data = output
	return
}

// DeleteLoginProfile API operation for AWS Identity and Access Management.
//
// Deletes the password for the specified IAM user, which terminates the user's
// ability to access AWS services through the AWS Management Console.
//
// Deleting a user's password does not prevent a user from accessing AWS through
// the command line interface or the API. To prevent all user access you must
// also either make any access keys inactive or delete them. For more information
// about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteLoginProfile for usage and error information.
//
// Returned Error Codes:
//   * EntityTemporarilyUnmodifiable
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteLoginProfile(input *DeleteLoginProfileInput) (*DeleteLoginProfileOutput, error) {
	req, out := c.DeleteLoginProfileRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteOpenIDConnectProvider = "DeleteOpenIDConnectProvider"

// DeleteOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the DeleteOpenIDConnectProvider operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteOpenIDConnectProvider for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteOpenIDConnectProvider method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteOpenIDConnectProviderRequest method.
//    req, resp := client.DeleteOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteOpenIDConnectProviderRequest(input *DeleteOpenIDConnectProviderInput) (req *request.Request, output *DeleteOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opDeleteOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteOpenIDConnectProviderInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteOpenIDConnectProviderOutput{}
	req.Data = output
	return
}

// DeleteOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Deletes an OpenID Connect identity provider (IdP) resource object in IAM.
//
// Deleting an IAM OIDC provider resource does not update any roles that reference
// the provider as a principal in their trust policies. Any attempt to assume
// a role that references a deleted provider fails.
//
// This action is idempotent; it does not fail or return an error if you call
// the action for a provider that does not exist.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteOpenIDConnectProvider(input *DeleteOpenIDConnectProviderInput) (*DeleteOpenIDConnectProviderOutput, error) {
	req, out := c.DeleteOpenIDConnectProviderRequest(input)
	err := req.Send()
	return out, err
}

const opDeletePolicy = "DeletePolicy"

// DeletePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeletePolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeletePolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeletePolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeletePolicyRequest method.
//    req, resp := client.DeletePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) {
	op := &request.Operation{
		Name:       opDeletePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeletePolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeletePolicyOutput{}
	req.Data = output
	return
}

// DeletePolicy API operation for AWS Identity and Access Management.
//
// Deletes the specified managed policy.
//
// Before you can delete a managed policy, you must first detach the policy
// from all users, groups, and roles that it is attached to, and you must delete
// all of the policy's versions. The following steps describe the process for
// deleting a managed policy:
//
//    * Detach the policy from all users, groups, and roles that the policy
//    is attached to, using the DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy
//    APIs. To list all the users, groups, and roles that a policy is attached
//    to, use ListEntitiesForPolicy.
//
//    * Delete all versions of the policy using DeletePolicyVersion. To list
//    the policy's versions, use ListPolicyVersions. You cannot use DeletePolicyVersion
//    to delete the version that is marked as the default version. You delete
//    the policy's default version in the next step of the process.
//
//    * Delete the policy (this automatically deletes the policy's default version)
//    using this API.
//
// For information about managed policies, see Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeletePolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * DeleteConflict
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) {
	req, out := c.DeletePolicyRequest(input)
	err := req.Send()
	return out, err
}

const opDeletePolicyVersion = "DeletePolicyVersion"

// DeletePolicyVersionRequest generates a "aws/request.Request" representing the
// client's request for the DeletePolicyVersion operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeletePolicyVersion for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeletePolicyVersion method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeletePolicyVersionRequest method.
//    req, resp := client.DeletePolicyVersionRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeletePolicyVersionRequest(input *DeletePolicyVersionInput) (req *request.Request, output *DeletePolicyVersionOutput) {
	op := &request.Operation{
		Name:       opDeletePolicyVersion,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeletePolicyVersionInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeletePolicyVersionOutput{}
	req.Data = output
	return
}

// DeletePolicyVersion API operation for AWS Identity and Access Management.
//
// Deletes the specified version from the specified managed policy.
//
// You cannot delete the default version from a policy using this API. To delete
// the default version from a policy, use DeletePolicy. To find out which version
// of a policy is marked as the default version, use ListPolicyVersions.
//
// For information about versions for managed policies, see Versioning for Managed
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeletePolicyVersion for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * DeleteConflict
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeletePolicyVersion(input *DeletePolicyVersionInput) (*DeletePolicyVersionOutput, error) {
	req, out := c.DeletePolicyVersionRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteRole = "DeleteRole"

// DeleteRoleRequest generates a "aws/request.Request" representing the
// client's request for the DeleteRole operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteRole for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteRole method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteRoleRequest method.
//    req, resp := client.DeleteRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteRoleRequest(input *DeleteRoleInput) (req *request.Request, output *DeleteRoleOutput) {
	op := &request.Operation{
		Name:       opDeleteRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteRoleInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteRoleOutput{}
	req.Data = output
	return
}

// DeleteRole API operation for AWS Identity and Access Management.
//
// Deletes the specified role. The role must not have any policies attached.
// For more information about roles, go to Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
//
// Make sure you do not have any Amazon EC2 instances running with the role
// you are about to delete. Deleting a role or instance profile that is associated
// with a running instance will break any applications running on the instance.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteRole for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * DeleteConflict
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteRole(input *DeleteRoleInput) (*DeleteRoleOutput, error) {
	req, out := c.DeleteRoleRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteRolePolicy = "DeleteRolePolicy"

// DeleteRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteRolePolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteRolePolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteRolePolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteRolePolicyRequest method.
//    req, resp := client.DeleteRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteRolePolicyRequest(input *DeleteRolePolicyInput) (req *request.Request, output *DeleteRolePolicyOutput) {
	op := &request.Operation{
		Name:       opDeleteRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteRolePolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteRolePolicyOutput{}
	req.Data = output
	return
}

// DeleteRolePolicy API operation for AWS Identity and Access Management.
//
// Deletes the specified inline policy that is embedded in the specified IAM
// role.
//
// A role can also have managed policies attached to it. To detach a managed
// policy from a role, use DetachRolePolicy. For more information about policies,
// refer to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteRolePolicy(input *DeleteRolePolicyInput) (*DeleteRolePolicyOutput, error) {
	req, out := c.DeleteRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteSAMLProvider = "DeleteSAMLProvider"

// DeleteSAMLProviderRequest generates a "aws/request.Request" representing the
// client's request for the DeleteSAMLProvider operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteSAMLProvider for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteSAMLProvider method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteSAMLProviderRequest method.
//    req, resp := client.DeleteSAMLProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteSAMLProviderRequest(input *DeleteSAMLProviderInput) (req *request.Request, output *DeleteSAMLProviderOutput) {
	op := &request.Operation{
		Name:       opDeleteSAMLProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteSAMLProviderInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteSAMLProviderOutput{}
	req.Data = output
	return
}

// DeleteSAMLProvider API operation for AWS Identity and Access Management.
//
// Deletes a SAML provider resource in IAM.
//
// Deleting the provider resource from IAM does not update any roles that reference
// the SAML provider resource's ARN as a principal in their trust policies.
// Any attempt to assume a role that references a non-existent provider resource
// ARN fails.
//
// This operation requires Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteSAMLProvider for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteSAMLProvider(input *DeleteSAMLProviderInput) (*DeleteSAMLProviderOutput, error) {
	req, out := c.DeleteSAMLProviderRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteSSHPublicKey = "DeleteSSHPublicKey"

// DeleteSSHPublicKeyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteSSHPublicKey operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteSSHPublicKey for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteSSHPublicKey method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteSSHPublicKeyRequest method.
//    req, resp := client.DeleteSSHPublicKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteSSHPublicKeyRequest(input *DeleteSSHPublicKeyInput) (req *request.Request, output *DeleteSSHPublicKeyOutput) {
	op := &request.Operation{
		Name:       opDeleteSSHPublicKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteSSHPublicKeyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteSSHPublicKeyOutput{}
	req.Data = output
	return
}

// DeleteSSHPublicKey API operation for AWS Identity and Access Management.
//
// Deletes the specified SSH public key.
//
// The SSH public key deleted by this action is used only for authenticating
// the associated IAM user to an AWS CodeCommit repository. For more information
// about using SSH keys to authenticate to an AWS CodeCommit repository, see
// Set up AWS CodeCommit for SSH Connections (http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the AWS CodeCommit User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteSSHPublicKey for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
func (c *IAM) DeleteSSHPublicKey(input *DeleteSSHPublicKeyInput) (*DeleteSSHPublicKeyOutput, error) {
	req, out := c.DeleteSSHPublicKeyRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteServerCertificate = "DeleteServerCertificate"

// DeleteServerCertificateRequest generates a "aws/request.Request" representing the
// client's request for the DeleteServerCertificate operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteServerCertificate for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteServerCertificate method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteServerCertificateRequest method.
//    req, resp := client.DeleteServerCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteServerCertificateRequest(input *DeleteServerCertificateInput) (req *request.Request, output *DeleteServerCertificateOutput) {
	op := &request.Operation{
		Name:       opDeleteServerCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteServerCertificateInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteServerCertificateOutput{}
	req.Data = output
	return
}

// DeleteServerCertificate API operation for AWS Identity and Access Management.
//
// Deletes the specified server certificate.
//
// For more information about working with server certificates, including a
// list of AWS services that can use the server certificates that you manage
// with IAM, go to Working with Server Certificates (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
//
// If you are using a server certificate with Elastic Load Balancing, deleting
// the certificate could have implications for your application. If Elastic
// Load Balancing doesn't detect the deletion of bound certificates, it may
// continue to use the certificates. This could cause Elastic Load Balancing
// to stop accepting traffic. We recommend that you remove the reference to
// the certificate from Elastic Load Balancing before using this command to
// delete the certificate. For more information, go to DeleteLoadBalancerListeners
// (http://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html)
// in the Elastic Load Balancing API Reference.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteServerCertificate for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * DeleteConflict
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteServerCertificate(input *DeleteServerCertificateInput) (*DeleteServerCertificateOutput, error) {
	req, out := c.DeleteServerCertificateRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteSigningCertificate = "DeleteSigningCertificate"

// DeleteSigningCertificateRequest generates a "aws/request.Request" representing the
// client's request for the DeleteSigningCertificate operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteSigningCertificate for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteSigningCertificate method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteSigningCertificateRequest method.
//    req, resp := client.DeleteSigningCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteSigningCertificateRequest(input *DeleteSigningCertificateInput) (req *request.Request, output *DeleteSigningCertificateOutput) {
	op := &request.Operation{
		Name:       opDeleteSigningCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteSigningCertificateInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteSigningCertificateOutput{}
	req.Data = output
	return
}

// DeleteSigningCertificate API operation for AWS Identity and Access Management.
//
// Deletes a signing certificate associated with the specified IAM user.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the AWS access key ID signing the request. Because this action works
// for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated IAM users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteSigningCertificate for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteSigningCertificate(input *DeleteSigningCertificateInput) (*DeleteSigningCertificateOutput, error) {
	req, out := c.DeleteSigningCertificateRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteUser = "DeleteUser"

// DeleteUserRequest generates a "aws/request.Request" representing the
// client's request for the DeleteUser operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteUser for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteUser method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteUserRequest method.
//    req, resp := client.DeleteUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteUserRequest(input *DeleteUserInput) (req *request.Request, output *DeleteUserOutput) {
	op := &request.Operation{
		Name:       opDeleteUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteUserInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteUserOutput{}
	req.Data = output
	return
}

// DeleteUser API operation for AWS Identity and Access Management.
//
// Deletes the specified IAM user. The user must not belong to any groups or
// have any access keys, signing certificates, or attached policies.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteUser for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * DeleteConflict
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteUser(input *DeleteUserInput) (*DeleteUserOutput, error) {
	req, out := c.DeleteUserRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteUserPolicy = "DeleteUserPolicy"

// DeleteUserPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteUserPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteUserPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteUserPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteUserPolicyRequest method.
//    req, resp := client.DeleteUserPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteUserPolicyRequest(input *DeleteUserPolicyInput) (req *request.Request, output *DeleteUserPolicyOutput) {
	op := &request.Operation{
		Name:       opDeleteUserPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteUserPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteUserPolicyOutput{}
	req.Data = output
	return
}

// DeleteUserPolicy API operation for AWS Identity and Access Management.
//
// Deletes the specified inline policy that is embedded in the specified IAM
// user.
//
// A user can also have managed policies attached to it. To detach a managed
// policy from a user, use DetachUserPolicy. For more information about policies,
// refer to Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteUserPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteUserPolicy(input *DeleteUserPolicyInput) (*DeleteUserPolicyOutput, error) {
	req, out := c.DeleteUserPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opDeleteVirtualMFADevice = "DeleteVirtualMFADevice"

// DeleteVirtualMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the DeleteVirtualMFADevice operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DeleteVirtualMFADevice for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DeleteVirtualMFADevice method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DeleteVirtualMFADeviceRequest method.
//    req, resp := client.DeleteVirtualMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DeleteVirtualMFADeviceRequest(input *DeleteVirtualMFADeviceInput) (req *request.Request, output *DeleteVirtualMFADeviceOutput) {
	op := &request.Operation{
		Name:       opDeleteVirtualMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteVirtualMFADeviceInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DeleteVirtualMFADeviceOutput{}
	req.Data = output
	return
}

// DeleteVirtualMFADevice API operation for AWS Identity and Access Management.
//
// Deletes a virtual MFA device.
//
// You must deactivate a user's virtual MFA device before you can delete it.
// For information about deactivating MFA devices, see DeactivateMFADevice.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DeleteVirtualMFADevice for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * DeleteConflict
//   The request was rejected because it attempted to delete a resource that has
//   attached subordinate entities. The error message describes these entities.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DeleteVirtualMFADevice(input *DeleteVirtualMFADeviceInput) (*DeleteVirtualMFADeviceOutput, error) {
	req, out := c.DeleteVirtualMFADeviceRequest(input)
	err := req.Send()
	return out, err
}

const opDetachGroupPolicy = "DetachGroupPolicy"

// DetachGroupPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DetachGroupPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DetachGroupPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DetachGroupPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DetachGroupPolicyRequest method.
//    req, resp := client.DetachGroupPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DetachGroupPolicyRequest(input *DetachGroupPolicyInput) (req *request.Request, output *DetachGroupPolicyOutput) {
	op := &request.Operation{
		Name:       opDetachGroupPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DetachGroupPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DetachGroupPolicyOutput{}
	req.Data = output
	return
}

// DetachGroupPolicy API operation for AWS Identity and Access Management.
//
// Removes the specified managed policy from the specified IAM group.
//
// A group can also have inline policies embedded with it. To delete an inline
// policy, use the DeleteGroupPolicy API. For information about policies, see
// Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DetachGroupPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DetachGroupPolicy(input *DetachGroupPolicyInput) (*DetachGroupPolicyOutput, error) {
	req, out := c.DetachGroupPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opDetachRolePolicy = "DetachRolePolicy"

// DetachRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DetachRolePolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DetachRolePolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DetachRolePolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DetachRolePolicyRequest method.
//    req, resp := client.DetachRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DetachRolePolicyRequest(input *DetachRolePolicyInput) (req *request.Request, output *DetachRolePolicyOutput) {
	op := &request.Operation{
		Name:       opDetachRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DetachRolePolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DetachRolePolicyOutput{}
	req.Data = output
	return
}

// DetachRolePolicy API operation for AWS Identity and Access Management.
//
// Removes the specified managed policy from the specified role.
//
// A role can also have inline policies embedded with it. To delete an inline
// policy, use the DeleteRolePolicy API. For information about policies, see
// Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DetachRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DetachRolePolicy(input *DetachRolePolicyInput) (*DetachRolePolicyOutput, error) {
	req, out := c.DetachRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

const opDetachUserPolicy = "DetachUserPolicy"

// DetachUserPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DetachUserPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See DetachUserPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DetachUserPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the DetachUserPolicyRequest method.
//    req, resp := client.DetachUserPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) DetachUserPolicyRequest(input *DetachUserPolicyInput) (req *request.Request, output *DetachUserPolicyOutput) {
	op := &request.Operation{
		Name:       opDetachUserPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DetachUserPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &DetachUserPolicyOutput{}
	req.Data = output
	return
}

// DetachUserPolicy API operation for AWS Identity and Access Management.
//
// Removes the specified managed policy from the specified user.
//
// A user can also have inline policies embedded with it. To delete an inline
// policy, use the DeleteUserPolicy API. For information about policies, see
// Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation DetachUserPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) DetachUserPolicy(input *DetachUserPolicyInput) (*DetachUserPolicyOutput, error) {
	req, out := c.DetachUserPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opEnableMFADevice = "EnableMFADevice"

// EnableMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the EnableMFADevice operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See EnableMFADevice for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the EnableMFADevice method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the EnableMFADeviceRequest method.
//    req, resp := client.EnableMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) EnableMFADeviceRequest(input *EnableMFADeviceInput) (req *request.Request, output *EnableMFADeviceOutput) {
	op := &request.Operation{
		Name:       opEnableMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &EnableMFADeviceInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &EnableMFADeviceOutput{}
	req.Data = output
	return
}

// EnableMFADevice API operation for AWS Identity and Access Management.
//
// Enables the specified MFA device and associates it with the specified IAM
// user. When enabled, the MFA device is required for every subsequent login
// by the IAM user associated with the device.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation EnableMFADevice for usage and error information.
//
// Returned Error Codes:
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * EntityTemporarilyUnmodifiable
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * InvalidAuthenticationCode
//   The request was rejected because the authentication code was not recognized.
//   The error message describes the specific error.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) EnableMFADevice(input *EnableMFADeviceInput) (*EnableMFADeviceOutput, error) {
	req, out := c.EnableMFADeviceRequest(input)
	err := req.Send()
	return out, err
}

const opGenerateCredentialReport = "GenerateCredentialReport"

// GenerateCredentialReportRequest generates a "aws/request.Request" representing the
// client's request for the GenerateCredentialReport operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GenerateCredentialReport for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GenerateCredentialReport method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GenerateCredentialReportRequest method.
//    req, resp := client.GenerateCredentialReportRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GenerateCredentialReportRequest(input *GenerateCredentialReportInput) (req *request.Request, output *GenerateCredentialReportOutput) {
	op := &request.Operation{
		Name:       opGenerateCredentialReport,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GenerateCredentialReportInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GenerateCredentialReportOutput{}
	req.Data = output
	return
}

// GenerateCredentialReport API operation for AWS Identity and Access Management.
//
// Generates a credential report for the AWS account. For more information about
// the credential report, see Getting Credential Reports (http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GenerateCredentialReport for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GenerateCredentialReport(input *GenerateCredentialReportInput) (*GenerateCredentialReportOutput, error) {
	req, out := c.GenerateCredentialReportRequest(input)
	err := req.Send()
	return out, err
}

const opGetAccessKeyLastUsed = "GetAccessKeyLastUsed"

// GetAccessKeyLastUsedRequest generates a "aws/request.Request" representing the
// client's request for the GetAccessKeyLastUsed operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetAccessKeyLastUsed for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetAccessKeyLastUsed method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetAccessKeyLastUsedRequest method.
//    req, resp := client.GetAccessKeyLastUsedRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetAccessKeyLastUsedRequest(input *GetAccessKeyLastUsedInput) (req *request.Request, output *GetAccessKeyLastUsedOutput) {
	op := &request.Operation{
		Name:       opGetAccessKeyLastUsed,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetAccessKeyLastUsedInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetAccessKeyLastUsedOutput{}
	req.Data = output
	return
}

// GetAccessKeyLastUsed API operation for AWS Identity and Access Management.
//
// Retrieves information about when the specified access key was last used.
// The information includes the date and time of last use, along with the AWS
// service and region that were specified in the last request made with that
// key.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetAccessKeyLastUsed for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
func (c *IAM) GetAccessKeyLastUsed(input *GetAccessKeyLastUsedInput) (*GetAccessKeyLastUsedOutput, error) {
	req, out := c.GetAccessKeyLastUsedRequest(input)
	err := req.Send()
	return out, err
}

const opGetAccountAuthorizationDetails = "GetAccountAuthorizationDetails"

// GetAccountAuthorizationDetailsRequest generates a "aws/request.Request" representing the
// client's request for the GetAccountAuthorizationDetails operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetAccountAuthorizationDetails for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetAccountAuthorizationDetails method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetAccountAuthorizationDetailsRequest method.
//    req, resp := client.GetAccountAuthorizationDetailsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetAccountAuthorizationDetailsRequest(input *GetAccountAuthorizationDetailsInput) (req *request.Request, output *GetAccountAuthorizationDetailsOutput) {
	op := &request.Operation{
		Name:       opGetAccountAuthorizationDetails,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &GetAccountAuthorizationDetailsInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetAccountAuthorizationDetailsOutput{}
	req.Data = output
	return
}

// GetAccountAuthorizationDetails API operation for AWS Identity and Access Management.
//
// Retrieves information about all IAM users, groups, roles, and policies in
// your AWS account, including their relationships to one another. Use this
// API to obtain a snapshot of the configuration of IAM permissions (users,
// groups, roles, and policies) in your account.
//
// You can optionally filter the results using the Filter parameter. You can
// paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetAccountAuthorizationDetails for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetAccountAuthorizationDetails(input *GetAccountAuthorizationDetailsInput) (*GetAccountAuthorizationDetailsOutput, error) {
	req, out := c.GetAccountAuthorizationDetailsRequest(input)
	err := req.Send()
	return out, err
}

// GetAccountAuthorizationDetailsPages iterates over the pages of a GetAccountAuthorizationDetails operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See GetAccountAuthorizationDetails method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a GetAccountAuthorizationDetails operation.
//    pageNum := 0
//    err := client.GetAccountAuthorizationDetailsPages(params,
//        func(page *GetAccountAuthorizationDetailsOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) GetAccountAuthorizationDetailsPages(input *GetAccountAuthorizationDetailsInput, fn func(p *GetAccountAuthorizationDetailsOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.GetAccountAuthorizationDetailsRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*GetAccountAuthorizationDetailsOutput), lastPage)
	})
}

const opGetAccountPasswordPolicy = "GetAccountPasswordPolicy"

// GetAccountPasswordPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetAccountPasswordPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetAccountPasswordPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetAccountPasswordPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetAccountPasswordPolicyRequest method.
//    req, resp := client.GetAccountPasswordPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetAccountPasswordPolicyRequest(input *GetAccountPasswordPolicyInput) (req *request.Request, output *GetAccountPasswordPolicyOutput) {
	op := &request.Operation{
		Name:       opGetAccountPasswordPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetAccountPasswordPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetAccountPasswordPolicyOutput{}
	req.Data = output
	return
}

// GetAccountPasswordPolicy API operation for AWS Identity and Access Management.
//
// Retrieves the password policy for the AWS account. For more information about
// using a password policy, go to Managing an IAM Password Policy (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetAccountPasswordPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetAccountPasswordPolicy(input *GetAccountPasswordPolicyInput) (*GetAccountPasswordPolicyOutput, error) {
	req, out := c.GetAccountPasswordPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opGetAccountSummary = "GetAccountSummary"

// GetAccountSummaryRequest generates a "aws/request.Request" representing the
// client's request for the GetAccountSummary operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetAccountSummary for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetAccountSummary method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetAccountSummaryRequest method.
//    req, resp := client.GetAccountSummaryRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetAccountSummaryRequest(input *GetAccountSummaryInput) (req *request.Request, output *GetAccountSummaryOutput) {
	op := &request.Operation{
		Name:       opGetAccountSummary,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetAccountSummaryInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetAccountSummaryOutput{}
	req.Data = output
	return
}

// GetAccountSummary API operation for AWS Identity and Access Management.
//
// Retrieves information about IAM entity usage and IAM quotas in the AWS account.
//
// For information about limitations on IAM entities, see Limitations on IAM
// Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetAccountSummary for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetAccountSummary(input *GetAccountSummaryInput) (*GetAccountSummaryOutput, error) {
	req, out := c.GetAccountSummaryRequest(input)
	err := req.Send()
	return out, err
}

const opGetContextKeysForCustomPolicy = "GetContextKeysForCustomPolicy"

// GetContextKeysForCustomPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetContextKeysForCustomPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetContextKeysForCustomPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetContextKeysForCustomPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetContextKeysForCustomPolicyRequest method.
//    req, resp := client.GetContextKeysForCustomPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetContextKeysForCustomPolicyRequest(input *GetContextKeysForCustomPolicyInput) (req *request.Request, output *GetContextKeysForPolicyResponse) {
	op := &request.Operation{
		Name:       opGetContextKeysForCustomPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetContextKeysForCustomPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetContextKeysForPolicyResponse{}
	req.Data = output
	return
}

// GetContextKeysForCustomPolicy API operation for AWS Identity and Access Management.
//
// Gets a list of all of the context keys referenced in the input policies.
// The policies are supplied as a list of one or more strings. To get the context
// keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.
//
// Context keys are variables maintained by AWS and its services that provide
// details about the context of an API query request, and can be evaluated by
// testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy
// to understand what key names and values you must supply when you call SimulateCustomPolicy.
// Note that all parameters are shown in unencoded form here for clarity, but
// must be URL encoded to be included as a part of a real HTML request.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetContextKeysForCustomPolicy for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
func (c *IAM) GetContextKeysForCustomPolicy(input *GetContextKeysForCustomPolicyInput) (*GetContextKeysForPolicyResponse, error) {
	req, out := c.GetContextKeysForCustomPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opGetContextKeysForPrincipalPolicy = "GetContextKeysForPrincipalPolicy"

// GetContextKeysForPrincipalPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetContextKeysForPrincipalPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetContextKeysForPrincipalPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetContextKeysForPrincipalPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetContextKeysForPrincipalPolicyRequest method.
//    req, resp := client.GetContextKeysForPrincipalPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetContextKeysForPrincipalPolicyRequest(input *GetContextKeysForPrincipalPolicyInput) (req *request.Request, output *GetContextKeysForPolicyResponse) {
	op := &request.Operation{
		Name:       opGetContextKeysForPrincipalPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetContextKeysForPrincipalPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetContextKeysForPolicyResponse{}
	req.Data = output
	return
}

// GetContextKeysForPrincipalPolicy API operation for AWS Identity and Access Management.
//
// Gets a list of all of the context keys referenced in all of the IAM policies
// attached to the specified IAM entity. The entity can be an IAM user, group,
// or role. If you specify a user, then the request also includes all of the
// policies attached to groups that the user is a member of.
//
// You can optionally include a list of one or more additional policies, specified
// as strings. If you want to include only a list of policies by string, use
// GetContextKeysForCustomPolicy instead.
//
// Note: This API discloses information about the permissions granted to other
// users. If you do not want users to see other user's permissions, then consider
// allowing them to use GetContextKeysForCustomPolicy instead.
//
// Context keys are variables maintained by AWS and its services that provide
// details about the context of an API query request, and can be evaluated by
// testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy
// to understand what key names and values you must supply when you call SimulatePrincipalPolicy.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetContextKeysForPrincipalPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
func (c *IAM) GetContextKeysForPrincipalPolicy(input *GetContextKeysForPrincipalPolicyInput) (*GetContextKeysForPolicyResponse, error) {
	req, out := c.GetContextKeysForPrincipalPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opGetCredentialReport = "GetCredentialReport"

// GetCredentialReportRequest generates a "aws/request.Request" representing the
// client's request for the GetCredentialReport operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetCredentialReport for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetCredentialReport method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetCredentialReportRequest method.
//    req, resp := client.GetCredentialReportRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetCredentialReportRequest(input *GetCredentialReportInput) (req *request.Request, output *GetCredentialReportOutput) {
	op := &request.Operation{
		Name:       opGetCredentialReport,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetCredentialReportInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetCredentialReportOutput{}
	req.Data = output
	return
}

// GetCredentialReport API operation for AWS Identity and Access Management.
//
// Retrieves a credential report for the AWS account. For more information about
// the credential report, see Getting Credential Reports (http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetCredentialReport for usage and error information.
//
// Returned Error Codes:
//   * ReportNotPresent
//   The request was rejected because the credential report does not exist. To
//   generate a credential report, use GenerateCredentialReport.
//
//   * ReportExpired
//   The request was rejected because the most recent credential report has expired.
//   To generate a new credential report, use GenerateCredentialReport. For more
//   information about credential report expiration, see Getting Credential Reports
//   (http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
//   in the IAM User Guide.
//
//   * ReportInProgress
//   The request was rejected because the credential report is still being generated.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetCredentialReport(input *GetCredentialReportInput) (*GetCredentialReportOutput, error) {
	req, out := c.GetCredentialReportRequest(input)
	err := req.Send()
	return out, err
}

const opGetGroup = "GetGroup"

// GetGroupRequest generates a "aws/request.Request" representing the
// client's request for the GetGroup operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetGroup for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetGroup method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetGroupRequest method.
//    req, resp := client.GetGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetGroupRequest(input *GetGroupInput) (req *request.Request, output *GetGroupOutput) {
	op := &request.Operation{
		Name:       opGetGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &GetGroupInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetGroupOutput{}
	req.Data = output
	return
}

// GetGroup API operation for AWS Identity and Access Management.
//
// Returns a list of IAM users that are in the specified IAM group. You can
// paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetGroup for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetGroup(input *GetGroupInput) (*GetGroupOutput, error) {
	req, out := c.GetGroupRequest(input)
	err := req.Send()
	return out, err
}

// GetGroupPages iterates over the pages of a GetGroup operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See GetGroup method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a GetGroup operation.
//    pageNum := 0
//    err := client.GetGroupPages(params,
//        func(page *GetGroupOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) GetGroupPages(input *GetGroupInput, fn func(p *GetGroupOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.GetGroupRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*GetGroupOutput), lastPage)
	})
}

const opGetGroupPolicy = "GetGroupPolicy"

// GetGroupPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetGroupPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetGroupPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetGroupPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetGroupPolicyRequest method.
//    req, resp := client.GetGroupPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetGroupPolicyRequest(input *GetGroupPolicyInput) (req *request.Request, output *GetGroupPolicyOutput) {
	op := &request.Operation{
		Name:       opGetGroupPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetGroupPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetGroupPolicyOutput{}
	req.Data = output
	return
}

// GetGroupPolicy API operation for AWS Identity and Access Management.
//
// Retrieves the specified inline policy document that is embedded in the specified
// IAM group.
//
// Policies returned by this API are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986).
// You can use a URL decoding method to convert the policy back to plain JSON
// text. For example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// An IAM group can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a group, use GetPolicy to determine
// the policy's default version, then use GetPolicyVersion to retrieve the policy
// document.
//
// For more information about policies, see Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetGroupPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetGroupPolicy(input *GetGroupPolicyInput) (*GetGroupPolicyOutput, error) {
	req, out := c.GetGroupPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opGetInstanceProfile = "GetInstanceProfile"

// GetInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the GetInstanceProfile operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetInstanceProfile for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetInstanceProfile method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetInstanceProfileRequest method.
//    req, resp := client.GetInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetInstanceProfileRequest(input *GetInstanceProfileInput) (req *request.Request, output *GetInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opGetInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetInstanceProfileInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetInstanceProfileOutput{}
	req.Data = output
	return
}

// GetInstanceProfile API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified instance profile, including the
// instance profile's path, GUID, ARN, and role. For more information about
// instance profiles, see About Instance Profiles (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetInstanceProfile(input *GetInstanceProfileInput) (*GetInstanceProfileOutput, error) {
	req, out := c.GetInstanceProfileRequest(input)
	err := req.Send()
	return out, err
}

const opGetLoginProfile = "GetLoginProfile"

// GetLoginProfileRequest generates a "aws/request.Request" representing the
// client's request for the GetLoginProfile operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetLoginProfile for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetLoginProfile method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetLoginProfileRequest method.
//    req, resp := client.GetLoginProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetLoginProfileRequest(input *GetLoginProfileInput) (req *request.Request, output *GetLoginProfileOutput) {
	op := &request.Operation{
		Name:       opGetLoginProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetLoginProfileInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetLoginProfileOutput{}
	req.Data = output
	return
}

// GetLoginProfile API operation for AWS Identity and Access Management.
//
// Retrieves the user name and password-creation date for the specified IAM
// user. If the user has not been assigned a password, the action returns a
// 404 (NoSuchEntity) error.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetLoginProfile for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetLoginProfile(input *GetLoginProfileInput) (*GetLoginProfileOutput, error) {
	req, out := c.GetLoginProfileRequest(input)
	err := req.Send()
	return out, err
}

const opGetOpenIDConnectProvider = "GetOpenIDConnectProvider"

// GetOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the GetOpenIDConnectProvider operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetOpenIDConnectProvider for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetOpenIDConnectProvider method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetOpenIDConnectProviderRequest method.
//    req, resp := client.GetOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetOpenIDConnectProviderRequest(input *GetOpenIDConnectProviderInput) (req *request.Request, output *GetOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opGetOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetOpenIDConnectProviderInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetOpenIDConnectProviderOutput{}
	req.Data = output
	return
}

// GetOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Returns information about the specified OpenID Connect (OIDC) provider resource
// object in IAM.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetOpenIDConnectProvider(input *GetOpenIDConnectProviderInput) (*GetOpenIDConnectProviderOutput, error) {
	req, out := c.GetOpenIDConnectProviderRequest(input)
	err := req.Send()
	return out, err
}

const opGetPolicy = "GetPolicy"

// GetPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetPolicyRequest method.
//    req, resp := client.GetPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetPolicyRequest(input *GetPolicyInput) (req *request.Request, output *GetPolicyOutput) {
	op := &request.Operation{
		Name:       opGetPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetPolicyOutput{}
	req.Data = output
	return
}

// GetPolicy API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified managed policy, including the policy's
// default version and the total number of IAM users, groups, and roles to which
// the policy is attached. To retrieve the list of the specific users, groups,
// and roles that the policy is attached to, use the ListEntitiesForPolicy API.
// This API returns metadata about the policy. To retrieve the actual policy
// document for a specific version of the policy, use GetPolicyVersion.
//
// This API retrieves information about managed policies. To retrieve information
// about an inline policy that is embedded with an IAM user, group, or role,
// use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.
//
// For more information about policies, see Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetPolicy(input *GetPolicyInput) (*GetPolicyOutput, error) {
	req, out := c.GetPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opGetPolicyVersion = "GetPolicyVersion"

// GetPolicyVersionRequest generates a "aws/request.Request" representing the
// client's request for the GetPolicyVersion operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetPolicyVersion for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetPolicyVersion method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetPolicyVersionRequest method.
//    req, resp := client.GetPolicyVersionRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetPolicyVersionRequest(input *GetPolicyVersionInput) (req *request.Request, output *GetPolicyVersionOutput) {
	op := &request.Operation{
		Name:       opGetPolicyVersion,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetPolicyVersionInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetPolicyVersionOutput{}
	req.Data = output
	return
}

// GetPolicyVersion API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified version of the specified managed
// policy, including the policy document.
//
// Policies returned by this API are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986).
// You can use a URL decoding method to convert the policy back to plain JSON
// text. For example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// To list the available versions for a policy, use ListPolicyVersions.
//
// This API retrieves information about managed policies. To retrieve information
// about an inline policy that is embedded in a user, group, or role, use the
// GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.
//
// For more information about the types of policies, see Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// For more information about managed policy versions, see Versioning for Managed
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetPolicyVersion for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetPolicyVersion(input *GetPolicyVersionInput) (*GetPolicyVersionOutput, error) {
	req, out := c.GetPolicyVersionRequest(input)
	err := req.Send()
	return out, err
}

const opGetRole = "GetRole"

// GetRoleRequest generates a "aws/request.Request" representing the
// client's request for the GetRole operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetRole for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetRole method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetRoleRequest method.
//    req, resp := client.GetRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetRoleRequest(input *GetRoleInput) (req *request.Request, output *GetRoleOutput) {
	op := &request.Operation{
		Name:       opGetRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetRoleInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetRoleOutput{}
	req.Data = output
	return
}

// GetRole API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified role, including the role's path,
// GUID, ARN, and the role's trust policy that grants permission to assume the
// role. For more information about roles, see Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
//
// Policies returned by this API are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986).
// You can use a URL decoding method to convert the policy back to plain JSON
// text. For example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetRole for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetRole(input *GetRoleInput) (*GetRoleOutput, error) {
	req, out := c.GetRoleRequest(input)
	err := req.Send()
	return out, err
}

const opGetRolePolicy = "GetRolePolicy"

// GetRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetRolePolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetRolePolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetRolePolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetRolePolicyRequest method.
//    req, resp := client.GetRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetRolePolicyRequest(input *GetRolePolicyInput) (req *request.Request, output *GetRolePolicyOutput) {
	op := &request.Operation{
		Name:       opGetRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetRolePolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetRolePolicyOutput{}
	req.Data = output
	return
}

// GetRolePolicy API operation for AWS Identity and Access Management.
//
// Retrieves the specified inline policy document that is embedded with the
// specified IAM role.
//
// Policies returned by this API are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986).
// You can use a URL decoding method to convert the policy back to plain JSON
// text. For example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// An IAM role can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a role, use GetPolicy to determine
// the policy's default version, then use GetPolicyVersion to retrieve the policy
// document.
//
// For more information about policies, see Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// For more information about roles, see Using Roles to Delegate Permissions
// and Federate Identities (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetRolePolicy(input *GetRolePolicyInput) (*GetRolePolicyOutput, error) {
	req, out := c.GetRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

const opGetSAMLProvider = "GetSAMLProvider"

// GetSAMLProviderRequest generates a "aws/request.Request" representing the
// client's request for the GetSAMLProvider operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetSAMLProvider for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetSAMLProvider method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetSAMLProviderRequest method.
//    req, resp := client.GetSAMLProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetSAMLProviderRequest(input *GetSAMLProviderInput) (req *request.Request, output *GetSAMLProviderOutput) {
	op := &request.Operation{
		Name:       opGetSAMLProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetSAMLProviderInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetSAMLProviderOutput{}
	req.Data = output
	return
}

// GetSAMLProvider API operation for AWS Identity and Access Management.
//
// Returns the SAML provider metadocument that was uploaded when the IAM SAML
// provider resource object was created or updated.
//
// This operation requires Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetSAMLProvider for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetSAMLProvider(input *GetSAMLProviderInput) (*GetSAMLProviderOutput, error) {
	req, out := c.GetSAMLProviderRequest(input)
	err := req.Send()
	return out, err
}

const opGetSSHPublicKey = "GetSSHPublicKey"

// GetSSHPublicKeyRequest generates a "aws/request.Request" representing the
// client's request for the GetSSHPublicKey operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetSSHPublicKey for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetSSHPublicKey method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetSSHPublicKeyRequest method.
//    req, resp := client.GetSSHPublicKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetSSHPublicKeyRequest(input *GetSSHPublicKeyInput) (req *request.Request, output *GetSSHPublicKeyOutput) {
	op := &request.Operation{
		Name:       opGetSSHPublicKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetSSHPublicKeyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetSSHPublicKeyOutput{}
	req.Data = output
	return
}

// GetSSHPublicKey API operation for AWS Identity and Access Management.
//
// Retrieves the specified SSH public key, including metadata about the key.
//
// The SSH public key retrieved by this action is used only for authenticating
// the associated IAM user to an AWS CodeCommit repository. For more information
// about using SSH keys to authenticate to an AWS CodeCommit repository, see
// Set up AWS CodeCommit for SSH Connections (http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the AWS CodeCommit User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetSSHPublicKey for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * UnrecognizedPublicKeyEncoding
//   The request was rejected because the public key encoding format is unsupported
//   or unrecognized.
//
func (c *IAM) GetSSHPublicKey(input *GetSSHPublicKeyInput) (*GetSSHPublicKeyOutput, error) {
	req, out := c.GetSSHPublicKeyRequest(input)
	err := req.Send()
	return out, err
}

const opGetServerCertificate = "GetServerCertificate"

// GetServerCertificateRequest generates a "aws/request.Request" representing the
// client's request for the GetServerCertificate operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetServerCertificate for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetServerCertificate method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetServerCertificateRequest method.
//    req, resp := client.GetServerCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetServerCertificateRequest(input *GetServerCertificateInput) (req *request.Request, output *GetServerCertificateOutput) {
	op := &request.Operation{
		Name:       opGetServerCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetServerCertificateInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetServerCertificateOutput{}
	req.Data = output
	return
}

// GetServerCertificate API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified server certificate stored in IAM.
//
// For more information about working with server certificates, including a
// list of AWS services that can use the server certificates that you manage
// with IAM, go to Working with Server Certificates (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetServerCertificate for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetServerCertificate(input *GetServerCertificateInput) (*GetServerCertificateOutput, error) {
	req, out := c.GetServerCertificateRequest(input)
	err := req.Send()
	return out, err
}

const opGetUser = "GetUser"

// GetUserRequest generates a "aws/request.Request" representing the
// client's request for the GetUser operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetUser for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetUser method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetUserRequest method.
//    req, resp := client.GetUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetUserRequest(input *GetUserInput) (req *request.Request, output *GetUserOutput) {
	op := &request.Operation{
		Name:       opGetUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetUserInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetUserOutput{}
	req.Data = output
	return
}

// GetUser API operation for AWS Identity and Access Management.
//
// Retrieves information about the specified IAM user, including the user's
// creation date, path, unique ID, and ARN.
//
// If you do not specify a user name, IAM determines the user name implicitly
// based on the AWS access key ID used to sign the request to this API.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetUser for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetUser(input *GetUserInput) (*GetUserOutput, error) {
	req, out := c.GetUserRequest(input)
	err := req.Send()
	return out, err
}

const opGetUserPolicy = "GetUserPolicy"

// GetUserPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetUserPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See GetUserPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetUserPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the GetUserPolicyRequest method.
//    req, resp := client.GetUserPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) GetUserPolicyRequest(input *GetUserPolicyInput) (req *request.Request, output *GetUserPolicyOutput) {
	op := &request.Operation{
		Name:       opGetUserPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetUserPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &GetUserPolicyOutput{}
	req.Data = output
	return
}

// GetUserPolicy API operation for AWS Identity and Access Management.
//
// Retrieves the specified inline policy document that is embedded in the specified
// IAM user.
//
// Policies returned by this API are URL-encoded compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986).
// You can use a URL decoding method to convert the policy back to plain JSON
// text. For example, if you use Java, you can use the decode method of the
// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
// provide similar functionality.
//
// An IAM user can also have managed policies attached to it. To retrieve a
// managed policy document that is attached to a user, use GetPolicy to determine
// the policy's default version, then use GetPolicyVersion to retrieve the policy
// document.
//
// For more information about policies, see Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetUserPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) GetUserPolicy(input *GetUserPolicyInput) (*GetUserPolicyOutput, error) {
	req, out := c.GetUserPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opListAccessKeys = "ListAccessKeys"

// ListAccessKeysRequest generates a "aws/request.Request" representing the
// client's request for the ListAccessKeys operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListAccessKeys for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListAccessKeys method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListAccessKeysRequest method.
//    req, resp := client.ListAccessKeysRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListAccessKeysRequest(input *ListAccessKeysInput) (req *request.Request, output *ListAccessKeysOutput) {
	op := &request.Operation{
		Name:       opListAccessKeys,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListAccessKeysInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListAccessKeysOutput{}
	req.Data = output
	return
}

// ListAccessKeys API operation for AWS Identity and Access Management.
//
// Returns information about the access key IDs associated with the specified
// IAM user. If there are none, the action returns an empty list.
//
// Although each user is limited to a small number of keys, you can still paginate
// the results using the MaxItems and Marker parameters.
//
// If the UserName field is not specified, the UserName is determined implicitly
// based on the AWS access key ID used to sign the request. Because this action
// works for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
//
// To ensure the security of your AWS account, the secret access key is accessible
// only during key and user creation.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListAccessKeys for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListAccessKeys(input *ListAccessKeysInput) (*ListAccessKeysOutput, error) {
	req, out := c.ListAccessKeysRequest(input)
	err := req.Send()
	return out, err
}

// ListAccessKeysPages iterates over the pages of a ListAccessKeys operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAccessKeys method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListAccessKeys operation.
//    pageNum := 0
//    err := client.ListAccessKeysPages(params,
//        func(page *ListAccessKeysOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListAccessKeysPages(input *ListAccessKeysInput, fn func(p *ListAccessKeysOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListAccessKeysRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListAccessKeysOutput), lastPage)
	})
}

const opListAccountAliases = "ListAccountAliases"

// ListAccountAliasesRequest generates a "aws/request.Request" representing the
// client's request for the ListAccountAliases operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListAccountAliases for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListAccountAliases method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListAccountAliasesRequest method.
//    req, resp := client.ListAccountAliasesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListAccountAliasesRequest(input *ListAccountAliasesInput) (req *request.Request, output *ListAccountAliasesOutput) {
	op := &request.Operation{
		Name:       opListAccountAliases,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListAccountAliasesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListAccountAliasesOutput{}
	req.Data = output
	return
}

// ListAccountAliases API operation for AWS Identity and Access Management.
//
// Lists the account alias associated with the AWS account (Note: you can have
// only one). For information about using an AWS account alias, see Using an
// Alias for Your AWS Account ID (http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListAccountAliases for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListAccountAliases(input *ListAccountAliasesInput) (*ListAccountAliasesOutput, error) {
	req, out := c.ListAccountAliasesRequest(input)
	err := req.Send()
	return out, err
}

// ListAccountAliasesPages iterates over the pages of a ListAccountAliases operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAccountAliases method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListAccountAliases operation.
//    pageNum := 0
//    err := client.ListAccountAliasesPages(params,
//        func(page *ListAccountAliasesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListAccountAliasesPages(input *ListAccountAliasesInput, fn func(p *ListAccountAliasesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListAccountAliasesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListAccountAliasesOutput), lastPage)
	})
}

const opListAttachedGroupPolicies = "ListAttachedGroupPolicies"

// ListAttachedGroupPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListAttachedGroupPolicies operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListAttachedGroupPolicies for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListAttachedGroupPolicies method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListAttachedGroupPoliciesRequest method.
//    req, resp := client.ListAttachedGroupPoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListAttachedGroupPoliciesRequest(input *ListAttachedGroupPoliciesInput) (req *request.Request, output *ListAttachedGroupPoliciesOutput) {
	op := &request.Operation{
		Name:       opListAttachedGroupPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListAttachedGroupPoliciesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListAttachedGroupPoliciesOutput{}
	req.Data = output
	return
}

// ListAttachedGroupPolicies API operation for AWS Identity and Access Management.
//
// Lists all managed policies that are attached to the specified IAM group.
//
// An IAM group can also have inline policies embedded with it. To list the
// inline policies for a group, use the ListGroupPolicies API. For information
// about policies, see Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You
// can use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to
// the specified group (or none that match the specified path prefix), the action
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListAttachedGroupPolicies for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListAttachedGroupPolicies(input *ListAttachedGroupPoliciesInput) (*ListAttachedGroupPoliciesOutput, error) {
	req, out := c.ListAttachedGroupPoliciesRequest(input)
	err := req.Send()
	return out, err
}

// ListAttachedGroupPoliciesPages iterates over the pages of a ListAttachedGroupPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAttachedGroupPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListAttachedGroupPolicies operation.
//    pageNum := 0
//    err := client.ListAttachedGroupPoliciesPages(params,
//        func(page *ListAttachedGroupPoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListAttachedGroupPoliciesPages(input *ListAttachedGroupPoliciesInput, fn func(p *ListAttachedGroupPoliciesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListAttachedGroupPoliciesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListAttachedGroupPoliciesOutput), lastPage)
	})
}

const opListAttachedRolePolicies = "ListAttachedRolePolicies"

// ListAttachedRolePoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListAttachedRolePolicies operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListAttachedRolePolicies for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListAttachedRolePolicies method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListAttachedRolePoliciesRequest method.
//    req, resp := client.ListAttachedRolePoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListAttachedRolePoliciesRequest(input *ListAttachedRolePoliciesInput) (req *request.Request, output *ListAttachedRolePoliciesOutput) {
	op := &request.Operation{
		Name:       opListAttachedRolePolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListAttachedRolePoliciesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListAttachedRolePoliciesOutput{}
	req.Data = output
	return
}

// ListAttachedRolePolicies API operation for AWS Identity and Access Management.
//
// Lists all managed policies that are attached to the specified IAM role.
//
// An IAM role can also have inline policies embedded with it. To list the inline
// policies for a role, use the ListRolePolicies API. For information about
// policies, see Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You
// can use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to
// the specified role (or none that match the specified path prefix), the action
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListAttachedRolePolicies for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListAttachedRolePolicies(input *ListAttachedRolePoliciesInput) (*ListAttachedRolePoliciesOutput, error) {
	req, out := c.ListAttachedRolePoliciesRequest(input)
	err := req.Send()
	return out, err
}

// ListAttachedRolePoliciesPages iterates over the pages of a ListAttachedRolePolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAttachedRolePolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListAttachedRolePolicies operation.
//    pageNum := 0
//    err := client.ListAttachedRolePoliciesPages(params,
//        func(page *ListAttachedRolePoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListAttachedRolePoliciesPages(input *ListAttachedRolePoliciesInput, fn func(p *ListAttachedRolePoliciesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListAttachedRolePoliciesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListAttachedRolePoliciesOutput), lastPage)
	})
}

const opListAttachedUserPolicies = "ListAttachedUserPolicies"

// ListAttachedUserPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListAttachedUserPolicies operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListAttachedUserPolicies for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListAttachedUserPolicies method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListAttachedUserPoliciesRequest method.
//    req, resp := client.ListAttachedUserPoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListAttachedUserPoliciesRequest(input *ListAttachedUserPoliciesInput) (req *request.Request, output *ListAttachedUserPoliciesOutput) {
	op := &request.Operation{
		Name:       opListAttachedUserPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListAttachedUserPoliciesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListAttachedUserPoliciesOutput{}
	req.Data = output
	return
}

// ListAttachedUserPolicies API operation for AWS Identity and Access Management.
//
// Lists all managed policies that are attached to the specified IAM user.
//
// An IAM user can also have inline policies embedded with it. To list the inline
// policies for a user, use the ListUserPolicies API. For information about
// policies, see Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. You
// can use the PathPrefix parameter to limit the list of policies to only those
// matching the specified path prefix. If there are no policies attached to
// the specified group (or none that match the specified path prefix), the action
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListAttachedUserPolicies for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListAttachedUserPolicies(input *ListAttachedUserPoliciesInput) (*ListAttachedUserPoliciesOutput, error) {
	req, out := c.ListAttachedUserPoliciesRequest(input)
	err := req.Send()
	return out, err
}

// ListAttachedUserPoliciesPages iterates over the pages of a ListAttachedUserPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAttachedUserPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListAttachedUserPolicies operation.
//    pageNum := 0
//    err := client.ListAttachedUserPoliciesPages(params,
//        func(page *ListAttachedUserPoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListAttachedUserPoliciesPages(input *ListAttachedUserPoliciesInput, fn func(p *ListAttachedUserPoliciesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListAttachedUserPoliciesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListAttachedUserPoliciesOutput), lastPage)
	})
}

const opListEntitiesForPolicy = "ListEntitiesForPolicy"

// ListEntitiesForPolicyRequest generates a "aws/request.Request" representing the
// client's request for the ListEntitiesForPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListEntitiesForPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListEntitiesForPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListEntitiesForPolicyRequest method.
//    req, resp := client.ListEntitiesForPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListEntitiesForPolicyRequest(input *ListEntitiesForPolicyInput) (req *request.Request, output *ListEntitiesForPolicyOutput) {
	op := &request.Operation{
		Name:       opListEntitiesForPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListEntitiesForPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListEntitiesForPolicyOutput{}
	req.Data = output
	return
}

// ListEntitiesForPolicy API operation for AWS Identity and Access Management.
//
// Lists all IAM users, groups, and roles that the specified managed policy
// is attached to.
//
// You can use the optional EntityFilter parameter to limit the results to a
// particular type of entity (users, groups, or roles). For example, to list
// only the roles that are attached to the specified policy, set EntityFilter
// to Role.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListEntitiesForPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListEntitiesForPolicy(input *ListEntitiesForPolicyInput) (*ListEntitiesForPolicyOutput, error) {
	req, out := c.ListEntitiesForPolicyRequest(input)
	err := req.Send()
	return out, err
}

// ListEntitiesForPolicyPages iterates over the pages of a ListEntitiesForPolicy operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListEntitiesForPolicy method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListEntitiesForPolicy operation.
//    pageNum := 0
//    err := client.ListEntitiesForPolicyPages(params,
//        func(page *ListEntitiesForPolicyOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListEntitiesForPolicyPages(input *ListEntitiesForPolicyInput, fn func(p *ListEntitiesForPolicyOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListEntitiesForPolicyRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListEntitiesForPolicyOutput), lastPage)
	})
}

const opListGroupPolicies = "ListGroupPolicies"

// ListGroupPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListGroupPolicies operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListGroupPolicies for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListGroupPolicies method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListGroupPoliciesRequest method.
//    req, resp := client.ListGroupPoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListGroupPoliciesRequest(input *ListGroupPoliciesInput) (req *request.Request, output *ListGroupPoliciesOutput) {
	op := &request.Operation{
		Name:       opListGroupPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListGroupPoliciesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListGroupPoliciesOutput{}
	req.Data = output
	return
}

// ListGroupPolicies API operation for AWS Identity and Access Management.
//
// Lists the names of the inline policies that are embedded in the specified
// IAM group.
//
// An IAM group can also have managed policies attached to it. To list the managed
// policies that are attached to a group, use ListAttachedGroupPolicies. For
// more information about policies, see Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If
// there are no inline policies embedded with the specified group, the action
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListGroupPolicies for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListGroupPolicies(input *ListGroupPoliciesInput) (*ListGroupPoliciesOutput, error) {
	req, out := c.ListGroupPoliciesRequest(input)
	err := req.Send()
	return out, err
}

// ListGroupPoliciesPages iterates over the pages of a ListGroupPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListGroupPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListGroupPolicies operation.
//    pageNum := 0
//    err := client.ListGroupPoliciesPages(params,
//        func(page *ListGroupPoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListGroupPoliciesPages(input *ListGroupPoliciesInput, fn func(p *ListGroupPoliciesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListGroupPoliciesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListGroupPoliciesOutput), lastPage)
	})
}

const opListGroups = "ListGroups"

// ListGroupsRequest generates a "aws/request.Request" representing the
// client's request for the ListGroups operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListGroups for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListGroups method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListGroupsRequest method.
//    req, resp := client.ListGroupsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListGroupsRequest(input *ListGroupsInput) (req *request.Request, output *ListGroupsOutput) {
	op := &request.Operation{
		Name:       opListGroups,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListGroupsInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListGroupsOutput{}
	req.Data = output
	return
}

// ListGroups API operation for AWS Identity and Access Management.
//
// Lists the IAM groups that have the specified path prefix.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListGroups for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListGroups(input *ListGroupsInput) (*ListGroupsOutput, error) {
	req, out := c.ListGroupsRequest(input)
	err := req.Send()
	return out, err
}

// ListGroupsPages iterates over the pages of a ListGroups operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListGroups method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListGroups operation.
//    pageNum := 0
//    err := client.ListGroupsPages(params,
//        func(page *ListGroupsOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListGroupsPages(input *ListGroupsInput, fn func(p *ListGroupsOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListGroupsRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListGroupsOutput), lastPage)
	})
}

const opListGroupsForUser = "ListGroupsForUser"

// ListGroupsForUserRequest generates a "aws/request.Request" representing the
// client's request for the ListGroupsForUser operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListGroupsForUser for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListGroupsForUser method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListGroupsForUserRequest method.
//    req, resp := client.ListGroupsForUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListGroupsForUserRequest(input *ListGroupsForUserInput) (req *request.Request, output *ListGroupsForUserOutput) {
	op := &request.Operation{
		Name:       opListGroupsForUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListGroupsForUserInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListGroupsForUserOutput{}
	req.Data = output
	return
}

// ListGroupsForUser API operation for AWS Identity and Access Management.
//
// Lists the IAM groups that the specified IAM user belongs to.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListGroupsForUser for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListGroupsForUser(input *ListGroupsForUserInput) (*ListGroupsForUserOutput, error) {
	req, out := c.ListGroupsForUserRequest(input)
	err := req.Send()
	return out, err
}

// ListGroupsForUserPages iterates over the pages of a ListGroupsForUser operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListGroupsForUser method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListGroupsForUser operation.
//    pageNum := 0
//    err := client.ListGroupsForUserPages(params,
//        func(page *ListGroupsForUserOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListGroupsForUserPages(input *ListGroupsForUserInput, fn func(p *ListGroupsForUserOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListGroupsForUserRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListGroupsForUserOutput), lastPage)
	})
}

const opListInstanceProfiles = "ListInstanceProfiles"

// ListInstanceProfilesRequest generates a "aws/request.Request" representing the
// client's request for the ListInstanceProfiles operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListInstanceProfiles for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListInstanceProfiles method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListInstanceProfilesRequest method.
//    req, resp := client.ListInstanceProfilesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListInstanceProfilesRequest(input *ListInstanceProfilesInput) (req *request.Request, output *ListInstanceProfilesOutput) {
	op := &request.Operation{
		Name:       opListInstanceProfiles,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListInstanceProfilesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListInstanceProfilesOutput{}
	req.Data = output
	return
}

// ListInstanceProfiles API operation for AWS Identity and Access Management.
//
// Lists the instance profiles that have the specified path prefix. If there
// are none, the action returns an empty list. For more information about instance
// profiles, go to About Instance Profiles (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListInstanceProfiles for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListInstanceProfiles(input *ListInstanceProfilesInput) (*ListInstanceProfilesOutput, error) {
	req, out := c.ListInstanceProfilesRequest(input)
	err := req.Send()
	return out, err
}

// ListInstanceProfilesPages iterates over the pages of a ListInstanceProfiles operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListInstanceProfiles method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListInstanceProfiles operation.
//    pageNum := 0
//    err := client.ListInstanceProfilesPages(params,
//        func(page *ListInstanceProfilesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListInstanceProfilesPages(input *ListInstanceProfilesInput, fn func(p *ListInstanceProfilesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListInstanceProfilesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListInstanceProfilesOutput), lastPage)
	})
}

const opListInstanceProfilesForRole = "ListInstanceProfilesForRole"

// ListInstanceProfilesForRoleRequest generates a "aws/request.Request" representing the
// client's request for the ListInstanceProfilesForRole operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListInstanceProfilesForRole for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListInstanceProfilesForRole method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListInstanceProfilesForRoleRequest method.
//    req, resp := client.ListInstanceProfilesForRoleRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListInstanceProfilesForRoleRequest(input *ListInstanceProfilesForRoleInput) (req *request.Request, output *ListInstanceProfilesForRoleOutput) {
	op := &request.Operation{
		Name:       opListInstanceProfilesForRole,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListInstanceProfilesForRoleInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListInstanceProfilesForRoleOutput{}
	req.Data = output
	return
}

// ListInstanceProfilesForRole API operation for AWS Identity and Access Management.
//
// Lists the instance profiles that have the specified associated IAM role.
// If there are none, the action returns an empty list. For more information
// about instance profiles, go to About Instance Profiles (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListInstanceProfilesForRole for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListInstanceProfilesForRole(input *ListInstanceProfilesForRoleInput) (*ListInstanceProfilesForRoleOutput, error) {
	req, out := c.ListInstanceProfilesForRoleRequest(input)
	err := req.Send()
	return out, err
}

// ListInstanceProfilesForRolePages iterates over the pages of a ListInstanceProfilesForRole operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListInstanceProfilesForRole method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListInstanceProfilesForRole operation.
//    pageNum := 0
//    err := client.ListInstanceProfilesForRolePages(params,
//        func(page *ListInstanceProfilesForRoleOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListInstanceProfilesForRolePages(input *ListInstanceProfilesForRoleInput, fn func(p *ListInstanceProfilesForRoleOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListInstanceProfilesForRoleRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListInstanceProfilesForRoleOutput), lastPage)
	})
}

const opListMFADevices = "ListMFADevices"

// ListMFADevicesRequest generates a "aws/request.Request" representing the
// client's request for the ListMFADevices operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListMFADevices for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListMFADevices method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListMFADevicesRequest method.
//    req, resp := client.ListMFADevicesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListMFADevicesRequest(input *ListMFADevicesInput) (req *request.Request, output *ListMFADevicesOutput) {
	op := &request.Operation{
		Name:       opListMFADevices,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListMFADevicesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListMFADevicesOutput{}
	req.Data = output
	return
}

// ListMFADevices API operation for AWS Identity and Access Management.
//
// Lists the MFA devices for an IAM user. If the request includes a IAM user
// name, then this action lists all the MFA devices associated with the specified
// user. If you do not specify a user name, IAM determines the user name implicitly
// based on the AWS access key ID signing the request for this API.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListMFADevices for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListMFADevices(input *ListMFADevicesInput) (*ListMFADevicesOutput, error) {
	req, out := c.ListMFADevicesRequest(input)
	err := req.Send()
	return out, err
}

// ListMFADevicesPages iterates over the pages of a ListMFADevices operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListMFADevices method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListMFADevices operation.
//    pageNum := 0
//    err := client.ListMFADevicesPages(params,
//        func(page *ListMFADevicesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListMFADevicesPages(input *ListMFADevicesInput, fn func(p *ListMFADevicesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListMFADevicesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListMFADevicesOutput), lastPage)
	})
}

const opListOpenIDConnectProviders = "ListOpenIDConnectProviders"

// ListOpenIDConnectProvidersRequest generates a "aws/request.Request" representing the
// client's request for the ListOpenIDConnectProviders operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListOpenIDConnectProviders for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListOpenIDConnectProviders method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListOpenIDConnectProvidersRequest method.
//    req, resp := client.ListOpenIDConnectProvidersRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListOpenIDConnectProvidersRequest(input *ListOpenIDConnectProvidersInput) (req *request.Request, output *ListOpenIDConnectProvidersOutput) {
	op := &request.Operation{
		Name:       opListOpenIDConnectProviders,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListOpenIDConnectProvidersInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListOpenIDConnectProvidersOutput{}
	req.Data = output
	return
}

// ListOpenIDConnectProviders API operation for AWS Identity and Access Management.
//
// Lists information about the IAM OpenID Connect (OIDC) provider resource objects
// defined in the AWS account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListOpenIDConnectProviders for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListOpenIDConnectProviders(input *ListOpenIDConnectProvidersInput) (*ListOpenIDConnectProvidersOutput, error) {
	req, out := c.ListOpenIDConnectProvidersRequest(input)
	err := req.Send()
	return out, err
}

const opListPolicies = "ListPolicies"

// ListPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListPolicies operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListPolicies for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListPolicies method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListPoliciesRequest method.
//    req, resp := client.ListPoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) {
	op := &request.Operation{
		Name:       opListPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListPoliciesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListPoliciesOutput{}
	req.Data = output
	return
}

// ListPolicies API operation for AWS Identity and Access Management.
//
// Lists all the managed policies that are available in your AWS account, including
// your own customer-defined managed policies and all AWS managed policies.
//
// You can filter the list of policies that is returned using the optional OnlyAttached,
// Scope, and PathPrefix parameters. For example, to list only the customer
// managed policies in your AWS account, set Scope to Local. To list only AWS
// managed policies, set Scope to AWS.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// For more information about managed policies, see Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListPolicies for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) {
	req, out := c.ListPoliciesRequest(input)
	err := req.Send()
	return out, err
}

// ListPoliciesPages iterates over the pages of a ListPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListPolicies operation.
//    pageNum := 0
//    err := client.ListPoliciesPages(params,
//        func(page *ListPoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListPoliciesPages(input *ListPoliciesInput, fn func(p *ListPoliciesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListPoliciesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListPoliciesOutput), lastPage)
	})
}

const opListPolicyVersions = "ListPolicyVersions"

// ListPolicyVersionsRequest generates a "aws/request.Request" representing the
// client's request for the ListPolicyVersions operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListPolicyVersions for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListPolicyVersions method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListPolicyVersionsRequest method.
//    req, resp := client.ListPolicyVersionsRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListPolicyVersionsRequest(input *ListPolicyVersionsInput) (req *request.Request, output *ListPolicyVersionsOutput) {
	op := &request.Operation{
		Name:       opListPolicyVersions,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListPolicyVersionsInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListPolicyVersionsOutput{}
	req.Data = output
	return
}

// ListPolicyVersions API operation for AWS Identity and Access Management.
//
// Lists information about the versions of the specified managed policy, including
// the version that is currently set as the policy's default version.
//
// For more information about managed policies, see Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListPolicyVersions for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListPolicyVersions(input *ListPolicyVersionsInput) (*ListPolicyVersionsOutput, error) {
	req, out := c.ListPolicyVersionsRequest(input)
	err := req.Send()
	return out, err
}

// ListPolicyVersionsPages iterates over the pages of a ListPolicyVersions operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListPolicyVersions method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListPolicyVersions operation.
//    pageNum := 0
//    err := client.ListPolicyVersionsPages(params,
//        func(page *ListPolicyVersionsOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListPolicyVersionsPages(input *ListPolicyVersionsInput, fn func(p *ListPolicyVersionsOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListPolicyVersionsRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListPolicyVersionsOutput), lastPage)
	})
}

const opListRolePolicies = "ListRolePolicies"

// ListRolePoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListRolePolicies operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListRolePolicies for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListRolePolicies method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListRolePoliciesRequest method.
//    req, resp := client.ListRolePoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListRolePoliciesRequest(input *ListRolePoliciesInput) (req *request.Request, output *ListRolePoliciesOutput) {
	op := &request.Operation{
		Name:       opListRolePolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListRolePoliciesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListRolePoliciesOutput{}
	req.Data = output
	return
}

// ListRolePolicies API operation for AWS Identity and Access Management.
//
// Lists the names of the inline policies that are embedded in the specified
// IAM role.
//
// An IAM role can also have managed policies attached to it. To list the managed
// policies that are attached to a role, use ListAttachedRolePolicies. For more
// information about policies, see Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If
// there are no inline policies embedded with the specified role, the action
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListRolePolicies for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListRolePolicies(input *ListRolePoliciesInput) (*ListRolePoliciesOutput, error) {
	req, out := c.ListRolePoliciesRequest(input)
	err := req.Send()
	return out, err
}

// ListRolePoliciesPages iterates over the pages of a ListRolePolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListRolePolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListRolePolicies operation.
//    pageNum := 0
//    err := client.ListRolePoliciesPages(params,
//        func(page *ListRolePoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListRolePoliciesPages(input *ListRolePoliciesInput, fn func(p *ListRolePoliciesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListRolePoliciesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListRolePoliciesOutput), lastPage)
	})
}

const opListRoles = "ListRoles"

// ListRolesRequest generates a "aws/request.Request" representing the
// client's request for the ListRoles operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListRoles for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListRoles method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListRolesRequest method.
//    req, resp := client.ListRolesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListRolesRequest(input *ListRolesInput) (req *request.Request, output *ListRolesOutput) {
	op := &request.Operation{
		Name:       opListRoles,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListRolesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListRolesOutput{}
	req.Data = output
	return
}

// ListRoles API operation for AWS Identity and Access Management.
//
// Lists the IAM roles that have the specified path prefix. If there are none,
// the action returns an empty list. For more information about roles, go to
// Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListRoles for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListRoles(input *ListRolesInput) (*ListRolesOutput, error) {
	req, out := c.ListRolesRequest(input)
	err := req.Send()
	return out, err
}

// ListRolesPages iterates over the pages of a ListRoles operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListRoles method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListRoles operation.
//    pageNum := 0
//    err := client.ListRolesPages(params,
//        func(page *ListRolesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListRolesPages(input *ListRolesInput, fn func(p *ListRolesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListRolesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListRolesOutput), lastPage)
	})
}

const opListSAMLProviders = "ListSAMLProviders"

// ListSAMLProvidersRequest generates a "aws/request.Request" representing the
// client's request for the ListSAMLProviders operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListSAMLProviders for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListSAMLProviders method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListSAMLProvidersRequest method.
//    req, resp := client.ListSAMLProvidersRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListSAMLProvidersRequest(input *ListSAMLProvidersInput) (req *request.Request, output *ListSAMLProvidersOutput) {
	op := &request.Operation{
		Name:       opListSAMLProviders,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ListSAMLProvidersInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListSAMLProvidersOutput{}
	req.Data = output
	return
}

// ListSAMLProviders API operation for AWS Identity and Access Management.
//
// Lists the SAML provider resource objects defined in IAM in the account.
//
// This operation requires Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListSAMLProviders for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListSAMLProviders(input *ListSAMLProvidersInput) (*ListSAMLProvidersOutput, error) {
	req, out := c.ListSAMLProvidersRequest(input)
	err := req.Send()
	return out, err
}

const opListSSHPublicKeys = "ListSSHPublicKeys"

// ListSSHPublicKeysRequest generates a "aws/request.Request" representing the
// client's request for the ListSSHPublicKeys operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListSSHPublicKeys for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListSSHPublicKeys method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListSSHPublicKeysRequest method.
//    req, resp := client.ListSSHPublicKeysRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListSSHPublicKeysRequest(input *ListSSHPublicKeysInput) (req *request.Request, output *ListSSHPublicKeysOutput) {
	op := &request.Operation{
		Name:       opListSSHPublicKeys,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListSSHPublicKeysInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListSSHPublicKeysOutput{}
	req.Data = output
	return
}

// ListSSHPublicKeys API operation for AWS Identity and Access Management.
//
// Returns information about the SSH public keys associated with the specified
// IAM user. If there are none, the action returns an empty list.
//
// The SSH public keys returned by this action are used only for authenticating
// the IAM user to an AWS CodeCommit repository. For more information about
// using SSH keys to authenticate to an AWS CodeCommit repository, see Set up
// AWS CodeCommit for SSH Connections (http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the AWS CodeCommit User Guide.
//
// Although each user is limited to a small number of keys, you can still paginate
// the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListSSHPublicKeys for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
func (c *IAM) ListSSHPublicKeys(input *ListSSHPublicKeysInput) (*ListSSHPublicKeysOutput, error) {
	req, out := c.ListSSHPublicKeysRequest(input)
	err := req.Send()
	return out, err
}

// ListSSHPublicKeysPages iterates over the pages of a ListSSHPublicKeys operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListSSHPublicKeys method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListSSHPublicKeys operation.
//    pageNum := 0
//    err := client.ListSSHPublicKeysPages(params,
//        func(page *ListSSHPublicKeysOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListSSHPublicKeysPages(input *ListSSHPublicKeysInput, fn func(p *ListSSHPublicKeysOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListSSHPublicKeysRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListSSHPublicKeysOutput), lastPage)
	})
}

const opListServerCertificates = "ListServerCertificates"

// ListServerCertificatesRequest generates a "aws/request.Request" representing the
// client's request for the ListServerCertificates operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListServerCertificates for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListServerCertificates method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListServerCertificatesRequest method.
//    req, resp := client.ListServerCertificatesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListServerCertificatesRequest(input *ListServerCertificatesInput) (req *request.Request, output *ListServerCertificatesOutput) {
	op := &request.Operation{
		Name:       opListServerCertificates,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListServerCertificatesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListServerCertificatesOutput{}
	req.Data = output
	return
}

// ListServerCertificates API operation for AWS Identity and Access Management.
//
// Lists the server certificates stored in IAM that have the specified path
// prefix. If none exist, the action returns an empty list.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// For more information about working with server certificates, including a
// list of AWS services that can use the server certificates that you manage
// with IAM, go to Working with Server Certificates (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListServerCertificates for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListServerCertificates(input *ListServerCertificatesInput) (*ListServerCertificatesOutput, error) {
	req, out := c.ListServerCertificatesRequest(input)
	err := req.Send()
	return out, err
}

// ListServerCertificatesPages iterates over the pages of a ListServerCertificates operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListServerCertificates method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListServerCertificates operation.
//    pageNum := 0
//    err := client.ListServerCertificatesPages(params,
//        func(page *ListServerCertificatesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListServerCertificatesPages(input *ListServerCertificatesInput, fn func(p *ListServerCertificatesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListServerCertificatesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListServerCertificatesOutput), lastPage)
	})
}

const opListSigningCertificates = "ListSigningCertificates"

// ListSigningCertificatesRequest generates a "aws/request.Request" representing the
// client's request for the ListSigningCertificates operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListSigningCertificates for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListSigningCertificates method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListSigningCertificatesRequest method.
//    req, resp := client.ListSigningCertificatesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListSigningCertificatesRequest(input *ListSigningCertificatesInput) (req *request.Request, output *ListSigningCertificatesOutput) {
	op := &request.Operation{
		Name:       opListSigningCertificates,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListSigningCertificatesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListSigningCertificatesOutput{}
	req.Data = output
	return
}

// ListSigningCertificates API operation for AWS Identity and Access Management.
//
// Returns information about the signing certificates associated with the specified
// IAM user. If there are none, the action returns an empty list.
//
// Although each user is limited to a small number of signing certificates,
// you can still paginate the results using the MaxItems and Marker parameters.
//
// If the UserName field is not specified, the user name is determined implicitly
// based on the AWS access key ID used to sign the request for this API. Because
// this action works for access keys under the AWS account, you can use this
// action to manage root credentials even if the AWS account has no associated
// users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListSigningCertificates for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListSigningCertificates(input *ListSigningCertificatesInput) (*ListSigningCertificatesOutput, error) {
	req, out := c.ListSigningCertificatesRequest(input)
	err := req.Send()
	return out, err
}

// ListSigningCertificatesPages iterates over the pages of a ListSigningCertificates operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListSigningCertificates method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListSigningCertificates operation.
//    pageNum := 0
//    err := client.ListSigningCertificatesPages(params,
//        func(page *ListSigningCertificatesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListSigningCertificatesPages(input *ListSigningCertificatesInput, fn func(p *ListSigningCertificatesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListSigningCertificatesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListSigningCertificatesOutput), lastPage)
	})
}

const opListUserPolicies = "ListUserPolicies"

// ListUserPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListUserPolicies operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListUserPolicies for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListUserPolicies method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListUserPoliciesRequest method.
//    req, resp := client.ListUserPoliciesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListUserPoliciesRequest(input *ListUserPoliciesInput) (req *request.Request, output *ListUserPoliciesOutput) {
	op := &request.Operation{
		Name:       opListUserPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListUserPoliciesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListUserPoliciesOutput{}
	req.Data = output
	return
}

// ListUserPolicies API operation for AWS Identity and Access Management.
//
// Lists the names of the inline policies embedded in the specified IAM user.
//
// An IAM user can also have managed policies attached to it. To list the managed
// policies that are attached to a user, use ListAttachedUserPolicies. For more
// information about policies, see Managed Policies and Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// You can paginate the results using the MaxItems and Marker parameters. If
// there are no inline policies embedded with the specified user, the action
// returns an empty list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListUserPolicies for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListUserPolicies(input *ListUserPoliciesInput) (*ListUserPoliciesOutput, error) {
	req, out := c.ListUserPoliciesRequest(input)
	err := req.Send()
	return out, err
}

// ListUserPoliciesPages iterates over the pages of a ListUserPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListUserPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListUserPolicies operation.
//    pageNum := 0
//    err := client.ListUserPoliciesPages(params,
//        func(page *ListUserPoliciesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListUserPoliciesPages(input *ListUserPoliciesInput, fn func(p *ListUserPoliciesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListUserPoliciesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListUserPoliciesOutput), lastPage)
	})
}

const opListUsers = "ListUsers"

// ListUsersRequest generates a "aws/request.Request" representing the
// client's request for the ListUsers operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListUsers for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListUsers method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListUsersRequest method.
//    req, resp := client.ListUsersRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListUsersRequest(input *ListUsersInput) (req *request.Request, output *ListUsersOutput) {
	op := &request.Operation{
		Name:       opListUsers,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListUsersInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListUsersOutput{}
	req.Data = output
	return
}

// ListUsers API operation for AWS Identity and Access Management.
//
// Lists the IAM users that have the specified path prefix. If no path prefix
// is specified, the action returns all users in the AWS account. If there are
// none, the action returns an empty list.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListUsers for usage and error information.
//
// Returned Error Codes:
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ListUsers(input *ListUsersInput) (*ListUsersOutput, error) {
	req, out := c.ListUsersRequest(input)
	err := req.Send()
	return out, err
}

// ListUsersPages iterates over the pages of a ListUsers operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListUsers method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListUsers operation.
//    pageNum := 0
//    err := client.ListUsersPages(params,
//        func(page *ListUsersOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListUsersPages(input *ListUsersInput, fn func(p *ListUsersOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListUsersRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListUsersOutput), lastPage)
	})
}

const opListVirtualMFADevices = "ListVirtualMFADevices"

// ListVirtualMFADevicesRequest generates a "aws/request.Request" representing the
// client's request for the ListVirtualMFADevices operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ListVirtualMFADevices for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ListVirtualMFADevices method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ListVirtualMFADevicesRequest method.
//    req, resp := client.ListVirtualMFADevicesRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ListVirtualMFADevicesRequest(input *ListVirtualMFADevicesInput) (req *request.Request, output *ListVirtualMFADevicesOutput) {
	op := &request.Operation{
		Name:       opListVirtualMFADevices,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &ListVirtualMFADevicesInput{}
	}

	req = c.newRequest(op, input, output)
	output = &ListVirtualMFADevicesOutput{}
	req.Data = output
	return
}

// ListVirtualMFADevices API operation for AWS Identity and Access Management.
//
// Lists the virtual MFA devices defined in the AWS account by assignment status.
// If you do not specify an assignment status, the action returns a list of
// all virtual MFA devices. Assignment status can be Assigned, Unassigned, or
// Any.
//
// You can paginate the results using the MaxItems and Marker parameters.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ListVirtualMFADevices for usage and error information.
func (c *IAM) ListVirtualMFADevices(input *ListVirtualMFADevicesInput) (*ListVirtualMFADevicesOutput, error) {
	req, out := c.ListVirtualMFADevicesRequest(input)
	err := req.Send()
	return out, err
}

// ListVirtualMFADevicesPages iterates over the pages of a ListVirtualMFADevices operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListVirtualMFADevices method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a ListVirtualMFADevices operation.
//    pageNum := 0
//    err := client.ListVirtualMFADevicesPages(params,
//        func(page *ListVirtualMFADevicesOutput, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) ListVirtualMFADevicesPages(input *ListVirtualMFADevicesInput, fn func(p *ListVirtualMFADevicesOutput, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.ListVirtualMFADevicesRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*ListVirtualMFADevicesOutput), lastPage)
	})
}

const opPutGroupPolicy = "PutGroupPolicy"

// PutGroupPolicyRequest generates a "aws/request.Request" representing the
// client's request for the PutGroupPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See PutGroupPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the PutGroupPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the PutGroupPolicyRequest method.
//    req, resp := client.PutGroupPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) PutGroupPolicyRequest(input *PutGroupPolicyInput) (req *request.Request, output *PutGroupPolicyOutput) {
	op := &request.Operation{
		Name:       opPutGroupPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &PutGroupPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &PutGroupPolicyOutput{}
	req.Data = output
	return
}

// PutGroupPolicy API operation for AWS Identity and Access Management.
//
// Adds or updates an inline policy document that is embedded in the specified
// IAM group.
//
// A user can also have managed policies attached to it. To attach a managed
// policy to a group, use AttachGroupPolicy. To create a new managed policy,
// use CreatePolicy. For information about policies, see Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// For information about limits on the number of inline policies that you can
// embed in a group, see Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET
// when calling PutGroupPolicy. For general information about using the Query
// API with IAM, go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation PutGroupPolicy for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * MalformedPolicyDocument
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) PutGroupPolicy(input *PutGroupPolicyInput) (*PutGroupPolicyOutput, error) {
	req, out := c.PutGroupPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opPutRolePolicy = "PutRolePolicy"

// PutRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the PutRolePolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See PutRolePolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the PutRolePolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the PutRolePolicyRequest method.
//    req, resp := client.PutRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) PutRolePolicyRequest(input *PutRolePolicyInput) (req *request.Request, output *PutRolePolicyOutput) {
	op := &request.Operation{
		Name:       opPutRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &PutRolePolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &PutRolePolicyOutput{}
	req.Data = output
	return
}

// PutRolePolicy API operation for AWS Identity and Access Management.
//
// Adds or updates an inline policy document that is embedded in the specified
// IAM role.
//
// When you embed an inline policy in a role, the inline policy is used as part
// of the role's access (permissions) policy. The role's trust policy is created
// at the same time as the role, using CreateRole. You can update a role's trust
// policy using UpdateAssumeRolePolicy. For more information about IAM roles,
// go to Using Roles to Delegate Permissions and Federate Identities (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
//
// A role can also have a managed policy attached to it. To attach a managed
// policy to a role, use AttachRolePolicy. To create a new managed policy, use
// CreatePolicy. For information about policies, see Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// For information about limits on the number of inline policies that you can
// embed with a role, see Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET
// when calling PutRolePolicy. For general information about using the Query
// API with IAM, go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation PutRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * MalformedPolicyDocument
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) PutRolePolicy(input *PutRolePolicyInput) (*PutRolePolicyOutput, error) {
	req, out := c.PutRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

const opPutUserPolicy = "PutUserPolicy"

// PutUserPolicyRequest generates a "aws/request.Request" representing the
// client's request for the PutUserPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See PutUserPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the PutUserPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the PutUserPolicyRequest method.
//    req, resp := client.PutUserPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) PutUserPolicyRequest(input *PutUserPolicyInput) (req *request.Request, output *PutUserPolicyOutput) {
	op := &request.Operation{
		Name:       opPutUserPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &PutUserPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &PutUserPolicyOutput{}
	req.Data = output
	return
}

// PutUserPolicy API operation for AWS Identity and Access Management.
//
// Adds or updates an inline policy document that is embedded in the specified
// IAM user.
//
// An IAM user can also have a managed policy attached to it. To attach a managed
// policy to a user, use AttachUserPolicy. To create a new managed policy, use
// CreatePolicy. For information about policies, see Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// For information about limits on the number of inline policies that you can
// embed in a user, see Limitations on IAM Entities (http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html)
// in the IAM User Guide.
//
// Because policy documents can be large, you should use POST rather than GET
// when calling PutUserPolicy. For general information about using the Query
// API with IAM, go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation PutUserPolicy for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * MalformedPolicyDocument
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) PutUserPolicy(input *PutUserPolicyInput) (*PutUserPolicyOutput, error) {
	req, out := c.PutUserPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opRemoveClientIDFromOpenIDConnectProvider = "RemoveClientIDFromOpenIDConnectProvider"

// RemoveClientIDFromOpenIDConnectProviderRequest generates a "aws/request.Request" representing the
// client's request for the RemoveClientIDFromOpenIDConnectProvider operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See RemoveClientIDFromOpenIDConnectProvider for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the RemoveClientIDFromOpenIDConnectProvider method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the RemoveClientIDFromOpenIDConnectProviderRequest method.
//    req, resp := client.RemoveClientIDFromOpenIDConnectProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) RemoveClientIDFromOpenIDConnectProviderRequest(input *RemoveClientIDFromOpenIDConnectProviderInput) (req *request.Request, output *RemoveClientIDFromOpenIDConnectProviderOutput) {
	op := &request.Operation{
		Name:       opRemoveClientIDFromOpenIDConnectProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &RemoveClientIDFromOpenIDConnectProviderInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &RemoveClientIDFromOpenIDConnectProviderOutput{}
	req.Data = output
	return
}

// RemoveClientIDFromOpenIDConnectProvider API operation for AWS Identity and Access Management.
//
// Removes the specified client ID (also known as audience) from the list of
// client IDs registered for the specified IAM OpenID Connect (OIDC) provider
// resource object.
//
// This action is idempotent; it does not fail or return an error if you try
// to remove a client ID that does not exist.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation RemoveClientIDFromOpenIDConnectProvider for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) RemoveClientIDFromOpenIDConnectProvider(input *RemoveClientIDFromOpenIDConnectProviderInput) (*RemoveClientIDFromOpenIDConnectProviderOutput, error) {
	req, out := c.RemoveClientIDFromOpenIDConnectProviderRequest(input)
	err := req.Send()
	return out, err
}

const opRemoveRoleFromInstanceProfile = "RemoveRoleFromInstanceProfile"

// RemoveRoleFromInstanceProfileRequest generates a "aws/request.Request" representing the
// client's request for the RemoveRoleFromInstanceProfile operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See RemoveRoleFromInstanceProfile for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the RemoveRoleFromInstanceProfile method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the RemoveRoleFromInstanceProfileRequest method.
//    req, resp := client.RemoveRoleFromInstanceProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) RemoveRoleFromInstanceProfileRequest(input *RemoveRoleFromInstanceProfileInput) (req *request.Request, output *RemoveRoleFromInstanceProfileOutput) {
	op := &request.Operation{
		Name:       opRemoveRoleFromInstanceProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &RemoveRoleFromInstanceProfileInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &RemoveRoleFromInstanceProfileOutput{}
	req.Data = output
	return
}

// RemoveRoleFromInstanceProfile API operation for AWS Identity and Access Management.
//
// Removes the specified IAM role from the specified EC2 instance profile.
//
// Make sure you do not have any Amazon EC2 instances running with the role
// you are about to remove from the instance profile. Removing a role from an
// instance profile that is associated with a running instance break any applications
// running on the instance.
//
// For more information about IAM roles, go to Working with Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html).
// For more information about instance profiles, go to About Instance Profiles
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation RemoveRoleFromInstanceProfile for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) RemoveRoleFromInstanceProfile(input *RemoveRoleFromInstanceProfileInput) (*RemoveRoleFromInstanceProfileOutput, error) {
	req, out := c.RemoveRoleFromInstanceProfileRequest(input)
	err := req.Send()
	return out, err
}

const opRemoveUserFromGroup = "RemoveUserFromGroup"

// RemoveUserFromGroupRequest generates a "aws/request.Request" representing the
// client's request for the RemoveUserFromGroup operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See RemoveUserFromGroup for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the RemoveUserFromGroup method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the RemoveUserFromGroupRequest method.
//    req, resp := client.RemoveUserFromGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) RemoveUserFromGroupRequest(input *RemoveUserFromGroupInput) (req *request.Request, output *RemoveUserFromGroupOutput) {
	op := &request.Operation{
		Name:       opRemoveUserFromGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &RemoveUserFromGroupInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &RemoveUserFromGroupOutput{}
	req.Data = output
	return
}

// RemoveUserFromGroup API operation for AWS Identity and Access Management.
//
// Removes the specified user from the specified group.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation RemoveUserFromGroup for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) RemoveUserFromGroup(input *RemoveUserFromGroupInput) (*RemoveUserFromGroupOutput, error) {
	req, out := c.RemoveUserFromGroupRequest(input)
	err := req.Send()
	return out, err
}

const opResyncMFADevice = "ResyncMFADevice"

// ResyncMFADeviceRequest generates a "aws/request.Request" representing the
// client's request for the ResyncMFADevice operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See ResyncMFADevice for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the ResyncMFADevice method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the ResyncMFADeviceRequest method.
//    req, resp := client.ResyncMFADeviceRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) ResyncMFADeviceRequest(input *ResyncMFADeviceInput) (req *request.Request, output *ResyncMFADeviceOutput) {
	op := &request.Operation{
		Name:       opResyncMFADevice,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ResyncMFADeviceInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &ResyncMFADeviceOutput{}
	req.Data = output
	return
}

// ResyncMFADevice API operation for AWS Identity and Access Management.
//
// Synchronizes the specified MFA device with its IAM resource object on the
// AWS servers.
//
// For more information about creating and working with virtual MFA devices,
// go to Using a Virtual MFA Device (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation ResyncMFADevice for usage and error information.
//
// Returned Error Codes:
//   * InvalidAuthenticationCode
//   The request was rejected because the authentication code was not recognized.
//   The error message describes the specific error.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) ResyncMFADevice(input *ResyncMFADeviceInput) (*ResyncMFADeviceOutput, error) {
	req, out := c.ResyncMFADeviceRequest(input)
	err := req.Send()
	return out, err
}

const opSetDefaultPolicyVersion = "SetDefaultPolicyVersion"

// SetDefaultPolicyVersionRequest generates a "aws/request.Request" representing the
// client's request for the SetDefaultPolicyVersion operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See SetDefaultPolicyVersion for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the SetDefaultPolicyVersion method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the SetDefaultPolicyVersionRequest method.
//    req, resp := client.SetDefaultPolicyVersionRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) SetDefaultPolicyVersionRequest(input *SetDefaultPolicyVersionInput) (req *request.Request, output *SetDefaultPolicyVersionOutput) {
	op := &request.Operation{
		Name:       opSetDefaultPolicyVersion,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &SetDefaultPolicyVersionInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &SetDefaultPolicyVersionOutput{}
	req.Data = output
	return
}

// SetDefaultPolicyVersion API operation for AWS Identity and Access Management.
//
// Sets the specified version of the specified policy as the policy's default
// (operative) version.
//
// This action affects all users, groups, and roles that the policy is attached
// to. To list the users, groups, and roles that the policy is attached to,
// use the ListEntitiesForPolicy API.
//
// For information about managed policies, see Managed Policies and Inline Policies
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation SetDefaultPolicyVersion for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) SetDefaultPolicyVersion(input *SetDefaultPolicyVersionInput) (*SetDefaultPolicyVersionOutput, error) {
	req, out := c.SetDefaultPolicyVersionRequest(input)
	err := req.Send()
	return out, err
}

const opSimulateCustomPolicy = "SimulateCustomPolicy"

// SimulateCustomPolicyRequest generates a "aws/request.Request" representing the
// client's request for the SimulateCustomPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See SimulateCustomPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the SimulateCustomPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the SimulateCustomPolicyRequest method.
//    req, resp := client.SimulateCustomPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) SimulateCustomPolicyRequest(input *SimulateCustomPolicyInput) (req *request.Request, output *SimulatePolicyResponse) {
	op := &request.Operation{
		Name:       opSimulateCustomPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &SimulateCustomPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &SimulatePolicyResponse{}
	req.Data = output
	return
}

// SimulateCustomPolicy API operation for AWS Identity and Access Management.
//
// Simulate how a set of IAM policies and optionally a resource-based policy
// works with a list of API actions and AWS resources to determine the policies'
// effective permissions. The policies are provided as strings.
//
// The simulation does not perform the API actions; it only checks the authorization
// to determine if the simulated policies allow or deny the actions.
//
// If you want to simulate existing policies attached to an IAM user, group,
// or role, use SimulatePrincipalPolicy instead.
//
// Context keys are variables maintained by AWS and its services that provide
// details about the context of an API query request. You can use the Condition
// element of an IAM policy to evaluate context keys. To get the list of context
// keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy.
//
// If the output is long, you can use MaxItems and Marker parameters to paginate
// the results.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation SimulateCustomPolicy for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * PolicyEvaluation
//   The request failed because a provided policy could not be successfully evaluated.
//   An additional detail message indicates the source of the failure.
//
func (c *IAM) SimulateCustomPolicy(input *SimulateCustomPolicyInput) (*SimulatePolicyResponse, error) {
	req, out := c.SimulateCustomPolicyRequest(input)
	err := req.Send()
	return out, err
}

// SimulateCustomPolicyPages iterates over the pages of a SimulateCustomPolicy operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See SimulateCustomPolicy method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a SimulateCustomPolicy operation.
//    pageNum := 0
//    err := client.SimulateCustomPolicyPages(params,
//        func(page *SimulatePolicyResponse, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) SimulateCustomPolicyPages(input *SimulateCustomPolicyInput, fn func(p *SimulatePolicyResponse, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.SimulateCustomPolicyRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*SimulatePolicyResponse), lastPage)
	})
}

const opSimulatePrincipalPolicy = "SimulatePrincipalPolicy"

// SimulatePrincipalPolicyRequest generates a "aws/request.Request" representing the
// client's request for the SimulatePrincipalPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See SimulatePrincipalPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the SimulatePrincipalPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the SimulatePrincipalPolicyRequest method.
//    req, resp := client.SimulatePrincipalPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) SimulatePrincipalPolicyRequest(input *SimulatePrincipalPolicyInput) (req *request.Request, output *SimulatePolicyResponse) {
	op := &request.Operation{
		Name:       opSimulatePrincipalPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"Marker"},
			OutputTokens:    []string{"Marker"},
			LimitToken:      "MaxItems",
			TruncationToken: "IsTruncated",
		},
	}

	if input == nil {
		input = &SimulatePrincipalPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &SimulatePolicyResponse{}
	req.Data = output
	return
}

// SimulatePrincipalPolicy API operation for AWS Identity and Access Management.
//
// Simulate how a set of IAM policies attached to an IAM entity works with a
// list of API actions and AWS resources to determine the policies' effective
// permissions. The entity can be an IAM user, group, or role. If you specify
// a user, then the simulation also includes all of the policies that are attached
// to groups that the user belongs to .
//
// You can optionally include a list of one or more additional policies specified
// as strings to include in the simulation. If you want to simulate only policies
// specified as strings, use SimulateCustomPolicy instead.
//
// You can also optionally include one resource-based policy to be evaluated
// with each of the resources included in the simulation.
//
// The simulation does not perform the API actions, it only checks the authorization
// to determine if the simulated policies allow or deny the actions.
//
// Note: This API discloses information about the permissions granted to other
// users. If you do not want users to see other user's permissions, then consider
// allowing them to use SimulateCustomPolicy instead.
//
// Context keys are variables maintained by AWS and its services that provide
// details about the context of an API query request. You can use the Condition
// element of an IAM policy to evaluate context keys. To get the list of context
// keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.
//
// If the output is long, you can use the MaxItems and Marker parameters to
// paginate the results.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation SimulatePrincipalPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * PolicyEvaluation
//   The request failed because a provided policy could not be successfully evaluated.
//   An additional detail message indicates the source of the failure.
//
func (c *IAM) SimulatePrincipalPolicy(input *SimulatePrincipalPolicyInput) (*SimulatePolicyResponse, error) {
	req, out := c.SimulatePrincipalPolicyRequest(input)
	err := req.Send()
	return out, err
}

// SimulatePrincipalPolicyPages iterates over the pages of a SimulatePrincipalPolicy operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See SimulatePrincipalPolicy method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//    // Example iterating over at most 3 pages of a SimulatePrincipalPolicy operation.
//    pageNum := 0
//    err := client.SimulatePrincipalPolicyPages(params,
//        func(page *SimulatePolicyResponse, lastPage bool) bool {
//            pageNum++
//            fmt.Println(page)
//            return pageNum <= 3
//        })
//
func (c *IAM) SimulatePrincipalPolicyPages(input *SimulatePrincipalPolicyInput, fn func(p *SimulatePolicyResponse, lastPage bool) (shouldContinue bool)) error {
	page, _ := c.SimulatePrincipalPolicyRequest(input)
	page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator"))
	return page.EachPage(func(p interface{}, lastPage bool) bool {
		return fn(p.(*SimulatePolicyResponse), lastPage)
	})
}

const opUpdateAccessKey = "UpdateAccessKey"

// UpdateAccessKeyRequest generates a "aws/request.Request" representing the
// client's request for the UpdateAccessKey operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateAccessKey for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateAccessKey method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateAccessKeyRequest method.
//    req, resp := client.UpdateAccessKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateAccessKeyRequest(input *UpdateAccessKeyInput) (req *request.Request, output *UpdateAccessKeyOutput) {
	op := &request.Operation{
		Name:       opUpdateAccessKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateAccessKeyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &UpdateAccessKeyOutput{}
	req.Data = output
	return
}

// UpdateAccessKey API operation for AWS Identity and Access Management.
//
// Changes the status of the specified access key from Active to Inactive, or
// vice versa. This action can be used to disable a user's key as part of a
// key rotation work flow.
//
// If the UserName field is not specified, the UserName is determined implicitly
// based on the AWS access key ID used to sign the request. Because this action
// works for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
//
// For information about rotating keys, see Managing Keys and Certificates (http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateAccessKey for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UpdateAccessKey(input *UpdateAccessKeyInput) (*UpdateAccessKeyOutput, error) {
	req, out := c.UpdateAccessKeyRequest(input)
	err := req.Send()
	return out, err
}

const opUpdateAccountPasswordPolicy = "UpdateAccountPasswordPolicy"

// UpdateAccountPasswordPolicyRequest generates a "aws/request.Request" representing the
// client's request for the UpdateAccountPasswordPolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateAccountPasswordPolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateAccountPasswordPolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateAccountPasswordPolicyRequest method.
//    req, resp := client.UpdateAccountPasswordPolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateAccountPasswordPolicyRequest(input *UpdateAccountPasswordPolicyInput) (req *request.Request, output *UpdateAccountPasswordPolicyOutput) {
	op := &request.Operation{
		Name:       opUpdateAccountPasswordPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateAccountPasswordPolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &UpdateAccountPasswordPolicyOutput{}
	req.Data = output
	return
}

// UpdateAccountPasswordPolicy API operation for AWS Identity and Access Management.
//
// Updates the password policy settings for the AWS account.
//
// This action does not support partial updates. No parameters are required,
// but if you do not specify a parameter, that parameter's value reverts to
// its default value. See the Request Parameters section for each parameter's
// default value.
//
// For more information about using a password policy, see Managing an IAM Password
// Policy (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateAccountPasswordPolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * MalformedPolicyDocument
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UpdateAccountPasswordPolicy(input *UpdateAccountPasswordPolicyInput) (*UpdateAccountPasswordPolicyOutput, error) {
	req, out := c.UpdateAccountPasswordPolicyRequest(input)
	err := req.Send()
	return out, err
}

const opUpdateAssumeRolePolicy = "UpdateAssumeRolePolicy"

// UpdateAssumeRolePolicyRequest generates a "aws/request.Request" representing the
// client's request for the UpdateAssumeRolePolicy operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateAssumeRolePolicy for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateAssumeRolePolicy method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateAssumeRolePolicyRequest method.
//    req, resp := client.UpdateAssumeRolePolicyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateAssumeRolePolicyRequest(input *UpdateAssumeRolePolicyInput) (req *request.Request, output *UpdateAssumeRolePolicyOutput) {
	op := &request.Operation{
		Name:       opUpdateAssumeRolePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateAssumeRolePolicyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &UpdateAssumeRolePolicyOutput{}
	req.Data = output
	return
}

// UpdateAssumeRolePolicy API operation for AWS Identity and Access Management.
//
// Updates the policy that grants an IAM entity permission to assume a role.
// This is typically referred to as the "role trust policy". For more information
// about roles, go to Using Roles to Delegate Permissions and Federate Identities
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateAssumeRolePolicy for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * MalformedPolicyDocument
//   The request was rejected because the policy document was malformed. The error
//   message describes the specific error.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UpdateAssumeRolePolicy(input *UpdateAssumeRolePolicyInput) (*UpdateAssumeRolePolicyOutput, error) {
	req, out := c.UpdateAssumeRolePolicyRequest(input)
	err := req.Send()
	return out, err
}

const opUpdateGroup = "UpdateGroup"

// UpdateGroupRequest generates a "aws/request.Request" representing the
// client's request for the UpdateGroup operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateGroup for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateGroup method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateGroupRequest method.
//    req, resp := client.UpdateGroupRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateGroupRequest(input *UpdateGroupInput) (req *request.Request, output *UpdateGroupOutput) {
	op := &request.Operation{
		Name:       opUpdateGroup,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateGroupInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &UpdateGroupOutput{}
	req.Data = output
	return
}

// UpdateGroup API operation for AWS Identity and Access Management.
//
// Updates the name and/or the path of the specified IAM group.
//
// You should understand the implications of changing a group's path or name.
// For more information, see Renaming Users and Groups (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html)
// in the IAM User Guide.
//
// To change an IAM group name the requester must have appropriate permissions
// on both the source object and the target object. For example, to change "Managers"
// to "MGRs", the entity making the request must have permission on both "Managers"
// and "MGRs", or must have permission on all (*). For more information about
// permissions, see Permissions and Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateGroup for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UpdateGroup(input *UpdateGroupInput) (*UpdateGroupOutput, error) {
	req, out := c.UpdateGroupRequest(input)
	err := req.Send()
	return out, err
}

const opUpdateLoginProfile = "UpdateLoginProfile"

// UpdateLoginProfileRequest generates a "aws/request.Request" representing the
// client's request for the UpdateLoginProfile operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateLoginProfile for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateLoginProfile method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateLoginProfileRequest method.
//    req, resp := client.UpdateLoginProfileRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateLoginProfileRequest(input *UpdateLoginProfileInput) (req *request.Request, output *UpdateLoginProfileOutput) {
	op := &request.Operation{
		Name:       opUpdateLoginProfile,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateLoginProfileInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &UpdateLoginProfileOutput{}
	req.Data = output
	return
}

// UpdateLoginProfile API operation for AWS Identity and Access Management.
//
// Changes the password for the specified IAM user.
//
// IAM users can change their own passwords by calling ChangePassword. For more
// information about modifying passwords, see Managing Passwords (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateLoginProfile for usage and error information.
//
// Returned Error Codes:
//   * EntityTemporarilyUnmodifiable
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * PasswordPolicyViolation
//   The request was rejected because the provided password did not meet the requirements
//   imposed by the account password policy.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UpdateLoginProfile(input *UpdateLoginProfileInput) (*UpdateLoginProfileOutput, error) {
	req, out := c.UpdateLoginProfileRequest(input)
	err := req.Send()
	return out, err
}

const opUpdateOpenIDConnectProviderThumbprint = "UpdateOpenIDConnectProviderThumbprint"

// UpdateOpenIDConnectProviderThumbprintRequest generates a "aws/request.Request" representing the
// client's request for the UpdateOpenIDConnectProviderThumbprint operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateOpenIDConnectProviderThumbprint for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateOpenIDConnectProviderThumbprint method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateOpenIDConnectProviderThumbprintRequest method.
//    req, resp := client.UpdateOpenIDConnectProviderThumbprintRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateOpenIDConnectProviderThumbprintRequest(input *UpdateOpenIDConnectProviderThumbprintInput) (req *request.Request, output *UpdateOpenIDConnectProviderThumbprintOutput) {
	op := &request.Operation{
		Name:       opUpdateOpenIDConnectProviderThumbprint,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateOpenIDConnectProviderThumbprintInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &UpdateOpenIDConnectProviderThumbprintOutput{}
	req.Data = output
	return
}

// UpdateOpenIDConnectProviderThumbprint API operation for AWS Identity and Access Management.
//
// Replaces the existing list of server certificate thumbprints associated with
// an OpenID Connect (OIDC) provider resource object with a new list of thumbprints.
//
// The list that you pass with this action completely replaces the existing
// list of thumbprints. (The lists are not merged.)
//
// Typically, you need to update a thumbprint only when the identity provider's
// certificate changes, which occurs rarely. However, if the provider's certificate
// does change, any attempt to assume an IAM role that specifies the OIDC provider
// as a principal fails until the certificate thumbprint is updated.
//
// Because trust for the OIDC provider is ultimately derived from the provider's
// certificate and is validated by the thumbprint, it is a best practice to
// limit access to the UpdateOpenIDConnectProviderThumbprint action to highly-privileged
// users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateOpenIDConnectProviderThumbprint for usage and error information.
//
// Returned Error Codes:
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UpdateOpenIDConnectProviderThumbprint(input *UpdateOpenIDConnectProviderThumbprintInput) (*UpdateOpenIDConnectProviderThumbprintOutput, error) {
	req, out := c.UpdateOpenIDConnectProviderThumbprintRequest(input)
	err := req.Send()
	return out, err
}

const opUpdateSAMLProvider = "UpdateSAMLProvider"

// UpdateSAMLProviderRequest generates a "aws/request.Request" representing the
// client's request for the UpdateSAMLProvider operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateSAMLProvider for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateSAMLProvider method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateSAMLProviderRequest method.
//    req, resp := client.UpdateSAMLProviderRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateSAMLProviderRequest(input *UpdateSAMLProviderInput) (req *request.Request, output *UpdateSAMLProviderOutput) {
	op := &request.Operation{
		Name:       opUpdateSAMLProvider,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateSAMLProviderInput{}
	}

	req = c.newRequest(op, input, output)
	output = &UpdateSAMLProviderOutput{}
	req.Data = output
	return
}

// UpdateSAMLProvider API operation for AWS Identity and Access Management.
//
// Updates the metadata document for an existing SAML provider resource object.
//
// This operation requires Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateSAMLProvider for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidInput
//   The request was rejected because an invalid or out-of-range value was supplied
//   for an input parameter.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UpdateSAMLProvider(input *UpdateSAMLProviderInput) (*UpdateSAMLProviderOutput, error) {
	req, out := c.UpdateSAMLProviderRequest(input)
	err := req.Send()
	return out, err
}

const opUpdateSSHPublicKey = "UpdateSSHPublicKey"

// UpdateSSHPublicKeyRequest generates a "aws/request.Request" representing the
// client's request for the UpdateSSHPublicKey operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateSSHPublicKey for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateSSHPublicKey method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateSSHPublicKeyRequest method.
//    req, resp := client.UpdateSSHPublicKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateSSHPublicKeyRequest(input *UpdateSSHPublicKeyInput) (req *request.Request, output *UpdateSSHPublicKeyOutput) {
	op := &request.Operation{
		Name:       opUpdateSSHPublicKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateSSHPublicKeyInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &UpdateSSHPublicKeyOutput{}
	req.Data = output
	return
}

// UpdateSSHPublicKey API operation for AWS Identity and Access Management.
//
// Sets the status of an IAM user's SSH public key to active or inactive. SSH
// public keys that are inactive cannot be used for authentication. This action
// can be used to disable a user's SSH public key as part of a key rotation
// work flow.
//
// The SSH public key affected by this action is used only for authenticating
// the associated IAM user to an AWS CodeCommit repository. For more information
// about using SSH keys to authenticate to an AWS CodeCommit repository, see
// Set up AWS CodeCommit for SSH Connections (http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the AWS CodeCommit User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateSSHPublicKey for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
func (c *IAM) UpdateSSHPublicKey(input *UpdateSSHPublicKeyInput) (*UpdateSSHPublicKeyOutput, error) {
	req, out := c.UpdateSSHPublicKeyRequest(input)
	err := req.Send()
	return out, err
}

const opUpdateServerCertificate = "UpdateServerCertificate"

// UpdateServerCertificateRequest generates a "aws/request.Request" representing the
// client's request for the UpdateServerCertificate operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateServerCertificate for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateServerCertificate method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateServerCertificateRequest method.
//    req, resp := client.UpdateServerCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateServerCertificateRequest(input *UpdateServerCertificateInput) (req *request.Request, output *UpdateServerCertificateOutput) {
	op := &request.Operation{
		Name:       opUpdateServerCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateServerCertificateInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &UpdateServerCertificateOutput{}
	req.Data = output
	return
}

// UpdateServerCertificate API operation for AWS Identity and Access Management.
//
// Updates the name and/or the path of the specified server certificate stored
// in IAM.
//
// For more information about working with server certificates, including a
// list of AWS services that can use the server certificates that you manage
// with IAM, go to Working with Server Certificates (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
//
// You should understand the implications of changing a server certificate's
// path or name. For more information, see Renaming a Server Certificate (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts)
// in the IAM User Guide.
//
// To change a server certificate name the requester must have appropriate permissions
// on both the source object and the target object. For example, to change the
// name from "ProductionCert" to "ProdCert", the entity making the request must
// have permission on "ProductionCert" and "ProdCert", or must have permission
// on all (*). For more information about permissions, see Access Management
// (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the IAM
// User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateServerCertificate for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UpdateServerCertificate(input *UpdateServerCertificateInput) (*UpdateServerCertificateOutput, error) {
	req, out := c.UpdateServerCertificateRequest(input)
	err := req.Send()
	return out, err
}

const opUpdateSigningCertificate = "UpdateSigningCertificate"

// UpdateSigningCertificateRequest generates a "aws/request.Request" representing the
// client's request for the UpdateSigningCertificate operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateSigningCertificate for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateSigningCertificate method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateSigningCertificateRequest method.
//    req, resp := client.UpdateSigningCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateSigningCertificateRequest(input *UpdateSigningCertificateInput) (req *request.Request, output *UpdateSigningCertificateOutput) {
	op := &request.Operation{
		Name:       opUpdateSigningCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateSigningCertificateInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &UpdateSigningCertificateOutput{}
	req.Data = output
	return
}

// UpdateSigningCertificate API operation for AWS Identity and Access Management.
//
// Changes the status of the specified user signing certificate from active
// to disabled, or vice versa. This action can be used to disable an IAM user's
// signing certificate as part of a certificate rotation work flow.
//
// If the UserName field is not specified, the UserName is determined implicitly
// based on the AWS access key ID used to sign the request. Because this action
// works for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateSigningCertificate for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UpdateSigningCertificate(input *UpdateSigningCertificateInput) (*UpdateSigningCertificateOutput, error) {
	req, out := c.UpdateSigningCertificateRequest(input)
	err := req.Send()
	return out, err
}

const opUpdateUser = "UpdateUser"

// UpdateUserRequest generates a "aws/request.Request" representing the
// client's request for the UpdateUser operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UpdateUser for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UpdateUser method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UpdateUserRequest method.
//    req, resp := client.UpdateUserRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UpdateUserRequest(input *UpdateUserInput) (req *request.Request, output *UpdateUserOutput) {
	op := &request.Operation{
		Name:       opUpdateUser,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateUserInput{}
	}

	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Remove(query.UnmarshalHandler)
	req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
	output = &UpdateUserOutput{}
	req.Data = output
	return
}

// UpdateUser API operation for AWS Identity and Access Management.
//
// Updates the name and/or the path of the specified IAM user.
//
// You should understand the implications of changing an IAM user's path or
// name. For more information, see Renaming an IAM User (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_renaming)
// and Renaming an IAM Group (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_rename.html)
// in the IAM User Guide.
//
// To change a user name the requester must have appropriate permissions on
// both the source object and the target object. For example, to change Bob
// to Robert, the entity making the request must have permission on Bob and
// Robert, or must have permission on all (*). For more information about permissions,
// see Permissions and Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UpdateUser for usage and error information.
//
// Returned Error Codes:
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * EntityTemporarilyUnmodifiable
//   The request was rejected because it referenced an entity that is temporarily
//   unmodifiable, such as a user name that was deleted and then recreated. The
//   error indicates that the request is likely to succeed if you try again after
//   waiting several minutes. The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UpdateUser(input *UpdateUserInput) (*UpdateUserOutput, error) {
	req, out := c.UpdateUserRequest(input)
	err := req.Send()
	return out, err
}

const opUploadSSHPublicKey = "UploadSSHPublicKey"

// UploadSSHPublicKeyRequest generates a "aws/request.Request" representing the
// client's request for the UploadSSHPublicKey operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UploadSSHPublicKey for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UploadSSHPublicKey method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UploadSSHPublicKeyRequest method.
//    req, resp := client.UploadSSHPublicKeyRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UploadSSHPublicKeyRequest(input *UploadSSHPublicKeyInput) (req *request.Request, output *UploadSSHPublicKeyOutput) {
	op := &request.Operation{
		Name:       opUploadSSHPublicKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UploadSSHPublicKeyInput{}
	}

	req = c.newRequest(op, input, output)
	output = &UploadSSHPublicKeyOutput{}
	req.Data = output
	return
}

// UploadSSHPublicKey API operation for AWS Identity and Access Management.
//
// Uploads an SSH public key and associates it with the specified IAM user.
//
// The SSH public key uploaded by this action can be used only for authenticating
// the associated IAM user to an AWS CodeCommit repository. For more information
// about using SSH keys to authenticate to an AWS CodeCommit repository, see
// Set up AWS CodeCommit for SSH Connections (http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html)
// in the AWS CodeCommit User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UploadSSHPublicKey for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * InvalidPublicKey
//   The request was rejected because the public key is malformed or otherwise
//   invalid.
//
//   * DuplicateSSHPublicKey
//   The request was rejected because the SSH public key is already associated
//   with the specified IAM user.
//
//   * UnrecognizedPublicKeyEncoding
//   The request was rejected because the public key encoding format is unsupported
//   or unrecognized.
//
func (c *IAM) UploadSSHPublicKey(input *UploadSSHPublicKeyInput) (*UploadSSHPublicKeyOutput, error) {
	req, out := c.UploadSSHPublicKeyRequest(input)
	err := req.Send()
	return out, err
}

const opUploadServerCertificate = "UploadServerCertificate"

// UploadServerCertificateRequest generates a "aws/request.Request" representing the
// client's request for the UploadServerCertificate operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UploadServerCertificate for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UploadServerCertificate method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UploadServerCertificateRequest method.
//    req, resp := client.UploadServerCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UploadServerCertificateRequest(input *UploadServerCertificateInput) (req *request.Request, output *UploadServerCertificateOutput) {
	op := &request.Operation{
		Name:       opUploadServerCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UploadServerCertificateInput{}
	}

	req = c.newRequest(op, input, output)
	output = &UploadServerCertificateOutput{}
	req.Data = output
	return
}

// UploadServerCertificate API operation for AWS Identity and Access Management.
//
// Uploads a server certificate entity for the AWS account. The server certificate
// entity includes a public key certificate, a private key, and an optional
// certificate chain, which should all be PEM-encoded.
//
// For more information about working with server certificates, including a
// list of AWS services that can use the server certificates that you manage
// with IAM, go to Working with Server Certificates (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
// in the IAM User Guide.
//
// For information about the number of server certificates you can upload, see
// Limitations on IAM Entities and Objects (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html)
// in the IAM User Guide.
//
// Because the body of the public key certificate, private key, and the certificate
// chain can be large, you should use POST rather than GET when calling UploadServerCertificate.
// For information about setting up signatures and authorization through the
// API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
// in the AWS General Reference. For general information about using the Query
// API with IAM, go to Calling the API by Making HTTP Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UploadServerCertificate for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * MalformedCertificate
//   The request was rejected because the certificate was malformed or expired.
//   The error message describes the specific error.
//
//   * KeyPairMismatch
//   The request was rejected because the public key certificate and the private
//   key do not match.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UploadServerCertificate(input *UploadServerCertificateInput) (*UploadServerCertificateOutput, error) {
	req, out := c.UploadServerCertificateRequest(input)
	err := req.Send()
	return out, err
}

const opUploadSigningCertificate = "UploadSigningCertificate"

// UploadSigningCertificateRequest generates a "aws/request.Request" representing the
// client's request for the UploadSigningCertificate operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
//
// See UploadSigningCertificate for usage and error information.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the UploadSigningCertificate method directly
// instead.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
//    // Example sending a request using the UploadSigningCertificateRequest method.
//    req, resp := client.UploadSigningCertificateRequest(params)
//
//    err := req.Send()
//    if err == nil { // resp is now filled
//        fmt.Println(resp)
//    }
//
func (c *IAM) UploadSigningCertificateRequest(input *UploadSigningCertificateInput) (req *request.Request, output *UploadSigningCertificateOutput) {
	op := &request.Operation{
		Name:       opUploadSigningCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UploadSigningCertificateInput{}
	}

	req = c.newRequest(op, input, output)
	output = &UploadSigningCertificateOutput{}
	req.Data = output
	return
}

// UploadSigningCertificate API operation for AWS Identity and Access Management.
//
// Uploads an X.509 signing certificate and associates it with the specified
// IAM user. Some AWS services use X.509 signing certificates to validate requests
// that are signed with a corresponding private key. When you upload the certificate,
// its default status is Active.
//
// If the UserName field is not specified, the IAM user name is determined implicitly
// based on the AWS access key ID used to sign the request. Because this action
// works for access keys under the AWS account, you can use this action to manage
// root credentials even if the AWS account has no associated users.
//
// Because the body of a X.509 certificate can be large, you should use POST
// rather than GET when calling UploadSigningCertificate. For information about
// setting up signatures and authorization through the API, go to Signing AWS
// API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
// in the AWS General Reference. For general information about using the Query
// API with IAM, go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation UploadSigningCertificate for usage and error information.
//
// Returned Error Codes:
//   * LimitExceeded
//   The request was rejected because it attempted to create resources beyond
//   the current AWS account limits. The error message describes the limit exceeded.
//
//   * EntityAlreadyExists
//   The request was rejected because it attempted to create a resource that already
//   exists.
//
//   * MalformedCertificate
//   The request was rejected because the certificate was malformed or expired.
//   The error message describes the specific error.
//
//   * InvalidCertificate
//   The request was rejected because the certificate is invalid.
//
//   * DuplicateCertificate
//   The request was rejected because the same certificate is associated with
//   an IAM user in the account.
//
//   * NoSuchEntity
//   The request was rejected because it referenced an entity that does not exist.
//   The error message describes the entity.
//
//   * ServiceFailure
//   The request processing has failed because of an unknown error, exception
//   or failure.
//
func (c *IAM) UploadSigningCertificate(input *UploadSigningCertificateInput) (*UploadSigningCertificateOutput, error) {
	req, out := c.UploadSigningCertificateRequest(input)
	err := req.Send()
	return out, err
}

// Contains information about an AWS access key.
//
// This data type is used as a response element in the CreateAccessKey and ListAccessKeys
// actions.
//
// The SecretAccessKey value is returned only in response to CreateAccessKey.
// You can get a secret access key only when you first create an access key;
// you cannot recover the secret access key later. If you lose a secret access
// key, you must create a new access key.
type AccessKey struct {
	_ struct{} `type:"structure"`

	// The ID for this access key.
	//
	// AccessKeyId is a required field
	AccessKeyId *string `min:"16" type:"string" required:"true"`

	// The date when the access key was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The secret key used to sign requests.
	//
	// SecretAccessKey is a required field
	SecretAccessKey *string `type:"string" required:"true"`

	// The status of the access key. Active means the key is valid for API calls,
	// while Inactive means it is not.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"statusType"`

	// The name of the IAM user that the access key is associated with.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s AccessKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AccessKey) GoString() string {
	return s.String()
}

// Contains information about the last time an AWS access key was used.
//
// This data type is used as a response element in the GetAccessKeyLastUsed
// action.
type AccessKeyLastUsed struct {
	_ struct{} `type:"structure"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the access key was most recently used. This field is null when:
	//
	//    * The user does not have an access key.
	//
	//    * An access key exists but has never been used, at least not since IAM
	//    started tracking this information on April 22nd, 2015.
	//
	//    * There is no sign-in data associated with the user
	//
	// LastUsedDate is a required field
	LastUsedDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The AWS region where this access key was most recently used. This field is
	// null when:
	//
	//    * The user does not have an access key.
	//
	//    * An access key exists but has never been used, at least not since IAM
	//    started tracking this information on April 22nd, 2015.
	//
	//    * There is no sign-in data associated with the user
	//
	// For more information about AWS regions, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html)
	// in the Amazon Web Services General Reference.
	//
	// Region is a required field
	Region *string `type:"string" required:"true"`

	// The name of the AWS service with which this access key was most recently
	// used. This field is null when:
	//
	//    * The user does not have an access key.
	//
	//    * An access key exists but has never been used, at least not since IAM
	//    started tracking this information on April 22nd, 2015.
	//
	//    * There is no sign-in data associated with the user
	//
	// ServiceName is a required field
	ServiceName *string `type:"string" required:"true"`
}

// String returns the string representation
func (s AccessKeyLastUsed) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AccessKeyLastUsed) GoString() string {
	return s.String()
}

// Contains information about an AWS access key, without its secret key.
//
// This data type is used as a response element in the ListAccessKeys action.
type AccessKeyMetadata struct {
	_ struct{} `type:"structure"`

	// The ID for this access key.
	AccessKeyId *string `min:"16" type:"string"`

	// The date when the access key was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The status of the access key. Active means the key is valid for API calls;
	// Inactive means it is not.
	Status *string `type:"string" enum:"statusType"`

	// The name of the IAM user that the key is associated with.
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s AccessKeyMetadata) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AccessKeyMetadata) GoString() string {
	return s.String()
}

type AddClientIDToOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// The client ID (also known as audience) to add to the IAM OpenID Connect provider
	// resource.
	//
	// ClientID is a required field
	ClientID *string `min:"1" type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider
	// resource to add the client ID to. You can get a list of OIDC provider ARNs
	// by using the ListOpenIDConnectProviders action.
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s AddClientIDToOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AddClientIDToOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AddClientIDToOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AddClientIDToOpenIDConnectProviderInput"}
	if s.ClientID == nil {
		invalidParams.Add(request.NewErrParamRequired("ClientID"))
	}
	if s.ClientID != nil && len(*s.ClientID) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ClientID", 1))
	}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type AddClientIDToOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s AddClientIDToOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AddClientIDToOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

type AddRoleToInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the instance profile to update.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// The name of the role to add.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s AddRoleToInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AddRoleToInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AddRoleToInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AddRoleToInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type AddRoleToInstanceProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s AddRoleToInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AddRoleToInstanceProfileOutput) GoString() string {
	return s.String()
}

type AddUserToGroupInput struct {
	_ struct{} `type:"structure"`

	// The name of the group to update.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The name of the user to add.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s AddUserToGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AddUserToGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AddUserToGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AddUserToGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type AddUserToGroupOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s AddUserToGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AddUserToGroupOutput) GoString() string {
	return s.String()
}

type AttachGroupPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name (friendly name, not ARN) of the group to attach the policy to.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to attach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s AttachGroupPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AttachGroupPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AttachGroupPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AttachGroupPolicyInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type AttachGroupPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s AttachGroupPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AttachGroupPolicyOutput) GoString() string {
	return s.String()
}

type AttachRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to attach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the role to attach the policy to.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s AttachRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AttachRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AttachRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AttachRolePolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type AttachRolePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s AttachRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AttachRolePolicyOutput) GoString() string {
	return s.String()
}

type AttachUserPolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to attach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the IAM user to attach the policy to.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s AttachUserPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AttachUserPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AttachUserPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AttachUserPolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type AttachUserPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s AttachUserPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AttachUserPolicyOutput) GoString() string {
	return s.String()
}

// Contains information about an attached policy.
//
// An attached policy is a managed policy that has been attached to a user,
// group, or role. This data type is used as a response element in the ListAttachedGroupPolicies,
// ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails
// actions.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type AttachedPolicy struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyArn *string `min:"20" type:"string"`

	// The friendly name of the attached policy.
	PolicyName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s AttachedPolicy) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s AttachedPolicy) GoString() string {
	return s.String()
}

type ChangePasswordInput struct {
	_ struct{} `type:"structure"`

	// The new password. The new password must conform to the AWS account's password
	// policy, if one exists.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of almost any printable ASCII character
	// from the space (\u0020) through the end of the ASCII character range (\u00FF).
	// You can also include the tab (\u0009), line feed (\u000A), and carriage return
	// (\u000D) characters. Although any of these characters are valid in a password,
	// note that many tools, such as the AWS Management Console, might restrict
	// the ability to enter certain characters because they have special meaning
	// within that tool.
	//
	// NewPassword is a required field
	NewPassword *string `min:"1" type:"string" required:"true"`

	// The IAM user's current password.
	//
	// OldPassword is a required field
	OldPassword *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s ChangePasswordInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ChangePasswordInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ChangePasswordInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ChangePasswordInput"}
	if s.NewPassword == nil {
		invalidParams.Add(request.NewErrParamRequired("NewPassword"))
	}
	if s.NewPassword != nil && len(*s.NewPassword) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewPassword", 1))
	}
	if s.OldPassword == nil {
		invalidParams.Add(request.NewErrParamRequired("OldPassword"))
	}
	if s.OldPassword != nil && len(*s.OldPassword) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("OldPassword", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type ChangePasswordOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s ChangePasswordOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ChangePasswordOutput) GoString() string {
	return s.String()
}

// Contains information about a condition context key. It includes the name
// of the key and specifies the value (or values, if the context key supports
// multiple values) to use in the simulation. This information is used when
// evaluating the Condition elements of the input policies.
//
// This data type is used as an input parameter to SimulateCustomPolicy and
// SimulateCustomPolicy.
type ContextEntry struct {
	_ struct{} `type:"structure"`

	// The full name of a condition context key, including the service prefix. For
	// example, aws:SourceIp or s3:VersionId.
	ContextKeyName *string `min:"5" type:"string"`

	// The data type of the value (or values) specified in the ContextKeyValues
	// parameter.
	ContextKeyType *string `type:"string" enum:"ContextKeyTypeEnum"`

	// The value (or values, if the condition context key supports multiple values)
	// to provide to the simulation for use when the key is referenced by a Condition
	// element in an input policy.
	ContextKeyValues []*string `type:"list"`
}

// String returns the string representation
func (s ContextEntry) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ContextEntry) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ContextEntry) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ContextEntry"}
	if s.ContextKeyName != nil && len(*s.ContextKeyName) < 5 {
		invalidParams.Add(request.NewErrParamMinLen("ContextKeyName", 5))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type CreateAccessKeyInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM user that the new key will belong to.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s CreateAccessKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateAccessKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateAccessKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateAccessKeyInput"}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreateAccessKey request.
type CreateAccessKeyOutput struct {
	_ struct{} `type:"structure"`

	// A structure with details about the access key.
	//
	// AccessKey is a required field
	AccessKey *AccessKey `type:"structure" required:"true"`
}

// String returns the string representation
func (s CreateAccessKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateAccessKeyOutput) GoString() string {
	return s.String()
}

type CreateAccountAliasInput struct {
	_ struct{} `type:"structure"`

	// The account alias to create.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of lowercase letters, digits, and dashes.
	// You cannot start or finish with a dash, nor can you have two dashes in a
	// row.
	//
	// AccountAlias is a required field
	AccountAlias *string `min:"3" type:"string" required:"true"`
}

// String returns the string representation
func (s CreateAccountAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateAccountAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateAccountAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateAccountAliasInput"}
	if s.AccountAlias == nil {
		invalidParams.Add(request.NewErrParamRequired("AccountAlias"))
	}
	if s.AccountAlias != nil && len(*s.AccountAlias) < 3 {
		invalidParams.Add(request.NewErrParamMinLen("AccountAlias", 3))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type CreateAccountAliasOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s CreateAccountAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateAccountAliasOutput) GoString() string {
	return s.String()
}

type CreateGroupInput struct {
	_ struct{} `type:"structure"`

	// The name of the group to create. Do not include the path in this value.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-.
	// The group name must be unique within the account. Group names are not distinguished
	// by case. For example, you cannot create groups named both "ADMINS" and "admins".
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The path to the group. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	Path *string `min:"1" type:"string"`
}

// String returns the string representation
func (s CreateGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreateGroup request.
type CreateGroupOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new group.
	//
	// Group is a required field
	Group *Group `type:"structure" required:"true"`
}

// String returns the string representation
func (s CreateGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateGroupOutput) GoString() string {
	return s.String()
}

type CreateInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the instance profile to create.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// The path to the instance profile. For more information about paths, see IAM
	// Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	Path *string `min:"1" type:"string"`
}

// String returns the string representation
func (s CreateInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreateInstanceProfile request.
type CreateInstanceProfileOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new instance profile.
	//
	// InstanceProfile is a required field
	InstanceProfile *InstanceProfile `type:"structure" required:"true"`
}

// String returns the string representation
func (s CreateInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateInstanceProfileOutput) GoString() string {
	return s.String()
}

type CreateLoginProfileInput struct {
	_ struct{} `type:"structure"`

	// The new password for the user.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of almost any printable ASCII character
	// from the space (\u0020) through the end of the ASCII character range (\u00FF).
	// You can also include the tab (\u0009), line feed (\u000A), and carriage return
	// (\u000D) characters. Although any of these characters are valid in a password,
	// note that many tools, such as the AWS Management Console, might restrict
	// the ability to enter certain characters because they have special meaning
	// within that tool.
	//
	// Password is a required field
	Password *string `min:"1" type:"string" required:"true"`

	// Specifies whether the user is required to set a new password on next sign-in.
	PasswordResetRequired *bool `type:"boolean"`

	// The name of the IAM user to create a password for. The user must already
	// exist.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s CreateLoginProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateLoginProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateLoginProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateLoginProfileInput"}
	if s.Password == nil {
		invalidParams.Add(request.NewErrParamRequired("Password"))
	}
	if s.Password != nil && len(*s.Password) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Password", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreateLoginProfile request.
type CreateLoginProfileOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing the user name and password create date.
	//
	// LoginProfile is a required field
	LoginProfile *LoginProfile `type:"structure" required:"true"`
}

// String returns the string representation
func (s CreateLoginProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateLoginProfileOutput) GoString() string {
	return s.String()
}

type CreateOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// A list of client IDs (also known as audiences). When a mobile or web app
	// registers with an OpenID Connect provider, they establish a value that identifies
	// the application. (This is the value that's sent as the client_id parameter
	// on OAuth requests.)
	//
	// You can register multiple client IDs with the same provider. For example,
	// you might have multiple applications that use the same OIDC provider. You
	// cannot register more than 100 client IDs with a single IAM OIDC provider.
	//
	// There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest
	// action accepts client IDs up to 255 characters long.
	ClientIDList []*string `type:"list"`

	// A list of server certificate thumbprints for the OpenID Connect (OIDC) identity
	// provider's server certificate(s). Typically this list includes only one entry.
	// However, IAM lets you have up to five thumbprints for an OIDC provider. This
	// lets you maintain multiple thumbprints if the identity provider is rotating
	// certificates.
	//
	// The server certificate thumbprint is the hex-encoded SHA-1 hash value of
	// the X.509 certificate used by the domain where the OpenID Connect provider
	// makes its keys available. It is always a 40-character string.
	//
	// You must provide at least one thumbprint when creating an IAM OIDC provider.
	// For example, if the OIDC provider is server.example.com and the provider
	// stores its keys at "https://keys.server.example.com/openid-connect", the
	// thumbprint string would be the hex-encoded SHA-1 hash value of the certificate
	// used by https://keys.server.example.com.
	//
	// For more information about obtaining the OIDC provider's thumbprint, see
	// Obtaining the Thumbprint for an OpenID Connect Provider (http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html)
	// in the IAM User Guide.
	//
	// ThumbprintList is a required field
	ThumbprintList []*string `type:"list" required:"true"`

	// The URL of the identity provider. The URL must begin with "https://" and
	// should correspond to the iss claim in the provider's OpenID Connect ID tokens.
	// Per the OIDC standard, path components are allowed but query parameters are
	// not. Typically the URL consists of only a host name, like "https://server.example.org"
	// or "https://example.com".
	//
	// You cannot register the same provider multiple times in a single AWS account.
	// If you try to submit a URL that has already been used for an OpenID Connect
	// provider in the AWS account, you will get an error.
	//
	// Url is a required field
	Url *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s CreateOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateOpenIDConnectProviderInput"}
	if s.ThumbprintList == nil {
		invalidParams.Add(request.NewErrParamRequired("ThumbprintList"))
	}
	if s.Url == nil {
		invalidParams.Add(request.NewErrParamRequired("Url"))
	}
	if s.Url != nil && len(*s.Url) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Url", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreateOpenIDConnectProvider request.
type CreateOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider that
	// is created. For more information, see OpenIDConnectProviderListEntry.
	OpenIDConnectProviderArn *string `min:"20" type:"string"`
}

// String returns the string representation
func (s CreateOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

type CreatePolicyInput struct {
	_ struct{} `type:"structure"`

	// A friendly description of the policy.
	//
	// Typically used to store information about the permissions defined in the
	// policy. For example, "Grants access to production DynamoDB tables."
	//
	// The policy description is immutable. After a value is assigned, it cannot
	// be changed.
	Description *string `type:"string"`

	// The path for the policy.
	//
	// For more information about paths, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	Path *string `type:"string"`

	// The JSON policy document that you want to use as the content for the new
	// policy.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The friendly name of the policy.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s CreatePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreatePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreatePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreatePolicy request.
type CreatePolicyOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new policy.
	Policy *Policy `type:"structure"`
}

// String returns the string representation
func (s CreatePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreatePolicyOutput) GoString() string {
	return s.String()
}

type CreatePolicyVersionInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy to which you want to add
	// a new version.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The JSON policy document that you want to use as the content for this new
	// version of the policy.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// Specifies whether to set this version as the policy's default version.
	//
	// When this parameter is true, the new policy version becomes the operative
	// version; that is, the version that is in effect for the IAM users, groups,
	// and roles that the policy is attached to.
	//
	// For more information about managed policy versions, see Versioning for Managed
	// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	SetAsDefault *bool `type:"boolean"`
}

// String returns the string representation
func (s CreatePolicyVersionInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreatePolicyVersionInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreatePolicyVersionInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyVersionInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreatePolicyVersion request.
type CreatePolicyVersionOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new policy version.
	PolicyVersion *PolicyVersion `type:"structure"`
}

// String returns the string representation
func (s CreatePolicyVersionOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreatePolicyVersionOutput) GoString() string {
	return s.String()
}

type CreateRoleInput struct {
	_ struct{} `type:"structure"`

	// The trust relationship policy document that grants an entity permission to
	// assume the role.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// AssumeRolePolicyDocument is a required field
	AssumeRolePolicyDocument *string `min:"1" type:"string" required:"true"`

	// The path to the role. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	Path *string `min:"1" type:"string"`

	// The name of the role to create.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-.
	// Role names are not distinguished by case. For example, you cannot create
	// roles named both "PRODROLE" and "prodrole".
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s CreateRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateRoleInput"}
	if s.AssumeRolePolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("AssumeRolePolicyDocument"))
	}
	if s.AssumeRolePolicyDocument != nil && len(*s.AssumeRolePolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("AssumeRolePolicyDocument", 1))
	}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreateRole request.
type CreateRoleOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new role.
	//
	// Role is a required field
	Role *Role `type:"structure" required:"true"`
}

// String returns the string representation
func (s CreateRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateRoleOutput) GoString() string {
	return s.String()
}

type CreateSAMLProviderInput struct {
	_ struct{} `type:"structure"`

	// The name of the provider to create.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// Name is a required field
	Name *string `min:"1" type:"string" required:"true"`

	// An XML document generated by an identity provider (IdP) that supports SAML
	// 2.0. The document includes the issuer's name, expiration information, and
	// keys that can be used to validate the SAML authentication response (assertions)
	// that are received from the IdP. You must generate the metadata document using
	// the identity management software that is used as your organization's IdP.
	//
	// For more information, see About SAML 2.0-based Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
	// in the IAM User Guide
	//
	// SAMLMetadataDocument is a required field
	SAMLMetadataDocument *string `min:"1000" type:"string" required:"true"`
}

// String returns the string representation
func (s CreateSAMLProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateSAMLProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateSAMLProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateSAMLProviderInput"}
	if s.Name == nil {
		invalidParams.Add(request.NewErrParamRequired("Name"))
	}
	if s.Name != nil && len(*s.Name) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
	}
	if s.SAMLMetadataDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLMetadataDocument"))
	}
	if s.SAMLMetadataDocument != nil && len(*s.SAMLMetadataDocument) < 1000 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLMetadataDocument", 1000))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreateSAMLProvider request.
type CreateSAMLProviderOutput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the new SAML provider resource in IAM.
	SAMLProviderArn *string `min:"20" type:"string"`
}

// String returns the string representation
func (s CreateSAMLProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateSAMLProviderOutput) GoString() string {
	return s.String()
}

type CreateUserInput struct {
	_ struct{} `type:"structure"`

	// The path for the user name. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	Path *string `min:"1" type:"string"`

	// The name of the user to create.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-.
	// User names are not distinguished by case. For example, you cannot create
	// users named both "TESTUSER" and "testuser".
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s CreateUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateUserInput"}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreateUser request.
type CreateUserOutput struct {
	_ struct{} `type:"structure"`

	// A structure with details about the new IAM user.
	User *User `type:"structure"`
}

// String returns the string representation
func (s CreateUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateUserOutput) GoString() string {
	return s.String()
}

type CreateVirtualMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// The path for the virtual MFA device. For more information about paths, see
	// IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/).
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	Path *string `min:"1" type:"string"`

	// The name of the virtual MFA device. Use with path to uniquely identify a
	// virtual MFA device.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// VirtualMFADeviceName is a required field
	VirtualMFADeviceName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s CreateVirtualMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateVirtualMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateVirtualMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateVirtualMFADeviceInput"}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}
	if s.VirtualMFADeviceName == nil {
		invalidParams.Add(request.NewErrParamRequired("VirtualMFADeviceName"))
	}
	if s.VirtualMFADeviceName != nil && len(*s.VirtualMFADeviceName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("VirtualMFADeviceName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful CreateVirtualMFADevice request.
type CreateVirtualMFADeviceOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the new virtual MFA device.
	//
	// VirtualMFADevice is a required field
	VirtualMFADevice *VirtualMFADevice `type:"structure" required:"true"`
}

// String returns the string representation
func (s CreateVirtualMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s CreateVirtualMFADeviceOutput) GoString() string {
	return s.String()
}

type DeactivateMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the device ARN.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =/:,.@-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// The name of the user whose MFA device you want to deactivate.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeactivateMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeactivateMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeactivateMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeactivateMFADeviceInput"}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeactivateMFADeviceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeactivateMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeactivateMFADeviceOutput) GoString() string {
	return s.String()
}

type DeleteAccessKeyInput struct {
	_ struct{} `type:"structure"`

	// The access key ID for the access key ID and secret access key you want to
	// delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// AccessKeyId is a required field
	AccessKeyId *string `min:"16" type:"string" required:"true"`

	// The name of the user whose access key pair you want to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s DeleteAccessKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteAccessKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteAccessKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteAccessKeyInput"}
	if s.AccessKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
	}
	if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteAccessKeyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteAccessKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteAccessKeyOutput) GoString() string {
	return s.String()
}

type DeleteAccountAliasInput struct {
	_ struct{} `type:"structure"`

	// The name of the account alias to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of lowercase letters, digits, and dashes.
	// You cannot start or finish with a dash, nor can you have two dashes in a
	// row.
	//
	// AccountAlias is a required field
	AccountAlias *string `min:"3" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteAccountAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteAccountAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteAccountAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteAccountAliasInput"}
	if s.AccountAlias == nil {
		invalidParams.Add(request.NewErrParamRequired("AccountAlias"))
	}
	if s.AccountAlias != nil && len(*s.AccountAlias) < 3 {
		invalidParams.Add(request.NewErrParamMinLen("AccountAlias", 3))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteAccountAliasOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteAccountAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteAccountAliasOutput) GoString() string {
	return s.String()
}

type DeleteAccountPasswordPolicyInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteAccountPasswordPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteAccountPasswordPolicyInput) GoString() string {
	return s.String()
}

type DeleteAccountPasswordPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteAccountPasswordPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteAccountPasswordPolicyOutput) GoString() string {
	return s.String()
}

type DeleteGroupInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM group to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteGroupOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteGroupOutput) GoString() string {
	return s.String()
}

type DeleteGroupPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name (friendly name, not ARN) identifying the group that the policy is
	// embedded in.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The name identifying the policy document to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteGroupPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteGroupPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteGroupPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteGroupPolicyInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteGroupPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteGroupPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteGroupPolicyOutput) GoString() string {
	return s.String()
}

type DeleteInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the instance profile to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteInstanceProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteInstanceProfileOutput) GoString() string {
	return s.String()
}

type DeleteLoginProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the user whose password you want to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteLoginProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteLoginProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteLoginProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteLoginProfileInput"}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteLoginProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteLoginProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteLoginProfileOutput) GoString() string {
	return s.String()
}

type DeleteOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource
	// object to delete. You can get a list of OpenID Connect provider resource
	// ARNs by using the ListOpenIDConnectProviders action.
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteOpenIDConnectProviderInput"}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

type DeletePolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to delete.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s DeletePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeletePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeletePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeletePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeletePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeletePolicyOutput) GoString() string {
	return s.String()
}

type DeletePolicyVersionInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy from which you want to delete
	// a version.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The policy version to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters that consists of the lowercase letter 'v' followed
	// by one or two digits, and optionally followed by a period '.' and a string
	// of letters and digits.
	//
	// For more information about managed policy versions, see Versioning for Managed
	// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	//
	// VersionId is a required field
	VersionId *string `type:"string" required:"true"`
}

// String returns the string representation
func (s DeletePolicyVersionInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeletePolicyVersionInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeletePolicyVersionInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyVersionInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.VersionId == nil {
		invalidParams.Add(request.NewErrParamRequired("VersionId"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeletePolicyVersionOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeletePolicyVersionOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeletePolicyVersionOutput) GoString() string {
	return s.String()
}

type DeleteRoleInput struct {
	_ struct{} `type:"structure"`

	// The name of the role to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteRoleInput"}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteRoleOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteRoleOutput) GoString() string {
	return s.String()
}

type DeleteRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The name of the inline policy to delete from the specified IAM role.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name (friendly name, not ARN) identifying the role that the policy is
	// embedded in.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteRolePolicyInput"}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteRolePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteRolePolicyOutput) GoString() string {
	return s.String()
}

type DeleteSAMLProviderInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the SAML provider to delete.
	//
	// SAMLProviderArn is a required field
	SAMLProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteSAMLProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteSAMLProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteSAMLProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteSAMLProviderInput"}
	if s.SAMLProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLProviderArn"))
	}
	if s.SAMLProviderArn != nil && len(*s.SAMLProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteSAMLProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteSAMLProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteSAMLProviderOutput) GoString() string {
	return s.String()
}

type DeleteSSHPublicKeyInput struct {
	_ struct{} `type:"structure"`

	// The unique identifier for the SSH public key.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// SSHPublicKeyId is a required field
	SSHPublicKeyId *string `min:"20" type:"string" required:"true"`

	// The name of the IAM user associated with the SSH public key.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteSSHPublicKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteSSHPublicKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteSSHPublicKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteSSHPublicKeyInput"}
	if s.SSHPublicKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("SSHPublicKeyId"))
	}
	if s.SSHPublicKeyId != nil && len(*s.SSHPublicKeyId) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SSHPublicKeyId", 20))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteSSHPublicKeyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteSSHPublicKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteSSHPublicKeyOutput) GoString() string {
	return s.String()
}

type DeleteServerCertificateInput struct {
	_ struct{} `type:"structure"`

	// The name of the server certificate you want to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteServerCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteServerCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteServerCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteServerCertificateInput"}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteServerCertificateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteServerCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteServerCertificateOutput) GoString() string {
	return s.String()
}

type DeleteSigningCertificateInput struct {
	_ struct{} `type:"structure"`

	// The ID of the signing certificate to delete.
	//
	// The format of this parameter, as described by its regex (http://wikipedia.org/wiki/regex)
	// pattern, is a string of characters that can be upper- or lower-cased letters
	// or digits.
	//
	// CertificateId is a required field
	CertificateId *string `min:"24" type:"string" required:"true"`

	// The name of the user the signing certificate belongs to.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s DeleteSigningCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteSigningCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteSigningCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteSigningCertificateInput"}
	if s.CertificateId == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateId"))
	}
	if s.CertificateId != nil && len(*s.CertificateId) < 24 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateId", 24))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteSigningCertificateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteSigningCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteSigningCertificateOutput) GoString() string {
	return s.String()
}

type DeleteUserInput struct {
	_ struct{} `type:"structure"`

	// The name of the user to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteUserInput"}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteUserOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteUserOutput) GoString() string {
	return s.String()
}

type DeleteUserPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name identifying the policy document to delete.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name (friendly name, not ARN) identifying the user that the policy is
	// embedded in.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteUserPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteUserPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteUserPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteUserPolicyInput"}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteUserPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteUserPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteUserPolicyOutput) GoString() string {
	return s.String()
}

type DeleteVirtualMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the same as the ARN.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =/:,.@-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`
}

// String returns the string representation
func (s DeleteVirtualMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteVirtualMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteVirtualMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteVirtualMFADeviceInput"}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DeleteVirtualMFADeviceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DeleteVirtualMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DeleteVirtualMFADeviceOutput) GoString() string {
	return s.String()
}

type DetachGroupPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name (friendly name, not ARN) of the IAM group to detach the policy from.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to detach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s DetachGroupPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DetachGroupPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DetachGroupPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DetachGroupPolicyInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DetachGroupPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DetachGroupPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DetachGroupPolicyOutput) GoString() string {
	return s.String()
}

type DetachRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to detach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the IAM role to detach the policy from.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DetachRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DetachRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DetachRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DetachRolePolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DetachRolePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DetachRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DetachRolePolicyOutput) GoString() string {
	return s.String()
}

type DetachUserPolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy you want to detach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The name (friendly name, not ARN) of the IAM user to detach the policy from.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s DetachUserPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DetachUserPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DetachUserPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DetachUserPolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type DetachUserPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s DetachUserPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s DetachUserPolicyOutput) GoString() string {
	return s.String()
}

type EnableMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// An authentication code emitted by the device.
	//
	// The format for this parameter is a string of 6 digits.
	//
	// AuthenticationCode1 is a required field
	AuthenticationCode1 *string `min:"6" type:"string" required:"true"`

	// A subsequent authentication code emitted by the device.
	//
	// The format for this parameter is a string of 6 digits.
	//
	// AuthenticationCode2 is a required field
	AuthenticationCode2 *string `min:"6" type:"string" required:"true"`

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the device ARN.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =/:,.@-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// The name of the IAM user for whom you want to enable the MFA device.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s EnableMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s EnableMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *EnableMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "EnableMFADeviceInput"}
	if s.AuthenticationCode1 == nil {
		invalidParams.Add(request.NewErrParamRequired("AuthenticationCode1"))
	}
	if s.AuthenticationCode1 != nil && len(*s.AuthenticationCode1) < 6 {
		invalidParams.Add(request.NewErrParamMinLen("AuthenticationCode1", 6))
	}
	if s.AuthenticationCode2 == nil {
		invalidParams.Add(request.NewErrParamRequired("AuthenticationCode2"))
	}
	if s.AuthenticationCode2 != nil && len(*s.AuthenticationCode2) < 6 {
		invalidParams.Add(request.NewErrParamMinLen("AuthenticationCode2", 6))
	}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type EnableMFADeviceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s EnableMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s EnableMFADeviceOutput) GoString() string {
	return s.String()
}

// Contains the results of a simulation.
//
// This data type is used by the return parameter of SimulateCustomPolicy and
// SimulatePrincipalPolicy.
type EvaluationResult struct {
	_ struct{} `type:"structure"`

	// The name of the API action tested on the indicated resource.
	//
	// EvalActionName is a required field
	EvalActionName *string `min:"3" type:"string" required:"true"`

	// The result of the simulation.
	//
	// EvalDecision is a required field
	EvalDecision *string `type:"string" required:"true" enum:"PolicyEvaluationDecisionType"`

	// Additional details about the results of the evaluation decision. When there
	// are both IAM policies and resource policies, this parameter explains how
	// each set of policies contributes to the final evaluation decision. When simulating
	// cross-account access to a resource, both the resource-based policy and the
	// caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based
	// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html)
	EvalDecisionDetails map[string]*string `type:"map"`

	// The ARN of the resource that the indicated API action was tested on.
	EvalResourceName *string `min:"1" type:"string"`

	// A list of the statements in the input policies that determine the result
	// for this scenario. Remember that even if multiple statements allow the action
	// on the resource, if only one statement denies that action, then the explicit
	// deny overrides any allow, and the deny statement is the only entry included
	// in the result.
	MatchedStatements []*Statement `type:"list"`

	// A list of context keys that are required by the included input policies but
	// that were not provided by one of the input parameters. This list is used
	// when the resource in a simulation is "*", either explicitly, or when the
	// ResourceArns parameter blank. If you include a list of resources, then any
	// missing context values are instead included under the ResourceSpecificResults
	// section. To discover the context keys used by a set of policies, you can
	// call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
	MissingContextValues []*string `type:"list"`

	// The individual results of the simulation of the API action specified in EvalActionName
	// on each resource.
	ResourceSpecificResults []*ResourceSpecificResult `type:"list"`
}

// String returns the string representation
func (s EvaluationResult) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s EvaluationResult) GoString() string {
	return s.String()
}

type GenerateCredentialReportInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s GenerateCredentialReportInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GenerateCredentialReportInput) GoString() string {
	return s.String()
}

// Contains the response to a successful GenerateCredentialReport request.
type GenerateCredentialReportOutput struct {
	_ struct{} `type:"structure"`

	// Information about the credential report.
	Description *string `type:"string"`

	// Information about the state of the credential report.
	State *string `type:"string" enum:"ReportStateType"`
}

// String returns the string representation
func (s GenerateCredentialReportOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GenerateCredentialReportOutput) GoString() string {
	return s.String()
}

type GetAccessKeyLastUsedInput struct {
	_ struct{} `type:"structure"`

	// The identifier of an access key.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// AccessKeyId is a required field
	AccessKeyId *string `min:"16" type:"string" required:"true"`
}

// String returns the string representation
func (s GetAccessKeyLastUsedInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetAccessKeyLastUsedInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetAccessKeyLastUsedInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetAccessKeyLastUsedInput"}
	if s.AccessKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
	}
	if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetAccessKeyLastUsed request. It is
// also returned as a member of the AccessKeyMetaData structure returned by
// the ListAccessKeys action.
type GetAccessKeyLastUsedOutput struct {
	_ struct{} `type:"structure"`

	// Contains information about the last time the access key was used.
	AccessKeyLastUsed *AccessKeyLastUsed `type:"structure"`

	// The name of the AWS IAM user that owns this access key.
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s GetAccessKeyLastUsedOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetAccessKeyLastUsedOutput) GoString() string {
	return s.String()
}

type GetAccountAuthorizationDetailsInput struct {
	_ struct{} `type:"structure"`

	// A list of entity types used to filter the results. Only the entities that
	// match the types you specify are included in the output. Use the value LocalManagedPolicy
	// to include customer managed policies.
	//
	// The format for this parameter is a comma-separated (if more than one) list
	// of strings. Each string value in the list must be one of the valid values
	// listed below.
	Filter []*string `type:"list"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation
func (s GetAccountAuthorizationDetailsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetAccountAuthorizationDetailsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetAccountAuthorizationDetailsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetAccountAuthorizationDetailsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetAccountAuthorizationDetails request.
type GetAccountAuthorizationDetailsOutput struct {
	_ struct{} `type:"structure"`

	// A list containing information about IAM groups.
	GroupDetailList []*GroupDetail `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list containing information about managed policies.
	Policies []*ManagedPolicyDetail `type:"list"`

	// A list containing information about IAM roles.
	RoleDetailList []*RoleDetail `type:"list"`

	// A list containing information about IAM users.
	UserDetailList []*UserDetail `type:"list"`
}

// String returns the string representation
func (s GetAccountAuthorizationDetailsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetAccountAuthorizationDetailsOutput) GoString() string {
	return s.String()
}

type GetAccountPasswordPolicyInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s GetAccountPasswordPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetAccountPasswordPolicyInput) GoString() string {
	return s.String()
}

// Contains the response to a successful GetAccountPasswordPolicy request.
type GetAccountPasswordPolicyOutput struct {
	_ struct{} `type:"structure"`

	// Contains information about the account password policy.
	//
	// This data type is used as a response element in the GetAccountPasswordPolicy
	// action.
	//
	// PasswordPolicy is a required field
	PasswordPolicy *PasswordPolicy `type:"structure" required:"true"`
}

// String returns the string representation
func (s GetAccountPasswordPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetAccountPasswordPolicyOutput) GoString() string {
	return s.String()
}

type GetAccountSummaryInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s GetAccountSummaryInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetAccountSummaryInput) GoString() string {
	return s.String()
}

// Contains the response to a successful GetAccountSummary request.
type GetAccountSummaryOutput struct {
	_ struct{} `type:"structure"`

	// A set of key value pairs containing information about IAM entity usage and
	// IAM quotas.
	SummaryMap map[string]*int64 `type:"map"`
}

// String returns the string representation
func (s GetAccountSummaryOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetAccountSummaryOutput) GoString() string {
	return s.String()
}

type GetContextKeysForCustomPolicyInput struct {
	_ struct{} `type:"structure"`

	// A list of policies for which you want the list of context keys referenced
	// in those policies. Each document is specified as a string containing the
	// complete, valid JSON text of an IAM policy.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// PolicyInputList is a required field
	PolicyInputList []*string `type:"list" required:"true"`
}

// String returns the string representation
func (s GetContextKeysForCustomPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetContextKeysForCustomPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetContextKeysForCustomPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetContextKeysForCustomPolicyInput"}
	if s.PolicyInputList == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyInputList"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetContextKeysForPrincipalPolicy or
// GetContextKeysForCustomPolicy request.
type GetContextKeysForPolicyResponse struct {
	_ struct{} `type:"structure"`

	// The list of context keys that are referenced in the input policies.
	ContextKeyNames []*string `type:"list"`
}

// String returns the string representation
func (s GetContextKeysForPolicyResponse) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetContextKeysForPolicyResponse) GoString() string {
	return s.String()
}

type GetContextKeysForPrincipalPolicyInput struct {
	_ struct{} `type:"structure"`

	// An optional list of additional policies for which you want the list of context
	// keys that are referenced.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	PolicyInputList []*string `type:"list"`

	// The ARN of a user, group, or role whose policies contain the context keys
	// that you want listed. If you specify a user, the list includes context keys
	// that are found in all policies attached to the user as well as to all groups
	// that the user is a member of. If you pick a group or a role, then it includes
	// only those context keys that are found in policies attached to that entity.
	// Note that all parameters are shown in unencoded form here for clarity, but
	// must be URL encoded to be included as a part of a real HTML request.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicySourceArn is a required field
	PolicySourceArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s GetContextKeysForPrincipalPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetContextKeysForPrincipalPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetContextKeysForPrincipalPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetContextKeysForPrincipalPolicyInput"}
	if s.PolicySourceArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicySourceArn"))
	}
	if s.PolicySourceArn != nil && len(*s.PolicySourceArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicySourceArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type GetCredentialReportInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s GetCredentialReportInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetCredentialReportInput) GoString() string {
	return s.String()
}

// Contains the response to a successful GetCredentialReport request.
type GetCredentialReportOutput struct {
	_ struct{} `type:"structure"`

	// Contains the credential report. The report is Base64-encoded.
	//
	// Content is automatically base64 encoded/decoded by the SDK.
	Content []byte `type:"blob"`

	// The date and time when the credential report was created, in ISO 8601 date-time
	// format (http://www.iso.org/iso/iso8601).
	GeneratedTime *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The format (MIME type) of the credential report.
	ReportFormat *string `type:"string" enum:"ReportFormatType"`
}

// String returns the string representation
func (s GetCredentialReportOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetCredentialReportOutput) GoString() string {
	return s.String()
}

type GetGroupInput struct {
	_ struct{} `type:"structure"`

	// The name of the group.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation
func (s GetGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetGroup request.
type GetGroupOutput struct {
	_ struct{} `type:"structure"`

	// A structure that contains details about the group.
	//
	// Group is a required field
	Group *Group `type:"structure" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of users in the group.
	//
	// Users is a required field
	Users []*User `type:"list" required:"true"`
}

// String returns the string representation
func (s GetGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetGroupOutput) GoString() string {
	return s.String()
}

type GetGroupPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name of the group the policy is associated with.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The name of the policy document to get.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetGroupPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetGroupPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetGroupPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetGroupPolicyInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetGroupPolicy request.
type GetGroupPolicyOutput struct {
	_ struct{} `type:"structure"`

	// The group the policy is associated with.
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The policy document.
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy.
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetGroupPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetGroupPolicyOutput) GoString() string {
	return s.String()
}

type GetInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the instance profile to get information about.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetInstanceProfile request.
type GetInstanceProfileOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the instance profile.
	//
	// InstanceProfile is a required field
	InstanceProfile *InstanceProfile `type:"structure" required:"true"`
}

// String returns the string representation
func (s GetInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetInstanceProfileOutput) GoString() string {
	return s.String()
}

type GetLoginProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the user whose login profile you want to retrieve.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetLoginProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetLoginProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetLoginProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetLoginProfileInput"}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetLoginProfile request.
type GetLoginProfileOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing the user name and password create date for the user.
	//
	// LoginProfile is a required field
	LoginProfile *LoginProfile `type:"structure" required:"true"`
}

// String returns the string representation
func (s GetLoginProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetLoginProfileOutput) GoString() string {
	return s.String()
}

type GetOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM
	// to get information for. You can get a list of OIDC provider resource ARNs
	// by using the ListOpenIDConnectProviders action.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s GetOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetOpenIDConnectProviderInput"}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetOpenIDConnectProvider request.
type GetOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`

	// A list of client IDs (also known as audiences) that are associated with the
	// specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
	ClientIDList []*string `type:"list"`

	// The date and time when the IAM OIDC provider resource object was created
	// in the AWS account.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// A list of certificate thumbprints that are associated with the specified
	// IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
	ThumbprintList []*string `type:"list"`

	// The URL that the IAM OIDC provider resource object is associated with. For
	// more information, see CreateOpenIDConnectProvider.
	Url *string `min:"1" type:"string"`
}

// String returns the string representation
func (s GetOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

type GetPolicyInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the managed policy that you want information
	// about.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s GetPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetPolicyInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetPolicy request.
type GetPolicyOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the policy.
	Policy *Policy `type:"structure"`
}

// String returns the string representation
func (s GetPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetPolicyOutput) GoString() string {
	return s.String()
}

type GetPolicyVersionInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the managed policy that you want information
	// about.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// Identifies the policy version to retrieve.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters that consists of the lowercase letter 'v' followed
	// by one or two digits, and optionally followed by a period '.' and a string
	// of letters and digits.
	//
	// VersionId is a required field
	VersionId *string `type:"string" required:"true"`
}

// String returns the string representation
func (s GetPolicyVersionInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetPolicyVersionInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetPolicyVersionInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetPolicyVersionInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.VersionId == nil {
		invalidParams.Add(request.NewErrParamRequired("VersionId"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetPolicyVersion request.
type GetPolicyVersionOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the policy version.
	PolicyVersion *PolicyVersion `type:"structure"`
}

// String returns the string representation
func (s GetPolicyVersionOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetPolicyVersionOutput) GoString() string {
	return s.String()
}

type GetRoleInput struct {
	_ struct{} `type:"structure"`

	// The name of the IAM role to get information about.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetRoleInput"}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetRole request.
type GetRoleOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the IAM role.
	//
	// Role is a required field
	Role *Role `type:"structure" required:"true"`
}

// String returns the string representation
func (s GetRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetRoleOutput) GoString() string {
	return s.String()
}

type GetRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The name of the policy document to get.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name of the role associated with the policy.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetRolePolicyInput"}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetRolePolicy request.
type GetRolePolicyOutput struct {
	_ struct{} `type:"structure"`

	// The policy document.
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy.
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The role the policy is associated with.
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetRolePolicyOutput) GoString() string {
	return s.String()
}

type GetSAMLProviderInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the SAML provider resource object in IAM
	// to get information about.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// SAMLProviderArn is a required field
	SAMLProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s GetSAMLProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetSAMLProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetSAMLProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetSAMLProviderInput"}
	if s.SAMLProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLProviderArn"))
	}
	if s.SAMLProviderArn != nil && len(*s.SAMLProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetSAMLProvider request.
type GetSAMLProviderOutput struct {
	_ struct{} `type:"structure"`

	// The date and time when the SAML provider was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The XML metadata document that includes information about an identity provider.
	SAMLMetadataDocument *string `min:"1000" type:"string"`

	// The expiration date and time for the SAML provider.
	ValidUntil *time.Time `type:"timestamp" timestampFormat:"iso8601"`
}

// String returns the string representation
func (s GetSAMLProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetSAMLProviderOutput) GoString() string {
	return s.String()
}

type GetSSHPublicKeyInput struct {
	_ struct{} `type:"structure"`

	// Specifies the public key encoding format to use in the response. To retrieve
	// the public key in ssh-rsa format, use SSH. To retrieve the public key in
	// PEM format, use PEM.
	//
	// Encoding is a required field
	Encoding *string `type:"string" required:"true" enum:"encodingType"`

	// The unique identifier for the SSH public key.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// SSHPublicKeyId is a required field
	SSHPublicKeyId *string `min:"20" type:"string" required:"true"`

	// The name of the IAM user associated with the SSH public key.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetSSHPublicKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetSSHPublicKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetSSHPublicKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetSSHPublicKeyInput"}
	if s.Encoding == nil {
		invalidParams.Add(request.NewErrParamRequired("Encoding"))
	}
	if s.SSHPublicKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("SSHPublicKeyId"))
	}
	if s.SSHPublicKeyId != nil && len(*s.SSHPublicKeyId) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SSHPublicKeyId", 20))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetSSHPublicKey request.
type GetSSHPublicKeyOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the SSH public key.
	SSHPublicKey *SSHPublicKey `type:"structure"`
}

// String returns the string representation
func (s GetSSHPublicKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetSSHPublicKeyOutput) GoString() string {
	return s.String()
}

type GetServerCertificateInput struct {
	_ struct{} `type:"structure"`

	// The name of the server certificate you want to retrieve information about.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetServerCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetServerCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetServerCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetServerCertificateInput"}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetServerCertificate request.
type GetServerCertificateOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the server certificate.
	//
	// ServerCertificate is a required field
	ServerCertificate *ServerCertificate `type:"structure" required:"true"`
}

// String returns the string representation
func (s GetServerCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetServerCertificateOutput) GoString() string {
	return s.String()
}

type GetUserInput struct {
	_ struct{} `type:"structure"`

	// The name of the user to get information about.
	//
	// This parameter is optional. If it is not included, it defaults to the user
	// making the request. The regex pattern (http://wikipedia.org/wiki/regex) for
	// this parameter is a string of characters consisting of upper and lowercase
	// alphanumeric characters with no spaces. You can also include any of the following
	// characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s GetUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetUserInput"}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetUser request.
type GetUserOutput struct {
	_ struct{} `type:"structure"`

	// A structure containing details about the IAM user.
	//
	// User is a required field
	User *User `type:"structure" required:"true"`
}

// String returns the string representation
func (s GetUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetUserOutput) GoString() string {
	return s.String()
}

type GetUserPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name of the policy document to get.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name of the user who the policy is associated with.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetUserPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetUserPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetUserPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetUserPolicyInput"}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful GetUserPolicy request.
type GetUserPolicyOutput struct {
	_ struct{} `type:"structure"`

	// The policy document.
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy.
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The user the policy is associated with.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s GetUserPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GetUserPolicyOutput) GoString() string {
	return s.String()
}

// Contains information about an IAM group entity.
//
// This data type is used as a response element in the following actions:
//
//    * CreateGroup
//
//    * GetGroup
//
//    * ListGroups
type Group struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) specifying the group. For more information
	// about ARNs and how to use them in policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the group was created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The stable and unique string identifying the group. For more information
	// about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// GroupId is a required field
	GroupId *string `min:"16" type:"string" required:"true"`

	// The friendly name that identifies the group.
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The path to the group. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// Path is a required field
	Path *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s Group) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s Group) GoString() string {
	return s.String()
}

// Contains information about an IAM group, including all of the group's policies.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// action.
type GroupDetail struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	Arn *string `min:"20" type:"string"`

	// A list of the managed policies attached to the group.
	AttachedManagedPolicies []*AttachedPolicy `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the group was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The stable and unique string identifying the group. For more information
	// about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	GroupId *string `min:"16" type:"string"`

	// The friendly name that identifies the group.
	GroupName *string `min:"1" type:"string"`

	// A list of the inline policies embedded in the group.
	GroupPolicyList []*PolicyDetail `type:"list"`

	// The path to the group. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `min:"1" type:"string"`
}

// String returns the string representation
func (s GroupDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s GroupDetail) GoString() string {
	return s.String()
}

// Contains information about an instance profile.
//
// This data type is used as a response element in the following actions:
//
//    * CreateInstanceProfile
//
//    * GetInstanceProfile
//
//    * ListInstanceProfiles
//
//    * ListInstanceProfilesForRole
type InstanceProfile struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) specifying the instance profile. For more
	// information about ARNs and how to use them in policies, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The date when the instance profile was created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The stable and unique string identifying the instance profile. For more information
	// about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// InstanceProfileId is a required field
	InstanceProfileId *string `min:"16" type:"string" required:"true"`

	// The name identifying the instance profile.
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// The path to the instance profile. For more information about paths, see IAM
	// Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// Path is a required field
	Path *string `min:"1" type:"string" required:"true"`

	// The role associated with the instance profile.
	//
	// Roles is a required field
	Roles []*Role `type:"list" required:"true"`
}

// String returns the string representation
func (s InstanceProfile) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s InstanceProfile) GoString() string {
	return s.String()
}

type ListAccessKeysInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the user.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListAccessKeysInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListAccessKeysInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAccessKeysInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAccessKeysInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListAccessKeys request.
type ListAccessKeysOutput struct {
	_ struct{} `type:"structure"`

	// A list of objects containing metadata about the access keys.
	//
	// AccessKeyMetadata is a required field
	AccessKeyMetadata []*AccessKeyMetadata `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListAccessKeysOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListAccessKeysOutput) GoString() string {
	return s.String()
}

type ListAccountAliasesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation
func (s ListAccountAliasesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListAccountAliasesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAccountAliasesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAccountAliasesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListAccountAliases request.
type ListAccountAliasesOutput struct {
	_ struct{} `type:"structure"`

	// A list of aliases associated with the account. AWS supports only one alias
	// per account.
	//
	// AccountAliases is a required field
	AccountAliases []*string `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListAccountAliasesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListAccountAliasesOutput) GoString() string {
	return s.String()
}

type ListAttachedGroupPoliciesInput struct {
	_ struct{} `type:"structure"`

	// The name (friendly name, not ARN) of the group to list attached policies
	// for.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	PathPrefix *string `type:"string"`
}

// String returns the string representation
func (s ListAttachedGroupPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListAttachedGroupPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAttachedGroupPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAttachedGroupPoliciesInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListAttachedGroupPolicies request.
type ListAttachedGroupPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A list of the attached policies.
	AttachedPolicies []*AttachedPolicy `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListAttachedGroupPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListAttachedGroupPoliciesOutput) GoString() string {
	return s.String()
}

type ListAttachedRolePoliciesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	PathPrefix *string `type:"string"`

	// The name (friendly name, not ARN) of the role to list attached policies for.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s ListAttachedRolePoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListAttachedRolePoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAttachedRolePoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAttachedRolePoliciesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListAttachedRolePolicies request.
type ListAttachedRolePoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A list of the attached policies.
	AttachedPolicies []*AttachedPolicy `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListAttachedRolePoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListAttachedRolePoliciesOutput) GoString() string {
	return s.String()
}

type ListAttachedUserPoliciesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	PathPrefix *string `type:"string"`

	// The name (friendly name, not ARN) of the user to list attached policies for.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s ListAttachedUserPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListAttachedUserPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAttachedUserPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAttachedUserPoliciesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListAttachedUserPolicies request.
type ListAttachedUserPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A list of the attached policies.
	AttachedPolicies []*AttachedPolicy `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListAttachedUserPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListAttachedUserPoliciesOutput) GoString() string {
	return s.String()
}

type ListEntitiesForPolicyInput struct {
	_ struct{} `type:"structure"`

	// The entity type to use for filtering the results.
	//
	// For example, when EntityFilter is Role, only the roles that are attached
	// to the specified policy are returned. This parameter is optional. If it is
	// not included, all attached entities (users, groups, and roles) are returned.
	// The argument for this parameter must be one of the valid values listed below.
	EntityFilter *string `type:"string" enum:"EntityType"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all entities.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	PathPrefix *string `min:"1" type:"string"`

	// The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s ListEntitiesForPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListEntitiesForPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListEntitiesForPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListEntitiesForPolicyInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListEntitiesForPolicy request.
type ListEntitiesForPolicyOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of IAM groups that the policy is attached to.
	PolicyGroups []*PolicyGroup `type:"list"`

	// A list of IAM roles that the policy is attached to.
	PolicyRoles []*PolicyRole `type:"list"`

	// A list of IAM users that the policy is attached to.
	PolicyUsers []*PolicyUser `type:"list"`
}

// String returns the string representation
func (s ListEntitiesForPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListEntitiesForPolicyOutput) GoString() string {
	return s.String()
}

type ListGroupPoliciesInput struct {
	_ struct{} `type:"structure"`

	// The name of the group to list policies for.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation
func (s ListGroupPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListGroupPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListGroupPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListGroupPoliciesInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListGroupPolicies request.
type ListGroupPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of policy names.
	//
	// PolicyNames is a required field
	PolicyNames []*string `type:"list" required:"true"`
}

// String returns the string representation
func (s ListGroupPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListGroupPoliciesOutput) GoString() string {
	return s.String()
}

type ListGroupsForUserInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the user to list groups for.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s ListGroupsForUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListGroupsForUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListGroupsForUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListGroupsForUserInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListGroupsForUser request.
type ListGroupsForUserOutput struct {
	_ struct{} `type:"structure"`

	// A list of groups.
	//
	// Groups is a required field
	Groups []*Group `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListGroupsForUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListGroupsForUserOutput) GoString() string {
	return s.String()
}

type ListGroupsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. For example, the prefix /division_abc/subdivision_xyz/
	// gets all groups whose path starts with /division_abc/subdivision_xyz/.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all groups. The regex pattern (http://wikipedia.org/wiki/regex)
	// for this parameter is a string of characters consisting of either a forward
	// slash (/) by itself or a string that must begin and end with forward slashes,
	// containing any ASCII character from the ! (\u0021) thru the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListGroupsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListGroupsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListGroupsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListGroupsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListGroups request.
type ListGroupsOutput struct {
	_ struct{} `type:"structure"`

	// A list of groups.
	//
	// Groups is a required field
	Groups []*Group `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListGroupsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListGroupsOutput) GoString() string {
	return s.String()
}

type ListInstanceProfilesForRoleInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the role to list instance profiles for.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s ListInstanceProfilesForRoleInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListInstanceProfilesForRoleInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListInstanceProfilesForRoleInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListInstanceProfilesForRoleInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListInstanceProfilesForRole request.
type ListInstanceProfilesForRoleOutput struct {
	_ struct{} `type:"structure"`

	// A list of instance profiles.
	//
	// InstanceProfiles is a required field
	InstanceProfiles []*InstanceProfile `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListInstanceProfilesForRoleOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListInstanceProfilesForRoleOutput) GoString() string {
	return s.String()
}

type ListInstanceProfilesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/
	// gets all instance profiles whose path starts with /application_abc/component_xyz/.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all instance profiles. The regex pattern (http://wikipedia.org/wiki/regex)
	// for this parameter is a string of characters consisting of either a forward
	// slash (/) by itself or a string that must begin and end with forward slashes,
	// containing any ASCII character from the ! (\u0021) thru the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListInstanceProfilesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListInstanceProfilesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListInstanceProfilesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListInstanceProfilesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListInstanceProfiles request.
type ListInstanceProfilesOutput struct {
	_ struct{} `type:"structure"`

	// A list of instance profiles.
	//
	// InstanceProfiles is a required field
	InstanceProfiles []*InstanceProfile `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListInstanceProfilesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListInstanceProfilesOutput) GoString() string {
	return s.String()
}

type ListMFADevicesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the user whose MFA devices you want to list.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListMFADevicesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListMFADevicesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListMFADevicesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListMFADevicesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListMFADevices request.
type ListMFADevicesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// A list of MFA devices.
	//
	// MFADevices is a required field
	MFADevices []*MFADevice `type:"list" required:"true"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListMFADevicesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListMFADevicesOutput) GoString() string {
	return s.String()
}

type ListOpenIDConnectProvidersInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s ListOpenIDConnectProvidersInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListOpenIDConnectProvidersInput) GoString() string {
	return s.String()
}

// Contains the response to a successful ListOpenIDConnectProviders request.
type ListOpenIDConnectProvidersOutput struct {
	_ struct{} `type:"structure"`

	// The list of IAM OIDC provider resource objects defined in the AWS account.
	OpenIDConnectProviderList []*OpenIDConnectProviderListEntry `type:"list"`
}

// String returns the string representation
func (s ListOpenIDConnectProvidersOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListOpenIDConnectProvidersOutput) GoString() string {
	return s.String()
}

type ListPoliciesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// A flag to filter the results to only the attached policies.
	//
	// When OnlyAttached is true, the returned list contains only the policies that
	// are attached to an IAM user, group, or role. When OnlyAttached is false,
	// or when the parameter is not included, all policies are returned.
	OnlyAttached *bool `type:"boolean"`

	// The path prefix for filtering the results. This parameter is optional. If
	// it is not included, it defaults to a slash (/), listing all policies. The
	// regex pattern (http://wikipedia.org/wiki/regex) for this parameter is a string
	// of characters consisting of either a forward slash (/) by itself or a string
	// that must begin and end with forward slashes, containing any ASCII character
	// from the ! (\u0021) thru the DEL character (\u007F), including most punctuation
	// characters, digits, and upper and lowercased letters.
	PathPrefix *string `type:"string"`

	// The scope to use for filtering the results.
	//
	// To list only AWS managed policies, set Scope to AWS. To list only the customer
	// managed policies in your AWS account, set Scope to Local.
	//
	// This parameter is optional. If it is not included, or if it is set to All,
	// all policies are returned.
	Scope *string `type:"string" enum:"policyScopeType"`
}

// String returns the string representation
func (s ListPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListPolicies request.
type ListPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of policies.
	Policies []*Policy `type:"list"`
}

// String returns the string representation
func (s ListPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListPoliciesOutput) GoString() string {
	return s.String()
}

type ListPolicyVersionsInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s ListPolicyVersionsInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListPolicyVersionsInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPolicyVersionsInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListPolicyVersionsInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListPolicyVersions request.
type ListPolicyVersionsOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of policy versions.
	//
	// For more information about managed policy versions, see Versioning for Managed
	// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	Versions []*PolicyVersion `type:"list"`
}

// String returns the string representation
func (s ListPolicyVersionsOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListPolicyVersionsOutput) GoString() string {
	return s.String()
}

type ListRolePoliciesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the role to list policies for.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s ListRolePoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListRolePoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListRolePoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListRolePoliciesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListRolePolicies request.
type ListRolePoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of policy names.
	//
	// PolicyNames is a required field
	PolicyNames []*string `type:"list" required:"true"`
}

// String returns the string representation
func (s ListRolePoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListRolePoliciesOutput) GoString() string {
	return s.String()
}

type ListRolesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/
	// gets all roles whose path starts with /application_abc/component_xyz/.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all roles. The regex pattern (http://wikipedia.org/wiki/regex)
	// for this parameter is a string of characters consisting of either a forward
	// slash (/) by itself or a string that must begin and end with forward slashes,
	// containing any ASCII character from the ! (\u0021) thru the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListRolesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListRolesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListRolesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListRolesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListRoles request.
type ListRolesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of roles.
	//
	// Roles is a required field
	Roles []*Role `type:"list" required:"true"`
}

// String returns the string representation
func (s ListRolesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListRolesOutput) GoString() string {
	return s.String()
}

type ListSAMLProvidersInput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s ListSAMLProvidersInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListSAMLProvidersInput) GoString() string {
	return s.String()
}

// Contains the response to a successful ListSAMLProviders request.
type ListSAMLProvidersOutput struct {
	_ struct{} `type:"structure"`

	// The list of SAML provider resource objects defined in IAM for this AWS account.
	SAMLProviderList []*SAMLProviderListEntry `type:"list"`
}

// String returns the string representation
func (s ListSAMLProvidersOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListSAMLProvidersOutput) GoString() string {
	return s.String()
}

type ListSSHPublicKeysInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the IAM user to list SSH public keys for. If none is specified,
	// the UserName field is determined implicitly based on the AWS access key used
	// to sign the request.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListSSHPublicKeysInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListSSHPublicKeysInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListSSHPublicKeysInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListSSHPublicKeysInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListSSHPublicKeys request.
type ListSSHPublicKeysOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of the SSH public keys assigned to IAM user.
	SSHPublicKeys []*SSHPublicKeyMetadata `type:"list"`
}

// String returns the string representation
func (s ListSSHPublicKeysOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListSSHPublicKeysOutput) GoString() string {
	return s.String()
}

type ListServerCertificatesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. For example: /company/servercerts
	// would get all server certificates for which the path starts with /company/servercerts.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all server certificates. The regex pattern (http://wikipedia.org/wiki/regex)
	// for this parameter is a string of characters consisting of either a forward
	// slash (/) by itself or a string that must begin and end with forward slashes,
	// containing any ASCII character from the ! (\u0021) thru the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListServerCertificatesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListServerCertificatesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListServerCertificatesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListServerCertificatesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListServerCertificates request.
type ListServerCertificatesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of server certificates.
	//
	// ServerCertificateMetadataList is a required field
	ServerCertificateMetadataList []*ServerCertificateMetadata `type:"list" required:"true"`
}

// String returns the string representation
func (s ListServerCertificatesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListServerCertificatesOutput) GoString() string {
	return s.String()
}

type ListSigningCertificatesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the IAM user whose signing certificates you want to examine.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListSigningCertificatesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListSigningCertificatesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListSigningCertificatesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListSigningCertificatesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListSigningCertificates request.
type ListSigningCertificatesOutput struct {
	_ struct{} `type:"structure"`

	// A list of the user's signing certificate information.
	//
	// Certificates is a required field
	Certificates []*SigningCertificate `type:"list" required:"true"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListSigningCertificatesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListSigningCertificatesOutput) GoString() string {
	return s.String()
}

type ListUserPoliciesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The name of the user to list policies for.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s ListUserPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListUserPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListUserPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListUserPoliciesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListUserPolicies request.
type ListUserPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of policy names.
	//
	// PolicyNames is a required field
	PolicyNames []*string `type:"list" required:"true"`
}

// String returns the string representation
func (s ListUserPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListUserPoliciesOutput) GoString() string {
	return s.String()
}

type ListUsersInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// The path prefix for filtering the results. For example: /division_abc/subdivision_xyz/,
	// which would get all user names whose path starts with /division_abc/subdivision_xyz/.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/), listing all user names. The regex pattern (http://wikipedia.org/wiki/regex)
	// for this parameter is a string of characters consisting of either a forward
	// slash (/) by itself or a string that must begin and end with forward slashes,
	// containing any ASCII character from the ! (\u0021) thru the DEL character
	// (\u007F), including most punctuation characters, digits, and upper and lowercased
	// letters.
	PathPrefix *string `min:"1" type:"string"`
}

// String returns the string representation
func (s ListUsersInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListUsersInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListUsersInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListUsersInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PathPrefix != nil && len(*s.PathPrefix) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListUsers request.
type ListUsersOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// A list of users.
	//
	// Users is a required field
	Users []*User `type:"list" required:"true"`
}

// String returns the string representation
func (s ListUsersOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListUsersOutput) GoString() string {
	return s.String()
}

type ListVirtualMFADevicesInput struct {
	_ struct{} `type:"structure"`

	// The status (Unassigned or Assigned) of the devices to list. If you do not
	// specify an AssignmentStatus, the action defaults to Any which lists both
	// assigned and unassigned virtual MFA devices.
	AssignmentStatus *string `type:"string" enum:"assignmentStatusType"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`
}

// String returns the string representation
func (s ListVirtualMFADevicesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListVirtualMFADevicesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListVirtualMFADevicesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListVirtualMFADevicesInput"}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful ListVirtualMFADevices request.
type ListVirtualMFADevicesOutput struct {
	_ struct{} `type:"structure"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`

	// The list of virtual MFA devices in the current account that match the AssignmentStatus
	// value that was passed in the request.
	//
	// VirtualMFADevices is a required field
	VirtualMFADevices []*VirtualMFADevice `type:"list" required:"true"`
}

// String returns the string representation
func (s ListVirtualMFADevicesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ListVirtualMFADevicesOutput) GoString() string {
	return s.String()
}

// Contains the user name and password create date for a user.
//
// This data type is used as a response element in the CreateLoginProfile and
// GetLoginProfile actions.
type LoginProfile struct {
	_ struct{} `type:"structure"`

	// The date when the password for the user was created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// Specifies whether the user is required to set a new password on next sign-in.
	PasswordResetRequired *bool `type:"boolean"`

	// The name of the user, which can be used for signing in to the AWS Management
	// Console.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s LoginProfile) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s LoginProfile) GoString() string {
	return s.String()
}

// Contains information about an MFA device.
//
// This data type is used as a response element in the ListMFADevices action.
type MFADevice struct {
	_ struct{} `type:"structure"`

	// The date when the MFA device was enabled for the user.
	//
	// EnableDate is a required field
	EnableDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the device ARN.
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// The user with whom the MFA device is associated.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s MFADevice) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s MFADevice) GoString() string {
	return s.String()
}

// Contains information about a managed policy, including the policy's ARN,
// versions, and the number of principal entities (users, groups, and roles)
// that the policy is attached to.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// action.
//
// For more information about managed policies, see Managed Policies and Inline
// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type ManagedPolicyDetail struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	Arn *string `min:"20" type:"string"`

	// The number of principal entities (users, groups, and roles) that the policy
	// is attached to.
	AttachmentCount *int64 `type:"integer"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The identifier for the version of the policy that is set as the default (operative)
	// version.
	//
	// For more information about policy versions, see Versioning for Managed Policies
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the Using IAM guide.
	DefaultVersionId *string `type:"string"`

	// A friendly description of the policy.
	Description *string `type:"string"`

	// Specifies whether the policy can be attached to an IAM user, group, or role.
	IsAttachable *bool `type:"boolean"`

	// The path to the policy.
	//
	// For more information about paths, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string"`

	// The stable and unique string identifying the policy.
	//
	// For more information about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	PolicyId *string `min:"16" type:"string"`

	// The friendly name (not ARN) identifying the policy.
	PolicyName *string `min:"1" type:"string"`

	// A list containing information about the versions of the policy.
	PolicyVersionList []*PolicyVersion `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was last updated.
	//
	// When a policy has only one version, this field contains the date and time
	// when the policy was created. When a policy has more than one version, this
	// field contains the date and time when the most recent policy version was
	// created.
	UpdateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`
}

// String returns the string representation
func (s ManagedPolicyDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ManagedPolicyDetail) GoString() string {
	return s.String()
}

// Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider.
type OpenIDConnectProviderListEntry struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	Arn *string `min:"20" type:"string"`
}

// String returns the string representation
func (s OpenIDConnectProviderListEntry) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s OpenIDConnectProviderListEntry) GoString() string {
	return s.String()
}

// Contains information about the account password policy.
//
// This data type is used as a response element in the GetAccountPasswordPolicy
// action.
type PasswordPolicy struct {
	_ struct{} `type:"structure"`

	// Specifies whether IAM users are allowed to change their own password.
	AllowUsersToChangePassword *bool `type:"boolean"`

	// Indicates whether passwords in the account expire. Returns true if MaxPasswordAge
	// is contains a value greater than 0. Returns false if MaxPasswordAge is 0
	// or not present.
	ExpirePasswords *bool `type:"boolean"`

	// Specifies whether IAM users are prevented from setting a new password after
	// their password has expired.
	HardExpiry *bool `type:"boolean"`

	// The number of days that an IAM user password is valid.
	MaxPasswordAge *int64 `min:"1" type:"integer"`

	// Minimum length to require for IAM user passwords.
	MinimumPasswordLength *int64 `min:"6" type:"integer"`

	// Specifies the number of previous passwords that IAM users are prevented from
	// reusing.
	PasswordReusePrevention *int64 `min:"1" type:"integer"`

	// Specifies whether to require lowercase characters for IAM user passwords.
	RequireLowercaseCharacters *bool `type:"boolean"`

	// Specifies whether to require numbers for IAM user passwords.
	RequireNumbers *bool `type:"boolean"`

	// Specifies whether to require symbols for IAM user passwords.
	RequireSymbols *bool `type:"boolean"`

	// Specifies whether to require uppercase characters for IAM user passwords.
	RequireUppercaseCharacters *bool `type:"boolean"`
}

// String returns the string representation
func (s PasswordPolicy) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PasswordPolicy) GoString() string {
	return s.String()
}

// Contains information about a managed policy.
//
// This data type is used as a response element in the CreatePolicy, GetPolicy,
// and ListPolicies actions.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type Policy struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	Arn *string `min:"20" type:"string"`

	// The number of entities (users, groups, and roles) that the policy is attached
	// to.
	AttachmentCount *int64 `type:"integer"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The identifier for the version of the policy that is set as the default version.
	DefaultVersionId *string `type:"string"`

	// A friendly description of the policy.
	//
	// This element is included in the response to the GetPolicy operation. It is
	// not included in the response to the ListPolicies operation.
	Description *string `type:"string"`

	// Specifies whether the policy can be attached to an IAM user, group, or role.
	IsAttachable *bool `type:"boolean"`

	// The path to the policy.
	//
	// For more information about paths, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `type:"string"`

	// The stable and unique string identifying the policy.
	//
	// For more information about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	PolicyId *string `min:"16" type:"string"`

	// The friendly name (not ARN) identifying the policy.
	PolicyName *string `min:"1" type:"string"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy was last updated.
	//
	// When a policy has only one version, this field contains the date and time
	// when the policy was created. When a policy has more than one version, this
	// field contains the date and time when the most recent policy version was
	// created.
	UpdateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`
}

// String returns the string representation
func (s Policy) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s Policy) GoString() string {
	return s.String()
}

// Contains information about an IAM policy, including the policy document.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// action.
type PolicyDetail struct {
	_ struct{} `type:"structure"`

	// The policy document.
	PolicyDocument *string `min:"1" type:"string"`

	// The name of the policy.
	PolicyName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s PolicyDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PolicyDetail) GoString() string {
	return s.String()
}

// Contains information about a group that a managed policy is attached to.
//
// This data type is used as a response element in the ListEntitiesForPolicy
// action.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type PolicyGroup struct {
	_ struct{} `type:"structure"`

	// The stable and unique string identifying the group. For more information
	// about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
	// in the IAM User Guide.
	GroupId *string `min:"16" type:"string"`

	// The name (friendly name, not ARN) identifying the group.
	GroupName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s PolicyGroup) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PolicyGroup) GoString() string {
	return s.String()
}

// Contains information about a role that a managed policy is attached to.
//
// This data type is used as a response element in the ListEntitiesForPolicy
// action.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type PolicyRole struct {
	_ struct{} `type:"structure"`

	// The stable and unique string identifying the role. For more information about
	// IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
	// in the IAM User Guide.
	RoleId *string `min:"16" type:"string"`

	// The name (friendly name, not ARN) identifying the role.
	RoleName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s PolicyRole) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PolicyRole) GoString() string {
	return s.String()
}

// Contains information about a user that a managed policy is attached to.
//
// This data type is used as a response element in the ListEntitiesForPolicy
// action.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type PolicyUser struct {
	_ struct{} `type:"structure"`

	// The stable and unique string identifying the user. For more information about
	// IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
	// in the IAM User Guide.
	UserId *string `min:"16" type:"string"`

	// The name (friendly name, not ARN) identifying the user.
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s PolicyUser) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PolicyUser) GoString() string {
	return s.String()
}

// Contains information about a version of a managed policy.
//
// This data type is used as a response element in the CreatePolicyVersion,
// GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails
// actions.
//
// For more information about managed policies, refer to Managed Policies and
// Inline Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)
// in the Using IAM guide.
type PolicyVersion struct {
	_ struct{} `type:"structure"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the policy version was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The policy document.
	//
	// The policy document is returned in the response to the GetPolicyVersion and
	// GetAccountAuthorizationDetails operations. It is not returned in the response
	// to the CreatePolicyVersion or ListPolicyVersions operations.
	Document *string `min:"1" type:"string"`

	// Specifies whether the policy version is set as the policy's default version.
	IsDefaultVersion *bool `type:"boolean"`

	// The identifier for the policy version.
	//
	// Policy version identifiers always begin with v (always lowercase). When a
	// policy is created, the first policy version is v1.
	VersionId *string `type:"string"`
}

// String returns the string representation
func (s PolicyVersion) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PolicyVersion) GoString() string {
	return s.String()
}

// Contains the row and column of a location of a Statement element in a policy
// document.
//
// This data type is used as a member of the Statement type.
type Position struct {
	_ struct{} `type:"structure"`

	// The column in the line containing the specified position in the document.
	Column *int64 `type:"integer"`

	// The line containing the specified position in the document.
	Line *int64 `type:"integer"`
}

// String returns the string representation
func (s Position) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s Position) GoString() string {
	return s.String()
}

type PutGroupPolicyInput struct {
	_ struct{} `type:"structure"`

	// The name of the group to associate the policy with.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The policy document.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy document.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s PutGroupPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PutGroupPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PutGroupPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PutGroupPolicyInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type PutGroupPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s PutGroupPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PutGroupPolicyOutput) GoString() string {
	return s.String()
}

type PutRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The policy document.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy document.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name of the role to associate the policy with.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s PutRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PutRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PutRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PutRolePolicyInput"}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type PutRolePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s PutRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PutRolePolicyOutput) GoString() string {
	return s.String()
}

type PutUserPolicyInput struct {
	_ struct{} `type:"structure"`

	// The policy document.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the policy document.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// PolicyName is a required field
	PolicyName *string `min:"1" type:"string" required:"true"`

	// The name of the user to associate the policy with.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s PutUserPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PutUserPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PutUserPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PutUserPolicyInput"}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}
	if s.PolicyName == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyName"))
	}
	if s.PolicyName != nil && len(*s.PolicyName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type PutUserPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s PutUserPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s PutUserPolicyOutput) GoString() string {
	return s.String()
}

type RemoveClientIDFromOpenIDConnectProviderInput struct {
	_ struct{} `type:"structure"`

	// The client ID (also known as audience) to remove from the IAM OIDC provider
	// resource. For more information about client IDs, see CreateOpenIDConnectProvider.
	//
	// ClientID is a required field
	ClientID *string `min:"1" type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove
	// the client ID from. You can get a list of OIDC provider ARNs by using the
	// ListOpenIDConnectProviders action.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s RemoveClientIDFromOpenIDConnectProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RemoveClientIDFromOpenIDConnectProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RemoveClientIDFromOpenIDConnectProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "RemoveClientIDFromOpenIDConnectProviderInput"}
	if s.ClientID == nil {
		invalidParams.Add(request.NewErrParamRequired("ClientID"))
	}
	if s.ClientID != nil && len(*s.ClientID) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ClientID", 1))
	}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type RemoveClientIDFromOpenIDConnectProviderOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s RemoveClientIDFromOpenIDConnectProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RemoveClientIDFromOpenIDConnectProviderOutput) GoString() string {
	return s.String()
}

type RemoveRoleFromInstanceProfileInput struct {
	_ struct{} `type:"structure"`

	// The name of the instance profile to update.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// InstanceProfileName is a required field
	InstanceProfileName *string `min:"1" type:"string" required:"true"`

	// The name of the role to remove.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s RemoveRoleFromInstanceProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RemoveRoleFromInstanceProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RemoveRoleFromInstanceProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "RemoveRoleFromInstanceProfileInput"}
	if s.InstanceProfileName == nil {
		invalidParams.Add(request.NewErrParamRequired("InstanceProfileName"))
	}
	if s.InstanceProfileName != nil && len(*s.InstanceProfileName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("InstanceProfileName", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type RemoveRoleFromInstanceProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s RemoveRoleFromInstanceProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RemoveRoleFromInstanceProfileOutput) GoString() string {
	return s.String()
}

type RemoveUserFromGroupInput struct {
	_ struct{} `type:"structure"`

	// The name of the group to update.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// The name of the user to remove.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s RemoveUserFromGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RemoveUserFromGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RemoveUserFromGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "RemoveUserFromGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type RemoveUserFromGroupOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s RemoveUserFromGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RemoveUserFromGroupOutput) GoString() string {
	return s.String()
}

// Contains the result of the simulation of a single API action call on a single
// resource.
//
// This data type is used by a member of the EvaluationResult data type.
type ResourceSpecificResult struct {
	_ struct{} `type:"structure"`

	// Additional details about the results of the evaluation decision. When there
	// are both IAM policies and resource policies, this parameter explains how
	// each set of policies contributes to the final evaluation decision. When simulating
	// cross-account access to a resource, both the resource-based policy and the
	// caller's IAM policy must grant access.
	EvalDecisionDetails map[string]*string `type:"map"`

	// The result of the simulation of the simulated API action on the resource
	// specified in EvalResourceName.
	//
	// EvalResourceDecision is a required field
	EvalResourceDecision *string `type:"string" required:"true" enum:"PolicyEvaluationDecisionType"`

	// The name of the simulated resource, in Amazon Resource Name (ARN) format.
	//
	// EvalResourceName is a required field
	EvalResourceName *string `min:"1" type:"string" required:"true"`

	// A list of the statements in the input policies that determine the result
	// for this part of the simulation. Remember that even if multiple statements
	// allow the action on the resource, if any statement denies that action, then
	// the explicit deny overrides any allow, and the deny statement is the only
	// entry included in the result.
	MatchedStatements []*Statement `type:"list"`

	// A list of context keys that are required by the included input policies but
	// that were not provided by one of the input parameters. This list is used
	// when a list of ARNs is included in the ResourceArns parameter instead of
	// "*". If you do not specify individual resources, by setting ResourceArns
	// to "*" or by not including the ResourceArns parameter, then any missing context
	// values are instead included under the EvaluationResults section. To discover
	// the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy
	// or GetContextKeysForPrincipalPolicy.
	MissingContextValues []*string `type:"list"`
}

// String returns the string representation
func (s ResourceSpecificResult) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ResourceSpecificResult) GoString() string {
	return s.String()
}

type ResyncMFADeviceInput struct {
	_ struct{} `type:"structure"`

	// An authentication code emitted by the device.
	//
	// The format for this parameter is a sequence of six digits.
	//
	// AuthenticationCode1 is a required field
	AuthenticationCode1 *string `min:"6" type:"string" required:"true"`

	// A subsequent authentication code emitted by the device.
	//
	// The format for this parameter is a sequence of six digits.
	//
	// AuthenticationCode2 is a required field
	AuthenticationCode2 *string `min:"6" type:"string" required:"true"`

	// Serial number that uniquely identifies the MFA device.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// The name of the user whose MFA device you want to resynchronize.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s ResyncMFADeviceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ResyncMFADeviceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ResyncMFADeviceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ResyncMFADeviceInput"}
	if s.AuthenticationCode1 == nil {
		invalidParams.Add(request.NewErrParamRequired("AuthenticationCode1"))
	}
	if s.AuthenticationCode1 != nil && len(*s.AuthenticationCode1) < 6 {
		invalidParams.Add(request.NewErrParamMinLen("AuthenticationCode1", 6))
	}
	if s.AuthenticationCode2 == nil {
		invalidParams.Add(request.NewErrParamRequired("AuthenticationCode2"))
	}
	if s.AuthenticationCode2 != nil && len(*s.AuthenticationCode2) < 6 {
		invalidParams.Add(request.NewErrParamMinLen("AuthenticationCode2", 6))
	}
	if s.SerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("SerialNumber"))
	}
	if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
		invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type ResyncMFADeviceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s ResyncMFADeviceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ResyncMFADeviceOutput) GoString() string {
	return s.String()
}

// Contains information about an IAM role.
//
// This data type is used as a response element in the following actions:
//
//    * CreateRole
//
//    * GetRole
//
//    * ListRoles
type Role struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) specifying the role. For more information
	// about ARNs and how to use them in policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The policy that grants an entity permission to assume the role.
	AssumeRolePolicyDocument *string `min:"1" type:"string"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the role was created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The path to the role. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// Path is a required field
	Path *string `min:"1" type:"string" required:"true"`

	// The stable and unique string identifying the role. For more information about
	// IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// RoleId is a required field
	RoleId *string `min:"16" type:"string" required:"true"`

	// The friendly name that identifies the role.
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s Role) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s Role) GoString() string {
	return s.String()
}

// Contains information about an IAM role, including all of the role's policies.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// action.
type RoleDetail struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	Arn *string `min:"20" type:"string"`

	// The trust policy that grants permission to assume the role.
	AssumeRolePolicyDocument *string `min:"1" type:"string"`

	// A list of managed policies attached to the role. These policies are the role's
	// access (permissions) policies.
	AttachedManagedPolicies []*AttachedPolicy `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the role was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// Contains a list of instance profiles.
	InstanceProfileList []*InstanceProfile `type:"list"`

	// The path to the role. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `min:"1" type:"string"`

	// The stable and unique string identifying the role. For more information about
	// IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	RoleId *string `min:"16" type:"string"`

	// The friendly name that identifies the role.
	RoleName *string `min:"1" type:"string"`

	// A list of inline policies embedded in the role. These policies are the role's
	// access (permissions) policies.
	RolePolicyList []*PolicyDetail `type:"list"`
}

// String returns the string representation
func (s RoleDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s RoleDetail) GoString() string {
	return s.String()
}

// Contains the list of SAML providers for this account.
type SAMLProviderListEntry struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the SAML provider.
	Arn *string `min:"20" type:"string"`

	// The date and time when the SAML provider was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The expiration date and time for the SAML provider.
	ValidUntil *time.Time `type:"timestamp" timestampFormat:"iso8601"`
}

// String returns the string representation
func (s SAMLProviderListEntry) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SAMLProviderListEntry) GoString() string {
	return s.String()
}

// Contains information about an SSH public key.
//
// This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey
// actions.
type SSHPublicKey struct {
	_ struct{} `type:"structure"`

	// The MD5 message digest of the SSH public key.
	//
	// Fingerprint is a required field
	Fingerprint *string `min:"48" type:"string" required:"true"`

	// The SSH public key.
	//
	// SSHPublicKeyBody is a required field
	SSHPublicKeyBody *string `min:"1" type:"string" required:"true"`

	// The unique identifier for the SSH public key.
	//
	// SSHPublicKeyId is a required field
	SSHPublicKeyId *string `min:"20" type:"string" required:"true"`

	// The status of the SSH public key. Active means the key can be used for authentication
	// with an AWS CodeCommit repository. Inactive means the key cannot be used.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"statusType"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the SSH public key was uploaded.
	UploadDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The name of the IAM user associated with the SSH public key.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s SSHPublicKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SSHPublicKey) GoString() string {
	return s.String()
}

// Contains information about an SSH public key, without the key's body or fingerprint.
//
// This data type is used as a response element in the ListSSHPublicKeys action.
type SSHPublicKeyMetadata struct {
	_ struct{} `type:"structure"`

	// The unique identifier for the SSH public key.
	//
	// SSHPublicKeyId is a required field
	SSHPublicKeyId *string `min:"20" type:"string" required:"true"`

	// The status of the SSH public key. Active means the key can be used for authentication
	// with an AWS CodeCommit repository. Inactive means the key cannot be used.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"statusType"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the SSH public key was uploaded.
	//
	// UploadDate is a required field
	UploadDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The name of the IAM user associated with the SSH public key.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s SSHPublicKeyMetadata) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SSHPublicKeyMetadata) GoString() string {
	return s.String()
}

// Contains information about a server certificate.
//
// This data type is used as a response element in the GetServerCertificate
// action.
type ServerCertificate struct {
	_ struct{} `type:"structure"`

	// The contents of the public key certificate.
	//
	// CertificateBody is a required field
	CertificateBody *string `min:"1" type:"string" required:"true"`

	// The contents of the public key certificate chain.
	CertificateChain *string `min:"1" type:"string"`

	// The meta information of the server certificate, such as its name, path, ID,
	// and ARN.
	//
	// ServerCertificateMetadata is a required field
	ServerCertificateMetadata *ServerCertificateMetadata `type:"structure" required:"true"`
}

// String returns the string representation
func (s ServerCertificate) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ServerCertificate) GoString() string {
	return s.String()
}

// Contains information about a server certificate without its certificate body,
// certificate chain, and private key.
//
// This data type is used as a response element in the UploadServerCertificate
// and ListServerCertificates actions.
type ServerCertificateMetadata struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) specifying the server certificate. For more
	// information about ARNs and how to use them in policies, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The date on which the certificate is set to expire.
	Expiration *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The path to the server certificate. For more information about paths, see
	// IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// Path is a required field
	Path *string `min:"1" type:"string" required:"true"`

	// The stable and unique string identifying the server certificate. For more
	// information about IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// ServerCertificateId is a required field
	ServerCertificateId *string `min:"16" type:"string" required:"true"`

	// The name that identifies the server certificate.
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`

	// The date when the server certificate was uploaded.
	UploadDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`
}

// String returns the string representation
func (s ServerCertificateMetadata) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s ServerCertificateMetadata) GoString() string {
	return s.String()
}

type SetDefaultPolicyVersionInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM policy whose default version you
	// want to set.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicyArn is a required field
	PolicyArn *string `min:"20" type:"string" required:"true"`

	// The version of the policy to set as the default (operative) version.
	//
	// For more information about managed policy versions, see Versioning for Managed
	// Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html)
	// in the IAM User Guide.
	//
	// VersionId is a required field
	VersionId *string `type:"string" required:"true"`
}

// String returns the string representation
func (s SetDefaultPolicyVersionInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SetDefaultPolicyVersionInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *SetDefaultPolicyVersionInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "SetDefaultPolicyVersionInput"}
	if s.PolicyArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyArn"))
	}
	if s.PolicyArn != nil && len(*s.PolicyArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyArn", 20))
	}
	if s.VersionId == nil {
		invalidParams.Add(request.NewErrParamRequired("VersionId"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type SetDefaultPolicyVersionOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s SetDefaultPolicyVersionOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SetDefaultPolicyVersionOutput) GoString() string {
	return s.String()
}

// Contains information about an X.509 signing certificate.
//
// This data type is used as a response element in the UploadSigningCertificate
// and ListSigningCertificates actions.
type SigningCertificate struct {
	_ struct{} `type:"structure"`

	// The contents of the signing certificate.
	//
	// CertificateBody is a required field
	CertificateBody *string `min:"1" type:"string" required:"true"`

	// The ID for the signing certificate.
	//
	// CertificateId is a required field
	CertificateId *string `min:"24" type:"string" required:"true"`

	// The status of the signing certificate. Active means the key is valid for
	// API calls, while Inactive means it is not.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"statusType"`

	// The date when the signing certificate was uploaded.
	UploadDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The name of the user the signing certificate is associated with.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s SigningCertificate) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SigningCertificate) GoString() string {
	return s.String()
}

type SimulateCustomPolicyInput struct {
	_ struct{} `type:"structure"`

	// A list of names of API actions to evaluate in the simulation. Each action
	// is evaluated against each resource. Each action must include the service
	// identifier, such as iam:CreateUser.
	//
	// ActionNames is a required field
	ActionNames []*string `type:"list" required:"true"`

	// The ARN of the IAM user that you want to use as the simulated caller of the
	// APIs. CallerArn is required if you include a ResourcePolicy so that the policy's
	// Principal element has a value to use in evaluating the policy.
	//
	// You can specify only the ARN of an IAM user. You cannot specify the ARN of
	// an assumed role, federated user, or a service principal.
	CallerArn *string `min:"1" type:"string"`

	// A list of context keys and corresponding values for the simulation to use.
	// Whenever a context key is evaluated in one of the simulated IAM permission
	// policies, the corresponding value is supplied.
	ContextEntries []*ContextEntry `type:"list"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// A list of policy documents to include in the simulation. Each document is
	// specified as a string containing the complete, valid JSON text of an IAM
	// policy. Do not include any resource-based policies in this parameter. Any
	// resource-based policy must be submitted with the ResourcePolicy parameter.
	// The policies cannot be "scope-down" policies, such as you could include in
	// a call to GetFederationToken (http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html)
	// or one of the AssumeRole (http://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html)
	// APIs to restrict what a user can do while using the temporary credentials.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// PolicyInputList is a required field
	PolicyInputList []*string `type:"list" required:"true"`

	// A list of ARNs of AWS resources to include in the simulation. If this parameter
	// is not provided then the value defaults to * (all resources). Each API in
	// the ActionNames parameter is evaluated for each resource in this list. The
	// simulation determines the access result (allowed or denied) of each combination
	// and reports it in the response.
	//
	// The simulation does not automatically retrieve policies for the specified
	// resources. If you want to include a resource policy in the simulation, then
	// you must include the policy as a string in the ResourcePolicy parameter.
	//
	// If you include a ResourcePolicy, then it must be applicable to all of the
	// resources included in the simulation or you receive an invalid input error.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	ResourceArns []*string `type:"list"`

	// Specifies the type of simulation to run. Different APIs that support resource-based
	// policies require different combinations of resources. By specifying the type
	// of simulation to run, you enable the policy simulator to enforce the presence
	// of the required resources to ensure reliable simulation results. If your
	// simulation does not match one of the following scenarios, then you can omit
	// this parameter. The following list shows each of the supported scenario values
	// and the resources that you must define to run the simulation.
	//
	// Each of the EC2 scenarios requires that you specify instance, image, and
	// security-group resources. If your scenario includes an EBS volume, then you
	// must specify that volume as a resource. If the EC2 scenario includes VPC,
	// then you must supply the network-interface resource. If it includes an IP
	// subnet, then you must specify the subnet resource. For more information on
	// the EC2 scenario options, see Supported Platforms (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html)
	// in the AWS EC2 User Guide.
	//
	//    * EC2-Classic-InstanceStore
	//
	// instance, image, security-group
	//
	//    * EC2-Classic-EBS
	//
	// instance, image, security-group, volume
	//
	//    * EC2-VPC-InstanceStore
	//
	// instance, image, security-group, network-interface
	//
	//    * EC2-VPC-InstanceStore-Subnet
	//
	// instance, image, security-group, network-interface, subnet
	//
	//    * EC2-VPC-EBS
	//
	// instance, image, security-group, network-interface, volume
	//
	//    * EC2-VPC-EBS-Subnet
	//
	// instance, image, security-group, network-interface, subnet, volume
	ResourceHandlingOption *string `min:"1" type:"string"`

	// An AWS account ID that specifies the owner of any simulated resource that
	// does not identify its owner in the resource ARN, such as an S3 bucket or
	// object. If ResourceOwner is specified, it is also used as the account owner
	// of any ResourcePolicy included in the simulation. If the ResourceOwner parameter
	// is not specified, then the owner of the resources and the resource policy
	// defaults to the account of the identity provided in CallerArn. This parameter
	// is required only if you specify a resource-based policy and account that
	// owns the resource is different from the account that owns the simulated calling
	// user CallerArn.
	ResourceOwner *string `min:"1" type:"string"`

	// A resource-based policy to include in the simulation provided as a string.
	// Each resource in the simulation is treated as if it had this policy attached.
	// You can include only one resource-based policy in a simulation.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	ResourcePolicy *string `min:"1" type:"string"`
}

// String returns the string representation
func (s SimulateCustomPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SimulateCustomPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *SimulateCustomPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "SimulateCustomPolicyInput"}
	if s.ActionNames == nil {
		invalidParams.Add(request.NewErrParamRequired("ActionNames"))
	}
	if s.CallerArn != nil && len(*s.CallerArn) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CallerArn", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PolicyInputList == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyInputList"))
	}
	if s.ResourceHandlingOption != nil && len(*s.ResourceHandlingOption) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceHandlingOption", 1))
	}
	if s.ResourceOwner != nil && len(*s.ResourceOwner) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceOwner", 1))
	}
	if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1))
	}
	if s.ContextEntries != nil {
		for i, v := range s.ContextEntries {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ContextEntries", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful SimulatePrincipalPolicy or SimulateCustomPolicy
// request.
type SimulatePolicyResponse struct {
	_ struct{} `type:"structure"`

	// The results of the simulation.
	EvaluationResults []*EvaluationResult `type:"list"`

	// A flag that indicates whether there are more items to return. If your results
	// were truncated, you can make a subsequent pagination request using the Marker
	// request parameter to retrieve more items. Note that IAM might return fewer
	// than the MaxItems number of results even when there are more results available.
	// We recommend that you check IsTruncated after every call to ensure that you
	// receive all of your results.
	IsTruncated *bool `type:"boolean"`

	// When IsTruncated is true, this element is present and contains the value
	// to use for the Marker parameter in a subsequent pagination request.
	Marker *string `min:"1" type:"string"`
}

// String returns the string representation
func (s SimulatePolicyResponse) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SimulatePolicyResponse) GoString() string {
	return s.String()
}

type SimulatePrincipalPolicyInput struct {
	_ struct{} `type:"structure"`

	// A list of names of API actions to evaluate in the simulation. Each action
	// is evaluated for each resource. Each action must include the service identifier,
	// such as iam:CreateUser.
	//
	// ActionNames is a required field
	ActionNames []*string `type:"list" required:"true"`

	// The ARN of the IAM user that you want to specify as the simulated caller
	// of the APIs. If you do not specify a CallerArn, it defaults to the ARN of
	// the user that you specify in PolicySourceArn, if you specified a user. If
	// you include both a PolicySourceArn (for example, arn:aws:iam::123456789012:user/David)
	// and a CallerArn (for example, arn:aws:iam::123456789012:user/Bob), the result
	// is that you simulate calling the APIs as Bob, as if Bob had David's policies.
	//
	// You can specify only the ARN of an IAM user. You cannot specify the ARN of
	// an assumed role, federated user, or a service principal.
	//
	// CallerArn is required if you include a ResourcePolicy and the PolicySourceArn
	// is not the ARN for an IAM user. This is required so that the resource-based
	// policy's Principal element has a value to use in evaluating the policy.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	CallerArn *string `min:"1" type:"string"`

	// A list of context keys and corresponding values for the simulation to use.
	// Whenever a context key is evaluated in one of the simulated IAM permission
	// policies, the corresponding value is supplied.
	ContextEntries []*ContextEntry `type:"list"`

	// Use this parameter only when paginating results and only after you receive
	// a response indicating that the results are truncated. Set it to the value
	// of the Marker element in the response that you received to indicate where
	// the next call should start.
	Marker *string `min:"1" type:"string"`

	// Use this only when paginating results to indicate the maximum number of items
	// you want in the response. If additional items exist beyond the maximum you
	// specify, the IsTruncated response element is true.
	//
	// This parameter is optional. If you do not include it, it defaults to 100.
	// Note that IAM might return fewer results, even when there are more results
	// available. In that case, the IsTruncated response element returns true and
	// Marker contains a value to include in the subsequent call that tells the
	// service where to continue from.
	MaxItems *int64 `min:"1" type:"integer"`

	// An optional list of additional policy documents to include in the simulation.
	// Each document is specified as a string containing the complete, valid JSON
	// text of an IAM policy.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	PolicyInputList []*string `type:"list"`

	// The Amazon Resource Name (ARN) of a user, group, or role whose policies you
	// want to include in the simulation. If you specify a user, group, or role,
	// the simulation includes all policies that are associated with that entity.
	// If you specify a user, the simulation also includes all policies that are
	// attached to any groups the user belongs to.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// PolicySourceArn is a required field
	PolicySourceArn *string `min:"20" type:"string" required:"true"`

	// A list of ARNs of AWS resources to include in the simulation. If this parameter
	// is not provided then the value defaults to * (all resources). Each API in
	// the ActionNames parameter is evaluated for each resource in this list. The
	// simulation determines the access result (allowed or denied) of each combination
	// and reports it in the response.
	//
	// The simulation does not automatically retrieve policies for the specified
	// resources. If you want to include a resource policy in the simulation, then
	// you must include the policy as a string in the ResourcePolicy parameter.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	ResourceArns []*string `type:"list"`

	// Specifies the type of simulation to run. Different APIs that support resource-based
	// policies require different combinations of resources. By specifying the type
	// of simulation to run, you enable the policy simulator to enforce the presence
	// of the required resources to ensure reliable simulation results. If your
	// simulation does not match one of the following scenarios, then you can omit
	// this parameter. The following list shows each of the supported scenario values
	// and the resources that you must define to run the simulation.
	//
	// Each of the EC2 scenarios requires that you specify instance, image, and
	// security-group resources. If your scenario includes an EBS volume, then you
	// must specify that volume as a resource. If the EC2 scenario includes VPC,
	// then you must supply the network-interface resource. If it includes an IP
	// subnet, then you must specify the subnet resource. For more information on
	// the EC2 scenario options, see Supported Platforms (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html)
	// in the AWS EC2 User Guide.
	//
	//    * EC2-Classic-InstanceStore
	//
	// instance, image, security-group
	//
	//    * EC2-Classic-EBS
	//
	// instance, image, security-group, volume
	//
	//    * EC2-VPC-InstanceStore
	//
	// instance, image, security-group, network-interface
	//
	//    * EC2-VPC-InstanceStore-Subnet
	//
	// instance, image, security-group, network-interface, subnet
	//
	//    * EC2-VPC-EBS
	//
	// instance, image, security-group, network-interface, volume
	//
	//    * EC2-VPC-EBS-Subnet
	//
	// instance, image, security-group, network-interface, subnet, volume
	ResourceHandlingOption *string `min:"1" type:"string"`

	// An AWS account ID that specifies the owner of any simulated resource that
	// does not identify its owner in the resource ARN, such as an S3 bucket or
	// object. If ResourceOwner is specified, it is also used as the account owner
	// of any ResourcePolicy included in the simulation. If the ResourceOwner parameter
	// is not specified, then the owner of the resources and the resource policy
	// defaults to the account of the identity provided in CallerArn. This parameter
	// is required only if you specify a resource-based policy and account that
	// owns the resource is different from the account that owns the simulated calling
	// user CallerArn.
	ResourceOwner *string `min:"1" type:"string"`

	// A resource-based policy to include in the simulation provided as a string.
	// Each resource in the simulation is treated as if it had this policy attached.
	// You can include only one resource-based policy in a simulation.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	ResourcePolicy *string `min:"1" type:"string"`
}

// String returns the string representation
func (s SimulatePrincipalPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s SimulatePrincipalPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *SimulatePrincipalPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "SimulatePrincipalPolicyInput"}
	if s.ActionNames == nil {
		invalidParams.Add(request.NewErrParamRequired("ActionNames"))
	}
	if s.CallerArn != nil && len(*s.CallerArn) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CallerArn", 1))
	}
	if s.Marker != nil && len(*s.Marker) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
	}
	if s.MaxItems != nil && *s.MaxItems < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
	}
	if s.PolicySourceArn == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicySourceArn"))
	}
	if s.PolicySourceArn != nil && len(*s.PolicySourceArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("PolicySourceArn", 20))
	}
	if s.ResourceHandlingOption != nil && len(*s.ResourceHandlingOption) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceHandlingOption", 1))
	}
	if s.ResourceOwner != nil && len(*s.ResourceOwner) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceOwner", 1))
	}
	if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1))
	}
	if s.ContextEntries != nil {
		for i, v := range s.ContextEntries {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ContextEntries", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains a reference to a Statement element in a policy document that determines
// the result of the simulation.
//
// This data type is used by the MatchedStatements member of the EvaluationResult
// type.
type Statement struct {
	_ struct{} `type:"structure"`

	// The row and column of the end of a Statement in an IAM policy.
	EndPosition *Position `type:"structure"`

	// The identifier of the policy that was provided as an input.
	SourcePolicyId *string `type:"string"`

	// The type of the policy.
	SourcePolicyType *string `type:"string" enum:"PolicySourceType"`

	// The row and column of the beginning of the Statement in an IAM policy.
	StartPosition *Position `type:"structure"`
}

// String returns the string representation
func (s Statement) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s Statement) GoString() string {
	return s.String()
}

type UpdateAccessKeyInput struct {
	_ struct{} `type:"structure"`

	// The access key ID of the secret access key you want to update.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// AccessKeyId is a required field
	AccessKeyId *string `min:"16" type:"string" required:"true"`

	// The status you want to assign to the secret access key. Active means the
	// key can be used for API calls to AWS, while Inactive means the key cannot
	// be used.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"statusType"`

	// The name of the user whose key you want to update.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s UpdateAccessKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateAccessKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateAccessKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateAccessKeyInput"}
	if s.AccessKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
	}
	if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
	}
	if s.Status == nil {
		invalidParams.Add(request.NewErrParamRequired("Status"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type UpdateAccessKeyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s UpdateAccessKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateAccessKeyOutput) GoString() string {
	return s.String()
}

type UpdateAccountPasswordPolicyInput struct {
	_ struct{} `type:"structure"`

	// Allows all IAM users in your account to use the AWS Management Console to
	// change their own passwords. For more information, see Letting IAM Users Change
	// Their Own Passwords (http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html)
	// in the IAM User Guide.
	//
	// Default value: false
	AllowUsersToChangePassword *bool `type:"boolean"`

	// Prevents IAM users from setting a new password after their password has expired.
	//
	// Default value: false
	HardExpiry *bool `type:"boolean"`

	// The number of days that an IAM user password is valid. The default value
	// of 0 means IAM user passwords never expire.
	//
	// Default value: 0
	MaxPasswordAge *int64 `min:"1" type:"integer"`

	// The minimum number of characters allowed in an IAM user password.
	//
	// Default value: 6
	MinimumPasswordLength *int64 `min:"6" type:"integer"`

	// Specifies the number of previous passwords that IAM users are prevented from
	// reusing. The default value of 0 means IAM users are not prevented from reusing
	// previous passwords.
	//
	// Default value: 0
	PasswordReusePrevention *int64 `min:"1" type:"integer"`

	// Specifies whether IAM user passwords must contain at least one lowercase
	// character from the ISO basic Latin alphabet (a to z).
	//
	// Default value: false
	RequireLowercaseCharacters *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one numeric character
	// (0 to 9).
	//
	// Default value: false
	RequireNumbers *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one of the following
	// non-alphanumeric characters:
	//
	// ! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
	//
	// Default value: false
	RequireSymbols *bool `type:"boolean"`

	// Specifies whether IAM user passwords must contain at least one uppercase
	// character from the ISO basic Latin alphabet (A to Z).
	//
	// Default value: false
	RequireUppercaseCharacters *bool `type:"boolean"`
}

// String returns the string representation
func (s UpdateAccountPasswordPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateAccountPasswordPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateAccountPasswordPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateAccountPasswordPolicyInput"}
	if s.MaxPasswordAge != nil && *s.MaxPasswordAge < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxPasswordAge", 1))
	}
	if s.MinimumPasswordLength != nil && *s.MinimumPasswordLength < 6 {
		invalidParams.Add(request.NewErrParamMinValue("MinimumPasswordLength", 6))
	}
	if s.PasswordReusePrevention != nil && *s.PasswordReusePrevention < 1 {
		invalidParams.Add(request.NewErrParamMinValue("PasswordReusePrevention", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type UpdateAccountPasswordPolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s UpdateAccountPasswordPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateAccountPasswordPolicyOutput) GoString() string {
	return s.String()
}

type UpdateAssumeRolePolicyInput struct {
	_ struct{} `type:"structure"`

	// The policy that grants an entity permission to assume the role.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// PolicyDocument is a required field
	PolicyDocument *string `min:"1" type:"string" required:"true"`

	// The name of the role to update with the new policy.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// RoleName is a required field
	RoleName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s UpdateAssumeRolePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateAssumeRolePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateAssumeRolePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateAssumeRolePolicyInput"}
	if s.PolicyDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
	}
	if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1))
	}
	if s.RoleName == nil {
		invalidParams.Add(request.NewErrParamRequired("RoleName"))
	}
	if s.RoleName != nil && len(*s.RoleName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("RoleName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type UpdateAssumeRolePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s UpdateAssumeRolePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateAssumeRolePolicyOutput) GoString() string {
	return s.String()
}

type UpdateGroupInput struct {
	_ struct{} `type:"structure"`

	// Name of the IAM group to update. If you're changing the name of the group,
	// this is the original name.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// GroupName is a required field
	GroupName *string `min:"1" type:"string" required:"true"`

	// New name for the IAM group. Only include this if changing the group's name.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	NewGroupName *string `min:"1" type:"string"`

	// New path for the IAM group. Only include this if changing the group's path.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	NewPath *string `min:"1" type:"string"`
}

// String returns the string representation
func (s UpdateGroupInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateGroupInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateGroupInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateGroupInput"}
	if s.GroupName == nil {
		invalidParams.Add(request.NewErrParamRequired("GroupName"))
	}
	if s.GroupName != nil && len(*s.GroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("GroupName", 1))
	}
	if s.NewGroupName != nil && len(*s.NewGroupName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewGroupName", 1))
	}
	if s.NewPath != nil && len(*s.NewPath) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewPath", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type UpdateGroupOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s UpdateGroupOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateGroupOutput) GoString() string {
	return s.String()
}

type UpdateLoginProfileInput struct {
	_ struct{} `type:"structure"`

	// The new password for the specified IAM user.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D). However, the format can be further
	// restricted by the account administrator by setting a password policy on the
	// AWS account. For more information, see UpdateAccountPasswordPolicy.
	Password *string `min:"1" type:"string"`

	// Allows this new password to be used only once by requiring the specified
	// IAM user to set a new password on next sign-in.
	PasswordResetRequired *bool `type:"boolean"`

	// The name of the user whose password you want to update.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s UpdateLoginProfileInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateLoginProfileInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateLoginProfileInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateLoginProfileInput"}
	if s.Password != nil && len(*s.Password) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Password", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type UpdateLoginProfileOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s UpdateLoginProfileOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateLoginProfileOutput) GoString() string {
	return s.String()
}

type UpdateOpenIDConnectProviderThumbprintInput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for
	// which you want to update the thumbprint. You can get a list of OIDC provider
	// ARNs by using the ListOpenIDConnectProviders action.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// OpenIDConnectProviderArn is a required field
	OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"`

	// A list of certificate thumbprints that are associated with the specified
	// IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
	//
	// ThumbprintList is a required field
	ThumbprintList []*string `type:"list" required:"true"`
}

// String returns the string representation
func (s UpdateOpenIDConnectProviderThumbprintInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateOpenIDConnectProviderThumbprintInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateOpenIDConnectProviderThumbprintInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateOpenIDConnectProviderThumbprintInput"}
	if s.OpenIDConnectProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("OpenIDConnectProviderArn"))
	}
	if s.OpenIDConnectProviderArn != nil && len(*s.OpenIDConnectProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("OpenIDConnectProviderArn", 20))
	}
	if s.ThumbprintList == nil {
		invalidParams.Add(request.NewErrParamRequired("ThumbprintList"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type UpdateOpenIDConnectProviderThumbprintOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s UpdateOpenIDConnectProviderThumbprintOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateOpenIDConnectProviderThumbprintOutput) GoString() string {
	return s.String()
}

type UpdateSAMLProviderInput struct {
	_ struct{} `type:"structure"`

	// An XML document generated by an identity provider (IdP) that supports SAML
	// 2.0. The document includes the issuer's name, expiration information, and
	// keys that can be used to validate the SAML authentication response (assertions)
	// that are received from the IdP. You must generate the metadata document using
	// the identity management software that is used as your organization's IdP.
	//
	// SAMLMetadataDocument is a required field
	SAMLMetadataDocument *string `min:"1000" type:"string" required:"true"`

	// The Amazon Resource Name (ARN) of the SAML provider to update.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	//
	// SAMLProviderArn is a required field
	SAMLProviderArn *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation
func (s UpdateSAMLProviderInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateSAMLProviderInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateSAMLProviderInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateSAMLProviderInput"}
	if s.SAMLMetadataDocument == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLMetadataDocument"))
	}
	if s.SAMLMetadataDocument != nil && len(*s.SAMLMetadataDocument) < 1000 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLMetadataDocument", 1000))
	}
	if s.SAMLProviderArn == nil {
		invalidParams.Add(request.NewErrParamRequired("SAMLProviderArn"))
	}
	if s.SAMLProviderArn != nil && len(*s.SAMLProviderArn) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SAMLProviderArn", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful UpdateSAMLProvider request.
type UpdateSAMLProviderOutput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the SAML provider that was updated.
	SAMLProviderArn *string `min:"20" type:"string"`
}

// String returns the string representation
func (s UpdateSAMLProviderOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateSAMLProviderOutput) GoString() string {
	return s.String()
}

type UpdateSSHPublicKeyInput struct {
	_ struct{} `type:"structure"`

	// The unique identifier for the SSH public key.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// SSHPublicKeyId is a required field
	SSHPublicKeyId *string `min:"20" type:"string" required:"true"`

	// The status to assign to the SSH public key. Active means the key can be used
	// for authentication with an AWS CodeCommit repository. Inactive means the
	// key cannot be used.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"statusType"`

	// The name of the IAM user associated with the SSH public key.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s UpdateSSHPublicKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateSSHPublicKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateSSHPublicKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateSSHPublicKeyInput"}
	if s.SSHPublicKeyId == nil {
		invalidParams.Add(request.NewErrParamRequired("SSHPublicKeyId"))
	}
	if s.SSHPublicKeyId != nil && len(*s.SSHPublicKeyId) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("SSHPublicKeyId", 20))
	}
	if s.Status == nil {
		invalidParams.Add(request.NewErrParamRequired("Status"))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type UpdateSSHPublicKeyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s UpdateSSHPublicKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateSSHPublicKeyOutput) GoString() string {
	return s.String()
}

type UpdateServerCertificateInput struct {
	_ struct{} `type:"structure"`

	// The new path for the server certificate. Include this only if you are updating
	// the server certificate's path.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	NewPath *string `min:"1" type:"string"`

	// The new name for the server certificate. Include this only if you are updating
	// the server certificate's name. The name of the certificate cannot contain
	// any spaces.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	NewServerCertificateName *string `min:"1" type:"string"`

	// The name of the server certificate that you want to update.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s UpdateServerCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateServerCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateServerCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateServerCertificateInput"}
	if s.NewPath != nil && len(*s.NewPath) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewPath", 1))
	}
	if s.NewServerCertificateName != nil && len(*s.NewServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewServerCertificateName", 1))
	}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type UpdateServerCertificateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s UpdateServerCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateServerCertificateOutput) GoString() string {
	return s.String()
}

type UpdateSigningCertificateInput struct {
	_ struct{} `type:"structure"`

	// The ID of the signing certificate you want to update.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters that can consist of any upper or lowercased letter
	// or digit.
	//
	// CertificateId is a required field
	CertificateId *string `min:"24" type:"string" required:"true"`

	// The status you want to assign to the certificate. Active means the certificate
	// can be used for API calls to AWS, while Inactive means the certificate cannot
	// be used.
	//
	// Status is a required field
	Status *string `type:"string" required:"true" enum:"statusType"`

	// The name of the IAM user the signing certificate belongs to.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s UpdateSigningCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateSigningCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateSigningCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateSigningCertificateInput"}
	if s.CertificateId == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateId"))
	}
	if s.CertificateId != nil && len(*s.CertificateId) < 24 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateId", 24))
	}
	if s.Status == nil {
		invalidParams.Add(request.NewErrParamRequired("Status"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type UpdateSigningCertificateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s UpdateSigningCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateSigningCertificateOutput) GoString() string {
	return s.String()
}

type UpdateUserInput struct {
	_ struct{} `type:"structure"`

	// New path for the IAM user. Include this parameter only if you're changing
	// the user's path.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	NewPath *string `min:"1" type:"string"`

	// New name for the user. Include this parameter only if you're changing the
	// user's name.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	NewUserName *string `min:"1" type:"string"`

	// Name of the user to update. If you're changing the name of the user, this
	// is the original user name.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s UpdateUserInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateUserInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateUserInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateUserInput"}
	if s.NewPath != nil && len(*s.NewPath) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewPath", 1))
	}
	if s.NewUserName != nil && len(*s.NewUserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NewUserName", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

type UpdateUserOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation
func (s UpdateUserOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UpdateUserOutput) GoString() string {
	return s.String()
}

type UploadSSHPublicKeyInput struct {
	_ struct{} `type:"structure"`

	// The SSH public key. The public key must be encoded in ssh-rsa format or PEM
	// format.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// SSHPublicKeyBody is a required field
	SSHPublicKeyBody *string `min:"1" type:"string" required:"true"`

	// The name of the IAM user to associate the SSH public key with.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s UploadSSHPublicKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UploadSSHPublicKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UploadSSHPublicKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UploadSSHPublicKeyInput"}
	if s.SSHPublicKeyBody == nil {
		invalidParams.Add(request.NewErrParamRequired("SSHPublicKeyBody"))
	}
	if s.SSHPublicKeyBody != nil && len(*s.SSHPublicKeyBody) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("SSHPublicKeyBody", 1))
	}
	if s.UserName == nil {
		invalidParams.Add(request.NewErrParamRequired("UserName"))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful UploadSSHPublicKey request.
type UploadSSHPublicKeyOutput struct {
	_ struct{} `type:"structure"`

	// Contains information about the SSH public key.
	SSHPublicKey *SSHPublicKey `type:"structure"`
}

// String returns the string representation
func (s UploadSSHPublicKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UploadSSHPublicKeyOutput) GoString() string {
	return s.String()
}

type UploadServerCertificateInput struct {
	_ struct{} `type:"structure"`

	// The contents of the public key certificate in PEM-encoded format.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// CertificateBody is a required field
	CertificateBody *string `min:"1" type:"string" required:"true"`

	// The contents of the certificate chain. This is typically a concatenation
	// of the PEM-encoded public key certificates of the chain.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	CertificateChain *string `min:"1" type:"string"`

	// The path for the server certificate. For more information about paths, see
	// IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a slash
	// (/). The regex pattern (http://wikipedia.org/wiki/regex) for this parameter
	// is a string of characters consisting of either a forward slash (/) by itself
	// or a string that must begin and end with forward slashes, containing any
	// ASCII character from the ! (\u0021) thru the DEL character (\u007F), including
	// most punctuation characters, digits, and upper and lowercased letters.
	//
	// If you are uploading a server certificate specifically for use with Amazon
	// CloudFront distributions, you must specify a path using the --path option.
	// The path must begin with /cloudfront and must include a trailing slash (for
	// example, /cloudfront/test/).
	Path *string `min:"1" type:"string"`

	// The contents of the private key in PEM-encoded format.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// PrivateKey is a required field
	PrivateKey *string `min:"1" type:"string" required:"true"`

	// The name for the server certificate. Do not include the path in this value.
	// The name of the certificate cannot contain any spaces.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	//
	// ServerCertificateName is a required field
	ServerCertificateName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s UploadServerCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UploadServerCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UploadServerCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UploadServerCertificateInput"}
	if s.CertificateBody == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateBody"))
	}
	if s.CertificateBody != nil && len(*s.CertificateBody) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateBody", 1))
	}
	if s.CertificateChain != nil && len(*s.CertificateChain) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateChain", 1))
	}
	if s.Path != nil && len(*s.Path) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Path", 1))
	}
	if s.PrivateKey == nil {
		invalidParams.Add(request.NewErrParamRequired("PrivateKey"))
	}
	if s.PrivateKey != nil && len(*s.PrivateKey) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PrivateKey", 1))
	}
	if s.ServerCertificateName == nil {
		invalidParams.Add(request.NewErrParamRequired("ServerCertificateName"))
	}
	if s.ServerCertificateName != nil && len(*s.ServerCertificateName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ServerCertificateName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful UploadServerCertificate request.
type UploadServerCertificateOutput struct {
	_ struct{} `type:"structure"`

	// The meta information of the uploaded server certificate without its certificate
	// body, certificate chain, and private key.
	ServerCertificateMetadata *ServerCertificateMetadata `type:"structure"`
}

// String returns the string representation
func (s UploadServerCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UploadServerCertificateOutput) GoString() string {
	return s.String()
}

type UploadSigningCertificateInput struct {
	_ struct{} `type:"structure"`

	// The contents of the signing certificate.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of any printable ASCII character ranging
	// from the space character (\u0020) through end of the ASCII character range
	// (\u00FF). It also includes the special characters tab (\u0009), line feed
	// (\u000A), and carriage return (\u000D).
	//
	// CertificateBody is a required field
	CertificateBody *string `min:"1" type:"string" required:"true"`

	// The name of the user the signing certificate is for.
	//
	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: =,.@-
	UserName *string `min:"1" type:"string"`
}

// String returns the string representation
func (s UploadSigningCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UploadSigningCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UploadSigningCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UploadSigningCertificateInput"}
	if s.CertificateBody == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateBody"))
	}
	if s.CertificateBody != nil && len(*s.CertificateBody) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateBody", 1))
	}
	if s.UserName != nil && len(*s.UserName) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserName", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// Contains the response to a successful UploadSigningCertificate request.
type UploadSigningCertificateOutput struct {
	_ struct{} `type:"structure"`

	// Information about the certificate.
	//
	// Certificate is a required field
	Certificate *SigningCertificate `type:"structure" required:"true"`
}

// String returns the string representation
func (s UploadSigningCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UploadSigningCertificateOutput) GoString() string {
	return s.String()
}

// Contains information about an IAM user entity.
//
// This data type is used as a response element in the following actions:
//
//    * CreateUser
//
//    * GetUser
//
//    * ListUsers
type User struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) that identifies the user. For more information
	// about ARNs and how to use ARNs in policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// Arn is a required field
	Arn *string `min:"20" type:"string" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the user was created.
	//
	// CreateDate is a required field
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the user's password was last used to sign in to an AWS website. For
	// a list of AWS websites that capture a user's last sign-in time, see the Credential
	// Reports (http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
	// topic in the Using IAM guide. If a password is used more than once in a five-minute
	// span, only the first use is returned in this field. This field is null (not
	// present) when:
	//
	//    * The user does not have a password
	//
	//    * The password exists but has never been used (at least not since IAM
	//    started tracking this information on October 20th, 2014
	//
	//    * there is no sign-in data associated with the user
	//
	// This value is returned only in the GetUser and ListUsers actions.
	PasswordLastUsed *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// The path to the user. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// Path is a required field
	Path *string `min:"1" type:"string" required:"true"`

	// The stable and unique string identifying the user. For more information about
	// IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	//
	// UserId is a required field
	UserId *string `min:"16" type:"string" required:"true"`

	// The friendly name identifying the user.
	//
	// UserName is a required field
	UserName *string `min:"1" type:"string" required:"true"`
}

// String returns the string representation
func (s User) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s User) GoString() string {
	return s.String()
}

// Contains information about an IAM user, including all the user's policies
// and all the IAM groups the user is in.
//
// This data type is used as a response element in the GetAccountAuthorizationDetails
// action.
type UserDetail struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	Arn *string `min:"20" type:"string"`

	// A list of the managed policies attached to the user.
	AttachedManagedPolicies []*AttachedPolicy `type:"list"`

	// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
	// when the user was created.
	CreateDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// A list of IAM groups that the user is in.
	GroupList []*string `type:"list"`

	// The path to the user. For more information about paths, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	Path *string `min:"1" type:"string"`

	// The stable and unique string identifying the user. For more information about
	// IDs, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	UserId *string `min:"16" type:"string"`

	// The friendly name identifying the user.
	UserName *string `min:"1" type:"string"`

	// A list of the inline policies embedded in the user.
	UserPolicyList []*PolicyDetail `type:"list"`
}

// String returns the string representation
func (s UserDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s UserDetail) GoString() string {
	return s.String()
}

// Contains information about a virtual MFA device.
type VirtualMFADevice struct {
	_ struct{} `type:"structure"`

	// The Base32 seed defined as specified in RFC3548 (http://www.ietf.org/rfc/rfc3548.txt).
	// The Base32StringSeed is Base64-encoded.
	//
	// Base32StringSeed is automatically base64 encoded/decoded by the SDK.
	Base32StringSeed []byte `type:"blob"`

	// The date and time on which the virtual MFA device was enabled.
	EnableDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`

	// A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String
	// where $virtualMFADeviceName is one of the create call arguments, AccountName
	// is the user name if set (otherwise, the account ID otherwise), and Base32String
	// is the seed in Base32 format. The Base32String value is Base64-encoded.
	//
	// QRCodePNG is automatically base64 encoded/decoded by the SDK.
	QRCodePNG []byte `type:"blob"`

	// The serial number associated with VirtualMFADevice.
	//
	// SerialNumber is a required field
	SerialNumber *string `min:"9" type:"string" required:"true"`

	// Contains information about an IAM user entity.
	//
	// This data type is used as a response element in the following actions:
	//
	//    * CreateUser
	//
	//    * GetUser
	//
	//    * ListUsers
	User *User `type:"structure"`
}

// String returns the string representation
func (s VirtualMFADevice) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation
func (s VirtualMFADevice) GoString() string {
	return s.String()
}

const (
	// ContextKeyTypeEnumString is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumString = "string"

	// ContextKeyTypeEnumStringList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumStringList = "stringList"

	// ContextKeyTypeEnumNumeric is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumNumeric = "numeric"

	// ContextKeyTypeEnumNumericList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumNumericList = "numericList"

	// ContextKeyTypeEnumBoolean is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumBoolean = "boolean"

	// ContextKeyTypeEnumBooleanList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumBooleanList = "booleanList"

	// ContextKeyTypeEnumIp is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumIp = "ip"

	// ContextKeyTypeEnumIpList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumIpList = "ipList"

	// ContextKeyTypeEnumBinary is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumBinary = "binary"

	// ContextKeyTypeEnumBinaryList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumBinaryList = "binaryList"

	// ContextKeyTypeEnumDate is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumDate = "date"

	// ContextKeyTypeEnumDateList is a ContextKeyTypeEnum enum value
	ContextKeyTypeEnumDateList = "dateList"
)

const (
	// EntityTypeUser is a EntityType enum value
	EntityTypeUser = "User"

	// EntityTypeRole is a EntityType enum value
	EntityTypeRole = "Role"

	// EntityTypeGroup is a EntityType enum value
	EntityTypeGroup = "Group"

	// EntityTypeLocalManagedPolicy is a EntityType enum value
	EntityTypeLocalManagedPolicy = "LocalManagedPolicy"

	// EntityTypeAwsmanagedPolicy is a EntityType enum value
	EntityTypeAwsmanagedPolicy = "AWSManagedPolicy"
)

const (
	// PolicyEvaluationDecisionTypeAllowed is a PolicyEvaluationDecisionType enum value
	PolicyEvaluationDecisionTypeAllowed = "allowed"

	// PolicyEvaluationDecisionTypeExplicitDeny is a PolicyEvaluationDecisionType enum value
	PolicyEvaluationDecisionTypeExplicitDeny = "explicitDeny"

	// PolicyEvaluationDecisionTypeImplicitDeny is a PolicyEvaluationDecisionType enum value
	PolicyEvaluationDecisionTypeImplicitDeny = "implicitDeny"
)

const (
	// PolicySourceTypeUser is a PolicySourceType enum value
	PolicySourceTypeUser = "user"

	// PolicySourceTypeGroup is a PolicySourceType enum value
	PolicySourceTypeGroup = "group"

	// PolicySourceTypeRole is a PolicySourceType enum value
	PolicySourceTypeRole = "role"

	// PolicySourceTypeAwsManaged is a PolicySourceType enum value
	PolicySourceTypeAwsManaged = "aws-managed"

	// PolicySourceTypeUserManaged is a PolicySourceType enum value
	PolicySourceTypeUserManaged = "user-managed"

	// PolicySourceTypeResource is a PolicySourceType enum value
	PolicySourceTypeResource = "resource"

	// PolicySourceTypeNone is a PolicySourceType enum value
	PolicySourceTypeNone = "none"
)

const (
	// ReportFormatTypeTextCsv is a ReportFormatType enum value
	ReportFormatTypeTextCsv = "text/csv"
)

const (
	// ReportStateTypeStarted is a ReportStateType enum value
	ReportStateTypeStarted = "STARTED"

	// ReportStateTypeInprogress is a ReportStateType enum value
	ReportStateTypeInprogress = "INPROGRESS"

	// ReportStateTypeComplete is a ReportStateType enum value
	ReportStateTypeComplete = "COMPLETE"
)

const (
	// AssignmentStatusTypeAssigned is a assignmentStatusType enum value
	AssignmentStatusTypeAssigned = "Assigned"

	// AssignmentStatusTypeUnassigned is a assignmentStatusType enum value
	AssignmentStatusTypeUnassigned = "Unassigned"

	// AssignmentStatusTypeAny is a assignmentStatusType enum value
	AssignmentStatusTypeAny = "Any"
)

const (
	// EncodingTypeSsh is a encodingType enum value
	EncodingTypeSsh = "SSH"

	// EncodingTypePem is a encodingType enum value
	EncodingTypePem = "PEM"
)

const (
	// PolicyScopeTypeAll is a policyScopeType enum value
	PolicyScopeTypeAll = "All"

	// PolicyScopeTypeAws is a policyScopeType enum value
	PolicyScopeTypeAws = "AWS"

	// PolicyScopeTypeLocal is a policyScopeType enum value
	PolicyScopeTypeLocal = "Local"
)

const (
	// StatusTypeActive is a statusType enum value
	StatusTypeActive = "Active"

	// StatusTypeInactive is a statusType enum value
	StatusTypeInactive = "Inactive"
)

const (
	// SummaryKeyTypeUsers is a summaryKeyType enum value
	SummaryKeyTypeUsers = "Users"

	// SummaryKeyTypeUsersQuota is a summaryKeyType enum value
	SummaryKeyTypeUsersQuota = "UsersQuota"

	// SummaryKeyTypeGroups is a summaryKeyType enum value
	SummaryKeyTypeGroups = "Groups"

	// SummaryKeyTypeGroupsQuota is a summaryKeyType enum value
	SummaryKeyTypeGroupsQuota = "GroupsQuota"

	// SummaryKeyTypeServerCertificates is a summaryKeyType enum value
	SummaryKeyTypeServerCertificates = "ServerCertificates"

	// SummaryKeyTypeServerCertificatesQuota is a summaryKeyType enum value
	SummaryKeyTypeServerCertificatesQuota = "ServerCertificatesQuota"

	// SummaryKeyTypeUserPolicySizeQuota is a summaryKeyType enum value
	SummaryKeyTypeUserPolicySizeQuota = "UserPolicySizeQuota"

	// SummaryKeyTypeGroupPolicySizeQuota is a summaryKeyType enum value
	SummaryKeyTypeGroupPolicySizeQuota = "GroupPolicySizeQuota"

	// SummaryKeyTypeGroupsPerUserQuota is a summaryKeyType enum value
	SummaryKeyTypeGroupsPerUserQuota = "GroupsPerUserQuota"

	// SummaryKeyTypeSigningCertificatesPerUserQuota is a summaryKeyType enum value
	SummaryKeyTypeSigningCertificatesPerUserQuota = "SigningCertificatesPerUserQuota"

	// SummaryKeyTypeAccessKeysPerUserQuota is a summaryKeyType enum value
	SummaryKeyTypeAccessKeysPerUserQuota = "AccessKeysPerUserQuota"

	// SummaryKeyTypeMfadevices is a summaryKeyType enum value
	SummaryKeyTypeMfadevices = "MFADevices"

	// SummaryKeyTypeMfadevicesInUse is a summaryKeyType enum value
	SummaryKeyTypeMfadevicesInUse = "MFADevicesInUse"

	// SummaryKeyTypeAccountMfaenabled is a summaryKeyType enum value
	SummaryKeyTypeAccountMfaenabled = "AccountMFAEnabled"

	// SummaryKeyTypeAccountAccessKeysPresent is a summaryKeyType enum value
	SummaryKeyTypeAccountAccessKeysPresent = "AccountAccessKeysPresent"

	// SummaryKeyTypeAccountSigningCertificatesPresent is a summaryKeyType enum value
	SummaryKeyTypeAccountSigningCertificatesPresent = "AccountSigningCertificatesPresent"

	// SummaryKeyTypeAttachedPoliciesPerGroupQuota is a summaryKeyType enum value
	SummaryKeyTypeAttachedPoliciesPerGroupQuota = "AttachedPoliciesPerGroupQuota"

	// SummaryKeyTypeAttachedPoliciesPerRoleQuota is a summaryKeyType enum value
	SummaryKeyTypeAttachedPoliciesPerRoleQuota = "AttachedPoliciesPerRoleQuota"

	// SummaryKeyTypeAttachedPoliciesPerUserQuota is a summaryKeyType enum value
	SummaryKeyTypeAttachedPoliciesPerUserQuota = "AttachedPoliciesPerUserQuota"

	// SummaryKeyTypePolicies is a summaryKeyType enum value
	SummaryKeyTypePolicies = "Policies"

	// SummaryKeyTypePoliciesQuota is a summaryKeyType enum value
	SummaryKeyTypePoliciesQuota = "PoliciesQuota"

	// SummaryKeyTypePolicySizeQuota is a summaryKeyType enum value
	SummaryKeyTypePolicySizeQuota = "PolicySizeQuota"

	// SummaryKeyTypePolicyVersionsInUse is a summaryKeyType enum value
	SummaryKeyTypePolicyVersionsInUse = "PolicyVersionsInUse"

	// SummaryKeyTypePolicyVersionsInUseQuota is a summaryKeyType enum value
	SummaryKeyTypePolicyVersionsInUseQuota = "PolicyVersionsInUseQuota"

	// SummaryKeyTypeVersionsPerPolicyQuota is a summaryKeyType enum value
	SummaryKeyTypeVersionsPerPolicyQuota = "VersionsPerPolicyQuota"
)