-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Amazon Identity and Access Management SDK.
--   
--   The types from this library are intended to be used with
--   <a>amazonka</a>, which provides mechanisms for specifying AuthN/AuthZ
--   information, sending requests, and receiving responses.
--   
--   Lenses are used for constructing and manipulating types, due to the
--   depth of nesting of AWS types and transparency regarding
--   de/serialisation into more palatable Haskell values. The provided
--   lenses should be compatible with any of the major lens libraries such
--   as <a>lens</a> or <a>lens-family-core</a>.
--   
--   See <a>Network.AWS.IAM</a> or <a>the AWS documentation</a> to get
--   started.
@package amazonka-iam
@version 1.6.0


module Network.AWS.IAM.Types

-- | API version <tt>2010-05-08</tt> of the Amazon Identity and Access
--   Management SDK configuration.
iam :: Service

-- | The request was rejected because the credential report does not exist.
--   To generate a credential report, use <tt>GenerateCredentialReport</tt>
--   .
_CredentialReportNotPresentException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the credential report is still being
--   generated.
_CredentialReportNotReadyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the policy document was malformed.
--   The error message describes the specific error.
_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because it attempted to create a resource
--   that already exists.
_EntityAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the certificate was malformed or
--   expired. The error message describes the specific error.
_MalformedCertificateException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the most recent credential report has
--   expired. To generate a new credential report, use
--   <tt>GenerateCredentialReport</tt> . For more information about
--   credential report expiration, see <a>Getting Credential Reports</a> in
--   the <i>IAM User Guide</i> .
_CredentialReportExpiredException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because only the service that depends on the
--   service-linked role can modify or delete the role on your behalf. The
--   error message includes the name of the service that depends on this
--   service-linked role. You must request the change through that service.
_UnmodifiableEntityException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the same certificate is associated
--   with an IAM user in the account.
_DuplicateCertificateException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because it attempted to delete a resource
--   that has attached subordinate entities. The error message describes
--   these entities.
_DeleteConflictException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because it referenced an entity that does not
--   exist. The error message describes the entity.
_NoSuchEntityException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the certificate is invalid.
_InvalidCertificateException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request failed because AWS service role policies can only be
--   attached to the service-linked role for that service.
_PolicyNotAttachableException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The specified service does not support service-specific credentials.
_ServiceNotSupportedException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the public key encoding format is
--   unsupported or unrecognized.
_UnrecognizedPublicKeyEncodingException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the type of user for the transaction
--   was incorrect.
_InvalidUserTypeException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request processing has failed because of an unknown error,
--   exception or failure.
_ServiceFailureException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because an invalid or out-of-range value was
--   supplied for an input parameter.
_InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the public key is malformed or
--   otherwise invalid.
_InvalidPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the authentication code was not
--   recognized. The error message describes the specific error.
_InvalidAuthenticationCodeException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because it referenced an entity that is
--   temporarily unmodifiable, such as a user name that was deleted and
--   then recreated. The error indicates that the request is likely to
--   succeed if you try again after waiting several minutes. The error
--   message describes the entity.
_EntityTemporarilyUnmodifiableException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the SSH public key is already
--   associated with the specified IAM user.
_DuplicateSSHPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the public key certificate and the
--   private key do not match.
_KeyPairMismatchException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request failed because a provided policy could not be successfully
--   evaluated. An additional detailed message indicates the source of the
--   failure.
_PolicyEvaluationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the provided password did not meet
--   the requirements imposed by the account password policy.
_PasswordPolicyViolationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because it attempted to create resources
--   beyond the current AWS account limits. The error message describes the
--   limit exceeded.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
data AssignmentStatusType
Any :: AssignmentStatusType
Assigned :: AssignmentStatusType
Unassigned :: AssignmentStatusType
data ContextKeyTypeEnum
Binary :: ContextKeyTypeEnum
BinaryList :: ContextKeyTypeEnum
Boolean :: ContextKeyTypeEnum
BooleanList :: ContextKeyTypeEnum
Date :: ContextKeyTypeEnum
DateList :: ContextKeyTypeEnum
IP :: ContextKeyTypeEnum
IPList :: ContextKeyTypeEnum
Numeric :: ContextKeyTypeEnum
NumericList :: ContextKeyTypeEnum
String :: ContextKeyTypeEnum
StringList :: ContextKeyTypeEnum
data DeletionTaskStatusType
Failed :: DeletionTaskStatusType
InProgress :: DeletionTaskStatusType
NotStarted :: DeletionTaskStatusType
Succeeded :: DeletionTaskStatusType
data EncodingType
Pem :: EncodingType
SSH :: EncodingType
data EntityType
ETAWSManagedPolicy :: EntityType
ETGroup :: EntityType
ETLocalManagedPolicy :: EntityType
ETRole :: EntityType
ETUser :: EntityType
data PolicyEvaluationDecisionType
Allowed :: PolicyEvaluationDecisionType
ExplicitDeny :: PolicyEvaluationDecisionType
ImplicitDeny :: PolicyEvaluationDecisionType
data PolicyScopeType
AWS :: PolicyScopeType
All :: PolicyScopeType
Local :: PolicyScopeType
data PolicySourceType
AWSManaged :: PolicySourceType
Group :: PolicySourceType
None :: PolicySourceType
Resource :: PolicySourceType
Role :: PolicySourceType
User :: PolicySourceType
UserManaged :: PolicySourceType
data ReportFormatType
TextCSV :: ReportFormatType
data ReportStateType
RSTComplete :: ReportStateType
RSTInprogress :: ReportStateType
RSTStarted :: ReportStateType
data StatusType
Active :: StatusType
Inactive :: StatusType
data SummaryKeyType
AccessKeysPerUserQuota :: SummaryKeyType
AccountAccessKeysPresent :: SummaryKeyType
AccountMFAEnabled :: SummaryKeyType
AccountSigningCertificatesPresent :: SummaryKeyType
AttachedPoliciesPerGroupQuota :: SummaryKeyType
AttachedPoliciesPerRoleQuota :: SummaryKeyType
AttachedPoliciesPerUserQuota :: SummaryKeyType
GroupPolicySizeQuota :: SummaryKeyType
Groups :: SummaryKeyType
GroupsPerUserQuota :: SummaryKeyType
GroupsQuota :: SummaryKeyType
MFADevices :: SummaryKeyType
MFADevicesInUse :: SummaryKeyType
Policies :: SummaryKeyType
PoliciesQuota :: SummaryKeyType
PolicySizeQuota :: SummaryKeyType
PolicyVersionsInUse :: SummaryKeyType
PolicyVersionsInUseQuota :: SummaryKeyType
ServerCertificates :: SummaryKeyType
ServerCertificatesQuota :: SummaryKeyType
SigningCertificatesPerUserQuota :: SummaryKeyType
UserPolicySizeQuota :: SummaryKeyType
Users :: SummaryKeyType
UsersQuota :: SummaryKeyType
VersionsPerPolicyQuota :: SummaryKeyType

-- | Contains information about an AWS access key.
--   
--   This data type is used as a response element in the
--   <tt>CreateAccessKey</tt> and <tt>ListAccessKeys</tt> operations.
--   
--   <i>See:</i> <a>accessKeyInfo</a> smart constructor.
data AccessKeyInfo

-- | Creates a value of <a>AccessKeyInfo</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>akiCreateDate</a> - The date when the access key was
--   created.</li>
--   <li><a>akiUserName</a> - The name of the IAM user that the access key
--   is associated with.</li>
--   <li><a>akiAccessKeyId</a> - The ID for this access key.</li>
--   <li><a>akiStatus</a> - The status of the access key. <tt>Active</tt>
--   means that the key is valid for API calls, while <tt>Inactive</tt>
--   means it is not.</li>
--   <li><a>akiSecretAccessKey</a> - The secret key used to sign
--   requests.</li>
--   </ul>
accessKeyInfo :: Text -> AccessKey -> StatusType -> Text -> AccessKeyInfo

-- | The date when the access key was created.
akiCreateDate :: Lens' AccessKeyInfo (Maybe UTCTime)

-- | The name of the IAM user that the access key is associated with.
akiUserName :: Lens' AccessKeyInfo Text

-- | The ID for this access key.
akiAccessKeyId :: Lens' AccessKeyInfo AccessKey

-- | The status of the access key. <tt>Active</tt> means that the key is
--   valid for API calls, while <tt>Inactive</tt> means it is not.
akiStatus :: Lens' AccessKeyInfo StatusType

-- | The secret key used to sign requests.
akiSecretAccessKey :: Lens' AccessKeyInfo Text

-- | Contains information about the last time an AWS access key was used.
--   
--   This data type is used as a response element in the
--   <tt>GetAccessKeyLastUsed</tt> operation.
--   
--   <i>See:</i> <a>accessKeyLastUsed</a> smart constructor.
data AccessKeyLastUsed

-- | Creates a value of <a>AccessKeyLastUsed</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>akluLastUsedDate</a> - The date and time, in <a>ISO 8601
--   date-time format</a> , when the access key was most recently used.
--   This field is null in the following situations: * The user does not
--   have an access key. * An access key exists but has never been used, at
--   least not since IAM started tracking this information on April 22nd,
--   2015. * There is no sign-in data associated with the user</li>
--   <li><a>akluServiceName</a> - The name of the AWS service with which
--   this access key was most recently used. This field displays "N/A" in
--   the following situations: * The user does not have an access key. * An
--   access key exists but has never been used, at least not since IAM
--   started tracking this information on April 22nd, 2015. * There is no
--   sign-in data associated with the user</li>
--   <li><a>akluRegion</a> - The AWS region where this access key was most
--   recently used. This field is displays "N<i>A" in the following
--   situations: * The user does not have an access key. * An access key
--   exists but has never been used, at least not since IAM started
--   tracking this information on April 22nd, 2015. * There is no sign-in
--   data associated with the user For more information about AWS regions,
--   see
--   &lt;http:</i><i>docs.aws.amazon.com</i>general<i>latest</i>gr/rande.html
--   Regions and Endpoints&gt; in the Amazon Web Services General
--   Reference.</li>
--   </ul>
accessKeyLastUsed :: UTCTime -> Text -> Text -> AccessKeyLastUsed

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   access key was most recently used. This field is null in the following
--   situations: * The user does not have an access key. * An access key
--   exists but has never been used, at least not since IAM started
--   tracking this information on April 22nd, 2015. * There is no sign-in
--   data associated with the user
akluLastUsedDate :: Lens' AccessKeyLastUsed UTCTime

-- | The name of the AWS service with which this access key was most
--   recently used. This field displays "N/A" in the following situations:
--   * The user does not have an access key. * An access key exists but has
--   never been used, at least not since IAM started tracking this
--   information on April 22nd, 2015. * There is no sign-in data associated
--   with the user
akluServiceName :: Lens' AccessKeyLastUsed Text

-- | The AWS region where this access key was most recently used. This
--   field is displays "N<i>A" in the following situations: * The user does
--   not have an access key. * An access key exists but has never been
--   used, at least not since IAM started tracking this information on
--   April 22nd, 2015. * There is no sign-in data associated with the user
--   For more information about AWS regions, see
--   &lt;http:</i><i>docs.aws.amazon.com</i>general<i>latest</i>gr/rande.html
--   Regions and Endpoints&gt; in the Amazon Web Services General
--   Reference.
akluRegion :: Lens' AccessKeyLastUsed Text

-- | Contains information about an AWS access key, without its secret key.
--   
--   This data type is used as a response element in the
--   <tt>ListAccessKeys</tt> operation.
--   
--   <i>See:</i> <a>accessKeyMetadata</a> smart constructor.
data AccessKeyMetadata

-- | Creates a value of <a>AccessKeyMetadata</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>akmStatus</a> - The status of the access key. <tt>Active</tt>
--   means the key is valid for API calls; <tt>Inactive</tt> means it is
--   not.</li>
--   <li><a>akmCreateDate</a> - The date when the access key was
--   created.</li>
--   <li><a>akmUserName</a> - The name of the IAM user that the key is
--   associated with.</li>
--   <li><a>akmAccessKeyId</a> - The ID for this access key.</li>
--   </ul>
accessKeyMetadata :: AccessKeyMetadata

-- | The status of the access key. <tt>Active</tt> means the key is valid
--   for API calls; <tt>Inactive</tt> means it is not.
akmStatus :: Lens' AccessKeyMetadata (Maybe StatusType)

-- | The date when the access key was created.
akmCreateDate :: Lens' AccessKeyMetadata (Maybe UTCTime)

-- | The name of the IAM user that the key is associated with.
akmUserName :: Lens' AccessKeyMetadata (Maybe Text)

-- | The ID for this access key.
akmAccessKeyId :: Lens' AccessKeyMetadata (Maybe AccessKey)

-- | Contains information about an attached policy.
--   
--   An attached policy is a managed policy that has been attached to a
--   user, group, or role. This data type is used as a response element in
--   the <tt>ListAttachedGroupPolicies</tt> ,
--   <tt>ListAttachedRolePolicies</tt> , <tt>ListAttachedUserPolicies</tt>
--   , and <tt>GetAccountAuthorizationDetails</tt> operations.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>attachedPolicy</a> smart constructor.
data AttachedPolicy

-- | Creates a value of <a>AttachedPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>apPolicyName</a> - The friendly name of the attached
--   policy.</li>
--   <li><a>apPolicyARN</a> - Undocumented member.</li>
--   </ul>
attachedPolicy :: AttachedPolicy

-- | The friendly name of the attached policy.
apPolicyName :: Lens' AttachedPolicy (Maybe Text)

-- | Undocumented member.
apPolicyARN :: Lens' AttachedPolicy (Maybe Text)

-- | Contains information about a condition context key. It includes the
--   name of the key and specifies the value (or values, if the context key
--   supports multiple values) to use in the simulation. This information
--   is used when evaluating the <tt>Condition</tt> elements of the input
--   policies.
--   
--   This data type is used as an input parameter to
--   <tt><tt>SimulateCustomPolicy</tt> </tt> and
--   <tt><tt>SimulateCustomPolicy</tt> </tt> .
--   
--   <i>See:</i> <a>contextEntry</a> smart constructor.
data ContextEntry

-- | Creates a value of <a>ContextEntry</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ceContextKeyValues</a> - The value (or values, if the condition
--   context key supports multiple values) to provide to the simulation
--   when the key is referenced by a <tt>Condition</tt> element in an input
--   policy.</li>
--   <li><a>ceContextKeyName</a> - The full name of a condition context
--   key, including the service prefix. For example, <tt>aws:SourceIp</tt>
--   or <tt>s3:VersionId</tt> .</li>
--   <li><a>ceContextKeyType</a> - The data type of the value (or values)
--   specified in the <tt>ContextKeyValues</tt> parameter.</li>
--   </ul>
contextEntry :: ContextEntry

-- | The value (or values, if the condition context key supports multiple
--   values) to provide to the simulation when the key is referenced by a
--   <tt>Condition</tt> element in an input policy.
ceContextKeyValues :: Lens' ContextEntry [Text]

-- | The full name of a condition context key, including the service
--   prefix. For example, <tt>aws:SourceIp</tt> or <tt>s3:VersionId</tt> .
ceContextKeyName :: Lens' ContextEntry (Maybe Text)

-- | The data type of the value (or values) specified in the
--   <tt>ContextKeyValues</tt> parameter.
ceContextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum)

-- | The reason that the service-linked role deletion failed.
--   
--   This data type is used as a response element in the
--   <tt>GetServiceLinkedRoleDeletionStatus</tt> operation.
--   
--   <i>See:</i> <a>deletionTaskFailureReasonType</a> smart constructor.
data DeletionTaskFailureReasonType

-- | Creates a value of <a>DeletionTaskFailureReasonType</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dtfrtRoleUsageList</a> - A list of objects that contains
--   details about the service-linked role deletion failure, if that
--   information is returned by the service. If the service-linked role has
--   active sessions or if any resources that were used by the role have
--   not been deleted from the linked service, the role can't be deleted.
--   This parameter includes a list of the resources that are associated
--   with the role and the region in which the resources are being
--   used.</li>
--   <li><a>dtfrtReason</a> - A short description of the reason that the
--   service-linked role deletion failed.</li>
--   </ul>
deletionTaskFailureReasonType :: DeletionTaskFailureReasonType

-- | A list of objects that contains details about the service-linked role
--   deletion failure, if that information is returned by the service. If
--   the service-linked role has active sessions or if any resources that
--   were used by the role have not been deleted from the linked service,
--   the role can't be deleted. This parameter includes a list of the
--   resources that are associated with the role and the region in which
--   the resources are being used.
dtfrtRoleUsageList :: Lens' DeletionTaskFailureReasonType [RoleUsageType]

-- | A short description of the reason that the service-linked role
--   deletion failed.
dtfrtReason :: Lens' DeletionTaskFailureReasonType (Maybe Text)

-- | Contains the results of a simulation.
--   
--   This data type is used by the return parameter of
--   <tt><tt>SimulateCustomPolicy</tt> </tt> and
--   <tt><tt>SimulatePrincipalPolicy</tt> </tt> .
--   
--   <i>See:</i> <a>evaluationResult</a> smart constructor.
data EvaluationResult

-- | Creates a value of <a>EvaluationResult</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>erMatchedStatements</a> - A list of the statements in the input
--   policies that determine the result for this scenario. Remember that
--   even if multiple statements allow the operation on the resource, if
--   only one statement denies that operation, then the explicit deny
--   overrides any allow, and the deny statement is the only entry included
--   in the result.</li>
--   <li><a>erEvalDecisionDetails</a> - Additional details about the
--   results of the evaluation decision. When there are both IAM policies
--   and resource policies, this parameter explains how each set of
--   policies contributes to the final evaluation decision. When simulating
--   cross-account access to a resource, both the resource-based policy and
--   the caller's IAM policy must grant access. See <a>How IAM Roles Differ
--   from Resource-based Policies</a></li>
--   <li><a>erResourceSpecificResults</a> - The individual results of the
--   simulation of the API operation specified in EvalActionName on each
--   resource.</li>
--   <li><a>erEvalResourceName</a> - The ARN of the resource that the
--   indicated API operation was tested on.</li>
--   <li><a>erMissingContextValues</a> - A list of context keys that are
--   required by the included input policies but that were not provided by
--   one of the input parameters. This list is used when the resource in a
--   simulation is "*", either explicitly, or when the
--   <tt>ResourceArns</tt> parameter blank. If you include a list of
--   resources, then any missing context values are instead included under
--   the <tt>ResourceSpecificResults</tt> section. To discover the context
--   keys used by a set of policies, you can call
--   <tt>GetContextKeysForCustomPolicy</tt> or
--   <tt>GetContextKeysForPrincipalPolicy</tt> .</li>
--   <li><a>erOrganizationsDecisionDetail</a> - A structure that details
--   how AWS Organizations and its service control policies affect the
--   results of the simulation. Only applies if the simulated user's
--   account is part of an organization.</li>
--   <li><a>erEvalActionName</a> - The name of the API operation tested on
--   the indicated resource.</li>
--   <li><a>erEvalDecision</a> - The result of the simulation.</li>
--   </ul>
evaluationResult :: Text -> PolicyEvaluationDecisionType -> EvaluationResult

-- | A list of the statements in the input policies that determine the
--   result for this scenario. Remember that even if multiple statements
--   allow the operation on the resource, if only one statement denies that
--   operation, then the explicit deny overrides any allow, and the deny
--   statement is the only entry included in the result.
erMatchedStatements :: Lens' EvaluationResult [Statement]

-- | Additional details about the results of the evaluation decision. When
--   there are both IAM policies and resource policies, this parameter
--   explains how each set of policies contributes to the final evaluation
--   decision. When simulating cross-account access to a resource, both the
--   resource-based policy and the caller's IAM policy must grant access.
--   See <a>How IAM Roles Differ from Resource-based Policies</a>
erEvalDecisionDetails :: Lens' EvaluationResult (HashMap Text PolicyEvaluationDecisionType)

-- | The individual results of the simulation of the API operation
--   specified in EvalActionName on each resource.
erResourceSpecificResults :: Lens' EvaluationResult [ResourceSpecificResult]

-- | The ARN of the resource that the indicated API operation was tested
--   on.
erEvalResourceName :: Lens' EvaluationResult (Maybe Text)

-- | A list of context keys that are required by the included input
--   policies but that were not provided by one of the input parameters.
--   This list is used when the resource in a simulation is "*", either
--   explicitly, or when the <tt>ResourceArns</tt> parameter blank. If you
--   include a list of resources, then any missing context values are
--   instead included under the <tt>ResourceSpecificResults</tt> section.
--   To discover the context keys used by a set of policies, you can call
--   <tt>GetContextKeysForCustomPolicy</tt> or
--   <tt>GetContextKeysForPrincipalPolicy</tt> .
erMissingContextValues :: Lens' EvaluationResult [Text]

-- | A structure that details how AWS Organizations and its service control
--   policies affect the results of the simulation. Only applies if the
--   simulated user's account is part of an organization.
erOrganizationsDecisionDetail :: Lens' EvaluationResult (Maybe OrganizationsDecisionDetail)

-- | The name of the API operation tested on the indicated resource.
erEvalActionName :: Lens' EvaluationResult Text

-- | The result of the simulation.
erEvalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType

-- | Contains the response to a successful
--   <tt>GetContextKeysForPrincipalPolicy</tt> or
--   <tt>GetContextKeysForCustomPolicy</tt> request.
--   
--   <i>See:</i> <a>getContextKeysForPolicyResponse</a> smart constructor.
data GetContextKeysForPolicyResponse

-- | Creates a value of <a>GetContextKeysForPolicyResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gckfpContextKeyNames</a> - The list of context keys that are
--   referenced in the input policies.</li>
--   </ul>
getContextKeysForPolicyResponse :: GetContextKeysForPolicyResponse

-- | The list of context keys that are referenced in the input policies.
gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text]

-- | Contains information about an IAM group entity.
--   
--   This data type is used as a response element in the following
--   operations:
--   
--   <ul>
--   <li><tt>CreateGroup</tt></li>
--   <li><tt>GetGroup</tt></li>
--   <li><tt>ListGroups</tt></li>
--   </ul>
--   
--   <i>See:</i> <a>group'</a> smart constructor.
data Group

-- | Creates a value of <a>Group</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gPath</a> - The path to the group. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>gGroupName</a> - The friendly name that identifies the
--   group.</li>
--   <li><a>gGroupId</a> - The stable and unique string identifying the
--   group. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>gARN</a> - The Amazon Resource Name (ARN) specifying the group.
--   For more information about ARNs and how to use them in policies, see
--   <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>gCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the group was created.</li>
--   </ul>
group' :: Text -> Text -> Text -> Text -> UTCTime -> Group

-- | The path to the group. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
gPath :: Lens' Group Text

-- | The friendly name that identifies the group.
gGroupName :: Lens' Group Text

-- | The stable and unique string identifying the group. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
gGroupId :: Lens' Group Text

-- | The Amazon Resource Name (ARN) specifying the group. For more
--   information about ARNs and how to use them in policies, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
gARN :: Lens' Group Text

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   group was created.
gCreateDate :: Lens' Group UTCTime

-- | Contains information about an IAM group, including all of the group's
--   policies.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountAuthorizationDetails</tt> operation.
--   
--   <i>See:</i> <a>groupDetail</a> smart constructor.
data GroupDetail

-- | Creates a value of <a>GroupDetail</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gdARN</a> - Undocumented member.</li>
--   <li><a>gdPath</a> - The path to the group. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>gdCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the group was created.</li>
--   <li><a>gdGroupId</a> - The stable and unique string identifying the
--   group. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>gdGroupPolicyList</a> - A list of the inline policies embedded
--   in the group.</li>
--   <li><a>gdGroupName</a> - The friendly name that identifies the
--   group.</li>
--   <li><a>gdAttachedManagedPolicies</a> - A list of the managed policies
--   attached to the group.</li>
--   </ul>
groupDetail :: GroupDetail

-- | Undocumented member.
gdARN :: Lens' GroupDetail (Maybe Text)

-- | The path to the group. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
gdPath :: Lens' GroupDetail (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   group was created.
gdCreateDate :: Lens' GroupDetail (Maybe UTCTime)

-- | The stable and unique string identifying the group. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
gdGroupId :: Lens' GroupDetail (Maybe Text)

-- | A list of the inline policies embedded in the group.
gdGroupPolicyList :: Lens' GroupDetail [PolicyDetail]

-- | The friendly name that identifies the group.
gdGroupName :: Lens' GroupDetail (Maybe Text)

-- | A list of the managed policies attached to the group.
gdAttachedManagedPolicies :: Lens' GroupDetail [AttachedPolicy]

-- | Contains information about an instance profile.
--   
--   This data type is used as a response element in the following
--   operations:
--   
--   <ul>
--   <li><tt>CreateInstanceProfile</tt></li>
--   <li><tt>GetInstanceProfile</tt></li>
--   <li><tt>ListInstanceProfiles</tt></li>
--   <li><tt>ListInstanceProfilesForRole</tt></li>
--   </ul>
--   
--   <i>See:</i> <a>instanceProfile</a> smart constructor.
data InstanceProfile

-- | Creates a value of <a>InstanceProfile</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipPath</a> - The path to the instance profile. For more
--   information about paths, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.</li>
--   <li><a>ipInstanceProfileName</a> - The name identifying the instance
--   profile.</li>
--   <li><a>ipInstanceProfileId</a> - The stable and unique string
--   identifying the instance profile. For more information about IDs, see
--   <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>ipARN</a> - The Amazon Resource Name (ARN) specifying the
--   instance profile. For more information about ARNs and how to use them
--   in policies, see <a>IAM Identifiers</a> in the <i>Using IAM</i>
--   guide.</li>
--   <li><a>ipCreateDate</a> - The date when the instance profile was
--   created.</li>
--   <li><a>ipRoles</a> - The role associated with the instance
--   profile.</li>
--   </ul>
instanceProfile :: Text -> Text -> Text -> Text -> UTCTime -> InstanceProfile

-- | The path to the instance profile. For more information about paths,
--   see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.
ipPath :: Lens' InstanceProfile Text

-- | The name identifying the instance profile.
ipInstanceProfileName :: Lens' InstanceProfile Text

-- | The stable and unique string identifying the instance profile. For
--   more information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
ipInstanceProfileId :: Lens' InstanceProfile Text

-- | The Amazon Resource Name (ARN) specifying the instance profile. For
--   more information about ARNs and how to use them in policies, see
--   <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.
ipARN :: Lens' InstanceProfile Text

-- | The date when the instance profile was created.
ipCreateDate :: Lens' InstanceProfile UTCTime

-- | The role associated with the instance profile.
ipRoles :: Lens' InstanceProfile [Role]

-- | Contains the user name and password create date for a user.
--   
--   This data type is used as a response element in the
--   <tt>CreateLoginProfile</tt> and <tt>GetLoginProfile</tt> operations.
--   
--   <i>See:</i> <a>loginProfile</a> smart constructor.
data LoginProfile

-- | Creates a value of <a>LoginProfile</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lpPasswordResetRequired</a> - Specifies whether the user is
--   required to set a new password on next sign-in.</li>
--   <li><a>lpUserName</a> - The name of the user, which can be used for
--   signing in to the AWS Management Console.</li>
--   <li><a>lpCreateDate</a> - The date when the password for the user was
--   created.</li>
--   </ul>
loginProfile :: Text -> UTCTime -> LoginProfile

-- | Specifies whether the user is required to set a new password on next
--   sign-in.
lpPasswordResetRequired :: Lens' LoginProfile (Maybe Bool)

-- | The name of the user, which can be used for signing in to the AWS
--   Management Console.
lpUserName :: Lens' LoginProfile Text

-- | The date when the password for the user was created.
lpCreateDate :: Lens' LoginProfile UTCTime

-- | Contains information about an MFA device.
--   
--   This data type is used as a response element in the
--   <tt>ListMFADevices</tt> operation.
--   
--   <i>See:</i> <a>mfaDevice</a> smart constructor.
data MFADevice

-- | Creates a value of <a>MFADevice</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>mdUserName</a> - The user with whom the MFA device is
--   associated.</li>
--   <li><a>mdSerialNumber</a> - The serial number that uniquely identifies
--   the MFA device. For virtual MFA devices, the serial number is the
--   device ARN.</li>
--   <li><a>mdEnableDate</a> - The date when the MFA device was enabled for
--   the user.</li>
--   </ul>
mfaDevice :: Text -> Text -> UTCTime -> MFADevice

-- | The user with whom the MFA device is associated.
mdUserName :: Lens' MFADevice Text

-- | The serial number that uniquely identifies the MFA device. For virtual
--   MFA devices, the serial number is the device ARN.
mdSerialNumber :: Lens' MFADevice Text

-- | The date when the MFA device was enabled for the user.
mdEnableDate :: Lens' MFADevice UTCTime

-- | Contains information about a managed policy, including the policy's
--   ARN, versions, and the number of principal entities (users, groups,
--   and roles) that the policy is attached to.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountAuthorizationDetails</tt> operation.
--   
--   For more information about managed policies, see <a>Managed Policies
--   and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>managedPolicyDetail</a> smart constructor.
data ManagedPolicyDetail

-- | Creates a value of <a>ManagedPolicyDetail</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>mpdPolicyName</a> - The friendly name (not ARN) identifying the
--   policy.</li>
--   <li><a>mpdARN</a> - Undocumented member.</li>
--   <li><a>mpdUpdateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the policy was last updated. When a policy has only
--   one version, this field contains the date and time when the policy was
--   created. When a policy has more than one version, this field contains
--   the date and time when the most recent policy version was
--   created.</li>
--   <li><a>mpdPolicyId</a> - The stable and unique string identifying the
--   policy. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>mpdPath</a> - The path to the policy. For more information
--   about paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i>
--   guide.</li>
--   <li><a>mpdPolicyVersionList</a> - A list containing information about
--   the versions of the policy.</li>
--   <li><a>mpdCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the policy was created.</li>
--   <li><a>mpdIsAttachable</a> - Specifies whether the policy can be
--   attached to an IAM user, group, or role.</li>
--   <li><a>mpdDefaultVersionId</a> - The identifier for the version of the
--   policy that is set as the default (operative) version. For more
--   information about policy versions, see <a>Versioning for Managed
--   Policies</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>mpdAttachmentCount</a> - The number of principal entities
--   (users, groups, and roles) that the policy is attached to.</li>
--   <li><a>mpdDescription</a> - A friendly description of the policy.</li>
--   </ul>
managedPolicyDetail :: ManagedPolicyDetail

-- | The friendly name (not ARN) identifying the policy.
mpdPolicyName :: Lens' ManagedPolicyDetail (Maybe Text)

-- | Undocumented member.
mpdARN :: Lens' ManagedPolicyDetail (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   policy was last updated. When a policy has only one version, this
--   field contains the date and time when the policy was created. When a
--   policy has more than one version, this field contains the date and
--   time when the most recent policy version was created.
mpdUpdateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)

-- | The stable and unique string identifying the policy. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
mpdPolicyId :: Lens' ManagedPolicyDetail (Maybe Text)

-- | The path to the policy. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
mpdPath :: Lens' ManagedPolicyDetail (Maybe Text)

-- | A list containing information about the versions of the policy.
mpdPolicyVersionList :: Lens' ManagedPolicyDetail [PolicyVersion]

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   policy was created.
mpdCreateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)

-- | Specifies whether the policy can be attached to an IAM user, group, or
--   role.
mpdIsAttachable :: Lens' ManagedPolicyDetail (Maybe Bool)

-- | The identifier for the version of the policy that is set as the
--   default (operative) version. For more information about policy
--   versions, see <a>Versioning for Managed Policies</a> in the <i>Using
--   IAM</i> guide.
mpdDefaultVersionId :: Lens' ManagedPolicyDetail (Maybe Text)

-- | The number of principal entities (users, groups, and roles) that the
--   policy is attached to.
mpdAttachmentCount :: Lens' ManagedPolicyDetail (Maybe Int)

-- | A friendly description of the policy.
mpdDescription :: Lens' ManagedPolicyDetail (Maybe Text)

-- | Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect
--   provider.
--   
--   <i>See:</i> <a>openIdConnectProviderListEntry</a> smart constructor.
data OpenIdConnectProviderListEntry

-- | Creates a value of <a>OpenIdConnectProviderListEntry</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>oicpleARN</a> - Undocumented member.</li>
--   </ul>
openIdConnectProviderListEntry :: OpenIdConnectProviderListEntry

-- | Undocumented member.
oicpleARN :: Lens' OpenIdConnectProviderListEntry (Maybe Text)

-- | Contains information about AWS Organizations's effect on a policy
--   simulation.
--   
--   <i>See:</i> <a>organizationsDecisionDetail</a> smart constructor.
data OrganizationsDecisionDetail

-- | Creates a value of <a>OrganizationsDecisionDetail</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>oddAllowedByOrganizations</a> - Specifies whether the simulated
--   operation is allowed by the AWS Organizations service control policies
--   that impact the simulated user's account.</li>
--   </ul>
organizationsDecisionDetail :: OrganizationsDecisionDetail

-- | Specifies whether the simulated operation is allowed by the AWS
--   Organizations service control policies that impact the simulated
--   user's account.
oddAllowedByOrganizations :: Lens' OrganizationsDecisionDetail (Maybe Bool)

-- | Contains information about the account password policy.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountPasswordPolicy</tt> operation.
--   
--   <i>See:</i> <a>passwordPolicy</a> smart constructor.
data PasswordPolicy

-- | Creates a value of <a>PasswordPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ppExpirePasswords</a> - Indicates whether passwords in the
--   account expire. Returns true if <tt>MaxPasswordAge</tt> contains a
--   value greater than 0. Returns false if MaxPasswordAge is 0 or not
--   present.</li>
--   <li><a>ppMinimumPasswordLength</a> - Minimum length to require for IAM
--   user passwords.</li>
--   <li><a>ppRequireNumbers</a> - Specifies whether to require numbers for
--   IAM user passwords.</li>
--   <li><a>ppPasswordReusePrevention</a> - Specifies the number of
--   previous passwords that IAM users are prevented from reusing.</li>
--   <li><a>ppRequireLowercaseCharacters</a> - Specifies whether to require
--   lowercase characters for IAM user passwords.</li>
--   <li><a>ppMaxPasswordAge</a> - The number of days that an IAM user
--   password is valid.</li>
--   <li><a>ppHardExpiry</a> - Specifies whether IAM users are prevented
--   from setting a new password after their password has expired.</li>
--   <li><a>ppRequireSymbols</a> - Specifies whether to require symbols for
--   IAM user passwords.</li>
--   <li><a>ppRequireUppercaseCharacters</a> - Specifies whether to require
--   uppercase characters for IAM user passwords.</li>
--   <li><a>ppAllowUsersToChangePassword</a> - Specifies whether IAM users
--   are allowed to change their own password.</li>
--   </ul>
passwordPolicy :: PasswordPolicy

-- | Indicates whether passwords in the account expire. Returns true if
--   <tt>MaxPasswordAge</tt> contains a value greater than 0. Returns false
--   if MaxPasswordAge is 0 or not present.
ppExpirePasswords :: Lens' PasswordPolicy (Maybe Bool)

-- | Minimum length to require for IAM user passwords.
ppMinimumPasswordLength :: Lens' PasswordPolicy (Maybe Natural)

-- | Specifies whether to require numbers for IAM user passwords.
ppRequireNumbers :: Lens' PasswordPolicy (Maybe Bool)

-- | Specifies the number of previous passwords that IAM users are
--   prevented from reusing.
ppPasswordReusePrevention :: Lens' PasswordPolicy (Maybe Natural)

-- | Specifies whether to require lowercase characters for IAM user
--   passwords.
ppRequireLowercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)

-- | The number of days that an IAM user password is valid.
ppMaxPasswordAge :: Lens' PasswordPolicy (Maybe Natural)

-- | Specifies whether IAM users are prevented from setting a new password
--   after their password has expired.
ppHardExpiry :: Lens' PasswordPolicy (Maybe Bool)

-- | Specifies whether to require symbols for IAM user passwords.
ppRequireSymbols :: Lens' PasswordPolicy (Maybe Bool)

-- | Specifies whether to require uppercase characters for IAM user
--   passwords.
ppRequireUppercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)

-- | Specifies whether IAM users are allowed to change their own password.
ppAllowUsersToChangePassword :: Lens' PasswordPolicy (Maybe Bool)

-- | Contains information about a managed policy.
--   
--   This data type is used as a response element in the
--   <tt>CreatePolicy</tt> , <tt>GetPolicy</tt> , and <tt>ListPolicies</tt>
--   operations.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>policy</a> smart constructor.
data Policy

-- | Creates a value of <a>Policy</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pPolicyName</a> - The friendly name (not ARN) identifying the
--   policy.</li>
--   <li><a>pARN</a> - Undocumented member.</li>
--   <li><a>pUpdateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the policy was last updated. When a policy has only
--   one version, this field contains the date and time when the policy was
--   created. When a policy has more than one version, this field contains
--   the date and time when the most recent policy version was
--   created.</li>
--   <li><a>pPolicyId</a> - The stable and unique string identifying the
--   policy. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>pPath</a> - The path to the policy. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>pCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the policy was created.</li>
--   <li><a>pIsAttachable</a> - Specifies whether the policy can be
--   attached to an IAM user, group, or role.</li>
--   <li><a>pDefaultVersionId</a> - The identifier for the version of the
--   policy that is set as the default version.</li>
--   <li><a>pAttachmentCount</a> - The number of entities (users, groups,
--   and roles) that the policy is attached to.</li>
--   <li><a>pDescription</a> - A friendly description of the policy. This
--   element is included in the response to the <tt>GetPolicy</tt>
--   operation. It is not included in the response to the
--   <tt>ListPolicies</tt> operation.</li>
--   </ul>
policy :: Policy

-- | The friendly name (not ARN) identifying the policy.
pPolicyName :: Lens' Policy (Maybe Text)

-- | Undocumented member.
pARN :: Lens' Policy (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   policy was last updated. When a policy has only one version, this
--   field contains the date and time when the policy was created. When a
--   policy has more than one version, this field contains the date and
--   time when the most recent policy version was created.
pUpdateDate :: Lens' Policy (Maybe UTCTime)

-- | The stable and unique string identifying the policy. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
pPolicyId :: Lens' Policy (Maybe Text)

-- | The path to the policy. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
pPath :: Lens' Policy (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   policy was created.
pCreateDate :: Lens' Policy (Maybe UTCTime)

-- | Specifies whether the policy can be attached to an IAM user, group, or
--   role.
pIsAttachable :: Lens' Policy (Maybe Bool)

-- | The identifier for the version of the policy that is set as the
--   default version.
pDefaultVersionId :: Lens' Policy (Maybe Text)

-- | The number of entities (users, groups, and roles) that the policy is
--   attached to.
pAttachmentCount :: Lens' Policy (Maybe Int)

-- | A friendly description of the policy. This element is included in the
--   response to the <tt>GetPolicy</tt> operation. It is not included in
--   the response to the <tt>ListPolicies</tt> operation.
pDescription :: Lens' Policy (Maybe Text)

-- | Contains information about an IAM policy, including the policy
--   document.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountAuthorizationDetails</tt> operation.
--   
--   <i>See:</i> <a>policyDetail</a> smart constructor.
data PolicyDetail

-- | Creates a value of <a>PolicyDetail</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pdPolicyDocument</a> - The policy document.</li>
--   <li><a>pdPolicyName</a> - The name of the policy.</li>
--   </ul>
policyDetail :: PolicyDetail

-- | The policy document.
pdPolicyDocument :: Lens' PolicyDetail (Maybe Text)

-- | The name of the policy.
pdPolicyName :: Lens' PolicyDetail (Maybe Text)

-- | Contains information about a group that a managed policy is attached
--   to.
--   
--   This data type is used as a response element in the
--   <tt>ListEntitiesForPolicy</tt> operation.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>policyGroup</a> smart constructor.
data PolicyGroup

-- | Creates a value of <a>PolicyGroup</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pgGroupId</a> - The stable and unique string identifying the
--   group. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>IAM User Guide</i> .</li>
--   <li><a>pgGroupName</a> - The name (friendly name, not ARN) identifying
--   the group.</li>
--   </ul>
policyGroup :: PolicyGroup

-- | The stable and unique string identifying the group. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>IAM User
--   Guide</i> .
pgGroupId :: Lens' PolicyGroup (Maybe Text)

-- | The name (friendly name, not ARN) identifying the group.
pgGroupName :: Lens' PolicyGroup (Maybe Text)

-- | Contains information about a role that a managed policy is attached
--   to.
--   
--   This data type is used as a response element in the
--   <tt>ListEntitiesForPolicy</tt> operation.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>policyRole</a> smart constructor.
data PolicyRole

-- | Creates a value of <a>PolicyRole</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>prRoleName</a> - The name (friendly name, not ARN) identifying
--   the role.</li>
--   <li><a>prRoleId</a> - The stable and unique string identifying the
--   role. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>IAM User Guide</i> .</li>
--   </ul>
policyRole :: PolicyRole

-- | The name (friendly name, not ARN) identifying the role.
prRoleName :: Lens' PolicyRole (Maybe Text)

-- | The stable and unique string identifying the role. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>IAM User
--   Guide</i> .
prRoleId :: Lens' PolicyRole (Maybe Text)

-- | Contains information about a user that a managed policy is attached
--   to.
--   
--   This data type is used as a response element in the
--   <tt>ListEntitiesForPolicy</tt> operation.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>policyUser</a> smart constructor.
data PolicyUser

-- | Creates a value of <a>PolicyUser</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>puUserName</a> - The name (friendly name, not ARN) identifying
--   the user.</li>
--   <li><a>puUserId</a> - The stable and unique string identifying the
--   user. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>IAM User Guide</i> .</li>
--   </ul>
policyUser :: PolicyUser

-- | The name (friendly name, not ARN) identifying the user.
puUserName :: Lens' PolicyUser (Maybe Text)

-- | The stable and unique string identifying the user. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>IAM User
--   Guide</i> .
puUserId :: Lens' PolicyUser (Maybe Text)

-- | Contains information about a version of a managed policy.
--   
--   This data type is used as a response element in the
--   <tt>CreatePolicyVersion</tt> , <tt>GetPolicyVersion</tt> ,
--   <tt>ListPolicyVersions</tt> , and
--   <tt>GetAccountAuthorizationDetails</tt> operations.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>policyVersion</a> smart constructor.
data PolicyVersion

-- | Creates a value of <a>PolicyVersion</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pvVersionId</a> - The identifier for the policy version. Policy
--   version identifiers always begin with <tt>v</tt> (always lowercase).
--   When a policy is created, the first policy version is <tt>v1</tt>
--   .</li>
--   <li><a>pvCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the policy version was created.</li>
--   <li><a>pvDocument</a> - The policy document. The policy document is
--   returned in the response to the <tt>GetPolicyVersion</tt> and
--   <tt>GetAccountAuthorizationDetails</tt> operations. It is not returned
--   in the response to the <tt>CreatePolicyVersion</tt> or
--   <tt>ListPolicyVersions</tt> operations. The policy document returned
--   in this structure is URL-encoded compliant with <a>RFC 3986</a> . You
--   can use a URL decoding method to convert the policy back to plain JSON
--   text. For example, if you use Java, you can use the <tt>decode</tt>
--   method of the <tt>java.net.URLDecoder</tt> utility class in the Java
--   SDK. Other languages and SDKs provide similar functionality.</li>
--   <li><a>pvIsDefaultVersion</a> - Specifies whether the policy version
--   is set as the policy's default version.</li>
--   </ul>
policyVersion :: PolicyVersion

-- | The identifier for the policy version. Policy version identifiers
--   always begin with <tt>v</tt> (always lowercase). When a policy is
--   created, the first policy version is <tt>v1</tt> .
pvVersionId :: Lens' PolicyVersion (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   policy version was created.
pvCreateDate :: Lens' PolicyVersion (Maybe UTCTime)

-- | The policy document. The policy document is returned in the response
--   to the <tt>GetPolicyVersion</tt> and
--   <tt>GetAccountAuthorizationDetails</tt> operations. It is not returned
--   in the response to the <tt>CreatePolicyVersion</tt> or
--   <tt>ListPolicyVersions</tt> operations. The policy document returned
--   in this structure is URL-encoded compliant with <a>RFC 3986</a> . You
--   can use a URL decoding method to convert the policy back to plain JSON
--   text. For example, if you use Java, you can use the <tt>decode</tt>
--   method of the <tt>java.net.URLDecoder</tt> utility class in the Java
--   SDK. Other languages and SDKs provide similar functionality.
pvDocument :: Lens' PolicyVersion (Maybe Text)

-- | Specifies whether the policy version is set as the policy's default
--   version.
pvIsDefaultVersion :: Lens' PolicyVersion (Maybe Bool)

-- | Contains the row and column of a location of a <tt>Statement</tt>
--   element in a policy document.
--   
--   This data type is used as a member of the <tt><a>Statement</a> </tt>
--   type.
--   
--   <i>See:</i> <a>position</a> smart constructor.
data Position

-- | Creates a value of <a>Position</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pLine</a> - The line containing the specified position in the
--   document.</li>
--   <li><a>pColumn</a> - The column in the line containing the specified
--   position in the document.</li>
--   </ul>
position :: Position

-- | The line containing the specified position in the document.
pLine :: Lens' Position (Maybe Int)

-- | The column in the line containing the specified position in the
--   document.
pColumn :: Lens' Position (Maybe Int)

-- | Contains the result of the simulation of a single API operation call
--   on a single resource.
--   
--   This data type is used by a member of the <a>EvaluationResult</a> data
--   type.
--   
--   <i>See:</i> <a>resourceSpecificResult</a> smart constructor.
data ResourceSpecificResult

-- | Creates a value of <a>ResourceSpecificResult</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rsrMatchedStatements</a> - A list of the statements in the
--   input policies that determine the result for this part of the
--   simulation. Remember that even if multiple statements allow the
--   operation on the resource, if <i>any</i> statement denies that
--   operation, then the explicit deny overrides any allow, and the deny
--   statement is the only entry included in the result.</li>
--   <li><a>rsrEvalDecisionDetails</a> - Additional details about the
--   results of the evaluation decision. When there are both IAM policies
--   and resource policies, this parameter explains how each set of
--   policies contributes to the final evaluation decision. When simulating
--   cross-account access to a resource, both the resource-based policy and
--   the caller's IAM policy must grant access.</li>
--   <li><a>rsrMissingContextValues</a> - A list of context keys that are
--   required by the included input policies but that were not provided by
--   one of the input parameters. This list is used when a list of ARNs is
--   included in the <tt>ResourceArns</tt> parameter instead of "*". If you
--   do not specify individual resources, by setting <tt>ResourceArns</tt>
--   to "*" or by not including the <tt>ResourceArns</tt> parameter, then
--   any missing context values are instead included under the
--   <tt>EvaluationResults</tt> section. To discover the context keys used
--   by a set of policies, you can call
--   <tt>GetContextKeysForCustomPolicy</tt> or
--   <tt>GetContextKeysForPrincipalPolicy</tt> .</li>
--   <li><a>rsrEvalResourceName</a> - The name of the simulated resource,
--   in Amazon Resource Name (ARN) format.</li>
--   <li><a>rsrEvalResourceDecision</a> - The result of the simulation of
--   the simulated API operation on the resource specified in
--   <tt>EvalResourceName</tt> .</li>
--   </ul>
resourceSpecificResult :: Text -> PolicyEvaluationDecisionType -> ResourceSpecificResult

-- | A list of the statements in the input policies that determine the
--   result for this part of the simulation. Remember that even if multiple
--   statements allow the operation on the resource, if <i>any</i>
--   statement denies that operation, then the explicit deny overrides any
--   allow, and the deny statement is the only entry included in the
--   result.
rsrMatchedStatements :: Lens' ResourceSpecificResult [Statement]

-- | Additional details about the results of the evaluation decision. When
--   there are both IAM policies and resource policies, this parameter
--   explains how each set of policies contributes to the final evaluation
--   decision. When simulating cross-account access to a resource, both the
--   resource-based policy and the caller's IAM policy must grant access.
rsrEvalDecisionDetails :: Lens' ResourceSpecificResult (HashMap Text PolicyEvaluationDecisionType)

-- | A list of context keys that are required by the included input
--   policies but that were not provided by one of the input parameters.
--   This list is used when a list of ARNs is included in the
--   <tt>ResourceArns</tt> parameter instead of "*". If you do not specify
--   individual resources, by setting <tt>ResourceArns</tt> to "*" or by
--   not including the <tt>ResourceArns</tt> parameter, then any missing
--   context values are instead included under the
--   <tt>EvaluationResults</tt> section. To discover the context keys used
--   by a set of policies, you can call
--   <tt>GetContextKeysForCustomPolicy</tt> or
--   <tt>GetContextKeysForPrincipalPolicy</tt> .
rsrMissingContextValues :: Lens' ResourceSpecificResult [Text]

-- | The name of the simulated resource, in Amazon Resource Name (ARN)
--   format.
rsrEvalResourceName :: Lens' ResourceSpecificResult Text

-- | The result of the simulation of the simulated API operation on the
--   resource specified in <tt>EvalResourceName</tt> .
rsrEvalResourceDecision :: Lens' ResourceSpecificResult PolicyEvaluationDecisionType

-- | Contains information about an IAM role. This structure is returned as
--   a response element in several API operations that interact with roles.
--   
--   <i>See:</i> <a>role'</a> smart constructor.
data Role

-- | Creates a value of <a>Role</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rMaxSessionDuration</a> - The maximum session duration (in
--   seconds) for the specified role. Anyone who uses the AWS CLI or API to
--   assume the role can specify the duration using the optional
--   <tt>DurationSeconds</tt> API parameter or <tt>duration-seconds</tt>
--   CLI parameter.</li>
--   <li><a>rAssumeRolePolicyDocument</a> - The policy that grants an
--   entity permission to assume the role.</li>
--   <li><a>rDescription</a> - A description of the role that you
--   provide.</li>
--   <li><a>rPath</a> - The path to the role. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>rRoleName</a> - The friendly name that identifies the
--   role.</li>
--   <li><a>rRoleId</a> - The stable and unique string identifying the
--   role. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>rARN</a> - The Amazon Resource Name (ARN) specifying the role.
--   For more information about ARNs and how to use them in policies, see
--   <a>IAM Identifiers</a> in the <i>IAM User Guide</i> guide.</li>
--   <li><a>rCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the role was created.</li>
--   </ul>
role' :: Text -> Text -> Text -> Text -> UTCTime -> Role

-- | The maximum session duration (in seconds) for the specified role.
--   Anyone who uses the AWS CLI or API to assume the role can specify the
--   duration using the optional <tt>DurationSeconds</tt> API parameter or
--   <tt>duration-seconds</tt> CLI parameter.
rMaxSessionDuration :: Lens' Role (Maybe Natural)

-- | The policy that grants an entity permission to assume the role.
rAssumeRolePolicyDocument :: Lens' Role (Maybe Text)

-- | A description of the role that you provide.
rDescription :: Lens' Role (Maybe Text)

-- | The path to the role. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
rPath :: Lens' Role Text

-- | The friendly name that identifies the role.
rRoleName :: Lens' Role Text

-- | The stable and unique string identifying the role. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
rRoleId :: Lens' Role Text

-- | The Amazon Resource Name (ARN) specifying the role. For more
--   information about ARNs and how to use them in policies, see <a>IAM
--   Identifiers</a> in the <i>IAM User Guide</i> guide.
rARN :: Lens' Role Text

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the role
--   was created.
rCreateDate :: Lens' Role UTCTime

-- | Contains information about an IAM role, including all of the role's
--   policies.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountAuthorizationDetails</tt> operation.
--   
--   <i>See:</i> <a>roleDetail</a> smart constructor.
data RoleDetail

-- | Creates a value of <a>RoleDetail</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rdAssumeRolePolicyDocument</a> - The trust policy that grants
--   permission to assume the role.</li>
--   <li><a>rdARN</a> - Undocumented member.</li>
--   <li><a>rdPath</a> - The path to the role. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>rdInstanceProfileList</a> - A list of instance profiles that
--   contain this role.</li>
--   <li><a>rdCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the role was created.</li>
--   <li><a>rdRoleName</a> - The friendly name that identifies the
--   role.</li>
--   <li><a>rdRoleId</a> - The stable and unique string identifying the
--   role. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>rdRolePolicyList</a> - A list of inline policies embedded in
--   the role. These policies are the role's access (permissions)
--   policies.</li>
--   <li><a>rdAttachedManagedPolicies</a> - A list of managed policies
--   attached to the role. These policies are the role's access
--   (permissions) policies.</li>
--   </ul>
roleDetail :: RoleDetail

-- | The trust policy that grants permission to assume the role.
rdAssumeRolePolicyDocument :: Lens' RoleDetail (Maybe Text)

-- | Undocumented member.
rdARN :: Lens' RoleDetail (Maybe Text)

-- | The path to the role. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
rdPath :: Lens' RoleDetail (Maybe Text)

-- | A list of instance profiles that contain this role.
rdInstanceProfileList :: Lens' RoleDetail [InstanceProfile]

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the role
--   was created.
rdCreateDate :: Lens' RoleDetail (Maybe UTCTime)

-- | The friendly name that identifies the role.
rdRoleName :: Lens' RoleDetail (Maybe Text)

-- | The stable and unique string identifying the role. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
rdRoleId :: Lens' RoleDetail (Maybe Text)

-- | A list of inline policies embedded in the role. These policies are the
--   role's access (permissions) policies.
rdRolePolicyList :: Lens' RoleDetail [PolicyDetail]

-- | A list of managed policies attached to the role. These policies are
--   the role's access (permissions) policies.
rdAttachedManagedPolicies :: Lens' RoleDetail [AttachedPolicy]

-- | An object that contains details about how a service-linked role is
--   used, if that information is returned by the service.
--   
--   This data type is used as a response element in the
--   <tt>GetServiceLinkedRoleDeletionStatus</tt> operation.
--   
--   <i>See:</i> <a>roleUsageType</a> smart constructor.
data RoleUsageType

-- | Creates a value of <a>RoleUsageType</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rutResources</a> - The name of the resource that is using the
--   service-linked role.</li>
--   <li><a>rutRegion</a> - The name of the region where the service-linked
--   role is being used.</li>
--   </ul>
roleUsageType :: RoleUsageType

-- | The name of the resource that is using the service-linked role.
rutResources :: Lens' RoleUsageType [Text]

-- | The name of the region where the service-linked role is being used.
rutRegion :: Lens' RoleUsageType (Maybe Text)

-- | Contains the list of SAML providers for this account.
--   
--   <i>See:</i> <a>sAMLProviderListEntry</a> smart constructor.
data SAMLProviderListEntry

-- | Creates a value of <a>SAMLProviderListEntry</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>samlpleARN</a> - The Amazon Resource Name (ARN) of the SAML
--   provider.</li>
--   <li><a>samlpleCreateDate</a> - The date and time when the SAML
--   provider was created.</li>
--   <li><a>samlpleValidUntil</a> - The expiration date and time for the
--   SAML provider.</li>
--   </ul>
sAMLProviderListEntry :: SAMLProviderListEntry

-- | The Amazon Resource Name (ARN) of the SAML provider.
samlpleARN :: Lens' SAMLProviderListEntry (Maybe Text)

-- | The date and time when the SAML provider was created.
samlpleCreateDate :: Lens' SAMLProviderListEntry (Maybe UTCTime)

-- | The expiration date and time for the SAML provider.
samlpleValidUntil :: Lens' SAMLProviderListEntry (Maybe UTCTime)

-- | Contains information about an SSH public key.
--   
--   This data type is used as a response element in the
--   <tt>GetSSHPublicKey</tt> and <tt>UploadSSHPublicKey</tt> operations.
--   
--   <i>See:</i> <a>sshPublicKey</a> smart constructor.
data SSHPublicKey

-- | Creates a value of <a>SSHPublicKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>spkUploadDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the SSH public key was uploaded.</li>
--   <li><a>spkUserName</a> - The name of the IAM user associated with the
--   SSH public key.</li>
--   <li><a>spkSSHPublicKeyId</a> - The unique identifier for the SSH
--   public key.</li>
--   <li><a>spkFingerprint</a> - The MD5 message digest of the SSH public
--   key.</li>
--   <li><a>spkSSHPublicKeyBody</a> - The SSH public key.</li>
--   <li><a>spkStatus</a> - The status of the SSH public key.
--   <tt>Active</tt> means that the key can be used for authentication with
--   an AWS CodeCommit repository. <tt>Inactive</tt> means that the key
--   cannot be used.</li>
--   </ul>
sshPublicKey :: Text -> Text -> Text -> Text -> StatusType -> SSHPublicKey

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the SSH
--   public key was uploaded.
spkUploadDate :: Lens' SSHPublicKey (Maybe UTCTime)

-- | The name of the IAM user associated with the SSH public key.
spkUserName :: Lens' SSHPublicKey Text

-- | The unique identifier for the SSH public key.
spkSSHPublicKeyId :: Lens' SSHPublicKey Text

-- | The MD5 message digest of the SSH public key.
spkFingerprint :: Lens' SSHPublicKey Text

-- | The SSH public key.
spkSSHPublicKeyBody :: Lens' SSHPublicKey Text

-- | The status of the SSH public key. <tt>Active</tt> means that the key
--   can be used for authentication with an AWS CodeCommit repository.
--   <tt>Inactive</tt> means that the key cannot be used.
spkStatus :: Lens' SSHPublicKey StatusType

-- | Contains information about an SSH public key, without the key's body
--   or fingerprint.
--   
--   This data type is used as a response element in the
--   <tt>ListSSHPublicKeys</tt> operation.
--   
--   <i>See:</i> <a>sshPublicKeyMetadata</a> smart constructor.
data SSHPublicKeyMetadata

-- | Creates a value of <a>SSHPublicKeyMetadata</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>spkmUserName</a> - The name of the IAM user associated with the
--   SSH public key.</li>
--   <li><a>spkmSSHPublicKeyId</a> - The unique identifier for the SSH
--   public key.</li>
--   <li><a>spkmStatus</a> - The status of the SSH public key.
--   <tt>Active</tt> means that the key can be used for authentication with
--   an AWS CodeCommit repository. <tt>Inactive</tt> means that the key
--   cannot be used.</li>
--   <li><a>spkmUploadDate</a> - The date and time, in <a>ISO 8601
--   date-time format</a> , when the SSH public key was uploaded.</li>
--   </ul>
sshPublicKeyMetadata :: Text -> Text -> StatusType -> UTCTime -> SSHPublicKeyMetadata

-- | The name of the IAM user associated with the SSH public key.
spkmUserName :: Lens' SSHPublicKeyMetadata Text

-- | The unique identifier for the SSH public key.
spkmSSHPublicKeyId :: Lens' SSHPublicKeyMetadata Text

-- | The status of the SSH public key. <tt>Active</tt> means that the key
--   can be used for authentication with an AWS CodeCommit repository.
--   <tt>Inactive</tt> means that the key cannot be used.
spkmStatus :: Lens' SSHPublicKeyMetadata StatusType

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the SSH
--   public key was uploaded.
spkmUploadDate :: Lens' SSHPublicKeyMetadata UTCTime

-- | Contains information about a server certificate.
--   
--   This data type is used as a response element in the
--   <tt>GetServerCertificate</tt> operation.
--   
--   <i>See:</i> <a>serverCertificate</a> smart constructor.
data ServerCertificate

-- | Creates a value of <a>ServerCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sCertificateChain</a> - The contents of the public key
--   certificate chain.</li>
--   <li><a>sServerCertificateMetadata</a> - The meta information of the
--   server certificate, such as its name, path, ID, and ARN.</li>
--   <li><a>sCertificateBody</a> - The contents of the public key
--   certificate.</li>
--   </ul>
serverCertificate :: ServerCertificateMetadata -> Text -> ServerCertificate

-- | The contents of the public key certificate chain.
sCertificateChain :: Lens' ServerCertificate (Maybe Text)

-- | The meta information of the server certificate, such as its name,
--   path, ID, and ARN.
sServerCertificateMetadata :: Lens' ServerCertificate ServerCertificateMetadata

-- | The contents of the public key certificate.
sCertificateBody :: Lens' ServerCertificate Text

-- | Contains information about a server certificate without its
--   certificate body, certificate chain, and private key.
--   
--   This data type is used as a response element in the
--   <tt>UploadServerCertificate</tt> and <tt>ListServerCertificates</tt>
--   operations.
--   
--   <i>See:</i> <a>serverCertificateMetadata</a> smart constructor.
data ServerCertificateMetadata

-- | Creates a value of <a>ServerCertificateMetadata</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>scmUploadDate</a> - The date when the server certificate was
--   uploaded.</li>
--   <li><a>scmExpiration</a> - The date on which the certificate is set to
--   expire.</li>
--   <li><a>scmPath</a> - The path to the server certificate. For more
--   information about paths, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.</li>
--   <li><a>scmServerCertificateName</a> - The name that identifies the
--   server certificate.</li>
--   <li><a>scmServerCertificateId</a> - The stable and unique string
--   identifying the server certificate. For more information about IDs,
--   see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>scmARN</a> - The Amazon Resource Name (ARN) specifying the
--   server certificate. For more information about ARNs and how to use
--   them in policies, see <a>IAM Identifiers</a> in the <i>Using IAM</i>
--   guide.</li>
--   </ul>
serverCertificateMetadata :: Text -> Text -> Text -> Text -> ServerCertificateMetadata

-- | The date when the server certificate was uploaded.
scmUploadDate :: Lens' ServerCertificateMetadata (Maybe UTCTime)

-- | The date on which the certificate is set to expire.
scmExpiration :: Lens' ServerCertificateMetadata (Maybe UTCTime)

-- | The path to the server certificate. For more information about paths,
--   see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.
scmPath :: Lens' ServerCertificateMetadata Text

-- | The name that identifies the server certificate.
scmServerCertificateName :: Lens' ServerCertificateMetadata Text

-- | The stable and unique string identifying the server certificate. For
--   more information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
scmServerCertificateId :: Lens' ServerCertificateMetadata Text

-- | The Amazon Resource Name (ARN) specifying the server certificate. For
--   more information about ARNs and how to use them in policies, see
--   <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.
scmARN :: Lens' ServerCertificateMetadata Text

-- | Contains the details of a service-specific credential.
--   
--   <i>See:</i> <a>serviceSpecificCredential</a> smart constructor.
data ServiceSpecificCredential

-- | Creates a value of <a>ServiceSpecificCredential</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sscCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the service-specific credential were created.</li>
--   <li><a>sscServiceName</a> - The name of the service associated with
--   the service-specific credential.</li>
--   <li><a>sscServiceUserName</a> - The generated user name for the
--   service-specific credential. This value is generated by combining the
--   IAM user's name combined with the ID number of the AWS account, as in
--   <tt>jane-at-123456789012</tt> , for example. This value cannot be
--   configured by the user.</li>
--   <li><a>sscServicePassword</a> - The generated password for the
--   service-specific credential.</li>
--   <li><a>sscServiceSpecificCredentialId</a> - The unique identifier for
--   the service-specific credential.</li>
--   <li><a>sscUserName</a> - The name of the IAM user associated with the
--   service-specific credential.</li>
--   <li><a>sscStatus</a> - The status of the service-specific credential.
--   <tt>Active</tt> means that the key is valid for API calls, while
--   <tt>Inactive</tt> means it is not.</li>
--   </ul>
serviceSpecificCredential :: UTCTime -> Text -> Text -> Text -> Text -> Text -> StatusType -> ServiceSpecificCredential

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   service-specific credential were created.
sscCreateDate :: Lens' ServiceSpecificCredential UTCTime

-- | The name of the service associated with the service-specific
--   credential.
sscServiceName :: Lens' ServiceSpecificCredential Text

-- | The generated user name for the service-specific credential. This
--   value is generated by combining the IAM user's name combined with the
--   ID number of the AWS account, as in <tt>jane-at-123456789012</tt> ,
--   for example. This value cannot be configured by the user.
sscServiceUserName :: Lens' ServiceSpecificCredential Text

-- | The generated password for the service-specific credential.
sscServicePassword :: Lens' ServiceSpecificCredential Text

-- | The unique identifier for the service-specific credential.
sscServiceSpecificCredentialId :: Lens' ServiceSpecificCredential Text

-- | The name of the IAM user associated with the service-specific
--   credential.
sscUserName :: Lens' ServiceSpecificCredential Text

-- | The status of the service-specific credential. <tt>Active</tt> means
--   that the key is valid for API calls, while <tt>Inactive</tt> means it
--   is not.
sscStatus :: Lens' ServiceSpecificCredential StatusType

-- | Contains additional details about a service-specific credential.
--   
--   <i>See:</i> <a>serviceSpecificCredentialMetadata</a> smart
--   constructor.
data ServiceSpecificCredentialMetadata

-- | Creates a value of <a>ServiceSpecificCredentialMetadata</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sscmUserName</a> - The name of the IAM user associated with the
--   service-specific credential.</li>
--   <li><a>sscmStatus</a> - The status of the service-specific credential.
--   <tt>Active</tt> means that the key is valid for API calls, while
--   <tt>Inactive</tt> means it is not.</li>
--   <li><a>sscmServiceUserName</a> - The generated user name for the
--   service-specific credential.</li>
--   <li><a>sscmCreateDate</a> - The date and time, in <a>ISO 8601
--   date-time format</a> , when the service-specific credential were
--   created.</li>
--   <li><a>sscmServiceSpecificCredentialId</a> - The unique identifier for
--   the service-specific credential.</li>
--   <li><a>sscmServiceName</a> - The name of the service associated with
--   the service-specific credential.</li>
--   </ul>
serviceSpecificCredentialMetadata :: Text -> StatusType -> Text -> UTCTime -> Text -> Text -> ServiceSpecificCredentialMetadata

-- | The name of the IAM user associated with the service-specific
--   credential.
sscmUserName :: Lens' ServiceSpecificCredentialMetadata Text

-- | The status of the service-specific credential. <tt>Active</tt> means
--   that the key is valid for API calls, while <tt>Inactive</tt> means it
--   is not.
sscmStatus :: Lens' ServiceSpecificCredentialMetadata StatusType

-- | The generated user name for the service-specific credential.
sscmServiceUserName :: Lens' ServiceSpecificCredentialMetadata Text

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   service-specific credential were created.
sscmCreateDate :: Lens' ServiceSpecificCredentialMetadata UTCTime

-- | The unique identifier for the service-specific credential.
sscmServiceSpecificCredentialId :: Lens' ServiceSpecificCredentialMetadata Text

-- | The name of the service associated with the service-specific
--   credential.
sscmServiceName :: Lens' ServiceSpecificCredentialMetadata Text

-- | Contains information about an X.509 signing certificate.
--   
--   This data type is used as a response element in the
--   <tt>UploadSigningCertificate</tt> and <tt>ListSigningCertificates</tt>
--   operations.
--   
--   <i>See:</i> <a>signingCertificate</a> smart constructor.
data SigningCertificate

-- | Creates a value of <a>SigningCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>scUploadDate</a> - The date when the signing certificate was
--   uploaded.</li>
--   <li><a>scUserName</a> - The name of the user the signing certificate
--   is associated with.</li>
--   <li><a>scCertificateId</a> - The ID for the signing certificate.</li>
--   <li><a>scCertificateBody</a> - The contents of the signing
--   certificate.</li>
--   <li><a>scStatus</a> - The status of the signing certificate.
--   <tt>Active</tt> means that the key is valid for API calls, while
--   <tt>Inactive</tt> means it is not.</li>
--   </ul>
signingCertificate :: Text -> Text -> Text -> StatusType -> SigningCertificate

-- | The date when the signing certificate was uploaded.
scUploadDate :: Lens' SigningCertificate (Maybe UTCTime)

-- | The name of the user the signing certificate is associated with.
scUserName :: Lens' SigningCertificate Text

-- | The ID for the signing certificate.
scCertificateId :: Lens' SigningCertificate Text

-- | The contents of the signing certificate.
scCertificateBody :: Lens' SigningCertificate Text

-- | The status of the signing certificate. <tt>Active</tt> means that the
--   key is valid for API calls, while <tt>Inactive</tt> means it is not.
scStatus :: Lens' SigningCertificate StatusType

-- | Contains the response to a successful <tt>SimulatePrincipalPolicy</tt>
--   or <tt>SimulateCustomPolicy</tt> request.
--   
--   <i>See:</i> <a>simulatePolicyResponse</a> smart constructor.
data SimulatePolicyResponse

-- | Creates a value of <a>SimulatePolicyResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>spEvaluationResults</a> - The results of the simulation.</li>
--   <li><a>spMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>spIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   </ul>
simulatePolicyResponse :: SimulatePolicyResponse

-- | The results of the simulation.
spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
spMarker :: Lens' SimulatePolicyResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)

-- | Contains a reference to a <tt>Statement</tt> element in a policy
--   document that determines the result of the simulation.
--   
--   This data type is used by the <tt>MatchedStatements</tt> member of the
--   <tt><a>EvaluationResult</a> </tt> type.
--   
--   <i>See:</i> <a>statement</a> smart constructor.
data Statement

-- | Creates a value of <a>Statement</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sSourcePolicyType</a> - The type of the policy.</li>
--   <li><a>sSourcePolicyId</a> - The identifier of the policy that was
--   provided as an input.</li>
--   <li><a>sEndPosition</a> - The row and column of the end of a
--   <tt>Statement</tt> in an IAM policy.</li>
--   <li><a>sStartPosition</a> - The row and column of the beginning of the
--   <tt>Statement</tt> in an IAM policy.</li>
--   </ul>
statement :: Statement

-- | The type of the policy.
sSourcePolicyType :: Lens' Statement (Maybe PolicySourceType)

-- | The identifier of the policy that was provided as an input.
sSourcePolicyId :: Lens' Statement (Maybe Text)

-- | The row and column of the end of a <tt>Statement</tt> in an IAM
--   policy.
sEndPosition :: Lens' Statement (Maybe Position)

-- | The row and column of the beginning of the <tt>Statement</tt> in an
--   IAM policy.
sStartPosition :: Lens' Statement (Maybe Position)

-- | Contains information about an IAM user entity.
--   
--   This data type is used as a response element in the following
--   operations:
--   
--   <ul>
--   <li><tt>CreateUser</tt></li>
--   <li><tt>GetUser</tt></li>
--   <li><tt>ListUsers</tt></li>
--   </ul>
--   
--   <i>See:</i> <a>user</a> smart constructor.
data User

-- | Creates a value of <a>User</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uPasswordLastUsed</a> - The date and time, in <a>ISO 8601
--   date-time format</a> , when the user's password was last used to sign
--   in to an AWS website. For a list of AWS websites that capture a user's
--   last sign-in time, see the <a>Credential Reports</a> topic in the
--   <i>Using IAM</i> guide. If a password is used more than once in a
--   five-minute span, only the first use is returned in this field. If the
--   field is null (no value) then it indicates that they never signed in
--   with a password. This can be because: * The user never had a password.
--   * A password exists but has not been used since IAM started tracking
--   this information on October 20th, 2014. A null does not mean that the
--   user <i>never</i> had a password. Also, if the user does not currently
--   have a password, but had one in the past, then this field contains the
--   date and time the most recent password was used. This value is
--   returned only in the <tt>GetUser</tt> and <tt>ListUsers</tt>
--   operations.</li>
--   <li><a>uPath</a> - The path to the user. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>uUserName</a> - The friendly name identifying the user.</li>
--   <li><a>uUserId</a> - The stable and unique string identifying the
--   user. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>uARN</a> - The Amazon Resource Name (ARN) that identifies the
--   user. For more information about ARNs and how to use ARNs in policies,
--   see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>uCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the user was created.</li>
--   </ul>
user :: Text -> Text -> Text -> Text -> UTCTime -> User

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   user's password was last used to sign in to an AWS website. For a list
--   of AWS websites that capture a user's last sign-in time, see the
--   <a>Credential Reports</a> topic in the <i>Using IAM</i> guide. If a
--   password is used more than once in a five-minute span, only the first
--   use is returned in this field. If the field is null (no value) then it
--   indicates that they never signed in with a password. This can be
--   because: * The user never had a password. * A password exists but has
--   not been used since IAM started tracking this information on October
--   20th, 2014. A null does not mean that the user <i>never</i> had a
--   password. Also, if the user does not currently have a password, but
--   had one in the past, then this field contains the date and time the
--   most recent password was used. This value is returned only in the
--   <tt>GetUser</tt> and <tt>ListUsers</tt> operations.
uPasswordLastUsed :: Lens' User (Maybe UTCTime)

-- | The path to the user. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
uPath :: Lens' User Text

-- | The friendly name identifying the user.
uUserName :: Lens' User Text

-- | The stable and unique string identifying the user. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
uUserId :: Lens' User Text

-- | The Amazon Resource Name (ARN) that identifies the user. For more
--   information about ARNs and how to use ARNs in policies, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
uARN :: Lens' User Text

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the user
--   was created.
uCreateDate :: Lens' User UTCTime

-- | Contains information about an IAM user, including all the user's
--   policies and all the IAM groups the user is in.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountAuthorizationDetails</tt> operation.
--   
--   <i>See:</i> <a>userDetail</a> smart constructor.
data UserDetail

-- | Creates a value of <a>UserDetail</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>udGroupList</a> - A list of IAM groups that the user is
--   in.</li>
--   <li><a>udARN</a> - Undocumented member.</li>
--   <li><a>udPath</a> - The path to the user. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>udCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the user was created.</li>
--   <li><a>udUserName</a> - The friendly name identifying the user.</li>
--   <li><a>udUserId</a> - The stable and unique string identifying the
--   user. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>udUserPolicyList</a> - A list of the inline policies embedded
--   in the user.</li>
--   <li><a>udAttachedManagedPolicies</a> - A list of the managed policies
--   attached to the user.</li>
--   </ul>
userDetail :: UserDetail

-- | A list of IAM groups that the user is in.
udGroupList :: Lens' UserDetail [Text]

-- | Undocumented member.
udARN :: Lens' UserDetail (Maybe Text)

-- | The path to the user. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
udPath :: Lens' UserDetail (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the user
--   was created.
udCreateDate :: Lens' UserDetail (Maybe UTCTime)

-- | The friendly name identifying the user.
udUserName :: Lens' UserDetail (Maybe Text)

-- | The stable and unique string identifying the user. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
udUserId :: Lens' UserDetail (Maybe Text)

-- | A list of the inline policies embedded in the user.
udUserPolicyList :: Lens' UserDetail [PolicyDetail]

-- | A list of the managed policies attached to the user.
udAttachedManagedPolicies :: Lens' UserDetail [AttachedPolicy]

-- | Contains information about a virtual MFA device.
--   
--   <i>See:</i> <a>virtualMFADevice</a> smart constructor.
data VirtualMFADevice

-- | Creates a value of <a>VirtualMFADevice</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>vmdQRCodePNG</a> - A QR code PNG image that encodes
--   <tt>otpauth:/<i>totp</i>$virtualMFADeviceName</tt>$AccountName?secret=$Base32String<tt>
--   where </tt>&gt; virtualMFADeviceName<tt> is one of the create call
--   arguments, </tt>AccountName<tt> is the user name if set (otherwise,
--   the account ID otherwise), and </tt>Base32String<tt> is the seed in
--   Base32 format. The </tt>Base32String@ value is Base64-encoded. --
--   <i>Note:</i> This <tt>Lens</tt> automatically encodes and decodes
--   Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.</li>
--   <li><a>vmdBase32StringSeed</a> - The Base32 seed defined as specified
--   in <a>RFC3548</a> . The <tt>Base32StringSeed</tt> is Base64-encoded.
--   -- <i>Note:</i> This <tt>Lens</tt> automatically encodes and decodes
--   Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.</li>
--   <li><a>vmdUser</a> - The IAM user associated with this virtual MFA
--   device.</li>
--   <li><a>vmdEnableDate</a> - The date and time on which the virtual MFA
--   device was enabled.</li>
--   <li><a>vmdSerialNumber</a> - The serial number associated with
--   <tt>VirtualMFADevice</tt> .</li>
--   </ul>
virtualMFADevice :: Text -> VirtualMFADevice

-- | A QR code PNG image that encodes
--   <tt>otpauth:/<i>totp</i>$virtualMFADeviceName</tt>$AccountName?secret=$Base32String<tt>
--   where </tt>&gt; virtualMFADeviceName<tt> is one of the create call
--   arguments, </tt>AccountName<tt> is the user name if set (otherwise,
--   the account ID otherwise), and </tt>Base32String<tt> is the seed in
--   Base32 format. The </tt>Base32String@ value is Base64-encoded. --
--   <i>Note:</i> This <tt>Lens</tt> automatically encodes and decodes
--   Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.
vmdQRCodePNG :: Lens' VirtualMFADevice (Maybe ByteString)

-- | The Base32 seed defined as specified in <a>RFC3548</a> . The
--   <tt>Base32StringSeed</tt> is Base64-encoded. -- <i>Note:</i> This
--   <tt>Lens</tt> automatically encodes and decodes Base64 data. The
--   underlying isomorphism will encode to Base64 representation during
--   serialisation, and decode from Base64 representation during
--   deserialisation. This <tt>Lens</tt> accepts and returns only raw
--   unencoded data.
vmdBase32StringSeed :: Lens' VirtualMFADevice (Maybe ByteString)

-- | The IAM user associated with this virtual MFA device.
vmdUser :: Lens' VirtualMFADevice (Maybe User)

-- | The date and time on which the virtual MFA device was enabled.
vmdEnableDate :: Lens' VirtualMFADevice (Maybe UTCTime)

-- | The serial number associated with <tt>VirtualMFADevice</tt> .
vmdSerialNumber :: Lens' VirtualMFADevice Text


-- | Simulate how a set of IAM policies attached to an IAM entity works
--   with a list of API operations and AWS resources to determine the
--   policies' effective permissions. The entity can be an IAM user, group,
--   or role. If you specify a user, then the simulation also includes all
--   of the policies that are attached to groups that the user belongs to.
--   
--   You can optionally include a list of one or more additional policies
--   specified as strings to include in the simulation. If you want to
--   simulate only policies specified as strings, use
--   <tt>SimulateCustomPolicy</tt> instead.
--   
--   You can also optionally include one resource-based policy to be
--   evaluated with each of the resources included in the simulation.
--   
--   The simulation does not perform the API operations, it only checks the
--   authorization to determine if the simulated policies allow or deny the
--   operations.
--   
--   <b>Note:</b> This API discloses information about the permissions
--   granted to other users. If you do not want users to see other user's
--   permissions, then consider allowing them to use
--   <tt>SimulateCustomPolicy</tt> instead.
--   
--   Context keys are variables maintained by AWS and its services that
--   provide details about the context of an API query request. You can use
--   the <tt>Condition</tt> element of an IAM policy to evaluate context
--   keys. To get the list of context keys that the policies require for
--   correct simulation, use <tt>GetContextKeysForPrincipalPolicy</tt> .
--   
--   If the output is long, you can use the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters to paginate the results.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.SimulatePrincipalPolicy

-- | Creates a value of <a>SimulatePrincipalPolicy</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sppPolicyInputList</a> - An optional list of additional policy
--   documents to include in the simulation. Each document is specified as
--   a string containing the complete, valid JSON text of an IAM policy.
--   The <a>regex pattern</a> used to validate this parameter is a string
--   of characters consisting of the following: * Any printable ASCII
--   character ranging from the space character (u0020) through the end of
--   the ASCII character range * The printable characters in the Basic
--   Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)</li>
--   <li><a>sppResourcePolicy</a> - A resource-based policy to include in
--   the simulation provided as a string. Each resource in the simulation
--   is treated as if it had this policy attached. You can include only one
--   resource-based policy in a simulation. The <a>regex pattern</a> used
--   to validate this parameter is a string of characters consisting of the
--   following: * Any printable ASCII character ranging from the space
--   character (u0020) through the end of the ASCII character range * The
--   printable characters in the Basic Latin and Latin-1 Supplement
--   character set (through u00FF) * The special characters tab (u0009),
--   line feed (u000A), and carriage return (u000D)</li>
--   <li><a>sppCallerARN</a> - The ARN of the IAM user that you want to
--   specify as the simulated caller of the API operations. If you do not
--   specify a <tt>CallerArn</tt> , it defaults to the ARN of the user that
--   you specify in <tt>PolicySourceArn</tt> , if you specified a user. If
--   you include both a <tt>PolicySourceArn</tt> (for example,
--   <tt>arn:aws:iam::123456789012:user/David</tt> ) and a
--   <tt>CallerArn</tt> (for example,
--   <tt>arn:aws:iam::123456789012:user/Bob</tt> ), the result is that you
--   simulate calling the API operations as Bob, as if Bob had David's
--   policies. You can specify only the ARN of an IAM user. You cannot
--   specify the ARN of an assumed role, federated user, or a service
--   principal. <tt>CallerArn</tt> is required if you include a
--   <tt>ResourcePolicy</tt> and the <tt>PolicySourceArn</tt> is not the
--   ARN for an IAM user. This is required so that the resource-based
--   policy's <tt>Principal</tt> element has a value to use in evaluating
--   the policy. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .</li>
--   <li><a>sppResourceHandlingOption</a> - Specifies the type of
--   simulation to run. Different API operations that support
--   resource-based policies require different combinations of resources.
--   By specifying the type of simulation to run, you enable the policy
--   simulator to enforce the presence of the required resources to ensure
--   reliable simulation results. If your simulation does not match one of
--   the following scenarios, then you can omit this parameter. The
--   following list shows each of the supported scenario values and the
--   resources that you must define to run the simulation. Each of the EC2
--   scenarios requires that you specify instance, image, and
--   security-group resources. If your scenario includes an EBS volume,
--   then you must specify that volume as a resource. If the EC2 scenario
--   includes VPC, then you must supply the network-interface resource. If
--   it includes an IP subnet, then you must specify the subnet resource.
--   For more information on the EC2 scenario options, see <a>Supported
--   Platforms</a> in the <i>Amazon EC2 User Guide</i> . *
--   <b>EC2-Classic-InstanceStore</b> instance, image, security-group *
--   <b>EC2-Classic-EBS</b> instance, image, security-group, volume *
--   <b>EC2-VPC-InstanceStore</b> instance, image, security-group,
--   network-interface * <b>EC2-VPC-InstanceStore-Subnet</b> instance,
--   image, security-group, network-interface, subnet * <b>EC2-VPC-EBS</b>
--   instance, image, security-group, network-interface, volume *
--   <b>EC2-VPC-EBS-Subnet</b> instance, image, security-group,
--   network-interface, subnet, volume</li>
--   <li><a>sppResourceARNs</a> - A list of ARNs of AWS resources to
--   include in the simulation. If this parameter is not provided, then the
--   value defaults to <tt>*</tt> (all resources). Each API in the
--   <tt>ActionNames</tt> parameter is evaluated for each resource in this
--   list. The simulation determines the access result (allowed or denied)
--   of each combination and reports it in the response. The simulation
--   does not automatically retrieve policies for the specified resources.
--   If you want to include a resource policy in the simulation, then you
--   must include the policy as a string in the <tt>ResourcePolicy</tt>
--   parameter. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .</li>
--   <li><a>sppMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>sppMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>sppContextEntries</a> - A list of context keys and
--   corresponding values for the simulation to use. Whenever a context key
--   is evaluated in one of the simulated IAM permission policies, the
--   corresponding value is supplied.</li>
--   <li><a>sppResourceOwner</a> - An AWS account ID that specifies the
--   owner of any simulated resource that does not identify its owner in
--   the resource ARN, such as an S3 bucket or object. If
--   <tt>ResourceOwner</tt> is specified, it is also used as the account
--   owner of any <tt>ResourcePolicy</tt> included in the simulation. If
--   the <tt>ResourceOwner</tt> parameter is not specified, then the owner
--   of the resources and the resource policy defaults to the account of
--   the identity provided in <tt>CallerArn</tt> . This parameter is
--   required only if you specify a resource-based policy and account that
--   owns the resource is different from the account that owns the
--   simulated calling user <tt>CallerArn</tt> .</li>
--   <li><a>sppPolicySourceARN</a> - The Amazon Resource Name (ARN) of a
--   user, group, or role whose policies you want to include in the
--   simulation. If you specify a user, group, or role, the simulation
--   includes all policies that are associated with that entity. If you
--   specify a user, the simulation also includes all policies that are
--   attached to any groups the user belongs to. For more information about
--   ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   <li><a>sppActionNames</a> - A list of names of API operations to
--   evaluate in the simulation. Each operation is evaluated for each
--   resource. Each operation must include the service identifier, such as
--   <tt>iam:CreateUser</tt> .</li>
--   </ul>
simulatePrincipalPolicy :: Text -> SimulatePrincipalPolicy

-- | <i>See:</i> <a>simulatePrincipalPolicy</a> smart constructor.
data SimulatePrincipalPolicy

-- | An optional list of additional policy documents to include in the
--   simulation. Each document is specified as a string containing the
--   complete, valid JSON text of an IAM policy. The <a>regex pattern</a>
--   used to validate this parameter is a string of characters consisting
--   of the following: * Any printable ASCII character ranging from the
--   space character (u0020) through the end of the ASCII character range *
--   The printable characters in the Basic Latin and Latin-1 Supplement
--   character set (through u00FF) * The special characters tab (u0009),
--   line feed (u000A), and carriage return (u000D)
sppPolicyInputList :: Lens' SimulatePrincipalPolicy [Text]

-- | A resource-based policy to include in the simulation provided as a
--   string. Each resource in the simulation is treated as if it had this
--   policy attached. You can include only one resource-based policy in a
--   simulation. The <a>regex pattern</a> used to validate this parameter
--   is a string of characters consisting of the following: * Any printable
--   ASCII character ranging from the space character (u0020) through the
--   end of the ASCII character range * The printable characters in the
--   Basic Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)
sppResourcePolicy :: Lens' SimulatePrincipalPolicy (Maybe Text)

-- | The ARN of the IAM user that you want to specify as the simulated
--   caller of the API operations. If you do not specify a
--   <tt>CallerArn</tt> , it defaults to the ARN of the user that you
--   specify in <tt>PolicySourceArn</tt> , if you specified a user. If you
--   include both a <tt>PolicySourceArn</tt> (for example,
--   <tt>arn:aws:iam::123456789012:user/David</tt> ) and a
--   <tt>CallerArn</tt> (for example,
--   <tt>arn:aws:iam::123456789012:user/Bob</tt> ), the result is that you
--   simulate calling the API operations as Bob, as if Bob had David's
--   policies. You can specify only the ARN of an IAM user. You cannot
--   specify the ARN of an assumed role, federated user, or a service
--   principal. <tt>CallerArn</tt> is required if you include a
--   <tt>ResourcePolicy</tt> and the <tt>PolicySourceArn</tt> is not the
--   ARN for an IAM user. This is required so that the resource-based
--   policy's <tt>Principal</tt> element has a value to use in evaluating
--   the policy. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .
sppCallerARN :: Lens' SimulatePrincipalPolicy (Maybe Text)

-- | Specifies the type of simulation to run. Different API operations that
--   support resource-based policies require different combinations of
--   resources. By specifying the type of simulation to run, you enable the
--   policy simulator to enforce the presence of the required resources to
--   ensure reliable simulation results. If your simulation does not match
--   one of the following scenarios, then you can omit this parameter. The
--   following list shows each of the supported scenario values and the
--   resources that you must define to run the simulation. Each of the EC2
--   scenarios requires that you specify instance, image, and
--   security-group resources. If your scenario includes an EBS volume,
--   then you must specify that volume as a resource. If the EC2 scenario
--   includes VPC, then you must supply the network-interface resource. If
--   it includes an IP subnet, then you must specify the subnet resource.
--   For more information on the EC2 scenario options, see <a>Supported
--   Platforms</a> in the <i>Amazon EC2 User Guide</i> . *
--   <b>EC2-Classic-InstanceStore</b> instance, image, security-group *
--   <b>EC2-Classic-EBS</b> instance, image, security-group, volume *
--   <b>EC2-VPC-InstanceStore</b> instance, image, security-group,
--   network-interface * <b>EC2-VPC-InstanceStore-Subnet</b> instance,
--   image, security-group, network-interface, subnet * <b>EC2-VPC-EBS</b>
--   instance, image, security-group, network-interface, volume *
--   <b>EC2-VPC-EBS-Subnet</b> instance, image, security-group,
--   network-interface, subnet, volume
sppResourceHandlingOption :: Lens' SimulatePrincipalPolicy (Maybe Text)

-- | A list of ARNs of AWS resources to include in the simulation. If this
--   parameter is not provided, then the value defaults to <tt>*</tt> (all
--   resources). Each API in the <tt>ActionNames</tt> parameter is
--   evaluated for each resource in this list. The simulation determines
--   the access result (allowed or denied) of each combination and reports
--   it in the response. The simulation does not automatically retrieve
--   policies for the specified resources. If you want to include a
--   resource policy in the simulation, then you must include the policy as
--   a string in the <tt>ResourcePolicy</tt> parameter. For more
--   information about ARNs, see <a>Amazon Resource Names (ARNs) and AWS
--   Service Namespaces</a> in the <i>AWS General Reference</i> .
sppResourceARNs :: Lens' SimulatePrincipalPolicy [Text]

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
sppMarker :: Lens' SimulatePrincipalPolicy (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
sppMaxItems :: Lens' SimulatePrincipalPolicy (Maybe Natural)

-- | A list of context keys and corresponding values for the simulation to
--   use. Whenever a context key is evaluated in one of the simulated IAM
--   permission policies, the corresponding value is supplied.
sppContextEntries :: Lens' SimulatePrincipalPolicy [ContextEntry]

-- | An AWS account ID that specifies the owner of any simulated resource
--   that does not identify its owner in the resource ARN, such as an S3
--   bucket or object. If <tt>ResourceOwner</tt> is specified, it is also
--   used as the account owner of any <tt>ResourcePolicy</tt> included in
--   the simulation. If the <tt>ResourceOwner</tt> parameter is not
--   specified, then the owner of the resources and the resource policy
--   defaults to the account of the identity provided in <tt>CallerArn</tt>
--   . This parameter is required only if you specify a resource-based
--   policy and account that owns the resource is different from the
--   account that owns the simulated calling user <tt>CallerArn</tt> .
sppResourceOwner :: Lens' SimulatePrincipalPolicy (Maybe Text)

-- | The Amazon Resource Name (ARN) of a user, group, or role whose
--   policies you want to include in the simulation. If you specify a user,
--   group, or role, the simulation includes all policies that are
--   associated with that entity. If you specify a user, the simulation
--   also includes all policies that are attached to any groups the user
--   belongs to. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .
sppPolicySourceARN :: Lens' SimulatePrincipalPolicy Text

-- | A list of names of API operations to evaluate in the simulation. Each
--   operation is evaluated for each resource. Each operation must include
--   the service identifier, such as <tt>iam:CreateUser</tt> .
sppActionNames :: Lens' SimulatePrincipalPolicy [Text]

-- | Creates a value of <a>SimulatePolicyResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>spEvaluationResults</a> - The results of the simulation.</li>
--   <li><a>spMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>spIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   </ul>
simulatePolicyResponse :: SimulatePolicyResponse

-- | Contains the response to a successful <tt>SimulatePrincipalPolicy</tt>
--   or <tt>SimulateCustomPolicy</tt> request.
--   
--   <i>See:</i> <a>simulatePolicyResponse</a> smart constructor.
data SimulatePolicyResponse

-- | The results of the simulation.
spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
spMarker :: Lens' SimulatePolicyResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)
instance GHC.Generics.Generic Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance Data.Data.Data Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance GHC.Show.Show Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance GHC.Read.Read Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance GHC.Classes.Eq Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance Data.Hashable.Class.Hashable Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.SimulatePrincipalPolicy.SimulatePrincipalPolicy


-- | Simulate how a set of IAM policies and optionally a resource-based
--   policy works with a list of API operations and AWS resources to
--   determine the policies' effective permissions. The policies are
--   provided as strings.
--   
--   The simulation does not perform the API operations; it only checks the
--   authorization to determine if the simulated policies allow or deny the
--   operations.
--   
--   If you want to simulate existing policies attached to an IAM user,
--   group, or role, use <tt>SimulatePrincipalPolicy</tt> instead.
--   
--   Context keys are variables maintained by AWS and its services that
--   provide details about the context of an API query request. You can use
--   the <tt>Condition</tt> element of an IAM policy to evaluate context
--   keys. To get the list of context keys that the policies require for
--   correct simulation, use <tt>GetContextKeysForCustomPolicy</tt> .
--   
--   If the output is long, you can use <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters to paginate the results.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.SimulateCustomPolicy

-- | Creates a value of <a>SimulateCustomPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>scpResourcePolicy</a> - A resource-based policy to include in
--   the simulation provided as a string. Each resource in the simulation
--   is treated as if it had this policy attached. You can include only one
--   resource-based policy in a simulation. The <a>regex pattern</a> used
--   to validate this parameter is a string of characters consisting of the
--   following: * Any printable ASCII character ranging from the space
--   character (u0020) through the end of the ASCII character range * The
--   printable characters in the Basic Latin and Latin-1 Supplement
--   character set (through u00FF) * The special characters tab (u0009),
--   line feed (u000A), and carriage return (u000D)</li>
--   <li><a>scpCallerARN</a> - The ARN of the IAM user that you want to use
--   as the simulated caller of the API operations. <tt>CallerArn</tt> is
--   required if you include a <tt>ResourcePolicy</tt> so that the policy's
--   <tt>Principal</tt> element has a value to use in evaluating the
--   policy. You can specify only the ARN of an IAM user. You cannot
--   specify the ARN of an assumed role, federated user, or a service
--   principal.</li>
--   <li><a>scpResourceHandlingOption</a> - Specifies the type of
--   simulation to run. Different API operations that support
--   resource-based policies require different combinations of resources.
--   By specifying the type of simulation to run, you enable the policy
--   simulator to enforce the presence of the required resources to ensure
--   reliable simulation results. If your simulation does not match one of
--   the following scenarios, then you can omit this parameter. The
--   following list shows each of the supported scenario values and the
--   resources that you must define to run the simulation. Each of the EC2
--   scenarios requires that you specify instance, image, and
--   security-group resources. If your scenario includes an EBS volume,
--   then you must specify that volume as a resource. If the EC2 scenario
--   includes VPC, then you must supply the network-interface resource. If
--   it includes an IP subnet, then you must specify the subnet resource.
--   For more information on the EC2 scenario options, see <a>Supported
--   Platforms</a> in the <i>Amazon EC2 User Guide</i> . *
--   <b>EC2-Classic-InstanceStore</b> instance, image, security-group *
--   <b>EC2-Classic-EBS</b> instance, image, security-group, volume *
--   <b>EC2-VPC-InstanceStore</b> instance, image, security-group,
--   network-interface * <b>EC2-VPC-InstanceStore-Subnet</b> instance,
--   image, security-group, network-interface, subnet * <b>EC2-VPC-EBS</b>
--   instance, image, security-group, network-interface, volume *
--   <b>EC2-VPC-EBS-Subnet</b> instance, image, security-group,
--   network-interface, subnet, volume</li>
--   <li><a>scpResourceARNs</a> - A list of ARNs of AWS resources to
--   include in the simulation. If this parameter is not provided then the
--   value defaults to <tt>*</tt> (all resources). Each API in the
--   <tt>ActionNames</tt> parameter is evaluated for each resource in this
--   list. The simulation determines the access result (allowed or denied)
--   of each combination and reports it in the response. The simulation
--   does not automatically retrieve policies for the specified resources.
--   If you want to include a resource policy in the simulation, then you
--   must include the policy as a string in the <tt>ResourcePolicy</tt>
--   parameter. If you include a <tt>ResourcePolicy</tt> , then it must be
--   applicable to all of the resources included in the simulation or you
--   receive an invalid input error. For more information about ARNs, see
--   <a>Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the
--   <i>AWS General Reference</i> .</li>
--   <li><a>scpMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>scpMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>scpContextEntries</a> - A list of context keys and
--   corresponding values for the simulation to use. Whenever a context key
--   is evaluated in one of the simulated IAM permission policies, the
--   corresponding value is supplied.</li>
--   <li><a>scpResourceOwner</a> - An AWS account ID that specifies the
--   owner of any simulated resource that does not identify its owner in
--   the resource ARN, such as an S3 bucket or object. If
--   <tt>ResourceOwner</tt> is specified, it is also used as the account
--   owner of any <tt>ResourcePolicy</tt> included in the simulation. If
--   the <tt>ResourceOwner</tt> parameter is not specified, then the owner
--   of the resources and the resource policy defaults to the account of
--   the identity provided in <tt>CallerArn</tt> . This parameter is
--   required only if you specify a resource-based policy and account that
--   owns the resource is different from the account that owns the
--   simulated calling user <tt>CallerArn</tt> .</li>
--   <li><a>scpPolicyInputList</a> - A list of policy documents to include
--   in the simulation. Each document is specified as a string containing
--   the complete, valid JSON text of an IAM policy. Do not include any
--   resource-based policies in this parameter. Any resource-based policy
--   must be submitted with the <tt>ResourcePolicy</tt> parameter. The
--   policies cannot be "scope-down" policies, such as you could include in
--   a call to <a>GetFederationToken</a> or one of the <a>AssumeRole</a>
--   API operations. In other words, do not use policies designed to
--   restrict what a user can do while using the temporary credentials. The
--   <a>regex pattern</a> used to validate this parameter is a string of
--   characters consisting of the following: * Any printable ASCII
--   character ranging from the space character (u0020) through the end of
--   the ASCII character range * The printable characters in the Basic
--   Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)</li>
--   <li><a>scpActionNames</a> - A list of names of API operations to
--   evaluate in the simulation. Each operation is evaluated against each
--   resource. Each operation must include the service identifier, such as
--   <tt>iam:CreateUser</tt> .</li>
--   </ul>
simulateCustomPolicy :: SimulateCustomPolicy

-- | <i>See:</i> <a>simulateCustomPolicy</a> smart constructor.
data SimulateCustomPolicy

-- | A resource-based policy to include in the simulation provided as a
--   string. Each resource in the simulation is treated as if it had this
--   policy attached. You can include only one resource-based policy in a
--   simulation. The <a>regex pattern</a> used to validate this parameter
--   is a string of characters consisting of the following: * Any printable
--   ASCII character ranging from the space character (u0020) through the
--   end of the ASCII character range * The printable characters in the
--   Basic Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)
scpResourcePolicy :: Lens' SimulateCustomPolicy (Maybe Text)

-- | The ARN of the IAM user that you want to use as the simulated caller
--   of the API operations. <tt>CallerArn</tt> is required if you include a
--   <tt>ResourcePolicy</tt> so that the policy's <tt>Principal</tt>
--   element has a value to use in evaluating the policy. You can specify
--   only the ARN of an IAM user. You cannot specify the ARN of an assumed
--   role, federated user, or a service principal.
scpCallerARN :: Lens' SimulateCustomPolicy (Maybe Text)

-- | Specifies the type of simulation to run. Different API operations that
--   support resource-based policies require different combinations of
--   resources. By specifying the type of simulation to run, you enable the
--   policy simulator to enforce the presence of the required resources to
--   ensure reliable simulation results. If your simulation does not match
--   one of the following scenarios, then you can omit this parameter. The
--   following list shows each of the supported scenario values and the
--   resources that you must define to run the simulation. Each of the EC2
--   scenarios requires that you specify instance, image, and
--   security-group resources. If your scenario includes an EBS volume,
--   then you must specify that volume as a resource. If the EC2 scenario
--   includes VPC, then you must supply the network-interface resource. If
--   it includes an IP subnet, then you must specify the subnet resource.
--   For more information on the EC2 scenario options, see <a>Supported
--   Platforms</a> in the <i>Amazon EC2 User Guide</i> . *
--   <b>EC2-Classic-InstanceStore</b> instance, image, security-group *
--   <b>EC2-Classic-EBS</b> instance, image, security-group, volume *
--   <b>EC2-VPC-InstanceStore</b> instance, image, security-group,
--   network-interface * <b>EC2-VPC-InstanceStore-Subnet</b> instance,
--   image, security-group, network-interface, subnet * <b>EC2-VPC-EBS</b>
--   instance, image, security-group, network-interface, volume *
--   <b>EC2-VPC-EBS-Subnet</b> instance, image, security-group,
--   network-interface, subnet, volume
scpResourceHandlingOption :: Lens' SimulateCustomPolicy (Maybe Text)

-- | A list of ARNs of AWS resources to include in the simulation. If this
--   parameter is not provided then the value defaults to <tt>*</tt> (all
--   resources). Each API in the <tt>ActionNames</tt> parameter is
--   evaluated for each resource in this list. The simulation determines
--   the access result (allowed or denied) of each combination and reports
--   it in the response. The simulation does not automatically retrieve
--   policies for the specified resources. If you want to include a
--   resource policy in the simulation, then you must include the policy as
--   a string in the <tt>ResourcePolicy</tt> parameter. If you include a
--   <tt>ResourcePolicy</tt> , then it must be applicable to all of the
--   resources included in the simulation or you receive an invalid input
--   error. For more information about ARNs, see <a>Amazon Resource Names
--   (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .
scpResourceARNs :: Lens' SimulateCustomPolicy [Text]

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
scpMarker :: Lens' SimulateCustomPolicy (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
scpMaxItems :: Lens' SimulateCustomPolicy (Maybe Natural)

-- | A list of context keys and corresponding values for the simulation to
--   use. Whenever a context key is evaluated in one of the simulated IAM
--   permission policies, the corresponding value is supplied.
scpContextEntries :: Lens' SimulateCustomPolicy [ContextEntry]

-- | An AWS account ID that specifies the owner of any simulated resource
--   that does not identify its owner in the resource ARN, such as an S3
--   bucket or object. If <tt>ResourceOwner</tt> is specified, it is also
--   used as the account owner of any <tt>ResourcePolicy</tt> included in
--   the simulation. If the <tt>ResourceOwner</tt> parameter is not
--   specified, then the owner of the resources and the resource policy
--   defaults to the account of the identity provided in <tt>CallerArn</tt>
--   . This parameter is required only if you specify a resource-based
--   policy and account that owns the resource is different from the
--   account that owns the simulated calling user <tt>CallerArn</tt> .
scpResourceOwner :: Lens' SimulateCustomPolicy (Maybe Text)

-- | A list of policy documents to include in the simulation. Each document
--   is specified as a string containing the complete, valid JSON text of
--   an IAM policy. Do not include any resource-based policies in this
--   parameter. Any resource-based policy must be submitted with the
--   <tt>ResourcePolicy</tt> parameter. The policies cannot be "scope-down"
--   policies, such as you could include in a call to
--   <a>GetFederationToken</a> or one of the <a>AssumeRole</a> API
--   operations. In other words, do not use policies designed to restrict
--   what a user can do while using the temporary credentials. The <a>regex
--   pattern</a> used to validate this parameter is a string of characters
--   consisting of the following: * Any printable ASCII character ranging
--   from the space character (u0020) through the end of the ASCII
--   character range * The printable characters in the Basic Latin and
--   Latin-1 Supplement character set (through u00FF) * The special
--   characters tab (u0009), line feed (u000A), and carriage return (u000D)
scpPolicyInputList :: Lens' SimulateCustomPolicy [Text]

-- | A list of names of API operations to evaluate in the simulation. Each
--   operation is evaluated against each resource. Each operation must
--   include the service identifier, such as <tt>iam:CreateUser</tt> .
scpActionNames :: Lens' SimulateCustomPolicy [Text]

-- | Creates a value of <a>SimulatePolicyResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>spEvaluationResults</a> - The results of the simulation.</li>
--   <li><a>spMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>spIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   </ul>
simulatePolicyResponse :: SimulatePolicyResponse

-- | Contains the response to a successful <tt>SimulatePrincipalPolicy</tt>
--   or <tt>SimulateCustomPolicy</tt> request.
--   
--   <i>See:</i> <a>simulatePolicyResponse</a> smart constructor.
data SimulatePolicyResponse

-- | The results of the simulation.
spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
spMarker :: Lens' SimulatePolicyResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)
instance GHC.Generics.Generic Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance Data.Data.Data Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance GHC.Show.Show Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance GHC.Read.Read Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance GHC.Classes.Eq Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance Data.Hashable.Class.Hashable Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.SimulateCustomPolicy.SimulateCustomPolicy


-- | Sets the specified version of the specified policy as the policy's
--   default (operative) version.
--   
--   This operation affects all users, groups, and roles that the policy is
--   attached to. To list the users, groups, and roles that the policy is
--   attached to, use the <tt>ListEntitiesForPolicy</tt> API.
--   
--   For information about managed policies, see <a>Managed Policies and
--   Inline Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.SetDefaultPolicyVersion

-- | Creates a value of <a>SetDefaultPolicyVersion</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sdpvPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy whose default version you want to set. For more information
--   about ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   <li><a>sdpvVersionId</a> - The version of the policy to set as the
--   default (operative) version. For more information about managed policy
--   versions, see <a>Versioning for Managed Policies</a> in the <i>IAM
--   User Guide</i> .</li>
--   </ul>
setDefaultPolicyVersion :: Text -> Text -> SetDefaultPolicyVersion

-- | <i>See:</i> <a>setDefaultPolicyVersion</a> smart constructor.
data SetDefaultPolicyVersion

-- | The Amazon Resource Name (ARN) of the IAM policy whose default version
--   you want to set. For more information about ARNs, see <a>Amazon
--   Resource Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS
--   General Reference</i> .
sdpvPolicyARN :: Lens' SetDefaultPolicyVersion Text

-- | The version of the policy to set as the default (operative) version.
--   For more information about managed policy versions, see <a>Versioning
--   for Managed Policies</a> in the <i>IAM User Guide</i> .
sdpvVersionId :: Lens' SetDefaultPolicyVersion Text

-- | Creates a value of <a>SetDefaultPolicyVersionResponse</a> with the
--   minimum fields required to make a request.
setDefaultPolicyVersionResponse :: SetDefaultPolicyVersionResponse

-- | <i>See:</i> <a>setDefaultPolicyVersionResponse</a> smart constructor.
data SetDefaultPolicyVersionResponse
instance GHC.Generics.Generic Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersionResponse
instance Data.Data.Data Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersionResponse
instance GHC.Show.Show Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersionResponse
instance GHC.Read.Read Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersionResponse
instance GHC.Classes.Eq Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersionResponse
instance GHC.Generics.Generic Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion
instance Data.Data.Data Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion
instance GHC.Show.Show Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion
instance GHC.Read.Read Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion
instance GHC.Classes.Eq Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion
instance Control.DeepSeq.NFData Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersionResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion
instance Control.DeepSeq.NFData Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.SetDefaultPolicyVersion.SetDefaultPolicyVersion


-- | Synchronizes the specified MFA device with its IAM resource object on
--   the AWS servers.
--   
--   For more information about creating and working with virtual MFA
--   devices, go to <a>Using a Virtual MFA Device</a> in the <i>IAM User
--   Guide</i> .
module Network.AWS.IAM.ResyncMFADevice

-- | Creates a value of <a>ResyncMFADevice</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rmdUserName</a> - The name of the user whose MFA device you
--   want to resynchronize. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   <li><a>rmdSerialNumber</a> - Serial number that uniquely identifies
--   the MFA device. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>rmdAuthenticationCode1</a> - An authentication code emitted by
--   the device. The format for this parameter is a sequence of six
--   digits.</li>
--   <li><a>rmdAuthenticationCode2</a> - A subsequent authentication code
--   emitted by the device. The format for this parameter is a sequence of
--   six digits.</li>
--   </ul>
resyncMFADevice :: Text -> Text -> Text -> Text -> ResyncMFADevice

-- | <i>See:</i> <a>resyncMFADevice</a> smart constructor.
data ResyncMFADevice

-- | The name of the user whose MFA device you want to resynchronize. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
rmdUserName :: Lens' ResyncMFADevice Text

-- | Serial number that uniquely identifies the MFA device. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
rmdSerialNumber :: Lens' ResyncMFADevice Text

-- | An authentication code emitted by the device. The format for this
--   parameter is a sequence of six digits.
rmdAuthenticationCode1 :: Lens' ResyncMFADevice Text

-- | A subsequent authentication code emitted by the device. The format for
--   this parameter is a sequence of six digits.
rmdAuthenticationCode2 :: Lens' ResyncMFADevice Text

-- | Creates a value of <a>ResyncMFADeviceResponse</a> with the minimum
--   fields required to make a request.
resyncMFADeviceResponse :: ResyncMFADeviceResponse

-- | <i>See:</i> <a>resyncMFADeviceResponse</a> smart constructor.
data ResyncMFADeviceResponse
instance GHC.Generics.Generic Network.AWS.IAM.ResyncMFADevice.ResyncMFADeviceResponse
instance Data.Data.Data Network.AWS.IAM.ResyncMFADevice.ResyncMFADeviceResponse
instance GHC.Show.Show Network.AWS.IAM.ResyncMFADevice.ResyncMFADeviceResponse
instance GHC.Read.Read Network.AWS.IAM.ResyncMFADevice.ResyncMFADeviceResponse
instance GHC.Classes.Eq Network.AWS.IAM.ResyncMFADevice.ResyncMFADeviceResponse
instance GHC.Generics.Generic Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice
instance Data.Data.Data Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice
instance GHC.Show.Show Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice
instance GHC.Read.Read Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice
instance GHC.Classes.Eq Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice
instance Control.DeepSeq.NFData Network.AWS.IAM.ResyncMFADevice.ResyncMFADeviceResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice
instance Control.DeepSeq.NFData Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ResyncMFADevice.ResyncMFADevice


-- | Resets the password for a service-specific credential. The new
--   password is AWS generated and cryptographically strong. It cannot be
--   configured by the user. Resetting the password immediately invalidates
--   the previous password associated with this user.
module Network.AWS.IAM.ResetServiceSpecificCredential

-- | Creates a value of <a>ResetServiceSpecificCredential</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rsscUserName</a> - The name of the IAM user associated with the
--   service-specific credential. If this value is not specified, then the
--   operation assumes the user whose credentials are used to call the
--   operation. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>rsscServiceSpecificCredentialId</a> - The unique identifier of
--   the service-specific credential. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters that can consist of any
--   upper or lowercased letter or digit.</li>
--   </ul>
resetServiceSpecificCredential :: Text -> ResetServiceSpecificCredential

-- | <i>See:</i> <a>resetServiceSpecificCredential</a> smart constructor.
data ResetServiceSpecificCredential

-- | The name of the IAM user associated with the service-specific
--   credential. If this value is not specified, then the operation assumes
--   the user whose credentials are used to call the operation. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
rsscUserName :: Lens' ResetServiceSpecificCredential (Maybe Text)

-- | The unique identifier of the service-specific credential. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters that can consist of any upper or lowercased letter or
--   digit.
rsscServiceSpecificCredentialId :: Lens' ResetServiceSpecificCredential Text

-- | Creates a value of <a>ResetServiceSpecificCredentialResponse</a> with
--   the minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rsscrsServiceSpecificCredential</a> - A structure with details
--   about the updated service-specific credential, including the new
--   password. <i>Important:</i> This is the <b>only</b> time that you can
--   access the password. You cannot recover the password later, but you
--   can reset it again.</li>
--   <li><a>rsscrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
resetServiceSpecificCredentialResponse :: Int -> ResetServiceSpecificCredentialResponse

-- | <i>See:</i> <a>resetServiceSpecificCredentialResponse</a> smart
--   constructor.
data ResetServiceSpecificCredentialResponse

-- | A structure with details about the updated service-specific
--   credential, including the new password. <i>Important:</i> This is the
--   <b>only</b> time that you can access the password. You cannot recover
--   the password later, but you can reset it again.
rsscrsServiceSpecificCredential :: Lens' ResetServiceSpecificCredentialResponse (Maybe ServiceSpecificCredential)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
rsscrsResponseStatus :: Lens' ResetServiceSpecificCredentialResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredentialResponse
instance Data.Data.Data Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredentialResponse
instance GHC.Show.Show Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredentialResponse
instance GHC.Classes.Eq Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredentialResponse
instance GHC.Generics.Generic Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential
instance Data.Data.Data Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential
instance GHC.Show.Show Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential
instance GHC.Read.Read Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential
instance GHC.Classes.Eq Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential
instance Control.DeepSeq.NFData Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredentialResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential
instance Control.DeepSeq.NFData Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ResetServiceSpecificCredential.ResetServiceSpecificCredential


-- | Removes the specified user from the specified group.
module Network.AWS.IAM.RemoveUserFromGroup

-- | Creates a value of <a>RemoveUserFromGroup</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rufgGroupName</a> - The name of the group to update. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   <li><a>rufgUserName</a> - The name of the user to remove. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
removeUserFromGroup :: Text -> Text -> RemoveUserFromGroup

-- | <i>See:</i> <a>removeUserFromGroup</a> smart constructor.
data RemoveUserFromGroup

-- | The name of the group to update. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
rufgGroupName :: Lens' RemoveUserFromGroup Text

-- | The name of the user to remove. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
rufgUserName :: Lens' RemoveUserFromGroup Text

-- | Creates a value of <a>RemoveUserFromGroupResponse</a> with the minimum
--   fields required to make a request.
removeUserFromGroupResponse :: RemoveUserFromGroupResponse

-- | <i>See:</i> <a>removeUserFromGroupResponse</a> smart constructor.
data RemoveUserFromGroupResponse
instance GHC.Generics.Generic Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroupResponse
instance Data.Data.Data Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroupResponse
instance GHC.Show.Show Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroupResponse
instance GHC.Read.Read Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroupResponse
instance GHC.Classes.Eq Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroupResponse
instance GHC.Generics.Generic Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup
instance Data.Data.Data Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup
instance GHC.Show.Show Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup
instance GHC.Read.Read Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup
instance GHC.Classes.Eq Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroupResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.RemoveUserFromGroup.RemoveUserFromGroup


-- | Removes the specified IAM role from the specified EC2 instance
--   profile.
--   
--   <i>Important:</i> Make sure that you do not have any Amazon EC2
--   instances running with the role you are about to remove from the
--   instance profile. Removing a role from an instance profile that is
--   associated with a running instance might break any applications
--   running on the instance.
--   
--   For more information about IAM roles, go to <a>Working with Roles</a>
--   . For more information about instance profiles, go to <a>About
--   Instance Profiles</a> .
module Network.AWS.IAM.RemoveRoleFromInstanceProfile

-- | Creates a value of <a>RemoveRoleFromInstanceProfile</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rrfipInstanceProfileName</a> - The name of the instance profile
--   to update. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>rrfipRoleName</a> - The name of the role to remove. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
removeRoleFromInstanceProfile :: Text -> Text -> RemoveRoleFromInstanceProfile

-- | <i>See:</i> <a>removeRoleFromInstanceProfile</a> smart constructor.
data RemoveRoleFromInstanceProfile

-- | The name of the instance profile to update. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-
rrfipInstanceProfileName :: Lens' RemoveRoleFromInstanceProfile Text

-- | The name of the role to remove. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
rrfipRoleName :: Lens' RemoveRoleFromInstanceProfile Text

-- | Creates a value of <a>RemoveRoleFromInstanceProfileResponse</a> with
--   the minimum fields required to make a request.
removeRoleFromInstanceProfileResponse :: RemoveRoleFromInstanceProfileResponse

-- | <i>See:</i> <a>removeRoleFromInstanceProfileResponse</a> smart
--   constructor.
data RemoveRoleFromInstanceProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfileResponse
instance Data.Data.Data Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfileResponse
instance GHC.Show.Show Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfileResponse
instance GHC.Read.Read Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfileResponse
instance GHC.Classes.Eq Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile
instance Data.Data.Data Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile
instance GHC.Show.Show Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile
instance GHC.Read.Read Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile
instance GHC.Classes.Eq Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfileResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.RemoveRoleFromInstanceProfile.RemoveRoleFromInstanceProfile


-- | Removes the specified client ID (also known as audience) from the list
--   of client IDs registered for the specified IAM OpenID Connect (OIDC)
--   provider resource object.
--   
--   This operation is idempotent; it does not fail or return an error if
--   you try to remove a client ID that does not exist.
module Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider

-- | Creates a value of <a>RemoveClientIdFromOpenIdConnectProvider</a> with
--   the minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rcifoicpOpenIdConnectProviderARN</a> - The Amazon Resource Name
--   (ARN) of the IAM OIDC provider resource to remove the client ID from.
--   You can get a list of OIDC provider ARNs by using the
--   <tt>ListOpenIDConnectProviders</tt> operation. For more information
--   about ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   <li><a>rcifoicpClientId</a> - The client ID (also known as audience)
--   to remove from the IAM OIDC provider resource. For more information
--   about client IDs, see <tt>CreateOpenIDConnectProvider</tt> .</li>
--   </ul>
removeClientIdFromOpenIdConnectProvider :: Text -> Text -> RemoveClientIdFromOpenIdConnectProvider

-- | <i>See:</i> <a>removeClientIdFromOpenIdConnectProvider</a> smart
--   constructor.
data RemoveClientIdFromOpenIdConnectProvider

-- | The Amazon Resource Name (ARN) of the IAM OIDC provider resource to
--   remove the client ID from. You can get a list of OIDC provider ARNs by
--   using the <tt>ListOpenIDConnectProviders</tt> operation. For more
--   information about ARNs, see <a>Amazon Resource Names (ARNs) and AWS
--   Service Namespaces</a> in the <i>AWS General Reference</i> .
rcifoicpOpenIdConnectProviderARN :: Lens' RemoveClientIdFromOpenIdConnectProvider Text

-- | The client ID (also known as audience) to remove from the IAM OIDC
--   provider resource. For more information about client IDs, see
--   <tt>CreateOpenIDConnectProvider</tt> .
rcifoicpClientId :: Lens' RemoveClientIdFromOpenIdConnectProvider Text

-- | Creates a value of
--   <a>RemoveClientIdFromOpenIdConnectProviderResponse</a> with the
--   minimum fields required to make a request.
removeClientIdFromOpenIdConnectProviderResponse :: RemoveClientIdFromOpenIdConnectProviderResponse

-- | <i>See:</i> <a>removeClientIdFromOpenIdConnectProviderResponse</a>
--   smart constructor.
data RemoveClientIdFromOpenIdConnectProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProviderResponse
instance Data.Data.Data Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProviderResponse
instance GHC.Show.Show Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProviderResponse
instance GHC.Read.Read Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProviderResponse
instance GHC.Classes.Eq Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider
instance Data.Data.Data Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider
instance GHC.Show.Show Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider
instance GHC.Read.Read Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider
instance GHC.Classes.Eq Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProviderResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider.RemoveClientIdFromOpenIdConnectProvider


-- | Adds or updates an inline policy document that is embedded in the
--   specified IAM user.
--   
--   An IAM user can also have a managed policy attached to it. To attach a
--   managed policy to a user, use <tt>AttachUserPolicy</tt> . To create a
--   new managed policy, use <tt>CreatePolicy</tt> . For information about
--   policies, see <a>Managed Policies and Inline Policies</a> in the
--   <i>IAM User Guide</i> .
--   
--   For information about limits on the number of inline policies that you
--   can embed in a user, see <a>Limitations on IAM Entities</a> in the
--   <i>IAM User Guide</i> .
module Network.AWS.IAM.PutUserPolicy

-- | Creates a value of <a>PutUserPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pupUserName</a> - The name of the user to associate the policy
--   with. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>pupPolicyName</a> - The name of the policy document. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   <li><a>pupPolicyDocument</a> - The policy document. The <a>regex
--   pattern</a> used to validate this parameter is a string of characters
--   consisting of the following: * Any printable ASCII character ranging
--   from the space character (u0020) through the end of the ASCII
--   character range * The printable characters in the Basic Latin and
--   Latin-1 Supplement character set (through u00FF) * The special
--   characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)</li>
--   </ul>
putUserPolicy :: Text -> Text -> Text -> PutUserPolicy

-- | <i>See:</i> <a>putUserPolicy</a> smart constructor.
data PutUserPolicy

-- | The name of the user to associate the policy with. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
pupUserName :: Lens' PutUserPolicy Text

-- | The name of the policy document. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
pupPolicyName :: Lens' PutUserPolicy Text

-- | The policy document. The <a>regex pattern</a> used to validate this
--   parameter is a string of characters consisting of the following: * Any
--   printable ASCII character ranging from the space character (u0020)
--   through the end of the ASCII character range * The printable
--   characters in the Basic Latin and Latin-1 Supplement character set
--   (through u00FF) * The special characters tab (u0009), line feed
--   (u000A), and carriage return (u000D)
pupPolicyDocument :: Lens' PutUserPolicy Text

-- | Creates a value of <a>PutUserPolicyResponse</a> with the minimum
--   fields required to make a request.
putUserPolicyResponse :: PutUserPolicyResponse

-- | <i>See:</i> <a>putUserPolicyResponse</a> smart constructor.
data PutUserPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.PutUserPolicy.PutUserPolicyResponse
instance Data.Data.Data Network.AWS.IAM.PutUserPolicy.PutUserPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.PutUserPolicy.PutUserPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.PutUserPolicy.PutUserPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.PutUserPolicy.PutUserPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.PutUserPolicy.PutUserPolicy
instance Data.Data.Data Network.AWS.IAM.PutUserPolicy.PutUserPolicy
instance GHC.Show.Show Network.AWS.IAM.PutUserPolicy.PutUserPolicy
instance GHC.Read.Read Network.AWS.IAM.PutUserPolicy.PutUserPolicy
instance GHC.Classes.Eq Network.AWS.IAM.PutUserPolicy.PutUserPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.PutUserPolicy.PutUserPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.PutUserPolicy.PutUserPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.PutUserPolicy.PutUserPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.PutUserPolicy.PutUserPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.PutUserPolicy.PutUserPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.PutUserPolicy.PutUserPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.PutUserPolicy.PutUserPolicy


-- | Adds or updates an inline policy document that is embedded in the
--   specified IAM role.
--   
--   When you embed an inline policy in a role, the inline policy is used
--   as part of the role's access (permissions) policy. The role's trust
--   policy is created at the same time as the role, using
--   <tt>CreateRole</tt> . You can update a role's trust policy using
--   <tt>UpdateAssumeRolePolicy</tt> . For more information about IAM
--   roles, go to <a>Using Roles to Delegate Permissions and Federate
--   Identities</a> .
--   
--   A role can also have a managed policy attached to it. To attach a
--   managed policy to a role, use <tt>AttachRolePolicy</tt> . To create a
--   new managed policy, use <tt>CreatePolicy</tt> . For information about
--   policies, see <a>Managed Policies and Inline Policies</a> in the
--   <i>IAM User Guide</i> .
--   
--   For information about limits on the number of inline policies that you
--   can embed with a role, see <a>Limitations on IAM Entities</a> in the
--   <i>IAM User Guide</i> .
module Network.AWS.IAM.PutRolePolicy

-- | Creates a value of <a>PutRolePolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>prpRoleName</a> - The name of the role to associate the policy
--   with. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>prpPolicyName</a> - The name of the policy document. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   <li><a>prpPolicyDocument</a> - The policy document. The <a>regex
--   pattern</a> used to validate this parameter is a string of characters
--   consisting of the following: * Any printable ASCII character ranging
--   from the space character (u0020) through the end of the ASCII
--   character range * The printable characters in the Basic Latin and
--   Latin-1 Supplement character set (through u00FF) * The special
--   characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)</li>
--   </ul>
putRolePolicy :: Text -> Text -> Text -> PutRolePolicy

-- | <i>See:</i> <a>putRolePolicy</a> smart constructor.
data PutRolePolicy

-- | The name of the role to associate the policy with. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
prpRoleName :: Lens' PutRolePolicy Text

-- | The name of the policy document. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
prpPolicyName :: Lens' PutRolePolicy Text

-- | The policy document. The <a>regex pattern</a> used to validate this
--   parameter is a string of characters consisting of the following: * Any
--   printable ASCII character ranging from the space character (u0020)
--   through the end of the ASCII character range * The printable
--   characters in the Basic Latin and Latin-1 Supplement character set
--   (through u00FF) * The special characters tab (u0009), line feed
--   (u000A), and carriage return (u000D)
prpPolicyDocument :: Lens' PutRolePolicy Text

-- | Creates a value of <a>PutRolePolicyResponse</a> with the minimum
--   fields required to make a request.
putRolePolicyResponse :: PutRolePolicyResponse

-- | <i>See:</i> <a>putRolePolicyResponse</a> smart constructor.
data PutRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.PutRolePolicy.PutRolePolicyResponse
instance Data.Data.Data Network.AWS.IAM.PutRolePolicy.PutRolePolicyResponse
instance GHC.Show.Show Network.AWS.IAM.PutRolePolicy.PutRolePolicyResponse
instance GHC.Read.Read Network.AWS.IAM.PutRolePolicy.PutRolePolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.PutRolePolicy.PutRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.PutRolePolicy.PutRolePolicy
instance Data.Data.Data Network.AWS.IAM.PutRolePolicy.PutRolePolicy
instance GHC.Show.Show Network.AWS.IAM.PutRolePolicy.PutRolePolicy
instance GHC.Read.Read Network.AWS.IAM.PutRolePolicy.PutRolePolicy
instance GHC.Classes.Eq Network.AWS.IAM.PutRolePolicy.PutRolePolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.PutRolePolicy.PutRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.PutRolePolicy.PutRolePolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.PutRolePolicy.PutRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.PutRolePolicy.PutRolePolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.PutRolePolicy.PutRolePolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.PutRolePolicy.PutRolePolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.PutRolePolicy.PutRolePolicy


-- | Adds or updates an inline policy document that is embedded in the
--   specified IAM group.
--   
--   A user can also have managed policies attached to it. To attach a
--   managed policy to a group, use <tt>AttachGroupPolicy</tt> . To create
--   a new managed policy, use <tt>CreatePolicy</tt> . For information
--   about policies, see <a>Managed Policies and Inline Policies</a> in the
--   <i>IAM User Guide</i> .
--   
--   For information about limits on the number of inline policies that you
--   can embed in a group, see <a>Limitations on IAM Entities</a> in the
--   <i>IAM User Guide</i> .
module Network.AWS.IAM.PutGroupPolicy

-- | Creates a value of <a>PutGroupPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pgpGroupName</a> - The name of the group to associate the
--   policy with. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>pgpPolicyName</a> - The name of the policy document. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   <li><a>pgpPolicyDocument</a> - The policy document. The <a>regex
--   pattern</a> used to validate this parameter is a string of characters
--   consisting of the following: * Any printable ASCII character ranging
--   from the space character (u0020) through the end of the ASCII
--   character range * The printable characters in the Basic Latin and
--   Latin-1 Supplement character set (through u00FF) * The special
--   characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)</li>
--   </ul>
putGroupPolicy :: Text -> Text -> Text -> PutGroupPolicy

-- | <i>See:</i> <a>putGroupPolicy</a> smart constructor.
data PutGroupPolicy

-- | The name of the group to associate the policy with. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
pgpGroupName :: Lens' PutGroupPolicy Text

-- | The name of the policy document. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
pgpPolicyName :: Lens' PutGroupPolicy Text

-- | The policy document. The <a>regex pattern</a> used to validate this
--   parameter is a string of characters consisting of the following: * Any
--   printable ASCII character ranging from the space character (u0020)
--   through the end of the ASCII character range * The printable
--   characters in the Basic Latin and Latin-1 Supplement character set
--   (through u00FF) * The special characters tab (u0009), line feed
--   (u000A), and carriage return (u000D)
pgpPolicyDocument :: Lens' PutGroupPolicy Text

-- | Creates a value of <a>PutGroupPolicyResponse</a> with the minimum
--   fields required to make a request.
putGroupPolicyResponse :: PutGroupPolicyResponse

-- | <i>See:</i> <a>putGroupPolicyResponse</a> smart constructor.
data PutGroupPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.PutGroupPolicy.PutGroupPolicyResponse
instance Data.Data.Data Network.AWS.IAM.PutGroupPolicy.PutGroupPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.PutGroupPolicy.PutGroupPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.PutGroupPolicy.PutGroupPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.PutGroupPolicy.PutGroupPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy
instance Data.Data.Data Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy
instance GHC.Show.Show Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy
instance GHC.Read.Read Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy
instance GHC.Classes.Eq Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.PutGroupPolicy.PutGroupPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.PutGroupPolicy.PutGroupPolicy


-- | Lists the virtual MFA devices defined in the AWS account by assignment
--   status. If you do not specify an assignment status, the operation
--   returns a list of all virtual MFA devices. Assignment status can be
--   <tt>Assigned</tt> , <tt>Unassigned</tt> , or <tt>Any</tt> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListVirtualMFADevices

-- | Creates a value of <a>ListVirtualMFADevices</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lvmdAssignmentStatus</a> - The status (<tt>Unassigned</tt> or
--   <tt>Assigned</tt> ) of the devices to list. If you do not specify an
--   <tt>AssignmentStatus</tt> , the operation defaults to <tt>Any</tt>
--   which lists both assigned and unassigned virtual MFA devices.</li>
--   <li><a>lvmdMarker</a> - Use this parameter only when paginating
--   results and only after you receive a response indicating that the
--   results are truncated. Set it to the value of the <tt>Marker</tt>
--   element in the response that you received to indicate where the next
--   call should start.</li>
--   <li><a>lvmdMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listVirtualMFADevices :: ListVirtualMFADevices

-- | <i>See:</i> <a>listVirtualMFADevices</a> smart constructor.
data ListVirtualMFADevices

-- | The status (<tt>Unassigned</tt> or <tt>Assigned</tt> ) of the devices
--   to list. If you do not specify an <tt>AssignmentStatus</tt> , the
--   operation defaults to <tt>Any</tt> which lists both assigned and
--   unassigned virtual MFA devices.
lvmdAssignmentStatus :: Lens' ListVirtualMFADevices (Maybe AssignmentStatusType)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lvmdMarker :: Lens' ListVirtualMFADevices (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lvmdMaxItems :: Lens' ListVirtualMFADevices (Maybe Natural)

-- | Creates a value of <a>ListVirtualMFADevicesResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lvmdrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lvmdrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lvmdrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lvmdrsVirtualMFADevices</a> - The list of virtual MFA devices
--   in the current account that match the <tt>AssignmentStatus</tt> value
--   that was passed in the request.</li>
--   </ul>
listVirtualMFADevicesResponse :: Int -> ListVirtualMFADevicesResponse

-- | Contains the response to a successful <a>ListVirtualMFADevices</a>
--   request.
--   
--   <i>See:</i> <a>listVirtualMFADevicesResponse</a> smart constructor.
data ListVirtualMFADevicesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lvmdrsMarker :: Lens' ListVirtualMFADevicesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lvmdrsIsTruncated :: Lens' ListVirtualMFADevicesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lvmdrsResponseStatus :: Lens' ListVirtualMFADevicesResponse Int

-- | The list of virtual MFA devices in the current account that match the
--   <tt>AssignmentStatus</tt> value that was passed in the request.
lvmdrsVirtualMFADevices :: Lens' ListVirtualMFADevicesResponse [VirtualMFADevice]
instance GHC.Generics.Generic Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevicesResponse
instance Data.Data.Data Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevicesResponse
instance GHC.Show.Show Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevicesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevicesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance Data.Data.Data Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance GHC.Show.Show Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance GHC.Read.Read Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance GHC.Classes.Eq Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance Control.DeepSeq.NFData Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevicesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance Control.DeepSeq.NFData Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListVirtualMFADevices.ListVirtualMFADevices


-- | Lists the IAM users that have the specified path prefix. If no path
--   prefix is specified, the operation returns all users in the AWS
--   account. If there are none, the operation returns an empty list.
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListUsers

-- | Creates a value of <a>ListUsers</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>luPathPrefix</a> - The path prefix for filtering the results.
--   For example: <tt><i>division_abc</i>subdivision_xyz/</tt> , which
--   would get all user names whose path starts with
--   <tt><i>division_abc</i>subdivision_xyz/</tt> . This parameter is
--   optional. If it is not included, it defaults to a slash (<i>), listing
--   all user names. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>luMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>luMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listUsers :: ListUsers

-- | <i>See:</i> <a>listUsers</a> smart constructor.
data ListUsers

-- | The path prefix for filtering the results. For example:
--   <tt><i>division_abc</i>subdivision_xyz/</tt> , which would get all
--   user names whose path starts with
--   <tt><i>division_abc</i>subdivision_xyz/</tt> . This parameter is
--   optional. If it is not included, it defaults to a slash (<i>), listing
--   all user names. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
luPathPrefix :: Lens' ListUsers (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
luMarker :: Lens' ListUsers (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
luMaxItems :: Lens' ListUsers (Maybe Natural)

-- | Creates a value of <a>ListUsersResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lursMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lursIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lursResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lursUsers</a> - A list of users.</li>
--   </ul>
listUsersResponse :: Int -> ListUsersResponse

-- | Contains the response to a successful <a>ListUsers</a> request.
--   
--   <i>See:</i> <a>listUsersResponse</a> smart constructor.
data ListUsersResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lursMarker :: Lens' ListUsersResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lursIsTruncated :: Lens' ListUsersResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lursResponseStatus :: Lens' ListUsersResponse Int

-- | A list of users.
lursUsers :: Lens' ListUsersResponse [User]
instance GHC.Generics.Generic Network.AWS.IAM.ListUsers.ListUsersResponse
instance Data.Data.Data Network.AWS.IAM.ListUsers.ListUsersResponse
instance GHC.Show.Show Network.AWS.IAM.ListUsers.ListUsersResponse
instance GHC.Read.Read Network.AWS.IAM.ListUsers.ListUsersResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListUsers.ListUsersResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListUsers.ListUsers
instance Data.Data.Data Network.AWS.IAM.ListUsers.ListUsers
instance GHC.Show.Show Network.AWS.IAM.ListUsers.ListUsers
instance GHC.Read.Read Network.AWS.IAM.ListUsers.ListUsers
instance GHC.Classes.Eq Network.AWS.IAM.ListUsers.ListUsers
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListUsers.ListUsers
instance Control.DeepSeq.NFData Network.AWS.IAM.ListUsers.ListUsersResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListUsers.ListUsers
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListUsers.ListUsers
instance Control.DeepSeq.NFData Network.AWS.IAM.ListUsers.ListUsers
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListUsers.ListUsers
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListUsers.ListUsers
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListUsers.ListUsers


-- | Lists the names of the inline policies embedded in the specified IAM
--   user.
--   
--   An IAM user can also have managed policies attached to it. To list the
--   managed policies that are attached to a user, use
--   <tt>ListAttachedUserPolicies</tt> . For more information about
--   policies, see <a>Managed Policies and Inline Policies</a> in the
--   <i>IAM User Guide</i> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters. If there are no inline policies embedded
--   with the specified user, the operation returns an empty list.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListUserPolicies

-- | Creates a value of <a>ListUserPolicies</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lupMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lupMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>lupUserName</a> - The name of the user to list policies for.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
listUserPolicies :: Text -> ListUserPolicies

-- | <i>See:</i> <a>listUserPolicies</a> smart constructor.
data ListUserPolicies

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lupMarker :: Lens' ListUserPolicies (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lupMaxItems :: Lens' ListUserPolicies (Maybe Natural)

-- | The name of the user to list policies for. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-
lupUserName :: Lens' ListUserPolicies Text

-- | Creates a value of <a>ListUserPoliciesResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>luprsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>luprsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>luprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>luprsPolicyNames</a> - A list of policy names.</li>
--   </ul>
listUserPoliciesResponse :: Int -> ListUserPoliciesResponse

-- | Contains the response to a successful <a>ListUserPolicies</a> request.
--   
--   <i>See:</i> <a>listUserPoliciesResponse</a> smart constructor.
data ListUserPoliciesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
luprsMarker :: Lens' ListUserPoliciesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
luprsIsTruncated :: Lens' ListUserPoliciesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
luprsResponseStatus :: Lens' ListUserPoliciesResponse Int

-- | A list of policy names.
luprsPolicyNames :: Lens' ListUserPoliciesResponse [Text]
instance GHC.Generics.Generic Network.AWS.IAM.ListUserPolicies.ListUserPoliciesResponse
instance Data.Data.Data Network.AWS.IAM.ListUserPolicies.ListUserPoliciesResponse
instance GHC.Show.Show Network.AWS.IAM.ListUserPolicies.ListUserPoliciesResponse
instance GHC.Read.Read Network.AWS.IAM.ListUserPolicies.ListUserPoliciesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListUserPolicies.ListUserPoliciesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance Data.Data.Data Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance GHC.Show.Show Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance GHC.Read.Read Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance GHC.Classes.Eq Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListUserPolicies.ListUserPoliciesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListUserPolicies.ListUserPolicies
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListUserPolicies.ListUserPolicies


-- | Returns information about the signing certificates associated with the
--   specified IAM user. If there are none, the operation returns an empty
--   list.
--   
--   Although each user is limited to a small number of signing
--   certificates, you can still paginate the results using the
--   <tt>MaxItems</tt> and <tt>Marker</tt> parameters.
--   
--   If the <tt>UserName</tt> field is not specified, the user name is
--   determined implicitly based on the AWS access key ID used to sign the
--   request for this API. Because this operation works for access keys
--   under the AWS account, you can use this operation to manage AWS
--   account root user credentials even if the AWS account has no
--   associated users.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListSigningCertificates

-- | Creates a value of <a>ListSigningCertificates</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lUserName</a> - The name of the IAM user whose signing
--   certificates you want to examine. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   <li><a>lMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listSigningCertificates :: ListSigningCertificates

-- | <i>See:</i> <a>listSigningCertificates</a> smart constructor.
data ListSigningCertificates

-- | The name of the IAM user whose signing certificates you want to
--   examine. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
lUserName :: Lens' ListSigningCertificates (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lMarker :: Lens' ListSigningCertificates (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lMaxItems :: Lens' ListSigningCertificates (Maybe Natural)

-- | Creates a value of <a>ListSigningCertificatesResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lrsCertificates</a> - A list of the user's signing certificate
--   information.</li>
--   </ul>
listSigningCertificatesResponse :: Int -> ListSigningCertificatesResponse

-- | Contains the response to a successful <a>ListSigningCertificates</a>
--   request.
--   
--   <i>See:</i> <a>listSigningCertificatesResponse</a> smart constructor.
data ListSigningCertificatesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lrsMarker :: Lens' ListSigningCertificatesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lrsIsTruncated :: Lens' ListSigningCertificatesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lrsResponseStatus :: Lens' ListSigningCertificatesResponse Int

-- | A list of the user's signing certificate information.
lrsCertificates :: Lens' ListSigningCertificatesResponse [SigningCertificate]
instance GHC.Generics.Generic Network.AWS.IAM.ListSigningCertificates.ListSigningCertificatesResponse
instance Data.Data.Data Network.AWS.IAM.ListSigningCertificates.ListSigningCertificatesResponse
instance GHC.Show.Show Network.AWS.IAM.ListSigningCertificates.ListSigningCertificatesResponse
instance GHC.Read.Read Network.AWS.IAM.ListSigningCertificates.ListSigningCertificatesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListSigningCertificates.ListSigningCertificatesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance Data.Data.Data Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance GHC.Show.Show Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance GHC.Read.Read Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance GHC.Classes.Eq Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance Control.DeepSeq.NFData Network.AWS.IAM.ListSigningCertificates.ListSigningCertificatesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance Control.DeepSeq.NFData Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListSigningCertificates.ListSigningCertificates


-- | Returns information about the service-specific credentials associated
--   with the specified IAM user. If there are none, the operation returns
--   an empty list. The service-specific credentials returned by this
--   operation are used only for authenticating the IAM user to a specific
--   service. For more information about using service-specific credentials
--   to authenticate to an AWS service, see <a>Set Up service-specific
--   credentials</a> in the AWS CodeCommit User Guide.
module Network.AWS.IAM.ListServiceSpecificCredentials

-- | Creates a value of <a>ListServiceSpecificCredentials</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lsscUserName</a> - The name of the user whose service-specific
--   credentials you want information about. If this value is not
--   specified, then the operation assumes the user whose credentials are
--   used to call the operation. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   <li><a>lsscServiceName</a> - Filters the returned results to only
--   those for the specified AWS service. If not specified, then AWS
--   returns service-specific credentials for all services.</li>
--   </ul>
listServiceSpecificCredentials :: ListServiceSpecificCredentials

-- | <i>See:</i> <a>listServiceSpecificCredentials</a> smart constructor.
data ListServiceSpecificCredentials

-- | The name of the user whose service-specific credentials you want
--   information about. If this value is not specified, then the operation
--   assumes the user whose credentials are used to call the operation.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
lsscUserName :: Lens' ListServiceSpecificCredentials (Maybe Text)

-- | Filters the returned results to only those for the specified AWS
--   service. If not specified, then AWS returns service-specific
--   credentials for all services.
lsscServiceName :: Lens' ListServiceSpecificCredentials (Maybe Text)

-- | Creates a value of <a>ListServiceSpecificCredentialsResponse</a> with
--   the minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lsscrsServiceSpecificCredentials</a> - A list of structures
--   that each contain details about a service-specific credential.</li>
--   <li><a>lsscrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listServiceSpecificCredentialsResponse :: Int -> ListServiceSpecificCredentialsResponse

-- | <i>See:</i> <a>listServiceSpecificCredentialsResponse</a> smart
--   constructor.
data ListServiceSpecificCredentialsResponse

-- | A list of structures that each contain details about a
--   service-specific credential.
lsscrsServiceSpecificCredentials :: Lens' ListServiceSpecificCredentialsResponse [ServiceSpecificCredentialMetadata]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lsscrsResponseStatus :: Lens' ListServiceSpecificCredentialsResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentialsResponse
instance Data.Data.Data Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentialsResponse
instance GHC.Show.Show Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentialsResponse
instance GHC.Read.Read Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentialsResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentialsResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials
instance Data.Data.Data Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials
instance GHC.Show.Show Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials
instance GHC.Read.Read Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials
instance GHC.Classes.Eq Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials
instance Control.DeepSeq.NFData Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentialsResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials
instance Control.DeepSeq.NFData Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListServiceSpecificCredentials.ListServiceSpecificCredentials


-- | Lists the server certificates stored in IAM that have the specified
--   path prefix. If none exist, the operation returns an empty list.
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   For more information about working with server certificates, see
--   <a>Working with Server Certificates</a> in the <i>IAM User Guide</i> .
--   This topic also includes a list of AWS services that can use the
--   server certificates that you manage with IAM.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListServerCertificates

-- | Creates a value of <a>ListServerCertificates</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lscPathPrefix</a> - The path prefix for filtering the results.
--   For example: <tt><i>company</i>servercerts</tt> would get all server
--   certificates for which the path starts with
--   <tt><i>company</i>servercerts</tt> . This parameter is optional. If it
--   is not included, it defaults to a slash (<i>), listing all server
--   certificates. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>lscMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lscMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listServerCertificates :: ListServerCertificates

-- | <i>See:</i> <a>listServerCertificates</a> smart constructor.
data ListServerCertificates

-- | The path prefix for filtering the results. For example:
--   <tt><i>company</i>servercerts</tt> would get all server certificates
--   for which the path starts with <tt><i>company</i>servercerts</tt> .
--   This parameter is optional. If it is not included, it defaults to a
--   slash (<i>), listing all server certificates. This parameter allows
--   (per its &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex
--   pattern&gt; ) a string of characters consisting of either a forward
--   slash (</i>) by itself or a string that must begin and end with
--   forward slashes. In addition, it can contain any ASCII character from
--   the ! (u0021) through the DEL character (u007F), including most
--   punctuation characters, digits, and upper and lowercased letters.
lscPathPrefix :: Lens' ListServerCertificates (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lscMarker :: Lens' ListServerCertificates (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lscMaxItems :: Lens' ListServerCertificates (Maybe Natural)

-- | Creates a value of <a>ListServerCertificatesResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lscrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lscrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lscrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lscrsServerCertificateMetadataList</a> - A list of server
--   certificates.</li>
--   </ul>
listServerCertificatesResponse :: Int -> ListServerCertificatesResponse

-- | Contains the response to a successful <a>ListServerCertificates</a>
--   request.
--   
--   <i>See:</i> <a>listServerCertificatesResponse</a> smart constructor.
data ListServerCertificatesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lscrsMarker :: Lens' ListServerCertificatesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lscrsIsTruncated :: Lens' ListServerCertificatesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lscrsResponseStatus :: Lens' ListServerCertificatesResponse Int

-- | A list of server certificates.
lscrsServerCertificateMetadataList :: Lens' ListServerCertificatesResponse [ServerCertificateMetadata]
instance GHC.Generics.Generic Network.AWS.IAM.ListServerCertificates.ListServerCertificatesResponse
instance Data.Data.Data Network.AWS.IAM.ListServerCertificates.ListServerCertificatesResponse
instance GHC.Show.Show Network.AWS.IAM.ListServerCertificates.ListServerCertificatesResponse
instance GHC.Read.Read Network.AWS.IAM.ListServerCertificates.ListServerCertificatesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListServerCertificates.ListServerCertificatesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance Data.Data.Data Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance GHC.Show.Show Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance GHC.Read.Read Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance GHC.Classes.Eq Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance Control.DeepSeq.NFData Network.AWS.IAM.ListServerCertificates.ListServerCertificatesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance Control.DeepSeq.NFData Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListServerCertificates.ListServerCertificates
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListServerCertificates.ListServerCertificates


-- | Returns information about the SSH public keys associated with the
--   specified IAM user. If there are none, the operation returns an empty
--   list.
--   
--   The SSH public keys returned by this operation are used only for
--   authenticating the IAM user to an AWS CodeCommit repository. For more
--   information about using SSH keys to authenticate to an AWS CodeCommit
--   repository, see <a>Set up AWS CodeCommit for SSH Connections</a> in
--   the <i>AWS CodeCommit User Guide</i> .
--   
--   Although each user is limited to a small number of keys, you can still
--   paginate the results using the <tt>MaxItems</tt> and <tt>Marker</tt>
--   parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListSSHPublicKeys

-- | Creates a value of <a>ListSSHPublicKeys</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lspkUserName</a> - The name of the IAM user to list SSH public
--   keys for. If none is specified, the <tt>UserName</tt> field is
--   determined implicitly based on the AWS access key used to sign the
--   request. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>lspkMarker</a> - Use this parameter only when paginating
--   results and only after you receive a response indicating that the
--   results are truncated. Set it to the value of the <tt>Marker</tt>
--   element in the response that you received to indicate where the next
--   call should start.</li>
--   <li><a>lspkMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listSSHPublicKeys :: ListSSHPublicKeys

-- | <i>See:</i> <a>listSSHPublicKeys</a> smart constructor.
data ListSSHPublicKeys

-- | The name of the IAM user to list SSH public keys for. If none is
--   specified, the <tt>UserName</tt> field is determined implicitly based
--   on the AWS access key used to sign the request. This parameter allows
--   (per its <a>regex pattern</a> ) a string of characters consisting of
--   upper and lowercase alphanumeric characters with no spaces. You can
--   also include any of the following characters: _+=,.@-
lspkUserName :: Lens' ListSSHPublicKeys (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lspkMarker :: Lens' ListSSHPublicKeys (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lspkMaxItems :: Lens' ListSSHPublicKeys (Maybe Natural)

-- | Creates a value of <a>ListSSHPublicKeysResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lspkrsSSHPublicKeys</a> - A list of the SSH public keys
--   assigned to IAM user.</li>
--   <li><a>lspkrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lspkrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lspkrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listSSHPublicKeysResponse :: Int -> ListSSHPublicKeysResponse

-- | Contains the response to a successful <a>ListSSHPublicKeys</a>
--   request.
--   
--   <i>See:</i> <a>listSSHPublicKeysResponse</a> smart constructor.
data ListSSHPublicKeysResponse

-- | A list of the SSH public keys assigned to IAM user.
lspkrsSSHPublicKeys :: Lens' ListSSHPublicKeysResponse [SSHPublicKeyMetadata]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lspkrsMarker :: Lens' ListSSHPublicKeysResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lspkrsIsTruncated :: Lens' ListSSHPublicKeysResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lspkrsResponseStatus :: Lens' ListSSHPublicKeysResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeysResponse
instance Data.Data.Data Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeysResponse
instance GHC.Show.Show Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeysResponse
instance GHC.Read.Read Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeysResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeysResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance Data.Data.Data Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance GHC.Show.Show Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance GHC.Read.Read Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance GHC.Classes.Eq Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance Control.DeepSeq.NFData Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeysResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance Control.DeepSeq.NFData Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListSSHPublicKeys.ListSSHPublicKeys


-- | Lists the SAML provider resource objects defined in IAM in the
--   account.
module Network.AWS.IAM.ListSAMLProviders

-- | Creates a value of <a>ListSAMLProviders</a> with the minimum fields
--   required to make a request.
listSAMLProviders :: ListSAMLProviders

-- | <i>See:</i> <a>listSAMLProviders</a> smart constructor.
data ListSAMLProviders

-- | Creates a value of <a>ListSAMLProvidersResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lsamlprsSAMLProviderList</a> - The list of SAML provider
--   resource objects defined in IAM for this AWS account.</li>
--   <li><a>lsamlprsResponseStatus</a> - -- | The response status
--   code.</li>
--   </ul>
listSAMLProvidersResponse :: Int -> ListSAMLProvidersResponse

-- | Contains the response to a successful <a>ListSAMLProviders</a>
--   request.
--   
--   <i>See:</i> <a>listSAMLProvidersResponse</a> smart constructor.
data ListSAMLProvidersResponse

-- | The list of SAML provider resource objects defined in IAM for this AWS
--   account.
lsamlprsSAMLProviderList :: Lens' ListSAMLProvidersResponse [SAMLProviderListEntry]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lsamlprsResponseStatus :: Lens' ListSAMLProvidersResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ListSAMLProviders.ListSAMLProvidersResponse
instance Data.Data.Data Network.AWS.IAM.ListSAMLProviders.ListSAMLProvidersResponse
instance GHC.Show.Show Network.AWS.IAM.ListSAMLProviders.ListSAMLProvidersResponse
instance GHC.Read.Read Network.AWS.IAM.ListSAMLProviders.ListSAMLProvidersResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListSAMLProviders.ListSAMLProvidersResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders
instance Data.Data.Data Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders
instance GHC.Show.Show Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders
instance GHC.Read.Read Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders
instance GHC.Classes.Eq Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders
instance Control.DeepSeq.NFData Network.AWS.IAM.ListSAMLProviders.ListSAMLProvidersResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders
instance Control.DeepSeq.NFData Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListSAMLProviders.ListSAMLProviders


-- | Lists the IAM roles that have the specified path prefix. If there are
--   none, the operation returns an empty list. For more information about
--   roles, go to <a>Working with Roles</a> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListRoles

-- | Creates a value of <a>ListRoles</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lrPathPrefix</a> - The path prefix for filtering the results.
--   For example, the prefix <tt><i>application_abc</i>component_xyz/</tt>
--   gets all roles whose path starts with
--   <tt><i>application_abc</i>component_xyz/</tt> . This parameter is
--   optional. If it is not included, it defaults to a slash (<i>), listing
--   all roles. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>lrMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lrMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listRoles :: ListRoles

-- | <i>See:</i> <a>listRoles</a> smart constructor.
data ListRoles

-- | The path prefix for filtering the results. For example, the prefix
--   <tt><i>application_abc</i>component_xyz/</tt> gets all roles whose
--   path starts with <tt><i>application_abc</i>component_xyz/</tt> . This
--   parameter is optional. If it is not included, it defaults to a slash
--   (<i>), listing all roles. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
lrPathPrefix :: Lens' ListRoles (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lrMarker :: Lens' ListRoles (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lrMaxItems :: Lens' ListRoles (Maybe Natural)

-- | Creates a value of <a>ListRolesResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lrrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lrrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lrrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lrrsRoles</a> - A list of roles.</li>
--   </ul>
listRolesResponse :: Int -> ListRolesResponse

-- | Contains the response to a successful <a>ListRoles</a> request.
--   
--   <i>See:</i> <a>listRolesResponse</a> smart constructor.
data ListRolesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lrrsMarker :: Lens' ListRolesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lrrsIsTruncated :: Lens' ListRolesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lrrsResponseStatus :: Lens' ListRolesResponse Int

-- | A list of roles.
lrrsRoles :: Lens' ListRolesResponse [Role]
instance GHC.Generics.Generic Network.AWS.IAM.ListRoles.ListRolesResponse
instance Data.Data.Data Network.AWS.IAM.ListRoles.ListRolesResponse
instance GHC.Show.Show Network.AWS.IAM.ListRoles.ListRolesResponse
instance GHC.Read.Read Network.AWS.IAM.ListRoles.ListRolesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListRoles.ListRolesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListRoles.ListRoles
instance Data.Data.Data Network.AWS.IAM.ListRoles.ListRoles
instance GHC.Show.Show Network.AWS.IAM.ListRoles.ListRoles
instance GHC.Read.Read Network.AWS.IAM.ListRoles.ListRoles
instance GHC.Classes.Eq Network.AWS.IAM.ListRoles.ListRoles
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListRoles.ListRoles
instance Control.DeepSeq.NFData Network.AWS.IAM.ListRoles.ListRolesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListRoles.ListRoles
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListRoles.ListRoles
instance Control.DeepSeq.NFData Network.AWS.IAM.ListRoles.ListRoles
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListRoles.ListRoles
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListRoles.ListRoles
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListRoles.ListRoles


-- | Lists the names of the inline policies that are embedded in the
--   specified IAM role.
--   
--   An IAM role can also have managed policies attached to it. To list the
--   managed policies that are attached to a role, use
--   <tt>ListAttachedRolePolicies</tt> . For more information about
--   policies, see <a>Managed Policies and Inline Policies</a> in the
--   <i>IAM User Guide</i> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters. If there are no inline policies embedded
--   with the specified role, the operation returns an empty list.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListRolePolicies

-- | Creates a value of <a>ListRolePolicies</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lrpMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lrpMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>lrpRoleName</a> - The name of the role to list policies for.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
listRolePolicies :: Text -> ListRolePolicies

-- | <i>See:</i> <a>listRolePolicies</a> smart constructor.
data ListRolePolicies

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lrpMarker :: Lens' ListRolePolicies (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lrpMaxItems :: Lens' ListRolePolicies (Maybe Natural)

-- | The name of the role to list policies for. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-
lrpRoleName :: Lens' ListRolePolicies Text

-- | Creates a value of <a>ListRolePoliciesResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lrprsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lrprsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lrprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lrprsPolicyNames</a> - A list of policy names.</li>
--   </ul>
listRolePoliciesResponse :: Int -> ListRolePoliciesResponse

-- | Contains the response to a successful <a>ListRolePolicies</a> request.
--   
--   <i>See:</i> <a>listRolePoliciesResponse</a> smart constructor.
data ListRolePoliciesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lrprsMarker :: Lens' ListRolePoliciesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lrprsIsTruncated :: Lens' ListRolePoliciesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lrprsResponseStatus :: Lens' ListRolePoliciesResponse Int

-- | A list of policy names.
lrprsPolicyNames :: Lens' ListRolePoliciesResponse [Text]
instance GHC.Generics.Generic Network.AWS.IAM.ListRolePolicies.ListRolePoliciesResponse
instance Data.Data.Data Network.AWS.IAM.ListRolePolicies.ListRolePoliciesResponse
instance GHC.Show.Show Network.AWS.IAM.ListRolePolicies.ListRolePoliciesResponse
instance GHC.Read.Read Network.AWS.IAM.ListRolePolicies.ListRolePoliciesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListRolePolicies.ListRolePoliciesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance Data.Data.Data Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance GHC.Show.Show Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance GHC.Read.Read Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance GHC.Classes.Eq Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListRolePolicies.ListRolePoliciesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListRolePolicies.ListRolePolicies
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListRolePolicies.ListRolePolicies


-- | Lists information about the versions of the specified managed policy,
--   including the version that is currently set as the policy's default
--   version.
--   
--   For more information about managed policies, see <a>Managed Policies
--   and Inline Policies</a> in the <i>IAM User Guide</i> .
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListPolicyVersions

-- | Creates a value of <a>ListPolicyVersions</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lpvMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lpvMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>lpvPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy for which you want the versions. For more information about
--   ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   </ul>
listPolicyVersions :: Text -> ListPolicyVersions

-- | <i>See:</i> <a>listPolicyVersions</a> smart constructor.
data ListPolicyVersions

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lpvMarker :: Lens' ListPolicyVersions (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lpvMaxItems :: Lens' ListPolicyVersions (Maybe Natural)

-- | The Amazon Resource Name (ARN) of the IAM policy for which you want
--   the versions. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .
lpvPolicyARN :: Lens' ListPolicyVersions Text

-- | Creates a value of <a>ListPolicyVersionsResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lpvrsVersions</a> - A list of policy versions. For more
--   information about managed policy versions, see <a>Versioning for
--   Managed Policies</a> in the <i>IAM User Guide</i> .</li>
--   <li><a>lpvrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lpvrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lpvrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listPolicyVersionsResponse :: Int -> ListPolicyVersionsResponse

-- | Contains the response to a successful <a>ListPolicyVersions</a>
--   request.
--   
--   <i>See:</i> <a>listPolicyVersionsResponse</a> smart constructor.
data ListPolicyVersionsResponse

-- | A list of policy versions. For more information about managed policy
--   versions, see <a>Versioning for Managed Policies</a> in the <i>IAM
--   User Guide</i> .
lpvrsVersions :: Lens' ListPolicyVersionsResponse [PolicyVersion]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lpvrsMarker :: Lens' ListPolicyVersionsResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lpvrsIsTruncated :: Lens' ListPolicyVersionsResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lpvrsResponseStatus :: Lens' ListPolicyVersionsResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ListPolicyVersions.ListPolicyVersionsResponse
instance Data.Data.Data Network.AWS.IAM.ListPolicyVersions.ListPolicyVersionsResponse
instance GHC.Show.Show Network.AWS.IAM.ListPolicyVersions.ListPolicyVersionsResponse
instance GHC.Read.Read Network.AWS.IAM.ListPolicyVersions.ListPolicyVersionsResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListPolicyVersions.ListPolicyVersionsResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance Data.Data.Data Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance GHC.Show.Show Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance GHC.Read.Read Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance GHC.Classes.Eq Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance Control.DeepSeq.NFData Network.AWS.IAM.ListPolicyVersions.ListPolicyVersionsResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance Control.DeepSeq.NFData Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListPolicyVersions.ListPolicyVersions


-- | Lists all the managed policies that are available in your AWS account,
--   including your own customer-defined managed policies and all AWS
--   managed policies.
--   
--   You can filter the list of policies that is returned using the
--   optional <tt>OnlyAttached</tt> , <tt>Scope</tt> , and
--   <tt>PathPrefix</tt> parameters. For example, to list only the customer
--   managed policies in your AWS account, set <tt>Scope</tt> to
--   <tt>Local</tt> . To list only AWS managed policies, set <tt>Scope</tt>
--   to <tt>AWS</tt> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   For more information about managed policies, see <a>Managed Policies
--   and Inline Policies</a> in the <i>IAM User Guide</i> .
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListPolicies

-- | Creates a value of <a>ListPolicies</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lpPathPrefix</a> - The path prefix for filtering the results.
--   This parameter is optional. If it is not included, it defaults to a
--   slash (<i>), listing all policies. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>lpOnlyAttached</a> - A flag to filter the results to only the
--   attached policies. When <tt>OnlyAttached</tt> is <tt>true</tt> , the
--   returned list contains only the policies that are attached to an IAM
--   user, group, or role. When <tt>OnlyAttached</tt> is <tt>false</tt> ,
--   or when the parameter is not included, all policies are returned.</li>
--   <li><a>lpMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lpScope</a> - The scope to use for filtering the results. To
--   list only AWS managed policies, set <tt>Scope</tt> to <tt>AWS</tt> .
--   To list only the customer managed policies in your AWS account, set
--   <tt>Scope</tt> to <tt>Local</tt> . This parameter is optional. If it
--   is not included, or if it is set to <tt>All</tt> , all policies are
--   returned.</li>
--   <li><a>lpMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listPolicies :: ListPolicies

-- | <i>See:</i> <a>listPolicies</a> smart constructor.
data ListPolicies

-- | The path prefix for filtering the results. This parameter is optional.
--   If it is not included, it defaults to a slash (<i>), listing all
--   policies. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
lpPathPrefix :: Lens' ListPolicies (Maybe Text)

-- | A flag to filter the results to only the attached policies. When
--   <tt>OnlyAttached</tt> is <tt>true</tt> , the returned list contains
--   only the policies that are attached to an IAM user, group, or role.
--   When <tt>OnlyAttached</tt> is <tt>false</tt> , or when the parameter
--   is not included, all policies are returned.
lpOnlyAttached :: Lens' ListPolicies (Maybe Bool)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lpMarker :: Lens' ListPolicies (Maybe Text)

-- | The scope to use for filtering the results. To list only AWS managed
--   policies, set <tt>Scope</tt> to <tt>AWS</tt> . To list only the
--   customer managed policies in your AWS account, set <tt>Scope</tt> to
--   <tt>Local</tt> . This parameter is optional. If it is not included, or
--   if it is set to <tt>All</tt> , all policies are returned.
lpScope :: Lens' ListPolicies (Maybe PolicyScopeType)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lpMaxItems :: Lens' ListPolicies (Maybe Natural)

-- | Creates a value of <a>ListPoliciesResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lprsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lprsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lprsPolicies</a> - A list of policies.</li>
--   <li><a>lprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listPoliciesResponse :: Int -> ListPoliciesResponse

-- | Contains the response to a successful <a>ListPolicies</a> request.
--   
--   <i>See:</i> <a>listPoliciesResponse</a> smart constructor.
data ListPoliciesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lprsMarker :: Lens' ListPoliciesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lprsIsTruncated :: Lens' ListPoliciesResponse (Maybe Bool)

-- | A list of policies.
lprsPolicies :: Lens' ListPoliciesResponse [Policy]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lprsResponseStatus :: Lens' ListPoliciesResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ListPolicies.ListPoliciesResponse
instance Data.Data.Data Network.AWS.IAM.ListPolicies.ListPoliciesResponse
instance GHC.Show.Show Network.AWS.IAM.ListPolicies.ListPoliciesResponse
instance GHC.Read.Read Network.AWS.IAM.ListPolicies.ListPoliciesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListPolicies.ListPoliciesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListPolicies.ListPolicies
instance Data.Data.Data Network.AWS.IAM.ListPolicies.ListPolicies
instance GHC.Show.Show Network.AWS.IAM.ListPolicies.ListPolicies
instance GHC.Read.Read Network.AWS.IAM.ListPolicies.ListPolicies
instance GHC.Classes.Eq Network.AWS.IAM.ListPolicies.ListPolicies
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListPolicies.ListPolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListPolicies.ListPoliciesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListPolicies.ListPolicies
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListPolicies.ListPolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListPolicies.ListPolicies
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListPolicies.ListPolicies
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListPolicies.ListPolicies
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListPolicies.ListPolicies


-- | Lists information about the IAM OpenID Connect (OIDC) provider
--   resource objects defined in the AWS account.
module Network.AWS.IAM.ListOpenIdConnectProviders

-- | Creates a value of <a>ListOpenIdConnectProviders</a> with the minimum
--   fields required to make a request.
listOpenIdConnectProviders :: ListOpenIdConnectProviders

-- | <i>See:</i> <a>listOpenIdConnectProviders</a> smart constructor.
data ListOpenIdConnectProviders

-- | Creates a value of <a>ListOpenIdConnectProvidersResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>loicprsOpenIdConnectProviderList</a> - The list of IAM OIDC
--   provider resource objects defined in the AWS account.</li>
--   <li><a>loicprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listOpenIdConnectProvidersResponse :: Int -> ListOpenIdConnectProvidersResponse

-- | Contains the response to a successful
--   <tt>ListOpenIDConnectProviders</tt> request.
--   
--   <i>See:</i> <a>listOpenIdConnectProvidersResponse</a> smart
--   constructor.
data ListOpenIdConnectProvidersResponse

-- | The list of IAM OIDC provider resource objects defined in the AWS
--   account.
loicprsOpenIdConnectProviderList :: Lens' ListOpenIdConnectProvidersResponse [OpenIdConnectProviderListEntry]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
loicprsResponseStatus :: Lens' ListOpenIdConnectProvidersResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProvidersResponse
instance Data.Data.Data Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProvidersResponse
instance GHC.Show.Show Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProvidersResponse
instance GHC.Read.Read Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProvidersResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProvidersResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders
instance Data.Data.Data Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders
instance GHC.Show.Show Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders
instance GHC.Read.Read Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders
instance GHC.Classes.Eq Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders
instance Control.DeepSeq.NFData Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProvidersResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders
instance Control.DeepSeq.NFData Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListOpenIdConnectProviders.ListOpenIdConnectProviders


-- | Lists the MFA devices for an IAM user. If the request includes a IAM
--   user name, then this operation lists all the MFA devices associated
--   with the specified user. If you do not specify a user name, IAM
--   determines the user name implicitly based on the AWS access key ID
--   signing the request for this API.
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListMFADevices

-- | Creates a value of <a>ListMFADevices</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lmdUserName</a> - The name of the user whose MFA devices you
--   want to list. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>lmdMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lmdMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listMFADevices :: ListMFADevices

-- | <i>See:</i> <a>listMFADevices</a> smart constructor.
data ListMFADevices

-- | The name of the user whose MFA devices you want to list. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
lmdUserName :: Lens' ListMFADevices (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lmdMarker :: Lens' ListMFADevices (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lmdMaxItems :: Lens' ListMFADevices (Maybe Natural)

-- | Creates a value of <a>ListMFADevicesResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lmdrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lmdrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lmdrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lmdrsMFADevices</a> - A list of MFA devices.</li>
--   </ul>
listMFADevicesResponse :: Int -> ListMFADevicesResponse

-- | Contains the response to a successful <a>ListMFADevices</a> request.
--   
--   <i>See:</i> <a>listMFADevicesResponse</a> smart constructor.
data ListMFADevicesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lmdrsMarker :: Lens' ListMFADevicesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lmdrsIsTruncated :: Lens' ListMFADevicesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lmdrsResponseStatus :: Lens' ListMFADevicesResponse Int

-- | A list of MFA devices.
lmdrsMFADevices :: Lens' ListMFADevicesResponse [MFADevice]
instance GHC.Generics.Generic Network.AWS.IAM.ListMFADevices.ListMFADevicesResponse
instance Data.Data.Data Network.AWS.IAM.ListMFADevices.ListMFADevicesResponse
instance GHC.Show.Show Network.AWS.IAM.ListMFADevices.ListMFADevicesResponse
instance GHC.Read.Read Network.AWS.IAM.ListMFADevices.ListMFADevicesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListMFADevices.ListMFADevicesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListMFADevices.ListMFADevices
instance Data.Data.Data Network.AWS.IAM.ListMFADevices.ListMFADevices
instance GHC.Show.Show Network.AWS.IAM.ListMFADevices.ListMFADevices
instance GHC.Read.Read Network.AWS.IAM.ListMFADevices.ListMFADevices
instance GHC.Classes.Eq Network.AWS.IAM.ListMFADevices.ListMFADevices
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListMFADevices.ListMFADevices
instance Control.DeepSeq.NFData Network.AWS.IAM.ListMFADevices.ListMFADevicesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListMFADevices.ListMFADevices
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListMFADevices.ListMFADevices
instance Control.DeepSeq.NFData Network.AWS.IAM.ListMFADevices.ListMFADevices
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListMFADevices.ListMFADevices
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListMFADevices.ListMFADevices
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListMFADevices.ListMFADevices


-- | Lists the instance profiles that have the specified associated IAM
--   role. If there are none, the operation returns an empty list. For more
--   information about instance profiles, go to <a>About Instance
--   Profiles</a> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListInstanceProfilesForRole

-- | Creates a value of <a>ListInstanceProfilesForRole</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lipfrMarker</a> - Use this parameter only when paginating
--   results and only after you receive a response indicating that the
--   results are truncated. Set it to the value of the <tt>Marker</tt>
--   element in the response that you received to indicate where the next
--   call should start.</li>
--   <li><a>lipfrMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>lipfrRoleName</a> - The name of the role to list instance
--   profiles for. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   </ul>
listInstanceProfilesForRole :: Text -> ListInstanceProfilesForRole

-- | <i>See:</i> <a>listInstanceProfilesForRole</a> smart constructor.
data ListInstanceProfilesForRole

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lipfrMarker :: Lens' ListInstanceProfilesForRole (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lipfrMaxItems :: Lens' ListInstanceProfilesForRole (Maybe Natural)

-- | The name of the role to list instance profiles for. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
lipfrRoleName :: Lens' ListInstanceProfilesForRole Text

-- | Creates a value of <a>ListInstanceProfilesForRoleResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lipfrrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt>
--   , this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lipfrrsIsTruncated</a> - A flag that indicates whether there
--   are more items to return. If your results were truncated, you can make
--   a subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lipfrrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lipfrrsInstanceProfiles</a> - A list of instance profiles.</li>
--   </ul>
listInstanceProfilesForRoleResponse :: Int -> ListInstanceProfilesForRoleResponse

-- | Contains the response to a successful
--   <a>ListInstanceProfilesForRole</a> request.
--   
--   <i>See:</i> <a>listInstanceProfilesForRoleResponse</a> smart
--   constructor.
data ListInstanceProfilesForRoleResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lipfrrsMarker :: Lens' ListInstanceProfilesForRoleResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lipfrrsIsTruncated :: Lens' ListInstanceProfilesForRoleResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lipfrrsResponseStatus :: Lens' ListInstanceProfilesForRoleResponse Int

-- | A list of instance profiles.
lipfrrsInstanceProfiles :: Lens' ListInstanceProfilesForRoleResponse [InstanceProfile]
instance GHC.Generics.Generic Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRoleResponse
instance Data.Data.Data Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRoleResponse
instance GHC.Show.Show Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRoleResponse
instance GHC.Read.Read Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRoleResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRoleResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance Data.Data.Data Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance GHC.Show.Show Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance GHC.Read.Read Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance GHC.Classes.Eq Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance Control.DeepSeq.NFData Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRoleResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance Control.DeepSeq.NFData Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListInstanceProfilesForRole.ListInstanceProfilesForRole


-- | Lists the instance profiles that have the specified path prefix. If
--   there are none, the operation returns an empty list. For more
--   information about instance profiles, go to <a>About Instance
--   Profiles</a> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListInstanceProfiles

-- | Creates a value of <a>ListInstanceProfiles</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lipPathPrefix</a> - The path prefix for filtering the results.
--   For example, the prefix <tt><i>application_abc</i>component_xyz/</tt>
--   gets all instance profiles whose path starts with
--   <tt><i>application_abc</i>component_xyz/</tt> . This parameter is
--   optional. If it is not included, it defaults to a slash (<i>), listing
--   all instance profiles. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>lipMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lipMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listInstanceProfiles :: ListInstanceProfiles

-- | <i>See:</i> <a>listInstanceProfiles</a> smart constructor.
data ListInstanceProfiles

-- | The path prefix for filtering the results. For example, the prefix
--   <tt><i>application_abc</i>component_xyz/</tt> gets all instance
--   profiles whose path starts with
--   <tt><i>application_abc</i>component_xyz/</tt> . This parameter is
--   optional. If it is not included, it defaults to a slash (<i>), listing
--   all instance profiles. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
lipPathPrefix :: Lens' ListInstanceProfiles (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lipMarker :: Lens' ListInstanceProfiles (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lipMaxItems :: Lens' ListInstanceProfiles (Maybe Natural)

-- | Creates a value of <a>ListInstanceProfilesResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>liprsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>liprsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>liprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>liprsInstanceProfiles</a> - A list of instance profiles.</li>
--   </ul>
listInstanceProfilesResponse :: Int -> ListInstanceProfilesResponse

-- | Contains the response to a successful <a>ListInstanceProfiles</a>
--   request.
--   
--   <i>See:</i> <a>listInstanceProfilesResponse</a> smart constructor.
data ListInstanceProfilesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
liprsMarker :: Lens' ListInstanceProfilesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
liprsIsTruncated :: Lens' ListInstanceProfilesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
liprsResponseStatus :: Lens' ListInstanceProfilesResponse Int

-- | A list of instance profiles.
liprsInstanceProfiles :: Lens' ListInstanceProfilesResponse [InstanceProfile]
instance GHC.Generics.Generic Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfilesResponse
instance Data.Data.Data Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfilesResponse
instance GHC.Show.Show Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfilesResponse
instance GHC.Read.Read Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfilesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfilesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance Data.Data.Data Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance GHC.Show.Show Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance GHC.Read.Read Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance GHC.Classes.Eq Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance Control.DeepSeq.NFData Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfilesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance Control.DeepSeq.NFData Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListInstanceProfiles.ListInstanceProfiles


-- | Lists the IAM groups that the specified IAM user belongs to.
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListGroupsForUser

-- | Creates a value of <a>ListGroupsForUser</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lgfuMarker</a> - Use this parameter only when paginating
--   results and only after you receive a response indicating that the
--   results are truncated. Set it to the value of the <tt>Marker</tt>
--   element in the response that you received to indicate where the next
--   call should start.</li>
--   <li><a>lgfuMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>lgfuUserName</a> - The name of the user to list groups for.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
listGroupsForUser :: Text -> ListGroupsForUser

-- | <i>See:</i> <a>listGroupsForUser</a> smart constructor.
data ListGroupsForUser

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lgfuMarker :: Lens' ListGroupsForUser (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lgfuMaxItems :: Lens' ListGroupsForUser (Maybe Natural)

-- | The name of the user to list groups for. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-
lgfuUserName :: Lens' ListGroupsForUser Text

-- | Creates a value of <a>ListGroupsForUserResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lgfursMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lgfursIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lgfursResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lgfursGroups</a> - A list of groups.</li>
--   </ul>
listGroupsForUserResponse :: Int -> ListGroupsForUserResponse

-- | Contains the response to a successful <a>ListGroupsForUser</a>
--   request.
--   
--   <i>See:</i> <a>listGroupsForUserResponse</a> smart constructor.
data ListGroupsForUserResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lgfursMarker :: Lens' ListGroupsForUserResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lgfursIsTruncated :: Lens' ListGroupsForUserResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lgfursResponseStatus :: Lens' ListGroupsForUserResponse Int

-- | A list of groups.
lgfursGroups :: Lens' ListGroupsForUserResponse [Group]
instance GHC.Generics.Generic Network.AWS.IAM.ListGroupsForUser.ListGroupsForUserResponse
instance Data.Data.Data Network.AWS.IAM.ListGroupsForUser.ListGroupsForUserResponse
instance GHC.Show.Show Network.AWS.IAM.ListGroupsForUser.ListGroupsForUserResponse
instance GHC.Read.Read Network.AWS.IAM.ListGroupsForUser.ListGroupsForUserResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListGroupsForUser.ListGroupsForUserResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance Data.Data.Data Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance GHC.Show.Show Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance GHC.Read.Read Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance GHC.Classes.Eq Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance Control.DeepSeq.NFData Network.AWS.IAM.ListGroupsForUser.ListGroupsForUserResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance Control.DeepSeq.NFData Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListGroupsForUser.ListGroupsForUser


-- | Lists the IAM groups that have the specified path prefix.
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListGroups

-- | Creates a value of <a>ListGroups</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lgPathPrefix</a> - The path prefix for filtering the results.
--   For example, the prefix <tt><i>division_abc</i>subdivision_xyz/</tt>
--   gets all groups whose path starts with
--   <tt><i>division_abc</i>subdivision_xyz/</tt> . This parameter is
--   optional. If it is not included, it defaults to a slash (<i>), listing
--   all groups. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>lgMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lgMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listGroups :: ListGroups

-- | <i>See:</i> <a>listGroups</a> smart constructor.
data ListGroups

-- | The path prefix for filtering the results. For example, the prefix
--   <tt><i>division_abc</i>subdivision_xyz/</tt> gets all groups whose
--   path starts with <tt><i>division_abc</i>subdivision_xyz/</tt> . This
--   parameter is optional. If it is not included, it defaults to a slash
--   (<i>), listing all groups. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
lgPathPrefix :: Lens' ListGroups (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lgMarker :: Lens' ListGroups (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lgMaxItems :: Lens' ListGroups (Maybe Natural)

-- | Creates a value of <a>ListGroupsResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lgrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lgrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lgrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lgrsGroups</a> - A list of groups.</li>
--   </ul>
listGroupsResponse :: Int -> ListGroupsResponse

-- | Contains the response to a successful <a>ListGroups</a> request.
--   
--   <i>See:</i> <a>listGroupsResponse</a> smart constructor.
data ListGroupsResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lgrsMarker :: Lens' ListGroupsResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lgrsIsTruncated :: Lens' ListGroupsResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lgrsResponseStatus :: Lens' ListGroupsResponse Int

-- | A list of groups.
lgrsGroups :: Lens' ListGroupsResponse [Group]
instance GHC.Generics.Generic Network.AWS.IAM.ListGroups.ListGroupsResponse
instance Data.Data.Data Network.AWS.IAM.ListGroups.ListGroupsResponse
instance GHC.Show.Show Network.AWS.IAM.ListGroups.ListGroupsResponse
instance GHC.Read.Read Network.AWS.IAM.ListGroups.ListGroupsResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListGroups.ListGroupsResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListGroups.ListGroups
instance Data.Data.Data Network.AWS.IAM.ListGroups.ListGroups
instance GHC.Show.Show Network.AWS.IAM.ListGroups.ListGroups
instance GHC.Read.Read Network.AWS.IAM.ListGroups.ListGroups
instance GHC.Classes.Eq Network.AWS.IAM.ListGroups.ListGroups
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListGroups.ListGroups
instance Control.DeepSeq.NFData Network.AWS.IAM.ListGroups.ListGroupsResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListGroups.ListGroups
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListGroups.ListGroups
instance Control.DeepSeq.NFData Network.AWS.IAM.ListGroups.ListGroups
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListGroups.ListGroups
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListGroups.ListGroups
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListGroups.ListGroups


-- | Lists the names of the inline policies that are embedded in the
--   specified IAM group.
--   
--   An IAM group can also have managed policies attached to it. To list
--   the managed policies that are attached to a group, use
--   <tt>ListAttachedGroupPolicies</tt> . For more information about
--   policies, see <a>Managed Policies and Inline Policies</a> in the
--   <i>IAM User Guide</i> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters. If there are no inline policies embedded
--   with the specified group, the operation returns an empty list.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListGroupPolicies

-- | Creates a value of <a>ListGroupPolicies</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lgpMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lgpMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>lgpGroupName</a> - The name of the group to list policies for.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
listGroupPolicies :: Text -> ListGroupPolicies

-- | <i>See:</i> <a>listGroupPolicies</a> smart constructor.
data ListGroupPolicies

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lgpMarker :: Lens' ListGroupPolicies (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lgpMaxItems :: Lens' ListGroupPolicies (Maybe Natural)

-- | The name of the group to list policies for. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-
lgpGroupName :: Lens' ListGroupPolicies Text

-- | Creates a value of <a>ListGroupPoliciesResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lgprsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lgprsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lgprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lgprsPolicyNames</a> - A list of policy names. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
listGroupPoliciesResponse :: Int -> ListGroupPoliciesResponse

-- | Contains the response to a successful <a>ListGroupPolicies</a>
--   request.
--   
--   <i>See:</i> <a>listGroupPoliciesResponse</a> smart constructor.
data ListGroupPoliciesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lgprsMarker :: Lens' ListGroupPoliciesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lgprsIsTruncated :: Lens' ListGroupPoliciesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lgprsResponseStatus :: Lens' ListGroupPoliciesResponse Int

-- | A list of policy names. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-
lgprsPolicyNames :: Lens' ListGroupPoliciesResponse [Text]
instance GHC.Generics.Generic Network.AWS.IAM.ListGroupPolicies.ListGroupPoliciesResponse
instance Data.Data.Data Network.AWS.IAM.ListGroupPolicies.ListGroupPoliciesResponse
instance GHC.Show.Show Network.AWS.IAM.ListGroupPolicies.ListGroupPoliciesResponse
instance GHC.Read.Read Network.AWS.IAM.ListGroupPolicies.ListGroupPoliciesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListGroupPolicies.ListGroupPoliciesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance Data.Data.Data Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance GHC.Show.Show Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance GHC.Read.Read Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance GHC.Classes.Eq Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListGroupPolicies.ListGroupPoliciesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListGroupPolicies.ListGroupPolicies


-- | Lists all IAM users, groups, and roles that the specified managed
--   policy is attached to.
--   
--   You can use the optional <tt>EntityFilter</tt> parameter to limit the
--   results to a particular type of entity (users, groups, or roles). For
--   example, to list only the roles that are attached to the specified
--   policy, set <tt>EntityFilter</tt> to <tt>Role</tt> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListEntitiesForPolicy

-- | Creates a value of <a>ListEntitiesForPolicy</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lefpPathPrefix</a> - The path prefix for filtering the results.
--   This parameter is optional. If it is not included, it defaults to a
--   slash (<i>), listing all entities. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>lefpEntityFilter</a> - The entity type to use for filtering the
--   results. For example, when <tt>EntityFilter</tt> is <tt>Role</tt> ,
--   only the roles that are attached to the specified policy are returned.
--   This parameter is optional. If it is not included, all attached
--   entities (users, groups, and roles) are returned. The argument for
--   this parameter must be one of the valid values listed below.</li>
--   <li><a>lefpMarker</a> - Use this parameter only when paginating
--   results and only after you receive a response indicating that the
--   results are truncated. Set it to the value of the <tt>Marker</tt>
--   element in the response that you received to indicate where the next
--   call should start.</li>
--   <li><a>lefpMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>lefpPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy for which you want the versions. For more information about
--   ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   </ul>
listEntitiesForPolicy :: Text -> ListEntitiesForPolicy

-- | <i>See:</i> <a>listEntitiesForPolicy</a> smart constructor.
data ListEntitiesForPolicy

-- | The path prefix for filtering the results. This parameter is optional.
--   If it is not included, it defaults to a slash (<i>), listing all
--   entities. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
lefpPathPrefix :: Lens' ListEntitiesForPolicy (Maybe Text)

-- | The entity type to use for filtering the results. For example, when
--   <tt>EntityFilter</tt> is <tt>Role</tt> , only the roles that are
--   attached to the specified policy are returned. This parameter is
--   optional. If it is not included, all attached entities (users, groups,
--   and roles) are returned. The argument for this parameter must be one
--   of the valid values listed below.
lefpEntityFilter :: Lens' ListEntitiesForPolicy (Maybe EntityType)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lefpMarker :: Lens' ListEntitiesForPolicy (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lefpMaxItems :: Lens' ListEntitiesForPolicy (Maybe Natural)

-- | The Amazon Resource Name (ARN) of the IAM policy for which you want
--   the versions. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .
lefpPolicyARN :: Lens' ListEntitiesForPolicy Text

-- | Creates a value of <a>ListEntitiesForPolicyResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lefprsPolicyGroups</a> - A list of IAM groups that the policy
--   is attached to.</li>
--   <li><a>lefprsPolicyRoles</a> - A list of IAM roles that the policy is
--   attached to.</li>
--   <li><a>lefprsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lefprsPolicyUsers</a> - A list of IAM users that the policy is
--   attached to.</li>
--   <li><a>lefprsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lefprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listEntitiesForPolicyResponse :: Int -> ListEntitiesForPolicyResponse

-- | Contains the response to a successful <a>ListEntitiesForPolicy</a>
--   request.
--   
--   <i>See:</i> <a>listEntitiesForPolicyResponse</a> smart constructor.
data ListEntitiesForPolicyResponse

-- | A list of IAM groups that the policy is attached to.
lefprsPolicyGroups :: Lens' ListEntitiesForPolicyResponse [PolicyGroup]

-- | A list of IAM roles that the policy is attached to.
lefprsPolicyRoles :: Lens' ListEntitiesForPolicyResponse [PolicyRole]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lefprsMarker :: Lens' ListEntitiesForPolicyResponse (Maybe Text)

-- | A list of IAM users that the policy is attached to.
lefprsPolicyUsers :: Lens' ListEntitiesForPolicyResponse [PolicyUser]

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lefprsIsTruncated :: Lens' ListEntitiesForPolicyResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lefprsResponseStatus :: Lens' ListEntitiesForPolicyResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicyResponse
instance Data.Data.Data Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance Data.Data.Data Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance GHC.Show.Show Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance GHC.Read.Read Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance GHC.Classes.Eq Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicyResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListEntitiesForPolicy.ListEntitiesForPolicy


-- | Lists all managed policies that are attached to the specified IAM
--   user.
--   
--   An IAM user can also have inline policies embedded with it. To list
--   the inline policies for a user, use the <tt>ListUserPolicies</tt> API.
--   For information about policies, see <a>Managed Policies and Inline
--   Policies</a> in the <i>IAM User Guide</i> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters. You can use the <tt>PathPrefix</tt>
--   parameter to limit the list of policies to only those matching the
--   specified path prefix. If there are no policies attached to the
--   specified group (or none that match the specified path prefix), the
--   operation returns an empty list.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListAttachedUserPolicies

-- | Creates a value of <a>ListAttachedUserPolicies</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>laupPathPrefix</a> - The path prefix for filtering the results.
--   This parameter is optional. If it is not included, it defaults to a
--   slash (<i>), listing all policies. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>laupMarker</a> - Use this parameter only when paginating
--   results and only after you receive a response indicating that the
--   results are truncated. Set it to the value of the <tt>Marker</tt>
--   element in the response that you received to indicate where the next
--   call should start.</li>
--   <li><a>laupMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>laupUserName</a> - The name (friendly name, not ARN) of the
--   user to list attached policies for. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   </ul>
listAttachedUserPolicies :: Text -> ListAttachedUserPolicies

-- | <i>See:</i> <a>listAttachedUserPolicies</a> smart constructor.
data ListAttachedUserPolicies

-- | The path prefix for filtering the results. This parameter is optional.
--   If it is not included, it defaults to a slash (<i>), listing all
--   policies. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
laupPathPrefix :: Lens' ListAttachedUserPolicies (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
laupMarker :: Lens' ListAttachedUserPolicies (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
laupMaxItems :: Lens' ListAttachedUserPolicies (Maybe Natural)

-- | The name (friendly name, not ARN) of the user to list attached
--   policies for. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
laupUserName :: Lens' ListAttachedUserPolicies Text

-- | Creates a value of <a>ListAttachedUserPoliciesResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lauprsAttachedPolicies</a> - A list of the attached
--   policies.</li>
--   <li><a>lauprsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lauprsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lauprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listAttachedUserPoliciesResponse :: Int -> ListAttachedUserPoliciesResponse

-- | Contains the response to a successful <a>ListAttachedUserPolicies</a>
--   request.
--   
--   <i>See:</i> <a>listAttachedUserPoliciesResponse</a> smart constructor.
data ListAttachedUserPoliciesResponse

-- | A list of the attached policies.
lauprsAttachedPolicies :: Lens' ListAttachedUserPoliciesResponse [AttachedPolicy]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lauprsMarker :: Lens' ListAttachedUserPoliciesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lauprsIsTruncated :: Lens' ListAttachedUserPoliciesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lauprsResponseStatus :: Lens' ListAttachedUserPoliciesResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPoliciesResponse
instance Data.Data.Data Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPoliciesResponse
instance GHC.Show.Show Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPoliciesResponse
instance GHC.Read.Read Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPoliciesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPoliciesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance Data.Data.Data Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance GHC.Show.Show Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance GHC.Read.Read Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance GHC.Classes.Eq Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPoliciesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListAttachedUserPolicies.ListAttachedUserPolicies


-- | Lists all managed policies that are attached to the specified IAM
--   role.
--   
--   An IAM role can also have inline policies embedded with it. To list
--   the inline policies for a role, use the <tt>ListRolePolicies</tt> API.
--   For information about policies, see <a>Managed Policies and Inline
--   Policies</a> in the <i>IAM User Guide</i> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters. You can use the <tt>PathPrefix</tt>
--   parameter to limit the list of policies to only those matching the
--   specified path prefix. If there are no policies attached to the
--   specified role (or none that match the specified path prefix), the
--   operation returns an empty list.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListAttachedRolePolicies

-- | Creates a value of <a>ListAttachedRolePolicies</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>larpPathPrefix</a> - The path prefix for filtering the results.
--   This parameter is optional. If it is not included, it defaults to a
--   slash (<i>), listing all policies. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>larpMarker</a> - Use this parameter only when paginating
--   results and only after you receive a response indicating that the
--   results are truncated. Set it to the value of the <tt>Marker</tt>
--   element in the response that you received to indicate where the next
--   call should start.</li>
--   <li><a>larpMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>larpRoleName</a> - The name (friendly name, not ARN) of the
--   role to list attached policies for. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   </ul>
listAttachedRolePolicies :: Text -> ListAttachedRolePolicies

-- | <i>See:</i> <a>listAttachedRolePolicies</a> smart constructor.
data ListAttachedRolePolicies

-- | The path prefix for filtering the results. This parameter is optional.
--   If it is not included, it defaults to a slash (<i>), listing all
--   policies. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
larpPathPrefix :: Lens' ListAttachedRolePolicies (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
larpMarker :: Lens' ListAttachedRolePolicies (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
larpMaxItems :: Lens' ListAttachedRolePolicies (Maybe Natural)

-- | The name (friendly name, not ARN) of the role to list attached
--   policies for. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
larpRoleName :: Lens' ListAttachedRolePolicies Text

-- | Creates a value of <a>ListAttachedRolePoliciesResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>larprsAttachedPolicies</a> - A list of the attached
--   policies.</li>
--   <li><a>larprsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>larprsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>larprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listAttachedRolePoliciesResponse :: Int -> ListAttachedRolePoliciesResponse

-- | Contains the response to a successful <a>ListAttachedRolePolicies</a>
--   request.
--   
--   <i>See:</i> <a>listAttachedRolePoliciesResponse</a> smart constructor.
data ListAttachedRolePoliciesResponse

-- | A list of the attached policies.
larprsAttachedPolicies :: Lens' ListAttachedRolePoliciesResponse [AttachedPolicy]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
larprsMarker :: Lens' ListAttachedRolePoliciesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
larprsIsTruncated :: Lens' ListAttachedRolePoliciesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
larprsResponseStatus :: Lens' ListAttachedRolePoliciesResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePoliciesResponse
instance Data.Data.Data Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePoliciesResponse
instance GHC.Show.Show Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePoliciesResponse
instance GHC.Read.Read Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePoliciesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePoliciesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance Data.Data.Data Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance GHC.Show.Show Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance GHC.Read.Read Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance GHC.Classes.Eq Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePoliciesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListAttachedRolePolicies.ListAttachedRolePolicies


-- | Lists all managed policies that are attached to the specified IAM
--   group.
--   
--   An IAM group can also have inline policies embedded with it. To list
--   the inline policies for a group, use the <tt>ListGroupPolicies</tt>
--   API. For information about policies, see <a>Managed Policies and
--   Inline Policies</a> in the <i>IAM User Guide</i> .
--   
--   You can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters. You can use the <tt>PathPrefix</tt>
--   parameter to limit the list of policies to only those matching the
--   specified path prefix. If there are no policies attached to the
--   specified group (or none that match the specified path prefix), the
--   operation returns an empty list.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListAttachedGroupPolicies

-- | Creates a value of <a>ListAttachedGroupPolicies</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lagpPathPrefix</a> - The path prefix for filtering the results.
--   This parameter is optional. If it is not included, it defaults to a
--   slash (<i>), listing all policies. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>lagpMarker</a> - Use this parameter only when paginating
--   results and only after you receive a response indicating that the
--   results are truncated. Set it to the value of the <tt>Marker</tt>
--   element in the response that you received to indicate where the next
--   call should start.</li>
--   <li><a>lagpMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>lagpGroupName</a> - The name (friendly name, not ARN) of the
--   group to list attached policies for. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   </ul>
listAttachedGroupPolicies :: Text -> ListAttachedGroupPolicies

-- | <i>See:</i> <a>listAttachedGroupPolicies</a> smart constructor.
data ListAttachedGroupPolicies

-- | The path prefix for filtering the results. This parameter is optional.
--   If it is not included, it defaults to a slash (<i>), listing all
--   policies. This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
lagpPathPrefix :: Lens' ListAttachedGroupPolicies (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lagpMarker :: Lens' ListAttachedGroupPolicies (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lagpMaxItems :: Lens' ListAttachedGroupPolicies (Maybe Natural)

-- | The name (friendly name, not ARN) of the group to list attached
--   policies for. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
lagpGroupName :: Lens' ListAttachedGroupPolicies Text

-- | Creates a value of <a>ListAttachedGroupPoliciesResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lagprsAttachedPolicies</a> - A list of the attached
--   policies.</li>
--   <li><a>lagprsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lagprsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lagprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listAttachedGroupPoliciesResponse :: Int -> ListAttachedGroupPoliciesResponse

-- | Contains the response to a successful <a>ListAttachedGroupPolicies</a>
--   request.
--   
--   <i>See:</i> <a>listAttachedGroupPoliciesResponse</a> smart
--   constructor.
data ListAttachedGroupPoliciesResponse

-- | A list of the attached policies.
lagprsAttachedPolicies :: Lens' ListAttachedGroupPoliciesResponse [AttachedPolicy]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lagprsMarker :: Lens' ListAttachedGroupPoliciesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lagprsIsTruncated :: Lens' ListAttachedGroupPoliciesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lagprsResponseStatus :: Lens' ListAttachedGroupPoliciesResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPoliciesResponse
instance Data.Data.Data Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPoliciesResponse
instance GHC.Show.Show Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPoliciesResponse
instance GHC.Read.Read Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPoliciesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPoliciesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance Data.Data.Data Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance GHC.Show.Show Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance GHC.Read.Read Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance GHC.Classes.Eq Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPoliciesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance Control.DeepSeq.NFData Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListAttachedGroupPolicies.ListAttachedGroupPolicies


-- | Lists the account alias associated with the AWS account (Note: you can
--   have only one). For information about using an AWS account alias, see
--   <a>Using an Alias for Your AWS Account ID</a> in the <i>IAM User
--   Guide</i> .
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListAccountAliases

-- | Creates a value of <a>ListAccountAliases</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>laaMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>laaMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listAccountAliases :: ListAccountAliases

-- | <i>See:</i> <a>listAccountAliases</a> smart constructor.
data ListAccountAliases

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
laaMarker :: Lens' ListAccountAliases (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
laaMaxItems :: Lens' ListAccountAliases (Maybe Natural)

-- | Creates a value of <a>ListAccountAliasesResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>laarsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>laarsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>laarsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>laarsAccountAliases</a> - A list of aliases associated with the
--   account. AWS supports only one alias per account.</li>
--   </ul>
listAccountAliasesResponse :: Int -> ListAccountAliasesResponse

-- | Contains the response to a successful <a>ListAccountAliases</a>
--   request.
--   
--   <i>See:</i> <a>listAccountAliasesResponse</a> smart constructor.
data ListAccountAliasesResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
laarsMarker :: Lens' ListAccountAliasesResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
laarsIsTruncated :: Lens' ListAccountAliasesResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
laarsResponseStatus :: Lens' ListAccountAliasesResponse Int

-- | A list of aliases associated with the account. AWS supports only one
--   alias per account.
laarsAccountAliases :: Lens' ListAccountAliasesResponse [Text]
instance GHC.Generics.Generic Network.AWS.IAM.ListAccountAliases.ListAccountAliasesResponse
instance Data.Data.Data Network.AWS.IAM.ListAccountAliases.ListAccountAliasesResponse
instance GHC.Show.Show Network.AWS.IAM.ListAccountAliases.ListAccountAliasesResponse
instance GHC.Read.Read Network.AWS.IAM.ListAccountAliases.ListAccountAliasesResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListAccountAliases.ListAccountAliasesResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance Data.Data.Data Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance GHC.Show.Show Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance GHC.Read.Read Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance GHC.Classes.Eq Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance Control.DeepSeq.NFData Network.AWS.IAM.ListAccountAliases.ListAccountAliasesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance Control.DeepSeq.NFData Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListAccountAliases.ListAccountAliases
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListAccountAliases.ListAccountAliases


-- | Returns information about the access key IDs associated with the
--   specified IAM user. If there are none, the operation returns an empty
--   list.
--   
--   Although each user is limited to a small number of keys, you can still
--   paginate the results using the <tt>MaxItems</tt> and <tt>Marker</tt>
--   parameters.
--   
--   If the <tt>UserName</tt> field is not specified, the user name is
--   determined implicitly based on the AWS access key ID used to sign the
--   request. Because this operation works for access keys under the AWS
--   account, you can use this operation to manage AWS account root user
--   credentials even if the AWS account has no associated users.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.ListAccessKeys

-- | Creates a value of <a>ListAccessKeys</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lakUserName</a> - The name of the user. This parameter allows
--   (per its <a>regex pattern</a> ) a string of characters consisting of
--   upper and lowercase alphanumeric characters with no spaces. You can
--   also include any of the following characters: _+=,.@-</li>
--   <li><a>lakMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>lakMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   </ul>
listAccessKeys :: ListAccessKeys

-- | <i>See:</i> <a>listAccessKeys</a> smart constructor.
data ListAccessKeys

-- | The name of the user. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-
lakUserName :: Lens' ListAccessKeys (Maybe Text)

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
lakMarker :: Lens' ListAccessKeys (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
lakMaxItems :: Lens' ListAccessKeys (Maybe Natural)

-- | Creates a value of <a>ListAccessKeysResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lakrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>lakrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>lakrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>lakrsAccessKeyMetadata</a> - A list of objects containing
--   metadata about the access keys.</li>
--   </ul>
listAccessKeysResponse :: Int -> ListAccessKeysResponse

-- | Contains the response to a successful <a>ListAccessKeys</a> request.
--   
--   <i>See:</i> <a>listAccessKeysResponse</a> smart constructor.
data ListAccessKeysResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
lakrsMarker :: Lens' ListAccessKeysResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
lakrsIsTruncated :: Lens' ListAccessKeysResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lakrsResponseStatus :: Lens' ListAccessKeysResponse Int

-- | A list of objects containing metadata about the access keys.
lakrsAccessKeyMetadata :: Lens' ListAccessKeysResponse [AccessKeyMetadata]
instance GHC.Generics.Generic Network.AWS.IAM.ListAccessKeys.ListAccessKeysResponse
instance Data.Data.Data Network.AWS.IAM.ListAccessKeys.ListAccessKeysResponse
instance GHC.Show.Show Network.AWS.IAM.ListAccessKeys.ListAccessKeysResponse
instance GHC.Read.Read Network.AWS.IAM.ListAccessKeys.ListAccessKeysResponse
instance GHC.Classes.Eq Network.AWS.IAM.ListAccessKeys.ListAccessKeysResponse
instance GHC.Generics.Generic Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance Data.Data.Data Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance GHC.Show.Show Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance GHC.Read.Read Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance GHC.Classes.Eq Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance Control.DeepSeq.NFData Network.AWS.IAM.ListAccessKeys.ListAccessKeysResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance Control.DeepSeq.NFData Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ListAccessKeys.ListAccessKeys
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ListAccessKeys.ListAccessKeys


-- | Retrieves the specified inline policy document that is embedded in the
--   specified IAM user.
--   
--   An IAM user can also have managed policies attached to it. To retrieve
--   a managed policy document that is attached to a user, use
--   <tt>GetPolicy</tt> to determine the policy's default version, then use
--   <tt>GetPolicyVersion</tt> to retrieve the policy document.
--   
--   For more information about policies, see <a>Managed Policies and
--   Inline Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.GetUserPolicy

-- | Creates a value of <a>GetUserPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gupUserName</a> - The name of the user who the policy is
--   associated with. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>gupPolicyName</a> - The name of the policy document to get.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
getUserPolicy :: Text -> Text -> GetUserPolicy

-- | <i>See:</i> <a>getUserPolicy</a> smart constructor.
data GetUserPolicy

-- | The name of the user who the policy is associated with. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
gupUserName :: Lens' GetUserPolicy Text

-- | The name of the policy document to get. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
gupPolicyName :: Lens' GetUserPolicy Text

-- | Creates a value of <a>GetUserPolicyResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>guprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>guprsUserName</a> - The user the policy is associated
--   with.</li>
--   <li><a>guprsPolicyName</a> - The name of the policy.</li>
--   <li><a>guprsPolicyDocument</a> - The policy document.</li>
--   </ul>
getUserPolicyResponse :: Int -> Text -> Text -> Text -> GetUserPolicyResponse

-- | Contains the response to a successful <a>GetUserPolicy</a> request.
--   
--   <i>See:</i> <a>getUserPolicyResponse</a> smart constructor.
data GetUserPolicyResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
guprsResponseStatus :: Lens' GetUserPolicyResponse Int

-- | The user the policy is associated with.
guprsUserName :: Lens' GetUserPolicyResponse Text

-- | The name of the policy.
guprsPolicyName :: Lens' GetUserPolicyResponse Text

-- | The policy document.
guprsPolicyDocument :: Lens' GetUserPolicyResponse Text
instance GHC.Generics.Generic Network.AWS.IAM.GetUserPolicy.GetUserPolicyResponse
instance Data.Data.Data Network.AWS.IAM.GetUserPolicy.GetUserPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.GetUserPolicy.GetUserPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.GetUserPolicy.GetUserPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetUserPolicy.GetUserPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetUserPolicy.GetUserPolicy
instance Data.Data.Data Network.AWS.IAM.GetUserPolicy.GetUserPolicy
instance GHC.Show.Show Network.AWS.IAM.GetUserPolicy.GetUserPolicy
instance GHC.Read.Read Network.AWS.IAM.GetUserPolicy.GetUserPolicy
instance GHC.Classes.Eq Network.AWS.IAM.GetUserPolicy.GetUserPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetUserPolicy.GetUserPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetUserPolicy.GetUserPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetUserPolicy.GetUserPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetUserPolicy.GetUserPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetUserPolicy.GetUserPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetUserPolicy.GetUserPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetUserPolicy.GetUserPolicy


-- | Retrieves information about the specified IAM user, including the
--   user's creation date, path, unique ID, and ARN.
--   
--   If you do not specify a user name, IAM determines the user name
--   implicitly based on the AWS access key ID used to sign the request to
--   this API.
module Network.AWS.IAM.GetUser

-- | Creates a value of <a>GetUser</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>guUserName</a> - The name of the user to get information about.
--   This parameter is optional. If it is not included, it defaults to the
--   user making the request. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   </ul>
getUser :: GetUser

-- | <i>See:</i> <a>getUser</a> smart constructor.
data GetUser

-- | The name of the user to get information about. This parameter is
--   optional. If it is not included, it defaults to the user making the
--   request. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
guUserName :: Lens' GetUser (Maybe Text)

-- | Creates a value of <a>GetUserResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gursResponseStatus</a> - -- | The response status code.</li>
--   <li><a>gursUser</a> - A structure containing details about the IAM
--   user.</li>
--   </ul>
getUserResponse :: Int -> User -> GetUserResponse

-- | Contains the response to a successful <a>GetUser</a> request.
--   
--   <i>See:</i> <a>getUserResponse</a> smart constructor.
data GetUserResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gursResponseStatus :: Lens' GetUserResponse Int

-- | A structure containing details about the IAM user.
gursUser :: Lens' GetUserResponse User
instance GHC.Generics.Generic Network.AWS.IAM.GetUser.GetUserResponse
instance Data.Data.Data Network.AWS.IAM.GetUser.GetUserResponse
instance GHC.Show.Show Network.AWS.IAM.GetUser.GetUserResponse
instance GHC.Read.Read Network.AWS.IAM.GetUser.GetUserResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetUser.GetUserResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetUser.GetUser
instance Data.Data.Data Network.AWS.IAM.GetUser.GetUser
instance GHC.Show.Show Network.AWS.IAM.GetUser.GetUser
instance GHC.Read.Read Network.AWS.IAM.GetUser.GetUser
instance GHC.Classes.Eq Network.AWS.IAM.GetUser.GetUser
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetUser.GetUser
instance Control.DeepSeq.NFData Network.AWS.IAM.GetUser.GetUserResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetUser.GetUser
instance Control.DeepSeq.NFData Network.AWS.IAM.GetUser.GetUser
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetUser.GetUser
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetUser.GetUser
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetUser.GetUser


-- | Retrieves the status of your service-linked role deletion. After you
--   use the <tt>DeleteServiceLinkedRole</tt> API operation to submit a
--   service-linked role for deletion, you can use the
--   <tt>DeletionTaskId</tt> parameter in
--   <tt>GetServiceLinkedRoleDeletionStatus</tt> to check the status of the
--   deletion. If the deletion fails, this operation returns the reason
--   that it failed, if that information is returned by the service.
module Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus

-- | Creates a value of <a>GetServiceLinkedRoleDeletionStatus</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gslrdsDeletionTaskId</a> - The deletion task identifier. This
--   identifier is returned by the <tt>DeleteServiceLinkedRole</tt>
--   operation in the format
--   <tt>task<i>aws-service-role</i><a>service-principal-name</a><i><a>role-name</a></i><a>task-uuid</a></tt>
--   .</li>
--   </ul>
getServiceLinkedRoleDeletionStatus :: Text -> GetServiceLinkedRoleDeletionStatus

-- | <i>See:</i> <a>getServiceLinkedRoleDeletionStatus</a> smart
--   constructor.
data GetServiceLinkedRoleDeletionStatus

-- | The deletion task identifier. This identifier is returned by the
--   <tt>DeleteServiceLinkedRole</tt> operation in the format
--   <tt>task<i>aws-service-role</i><a>service-principal-name</a><i><a>role-name</a></i><a>task-uuid</a></tt>
--   .
gslrdsDeletionTaskId :: Lens' GetServiceLinkedRoleDeletionStatus Text

-- | Creates a value of <a>GetServiceLinkedRoleDeletionStatusResponse</a>
--   with the minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gslrdsrsReason</a> - An object that contains details about the
--   reason the deletion failed.</li>
--   <li><a>gslrdsrsResponseStatus</a> - -- | The response status
--   code.</li>
--   <li><a>gslrdsrsStatus</a> - The status of the deletion.</li>
--   </ul>
getServiceLinkedRoleDeletionStatusResponse :: Int -> DeletionTaskStatusType -> GetServiceLinkedRoleDeletionStatusResponse

-- | <i>See:</i> <a>getServiceLinkedRoleDeletionStatusResponse</a> smart
--   constructor.
data GetServiceLinkedRoleDeletionStatusResponse

-- | An object that contains details about the reason the deletion failed.
gslrdsrsReason :: Lens' GetServiceLinkedRoleDeletionStatusResponse (Maybe DeletionTaskFailureReasonType)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gslrdsrsResponseStatus :: Lens' GetServiceLinkedRoleDeletionStatusResponse Int

-- | The status of the deletion.
gslrdsrsStatus :: Lens' GetServiceLinkedRoleDeletionStatusResponse DeletionTaskStatusType
instance GHC.Generics.Generic Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatusResponse
instance Data.Data.Data Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatusResponse
instance GHC.Show.Show Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatusResponse
instance GHC.Read.Read Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatusResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatusResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus
instance Data.Data.Data Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus
instance GHC.Show.Show Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus
instance GHC.Read.Read Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus
instance GHC.Classes.Eq Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus
instance Control.DeepSeq.NFData Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatusResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus
instance Control.DeepSeq.NFData Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus.GetServiceLinkedRoleDeletionStatus


-- | Retrieves information about the specified server certificate stored in
--   IAM.
--   
--   For more information about working with server certificates, see
--   <a>Working with Server Certificates</a> in the <i>IAM User Guide</i> .
--   This topic includes a list of AWS services that can use the server
--   certificates that you manage with IAM.
module Network.AWS.IAM.GetServerCertificate

-- | Creates a value of <a>GetServerCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gscServerCertificateName</a> - The name of the server
--   certificate you want to retrieve information about. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
getServerCertificate :: Text -> GetServerCertificate

-- | <i>See:</i> <a>getServerCertificate</a> smart constructor.
data GetServerCertificate

-- | The name of the server certificate you want to retrieve information
--   about. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
gscServerCertificateName :: Lens' GetServerCertificate Text

-- | Creates a value of <a>GetServerCertificateResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gscrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>gscrsServerCertificate</a> - A structure containing details
--   about the server certificate.</li>
--   </ul>
getServerCertificateResponse :: Int -> ServerCertificate -> GetServerCertificateResponse

-- | Contains the response to a successful <a>GetServerCertificate</a>
--   request.
--   
--   <i>See:</i> <a>getServerCertificateResponse</a> smart constructor.
data GetServerCertificateResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gscrsResponseStatus :: Lens' GetServerCertificateResponse Int

-- | A structure containing details about the server certificate.
gscrsServerCertificate :: Lens' GetServerCertificateResponse ServerCertificate
instance GHC.Generics.Generic Network.AWS.IAM.GetServerCertificate.GetServerCertificateResponse
instance Data.Data.Data Network.AWS.IAM.GetServerCertificate.GetServerCertificateResponse
instance GHC.Show.Show Network.AWS.IAM.GetServerCertificate.GetServerCertificateResponse
instance GHC.Read.Read Network.AWS.IAM.GetServerCertificate.GetServerCertificateResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetServerCertificate.GetServerCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetServerCertificate.GetServerCertificate
instance Data.Data.Data Network.AWS.IAM.GetServerCertificate.GetServerCertificate
instance GHC.Show.Show Network.AWS.IAM.GetServerCertificate.GetServerCertificate
instance GHC.Read.Read Network.AWS.IAM.GetServerCertificate.GetServerCertificate
instance GHC.Classes.Eq Network.AWS.IAM.GetServerCertificate.GetServerCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetServerCertificate.GetServerCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.GetServerCertificate.GetServerCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetServerCertificate.GetServerCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.GetServerCertificate.GetServerCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetServerCertificate.GetServerCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetServerCertificate.GetServerCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetServerCertificate.GetServerCertificate


-- | Retrieves the specified SSH public key, including metadata about the
--   key.
--   
--   The SSH public key retrieved by this operation is used only for
--   authenticating the associated IAM user to an AWS CodeCommit
--   repository. For more information about using SSH keys to authenticate
--   to an AWS CodeCommit repository, see <a>Set up AWS CodeCommit for SSH
--   Connections</a> in the <i>AWS CodeCommit User Guide</i> .
module Network.AWS.IAM.GetSSHPublicKey

-- | Creates a value of <a>GetSSHPublicKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gspkUserName</a> - The name of the IAM user associated with the
--   SSH public key. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>gspkSSHPublicKeyId</a> - The unique identifier for the SSH
--   public key. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters that can consist of any upper or lowercased
--   letter or digit.</li>
--   <li><a>gspkEncoding</a> - Specifies the public key encoding format to
--   use in the response. To retrieve the public key in ssh-rsa format, use
--   <tt>SSH</tt> . To retrieve the public key in PEM format, use
--   <tt>PEM</tt> .</li>
--   </ul>
getSSHPublicKey :: Text -> Text -> EncodingType -> GetSSHPublicKey

-- | <i>See:</i> <a>getSSHPublicKey</a> smart constructor.
data GetSSHPublicKey

-- | The name of the IAM user associated with the SSH public key. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
gspkUserName :: Lens' GetSSHPublicKey Text

-- | The unique identifier for the SSH public key. This parameter allows
--   (per its <a>regex pattern</a> ) a string of characters that can
--   consist of any upper or lowercased letter or digit.
gspkSSHPublicKeyId :: Lens' GetSSHPublicKey Text

-- | Specifies the public key encoding format to use in the response. To
--   retrieve the public key in ssh-rsa format, use <tt>SSH</tt> . To
--   retrieve the public key in PEM format, use <tt>PEM</tt> .
gspkEncoding :: Lens' GetSSHPublicKey EncodingType

-- | Creates a value of <a>GetSSHPublicKeyResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gspkrsSSHPublicKey</a> - A structure containing details about
--   the SSH public key.</li>
--   <li><a>gspkrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getSSHPublicKeyResponse :: Int -> GetSSHPublicKeyResponse

-- | Contains the response to a successful <a>GetSSHPublicKey</a> request.
--   
--   <i>See:</i> <a>getSSHPublicKeyResponse</a> smart constructor.
data GetSSHPublicKeyResponse

-- | A structure containing details about the SSH public key.
gspkrsSSHPublicKey :: Lens' GetSSHPublicKeyResponse (Maybe SSHPublicKey)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gspkrsResponseStatus :: Lens' GetSSHPublicKeyResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKeyResponse
instance Data.Data.Data Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKeyResponse
instance GHC.Show.Show Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKeyResponse
instance GHC.Read.Read Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKeyResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey
instance Data.Data.Data Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey
instance GHC.Show.Show Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey
instance GHC.Read.Read Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey
instance GHC.Classes.Eq Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey
instance Control.DeepSeq.NFData Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKeyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey
instance Control.DeepSeq.NFData Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetSSHPublicKey.GetSSHPublicKey


-- | Returns the SAML provider metadocument that was uploaded when the IAM
--   SAML provider resource object was created or updated.
module Network.AWS.IAM.GetSAMLProvider

-- | Creates a value of <a>GetSAMLProvider</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gsamlpSAMLProviderARN</a> - The Amazon Resource Name (ARN) of
--   the SAML provider resource object in IAM to get information about. For
--   more information about ARNs, see <a>Amazon Resource Names (ARNs) and
--   AWS Service Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   </ul>
getSAMLProvider :: Text -> GetSAMLProvider

-- | <i>See:</i> <a>getSAMLProvider</a> smart constructor.
data GetSAMLProvider

-- | The Amazon Resource Name (ARN) of the SAML provider resource object in
--   IAM to get information about. For more information about ARNs, see
--   <a>Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the
--   <i>AWS General Reference</i> .
gsamlpSAMLProviderARN :: Lens' GetSAMLProvider Text

-- | Creates a value of <a>GetSAMLProviderResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gsamlprsCreateDate</a> - The date and time when the SAML
--   provider was created.</li>
--   <li><a>gsamlprsValidUntil</a> - The expiration date and time for the
--   SAML provider.</li>
--   <li><a>gsamlprsSAMLMetadataDocument</a> - The XML metadata document
--   that includes information about an identity provider.</li>
--   <li><a>gsamlprsResponseStatus</a> - -- | The response status
--   code.</li>
--   </ul>
getSAMLProviderResponse :: Int -> GetSAMLProviderResponse

-- | Contains the response to a successful <a>GetSAMLProvider</a> request.
--   
--   <i>See:</i> <a>getSAMLProviderResponse</a> smart constructor.
data GetSAMLProviderResponse

-- | The date and time when the SAML provider was created.
gsamlprsCreateDate :: Lens' GetSAMLProviderResponse (Maybe UTCTime)

-- | The expiration date and time for the SAML provider.
gsamlprsValidUntil :: Lens' GetSAMLProviderResponse (Maybe UTCTime)

-- | The XML metadata document that includes information about an identity
--   provider.
gsamlprsSAMLMetadataDocument :: Lens' GetSAMLProviderResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gsamlprsResponseStatus :: Lens' GetSAMLProviderResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.GetSAMLProvider.GetSAMLProviderResponse
instance Data.Data.Data Network.AWS.IAM.GetSAMLProvider.GetSAMLProviderResponse
instance GHC.Show.Show Network.AWS.IAM.GetSAMLProvider.GetSAMLProviderResponse
instance GHC.Read.Read Network.AWS.IAM.GetSAMLProvider.GetSAMLProviderResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetSAMLProvider.GetSAMLProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider
instance Data.Data.Data Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider
instance GHC.Show.Show Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider
instance GHC.Read.Read Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider
instance GHC.Classes.Eq Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.GetSAMLProvider.GetSAMLProviderResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetSAMLProvider.GetSAMLProvider


-- | Retrieves the specified inline policy document that is embedded with
--   the specified IAM role.
--   
--   An IAM role can also have managed policies attached to it. To retrieve
--   a managed policy document that is attached to a role, use
--   <tt>GetPolicy</tt> to determine the policy's default version, then use
--   <tt>GetPolicyVersion</tt> to retrieve the policy document.
--   
--   For more information about policies, see <a>Managed Policies and
--   Inline Policies</a> in the <i>IAM User Guide</i> .
--   
--   For more information about roles, see <a>Using Roles to Delegate
--   Permissions and Federate Identities</a> .
module Network.AWS.IAM.GetRolePolicy

-- | Creates a value of <a>GetRolePolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>grpRoleName</a> - The name of the role associated with the
--   policy. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>grpPolicyName</a> - The name of the policy document to get.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
getRolePolicy :: Text -> Text -> GetRolePolicy

-- | <i>See:</i> <a>getRolePolicy</a> smart constructor.
data GetRolePolicy

-- | The name of the role associated with the policy. This parameter allows
--   (per its <a>regex pattern</a> ) a string of characters consisting of
--   upper and lowercase alphanumeric characters with no spaces. You can
--   also include any of the following characters: _+=,.@-
grpRoleName :: Lens' GetRolePolicy Text

-- | The name of the policy document to get. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
grpPolicyName :: Lens' GetRolePolicy Text

-- | Creates a value of <a>GetRolePolicyResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>grprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>grprsRoleName</a> - The role the policy is associated
--   with.</li>
--   <li><a>grprsPolicyName</a> - The name of the policy.</li>
--   <li><a>grprsPolicyDocument</a> - The policy document.</li>
--   </ul>
getRolePolicyResponse :: Int -> Text -> Text -> Text -> GetRolePolicyResponse

-- | Contains the response to a successful <a>GetRolePolicy</a> request.
--   
--   <i>See:</i> <a>getRolePolicyResponse</a> smart constructor.
data GetRolePolicyResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
grprsResponseStatus :: Lens' GetRolePolicyResponse Int

-- | The role the policy is associated with.
grprsRoleName :: Lens' GetRolePolicyResponse Text

-- | The name of the policy.
grprsPolicyName :: Lens' GetRolePolicyResponse Text

-- | The policy document.
grprsPolicyDocument :: Lens' GetRolePolicyResponse Text
instance GHC.Generics.Generic Network.AWS.IAM.GetRolePolicy.GetRolePolicyResponse
instance Data.Data.Data Network.AWS.IAM.GetRolePolicy.GetRolePolicyResponse
instance GHC.Show.Show Network.AWS.IAM.GetRolePolicy.GetRolePolicyResponse
instance GHC.Read.Read Network.AWS.IAM.GetRolePolicy.GetRolePolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetRolePolicy.GetRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetRolePolicy.GetRolePolicy
instance Data.Data.Data Network.AWS.IAM.GetRolePolicy.GetRolePolicy
instance GHC.Show.Show Network.AWS.IAM.GetRolePolicy.GetRolePolicy
instance GHC.Read.Read Network.AWS.IAM.GetRolePolicy.GetRolePolicy
instance GHC.Classes.Eq Network.AWS.IAM.GetRolePolicy.GetRolePolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetRolePolicy.GetRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetRolePolicy.GetRolePolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetRolePolicy.GetRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetRolePolicy.GetRolePolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetRolePolicy.GetRolePolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetRolePolicy.GetRolePolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetRolePolicy.GetRolePolicy


-- | Retrieves information about the specified role, including the role's
--   path, GUID, ARN, and the role's trust policy that grants permission to
--   assume the role. For more information about roles, see <a>Working with
--   Roles</a> .
module Network.AWS.IAM.GetRole

-- | Creates a value of <a>GetRole</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>grRoleName</a> - The name of the IAM role to get information
--   about. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   </ul>
getRole :: Text -> GetRole

-- | <i>See:</i> <a>getRole</a> smart constructor.
data GetRole

-- | The name of the IAM role to get information about. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
grRoleName :: Lens' GetRole Text

-- | Creates a value of <a>GetRoleResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>grrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>grrsRole</a> - A structure containing details about the IAM
--   role.</li>
--   </ul>
getRoleResponse :: Int -> Role -> GetRoleResponse

-- | Contains the response to a successful <a>GetRole</a> request.
--   
--   <i>See:</i> <a>getRoleResponse</a> smart constructor.
data GetRoleResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
grrsResponseStatus :: Lens' GetRoleResponse Int

-- | A structure containing details about the IAM role.
grrsRole :: Lens' GetRoleResponse Role
instance GHC.Generics.Generic Network.AWS.IAM.GetRole.GetRoleResponse
instance Data.Data.Data Network.AWS.IAM.GetRole.GetRoleResponse
instance GHC.Show.Show Network.AWS.IAM.GetRole.GetRoleResponse
instance GHC.Read.Read Network.AWS.IAM.GetRole.GetRoleResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetRole.GetRoleResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetRole.GetRole
instance Data.Data.Data Network.AWS.IAM.GetRole.GetRole
instance GHC.Show.Show Network.AWS.IAM.GetRole.GetRole
instance GHC.Read.Read Network.AWS.IAM.GetRole.GetRole
instance GHC.Classes.Eq Network.AWS.IAM.GetRole.GetRole
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetRole.GetRole
instance Control.DeepSeq.NFData Network.AWS.IAM.GetRole.GetRoleResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetRole.GetRole
instance Control.DeepSeq.NFData Network.AWS.IAM.GetRole.GetRole
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetRole.GetRole
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetRole.GetRole
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetRole.GetRole


-- | Retrieves information about the specified version of the specified
--   managed policy, including the policy document.
--   
--   To list the available versions for a policy, use
--   <tt>ListPolicyVersions</tt> .
--   
--   This API retrieves information about managed policies. To retrieve
--   information about an inline policy that is embedded in a user, group,
--   or role, use the <tt>GetUserPolicy</tt> , <tt>GetGroupPolicy</tt> , or
--   <tt>GetRolePolicy</tt> API.
--   
--   For more information about the types of policies, see <a>Managed
--   Policies and Inline Policies</a> in the <i>IAM User Guide</i> .
--   
--   For more information about managed policy versions, see <a>Versioning
--   for Managed Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.GetPolicyVersion

-- | Creates a value of <a>GetPolicyVersion</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gpvPolicyARN</a> - The Amazon Resource Name (ARN) of the
--   managed policy that you want information about. For more information
--   about ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   <li><a>gpvVersionId</a> - Identifies the policy version to retrieve.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters that consists of the lowercase letter <tt>v</tt> followed
--   by one or two digits, and optionally followed by a period <a>.</a> and
--   a string of letters and digits.</li>
--   </ul>
getPolicyVersion :: Text -> Text -> GetPolicyVersion

-- | <i>See:</i> <a>getPolicyVersion</a> smart constructor.
data GetPolicyVersion

-- | The Amazon Resource Name (ARN) of the managed policy that you want
--   information about. For more information about ARNs, see <a>Amazon
--   Resource Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS
--   General Reference</i> .
gpvPolicyARN :: Lens' GetPolicyVersion Text

-- | Identifies the policy version to retrieve. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters that consists of the
--   lowercase letter <tt>v</tt> followed by one or two digits, and
--   optionally followed by a period <a>.</a> and a string of letters and
--   digits.
gpvVersionId :: Lens' GetPolicyVersion Text

-- | Creates a value of <a>GetPolicyVersionResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gpvrsPolicyVersion</a> - A structure containing details about
--   the policy version.</li>
--   <li><a>gpvrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getPolicyVersionResponse :: Int -> GetPolicyVersionResponse

-- | Contains the response to a successful <a>GetPolicyVersion</a> request.
--   
--   <i>See:</i> <a>getPolicyVersionResponse</a> smart constructor.
data GetPolicyVersionResponse

-- | A structure containing details about the policy version.
gpvrsPolicyVersion :: Lens' GetPolicyVersionResponse (Maybe PolicyVersion)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gpvrsResponseStatus :: Lens' GetPolicyVersionResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.GetPolicyVersion.GetPolicyVersionResponse
instance Data.Data.Data Network.AWS.IAM.GetPolicyVersion.GetPolicyVersionResponse
instance GHC.Show.Show Network.AWS.IAM.GetPolicyVersion.GetPolicyVersionResponse
instance GHC.Read.Read Network.AWS.IAM.GetPolicyVersion.GetPolicyVersionResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetPolicyVersion.GetPolicyVersionResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion
instance Data.Data.Data Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion
instance GHC.Show.Show Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion
instance GHC.Read.Read Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion
instance GHC.Classes.Eq Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion
instance Control.DeepSeq.NFData Network.AWS.IAM.GetPolicyVersion.GetPolicyVersionResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion
instance Control.DeepSeq.NFData Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetPolicyVersion.GetPolicyVersion


-- | Retrieves information about the specified managed policy, including
--   the policy's default version and the total number of IAM users,
--   groups, and roles to which the policy is attached. To retrieve the
--   list of the specific users, groups, and roles that the policy is
--   attached to, use the <tt>ListEntitiesForPolicy</tt> API. This API
--   returns metadata about the policy. To retrieve the actual policy
--   document for a specific version of the policy, use
--   <tt>GetPolicyVersion</tt> .
--   
--   This API retrieves information about managed policies. To retrieve
--   information about an inline policy that is embedded with an IAM user,
--   group, or role, use the <tt>GetUserPolicy</tt> ,
--   <tt>GetGroupPolicy</tt> , or <tt>GetRolePolicy</tt> API.
--   
--   For more information about policies, see <a>Managed Policies and
--   Inline Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.GetPolicy

-- | Creates a value of <a>GetPolicy</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gpPolicyARN</a> - The Amazon Resource Name (ARN) of the managed
--   policy that you want information about. For more information about
--   ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   </ul>
getPolicy :: Text -> GetPolicy

-- | <i>See:</i> <a>getPolicy</a> smart constructor.
data GetPolicy

-- | The Amazon Resource Name (ARN) of the managed policy that you want
--   information about. For more information about ARNs, see <a>Amazon
--   Resource Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS
--   General Reference</i> .
gpPolicyARN :: Lens' GetPolicy Text

-- | Creates a value of <a>GetPolicyResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gprsPolicy</a> - A structure containing details about the
--   policy.</li>
--   <li><a>gprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getPolicyResponse :: Int -> GetPolicyResponse

-- | Contains the response to a successful <a>GetPolicy</a> request.
--   
--   <i>See:</i> <a>getPolicyResponse</a> smart constructor.
data GetPolicyResponse

-- | A structure containing details about the policy.
gprsPolicy :: Lens' GetPolicyResponse (Maybe Policy)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gprsResponseStatus :: Lens' GetPolicyResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.GetPolicy.GetPolicyResponse
instance Data.Data.Data Network.AWS.IAM.GetPolicy.GetPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.GetPolicy.GetPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.GetPolicy.GetPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetPolicy.GetPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetPolicy.GetPolicy
instance Data.Data.Data Network.AWS.IAM.GetPolicy.GetPolicy
instance GHC.Show.Show Network.AWS.IAM.GetPolicy.GetPolicy
instance GHC.Read.Read Network.AWS.IAM.GetPolicy.GetPolicy
instance GHC.Classes.Eq Network.AWS.IAM.GetPolicy.GetPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetPolicy.GetPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetPolicy.GetPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetPolicy.GetPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetPolicy.GetPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetPolicy.GetPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetPolicy.GetPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetPolicy.GetPolicy


-- | Returns information about the specified OpenID Connect (OIDC) provider
--   resource object in IAM.
module Network.AWS.IAM.GetOpenIdConnectProvider

-- | Creates a value of <a>GetOpenIdConnectProvider</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>goicpOpenIdConnectProviderARN</a> - The Amazon Resource Name
--   (ARN) of the OIDC provider resource object in IAM to get information
--   for. You can get a list of OIDC provider resource ARNs by using the
--   <tt>ListOpenIDConnectProviders</tt> operation. For more information
--   about ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   </ul>
getOpenIdConnectProvider :: Text -> GetOpenIdConnectProvider

-- | <i>See:</i> <a>getOpenIdConnectProvider</a> smart constructor.
data GetOpenIdConnectProvider

-- | The Amazon Resource Name (ARN) of the OIDC provider resource object in
--   IAM to get information for. You can get a list of OIDC provider
--   resource ARNs by using the <tt>ListOpenIDConnectProviders</tt>
--   operation. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .
goicpOpenIdConnectProviderARN :: Lens' GetOpenIdConnectProvider Text

-- | Creates a value of <a>GetOpenIdConnectProviderResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>goicprsCreateDate</a> - The date and time when the IAM OIDC
--   provider resource object was created in the AWS account.</li>
--   <li><a>goicprsURL</a> - The URL that the IAM OIDC provider resource
--   object is associated with. For more information, see
--   <tt>CreateOpenIDConnectProvider</tt> .</li>
--   <li><a>goicprsThumbprintList</a> - A list of certificate thumbprints
--   that are associated with the specified IAM OIDC provider resource
--   object. For more information, see <tt>CreateOpenIDConnectProvider</tt>
--   .</li>
--   <li><a>goicprsClientIdList</a> - A list of client IDs (also known as
--   audiences) that are associated with the specified IAM OIDC provider
--   resource object. For more information, see
--   <tt>CreateOpenIDConnectProvider</tt> .</li>
--   <li><a>goicprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getOpenIdConnectProviderResponse :: Int -> GetOpenIdConnectProviderResponse

-- | Contains the response to a successful
--   <tt>GetOpenIDConnectProvider</tt> request.
--   
--   <i>See:</i> <a>getOpenIdConnectProviderResponse</a> smart constructor.
data GetOpenIdConnectProviderResponse

-- | The date and time when the IAM OIDC provider resource object was
--   created in the AWS account.
goicprsCreateDate :: Lens' GetOpenIdConnectProviderResponse (Maybe UTCTime)

-- | The URL that the IAM OIDC provider resource object is associated with.
--   For more information, see <tt>CreateOpenIDConnectProvider</tt> .
goicprsURL :: Lens' GetOpenIdConnectProviderResponse (Maybe Text)

-- | A list of certificate thumbprints that are associated with the
--   specified IAM OIDC provider resource object. For more information, see
--   <tt>CreateOpenIDConnectProvider</tt> .
goicprsThumbprintList :: Lens' GetOpenIdConnectProviderResponse [Text]

-- | A list of client IDs (also known as audiences) that are associated
--   with the specified IAM OIDC provider resource object. For more
--   information, see <tt>CreateOpenIDConnectProvider</tt> .
goicprsClientIdList :: Lens' GetOpenIdConnectProviderResponse [Text]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
goicprsResponseStatus :: Lens' GetOpenIdConnectProviderResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProviderResponse
instance Data.Data.Data Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProviderResponse
instance GHC.Show.Show Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProviderResponse
instance GHC.Read.Read Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProviderResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider
instance Data.Data.Data Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider
instance GHC.Show.Show Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider
instance GHC.Read.Read Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider
instance GHC.Classes.Eq Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProviderResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetOpenIdConnectProvider.GetOpenIdConnectProvider


-- | Retrieves the user name and password-creation date for the specified
--   IAM user. If the user has not been assigned a password, the operation
--   returns a 404 (<tt>NoSuchEntity</tt> ) error.
module Network.AWS.IAM.GetLoginProfile

-- | Creates a value of <a>GetLoginProfile</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>glpUserName</a> - The name of the user whose login profile you
--   want to retrieve. This parameter allows (per its <a>regex pattern</a>
--   ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   </ul>
getLoginProfile :: Text -> GetLoginProfile

-- | <i>See:</i> <a>getLoginProfile</a> smart constructor.
data GetLoginProfile

-- | The name of the user whose login profile you want to retrieve. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
glpUserName :: Lens' GetLoginProfile Text

-- | Creates a value of <a>GetLoginProfileResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>glprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>glprsLoginProfile</a> - A structure containing the user name
--   and password create date for the user.</li>
--   </ul>
getLoginProfileResponse :: Int -> LoginProfile -> GetLoginProfileResponse

-- | Contains the response to a successful <a>GetLoginProfile</a> request.
--   
--   <i>See:</i> <a>getLoginProfileResponse</a> smart constructor.
data GetLoginProfileResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
glprsResponseStatus :: Lens' GetLoginProfileResponse Int

-- | A structure containing the user name and password create date for the
--   user.
glprsLoginProfile :: Lens' GetLoginProfileResponse LoginProfile
instance GHC.Generics.Generic Network.AWS.IAM.GetLoginProfile.GetLoginProfileResponse
instance Data.Data.Data Network.AWS.IAM.GetLoginProfile.GetLoginProfileResponse
instance GHC.Show.Show Network.AWS.IAM.GetLoginProfile.GetLoginProfileResponse
instance GHC.Read.Read Network.AWS.IAM.GetLoginProfile.GetLoginProfileResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetLoginProfile.GetLoginProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetLoginProfile.GetLoginProfile
instance Data.Data.Data Network.AWS.IAM.GetLoginProfile.GetLoginProfile
instance GHC.Show.Show Network.AWS.IAM.GetLoginProfile.GetLoginProfile
instance GHC.Read.Read Network.AWS.IAM.GetLoginProfile.GetLoginProfile
instance GHC.Classes.Eq Network.AWS.IAM.GetLoginProfile.GetLoginProfile
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetLoginProfile.GetLoginProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.GetLoginProfile.GetLoginProfileResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetLoginProfile.GetLoginProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.GetLoginProfile.GetLoginProfile
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetLoginProfile.GetLoginProfile
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetLoginProfile.GetLoginProfile
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetLoginProfile.GetLoginProfile


-- | Retrieves information about the specified instance profile, including
--   the instance profile's path, GUID, ARN, and role. For more information
--   about instance profiles, see <a>About Instance Profiles</a> in the
--   <i>IAM User Guide</i> .
module Network.AWS.IAM.GetInstanceProfile

-- | Creates a value of <a>GetInstanceProfile</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gipInstanceProfileName</a> - The name of the instance profile
--   to get information about. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   </ul>
getInstanceProfile :: Text -> GetInstanceProfile

-- | <i>See:</i> <a>getInstanceProfile</a> smart constructor.
data GetInstanceProfile

-- | The name of the instance profile to get information about. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
gipInstanceProfileName :: Lens' GetInstanceProfile Text

-- | Creates a value of <a>GetInstanceProfileResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>giprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>giprsInstanceProfile</a> - A structure containing details about
--   the instance profile.</li>
--   </ul>
getInstanceProfileResponse :: Int -> InstanceProfile -> GetInstanceProfileResponse

-- | Contains the response to a successful <a>GetInstanceProfile</a>
--   request.
--   
--   <i>See:</i> <a>getInstanceProfileResponse</a> smart constructor.
data GetInstanceProfileResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
giprsResponseStatus :: Lens' GetInstanceProfileResponse Int

-- | A structure containing details about the instance profile.
giprsInstanceProfile :: Lens' GetInstanceProfileResponse InstanceProfile
instance GHC.Generics.Generic Network.AWS.IAM.GetInstanceProfile.GetInstanceProfileResponse
instance Data.Data.Data Network.AWS.IAM.GetInstanceProfile.GetInstanceProfileResponse
instance GHC.Show.Show Network.AWS.IAM.GetInstanceProfile.GetInstanceProfileResponse
instance GHC.Read.Read Network.AWS.IAM.GetInstanceProfile.GetInstanceProfileResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetInstanceProfile.GetInstanceProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile
instance Data.Data.Data Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile
instance GHC.Show.Show Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile
instance GHC.Read.Read Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile
instance GHC.Classes.Eq Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.GetInstanceProfile.GetInstanceProfileResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetInstanceProfile.GetInstanceProfile


-- | Retrieves the specified inline policy document that is embedded in the
--   specified IAM group.
--   
--   An IAM group can also have managed policies attached to it. To
--   retrieve a managed policy document that is attached to a group, use
--   <tt>GetPolicy</tt> to determine the policy's default version, then use
--   <tt>GetPolicyVersion</tt> to retrieve the policy document.
--   
--   For more information about policies, see <a>Managed Policies and
--   Inline Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.GetGroupPolicy

-- | Creates a value of <a>GetGroupPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ggpGroupName</a> - The name of the group the policy is
--   associated with. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>ggpPolicyName</a> - The name of the policy document to get.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
getGroupPolicy :: Text -> Text -> GetGroupPolicy

-- | <i>See:</i> <a>getGroupPolicy</a> smart constructor.
data GetGroupPolicy

-- | The name of the group the policy is associated with. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
ggpGroupName :: Lens' GetGroupPolicy Text

-- | The name of the policy document to get. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
ggpPolicyName :: Lens' GetGroupPolicy Text

-- | Creates a value of <a>GetGroupPolicyResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ggprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>ggprsGroupName</a> - The group the policy is associated
--   with.</li>
--   <li><a>ggprsPolicyName</a> - The name of the policy.</li>
--   <li><a>ggprsPolicyDocument</a> - The policy document.</li>
--   </ul>
getGroupPolicyResponse :: Int -> Text -> Text -> Text -> GetGroupPolicyResponse

-- | Contains the response to a successful <a>GetGroupPolicy</a> request.
--   
--   <i>See:</i> <a>getGroupPolicyResponse</a> smart constructor.
data GetGroupPolicyResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
ggprsResponseStatus :: Lens' GetGroupPolicyResponse Int

-- | The group the policy is associated with.
ggprsGroupName :: Lens' GetGroupPolicyResponse Text

-- | The name of the policy.
ggprsPolicyName :: Lens' GetGroupPolicyResponse Text

-- | The policy document.
ggprsPolicyDocument :: Lens' GetGroupPolicyResponse Text
instance GHC.Generics.Generic Network.AWS.IAM.GetGroupPolicy.GetGroupPolicyResponse
instance Data.Data.Data Network.AWS.IAM.GetGroupPolicy.GetGroupPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.GetGroupPolicy.GetGroupPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.GetGroupPolicy.GetGroupPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetGroupPolicy.GetGroupPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy
instance Data.Data.Data Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy
instance GHC.Show.Show Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy
instance GHC.Read.Read Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy
instance GHC.Classes.Eq Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetGroupPolicy.GetGroupPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetGroupPolicy.GetGroupPolicy


-- | Returns a list of IAM users that are in the specified IAM group. You
--   can paginate the results using the <tt>MaxItems</tt> and
--   <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.GetGroup

-- | Creates a value of <a>GetGroup</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ggMarker</a> - Use this parameter only when paginating results
--   and only after you receive a response indicating that the results are
--   truncated. Set it to the value of the <tt>Marker</tt> element in the
--   response that you received to indicate where the next call should
--   start.</li>
--   <li><a>ggMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>ggGroupName</a> - The name of the group. This parameter allows
--   (per its <a>regex pattern</a> ) a string of characters consisting of
--   upper and lowercase alphanumeric characters with no spaces. You can
--   also include any of the following characters: _+=,.@-</li>
--   </ul>
getGroup :: Text -> GetGroup

-- | <i>See:</i> <a>getGroup</a> smart constructor.
data GetGroup

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
ggMarker :: Lens' GetGroup (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
ggMaxItems :: Lens' GetGroup (Maybe Natural)

-- | The name of the group. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-
ggGroupName :: Lens' GetGroup Text

-- | Creates a value of <a>GetGroupResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ggrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>ggrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>ggrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>ggrsGroup</a> - A structure that contains details about the
--   group.</li>
--   <li><a>ggrsUsers</a> - A list of users in the group.</li>
--   </ul>
getGroupResponse :: Int -> Group -> GetGroupResponse

-- | Contains the response to a successful <a>GetGroup</a> request.
--   
--   <i>See:</i> <a>getGroupResponse</a> smart constructor.
data GetGroupResponse

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
ggrsMarker :: Lens' GetGroupResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
ggrsIsTruncated :: Lens' GetGroupResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
ggrsResponseStatus :: Lens' GetGroupResponse Int

-- | A structure that contains details about the group.
ggrsGroup :: Lens' GetGroupResponse Group

-- | A list of users in the group.
ggrsUsers :: Lens' GetGroupResponse [User]
instance GHC.Generics.Generic Network.AWS.IAM.GetGroup.GetGroupResponse
instance Data.Data.Data Network.AWS.IAM.GetGroup.GetGroupResponse
instance GHC.Show.Show Network.AWS.IAM.GetGroup.GetGroupResponse
instance GHC.Read.Read Network.AWS.IAM.GetGroup.GetGroupResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetGroup.GetGroupResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetGroup.GetGroup
instance Data.Data.Data Network.AWS.IAM.GetGroup.GetGroup
instance GHC.Show.Show Network.AWS.IAM.GetGroup.GetGroup
instance GHC.Read.Read Network.AWS.IAM.GetGroup.GetGroup
instance GHC.Classes.Eq Network.AWS.IAM.GetGroup.GetGroup
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetGroup.GetGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.GetGroup.GetGroupResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.GetGroup.GetGroup
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetGroup.GetGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.GetGroup.GetGroup
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetGroup.GetGroup
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetGroup.GetGroup
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetGroup.GetGroup


-- | Retrieves a credential report for the AWS account. For more
--   information about the credential report, see <a>Getting Credential
--   Reports</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.GetCredentialReport

-- | Creates a value of <a>GetCredentialReport</a> with the minimum fields
--   required to make a request.
getCredentialReport :: GetCredentialReport

-- | <i>See:</i> <a>getCredentialReport</a> smart constructor.
data GetCredentialReport

-- | Creates a value of <a>GetCredentialReportResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>grsContent</a> - Contains the credential report. The report is
--   Base64-encoded.-- <i>Note:</i> This <tt>Lens</tt> automatically
--   encodes and decodes Base64 data. The underlying isomorphism will
--   encode to Base64 representation during serialisation, and decode from
--   Base64 representation during deserialisation. This <tt>Lens</tt>
--   accepts and returns only raw unencoded data.</li>
--   <li><a>grsGeneratedTime</a> - The date and time when the credential
--   report was created, in <a>ISO 8601 date-time format</a> .</li>
--   <li><a>grsReportFormat</a> - The format (MIME type) of the credential
--   report.</li>
--   <li><a>grsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getCredentialReportResponse :: Int -> GetCredentialReportResponse

-- | Contains the response to a successful <a>GetCredentialReport</a>
--   request.
--   
--   <i>See:</i> <a>getCredentialReportResponse</a> smart constructor.
data GetCredentialReportResponse

-- | Contains the credential report. The report is Base64-encoded.--
--   <i>Note:</i> This <tt>Lens</tt> automatically encodes and decodes
--   Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.
grsContent :: Lens' GetCredentialReportResponse (Maybe ByteString)

-- | The date and time when the credential report was created, in <a>ISO
--   8601 date-time format</a> .
grsGeneratedTime :: Lens' GetCredentialReportResponse (Maybe UTCTime)

-- | The format (MIME type) of the credential report.
grsReportFormat :: Lens' GetCredentialReportResponse (Maybe ReportFormatType)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
grsResponseStatus :: Lens' GetCredentialReportResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.GetCredentialReport.GetCredentialReportResponse
instance Data.Data.Data Network.AWS.IAM.GetCredentialReport.GetCredentialReportResponse
instance GHC.Show.Show Network.AWS.IAM.GetCredentialReport.GetCredentialReportResponse
instance GHC.Read.Read Network.AWS.IAM.GetCredentialReport.GetCredentialReportResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetCredentialReport.GetCredentialReportResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetCredentialReport.GetCredentialReport
instance Data.Data.Data Network.AWS.IAM.GetCredentialReport.GetCredentialReport
instance GHC.Show.Show Network.AWS.IAM.GetCredentialReport.GetCredentialReport
instance GHC.Read.Read Network.AWS.IAM.GetCredentialReport.GetCredentialReport
instance GHC.Classes.Eq Network.AWS.IAM.GetCredentialReport.GetCredentialReport
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetCredentialReport.GetCredentialReport
instance Control.DeepSeq.NFData Network.AWS.IAM.GetCredentialReport.GetCredentialReportResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetCredentialReport.GetCredentialReport
instance Control.DeepSeq.NFData Network.AWS.IAM.GetCredentialReport.GetCredentialReport
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetCredentialReport.GetCredentialReport
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetCredentialReport.GetCredentialReport
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetCredentialReport.GetCredentialReport


-- | Gets a list of all of the context keys referenced in all the IAM
--   policies that are attached to the specified IAM entity. The entity can
--   be an IAM user, group, or role. If you specify a user, then the
--   request also includes all of the policies attached to groups that the
--   user is a member of.
--   
--   You can optionally include a list of one or more additional policies,
--   specified as strings. If you want to include <i>only</i> a list of
--   policies by string, use <tt>GetContextKeysForCustomPolicy</tt>
--   instead.
--   
--   <b>Note:</b> This API discloses information about the permissions
--   granted to other users. If you do not want users to see other user's
--   permissions, then consider allowing them to use
--   <tt>GetContextKeysForCustomPolicy</tt> instead.
--   
--   Context keys are variables maintained by AWS and its services that
--   provide details about the context of an API query request. Context
--   keys can be evaluated by testing against a value in an IAM policy. Use
--   <a>GetContextKeysForPrincipalPolicy</a> to understand what key names
--   and values you must supply when you call
--   <tt>SimulatePrincipalPolicy</tt> .
module Network.AWS.IAM.GetContextKeysForPrincipalPolicy

-- | Creates a value of <a>GetContextKeysForPrincipalPolicy</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gckfppPolicyInputList</a> - An optional list of additional
--   policies for which you want the list of context keys that are
--   referenced. The <a>regex pattern</a> used to validate this parameter
--   is a string of characters consisting of the following: * Any printable
--   ASCII character ranging from the space character (u0020) through the
--   end of the ASCII character range * The printable characters in the
--   Basic Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)</li>
--   <li><a>gckfppPolicySourceARN</a> - The ARN of a user, group, or role
--   whose policies contain the context keys that you want listed. If you
--   specify a user, the list includes context keys that are found in all
--   policies that are attached to the user. The list also includes all
--   groups that the user is a member of. If you pick a group or a role,
--   then it includes only those context keys that are found in policies
--   attached to that entity. Note that all parameters are shown in
--   unencoded form here for clarity, but must be URL encoded to be
--   included as a part of a real HTML request. For more information about
--   ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   </ul>
getContextKeysForPrincipalPolicy :: Text -> GetContextKeysForPrincipalPolicy

-- | <i>See:</i> <a>getContextKeysForPrincipalPolicy</a> smart constructor.
data GetContextKeysForPrincipalPolicy

-- | An optional list of additional policies for which you want the list of
--   context keys that are referenced. The <a>regex pattern</a> used to
--   validate this parameter is a string of characters consisting of the
--   following: * Any printable ASCII character ranging from the space
--   character (u0020) through the end of the ASCII character range * The
--   printable characters in the Basic Latin and Latin-1 Supplement
--   character set (through u00FF) * The special characters tab (u0009),
--   line feed (u000A), and carriage return (u000D)
gckfppPolicyInputList :: Lens' GetContextKeysForPrincipalPolicy [Text]

-- | The ARN of a user, group, or role whose policies contain the context
--   keys that you want listed. If you specify a user, the list includes
--   context keys that are found in all policies that are attached to the
--   user. The list also includes all groups that the user is a member of.
--   If you pick a group or a role, then it includes only those context
--   keys that are found in policies attached to that entity. Note that all
--   parameters are shown in unencoded form here for clarity, but must be
--   URL encoded to be included as a part of a real HTML request. For more
--   information about ARNs, see <a>Amazon Resource Names (ARNs) and AWS
--   Service Namespaces</a> in the <i>AWS General Reference</i> .
gckfppPolicySourceARN :: Lens' GetContextKeysForPrincipalPolicy Text

-- | Creates a value of <a>GetContextKeysForPolicyResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gckfpContextKeyNames</a> - The list of context keys that are
--   referenced in the input policies.</li>
--   </ul>
getContextKeysForPolicyResponse :: GetContextKeysForPolicyResponse

-- | Contains the response to a successful
--   <tt>GetContextKeysForPrincipalPolicy</tt> or
--   <tt>GetContextKeysForCustomPolicy</tt> request.
--   
--   <i>See:</i> <a>getContextKeysForPolicyResponse</a> smart constructor.
data GetContextKeysForPolicyResponse

-- | The list of context keys that are referenced in the input policies.
gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text]
instance GHC.Generics.Generic Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy
instance Data.Data.Data Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy
instance GHC.Show.Show Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy
instance GHC.Read.Read Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy
instance GHC.Classes.Eq Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetContextKeysForPrincipalPolicy.GetContextKeysForPrincipalPolicy


-- | Gets a list of all of the context keys referenced in the input
--   policies. The policies are supplied as a list of one or more strings.
--   To get the context keys from policies associated with an IAM user,
--   group, or role, use <tt>GetContextKeysForPrincipalPolicy</tt> .
--   
--   Context keys are variables maintained by AWS and its services that
--   provide details about the context of an API query request. Context
--   keys can be evaluated by testing against a value specified in an IAM
--   policy. Use <tt>GetContextKeysForCustomPolicy</tt> to understand what
--   key names and values you must supply when you call
--   <tt>SimulateCustomPolicy</tt> . Note that all parameters are shown in
--   unencoded form here for clarity but must be URL encoded to be included
--   as a part of a real HTML request.
module Network.AWS.IAM.GetContextKeysForCustomPolicy

-- | Creates a value of <a>GetContextKeysForCustomPolicy</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gckfcpPolicyInputList</a> - A list of policies for which you
--   want the list of context keys referenced in those policies. Each
--   document is specified as a string containing the complete, valid JSON
--   text of an IAM policy. The <a>regex pattern</a> used to validate this
--   parameter is a string of characters consisting of the following: * Any
--   printable ASCII character ranging from the space character (u0020)
--   through the end of the ASCII character range * The printable
--   characters in the Basic Latin and Latin-1 Supplement character set
--   (through u00FF) * The special characters tab (u0009), line feed
--   (u000A), and carriage return (u000D)</li>
--   </ul>
getContextKeysForCustomPolicy :: GetContextKeysForCustomPolicy

-- | <i>See:</i> <a>getContextKeysForCustomPolicy</a> smart constructor.
data GetContextKeysForCustomPolicy

-- | A list of policies for which you want the list of context keys
--   referenced in those policies. Each document is specified as a string
--   containing the complete, valid JSON text of an IAM policy. The
--   <a>regex pattern</a> used to validate this parameter is a string of
--   characters consisting of the following: * Any printable ASCII
--   character ranging from the space character (u0020) through the end of
--   the ASCII character range * The printable characters in the Basic
--   Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)
gckfcpPolicyInputList :: Lens' GetContextKeysForCustomPolicy [Text]

-- | Creates a value of <a>GetContextKeysForPolicyResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gckfpContextKeyNames</a> - The list of context keys that are
--   referenced in the input policies.</li>
--   </ul>
getContextKeysForPolicyResponse :: GetContextKeysForPolicyResponse

-- | Contains the response to a successful
--   <tt>GetContextKeysForPrincipalPolicy</tt> or
--   <tt>GetContextKeysForCustomPolicy</tt> request.
--   
--   <i>See:</i> <a>getContextKeysForPolicyResponse</a> smart constructor.
data GetContextKeysForPolicyResponse

-- | The list of context keys that are referenced in the input policies.
gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text]
instance GHC.Generics.Generic Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy
instance Data.Data.Data Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy
instance GHC.Show.Show Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy
instance GHC.Read.Read Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy
instance GHC.Classes.Eq Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetContextKeysForCustomPolicy.GetContextKeysForCustomPolicy


-- | Retrieves information about IAM entity usage and IAM quotas in the AWS
--   account.
--   
--   For information about limitations on IAM entities, see <a>Limitations
--   on IAM Entities</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.GetAccountSummary

-- | Creates a value of <a>GetAccountSummary</a> with the minimum fields
--   required to make a request.
getAccountSummary :: GetAccountSummary

-- | <i>See:</i> <a>getAccountSummary</a> smart constructor.
data GetAccountSummary

-- | Creates a value of <a>GetAccountSummaryResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gasrsSummaryMap</a> - A set of key value pairs containing
--   information about IAM entity usage and IAM quotas.</li>
--   <li><a>gasrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getAccountSummaryResponse :: Int -> GetAccountSummaryResponse

-- | Contains the response to a successful <a>GetAccountSummary</a>
--   request.
--   
--   <i>See:</i> <a>getAccountSummaryResponse</a> smart constructor.
data GetAccountSummaryResponse

-- | A set of key value pairs containing information about IAM entity usage
--   and IAM quotas.
gasrsSummaryMap :: Lens' GetAccountSummaryResponse (HashMap SummaryKeyType Int)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gasrsResponseStatus :: Lens' GetAccountSummaryResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.GetAccountSummary.GetAccountSummaryResponse
instance Data.Data.Data Network.AWS.IAM.GetAccountSummary.GetAccountSummaryResponse
instance GHC.Show.Show Network.AWS.IAM.GetAccountSummary.GetAccountSummaryResponse
instance GHC.Read.Read Network.AWS.IAM.GetAccountSummary.GetAccountSummaryResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetAccountSummary.GetAccountSummaryResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetAccountSummary.GetAccountSummary
instance Data.Data.Data Network.AWS.IAM.GetAccountSummary.GetAccountSummary
instance GHC.Show.Show Network.AWS.IAM.GetAccountSummary.GetAccountSummary
instance GHC.Read.Read Network.AWS.IAM.GetAccountSummary.GetAccountSummary
instance GHC.Classes.Eq Network.AWS.IAM.GetAccountSummary.GetAccountSummary
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetAccountSummary.GetAccountSummary
instance Control.DeepSeq.NFData Network.AWS.IAM.GetAccountSummary.GetAccountSummaryResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetAccountSummary.GetAccountSummary
instance Control.DeepSeq.NFData Network.AWS.IAM.GetAccountSummary.GetAccountSummary
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetAccountSummary.GetAccountSummary
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetAccountSummary.GetAccountSummary
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetAccountSummary.GetAccountSummary


-- | Retrieves the password policy for the AWS account. For more
--   information about using a password policy, go to <a>Managing an IAM
--   Password Policy</a> .
module Network.AWS.IAM.GetAccountPasswordPolicy

-- | Creates a value of <a>GetAccountPasswordPolicy</a> with the minimum
--   fields required to make a request.
getAccountPasswordPolicy :: GetAccountPasswordPolicy

-- | <i>See:</i> <a>getAccountPasswordPolicy</a> smart constructor.
data GetAccountPasswordPolicy

-- | Creates a value of <a>GetAccountPasswordPolicyResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gapprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>gapprsPasswordPolicy</a> - A structure that contains details
--   about the account's password policy.</li>
--   </ul>
getAccountPasswordPolicyResponse :: Int -> PasswordPolicy -> GetAccountPasswordPolicyResponse

-- | Contains the response to a successful <a>GetAccountPasswordPolicy</a>
--   request.
--   
--   <i>See:</i> <a>getAccountPasswordPolicyResponse</a> smart constructor.
data GetAccountPasswordPolicyResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gapprsResponseStatus :: Lens' GetAccountPasswordPolicyResponse Int

-- | A structure that contains details about the account's password policy.
gapprsPasswordPolicy :: Lens' GetAccountPasswordPolicyResponse PasswordPolicy
instance GHC.Generics.Generic Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicyResponse
instance Data.Data.Data Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy
instance Data.Data.Data Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy
instance GHC.Show.Show Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy
instance GHC.Read.Read Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy
instance GHC.Classes.Eq Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetAccountPasswordPolicy.GetAccountPasswordPolicy


-- | Retrieves information about all IAM users, groups, roles, and policies
--   in your AWS account, including their relationships to one another. Use
--   this API to obtain a snapshot of the configuration of IAM permissions
--   (users, groups, roles, and policies) in your account.
--   
--   You can optionally filter the results using the <tt>Filter</tt>
--   parameter. You can paginate the results using the <tt>MaxItems</tt>
--   and <tt>Marker</tt> parameters.
--   
--   This operation returns paginated results.
module Network.AWS.IAM.GetAccountAuthorizationDetails

-- | Creates a value of <a>GetAccountAuthorizationDetails</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gaadMarker</a> - Use this parameter only when paginating
--   results and only after you receive a response indicating that the
--   results are truncated. Set it to the value of the <tt>Marker</tt>
--   element in the response that you received to indicate where the next
--   call should start.</li>
--   <li><a>gaadMaxItems</a> - (Optional) Use this only when paginating
--   results to indicate the maximum number of items you want in the
--   response. If additional items exist beyond the maximum you specify,
--   the <tt>IsTruncated</tt> response element is <tt>true</tt> . If you do
--   not include this parameter, it defaults to 100. Note that IAM might
--   return fewer results, even when there are more results available. In
--   that case, the <tt>IsTruncated</tt> response element returns
--   <tt>true</tt> and <tt>Marker</tt> contains a value to include in the
--   subsequent call that tells the service where to continue from.</li>
--   <li><a>gaadFilter</a> - A list of entity types used to filter the
--   results. Only the entities that match the types you specify are
--   included in the output. Use the value <tt>LocalManagedPolicy</tt> to
--   include customer managed policies. The format for this parameter is a
--   comma-separated (if more than one) list of strings. Each string value
--   in the list must be one of the valid values listed below.</li>
--   </ul>
getAccountAuthorizationDetails :: GetAccountAuthorizationDetails

-- | <i>See:</i> <a>getAccountAuthorizationDetails</a> smart constructor.
data GetAccountAuthorizationDetails

-- | Use this parameter only when paginating results and only after you
--   receive a response indicating that the results are truncated. Set it
--   to the value of the <tt>Marker</tt> element in the response that you
--   received to indicate where the next call should start.
gaadMarker :: Lens' GetAccountAuthorizationDetails (Maybe Text)

-- | (Optional) Use this only when paginating results to indicate the
--   maximum number of items you want in the response. If additional items
--   exist beyond the maximum you specify, the <tt>IsTruncated</tt>
--   response element is <tt>true</tt> . If you do not include this
--   parameter, it defaults to 100. Note that IAM might return fewer
--   results, even when there are more results available. In that case, the
--   <tt>IsTruncated</tt> response element returns <tt>true</tt> and
--   <tt>Marker</tt> contains a value to include in the subsequent call
--   that tells the service where to continue from.
gaadMaxItems :: Lens' GetAccountAuthorizationDetails (Maybe Natural)

-- | A list of entity types used to filter the results. Only the entities
--   that match the types you specify are included in the output. Use the
--   value <tt>LocalManagedPolicy</tt> to include customer managed
--   policies. The format for this parameter is a comma-separated (if more
--   than one) list of strings. Each string value in the list must be one
--   of the valid values listed below.
gaadFilter :: Lens' GetAccountAuthorizationDetails [EntityType]

-- | Creates a value of <a>GetAccountAuthorizationDetailsResponse</a> with
--   the minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gaadrsRoleDetailList</a> - A list containing information about
--   IAM roles.</li>
--   <li><a>gaadrsGroupDetailList</a> - A list containing information about
--   IAM groups.</li>
--   <li><a>gaadrsUserDetailList</a> - A list containing information about
--   IAM users.</li>
--   <li><a>gaadrsMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>gaadrsIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   <li><a>gaadrsPolicies</a> - A list containing information about
--   managed policies.</li>
--   <li><a>gaadrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getAccountAuthorizationDetailsResponse :: Int -> GetAccountAuthorizationDetailsResponse

-- | Contains the response to a successful
--   <a>GetAccountAuthorizationDetails</a> request.
--   
--   <i>See:</i> <a>getAccountAuthorizationDetailsResponse</a> smart
--   constructor.
data GetAccountAuthorizationDetailsResponse

-- | A list containing information about IAM roles.
gaadrsRoleDetailList :: Lens' GetAccountAuthorizationDetailsResponse [RoleDetail]

-- | A list containing information about IAM groups.
gaadrsGroupDetailList :: Lens' GetAccountAuthorizationDetailsResponse [GroupDetail]

-- | A list containing information about IAM users.
gaadrsUserDetailList :: Lens' GetAccountAuthorizationDetailsResponse [UserDetail]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
gaadrsMarker :: Lens' GetAccountAuthorizationDetailsResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
gaadrsIsTruncated :: Lens' GetAccountAuthorizationDetailsResponse (Maybe Bool)

-- | A list containing information about managed policies.
gaadrsPolicies :: Lens' GetAccountAuthorizationDetailsResponse [ManagedPolicyDetail]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gaadrsResponseStatus :: Lens' GetAccountAuthorizationDetailsResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetailsResponse
instance Data.Data.Data Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetailsResponse
instance GHC.Show.Show Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetailsResponse
instance GHC.Read.Read Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetailsResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetailsResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance Data.Data.Data Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance GHC.Show.Show Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance GHC.Read.Read Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance GHC.Classes.Eq Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance Control.DeepSeq.NFData Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetailsResponse
instance Network.AWS.Pager.AWSPager Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance Control.DeepSeq.NFData Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetAccountAuthorizationDetails.GetAccountAuthorizationDetails


-- | Retrieves information about when the specified access key was last
--   used. The information includes the date and time of last use, along
--   with the AWS service and region that were specified in the last
--   request made with that key.
module Network.AWS.IAM.GetAccessKeyLastUsed

-- | Creates a value of <a>GetAccessKeyLastUsed</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gakluAccessKeyId</a> - The identifier of an access key. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters that can consist of any upper or lowercased letter or
--   digit.</li>
--   </ul>
getAccessKeyLastUsed :: AccessKey -> GetAccessKeyLastUsed

-- | <i>See:</i> <a>getAccessKeyLastUsed</a> smart constructor.
data GetAccessKeyLastUsed

-- | The identifier of an access key. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters that can consist of any
--   upper or lowercased letter or digit.
gakluAccessKeyId :: Lens' GetAccessKeyLastUsed AccessKey

-- | Creates a value of <a>GetAccessKeyLastUsedResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gaklursUserName</a> - The name of the AWS IAM user that owns
--   this access key.</li>
--   <li><a>gaklursAccessKeyLastUsed</a> - Contains information about the
--   last time the access key was used.</li>
--   <li><a>gaklursResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getAccessKeyLastUsedResponse :: Int -> GetAccessKeyLastUsedResponse

-- | Contains the response to a successful <a>GetAccessKeyLastUsed</a>
--   request. It is also returned as a member of the
--   <tt>AccessKeyMetaData</tt> structure returned by the
--   <tt>ListAccessKeys</tt> action.
--   
--   <i>See:</i> <a>getAccessKeyLastUsedResponse</a> smart constructor.
data GetAccessKeyLastUsedResponse

-- | The name of the AWS IAM user that owns this access key.
gaklursUserName :: Lens' GetAccessKeyLastUsedResponse (Maybe Text)

-- | Contains information about the last time the access key was used.
gaklursAccessKeyLastUsed :: Lens' GetAccessKeyLastUsedResponse (Maybe AccessKeyLastUsed)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gaklursResponseStatus :: Lens' GetAccessKeyLastUsedResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsedResponse
instance Data.Data.Data Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsedResponse
instance GHC.Show.Show Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsedResponse
instance GHC.Read.Read Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsedResponse
instance GHC.Classes.Eq Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsedResponse
instance GHC.Generics.Generic Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed
instance Data.Data.Data Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed
instance GHC.Show.Show Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed
instance GHC.Read.Read Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed
instance GHC.Classes.Eq Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed
instance Control.DeepSeq.NFData Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsedResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed
instance Control.DeepSeq.NFData Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GetAccessKeyLastUsed.GetAccessKeyLastUsed


-- | Generates a credential report for the AWS account. For more
--   information about the credential report, see <a>Getting Credential
--   Reports</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.GenerateCredentialReport

-- | Creates a value of <a>GenerateCredentialReport</a> with the minimum
--   fields required to make a request.
generateCredentialReport :: GenerateCredentialReport

-- | <i>See:</i> <a>generateCredentialReport</a> smart constructor.
data GenerateCredentialReport

-- | Creates a value of <a>GenerateCredentialReportResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gcrrsState</a> - Information about the state of the credential
--   report.</li>
--   <li><a>gcrrsDescription</a> - Information about the credential
--   report.</li>
--   <li><a>gcrrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
generateCredentialReportResponse :: Int -> GenerateCredentialReportResponse

-- | Contains the response to a successful <a>GenerateCredentialReport</a>
--   request.
--   
--   <i>See:</i> <a>generateCredentialReportResponse</a> smart constructor.
data GenerateCredentialReportResponse

-- | Information about the state of the credential report.
gcrrsState :: Lens' GenerateCredentialReportResponse (Maybe ReportStateType)

-- | Information about the credential report.
gcrrsDescription :: Lens' GenerateCredentialReportResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gcrrsResponseStatus :: Lens' GenerateCredentialReportResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReportResponse
instance Data.Data.Data Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReportResponse
instance GHC.Show.Show Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReportResponse
instance GHC.Read.Read Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReportResponse
instance GHC.Classes.Eq Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReportResponse
instance GHC.Generics.Generic Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport
instance Data.Data.Data Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport
instance GHC.Show.Show Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport
instance GHC.Read.Read Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport
instance GHC.Classes.Eq Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport
instance Control.DeepSeq.NFData Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReportResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport
instance Control.DeepSeq.NFData Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.GenerateCredentialReport.GenerateCredentialReport


-- | Enables the specified MFA device and associates it with the specified
--   IAM user. When enabled, the MFA device is required for every
--   subsequent login by the IAM user associated with the device.
module Network.AWS.IAM.EnableMFADevice

-- | Creates a value of <a>EnableMFADevice</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>emdUserName</a> - The name of the IAM user for whom you want to
--   enable the MFA device. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   <li><a>emdSerialNumber</a> - The serial number that uniquely
--   identifies the MFA device. For virtual MFA devices, the serial number
--   is the device ARN. This parameter allows (per its <a>regex pattern</a>
--   ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: =,.@:/-</li>
--   <li><a>emdAuthenticationCode1</a> - An authentication code emitted by
--   the device. The format for this parameter is a string of six digits.
--   <i>Important:</i> Submit your request immediately after generating the
--   authentication codes. If you generate the codes and then wait too long
--   to submit the request, the MFA device successfully associates with the
--   user but the MFA device becomes out of sync. This happens because
--   time-based one-time passwords (TOTP) expire after a short period of
--   time. If this happens, you can <a>resync the device</a> .</li>
--   <li><a>emdAuthenticationCode2</a> - A subsequent authentication code
--   emitted by the device. The format for this parameter is a string of
--   six digits. <i>Important:</i> Submit your request immediately after
--   generating the authentication codes. If you generate the codes and
--   then wait too long to submit the request, the MFA device successfully
--   associates with the user but the MFA device becomes out of sync. This
--   happens because time-based one-time passwords (TOTP) expire after a
--   short period of time. If this happens, you can <a>resync the
--   device</a> .</li>
--   </ul>
enableMFADevice :: Text -> Text -> Text -> Text -> EnableMFADevice

-- | <i>See:</i> <a>enableMFADevice</a> smart constructor.
data EnableMFADevice

-- | The name of the IAM user for whom you want to enable the MFA device.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
emdUserName :: Lens' EnableMFADevice Text

-- | The serial number that uniquely identifies the MFA device. For virtual
--   MFA devices, the serial number is the device ARN. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: =,.@:/-
emdSerialNumber :: Lens' EnableMFADevice Text

-- | An authentication code emitted by the device. The format for this
--   parameter is a string of six digits. <i>Important:</i> Submit your
--   request immediately after generating the authentication codes. If you
--   generate the codes and then wait too long to submit the request, the
--   MFA device successfully associates with the user but the MFA device
--   becomes out of sync. This happens because time-based one-time
--   passwords (TOTP) expire after a short period of time. If this happens,
--   you can <a>resync the device</a> .
emdAuthenticationCode1 :: Lens' EnableMFADevice Text

-- | A subsequent authentication code emitted by the device. The format for
--   this parameter is a string of six digits. <i>Important:</i> Submit
--   your request immediately after generating the authentication codes. If
--   you generate the codes and then wait too long to submit the request,
--   the MFA device successfully associates with the user but the MFA
--   device becomes out of sync. This happens because time-based one-time
--   passwords (TOTP) expire after a short period of time. If this happens,
--   you can <a>resync the device</a> .
emdAuthenticationCode2 :: Lens' EnableMFADevice Text

-- | Creates a value of <a>EnableMFADeviceResponse</a> with the minimum
--   fields required to make a request.
enableMFADeviceResponse :: EnableMFADeviceResponse

-- | <i>See:</i> <a>enableMFADeviceResponse</a> smart constructor.
data EnableMFADeviceResponse
instance GHC.Generics.Generic Network.AWS.IAM.EnableMFADevice.EnableMFADeviceResponse
instance Data.Data.Data Network.AWS.IAM.EnableMFADevice.EnableMFADeviceResponse
instance GHC.Show.Show Network.AWS.IAM.EnableMFADevice.EnableMFADeviceResponse
instance GHC.Read.Read Network.AWS.IAM.EnableMFADevice.EnableMFADeviceResponse
instance GHC.Classes.Eq Network.AWS.IAM.EnableMFADevice.EnableMFADeviceResponse
instance GHC.Generics.Generic Network.AWS.IAM.EnableMFADevice.EnableMFADevice
instance Data.Data.Data Network.AWS.IAM.EnableMFADevice.EnableMFADevice
instance GHC.Show.Show Network.AWS.IAM.EnableMFADevice.EnableMFADevice
instance GHC.Read.Read Network.AWS.IAM.EnableMFADevice.EnableMFADevice
instance GHC.Classes.Eq Network.AWS.IAM.EnableMFADevice.EnableMFADevice
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.EnableMFADevice.EnableMFADevice
instance Control.DeepSeq.NFData Network.AWS.IAM.EnableMFADevice.EnableMFADeviceResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.EnableMFADevice.EnableMFADevice
instance Control.DeepSeq.NFData Network.AWS.IAM.EnableMFADevice.EnableMFADevice
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.EnableMFADevice.EnableMFADevice
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.EnableMFADevice.EnableMFADevice
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.EnableMFADevice.EnableMFADevice


-- | Removes the specified managed policy from the specified user.
--   
--   A user can also have inline policies embedded with it. To delete an
--   inline policy, use the <tt>DeleteUserPolicy</tt> API. For information
--   about policies, see <a>Managed Policies and Inline Policies</a> in the
--   <i>IAM User Guide</i> .
module Network.AWS.IAM.DetachUserPolicy

-- | Creates a value of <a>DetachUserPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dUserName</a> - The name (friendly name, not ARN) of the IAM
--   user to detach the policy from. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   <li><a>dPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy you want to detach. For more information about ARNs, see
--   <a>Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the
--   <i>AWS General Reference</i> .</li>
--   </ul>
detachUserPolicy :: Text -> Text -> DetachUserPolicy

-- | <i>See:</i> <a>detachUserPolicy</a> smart constructor.
data DetachUserPolicy

-- | The name (friendly name, not ARN) of the IAM user to detach the policy
--   from. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
dUserName :: Lens' DetachUserPolicy Text

-- | The Amazon Resource Name (ARN) of the IAM policy you want to detach.
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> in the <i>AWS General Reference</i> .
dPolicyARN :: Lens' DetachUserPolicy Text

-- | Creates a value of <a>DetachUserPolicyResponse</a> with the minimum
--   fields required to make a request.
detachUserPolicyResponse :: DetachUserPolicyResponse

-- | <i>See:</i> <a>detachUserPolicyResponse</a> smart constructor.
data DetachUserPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DetachUserPolicy.DetachUserPolicyResponse
instance Data.Data.Data Network.AWS.IAM.DetachUserPolicy.DetachUserPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.DetachUserPolicy.DetachUserPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.DetachUserPolicy.DetachUserPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.DetachUserPolicy.DetachUserPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy
instance Data.Data.Data Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy
instance GHC.Show.Show Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy
instance GHC.Read.Read Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy
instance GHC.Classes.Eq Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DetachUserPolicy.DetachUserPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DetachUserPolicy.DetachUserPolicy


-- | Removes the specified managed policy from the specified role.
--   
--   A role can also have inline policies embedded with it. To delete an
--   inline policy, use the <tt>DeleteRolePolicy</tt> API. For information
--   about policies, see <a>Managed Policies and Inline Policies</a> in the
--   <i>IAM User Guide</i> .
module Network.AWS.IAM.DetachRolePolicy

-- | Creates a value of <a>DetachRolePolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>drpRoleName</a> - The name (friendly name, not ARN) of the IAM
--   role to detach the policy from. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   <li><a>drpPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy you want to detach. For more information about ARNs, see
--   <a>Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the
--   <i>AWS General Reference</i> .</li>
--   </ul>
detachRolePolicy :: Text -> Text -> DetachRolePolicy

-- | <i>See:</i> <a>detachRolePolicy</a> smart constructor.
data DetachRolePolicy

-- | The name (friendly name, not ARN) of the IAM role to detach the policy
--   from. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
drpRoleName :: Lens' DetachRolePolicy Text

-- | The Amazon Resource Name (ARN) of the IAM policy you want to detach.
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> in the <i>AWS General Reference</i> .
drpPolicyARN :: Lens' DetachRolePolicy Text

-- | Creates a value of <a>DetachRolePolicyResponse</a> with the minimum
--   fields required to make a request.
detachRolePolicyResponse :: DetachRolePolicyResponse

-- | <i>See:</i> <a>detachRolePolicyResponse</a> smart constructor.
data DetachRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DetachRolePolicy.DetachRolePolicyResponse
instance Data.Data.Data Network.AWS.IAM.DetachRolePolicy.DetachRolePolicyResponse
instance GHC.Show.Show Network.AWS.IAM.DetachRolePolicy.DetachRolePolicyResponse
instance GHC.Read.Read Network.AWS.IAM.DetachRolePolicy.DetachRolePolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.DetachRolePolicy.DetachRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy
instance Data.Data.Data Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy
instance GHC.Show.Show Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy
instance GHC.Read.Read Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy
instance GHC.Classes.Eq Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DetachRolePolicy.DetachRolePolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DetachRolePolicy.DetachRolePolicy


-- | Removes the specified managed policy from the specified IAM group.
--   
--   A group can also have inline policies embedded with it. To delete an
--   inline policy, use the <tt>DeleteGroupPolicy</tt> API. For information
--   about policies, see <a>Managed Policies and Inline Policies</a> in the
--   <i>IAM User Guide</i> .
module Network.AWS.IAM.DetachGroupPolicy

-- | Creates a value of <a>DetachGroupPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dgpGroupName</a> - The name (friendly name, not ARN) of the IAM
--   group to detach the policy from. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   <li><a>dgpPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy you want to detach. For more information about ARNs, see
--   <a>Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the
--   <i>AWS General Reference</i> .</li>
--   </ul>
detachGroupPolicy :: Text -> Text -> DetachGroupPolicy

-- | <i>See:</i> <a>detachGroupPolicy</a> smart constructor.
data DetachGroupPolicy

-- | The name (friendly name, not ARN) of the IAM group to detach the
--   policy from. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
dgpGroupName :: Lens' DetachGroupPolicy Text

-- | The Amazon Resource Name (ARN) of the IAM policy you want to detach.
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> in the <i>AWS General Reference</i> .
dgpPolicyARN :: Lens' DetachGroupPolicy Text

-- | Creates a value of <a>DetachGroupPolicyResponse</a> with the minimum
--   fields required to make a request.
detachGroupPolicyResponse :: DetachGroupPolicyResponse

-- | <i>See:</i> <a>detachGroupPolicyResponse</a> smart constructor.
data DetachGroupPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicyResponse
instance Data.Data.Data Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy
instance Data.Data.Data Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy
instance GHC.Show.Show Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy
instance GHC.Read.Read Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy
instance GHC.Classes.Eq Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DetachGroupPolicy.DetachGroupPolicy


-- | Deletes a virtual MFA device.
module Network.AWS.IAM.DeleteVirtualMFADevice

-- | Creates a value of <a>DeleteVirtualMFADevice</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dvmdSerialNumber</a> - The serial number that uniquely
--   identifies the MFA device. For virtual MFA devices, the serial number
--   is the same as the ARN. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: =,.@:/-</li>
--   </ul>
deleteVirtualMFADevice :: Text -> DeleteVirtualMFADevice

-- | <i>See:</i> <a>deleteVirtualMFADevice</a> smart constructor.
data DeleteVirtualMFADevice

-- | The serial number that uniquely identifies the MFA device. For virtual
--   MFA devices, the serial number is the same as the ARN. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: =,.@:/-
dvmdSerialNumber :: Lens' DeleteVirtualMFADevice Text

-- | Creates a value of <a>DeleteVirtualMFADeviceResponse</a> with the
--   minimum fields required to make a request.
deleteVirtualMFADeviceResponse :: DeleteVirtualMFADeviceResponse

-- | <i>See:</i> <a>deleteVirtualMFADeviceResponse</a> smart constructor.
data DeleteVirtualMFADeviceResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADeviceResponse
instance Data.Data.Data Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADeviceResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADeviceResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADeviceResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADeviceResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice
instance Data.Data.Data Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice
instance GHC.Show.Show Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice
instance GHC.Read.Read Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice
instance GHC.Classes.Eq Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADeviceResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteVirtualMFADevice.DeleteVirtualMFADevice


-- | Deletes the specified inline policy that is embedded in the specified
--   IAM user.
--   
--   A user can also have managed policies attached to it. To detach a
--   managed policy from a user, use <tt>DetachUserPolicy</tt> . For more
--   information about policies, refer to <a>Managed Policies and Inline
--   Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.DeleteUserPolicy

-- | Creates a value of <a>DeleteUserPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dupUserName</a> - The name (friendly name, not ARN) identifying
--   the user that the policy is embedded in. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-</li>
--   <li><a>dupPolicyName</a> - The name identifying the policy document to
--   delete. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   </ul>
deleteUserPolicy :: Text -> Text -> DeleteUserPolicy

-- | <i>See:</i> <a>deleteUserPolicy</a> smart constructor.
data DeleteUserPolicy

-- | The name (friendly name, not ARN) identifying the user that the policy
--   is embedded in. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
dupUserName :: Lens' DeleteUserPolicy Text

-- | The name identifying the policy document to delete. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
dupPolicyName :: Lens' DeleteUserPolicy Text

-- | Creates a value of <a>DeleteUserPolicyResponse</a> with the minimum
--   fields required to make a request.
deleteUserPolicyResponse :: DeleteUserPolicyResponse

-- | <i>See:</i> <a>deleteUserPolicyResponse</a> smart constructor.
data DeleteUserPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicyResponse
instance Data.Data.Data Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy
instance Data.Data.Data Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy
instance GHC.Show.Show Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy
instance GHC.Read.Read Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy
instance GHC.Classes.Eq Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteUserPolicy.DeleteUserPolicy


-- | Deletes the specified IAM user. The user must not belong to any groups
--   or have any access keys, signing certificates, or attached policies.
module Network.AWS.IAM.DeleteUser

-- | Creates a value of <a>DeleteUser</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>duUserName</a> - The name of the user to delete. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
deleteUser :: Text -> DeleteUser

-- | <i>See:</i> <a>deleteUser</a> smart constructor.
data DeleteUser

-- | The name of the user to delete. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
duUserName :: Lens' DeleteUser Text

-- | Creates a value of <a>DeleteUserResponse</a> with the minimum fields
--   required to make a request.
deleteUserResponse :: DeleteUserResponse

-- | <i>See:</i> <a>deleteUserResponse</a> smart constructor.
data DeleteUserResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteUser.DeleteUserResponse
instance Data.Data.Data Network.AWS.IAM.DeleteUser.DeleteUserResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteUser.DeleteUserResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteUser.DeleteUserResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteUser.DeleteUserResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteUser.DeleteUser
instance Data.Data.Data Network.AWS.IAM.DeleteUser.DeleteUser
instance GHC.Show.Show Network.AWS.IAM.DeleteUser.DeleteUser
instance GHC.Read.Read Network.AWS.IAM.DeleteUser.DeleteUser
instance GHC.Classes.Eq Network.AWS.IAM.DeleteUser.DeleteUser
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteUser.DeleteUser
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteUser.DeleteUserResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteUser.DeleteUser
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteUser.DeleteUser
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteUser.DeleteUser
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteUser.DeleteUser
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteUser.DeleteUser


-- | Deletes a signing certificate associated with the specified IAM user.
--   
--   If you do not specify a user name, IAM determines the user name
--   implicitly based on the AWS access key ID signing the request. Because
--   this operation works for access keys under the AWS account, you can
--   use this operation to manage AWS account root user credentials even if
--   the AWS account has no associated IAM users.
module Network.AWS.IAM.DeleteSigningCertificate

-- | Creates a value of <a>DeleteSigningCertificate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dscUserName</a> - The name of the user the signing certificate
--   belongs to. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>dscCertificateId</a> - The ID of the signing certificate to
--   delete. The format of this parameter, as described by its <a>regex</a>
--   pattern, is a string of characters that can be upper- or lower-cased
--   letters or digits.</li>
--   </ul>
deleteSigningCertificate :: Text -> DeleteSigningCertificate

-- | <i>See:</i> <a>deleteSigningCertificate</a> smart constructor.
data DeleteSigningCertificate

-- | The name of the user the signing certificate belongs to. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
dscUserName :: Lens' DeleteSigningCertificate (Maybe Text)

-- | The ID of the signing certificate to delete. The format of this
--   parameter, as described by its <a>regex</a> pattern, is a string of
--   characters that can be upper- or lower-cased letters or digits.
dscCertificateId :: Lens' DeleteSigningCertificate Text

-- | Creates a value of <a>DeleteSigningCertificateResponse</a> with the
--   minimum fields required to make a request.
deleteSigningCertificateResponse :: DeleteSigningCertificateResponse

-- | <i>See:</i> <a>deleteSigningCertificateResponse</a> smart constructor.
data DeleteSigningCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificateResponse
instance Data.Data.Data Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificateResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificateResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificateResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate
instance Data.Data.Data Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate
instance GHC.Show.Show Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate
instance GHC.Read.Read Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate
instance GHC.Classes.Eq Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteSigningCertificate.DeleteSigningCertificate


-- | Deletes the specified service-specific credential.
module Network.AWS.IAM.DeleteServiceSpecificCredential

-- | Creates a value of <a>DeleteServiceSpecificCredential</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dsscUserName</a> - The name of the IAM user associated with the
--   service-specific credential. If this value is not specified, then the
--   operation assumes the user whose credentials are used to call the
--   operation. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>dsscServiceSpecificCredentialId</a> - The unique identifier of
--   the service-specific credential. You can get this value by calling
--   <tt>ListServiceSpecificCredentials</tt> . This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters that can consist of
--   any upper or lowercased letter or digit.</li>
--   </ul>
deleteServiceSpecificCredential :: Text -> DeleteServiceSpecificCredential

-- | <i>See:</i> <a>deleteServiceSpecificCredential</a> smart constructor.
data DeleteServiceSpecificCredential

-- | The name of the IAM user associated with the service-specific
--   credential. If this value is not specified, then the operation assumes
--   the user whose credentials are used to call the operation. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
dsscUserName :: Lens' DeleteServiceSpecificCredential (Maybe Text)

-- | The unique identifier of the service-specific credential. You can get
--   this value by calling <tt>ListServiceSpecificCredentials</tt> . This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters that can consist of any upper or lowercased letter or
--   digit.
dsscServiceSpecificCredentialId :: Lens' DeleteServiceSpecificCredential Text

-- | Creates a value of <a>DeleteServiceSpecificCredentialResponse</a> with
--   the minimum fields required to make a request.
deleteServiceSpecificCredentialResponse :: DeleteServiceSpecificCredentialResponse

-- | <i>See:</i> <a>deleteServiceSpecificCredentialResponse</a> smart
--   constructor.
data DeleteServiceSpecificCredentialResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredentialResponse
instance Data.Data.Data Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredentialResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredentialResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredentialResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredentialResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential
instance Data.Data.Data Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential
instance GHC.Show.Show Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential
instance GHC.Read.Read Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential
instance GHC.Classes.Eq Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredentialResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteServiceSpecificCredential.DeleteServiceSpecificCredential


-- | Submits a service-linked role deletion request and returns a
--   <tt>DeletionTaskId</tt> , which you can use to check the status of the
--   deletion. Before you call this operation, confirm that the role has no
--   active sessions and that any resources used by the role in the linked
--   service are deleted. If you call this operation more than once for the
--   same service-linked role and an earlier deletion task is not complete,
--   then the <tt>DeletionTaskId</tt> of the earlier request is returned.
--   
--   If you submit a deletion request for a service-linked role whose
--   linked service is still accessing a resource, then the deletion task
--   fails. If it fails, the <tt>GetServiceLinkedRoleDeletionStatus</tt>
--   API operation returns the reason for the failure, usually including
--   the resources that must be deleted. To delete the service-linked role,
--   you must first remove those resources from the linked service and then
--   submit the deletion request again. Resources are specific to the
--   service that is linked to the role. For more information about
--   removing resources from a service, see the <a>AWS documentation</a>
--   for your service.
--   
--   For more information about service-linked roles, see <a>Roles Terms
--   and Concepts: AWS Service-Linked Role</a> in the <i>IAM User Guide</i>
--   .
module Network.AWS.IAM.DeleteServiceLinkedRole

-- | Creates a value of <a>DeleteServiceLinkedRole</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dslrRoleName</a> - The name of the service-linked role to be
--   deleted.</li>
--   </ul>
deleteServiceLinkedRole :: Text -> DeleteServiceLinkedRole

-- | <i>See:</i> <a>deleteServiceLinkedRole</a> smart constructor.
data DeleteServiceLinkedRole

-- | The name of the service-linked role to be deleted.
dslrRoleName :: Lens' DeleteServiceLinkedRole Text

-- | Creates a value of <a>DeleteServiceLinkedRoleResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dslrrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>dslrrsDeletionTaskId</a> - The deletion task identifier that
--   you can use to check the status of the deletion. This identifier is
--   returned in the format
--   <tt>task<i>aws-service-role</i><a>service-principal-name</a><i><a>role-name</a></i><a>task-uuid</a></tt>
--   .</li>
--   </ul>
deleteServiceLinkedRoleResponse :: Int -> Text -> DeleteServiceLinkedRoleResponse

-- | <i>See:</i> <a>deleteServiceLinkedRoleResponse</a> smart constructor.
data DeleteServiceLinkedRoleResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
dslrrsResponseStatus :: Lens' DeleteServiceLinkedRoleResponse Int

-- | The deletion task identifier that you can use to check the status of
--   the deletion. This identifier is returned in the format
--   <tt>task<i>aws-service-role</i><a>service-principal-name</a><i><a>role-name</a></i><a>task-uuid</a></tt>
--   .
dslrrsDeletionTaskId :: Lens' DeleteServiceLinkedRoleResponse Text
instance GHC.Generics.Generic Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRoleResponse
instance Data.Data.Data Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRoleResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRoleResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRoleResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRoleResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole
instance Data.Data.Data Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole
instance GHC.Show.Show Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole
instance GHC.Read.Read Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole
instance GHC.Classes.Eq Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRoleResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteServiceLinkedRole.DeleteServiceLinkedRole


-- | Deletes the specified server certificate.
--   
--   For more information about working with server certificates, see
--   <a>Working with Server Certificates</a> in the <i>IAM User Guide</i> .
--   This topic also includes a list of AWS services that can use the
--   server certificates that you manage with IAM.
--   
--   <i>Important:</i> If you are using a server certificate with Elastic
--   Load Balancing, deleting the certificate could have implications for
--   your application. If Elastic Load Balancing doesn't detect the
--   deletion of bound certificates, it may continue to use the
--   certificates. This could cause Elastic Load Balancing to stop
--   accepting traffic. We recommend that you remove the reference to the
--   certificate from Elastic Load Balancing before using this command to
--   delete the certificate. For more information, go to
--   <a>DeleteLoadBalancerListeners</a> in the <i>Elastic Load Balancing
--   API Reference</i> .
module Network.AWS.IAM.DeleteServerCertificate

-- | Creates a value of <a>DeleteServerCertificate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dscServerCertificateName</a> - The name of the server
--   certificate you want to delete. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   </ul>
deleteServerCertificate :: Text -> DeleteServerCertificate

-- | <i>See:</i> <a>deleteServerCertificate</a> smart constructor.
data DeleteServerCertificate

-- | The name of the server certificate you want to delete. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
dscServerCertificateName :: Lens' DeleteServerCertificate Text

-- | Creates a value of <a>DeleteServerCertificateResponse</a> with the
--   minimum fields required to make a request.
deleteServerCertificateResponse :: DeleteServerCertificateResponse

-- | <i>See:</i> <a>deleteServerCertificateResponse</a> smart constructor.
data DeleteServerCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificateResponse
instance Data.Data.Data Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificateResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificateResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificateResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate
instance Data.Data.Data Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate
instance GHC.Show.Show Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate
instance GHC.Read.Read Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate
instance GHC.Classes.Eq Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteServerCertificate.DeleteServerCertificate


-- | Deletes the specified SSH public key.
--   
--   The SSH public key deleted by this operation is used only for
--   authenticating the associated IAM user to an AWS CodeCommit
--   repository. For more information about using SSH keys to authenticate
--   to an AWS CodeCommit repository, see <a>Set up AWS CodeCommit for SSH
--   Connections</a> in the <i>AWS CodeCommit User Guide</i> .
module Network.AWS.IAM.DeleteSSHPublicKey

-- | Creates a value of <a>DeleteSSHPublicKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dspkUserName</a> - The name of the IAM user associated with the
--   SSH public key. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>dspkSSHPublicKeyId</a> - The unique identifier for the SSH
--   public key. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters that can consist of any upper or lowercased
--   letter or digit.</li>
--   </ul>
deleteSSHPublicKey :: Text -> Text -> DeleteSSHPublicKey

-- | <i>See:</i> <a>deleteSSHPublicKey</a> smart constructor.
data DeleteSSHPublicKey

-- | The name of the IAM user associated with the SSH public key. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
dspkUserName :: Lens' DeleteSSHPublicKey Text

-- | The unique identifier for the SSH public key. This parameter allows
--   (per its <a>regex pattern</a> ) a string of characters that can
--   consist of any upper or lowercased letter or digit.
dspkSSHPublicKeyId :: Lens' DeleteSSHPublicKey Text

-- | Creates a value of <a>DeleteSSHPublicKeyResponse</a> with the minimum
--   fields required to make a request.
deleteSSHPublicKeyResponse :: DeleteSSHPublicKeyResponse

-- | <i>See:</i> <a>deleteSSHPublicKeyResponse</a> smart constructor.
data DeleteSSHPublicKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKeyResponse
instance Data.Data.Data Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKeyResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKeyResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKeyResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey
instance Data.Data.Data Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey
instance GHC.Show.Show Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey
instance GHC.Read.Read Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey
instance GHC.Classes.Eq Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKeyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteSSHPublicKey.DeleteSSHPublicKey


-- | Deletes a SAML provider resource in IAM.
--   
--   Deleting the provider resource from IAM does not update any roles that
--   reference the SAML provider resource's ARN as a principal in their
--   trust policies. Any attempt to assume a role that references a
--   non-existent provider resource ARN fails.
module Network.AWS.IAM.DeleteSAMLProvider

-- | Creates a value of <a>DeleteSAMLProvider</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dsamlpSAMLProviderARN</a> - The Amazon Resource Name (ARN) of
--   the SAML provider to delete.</li>
--   </ul>
deleteSAMLProvider :: Text -> DeleteSAMLProvider

-- | <i>See:</i> <a>deleteSAMLProvider</a> smart constructor.
data DeleteSAMLProvider

-- | The Amazon Resource Name (ARN) of the SAML provider to delete.
dsamlpSAMLProviderARN :: Lens' DeleteSAMLProvider Text

-- | Creates a value of <a>DeleteSAMLProviderResponse</a> with the minimum
--   fields required to make a request.
deleteSAMLProviderResponse :: DeleteSAMLProviderResponse

-- | <i>See:</i> <a>deleteSAMLProviderResponse</a> smart constructor.
data DeleteSAMLProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProviderResponse
instance Data.Data.Data Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProviderResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProviderResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProviderResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider
instance Data.Data.Data Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider
instance GHC.Show.Show Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider
instance GHC.Read.Read Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider
instance GHC.Classes.Eq Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProviderResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteSAMLProvider.DeleteSAMLProvider


-- | Deletes the specified inline policy that is embedded in the specified
--   IAM role.
--   
--   A role can also have managed policies attached to it. To detach a
--   managed policy from a role, use <tt>DetachRolePolicy</tt> . For more
--   information about policies, refer to <a>Managed Policies and Inline
--   Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.DeleteRolePolicy

-- | Creates a value of <a>DeleteRolePolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>delRoleName</a> - The name (friendly name, not ARN) identifying
--   the role that the policy is embedded in. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-</li>
--   <li><a>delPolicyName</a> - The name of the inline policy to delete
--   from the specified IAM role. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   </ul>
deleteRolePolicy :: Text -> Text -> DeleteRolePolicy

-- | <i>See:</i> <a>deleteRolePolicy</a> smart constructor.
data DeleteRolePolicy

-- | The name (friendly name, not ARN) identifying the role that the policy
--   is embedded in. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
delRoleName :: Lens' DeleteRolePolicy Text

-- | The name of the inline policy to delete from the specified IAM role.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
delPolicyName :: Lens' DeleteRolePolicy Text

-- | Creates a value of <a>DeleteRolePolicyResponse</a> with the minimum
--   fields required to make a request.
deleteRolePolicyResponse :: DeleteRolePolicyResponse

-- | <i>See:</i> <a>deleteRolePolicyResponse</a> smart constructor.
data DeleteRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicyResponse
instance Data.Data.Data Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicyResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicyResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy
instance Data.Data.Data Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy
instance GHC.Show.Show Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy
instance GHC.Read.Read Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy
instance GHC.Classes.Eq Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteRolePolicy.DeleteRolePolicy


-- | Deletes the specified role. The role must not have any policies
--   attached. For more information about roles, go to <a>Working with
--   Roles</a> .
--   
--   <i>Important:</i> Make sure that you do not have any Amazon EC2
--   instances running with the role you are about to delete. Deleting a
--   role or instance profile that is associated with a running instance
--   will break any applications running on the instance.
module Network.AWS.IAM.DeleteRole

-- | Creates a value of <a>DeleteRole</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>drRoleName</a> - The name of the role to delete. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
deleteRole :: Text -> DeleteRole

-- | <i>See:</i> <a>deleteRole</a> smart constructor.
data DeleteRole

-- | The name of the role to delete. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
drRoleName :: Lens' DeleteRole Text

-- | Creates a value of <a>DeleteRoleResponse</a> with the minimum fields
--   required to make a request.
deleteRoleResponse :: DeleteRoleResponse

-- | <i>See:</i> <a>deleteRoleResponse</a> smart constructor.
data DeleteRoleResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteRole.DeleteRoleResponse
instance Data.Data.Data Network.AWS.IAM.DeleteRole.DeleteRoleResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteRole.DeleteRoleResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteRole.DeleteRoleResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteRole.DeleteRoleResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteRole.DeleteRole
instance Data.Data.Data Network.AWS.IAM.DeleteRole.DeleteRole
instance GHC.Show.Show Network.AWS.IAM.DeleteRole.DeleteRole
instance GHC.Read.Read Network.AWS.IAM.DeleteRole.DeleteRole
instance GHC.Classes.Eq Network.AWS.IAM.DeleteRole.DeleteRole
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteRole.DeleteRole
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteRole.DeleteRoleResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteRole.DeleteRole
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteRole.DeleteRole
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteRole.DeleteRole
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteRole.DeleteRole
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteRole.DeleteRole


-- | Deletes the specified version from the specified managed policy.
--   
--   You cannot delete the default version from a policy using this API. To
--   delete the default version from a policy, use <tt>DeletePolicy</tt> .
--   To find out which version of a policy is marked as the default
--   version, use <tt>ListPolicyVersions</tt> .
--   
--   For information about versions for managed policies, see <a>Versioning
--   for Managed Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.DeletePolicyVersion

-- | Creates a value of <a>DeletePolicyVersion</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dpvPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy from which you want to delete a version. For more information
--   about ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   <li><a>dpvVersionId</a> - The policy version to delete. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters that
--   consists of the lowercase letter <tt>v</tt> followed by one or two
--   digits, and optionally followed by a period <a>.</a> and a string of
--   letters and digits. For more information about managed policy
--   versions, see <a>Versioning for Managed Policies</a> in the <i>IAM
--   User Guide</i> .</li>
--   </ul>
deletePolicyVersion :: Text -> Text -> DeletePolicyVersion

-- | <i>See:</i> <a>deletePolicyVersion</a> smart constructor.
data DeletePolicyVersion

-- | The Amazon Resource Name (ARN) of the IAM policy from which you want
--   to delete a version. For more information about ARNs, see <a>Amazon
--   Resource Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS
--   General Reference</i> .
dpvPolicyARN :: Lens' DeletePolicyVersion Text

-- | The policy version to delete. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters that consists of the lowercase
--   letter <tt>v</tt> followed by one or two digits, and optionally
--   followed by a period <a>.</a> and a string of letters and digits. For
--   more information about managed policy versions, see <a>Versioning for
--   Managed Policies</a> in the <i>IAM User Guide</i> .
dpvVersionId :: Lens' DeletePolicyVersion Text

-- | Creates a value of <a>DeletePolicyVersionResponse</a> with the minimum
--   fields required to make a request.
deletePolicyVersionResponse :: DeletePolicyVersionResponse

-- | <i>See:</i> <a>deletePolicyVersionResponse</a> smart constructor.
data DeletePolicyVersionResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersionResponse
instance Data.Data.Data Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersionResponse
instance GHC.Show.Show Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersionResponse
instance GHC.Read.Read Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersionResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersionResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion
instance Data.Data.Data Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion
instance GHC.Show.Show Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion
instance GHC.Read.Read Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion
instance GHC.Classes.Eq Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion
instance Control.DeepSeq.NFData Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersionResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion
instance Control.DeepSeq.NFData Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeletePolicyVersion.DeletePolicyVersion


-- | Deletes the specified managed policy.
--   
--   Before you can delete a managed policy, you must first detach the
--   policy from all users, groups, and roles that it is attached to. In
--   addition you must delete all the policy's versions. The following
--   steps describe the process for deleting a managed policy:
--   
--   <ul>
--   <li>Detach the policy from all users, groups, and roles that the
--   policy is attached to, using the <tt>DetachUserPolicy</tt> ,
--   <tt>DetachGroupPolicy</tt> , or <tt>DetachRolePolicy</tt> API
--   operations. To list all the users, groups, and roles that a policy is
--   attached to, use <tt>ListEntitiesForPolicy</tt> .</li>
--   <li>Delete all versions of the policy using
--   <tt>DeletePolicyVersion</tt> . To list the policy's versions, use
--   <tt>ListPolicyVersions</tt> . You cannot use
--   <tt>DeletePolicyVersion</tt> to delete the version that is marked as
--   the default version. You delete the policy's default version in the
--   next step of the process.</li>
--   <li>Delete the policy (this automatically deletes the policy's default
--   version) using this API.</li>
--   </ul>
--   
--   For information about managed policies, see <a>Managed Policies and
--   Inline Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.DeletePolicy

-- | Creates a value of <a>DeletePolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dpPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy you want to delete. For more information about ARNs, see
--   <a>Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the
--   <i>AWS General Reference</i> .</li>
--   </ul>
deletePolicy :: Text -> DeletePolicy

-- | <i>See:</i> <a>deletePolicy</a> smart constructor.
data DeletePolicy

-- | The Amazon Resource Name (ARN) of the IAM policy you want to delete.
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> in the <i>AWS General Reference</i> .
dpPolicyARN :: Lens' DeletePolicy Text

-- | Creates a value of <a>DeletePolicyResponse</a> with the minimum fields
--   required to make a request.
deletePolicyResponse :: DeletePolicyResponse

-- | <i>See:</i> <a>deletePolicyResponse</a> smart constructor.
data DeletePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeletePolicy.DeletePolicyResponse
instance Data.Data.Data Network.AWS.IAM.DeletePolicy.DeletePolicyResponse
instance GHC.Show.Show Network.AWS.IAM.DeletePolicy.DeletePolicyResponse
instance GHC.Read.Read Network.AWS.IAM.DeletePolicy.DeletePolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeletePolicy.DeletePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeletePolicy.DeletePolicy
instance Data.Data.Data Network.AWS.IAM.DeletePolicy.DeletePolicy
instance GHC.Show.Show Network.AWS.IAM.DeletePolicy.DeletePolicy
instance GHC.Read.Read Network.AWS.IAM.DeletePolicy.DeletePolicy
instance GHC.Classes.Eq Network.AWS.IAM.DeletePolicy.DeletePolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeletePolicy.DeletePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DeletePolicy.DeletePolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeletePolicy.DeletePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DeletePolicy.DeletePolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeletePolicy.DeletePolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeletePolicy.DeletePolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeletePolicy.DeletePolicy


-- | Deletes an OpenID Connect identity provider (IdP) resource object in
--   IAM.
--   
--   Deleting an IAM OIDC provider resource does not update any roles that
--   reference the provider as a principal in their trust policies. Any
--   attempt to assume a role that references a deleted provider fails.
--   
--   This operation is idempotent; it does not fail or return an error if
--   you call the operation for a provider that does not exist.
module Network.AWS.IAM.DeleteOpenIdConnectProvider

-- | Creates a value of <a>DeleteOpenIdConnectProvider</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>doicpOpenIdConnectProviderARN</a> - The Amazon Resource Name
--   (ARN) of the IAM OpenID Connect provider resource object to delete.
--   You can get a list of OpenID Connect provider resource ARNs by using
--   the <tt>ListOpenIDConnectProviders</tt> operation.</li>
--   </ul>
deleteOpenIdConnectProvider :: Text -> DeleteOpenIdConnectProvider

-- | <i>See:</i> <a>deleteOpenIdConnectProvider</a> smart constructor.
data DeleteOpenIdConnectProvider

-- | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider
--   resource object to delete. You can get a list of OpenID Connect
--   provider resource ARNs by using the
--   <tt>ListOpenIDConnectProviders</tt> operation.
doicpOpenIdConnectProviderARN :: Lens' DeleteOpenIdConnectProvider Text

-- | Creates a value of <a>DeleteOpenIdConnectProviderResponse</a> with the
--   minimum fields required to make a request.
deleteOpenIdConnectProviderResponse :: DeleteOpenIdConnectProviderResponse

-- | <i>See:</i> <a>deleteOpenIdConnectProviderResponse</a> smart
--   constructor.
data DeleteOpenIdConnectProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProviderResponse
instance Data.Data.Data Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProviderResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProviderResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProviderResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider
instance Data.Data.Data Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider
instance GHC.Show.Show Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider
instance GHC.Read.Read Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider
instance GHC.Classes.Eq Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProviderResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteOpenIdConnectProvider.DeleteOpenIdConnectProvider


-- | Deletes the password for the specified IAM user, which terminates the
--   user's ability to access AWS services through the AWS Management
--   Console.
--   
--   <i>Important:</i> Deleting a user's password does not prevent a user
--   from accessing AWS through the command line interface or the API. To
--   prevent all user access you must also either make any access keys
--   inactive or delete them. For more information about making keys
--   inactive or deleting them, see <tt>UpdateAccessKey</tt> and
--   <tt>DeleteAccessKey</tt> .
module Network.AWS.IAM.DeleteLoginProfile

-- | Creates a value of <a>DeleteLoginProfile</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dlpUserName</a> - The name of the user whose password you want
--   to delete. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   </ul>
deleteLoginProfile :: Text -> DeleteLoginProfile

-- | <i>See:</i> <a>deleteLoginProfile</a> smart constructor.
data DeleteLoginProfile

-- | The name of the user whose password you want to delete. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
dlpUserName :: Lens' DeleteLoginProfile Text

-- | Creates a value of <a>DeleteLoginProfileResponse</a> with the minimum
--   fields required to make a request.
deleteLoginProfileResponse :: DeleteLoginProfileResponse

-- | <i>See:</i> <a>deleteLoginProfileResponse</a> smart constructor.
data DeleteLoginProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfileResponse
instance Data.Data.Data Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfileResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfileResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfileResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile
instance Data.Data.Data Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile
instance GHC.Show.Show Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile
instance GHC.Read.Read Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile
instance GHC.Classes.Eq Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfileResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteLoginProfile.DeleteLoginProfile


-- | Deletes the specified instance profile. The instance profile must not
--   have an associated role.
--   
--   <i>Important:</i> Make sure that you do not have any Amazon EC2
--   instances running with the instance profile you are about to delete.
--   Deleting a role or instance profile that is associated with a running
--   instance will break any applications running on the instance.
--   
--   For more information about instance profiles, go to <a>About Instance
--   Profiles</a> .
module Network.AWS.IAM.DeleteInstanceProfile

-- | Creates a value of <a>DeleteInstanceProfile</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dipInstanceProfileName</a> - The name of the instance profile
--   to delete. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   </ul>
deleteInstanceProfile :: Text -> DeleteInstanceProfile

-- | <i>See:</i> <a>deleteInstanceProfile</a> smart constructor.
data DeleteInstanceProfile

-- | The name of the instance profile to delete. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-
dipInstanceProfileName :: Lens' DeleteInstanceProfile Text

-- | Creates a value of <a>DeleteInstanceProfileResponse</a> with the
--   minimum fields required to make a request.
deleteInstanceProfileResponse :: DeleteInstanceProfileResponse

-- | <i>See:</i> <a>deleteInstanceProfileResponse</a> smart constructor.
data DeleteInstanceProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfileResponse
instance Data.Data.Data Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfileResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfileResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfileResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile
instance Data.Data.Data Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile
instance GHC.Show.Show Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile
instance GHC.Read.Read Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile
instance GHC.Classes.Eq Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfileResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteInstanceProfile.DeleteInstanceProfile


-- | Deletes the specified inline policy that is embedded in the specified
--   IAM group.
--   
--   A group can also have managed policies attached to it. To detach a
--   managed policy from a group, use <tt>DetachGroupPolicy</tt> . For more
--   information about policies, refer to <a>Managed Policies and Inline
--   Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.DeleteGroupPolicy

-- | Creates a value of <a>DeleteGroupPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dGroupName</a> - The name (friendly name, not ARN) identifying
--   the group that the policy is embedded in. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-</li>
--   <li><a>dPolicyName</a> - The name identifying the policy document to
--   delete. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   </ul>
deleteGroupPolicy :: Text -> Text -> DeleteGroupPolicy

-- | <i>See:</i> <a>deleteGroupPolicy</a> smart constructor.
data DeleteGroupPolicy

-- | The name (friendly name, not ARN) identifying the group that the
--   policy is embedded in. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-
dGroupName :: Lens' DeleteGroupPolicy Text

-- | The name identifying the policy document to delete. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
dPolicyName :: Lens' DeleteGroupPolicy Text

-- | Creates a value of <a>DeleteGroupPolicyResponse</a> with the minimum
--   fields required to make a request.
deleteGroupPolicyResponse :: DeleteGroupPolicyResponse

-- | <i>See:</i> <a>deleteGroupPolicyResponse</a> smart constructor.
data DeleteGroupPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicyResponse
instance Data.Data.Data Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy
instance Data.Data.Data Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy
instance GHC.Show.Show Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy
instance GHC.Read.Read Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy
instance GHC.Classes.Eq Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteGroupPolicy.DeleteGroupPolicy


-- | Deletes the specified IAM group. The group must not contain any users
--   or have any attached policies.
module Network.AWS.IAM.DeleteGroup

-- | Creates a value of <a>DeleteGroup</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dgGroupName</a> - The name of the IAM group to delete. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
deleteGroup :: Text -> DeleteGroup

-- | <i>See:</i> <a>deleteGroup</a> smart constructor.
data DeleteGroup

-- | The name of the IAM group to delete. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
dgGroupName :: Lens' DeleteGroup Text

-- | Creates a value of <a>DeleteGroupResponse</a> with the minimum fields
--   required to make a request.
deleteGroupResponse :: DeleteGroupResponse

-- | <i>See:</i> <a>deleteGroupResponse</a> smart constructor.
data DeleteGroupResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteGroup.DeleteGroupResponse
instance Data.Data.Data Network.AWS.IAM.DeleteGroup.DeleteGroupResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteGroup.DeleteGroupResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteGroup.DeleteGroupResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteGroup.DeleteGroupResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteGroup.DeleteGroup
instance Data.Data.Data Network.AWS.IAM.DeleteGroup.DeleteGroup
instance GHC.Show.Show Network.AWS.IAM.DeleteGroup.DeleteGroup
instance GHC.Read.Read Network.AWS.IAM.DeleteGroup.DeleteGroup
instance GHC.Classes.Eq Network.AWS.IAM.DeleteGroup.DeleteGroup
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteGroup.DeleteGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteGroup.DeleteGroupResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteGroup.DeleteGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteGroup.DeleteGroup
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteGroup.DeleteGroup
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteGroup.DeleteGroup
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteGroup.DeleteGroup


-- | Deletes the password policy for the AWS account. There are no
--   parameters.
module Network.AWS.IAM.DeleteAccountPasswordPolicy

-- | Creates a value of <a>DeleteAccountPasswordPolicy</a> with the minimum
--   fields required to make a request.
deleteAccountPasswordPolicy :: DeleteAccountPasswordPolicy

-- | <i>See:</i> <a>deleteAccountPasswordPolicy</a> smart constructor.
data DeleteAccountPasswordPolicy

-- | Creates a value of <a>DeleteAccountPasswordPolicyResponse</a> with the
--   minimum fields required to make a request.
deleteAccountPasswordPolicyResponse :: DeleteAccountPasswordPolicyResponse

-- | <i>See:</i> <a>deleteAccountPasswordPolicyResponse</a> smart
--   constructor.
data DeleteAccountPasswordPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicyResponse
instance Data.Data.Data Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy
instance Data.Data.Data Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy
instance GHC.Show.Show Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy
instance GHC.Read.Read Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy
instance GHC.Classes.Eq Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteAccountPasswordPolicy.DeleteAccountPasswordPolicy


-- | Deletes the specified AWS account alias. For information about using
--   an AWS account alias, see <a>Using an Alias for Your AWS Account
--   ID</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.DeleteAccountAlias

-- | Creates a value of <a>DeleteAccountAlias</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>daaAccountAlias</a> - The name of the account alias to delete.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of lowercase letters, digits, and dashes. You
--   cannot start or finish with a dash, nor can you have two dashes in a
--   row.</li>
--   </ul>
deleteAccountAlias :: Text -> DeleteAccountAlias

-- | <i>See:</i> <a>deleteAccountAlias</a> smart constructor.
data DeleteAccountAlias

-- | The name of the account alias to delete. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of
--   lowercase letters, digits, and dashes. You cannot start or finish with
--   a dash, nor can you have two dashes in a row.
daaAccountAlias :: Lens' DeleteAccountAlias Text

-- | Creates a value of <a>DeleteAccountAliasResponse</a> with the minimum
--   fields required to make a request.
deleteAccountAliasResponse :: DeleteAccountAliasResponse

-- | <i>See:</i> <a>deleteAccountAliasResponse</a> smart constructor.
data DeleteAccountAliasResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAliasResponse
instance Data.Data.Data Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAliasResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAliasResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAliasResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAliasResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias
instance Data.Data.Data Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias
instance GHC.Show.Show Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias
instance GHC.Read.Read Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias
instance GHC.Classes.Eq Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAliasResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteAccountAlias.DeleteAccountAlias


-- | Deletes the access key pair associated with the specified IAM user.
--   
--   If you do not specify a user name, IAM determines the user name
--   implicitly based on the AWS access key ID signing the request. Because
--   this operation works for access keys under the AWS account, you can
--   use this operation to manage AWS account root user credentials even if
--   the AWS account has no associated users.
module Network.AWS.IAM.DeleteAccessKey

-- | Creates a value of <a>DeleteAccessKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dakUserName</a> - The name of the user whose access key pair
--   you want to delete. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   <li><a>dakAccessKeyId</a> - The access key ID for the access key ID
--   and secret access key you want to delete. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters that can consist of
--   any upper or lowercased letter or digit.</li>
--   </ul>
deleteAccessKey :: AccessKey -> DeleteAccessKey

-- | <i>See:</i> <a>deleteAccessKey</a> smart constructor.
data DeleteAccessKey

-- | The name of the user whose access key pair you want to delete. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
dakUserName :: Lens' DeleteAccessKey (Maybe Text)

-- | The access key ID for the access key ID and secret access key you want
--   to delete. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters that can consist of any upper or lowercased
--   letter or digit.
dakAccessKeyId :: Lens' DeleteAccessKey AccessKey

-- | Creates a value of <a>DeleteAccessKeyResponse</a> with the minimum
--   fields required to make a request.
deleteAccessKeyResponse :: DeleteAccessKeyResponse

-- | <i>See:</i> <a>deleteAccessKeyResponse</a> smart constructor.
data DeleteAccessKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteAccessKey.DeleteAccessKeyResponse
instance Data.Data.Data Network.AWS.IAM.DeleteAccessKey.DeleteAccessKeyResponse
instance GHC.Show.Show Network.AWS.IAM.DeleteAccessKey.DeleteAccessKeyResponse
instance GHC.Read.Read Network.AWS.IAM.DeleteAccessKey.DeleteAccessKeyResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeleteAccessKey.DeleteAccessKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey
instance Data.Data.Data Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey
instance GHC.Show.Show Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey
instance GHC.Read.Read Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey
instance GHC.Classes.Eq Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteAccessKey.DeleteAccessKeyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey
instance Control.DeepSeq.NFData Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeleteAccessKey.DeleteAccessKey


-- | Deactivates the specified MFA device and removes it from association
--   with the user name for which it was originally enabled.
--   
--   For more information about creating and working with virtual MFA
--   devices, go to <a>Using a Virtual MFA Device</a> in the <i>IAM User
--   Guide</i> .
module Network.AWS.IAM.DeactivateMFADevice

-- | Creates a value of <a>DeactivateMFADevice</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dmdUserName</a> - The name of the user whose MFA device you
--   want to deactivate. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   <li><a>dmdSerialNumber</a> - The serial number that uniquely
--   identifies the MFA device. For virtual MFA devices, the serial number
--   is the device ARN. This parameter allows (per its <a>regex pattern</a>
--   ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: =,.@:/-</li>
--   </ul>
deactivateMFADevice :: Text -> Text -> DeactivateMFADevice

-- | <i>See:</i> <a>deactivateMFADevice</a> smart constructor.
data DeactivateMFADevice

-- | The name of the user whose MFA device you want to deactivate. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
dmdUserName :: Lens' DeactivateMFADevice Text

-- | The serial number that uniquely identifies the MFA device. For virtual
--   MFA devices, the serial number is the device ARN. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: =,.@:/-
dmdSerialNumber :: Lens' DeactivateMFADevice Text

-- | Creates a value of <a>DeactivateMFADeviceResponse</a> with the minimum
--   fields required to make a request.
deactivateMFADeviceResponse :: DeactivateMFADeviceResponse

-- | <i>See:</i> <a>deactivateMFADeviceResponse</a> smart constructor.
data DeactivateMFADeviceResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADeviceResponse
instance Data.Data.Data Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADeviceResponse
instance GHC.Show.Show Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADeviceResponse
instance GHC.Read.Read Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADeviceResponse
instance GHC.Classes.Eq Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADeviceResponse
instance GHC.Generics.Generic Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice
instance Data.Data.Data Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice
instance GHC.Show.Show Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice
instance GHC.Read.Read Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice
instance GHC.Classes.Eq Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice
instance Control.DeepSeq.NFData Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADeviceResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice
instance Control.DeepSeq.NFData Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.DeactivateMFADevice.DeactivateMFADevice


-- | Creates a new virtual MFA device for the AWS account. After creating
--   the virtual MFA, use <tt>EnableMFADevice</tt> to attach the MFA device
--   to an IAM user. For more information about creating and working with
--   virtual MFA devices, go to <a>Using a Virtual MFA Device</a> in the
--   <i>IAM User Guide</i> .
--   
--   For information about limits on the number of MFA devices you can
--   create, see <a>Limitations on Entities</a> in the <i>IAM User
--   Guide</i> .
--   
--   <i>Important:</i> The seed information contained in the QR code and
--   the Base32 string should be treated like any other secret access
--   information, such as your AWS access keys or your passwords. After you
--   provision your virtual device, you should ensure that the information
--   is destroyed following secure procedures.
module Network.AWS.IAM.CreateVirtualMFADevice

-- | Creates a value of <a>CreateVirtualMFADevice</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cvmdPath</a> - The path for the virtual MFA device. For more
--   information about paths, see <a>IAM Identifiers</a> in the <i>IAM User
--   Guide</i> . This parameter is optional. If it is not included, it
--   defaults to a slash (<i>). This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>cvmdVirtualMFADeviceName</a> - The name of the virtual MFA
--   device. Use with path to uniquely identify a virtual MFA device. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
createVirtualMFADevice :: Text -> CreateVirtualMFADevice

-- | <i>See:</i> <a>createVirtualMFADevice</a> smart constructor.
data CreateVirtualMFADevice

-- | The path for the virtual MFA device. For more information about paths,
--   see <a>IAM Identifiers</a> in the <i>IAM User Guide</i> . This
--   parameter is optional. If it is not included, it defaults to a slash
--   (<i>). This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
cvmdPath :: Lens' CreateVirtualMFADevice (Maybe Text)

-- | The name of the virtual MFA device. Use with path to uniquely identify
--   a virtual MFA device. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-
cvmdVirtualMFADeviceName :: Lens' CreateVirtualMFADevice Text

-- | Creates a value of <a>CreateVirtualMFADeviceResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cvmdrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>cvmdrsVirtualMFADevice</a> - A structure containing details
--   about the new virtual MFA device.</li>
--   </ul>
createVirtualMFADeviceResponse :: Int -> VirtualMFADevice -> CreateVirtualMFADeviceResponse

-- | Contains the response to a successful <a>CreateVirtualMFADevice</a>
--   request.
--   
--   <i>See:</i> <a>createVirtualMFADeviceResponse</a> smart constructor.
data CreateVirtualMFADeviceResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
cvmdrsResponseStatus :: Lens' CreateVirtualMFADeviceResponse Int

-- | A structure containing details about the new virtual MFA device.
cvmdrsVirtualMFADevice :: Lens' CreateVirtualMFADeviceResponse VirtualMFADevice
instance GHC.Generics.Generic Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADeviceResponse
instance Data.Data.Data Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADeviceResponse
instance GHC.Show.Show Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADeviceResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADeviceResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice
instance Data.Data.Data Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice
instance GHC.Show.Show Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice
instance GHC.Read.Read Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice
instance GHC.Classes.Eq Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADeviceResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateVirtualMFADevice.CreateVirtualMFADevice


-- | Creates a new IAM user for your AWS account.
--   
--   For information about limitations on the number of IAM users you can
--   create, see <a>Limitations on IAM Entities</a> in the <i>IAM User
--   Guide</i> .
module Network.AWS.IAM.CreateUser

-- | Creates a value of <a>CreateUser</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cuPath</a> - The path for the user name. For more information
--   about paths, see <a>IAM Identifiers</a> in the <i>IAM User Guide</i> .
--   This parameter is optional. If it is not included, it defaults to a
--   slash (<i>). This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>cuUserName</a> - The name of the user to create. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-.
--   User names are not distinguished by case. For example, you cannot
--   create users named both <a>TESTUSER</a> and "testuser".</li>
--   </ul>
createUser :: Text -> CreateUser

-- | <i>See:</i> <a>createUser</a> smart constructor.
data CreateUser

-- | The path for the user name. For more information about paths, see
--   <a>IAM Identifiers</a> in the <i>IAM User Guide</i> . This parameter
--   is optional. If it is not included, it defaults to a slash (<i>). This
--   parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
cuPath :: Lens' CreateUser (Maybe Text)

-- | The name of the user to create. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-. User names are not
--   distinguished by case. For example, you cannot create users named both
--   <a>TESTUSER</a> and "testuser".
cuUserName :: Lens' CreateUser Text

-- | Creates a value of <a>CreateUserResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cursUser</a> - A structure with details about the new IAM
--   user.</li>
--   <li><a>cursResponseStatus</a> - -- | The response status code.</li>
--   </ul>
createUserResponse :: Int -> CreateUserResponse

-- | Contains the response to a successful <a>CreateUser</a> request.
--   
--   <i>See:</i> <a>createUserResponse</a> smart constructor.
data CreateUserResponse

-- | A structure with details about the new IAM user.
cursUser :: Lens' CreateUserResponse (Maybe User)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
cursResponseStatus :: Lens' CreateUserResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.CreateUser.CreateUserResponse
instance Data.Data.Data Network.AWS.IAM.CreateUser.CreateUserResponse
instance GHC.Show.Show Network.AWS.IAM.CreateUser.CreateUserResponse
instance GHC.Read.Read Network.AWS.IAM.CreateUser.CreateUserResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateUser.CreateUserResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateUser.CreateUser
instance Data.Data.Data Network.AWS.IAM.CreateUser.CreateUser
instance GHC.Show.Show Network.AWS.IAM.CreateUser.CreateUser
instance GHC.Read.Read Network.AWS.IAM.CreateUser.CreateUser
instance GHC.Classes.Eq Network.AWS.IAM.CreateUser.CreateUser
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateUser.CreateUser
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateUser.CreateUserResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateUser.CreateUser
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateUser.CreateUser
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateUser.CreateUser
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateUser.CreateUser
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateUser.CreateUser


-- | Generates a set of credentials consisting of a user name and password
--   that can be used to access the service specified in the request. These
--   credentials are generated by IAM, and can be used only for the
--   specified service.
--   
--   You can have a maximum of two sets of service-specific credentials for
--   each supported service per user.
--   
--   The only supported service at this time is AWS CodeCommit.
--   
--   You can reset the password to a new service-generated value by calling
--   <tt>ResetServiceSpecificCredential</tt> .
--   
--   For more information about service-specific credentials, see <a>Using
--   IAM with AWS CodeCommit: Git Credentials, SSH Keys, and AWS Access
--   Keys</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.CreateServiceSpecificCredential

-- | Creates a value of <a>CreateServiceSpecificCredential</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>csscUserName</a> - The name of the IAM user that is to be
--   associated with the credentials. The new service-specific credentials
--   have the same permissions as the associated user except that they can
--   be used only to access the specified service. This parameter allows
--   (per its <a>regex pattern</a> ) a string of characters consisting of
--   upper and lowercase alphanumeric characters with no spaces. You can
--   also include any of the following characters: _+=,.@-</li>
--   <li><a>csscServiceName</a> - The name of the AWS service that is to be
--   associated with the credentials. The service you specify here is the
--   only service that can be accessed using these credentials.</li>
--   </ul>
createServiceSpecificCredential :: Text -> Text -> CreateServiceSpecificCredential

-- | <i>See:</i> <a>createServiceSpecificCredential</a> smart constructor.
data CreateServiceSpecificCredential

-- | The name of the IAM user that is to be associated with the
--   credentials. The new service-specific credentials have the same
--   permissions as the associated user except that they can be used only
--   to access the specified service. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
csscUserName :: Lens' CreateServiceSpecificCredential Text

-- | The name of the AWS service that is to be associated with the
--   credentials. The service you specify here is the only service that can
--   be accessed using these credentials.
csscServiceName :: Lens' CreateServiceSpecificCredential Text

-- | Creates a value of <a>CreateServiceSpecificCredentialResponse</a> with
--   the minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>csscrsServiceSpecificCredential</a> - A structure that contains
--   information about the newly created service-specific credential.
--   <i>Important:</i> This is the only time that the password for this
--   credential set is available. It cannot be recovered later. Instead,
--   you will have to reset the password with
--   <tt>ResetServiceSpecificCredential</tt> .</li>
--   <li><a>csscrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
createServiceSpecificCredentialResponse :: Int -> CreateServiceSpecificCredentialResponse

-- | <i>See:</i> <a>createServiceSpecificCredentialResponse</a> smart
--   constructor.
data CreateServiceSpecificCredentialResponse

-- | A structure that contains information about the newly created
--   service-specific credential. <i>Important:</i> This is the only time
--   that the password for this credential set is available. It cannot be
--   recovered later. Instead, you will have to reset the password with
--   <tt>ResetServiceSpecificCredential</tt> .
csscrsServiceSpecificCredential :: Lens' CreateServiceSpecificCredentialResponse (Maybe ServiceSpecificCredential)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
csscrsResponseStatus :: Lens' CreateServiceSpecificCredentialResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredentialResponse
instance Data.Data.Data Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredentialResponse
instance GHC.Show.Show Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredentialResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredentialResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential
instance Data.Data.Data Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential
instance GHC.Show.Show Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential
instance GHC.Read.Read Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential
instance GHC.Classes.Eq Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredentialResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateServiceSpecificCredential.CreateServiceSpecificCredential


-- | Creates an IAM role that is linked to a specific AWS service. The
--   service controls the attached policies and when the role can be
--   deleted. This helps ensure that the service is not broken by an
--   unexpectedly changed or deleted role, which could put your AWS
--   resources into an unknown state. Allowing the service to control the
--   role helps improve service stability and proper cleanup when a service
--   and its role are no longer needed.
--   
--   The name of the role is generated by combining the string that you
--   specify for the <tt>AWSServiceName</tt> parameter with the string that
--   you specify for the <tt>CustomSuffix</tt> parameter. The resulting
--   name must be unique in your account or the request fails.
--   
--   To attach a policy to this service-linked role, you must make the
--   request using the AWS service that depends on this role.
module Network.AWS.IAM.CreateServiceLinkedRole

-- | Creates a value of <a>CreateServiceLinkedRole</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cslrCustomSuffix</a> - A string that you provide, which is
--   combined with the service name to form the complete role name. If you
--   make multiple requests for the same service, then you must supply a
--   different <tt>CustomSuffix</tt> for each request. Otherwise the
--   request fails with a duplicate role name error. For example, you could
--   add <tt>-1</tt> or <tt>-debug</tt> to the suffix.</li>
--   <li><a>cslrDescription</a> - The description of the role.</li>
--   <li><a>cslrAWSServiceName</a> - The AWS service to which this role is
--   attached. You use a string similar to a URL but without the http:// in
--   front. For example: <tt>elasticbeanstalk.amazonaws.com</tt></li>
--   </ul>
createServiceLinkedRole :: Text -> CreateServiceLinkedRole

-- | <i>See:</i> <a>createServiceLinkedRole</a> smart constructor.
data CreateServiceLinkedRole

-- | A string that you provide, which is combined with the service name to
--   form the complete role name. If you make multiple requests for the
--   same service, then you must supply a different <tt>CustomSuffix</tt>
--   for each request. Otherwise the request fails with a duplicate role
--   name error. For example, you could add <tt>-1</tt> or <tt>-debug</tt>
--   to the suffix.
cslrCustomSuffix :: Lens' CreateServiceLinkedRole (Maybe Text)

-- | The description of the role.
cslrDescription :: Lens' CreateServiceLinkedRole (Maybe Text)

-- | The AWS service to which this role is attached. You use a string
--   similar to a URL but without the http:// in front. For example:
--   <tt>elasticbeanstalk.amazonaws.com</tt>
cslrAWSServiceName :: Lens' CreateServiceLinkedRole Text

-- | Creates a value of <a>CreateServiceLinkedRoleResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cslrrsRole</a> - A <a>Role</a> object that contains details
--   about the newly created role.</li>
--   <li><a>cslrrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
createServiceLinkedRoleResponse :: Int -> CreateServiceLinkedRoleResponse

-- | <i>See:</i> <a>createServiceLinkedRoleResponse</a> smart constructor.
data CreateServiceLinkedRoleResponse

-- | A <a>Role</a> object that contains details about the newly created
--   role.
cslrrsRole :: Lens' CreateServiceLinkedRoleResponse (Maybe Role)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
cslrrsResponseStatus :: Lens' CreateServiceLinkedRoleResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRoleResponse
instance Data.Data.Data Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRoleResponse
instance GHC.Show.Show Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRoleResponse
instance GHC.Read.Read Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRoleResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRoleResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole
instance Data.Data.Data Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole
instance GHC.Show.Show Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole
instance GHC.Read.Read Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole
instance GHC.Classes.Eq Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRoleResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateServiceLinkedRole.CreateServiceLinkedRole


-- | Creates an IAM resource that describes an identity provider (IdP) that
--   supports SAML 2.0.
--   
--   The SAML provider resource that you create with this operation can be
--   used as a principal in an IAM role's trust policy. Such a policy can
--   enable federated users who sign-in using the SAML IdP to assume the
--   role. You can create an IAM role that supports Web-based single
--   sign-on (SSO) to the AWS Management Console or one that supports API
--   access to AWS.
--   
--   When you create the SAML provider resource, you upload a SAML metadata
--   document that you get from your IdP. That document includes the
--   issuer's name, expiration information, and keys that can be used to
--   validate the SAML authentication response (assertions) that the IdP
--   sends. You must generate the metadata document using the identity
--   management software that is used as your organization's IdP.
--   
--   For more information, see <a>Enabling SAML 2.0 Federated Users to
--   Access the AWS Management Console</a> and <a>About SAML 2.0-based
--   Federation</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.CreateSAMLProvider

-- | Creates a value of <a>CreateSAMLProvider</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>csamlpSAMLMetadataDocument</a> - An XML document generated by
--   an identity provider (IdP) that supports SAML 2.0. The document
--   includes the issuer's name, expiration information, and keys that can
--   be used to validate the SAML authentication response (assertions) that
--   are received from the IdP. You must generate the metadata document
--   using the identity management software that is used as your
--   organization's IdP. For more information, see <a>About SAML 2.0-based
--   Federation</a> in the <i>IAM User Guide</i></li>
--   <li><a>csamlpName</a> - The name of the provider to create. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
createSAMLProvider :: Text -> Text -> CreateSAMLProvider

-- | <i>See:</i> <a>createSAMLProvider</a> smart constructor.
data CreateSAMLProvider

-- | An XML document generated by an identity provider (IdP) that supports
--   SAML 2.0. The document includes the issuer's name, expiration
--   information, and keys that can be used to validate the SAML
--   authentication response (assertions) that are received from the IdP.
--   You must generate the metadata document using the identity management
--   software that is used as your organization's IdP. For more
--   information, see <a>About SAML 2.0-based Federation</a> in the <i>IAM
--   User Guide</i>
csamlpSAMLMetadataDocument :: Lens' CreateSAMLProvider Text

-- | The name of the provider to create. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
csamlpName :: Lens' CreateSAMLProvider Text

-- | Creates a value of <a>CreateSAMLProviderResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>csamlprsSAMLProviderARN</a> - The Amazon Resource Name (ARN) of
--   the new SAML provider resource in IAM.</li>
--   <li><a>csamlprsResponseStatus</a> - -- | The response status
--   code.</li>
--   </ul>
createSAMLProviderResponse :: Int -> CreateSAMLProviderResponse

-- | Contains the response to a successful <a>CreateSAMLProvider</a>
--   request.
--   
--   <i>See:</i> <a>createSAMLProviderResponse</a> smart constructor.
data CreateSAMLProviderResponse

-- | The Amazon Resource Name (ARN) of the new SAML provider resource in
--   IAM.
csamlprsSAMLProviderARN :: Lens' CreateSAMLProviderResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
csamlprsResponseStatus :: Lens' CreateSAMLProviderResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProviderResponse
instance Data.Data.Data Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProviderResponse
instance GHC.Show.Show Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProviderResponse
instance GHC.Read.Read Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProviderResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider
instance Data.Data.Data Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider
instance GHC.Show.Show Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider
instance GHC.Read.Read Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider
instance GHC.Classes.Eq Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProviderResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateSAMLProvider.CreateSAMLProvider


-- | Creates a new role for your AWS account. For more information about
--   roles, go to <a>IAM Roles</a> . For information about limitations on
--   role names and the number of roles you can create, go to
--   <a>Limitations on IAM Entities</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.CreateRole

-- | Creates a value of <a>CreateRole</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>crMaxSessionDuration</a> - The maximum session duration (in
--   seconds) that you want to set for the specified role. If you do not
--   specify a value for this setting, the default maximum of one hour is
--   applied. This setting can have a value from 1 hour to 12 hours. Anyone
--   who assumes the role from the AWS CLI or API can use the
--   <tt>DurationSeconds</tt> API parameter or the
--   <tt>duration-seconds</tt> CLI parameter to request a longer session.
--   The <tt>MaxSessionDuration</tt> setting determines the maximum
--   duration that can be requested using the <tt>DurationSeconds</tt>
--   parameter. If users don't specify a value for the
--   <tt>DurationSeconds</tt> parameter, their security credentials are
--   valid for one hour by default. This applies when you use the
--   <tt>AssumeRole*</tt> API operations or the <tt>assume-role*</tt> CLI
--   operations but does not apply when you use those operations to create
--   a console URL. For more information, see <a>Using IAM Roles</a> in the
--   <i>IAM User Guide</i> .</li>
--   <li><a>crPath</a> - The path to the role. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>IAM User Guide</i> . This
--   parameter is optional. If it is not included, it defaults to a slash
--   (<i>). This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>crDescription</a> - A description of the role.</li>
--   <li><a>crRoleName</a> - The name of the role to create. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
--   Role names are not distinguished by case. For example, you cannot
--   create roles named both <a>PRODROLE</a> and "prodrole".</li>
--   <li><a>crAssumeRolePolicyDocument</a> - The trust relationship policy
--   document that grants an entity permission to assume the role. The
--   <a>regex pattern</a> used to validate this parameter is a string of
--   characters consisting of the following: * Any printable ASCII
--   character ranging from the space character (u0020) through the end of
--   the ASCII character range * The printable characters in the Basic
--   Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)</li>
--   </ul>
createRole :: Text -> Text -> CreateRole

-- | <i>See:</i> <a>createRole</a> smart constructor.
data CreateRole

-- | The maximum session duration (in seconds) that you want to set for the
--   specified role. If you do not specify a value for this setting, the
--   default maximum of one hour is applied. This setting can have a value
--   from 1 hour to 12 hours. Anyone who assumes the role from the AWS CLI
--   or API can use the <tt>DurationSeconds</tt> API parameter or the
--   <tt>duration-seconds</tt> CLI parameter to request a longer session.
--   The <tt>MaxSessionDuration</tt> setting determines the maximum
--   duration that can be requested using the <tt>DurationSeconds</tt>
--   parameter. If users don't specify a value for the
--   <tt>DurationSeconds</tt> parameter, their security credentials are
--   valid for one hour by default. This applies when you use the
--   <tt>AssumeRole*</tt> API operations or the <tt>assume-role*</tt> CLI
--   operations but does not apply when you use those operations to create
--   a console URL. For more information, see <a>Using IAM Roles</a> in the
--   <i>IAM User Guide</i> .
crMaxSessionDuration :: Lens' CreateRole (Maybe Natural)

-- | The path to the role. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>IAM User Guide</i> . This parameter is
--   optional. If it is not included, it defaults to a slash (<i>). This
--   parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
crPath :: Lens' CreateRole (Maybe Text)

-- | A description of the role.
crDescription :: Lens' CreateRole (Maybe Text)

-- | The name of the role to create. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@- Role names are not
--   distinguished by case. For example, you cannot create roles named both
--   <a>PRODROLE</a> and "prodrole".
crRoleName :: Lens' CreateRole Text

-- | The trust relationship policy document that grants an entity
--   permission to assume the role. The <a>regex pattern</a> used to
--   validate this parameter is a string of characters consisting of the
--   following: * Any printable ASCII character ranging from the space
--   character (u0020) through the end of the ASCII character range * The
--   printable characters in the Basic Latin and Latin-1 Supplement
--   character set (through u00FF) * The special characters tab (u0009),
--   line feed (u000A), and carriage return (u000D)
crAssumeRolePolicyDocument :: Lens' CreateRole Text

-- | Creates a value of <a>CreateRoleResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>crrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>crrsRole</a> - A structure containing details about the new
--   role.</li>
--   </ul>
createRoleResponse :: Int -> Role -> CreateRoleResponse

-- | Contains the response to a successful <a>CreateRole</a> request.
--   
--   <i>See:</i> <a>createRoleResponse</a> smart constructor.
data CreateRoleResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
crrsResponseStatus :: Lens' CreateRoleResponse Int

-- | A structure containing details about the new role.
crrsRole :: Lens' CreateRoleResponse Role
instance GHC.Generics.Generic Network.AWS.IAM.CreateRole.CreateRoleResponse
instance Data.Data.Data Network.AWS.IAM.CreateRole.CreateRoleResponse
instance GHC.Show.Show Network.AWS.IAM.CreateRole.CreateRoleResponse
instance GHC.Read.Read Network.AWS.IAM.CreateRole.CreateRoleResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateRole.CreateRoleResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateRole.CreateRole
instance Data.Data.Data Network.AWS.IAM.CreateRole.CreateRole
instance GHC.Show.Show Network.AWS.IAM.CreateRole.CreateRole
instance GHC.Read.Read Network.AWS.IAM.CreateRole.CreateRole
instance GHC.Classes.Eq Network.AWS.IAM.CreateRole.CreateRole
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateRole.CreateRole
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateRole.CreateRoleResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateRole.CreateRole
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateRole.CreateRole
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateRole.CreateRole
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateRole.CreateRole
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateRole.CreateRole


-- | Creates a new version of the specified managed policy. To update a
--   managed policy, you create a new policy version. A managed policy can
--   have up to five versions. If the policy has five versions, you must
--   delete an existing version using <tt>DeletePolicyVersion</tt> before
--   you create a new version.
--   
--   Optionally, you can set the new version as the policy's default
--   version. The default version is the version that is in effect for the
--   IAM users, groups, and roles to which the policy is attached.
--   
--   For more information about managed policy versions, see <a>Versioning
--   for Managed Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.CreatePolicyVersion

-- | Creates a value of <a>CreatePolicyVersion</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cpvSetAsDefault</a> - Specifies whether to set this version as
--   the policy's default version. When this parameter is <tt>true</tt> ,
--   the new policy version becomes the operative version. That is, it
--   becomes the version that is in effect for the IAM users, groups, and
--   roles that the policy is attached to. For more information about
--   managed policy versions, see <a>Versioning for Managed Policies</a> in
--   the <i>IAM User Guide</i> .</li>
--   <li><a>cpvPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy to which you want to add a new version. For more information
--   about ARNs, see <a>Amazon Resource Names (ARNs) and AWS Service
--   Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   <li><a>cpvPolicyDocument</a> - The JSON policy document that you want
--   to use as the content for this new version of the policy. The <a>regex
--   pattern</a> used to validate this parameter is a string of characters
--   consisting of the following: * Any printable ASCII character ranging
--   from the space character (u0020) through the end of the ASCII
--   character range * The printable characters in the Basic Latin and
--   Latin-1 Supplement character set (through u00FF) * The special
--   characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)</li>
--   </ul>
createPolicyVersion :: Text -> Text -> CreatePolicyVersion

-- | <i>See:</i> <a>createPolicyVersion</a> smart constructor.
data CreatePolicyVersion

-- | Specifies whether to set this version as the policy's default version.
--   When this parameter is <tt>true</tt> , the new policy version becomes
--   the operative version. That is, it becomes the version that is in
--   effect for the IAM users, groups, and roles that the policy is
--   attached to. For more information about managed policy versions, see
--   <a>Versioning for Managed Policies</a> in the <i>IAM User Guide</i> .
cpvSetAsDefault :: Lens' CreatePolicyVersion (Maybe Bool)

-- | The Amazon Resource Name (ARN) of the IAM policy to which you want to
--   add a new version. For more information about ARNs, see <a>Amazon
--   Resource Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS
--   General Reference</i> .
cpvPolicyARN :: Lens' CreatePolicyVersion Text

-- | The JSON policy document that you want to use as the content for this
--   new version of the policy. The <a>regex pattern</a> used to validate
--   this parameter is a string of characters consisting of the following:
--   * Any printable ASCII character ranging from the space character
--   (u0020) through the end of the ASCII character range * The printable
--   characters in the Basic Latin and Latin-1 Supplement character set
--   (through u00FF) * The special characters tab (u0009), line feed
--   (u000A), and carriage return (u000D)
cpvPolicyDocument :: Lens' CreatePolicyVersion Text

-- | Creates a value of <a>CreatePolicyVersionResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cpvrsPolicyVersion</a> - A structure containing details about
--   the new policy version.</li>
--   <li><a>cpvrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
createPolicyVersionResponse :: Int -> CreatePolicyVersionResponse

-- | Contains the response to a successful <a>CreatePolicyVersion</a>
--   request.
--   
--   <i>See:</i> <a>createPolicyVersionResponse</a> smart constructor.
data CreatePolicyVersionResponse

-- | A structure containing details about the new policy version.
cpvrsPolicyVersion :: Lens' CreatePolicyVersionResponse (Maybe PolicyVersion)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
cpvrsResponseStatus :: Lens' CreatePolicyVersionResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersionResponse
instance Data.Data.Data Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersionResponse
instance GHC.Show.Show Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersionResponse
instance GHC.Read.Read Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersionResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersionResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion
instance Data.Data.Data Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion
instance GHC.Show.Show Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion
instance GHC.Read.Read Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion
instance GHC.Classes.Eq Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion
instance Control.DeepSeq.NFData Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersionResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion
instance Control.DeepSeq.NFData Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreatePolicyVersion.CreatePolicyVersion


-- | Creates a new managed policy for your AWS account.
--   
--   This operation creates a policy version with a version identifier of
--   <tt>v1</tt> and sets v1 as the policy's default version. For more
--   information about policy versions, see <a>Versioning for Managed
--   Policies</a> in the <i>IAM User Guide</i> .
--   
--   For more information about managed policies in general, see <a>Managed
--   Policies and Inline Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.CreatePolicy

-- | Creates a value of <a>CreatePolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cpPath</a> - The path for the policy. For more information
--   about paths, see <a>IAM Identifiers</a> in the <i>IAM User Guide</i> .
--   This parameter is optional. If it is not included, it defaults to a
--   slash (<i>). This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>cpDescription</a> - A friendly description of the policy.
--   Typically used to store information about the permissions defined in
--   the policy. For example, "Grants access to production DynamoDB
--   tables." The policy description is immutable. After a value is
--   assigned, it cannot be changed.</li>
--   <li><a>cpPolicyName</a> - The friendly name of the policy. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   <li><a>cpPolicyDocument</a> - The JSON policy document that you want
--   to use as the content for the new policy. The <a>regex pattern</a>
--   used to validate this parameter is a string of characters consisting
--   of the following: * Any printable ASCII character ranging from the
--   space character (u0020) through the end of the ASCII character range *
--   The printable characters in the Basic Latin and Latin-1 Supplement
--   character set (through u00FF) * The special characters tab (u0009),
--   line feed (u000A), and carriage return (u000D)</li>
--   </ul>
createPolicy :: Text -> Text -> CreatePolicy

-- | <i>See:</i> <a>createPolicy</a> smart constructor.
data CreatePolicy

-- | The path for the policy. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>IAM User Guide</i> . This parameter is
--   optional. If it is not included, it defaults to a slash (<i>). This
--   parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
cpPath :: Lens' CreatePolicy (Maybe Text)

-- | A friendly description of the policy. Typically used to store
--   information about the permissions defined in the policy. For example,
--   "Grants access to production DynamoDB tables." The policy description
--   is immutable. After a value is assigned, it cannot be changed.
cpDescription :: Lens' CreatePolicy (Maybe Text)

-- | The friendly name of the policy. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
cpPolicyName :: Lens' CreatePolicy Text

-- | The JSON policy document that you want to use as the content for the
--   new policy. The <a>regex pattern</a> used to validate this parameter
--   is a string of characters consisting of the following: * Any printable
--   ASCII character ranging from the space character (u0020) through the
--   end of the ASCII character range * The printable characters in the
--   Basic Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)
cpPolicyDocument :: Lens' CreatePolicy Text

-- | Creates a value of <a>CreatePolicyResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cprsPolicy</a> - A structure containing details about the new
--   policy.</li>
--   <li><a>cprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
createPolicyResponse :: Int -> CreatePolicyResponse

-- | Contains the response to a successful <a>CreatePolicy</a> request.
--   
--   <i>See:</i> <a>createPolicyResponse</a> smart constructor.
data CreatePolicyResponse

-- | A structure containing details about the new policy.
cprsPolicy :: Lens' CreatePolicyResponse (Maybe Policy)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
cprsResponseStatus :: Lens' CreatePolicyResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.CreatePolicy.CreatePolicyResponse
instance Data.Data.Data Network.AWS.IAM.CreatePolicy.CreatePolicyResponse
instance GHC.Show.Show Network.AWS.IAM.CreatePolicy.CreatePolicyResponse
instance GHC.Read.Read Network.AWS.IAM.CreatePolicy.CreatePolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreatePolicy.CreatePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreatePolicy.CreatePolicy
instance Data.Data.Data Network.AWS.IAM.CreatePolicy.CreatePolicy
instance GHC.Show.Show Network.AWS.IAM.CreatePolicy.CreatePolicy
instance GHC.Read.Read Network.AWS.IAM.CreatePolicy.CreatePolicy
instance GHC.Classes.Eq Network.AWS.IAM.CreatePolicy.CreatePolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreatePolicy.CreatePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.CreatePolicy.CreatePolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreatePolicy.CreatePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.CreatePolicy.CreatePolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreatePolicy.CreatePolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreatePolicy.CreatePolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreatePolicy.CreatePolicy


-- | Creates an IAM entity to describe an identity provider (IdP) that
--   supports <a>OpenID Connect (OIDC)</a> .
--   
--   The OIDC provider that you create with this operation can be used as a
--   principal in a role's trust policy. Such a policy establishes a trust
--   relationship between AWS and the OIDC provider.
--   
--   When you create the IAM OIDC provider, you specify the following:
--   
--   <ul>
--   <li>The URL of the OIDC identity provider (IdP) to trust</li>
--   <li>A list of client IDs (also known as audiences) that identify the
--   application or applications that are allowed to authenticate using the
--   OIDC provider</li>
--   <li>A list of thumbprints of the server certificate(s) that the IdP
--   uses.</li>
--   </ul>
--   
--   You get all of this information from the OIDC IdP that you want to use
--   to access AWS.
module Network.AWS.IAM.CreateOpenIdConnectProvider

-- | Creates a value of <a>CreateOpenIdConnectProvider</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>coicpClientIdList</a> - A list of client IDs (also known as
--   audiences). When a mobile or web app registers with an OpenID Connect
--   provider, they establish a value that identifies the application.
--   (This is the value that's sent as the <tt>client_id</tt> parameter on
--   OAuth requests.) You can register multiple client IDs with the same
--   provider. For example, you might have multiple applications that use
--   the same OIDC provider. You cannot register more than 100 client IDs
--   with a single IAM OIDC provider. There is no defined format for a
--   client ID. The <tt>CreateOpenIDConnectProviderRequest</tt> operation
--   accepts client IDs up to 255 characters long.</li>
--   <li><a>coicpURL</a> - The URL of the identity provider. The URL must
--   begin with <tt>https://</tt> and should correspond to the <tt>iss</tt>
--   claim in the provider's OpenID Connect ID tokens. Per the OIDC
--   standard, path components are allowed but query parameters are not.
--   Typically the URL consists of only a hostname, like
--   <tt><a>https://server.example.org</a></tt> or
--   <tt><a>https://example.com</a></tt> . You cannot register the same
--   provider multiple times in a single AWS account. If you try to submit
--   a URL that has already been used for an OpenID Connect provider in the
--   AWS account, you will get an error.</li>
--   <li><a>coicpThumbprintList</a> - A list of server certificate
--   thumbprints for the OpenID Connect (OIDC) identity provider's server
--   certificates. Typically this list includes only one entry. However,
--   IAM lets you have up to five thumbprints for an OIDC provider. This
--   lets you maintain multiple thumbprints if the identity provider is
--   rotating certificates. The server certificate thumbprint is the
--   hex-encoded SHA-1 hash value of the X.509 certificate used by the
--   domain where the OpenID Connect provider makes its keys available. It
--   is always a 40-character string. You must provide at least one
--   thumbprint when creating an IAM OIDC provider. For example, assume
--   that the OIDC provider is <tt>server.example.com</tt> and the provider
--   stores its keys at
--   <a>https://keys.server.example.com/openid-connect</a>. In that case,
--   the thumbprint string would be the hex-encoded SHA-1 hash value of the
--   certificate used by <a>https://keys.server.example.com</a>. For more
--   information about obtaining the OIDC provider's thumbprint, see
--   <a>Obtaining the Thumbprint for an OpenID Connect Provider</a> in the
--   <i>IAM User Guide</i> .</li>
--   </ul>
createOpenIdConnectProvider :: Text -> CreateOpenIdConnectProvider

-- | <i>See:</i> <a>createOpenIdConnectProvider</a> smart constructor.
data CreateOpenIdConnectProvider

-- | A list of client IDs (also known as audiences). When a mobile or web
--   app registers with an OpenID Connect provider, they establish a value
--   that identifies the application. (This is the value that's sent as the
--   <tt>client_id</tt> parameter on OAuth requests.) You can register
--   multiple client IDs with the same provider. For example, you might
--   have multiple applications that use the same OIDC provider. You cannot
--   register more than 100 client IDs with a single IAM OIDC provider.
--   There is no defined format for a client ID. The
--   <tt>CreateOpenIDConnectProviderRequest</tt> operation accepts client
--   IDs up to 255 characters long.
coicpClientIdList :: Lens' CreateOpenIdConnectProvider [Text]

-- | The URL of the identity provider. The URL must begin with
--   <tt>https://</tt> and should correspond to the <tt>iss</tt> claim in
--   the provider's OpenID Connect ID tokens. Per the OIDC standard, path
--   components are allowed but query parameters are not. Typically the URL
--   consists of only a hostname, like
--   <tt><a>https://server.example.org</a></tt> or
--   <tt><a>https://example.com</a></tt> . You cannot register the same
--   provider multiple times in a single AWS account. If you try to submit
--   a URL that has already been used for an OpenID Connect provider in the
--   AWS account, you will get an error.
coicpURL :: Lens' CreateOpenIdConnectProvider Text

-- | A list of server certificate thumbprints for the OpenID Connect (OIDC)
--   identity provider's server certificates. Typically this list includes
--   only one entry. However, IAM lets you have up to five thumbprints for
--   an OIDC provider. This lets you maintain multiple thumbprints if the
--   identity provider is rotating certificates. The server certificate
--   thumbprint is the hex-encoded SHA-1 hash value of the X.509
--   certificate used by the domain where the OpenID Connect provider makes
--   its keys available. It is always a 40-character string. You must
--   provide at least one thumbprint when creating an IAM OIDC provider.
--   For example, assume that the OIDC provider is
--   <tt>server.example.com</tt> and the provider stores its keys at
--   <a>https://keys.server.example.com/openid-connect</a>. In that case,
--   the thumbprint string would be the hex-encoded SHA-1 hash value of the
--   certificate used by <a>https://keys.server.example.com</a>. For more
--   information about obtaining the OIDC provider's thumbprint, see
--   <a>Obtaining the Thumbprint for an OpenID Connect Provider</a> in the
--   <i>IAM User Guide</i> .
coicpThumbprintList :: Lens' CreateOpenIdConnectProvider [Text]

-- | Creates a value of <a>CreateOpenIdConnectProviderResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>coicprsOpenIdConnectProviderARN</a> - The Amazon Resource Name
--   (ARN) of the new IAM OpenID Connect provider that is created. For more
--   information, see <tt>OpenIDConnectProviderListEntry</tt> .</li>
--   <li><a>coicprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
createOpenIdConnectProviderResponse :: Int -> CreateOpenIdConnectProviderResponse

-- | Contains the response to a successful
--   <tt>CreateOpenIDConnectProvider</tt> request.
--   
--   <i>See:</i> <a>createOpenIdConnectProviderResponse</a> smart
--   constructor.
data CreateOpenIdConnectProviderResponse

-- | The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider
--   that is created. For more information, see
--   <tt>OpenIDConnectProviderListEntry</tt> .
coicprsOpenIdConnectProviderARN :: Lens' CreateOpenIdConnectProviderResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
coicprsResponseStatus :: Lens' CreateOpenIdConnectProviderResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProviderResponse
instance Data.Data.Data Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProviderResponse
instance GHC.Show.Show Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProviderResponse
instance GHC.Read.Read Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProviderResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider
instance Data.Data.Data Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider
instance GHC.Show.Show Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider
instance GHC.Read.Read Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider
instance GHC.Classes.Eq Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProviderResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateOpenIdConnectProvider.CreateOpenIdConnectProvider


-- | Creates a password for the specified user, giving the user the ability
--   to access AWS services through the AWS Management Console. For more
--   information about managing passwords, see <a>Managing Passwords</a> in
--   the <i>IAM User Guide</i> .
module Network.AWS.IAM.CreateLoginProfile

-- | Creates a value of <a>CreateLoginProfile</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>clpPasswordResetRequired</a> - Specifies whether the user is
--   required to set a new password on next sign-in.</li>
--   <li><a>clpUserName</a> - The name of the IAM user to create a password
--   for. The user must already exist. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   <li><a>clpPassword</a> - The new password for the user. The <a>regex
--   pattern</a> that is used to validate this parameter is a string of
--   characters. That string can include almost any printable ASCII
--   character from the space (u0020) through the end of the ASCII
--   character range (u00FF). You can also include the tab (u0009), line
--   feed (u000A), and carriage return (u000D) characters. Any of these
--   characters are valid in a password. However, many tools, such as the
--   AWS Management Console, might restrict the ability to type certain
--   characters because they have special meaning within that tool.</li>
--   </ul>
createLoginProfile :: Text -> Text -> CreateLoginProfile

-- | <i>See:</i> <a>createLoginProfile</a> smart constructor.
data CreateLoginProfile

-- | Specifies whether the user is required to set a new password on next
--   sign-in.
clpPasswordResetRequired :: Lens' CreateLoginProfile (Maybe Bool)

-- | The name of the IAM user to create a password for. The user must
--   already exist. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
clpUserName :: Lens' CreateLoginProfile Text

-- | The new password for the user. The <a>regex pattern</a> that is used
--   to validate this parameter is a string of characters. That string can
--   include almost any printable ASCII character from the space (u0020)
--   through the end of the ASCII character range (u00FF). You can also
--   include the tab (u0009), line feed (u000A), and carriage return
--   (u000D) characters. Any of these characters are valid in a password.
--   However, many tools, such as the AWS Management Console, might
--   restrict the ability to type certain characters because they have
--   special meaning within that tool.
clpPassword :: Lens' CreateLoginProfile Text

-- | Creates a value of <a>CreateLoginProfileResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>clprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>clprsLoginProfile</a> - A structure containing the user name
--   and password create date.</li>
--   </ul>
createLoginProfileResponse :: Int -> LoginProfile -> CreateLoginProfileResponse

-- | Contains the response to a successful <a>CreateLoginProfile</a>
--   request.
--   
--   <i>See:</i> <a>createLoginProfileResponse</a> smart constructor.
data CreateLoginProfileResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
clprsResponseStatus :: Lens' CreateLoginProfileResponse Int

-- | A structure containing the user name and password create date.
clprsLoginProfile :: Lens' CreateLoginProfileResponse LoginProfile
instance GHC.Generics.Generic Network.AWS.IAM.CreateLoginProfile.CreateLoginProfileResponse
instance Data.Data.Data Network.AWS.IAM.CreateLoginProfile.CreateLoginProfileResponse
instance GHC.Show.Show Network.AWS.IAM.CreateLoginProfile.CreateLoginProfileResponse
instance GHC.Read.Read Network.AWS.IAM.CreateLoginProfile.CreateLoginProfileResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateLoginProfile.CreateLoginProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateLoginProfile.CreateLoginProfile
instance Data.Data.Data Network.AWS.IAM.CreateLoginProfile.CreateLoginProfile
instance GHC.Show.Show Network.AWS.IAM.CreateLoginProfile.CreateLoginProfile
instance GHC.Classes.Eq Network.AWS.IAM.CreateLoginProfile.CreateLoginProfile
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateLoginProfile.CreateLoginProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateLoginProfile.CreateLoginProfileResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateLoginProfile.CreateLoginProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateLoginProfile.CreateLoginProfile
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateLoginProfile.CreateLoginProfile
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateLoginProfile.CreateLoginProfile
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateLoginProfile.CreateLoginProfile


-- | Creates a new instance profile. For information about instance
--   profiles, go to <a>About Instance Profiles</a> .
--   
--   For information about the number of instance profiles you can create,
--   see <a>Limitations on IAM Entities</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.CreateInstanceProfile

-- | Creates a value of <a>CreateInstanceProfile</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cipPath</a> - The path to the instance profile. For more
--   information about paths, see <a>IAM Identifiers</a> in the <i>IAM User
--   Guide</i> . This parameter is optional. If it is not included, it
--   defaults to a slash (<i>). This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>cipInstanceProfileName</a> - The name of the instance profile
--   to create. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   </ul>
createInstanceProfile :: Text -> CreateInstanceProfile

-- | <i>See:</i> <a>createInstanceProfile</a> smart constructor.
data CreateInstanceProfile

-- | The path to the instance profile. For more information about paths,
--   see <a>IAM Identifiers</a> in the <i>IAM User Guide</i> . This
--   parameter is optional. If it is not included, it defaults to a slash
--   (<i>). This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
cipPath :: Lens' CreateInstanceProfile (Maybe Text)

-- | The name of the instance profile to create. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-
cipInstanceProfileName :: Lens' CreateInstanceProfile Text

-- | Creates a value of <a>CreateInstanceProfileResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ciprsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>ciprsInstanceProfile</a> - A structure containing details about
--   the new instance profile.</li>
--   </ul>
createInstanceProfileResponse :: Int -> InstanceProfile -> CreateInstanceProfileResponse

-- | Contains the response to a successful <a>CreateInstanceProfile</a>
--   request.
--   
--   <i>See:</i> <a>createInstanceProfileResponse</a> smart constructor.
data CreateInstanceProfileResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
ciprsResponseStatus :: Lens' CreateInstanceProfileResponse Int

-- | A structure containing details about the new instance profile.
ciprsInstanceProfile :: Lens' CreateInstanceProfileResponse InstanceProfile
instance GHC.Generics.Generic Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfileResponse
instance Data.Data.Data Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfileResponse
instance GHC.Show.Show Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfileResponse
instance GHC.Read.Read Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfileResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile
instance Data.Data.Data Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile
instance GHC.Show.Show Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile
instance GHC.Read.Read Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile
instance GHC.Classes.Eq Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfileResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateInstanceProfile.CreateInstanceProfile


-- | Creates a new group.
--   
--   For information about the number of groups you can create, see
--   <a>Limitations on IAM Entities</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.CreateGroup

-- | Creates a value of <a>CreateGroup</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cgPath</a> - The path to the group. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>IAM User Guide</i> . This
--   parameter is optional. If it is not included, it defaults to a slash
--   (<i>). This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>cgGroupName</a> - The name of the group to create. Do not
--   include the path in this value. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-. The group name must be
--   unique within the account. Group names are not distinguished by case.
--   For example, you cannot create groups named both <a>ADMINS</a> and
--   "admins".</li>
--   </ul>
createGroup :: Text -> CreateGroup

-- | <i>See:</i> <a>createGroup</a> smart constructor.
data CreateGroup

-- | The path to the group. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>IAM User Guide</i> . This parameter is
--   optional. If it is not included, it defaults to a slash (<i>). This
--   parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
cgPath :: Lens' CreateGroup (Maybe Text)

-- | The name of the group to create. Do not include the path in this
--   value. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-. The group name must be unique within the account.
--   Group names are not distinguished by case. For example, you cannot
--   create groups named both <a>ADMINS</a> and "admins".
cgGroupName :: Lens' CreateGroup Text

-- | Creates a value of <a>CreateGroupResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cgrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>cgrsGroup</a> - A structure containing details about the new
--   group.</li>
--   </ul>
createGroupResponse :: Int -> Group -> CreateGroupResponse

-- | Contains the response to a successful <a>CreateGroup</a> request.
--   
--   <i>See:</i> <a>createGroupResponse</a> smart constructor.
data CreateGroupResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
cgrsResponseStatus :: Lens' CreateGroupResponse Int

-- | A structure containing details about the new group.
cgrsGroup :: Lens' CreateGroupResponse Group
instance GHC.Generics.Generic Network.AWS.IAM.CreateGroup.CreateGroupResponse
instance Data.Data.Data Network.AWS.IAM.CreateGroup.CreateGroupResponse
instance GHC.Show.Show Network.AWS.IAM.CreateGroup.CreateGroupResponse
instance GHC.Read.Read Network.AWS.IAM.CreateGroup.CreateGroupResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateGroup.CreateGroupResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateGroup.CreateGroup
instance Data.Data.Data Network.AWS.IAM.CreateGroup.CreateGroup
instance GHC.Show.Show Network.AWS.IAM.CreateGroup.CreateGroup
instance GHC.Read.Read Network.AWS.IAM.CreateGroup.CreateGroup
instance GHC.Classes.Eq Network.AWS.IAM.CreateGroup.CreateGroup
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateGroup.CreateGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateGroup.CreateGroupResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateGroup.CreateGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateGroup.CreateGroup
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateGroup.CreateGroup
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateGroup.CreateGroup
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateGroup.CreateGroup


-- | Creates an alias for your AWS account. For information about using an
--   AWS account alias, see <a>Using an Alias for Your AWS Account ID</a>
--   in the <i>IAM User Guide</i> .
module Network.AWS.IAM.CreateAccountAlias

-- | Creates a value of <a>CreateAccountAlias</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>caaAccountAlias</a> - The account alias to create. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of lowercase letters, digits, and dashes. You
--   cannot start or finish with a dash, nor can you have two dashes in a
--   row.</li>
--   </ul>
createAccountAlias :: Text -> CreateAccountAlias

-- | <i>See:</i> <a>createAccountAlias</a> smart constructor.
data CreateAccountAlias

-- | The account alias to create. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of lowercase letters,
--   digits, and dashes. You cannot start or finish with a dash, nor can
--   you have two dashes in a row.
caaAccountAlias :: Lens' CreateAccountAlias Text

-- | Creates a value of <a>CreateAccountAliasResponse</a> with the minimum
--   fields required to make a request.
createAccountAliasResponse :: CreateAccountAliasResponse

-- | <i>See:</i> <a>createAccountAliasResponse</a> smart constructor.
data CreateAccountAliasResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateAccountAlias.CreateAccountAliasResponse
instance Data.Data.Data Network.AWS.IAM.CreateAccountAlias.CreateAccountAliasResponse
instance GHC.Show.Show Network.AWS.IAM.CreateAccountAlias.CreateAccountAliasResponse
instance GHC.Read.Read Network.AWS.IAM.CreateAccountAlias.CreateAccountAliasResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateAccountAlias.CreateAccountAliasResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias
instance Data.Data.Data Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias
instance GHC.Show.Show Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias
instance GHC.Read.Read Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias
instance GHC.Classes.Eq Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateAccountAlias.CreateAccountAliasResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateAccountAlias.CreateAccountAlias


-- | Creates a new AWS secret access key and corresponding AWS access key
--   ID for the specified user. The default status for new keys is
--   <tt>Active</tt> .
--   
--   If you do not specify a user name, IAM determines the user name
--   implicitly based on the AWS access key ID signing the request. Because
--   this operation works for access keys under the AWS account, you can
--   use this operation to manage AWS account root user credentials. This
--   is true even if the AWS account has no associated users.
--   
--   For information about limits on the number of keys you can create, see
--   <a>Limitations on IAM Entities</a> in the <i>IAM User Guide</i> .
--   
--   <i>Important:</i> To ensure the security of your AWS account, the
--   secret access key is accessible only during key and user creation. You
--   must save the key (for example, in a text file) if you want to be able
--   to access it again. If a secret key is lost, you can delete the access
--   keys for the associated user and then create new keys.
module Network.AWS.IAM.CreateAccessKey

-- | Creates a value of <a>CreateAccessKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cakUserName</a> - The name of the IAM user that the new key
--   will belong to. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   </ul>
createAccessKey :: CreateAccessKey

-- | <i>See:</i> <a>createAccessKey</a> smart constructor.
data CreateAccessKey

-- | The name of the IAM user that the new key will belong to. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
cakUserName :: Lens' CreateAccessKey (Maybe Text)

-- | Creates a value of <a>CreateAccessKeyResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cakrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>cakrsAccessKey</a> - A structure with details about the access
--   key.</li>
--   </ul>
createAccessKeyResponse :: Int -> AccessKeyInfo -> CreateAccessKeyResponse

-- | Contains the response to a successful <a>CreateAccessKey</a> request.
--   
--   <i>See:</i> <a>createAccessKeyResponse</a> smart constructor.
data CreateAccessKeyResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
cakrsResponseStatus :: Lens' CreateAccessKeyResponse Int

-- | A structure with details about the access key.
cakrsAccessKey :: Lens' CreateAccessKeyResponse AccessKeyInfo
instance GHC.Generics.Generic Network.AWS.IAM.CreateAccessKey.CreateAccessKeyResponse
instance Data.Data.Data Network.AWS.IAM.CreateAccessKey.CreateAccessKeyResponse
instance GHC.Show.Show Network.AWS.IAM.CreateAccessKey.CreateAccessKeyResponse
instance GHC.Classes.Eq Network.AWS.IAM.CreateAccessKey.CreateAccessKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.CreateAccessKey.CreateAccessKey
instance Data.Data.Data Network.AWS.IAM.CreateAccessKey.CreateAccessKey
instance GHC.Show.Show Network.AWS.IAM.CreateAccessKey.CreateAccessKey
instance GHC.Read.Read Network.AWS.IAM.CreateAccessKey.CreateAccessKey
instance GHC.Classes.Eq Network.AWS.IAM.CreateAccessKey.CreateAccessKey
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.CreateAccessKey.CreateAccessKey
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateAccessKey.CreateAccessKeyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.CreateAccessKey.CreateAccessKey
instance Control.DeepSeq.NFData Network.AWS.IAM.CreateAccessKey.CreateAccessKey
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.CreateAccessKey.CreateAccessKey
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.CreateAccessKey.CreateAccessKey
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.CreateAccessKey.CreateAccessKey


-- | Changes the password of the IAM user who is calling this operation.
--   The AWS account root user password is not affected by this operation.
--   
--   To change the password for a different user, see
--   <tt>UpdateLoginProfile</tt> . For more information about modifying
--   passwords, see <a>Managing Passwords</a> in the <i>IAM User Guide</i>
--   .
module Network.AWS.IAM.ChangePassword

-- | Creates a value of <a>ChangePassword</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cpOldPassword</a> - The IAM user's current password.</li>
--   <li><a>cpNewPassword</a> - The new password. The new password must
--   conform to the AWS account's password policy, if one exists. The
--   <a>regex pattern</a> that is used to validate this parameter is a
--   string of characters. That string can include almost any printable
--   ASCII character from the space (u0020) through the end of the ASCII
--   character range (u00FF). You can also include the tab (u0009), line
--   feed (u000A), and carriage return (u000D) characters. Any of these
--   characters are valid in a password. However, many tools, such as the
--   AWS Management Console, might restrict the ability to type certain
--   characters because they have special meaning within that tool.</li>
--   </ul>
changePassword :: Text -> Text -> ChangePassword

-- | <i>See:</i> <a>changePassword</a> smart constructor.
data ChangePassword

-- | The IAM user's current password.
cpOldPassword :: Lens' ChangePassword Text

-- | The new password. The new password must conform to the AWS account's
--   password policy, if one exists. The <a>regex pattern</a> that is used
--   to validate this parameter is a string of characters. That string can
--   include almost any printable ASCII character from the space (u0020)
--   through the end of the ASCII character range (u00FF). You can also
--   include the tab (u0009), line feed (u000A), and carriage return
--   (u000D) characters. Any of these characters are valid in a password.
--   However, many tools, such as the AWS Management Console, might
--   restrict the ability to type certain characters because they have
--   special meaning within that tool.
cpNewPassword :: Lens' ChangePassword Text

-- | Creates a value of <a>ChangePasswordResponse</a> with the minimum
--   fields required to make a request.
changePasswordResponse :: ChangePasswordResponse

-- | <i>See:</i> <a>changePasswordResponse</a> smart constructor.
data ChangePasswordResponse
instance GHC.Generics.Generic Network.AWS.IAM.ChangePassword.ChangePasswordResponse
instance Data.Data.Data Network.AWS.IAM.ChangePassword.ChangePasswordResponse
instance GHC.Show.Show Network.AWS.IAM.ChangePassword.ChangePasswordResponse
instance GHC.Read.Read Network.AWS.IAM.ChangePassword.ChangePasswordResponse
instance GHC.Classes.Eq Network.AWS.IAM.ChangePassword.ChangePasswordResponse
instance GHC.Generics.Generic Network.AWS.IAM.ChangePassword.ChangePassword
instance Data.Data.Data Network.AWS.IAM.ChangePassword.ChangePassword
instance GHC.Show.Show Network.AWS.IAM.ChangePassword.ChangePassword
instance GHC.Classes.Eq Network.AWS.IAM.ChangePassword.ChangePassword
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.ChangePassword.ChangePassword
instance Control.DeepSeq.NFData Network.AWS.IAM.ChangePassword.ChangePasswordResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.ChangePassword.ChangePassword
instance Control.DeepSeq.NFData Network.AWS.IAM.ChangePassword.ChangePassword
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.ChangePassword.ChangePassword
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.ChangePassword.ChangePassword
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.ChangePassword.ChangePassword


-- | Attaches the specified managed policy to the specified user.
--   
--   You use this API to attach a <i>managed</i> policy to a user. To embed
--   an inline policy in a user, use <tt>PutUserPolicy</tt> .
--   
--   For more information about policies, see <a>Managed Policies and
--   Inline Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.AttachUserPolicy

-- | Creates a value of <a>AttachUserPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>aupUserName</a> - The name (friendly name, not ARN) of the IAM
--   user to attach the policy to. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   <li><a>aupPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy you want to attach. For more information about ARNs, see
--   <a>Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the
--   <i>AWS General Reference</i> .</li>
--   </ul>
attachUserPolicy :: Text -> Text -> AttachUserPolicy

-- | <i>See:</i> <a>attachUserPolicy</a> smart constructor.
data AttachUserPolicy

-- | The name (friendly name, not ARN) of the IAM user to attach the policy
--   to. This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
aupUserName :: Lens' AttachUserPolicy Text

-- | The Amazon Resource Name (ARN) of the IAM policy you want to attach.
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> in the <i>AWS General Reference</i> .
aupPolicyARN :: Lens' AttachUserPolicy Text

-- | Creates a value of <a>AttachUserPolicyResponse</a> with the minimum
--   fields required to make a request.
attachUserPolicyResponse :: AttachUserPolicyResponse

-- | <i>See:</i> <a>attachUserPolicyResponse</a> smart constructor.
data AttachUserPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.AttachUserPolicy.AttachUserPolicyResponse
instance Data.Data.Data Network.AWS.IAM.AttachUserPolicy.AttachUserPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.AttachUserPolicy.AttachUserPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.AttachUserPolicy.AttachUserPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.AttachUserPolicy.AttachUserPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy
instance Data.Data.Data Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy
instance GHC.Show.Show Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy
instance GHC.Read.Read Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy
instance GHC.Classes.Eq Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.AttachUserPolicy.AttachUserPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.AttachUserPolicy.AttachUserPolicy


-- | Attaches the specified managed policy to the specified IAM role. When
--   you attach a managed policy to a role, the managed policy becomes part
--   of the role's permission (access) policy.
--   
--   Use this API to attach a <i>managed</i> policy to a role. To embed an
--   inline policy in a role, use <tt>PutRolePolicy</tt> . For more
--   information about policies, see <a>Managed Policies and Inline
--   Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.AttachRolePolicy

-- | Creates a value of <a>AttachRolePolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>arpRoleName</a> - The name (friendly name, not ARN) of the role
--   to attach the policy to. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   <li><a>arpPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy you want to attach. For more information about ARNs, see
--   <a>Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the
--   <i>AWS General Reference</i> .</li>
--   </ul>
attachRolePolicy :: Text -> Text -> AttachRolePolicy

-- | <i>See:</i> <a>attachRolePolicy</a> smart constructor.
data AttachRolePolicy

-- | The name (friendly name, not ARN) of the role to attach the policy to.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
arpRoleName :: Lens' AttachRolePolicy Text

-- | The Amazon Resource Name (ARN) of the IAM policy you want to attach.
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> in the <i>AWS General Reference</i> .
arpPolicyARN :: Lens' AttachRolePolicy Text

-- | Creates a value of <a>AttachRolePolicyResponse</a> with the minimum
--   fields required to make a request.
attachRolePolicyResponse :: AttachRolePolicyResponse

-- | <i>See:</i> <a>attachRolePolicyResponse</a> smart constructor.
data AttachRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.AttachRolePolicy.AttachRolePolicyResponse
instance Data.Data.Data Network.AWS.IAM.AttachRolePolicy.AttachRolePolicyResponse
instance GHC.Show.Show Network.AWS.IAM.AttachRolePolicy.AttachRolePolicyResponse
instance GHC.Read.Read Network.AWS.IAM.AttachRolePolicy.AttachRolePolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.AttachRolePolicy.AttachRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy
instance Data.Data.Data Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy
instance GHC.Show.Show Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy
instance GHC.Read.Read Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy
instance GHC.Classes.Eq Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.AttachRolePolicy.AttachRolePolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.AttachRolePolicy.AttachRolePolicy


-- | Attaches the specified managed policy to the specified IAM group.
--   
--   You use this API to attach a managed policy to a group. To embed an
--   inline policy in a group, use <tt>PutGroupPolicy</tt> .
--   
--   For more information about policies, see <a>Managed Policies and
--   Inline Policies</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.AttachGroupPolicy

-- | Creates a value of <a>AttachGroupPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>agpGroupName</a> - The name (friendly name, not ARN) of the
--   group to attach the policy to. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   <li><a>agpPolicyARN</a> - The Amazon Resource Name (ARN) of the IAM
--   policy you want to attach. For more information about ARNs, see
--   <a>Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the
--   <i>AWS General Reference</i> .</li>
--   </ul>
attachGroupPolicy :: Text -> Text -> AttachGroupPolicy

-- | <i>See:</i> <a>attachGroupPolicy</a> smart constructor.
data AttachGroupPolicy

-- | The name (friendly name, not ARN) of the group to attach the policy
--   to. This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
agpGroupName :: Lens' AttachGroupPolicy Text

-- | The Amazon Resource Name (ARN) of the IAM policy you want to attach.
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> in the <i>AWS General Reference</i> .
agpPolicyARN :: Lens' AttachGroupPolicy Text

-- | Creates a value of <a>AttachGroupPolicyResponse</a> with the minimum
--   fields required to make a request.
attachGroupPolicyResponse :: AttachGroupPolicyResponse

-- | <i>See:</i> <a>attachGroupPolicyResponse</a> smart constructor.
data AttachGroupPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicyResponse
instance Data.Data.Data Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy
instance Data.Data.Data Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy
instance GHC.Show.Show Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy
instance GHC.Read.Read Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy
instance GHC.Classes.Eq Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.AttachGroupPolicy.AttachGroupPolicy


-- | Adds the specified user to the specified group.
module Network.AWS.IAM.AddUserToGroup

-- | Creates a value of <a>AddUserToGroup</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>autgGroupName</a> - The name of the group to update. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   <li><a>autgUserName</a> - The name of the user to add. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
addUserToGroup :: Text -> Text -> AddUserToGroup

-- | <i>See:</i> <a>addUserToGroup</a> smart constructor.
data AddUserToGroup

-- | The name of the group to update. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
autgGroupName :: Lens' AddUserToGroup Text

-- | The name of the user to add. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-
autgUserName :: Lens' AddUserToGroup Text

-- | Creates a value of <a>AddUserToGroupResponse</a> with the minimum
--   fields required to make a request.
addUserToGroupResponse :: AddUserToGroupResponse

-- | <i>See:</i> <a>addUserToGroupResponse</a> smart constructor.
data AddUserToGroupResponse
instance GHC.Generics.Generic Network.AWS.IAM.AddUserToGroup.AddUserToGroupResponse
instance Data.Data.Data Network.AWS.IAM.AddUserToGroup.AddUserToGroupResponse
instance GHC.Show.Show Network.AWS.IAM.AddUserToGroup.AddUserToGroupResponse
instance GHC.Read.Read Network.AWS.IAM.AddUserToGroup.AddUserToGroupResponse
instance GHC.Classes.Eq Network.AWS.IAM.AddUserToGroup.AddUserToGroupResponse
instance GHC.Generics.Generic Network.AWS.IAM.AddUserToGroup.AddUserToGroup
instance Data.Data.Data Network.AWS.IAM.AddUserToGroup.AddUserToGroup
instance GHC.Show.Show Network.AWS.IAM.AddUserToGroup.AddUserToGroup
instance GHC.Read.Read Network.AWS.IAM.AddUserToGroup.AddUserToGroup
instance GHC.Classes.Eq Network.AWS.IAM.AddUserToGroup.AddUserToGroup
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.AddUserToGroup.AddUserToGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.AddUserToGroup.AddUserToGroupResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.AddUserToGroup.AddUserToGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.AddUserToGroup.AddUserToGroup
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.AddUserToGroup.AddUserToGroup
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.AddUserToGroup.AddUserToGroup
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.AddUserToGroup.AddUserToGroup


-- | Adds the specified IAM role to the specified instance profile. An
--   instance profile can contain only one role, and this limit cannot be
--   increased. You can remove the existing role and then add a different
--   role to an instance profile. You must then wait for the change to
--   appear across all of AWS because of <a>eventual consistency</a> . To
--   force the change, you must <a>disassociate the instance profile</a>
--   and then <a>associate the instance profile</a> , or you can stop your
--   instance and then restart it.
--   
--   For more information about roles, go to <a>Working with Roles</a> .
--   For more information about instance profiles, go to <a>About Instance
--   Profiles</a> .
module Network.AWS.IAM.AddRoleToInstanceProfile

-- | Creates a value of <a>AddRoleToInstanceProfile</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>artipInstanceProfileName</a> - The name of the instance profile
--   to update. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>artipRoleName</a> - The name of the role to add. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
addRoleToInstanceProfile :: Text -> Text -> AddRoleToInstanceProfile

-- | <i>See:</i> <a>addRoleToInstanceProfile</a> smart constructor.
data AddRoleToInstanceProfile

-- | The name of the instance profile to update. This parameter allows (per
--   its <a>regex pattern</a> ) a string of characters consisting of upper
--   and lowercase alphanumeric characters with no spaces. You can also
--   include any of the following characters: _+=,.@-
artipInstanceProfileName :: Lens' AddRoleToInstanceProfile Text

-- | The name of the role to add. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-
artipRoleName :: Lens' AddRoleToInstanceProfile Text

-- | Creates a value of <a>AddRoleToInstanceProfileResponse</a> with the
--   minimum fields required to make a request.
addRoleToInstanceProfileResponse :: AddRoleToInstanceProfileResponse

-- | <i>See:</i> <a>addRoleToInstanceProfileResponse</a> smart constructor.
data AddRoleToInstanceProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfileResponse
instance Data.Data.Data Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfileResponse
instance GHC.Show.Show Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfileResponse
instance GHC.Read.Read Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfileResponse
instance GHC.Classes.Eq Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile
instance Data.Data.Data Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile
instance GHC.Show.Show Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile
instance GHC.Read.Read Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile
instance GHC.Classes.Eq Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfileResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.AddRoleToInstanceProfile.AddRoleToInstanceProfile


-- | Adds a new client ID (also known as audience) to the list of client
--   IDs already registered for the specified IAM OpenID Connect (OIDC)
--   provider resource.
--   
--   This operation is idempotent; it does not fail or return an error if
--   you add an existing client ID to the provider.
module Network.AWS.IAM.AddClientIdToOpenIdConnectProvider

-- | Creates a value of <a>AddClientIdToOpenIdConnectProvider</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>acitoicpOpenIdConnectProviderARN</a> - The Amazon Resource Name
--   (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the
--   client ID to. You can get a list of OIDC provider ARNs by using the
--   <tt>ListOpenIDConnectProviders</tt> operation.</li>
--   <li><a>acitoicpClientId</a> - The client ID (also known as audience)
--   to add to the IAM OpenID Connect provider resource.</li>
--   </ul>
addClientIdToOpenIdConnectProvider :: Text -> Text -> AddClientIdToOpenIdConnectProvider

-- | <i>See:</i> <a>addClientIdToOpenIdConnectProvider</a> smart
--   constructor.
data AddClientIdToOpenIdConnectProvider

-- | The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC)
--   provider resource to add the client ID to. You can get a list of OIDC
--   provider ARNs by using the <tt>ListOpenIDConnectProviders</tt>
--   operation.
acitoicpOpenIdConnectProviderARN :: Lens' AddClientIdToOpenIdConnectProvider Text

-- | The client ID (also known as audience) to add to the IAM OpenID
--   Connect provider resource.
acitoicpClientId :: Lens' AddClientIdToOpenIdConnectProvider Text

-- | Creates a value of <a>AddClientIdToOpenIdConnectProviderResponse</a>
--   with the minimum fields required to make a request.
addClientIdToOpenIdConnectProviderResponse :: AddClientIdToOpenIdConnectProviderResponse

-- | <i>See:</i> <a>addClientIdToOpenIdConnectProviderResponse</a> smart
--   constructor.
data AddClientIdToOpenIdConnectProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProviderResponse
instance Data.Data.Data Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProviderResponse
instance GHC.Show.Show Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProviderResponse
instance GHC.Read.Read Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProviderResponse
instance GHC.Classes.Eq Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider
instance Data.Data.Data Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider
instance GHC.Show.Show Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider
instance GHC.Read.Read Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider
instance GHC.Classes.Eq Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProviderResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.AddClientIdToOpenIdConnectProvider.AddClientIdToOpenIdConnectProvider


-- | Changes the status of the specified access key from Active to
--   Inactive, or vice versa. This operation can be used to disable a
--   user's key as part of a key rotation workflow.
--   
--   If the <tt>UserName</tt> field is not specified, the user name is
--   determined implicitly based on the AWS access key ID used to sign the
--   request. Because this operation works for access keys under the AWS
--   account, you can use this operation to manage AWS account root user
--   credentials even if the AWS account has no associated users.
--   
--   For information about rotating keys, see <a>Managing Keys and
--   Certificates</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.UpdateAccessKey

-- | Creates a value of <a>UpdateAccessKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uakUserName</a> - The name of the user whose key you want to
--   update. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>uakAccessKeyId</a> - The access key ID of the secret access key
--   you want to update. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters that can consist of any upper or
--   lowercased letter or digit.</li>
--   <li><a>uakStatus</a> - The status you want to assign to the secret
--   access key. <tt>Active</tt> means that the key can be used for API
--   calls to AWS, while <tt>Inactive</tt> means that the key cannot be
--   used.</li>
--   </ul>
updateAccessKey :: AccessKey -> StatusType -> UpdateAccessKey

-- | <i>See:</i> <a>updateAccessKey</a> smart constructor.
data UpdateAccessKey

-- | The name of the user whose key you want to update. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
uakUserName :: Lens' UpdateAccessKey (Maybe Text)

-- | The access key ID of the secret access key you want to update. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters that can consist of any upper or lowercased letter or
--   digit.
uakAccessKeyId :: Lens' UpdateAccessKey AccessKey

-- | The status you want to assign to the secret access key.
--   <tt>Active</tt> means that the key can be used for API calls to AWS,
--   while <tt>Inactive</tt> means that the key cannot be used.
uakStatus :: Lens' UpdateAccessKey StatusType

-- | Creates a value of <a>UpdateAccessKeyResponse</a> with the minimum
--   fields required to make a request.
updateAccessKeyResponse :: UpdateAccessKeyResponse

-- | <i>See:</i> <a>updateAccessKeyResponse</a> smart constructor.
data UpdateAccessKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateAccessKey.UpdateAccessKeyResponse
instance Data.Data.Data Network.AWS.IAM.UpdateAccessKey.UpdateAccessKeyResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateAccessKey.UpdateAccessKeyResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateAccessKey.UpdateAccessKeyResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateAccessKey.UpdateAccessKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey
instance Data.Data.Data Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey
instance GHC.Show.Show Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey
instance GHC.Read.Read Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey
instance GHC.Classes.Eq Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateAccessKey.UpdateAccessKeyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateAccessKey.UpdateAccessKey


-- | Updates the password policy settings for the AWS account.
--   
--   For more information about using a password policy, see <a>Managing an
--   IAM Password Policy</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.UpdateAccountPasswordPolicy

-- | Creates a value of <a>UpdateAccountPasswordPolicy</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uappMinimumPasswordLength</a> - The minimum number of
--   characters allowed in an IAM user password. If you do not specify a
--   value for this parameter, then the operation uses the default value of
--   <tt>6</tt> .</li>
--   <li><a>uappRequireNumbers</a> - Specifies whether IAM user passwords
--   must contain at least one numeric character (0 to 9). If you do not
--   specify a value for this parameter, then the operation uses the
--   default value of <tt>false</tt> . The result is that passwords do not
--   require at least one numeric character.</li>
--   <li><a>uappPasswordReusePrevention</a> - Specifies the number of
--   previous passwords that IAM users are prevented from reusing. If you
--   do not specify a value for this parameter, then the operation uses the
--   default value of <tt>0</tt> . The result is that IAM users are not
--   prevented from reusing previous passwords.</li>
--   <li><a>uappRequireLowercaseCharacters</a> - Specifies whether IAM user
--   passwords must contain at least one lowercase character from the ISO
--   basic Latin alphabet (a to z). If you do not specify a value for this
--   parameter, then the operation uses the default value of <tt>false</tt>
--   . The result is that passwords do not require at least one lowercase
--   character.</li>
--   <li><a>uappMaxPasswordAge</a> - The number of days that an IAM user
--   password is valid. If you do not specify a value for this parameter,
--   then the operation uses the default value of <tt>0</tt> . The result
--   is that IAM user passwords never expire.</li>
--   <li><a>uappHardExpiry</a> - Prevents IAM users from setting a new
--   password after their password has expired. The IAM user cannot be
--   accessed until an administrator resets the password. If you do not
--   specify a value for this parameter, then the operation uses the
--   default value of <tt>false</tt> . The result is that IAM users can
--   change their passwords after they expire and continue to sign in as
--   the user.</li>
--   <li><a>uappRequireSymbols</a> - Specifies whether IAM user passwords
--   must contain at least one of the following non-alphanumeric
--   characters: ! <tt> # $ % ^ &amp;amp; * ( ) _ + - = [ ] { } | ' If you
--   do not specify a value for this parameter, then the operation uses the
--   default value of </tt>false@ . The result is that passwords do not
--   require at least one symbol character.</li>
--   <li><a>uappRequireUppercaseCharacters</a> - Specifies whether IAM user
--   passwords must contain at least one uppercase character from the ISO
--   basic Latin alphabet (A to Z). If you do not specify a value for this
--   parameter, then the operation uses the default value of <tt>false</tt>
--   . The result is that passwords do not require at least one uppercase
--   character.</li>
--   <li><a>uappAllowUsersToChangePassword</a> - Allows all IAM users in
--   your account to use the AWS Management Console to change their own
--   passwords. For more information, see <a>Letting IAM Users Change Their
--   Own Passwords</a> in the <i>IAM User Guide</i> . If you do not specify
--   a value for this parameter, then the operation uses the default value
--   of <tt>false</tt> . The result is that IAM users in the account do not
--   automatically have permissions to change their own password.</li>
--   </ul>
updateAccountPasswordPolicy :: UpdateAccountPasswordPolicy

-- | <i>See:</i> <a>updateAccountPasswordPolicy</a> smart constructor.
data UpdateAccountPasswordPolicy

-- | The minimum number of characters allowed in an IAM user password. If
--   you do not specify a value for this parameter, then the operation uses
--   the default value of <tt>6</tt> .
uappMinimumPasswordLength :: Lens' UpdateAccountPasswordPolicy (Maybe Natural)

-- | Specifies whether IAM user passwords must contain at least one numeric
--   character (0 to 9). If you do not specify a value for this parameter,
--   then the operation uses the default value of <tt>false</tt> . The
--   result is that passwords do not require at least one numeric
--   character.
uappRequireNumbers :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)

-- | Specifies the number of previous passwords that IAM users are
--   prevented from reusing. If you do not specify a value for this
--   parameter, then the operation uses the default value of <tt>0</tt> .
--   The result is that IAM users are not prevented from reusing previous
--   passwords.
uappPasswordReusePrevention :: Lens' UpdateAccountPasswordPolicy (Maybe Natural)

-- | Specifies whether IAM user passwords must contain at least one
--   lowercase character from the ISO basic Latin alphabet (a to z). If you
--   do not specify a value for this parameter, then the operation uses the
--   default value of <tt>false</tt> . The result is that passwords do not
--   require at least one lowercase character.
uappRequireLowercaseCharacters :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)

-- | The number of days that an IAM user password is valid. If you do not
--   specify a value for this parameter, then the operation uses the
--   default value of <tt>0</tt> . The result is that IAM user passwords
--   never expire.
uappMaxPasswordAge :: Lens' UpdateAccountPasswordPolicy (Maybe Natural)

-- | Prevents IAM users from setting a new password after their password
--   has expired. The IAM user cannot be accessed until an administrator
--   resets the password. If you do not specify a value for this parameter,
--   then the operation uses the default value of <tt>false</tt> . The
--   result is that IAM users can change their passwords after they expire
--   and continue to sign in as the user.
uappHardExpiry :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)

-- | Specifies whether IAM user passwords must contain at least one of the
--   following non-alphanumeric characters: ! <tt> # $ % ^ &amp;amp; * ( )
--   _ + - = [ ] { } | ' If you do not specify a value for this parameter,
--   then the operation uses the default value of </tt>false@ . The result
--   is that passwords do not require at least one symbol character.
uappRequireSymbols :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)

-- | Specifies whether IAM user passwords must contain at least one
--   uppercase character from the ISO basic Latin alphabet (A to Z). If you
--   do not specify a value for this parameter, then the operation uses the
--   default value of <tt>false</tt> . The result is that passwords do not
--   require at least one uppercase character.
uappRequireUppercaseCharacters :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)

-- | Allows all IAM users in your account to use the AWS Management Console
--   to change their own passwords. For more information, see <a>Letting
--   IAM Users Change Their Own Passwords</a> in the <i>IAM User Guide</i>
--   . If you do not specify a value for this parameter, then the operation
--   uses the default value of <tt>false</tt> . The result is that IAM
--   users in the account do not automatically have permissions to change
--   their own password.
uappAllowUsersToChangePassword :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)

-- | Creates a value of <a>UpdateAccountPasswordPolicyResponse</a> with the
--   minimum fields required to make a request.
updateAccountPasswordPolicyResponse :: UpdateAccountPasswordPolicyResponse

-- | <i>See:</i> <a>updateAccountPasswordPolicyResponse</a> smart
--   constructor.
data UpdateAccountPasswordPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicyResponse
instance Data.Data.Data Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicyResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicyResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy
instance Data.Data.Data Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy
instance GHC.Show.Show Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy
instance GHC.Read.Read Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy
instance GHC.Classes.Eq Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateAccountPasswordPolicy.UpdateAccountPasswordPolicy


-- | Updates the policy that grants an IAM entity permission to assume a
--   role. This is typically referred to as the "role trust policy". For
--   more information about roles, go to <a>Using Roles to Delegate
--   Permissions and Federate Identities</a> .
module Network.AWS.IAM.UpdateAssumeRolePolicy

-- | Creates a value of <a>UpdateAssumeRolePolicy</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uarpRoleName</a> - The name of the role to update with the new
--   policy. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>uarpPolicyDocument</a> - The policy that grants an entity
--   permission to assume the role. The <a>regex pattern</a> used to
--   validate this parameter is a string of characters consisting of the
--   following: * Any printable ASCII character ranging from the space
--   character (u0020) through the end of the ASCII character range * The
--   printable characters in the Basic Latin and Latin-1 Supplement
--   character set (through u00FF) * The special characters tab (u0009),
--   line feed (u000A), and carriage return (u000D)</li>
--   </ul>
updateAssumeRolePolicy :: Text -> Text -> UpdateAssumeRolePolicy

-- | <i>See:</i> <a>updateAssumeRolePolicy</a> smart constructor.
data UpdateAssumeRolePolicy

-- | The name of the role to update with the new policy. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
uarpRoleName :: Lens' UpdateAssumeRolePolicy Text

-- | The policy that grants an entity permission to assume the role. The
--   <a>regex pattern</a> used to validate this parameter is a string of
--   characters consisting of the following: * Any printable ASCII
--   character ranging from the space character (u0020) through the end of
--   the ASCII character range * The printable characters in the Basic
--   Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)
uarpPolicyDocument :: Lens' UpdateAssumeRolePolicy Text

-- | Creates a value of <a>UpdateAssumeRolePolicyResponse</a> with the
--   minimum fields required to make a request.
updateAssumeRolePolicyResponse :: UpdateAssumeRolePolicyResponse

-- | <i>See:</i> <a>updateAssumeRolePolicyResponse</a> smart constructor.
data UpdateAssumeRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicyResponse
instance Data.Data.Data Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicyResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicyResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicyResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicyResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy
instance Data.Data.Data Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy
instance GHC.Show.Show Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy
instance GHC.Read.Read Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy
instance GHC.Classes.Eq Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateAssumeRolePolicy.UpdateAssumeRolePolicy


-- | Updates the name and/or the path of the specified IAM group.
--   
--   <i>Important:</i> You should understand the implications of changing a
--   group's path or name. For more information, see <a>Renaming Users and
--   Groups</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.UpdateGroup

-- | Creates a value of <a>UpdateGroup</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ugNewGroupName</a> - New name for the IAM group. Only include
--   this if changing the group's name. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   <li><a>ugNewPath</a> - New path for the IAM group. Only include this
--   if changing the group's path. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of either a forward
--   slash (/) by itself or a string that must begin and end with forward
--   slashes. In addition, it can contain any ASCII character from the !
--   (u0021) through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>ugGroupName</a> - Name of the IAM group to update. If you're
--   changing the name of the group, this is the original name. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
updateGroup :: Text -> UpdateGroup

-- | <i>See:</i> <a>updateGroup</a> smart constructor.
data UpdateGroup

-- | New name for the IAM group. Only include this if changing the group's
--   name. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
ugNewGroupName :: Lens' UpdateGroup (Maybe Text)

-- | New path for the IAM group. Only include this if changing the group's
--   path. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of either a forward slash (/) by itself or a
--   string that must begin and end with forward slashes. In addition, it
--   can contain any ASCII character from the ! (u0021) through the DEL
--   character (u007F), including most punctuation characters, digits, and
--   upper and lowercased letters.
ugNewPath :: Lens' UpdateGroup (Maybe Text)

-- | Name of the IAM group to update. If you're changing the name of the
--   group, this is the original name. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
ugGroupName :: Lens' UpdateGroup Text

-- | Creates a value of <a>UpdateGroupResponse</a> with the minimum fields
--   required to make a request.
updateGroupResponse :: UpdateGroupResponse

-- | <i>See:</i> <a>updateGroupResponse</a> smart constructor.
data UpdateGroupResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateGroup.UpdateGroupResponse
instance Data.Data.Data Network.AWS.IAM.UpdateGroup.UpdateGroupResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateGroup.UpdateGroupResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateGroup.UpdateGroupResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateGroup.UpdateGroupResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateGroup.UpdateGroup
instance Data.Data.Data Network.AWS.IAM.UpdateGroup.UpdateGroup
instance GHC.Show.Show Network.AWS.IAM.UpdateGroup.UpdateGroup
instance GHC.Read.Read Network.AWS.IAM.UpdateGroup.UpdateGroup
instance GHC.Classes.Eq Network.AWS.IAM.UpdateGroup.UpdateGroup
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateGroup.UpdateGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateGroup.UpdateGroupResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateGroup.UpdateGroup
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateGroup.UpdateGroup
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateGroup.UpdateGroup
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateGroup.UpdateGroup
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateGroup.UpdateGroup


-- | Changes the password for the specified IAM user.
--   
--   IAM users can change their own passwords by calling
--   <tt>ChangePassword</tt> . For more information about modifying
--   passwords, see <a>Managing Passwords</a> in the <i>IAM User Guide</i>
--   .
module Network.AWS.IAM.UpdateLoginProfile

-- | Creates a value of <a>UpdateLoginProfile</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ulpPassword</a> - The new password for the specified IAM user.
--   The <a>regex pattern</a> used to validate this parameter is a string
--   of characters consisting of the following: * Any printable ASCII
--   character ranging from the space character (u0020) through the end of
--   the ASCII character range * The printable characters in the Basic
--   Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D) However, the format can be further restricted by the account
--   administrator by setting a password policy on the AWS account. For
--   more information, see <tt>UpdateAccountPasswordPolicy</tt> .</li>
--   <li><a>ulpPasswordResetRequired</a> - Allows this new password to be
--   used only once by requiring the specified IAM user to set a new
--   password on next sign-in.</li>
--   <li><a>ulpUserName</a> - The name of the user whose password you want
--   to update. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   </ul>
updateLoginProfile :: Text -> UpdateLoginProfile

-- | <i>See:</i> <a>updateLoginProfile</a> smart constructor.
data UpdateLoginProfile

-- | The new password for the specified IAM user. The <a>regex pattern</a>
--   used to validate this parameter is a string of characters consisting
--   of the following: * Any printable ASCII character ranging from the
--   space character (u0020) through the end of the ASCII character range *
--   The printable characters in the Basic Latin and Latin-1 Supplement
--   character set (through u00FF) * The special characters tab (u0009),
--   line feed (u000A), and carriage return (u000D) However, the format can
--   be further restricted by the account administrator by setting a
--   password policy on the AWS account. For more information, see
--   <tt>UpdateAccountPasswordPolicy</tt> .
ulpPassword :: Lens' UpdateLoginProfile (Maybe Text)

-- | Allows this new password to be used only once by requiring the
--   specified IAM user to set a new password on next sign-in.
ulpPasswordResetRequired :: Lens' UpdateLoginProfile (Maybe Bool)

-- | The name of the user whose password you want to update. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
ulpUserName :: Lens' UpdateLoginProfile Text

-- | Creates a value of <a>UpdateLoginProfileResponse</a> with the minimum
--   fields required to make a request.
updateLoginProfileResponse :: UpdateLoginProfileResponse

-- | <i>See:</i> <a>updateLoginProfileResponse</a> smart constructor.
data UpdateLoginProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfileResponse
instance Data.Data.Data Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfileResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfileResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfileResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfileResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfile
instance Data.Data.Data Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfile
instance GHC.Show.Show Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfile
instance GHC.Classes.Eq Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfile
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfileResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfile
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfile
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfile
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfile
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateLoginProfile.UpdateLoginProfile


-- | Replaces the existing list of server certificate thumbprints
--   associated with an OpenID Connect (OIDC) provider resource object with
--   a new list of thumbprints.
--   
--   The list that you pass with this operation completely replaces the
--   existing list of thumbprints. (The lists are not merged.)
--   
--   Typically, you need to update a thumbprint only when the identity
--   provider's certificate changes, which occurs rarely. However, if the
--   provider's certificate <i>does</i> change, any attempt to assume an
--   IAM role that specifies the OIDC provider as a principal fails until
--   the certificate thumbprint is updated.
module Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint

-- | Creates a value of <a>UpdateOpenIdConnectProviderThumbprint</a> with
--   the minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uoicptOpenIdConnectProviderARN</a> - The Amazon Resource Name
--   (ARN) of the IAM OIDC provider resource object for which you want to
--   update the thumbprint. You can get a list of OIDC provider ARNs by
--   using the <tt>ListOpenIDConnectProviders</tt> operation. For more
--   information about ARNs, see <a>Amazon Resource Names (ARNs) and AWS
--   Service Namespaces</a> in the <i>AWS General Reference</i> .</li>
--   <li><a>uoicptThumbprintList</a> - A list of certificate thumbprints
--   that are associated with the specified IAM OpenID Connect provider.
--   For more information, see <tt>CreateOpenIDConnectProvider</tt> .</li>
--   </ul>
updateOpenIdConnectProviderThumbprint :: Text -> UpdateOpenIdConnectProviderThumbprint

-- | <i>See:</i> <a>updateOpenIdConnectProviderThumbprint</a> smart
--   constructor.
data UpdateOpenIdConnectProviderThumbprint

-- | The Amazon Resource Name (ARN) of the IAM OIDC provider resource
--   object for which you want to update the thumbprint. You can get a list
--   of OIDC provider ARNs by using the <tt>ListOpenIDConnectProviders</tt>
--   operation. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .
uoicptOpenIdConnectProviderARN :: Lens' UpdateOpenIdConnectProviderThumbprint Text

-- | A list of certificate thumbprints that are associated with the
--   specified IAM OpenID Connect provider. For more information, see
--   <tt>CreateOpenIDConnectProvider</tt> .
uoicptThumbprintList :: Lens' UpdateOpenIdConnectProviderThumbprint [Text]

-- | Creates a value of
--   <a>UpdateOpenIdConnectProviderThumbprintResponse</a> with the minimum
--   fields required to make a request.
updateOpenIdConnectProviderThumbprintResponse :: UpdateOpenIdConnectProviderThumbprintResponse

-- | <i>See:</i> <a>updateOpenIdConnectProviderThumbprintResponse</a> smart
--   constructor.
data UpdateOpenIdConnectProviderThumbprintResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprintResponse
instance Data.Data.Data Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprintResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprintResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprintResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprintResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint
instance Data.Data.Data Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint
instance GHC.Show.Show Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint
instance GHC.Read.Read Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint
instance GHC.Classes.Eq Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprintResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint.UpdateOpenIdConnectProviderThumbprint


-- | Updates the description or maximum session duration setting of a role.
module Network.AWS.IAM.UpdateRole

-- | Creates a value of <a>UpdateRole</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>urMaxSessionDuration</a> - The maximum session duration (in
--   seconds) that you want to set for the specified role. If you do not
--   specify a value for this setting, the default maximum of one hour is
--   applied. This setting can have a value from 1 hour to 12 hours. Anyone
--   who assumes the role from the AWS CLI or API can use the
--   <tt>DurationSeconds</tt> API parameter or the
--   <tt>duration-seconds</tt> CLI parameter to request a longer session.
--   The <tt>MaxSessionDuration</tt> setting determines the maximum
--   duration that can be requested using the <tt>DurationSeconds</tt>
--   parameter. If users don't specify a value for the
--   <tt>DurationSeconds</tt> parameter, their security credentials are
--   valid for one hour by default. This applies when you use the
--   <tt>AssumeRole*</tt> API operations or the <tt>assume-role*</tt> CLI
--   operations but does not apply when you use those operations to create
--   a console URL. For more information, see <a>Using IAM Roles</a> in the
--   <i>IAM User Guide</i> .</li>
--   <li><a>urDescription</a> - The new description that you want to apply
--   to the specified role.</li>
--   <li><a>urRoleName</a> - The name of the role that you want to
--   modify.</li>
--   </ul>
updateRole :: Text -> UpdateRole

-- | <i>See:</i> <a>updateRole</a> smart constructor.
data UpdateRole

-- | The maximum session duration (in seconds) that you want to set for the
--   specified role. If you do not specify a value for this setting, the
--   default maximum of one hour is applied. This setting can have a value
--   from 1 hour to 12 hours. Anyone who assumes the role from the AWS CLI
--   or API can use the <tt>DurationSeconds</tt> API parameter or the
--   <tt>duration-seconds</tt> CLI parameter to request a longer session.
--   The <tt>MaxSessionDuration</tt> setting determines the maximum
--   duration that can be requested using the <tt>DurationSeconds</tt>
--   parameter. If users don't specify a value for the
--   <tt>DurationSeconds</tt> parameter, their security credentials are
--   valid for one hour by default. This applies when you use the
--   <tt>AssumeRole*</tt> API operations or the <tt>assume-role*</tt> CLI
--   operations but does not apply when you use those operations to create
--   a console URL. For more information, see <a>Using IAM Roles</a> in the
--   <i>IAM User Guide</i> .
urMaxSessionDuration :: Lens' UpdateRole (Maybe Natural)

-- | The new description that you want to apply to the specified role.
urDescription :: Lens' UpdateRole (Maybe Text)

-- | The name of the role that you want to modify.
urRoleName :: Lens' UpdateRole Text

-- | Creates a value of <a>UpdateRoleResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>urrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
updateRoleResponse :: Int -> UpdateRoleResponse

-- | <i>See:</i> <a>updateRoleResponse</a> smart constructor.
data UpdateRoleResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
urrsResponseStatus :: Lens' UpdateRoleResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.UpdateRole.UpdateRoleResponse
instance Data.Data.Data Network.AWS.IAM.UpdateRole.UpdateRoleResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateRole.UpdateRoleResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateRole.UpdateRoleResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateRole.UpdateRoleResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateRole.UpdateRole
instance Data.Data.Data Network.AWS.IAM.UpdateRole.UpdateRole
instance GHC.Show.Show Network.AWS.IAM.UpdateRole.UpdateRole
instance GHC.Read.Read Network.AWS.IAM.UpdateRole.UpdateRole
instance GHC.Classes.Eq Network.AWS.IAM.UpdateRole.UpdateRole
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateRole.UpdateRole
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateRole.UpdateRoleResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateRole.UpdateRole
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateRole.UpdateRole
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateRole.UpdateRole
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateRole.UpdateRole
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateRole.UpdateRole


-- | Use instead.
--   
--   Modifies only the description of a role. This operation performs the
--   same function as the <tt>Description</tt> parameter in the
--   <tt>UpdateRole</tt> operation.
module Network.AWS.IAM.UpdateRoleDescription

-- | Creates a value of <a>UpdateRoleDescription</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>urdRoleName</a> - The name of the role that you want to
--   modify.</li>
--   <li><a>urdDescription</a> - The new description that you want to apply
--   to the specified role.</li>
--   </ul>
updateRoleDescription :: Text -> Text -> UpdateRoleDescription

-- | <i>See:</i> <a>updateRoleDescription</a> smart constructor.
data UpdateRoleDescription

-- | The name of the role that you want to modify.
urdRoleName :: Lens' UpdateRoleDescription Text

-- | The new description that you want to apply to the specified role.
urdDescription :: Lens' UpdateRoleDescription Text

-- | Creates a value of <a>UpdateRoleDescriptionResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>urdrsRole</a> - A structure that contains details about the
--   modified role.</li>
--   <li><a>urdrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
updateRoleDescriptionResponse :: Int -> UpdateRoleDescriptionResponse

-- | <i>See:</i> <a>updateRoleDescriptionResponse</a> smart constructor.
data UpdateRoleDescriptionResponse

-- | A structure that contains details about the modified role.
urdrsRole :: Lens' UpdateRoleDescriptionResponse (Maybe Role)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
urdrsResponseStatus :: Lens' UpdateRoleDescriptionResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescriptionResponse
instance Data.Data.Data Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescriptionResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescriptionResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescriptionResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescriptionResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription
instance Data.Data.Data Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription
instance GHC.Show.Show Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription
instance GHC.Read.Read Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription
instance GHC.Classes.Eq Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescriptionResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateRoleDescription.UpdateRoleDescription


-- | Updates the metadata document for an existing SAML provider resource
--   object.
module Network.AWS.IAM.UpdateSAMLProvider

-- | Creates a value of <a>UpdateSAMLProvider</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>usamlpSAMLMetadataDocument</a> - An XML document generated by
--   an identity provider (IdP) that supports SAML 2.0. The document
--   includes the issuer's name, expiration information, and keys that can
--   be used to validate the SAML authentication response (assertions) that
--   are received from the IdP. You must generate the metadata document
--   using the identity management software that is used as your
--   organization's IdP.</li>
--   <li><a>usamlpSAMLProviderARN</a> - The Amazon Resource Name (ARN) of
--   the SAML provider to update. For more information about ARNs, see
--   <a>Amazon Resource Names (ARNs) and AWS Service Namespaces</a> in the
--   <i>AWS General Reference</i> .</li>
--   </ul>
updateSAMLProvider :: Text -> Text -> UpdateSAMLProvider

-- | <i>See:</i> <a>updateSAMLProvider</a> smart constructor.
data UpdateSAMLProvider

-- | An XML document generated by an identity provider (IdP) that supports
--   SAML 2.0. The document includes the issuer's name, expiration
--   information, and keys that can be used to validate the SAML
--   authentication response (assertions) that are received from the IdP.
--   You must generate the metadata document using the identity management
--   software that is used as your organization's IdP.
usamlpSAMLMetadataDocument :: Lens' UpdateSAMLProvider Text

-- | The Amazon Resource Name (ARN) of the SAML provider to update. For
--   more information about ARNs, see <a>Amazon Resource Names (ARNs) and
--   AWS Service Namespaces</a> in the <i>AWS General Reference</i> .
usamlpSAMLProviderARN :: Lens' UpdateSAMLProvider Text

-- | Creates a value of <a>UpdateSAMLProviderResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>usamlprsSAMLProviderARN</a> - The Amazon Resource Name (ARN) of
--   the SAML provider that was updated.</li>
--   <li><a>usamlprsResponseStatus</a> - -- | The response status
--   code.</li>
--   </ul>
updateSAMLProviderResponse :: Int -> UpdateSAMLProviderResponse

-- | Contains the response to a successful <a>UpdateSAMLProvider</a>
--   request.
--   
--   <i>See:</i> <a>updateSAMLProviderResponse</a> smart constructor.
data UpdateSAMLProviderResponse

-- | The Amazon Resource Name (ARN) of the SAML provider that was updated.
usamlprsSAMLProviderARN :: Lens' UpdateSAMLProviderResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
usamlprsResponseStatus :: Lens' UpdateSAMLProviderResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProviderResponse
instance Data.Data.Data Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProviderResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProviderResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProviderResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProviderResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider
instance Data.Data.Data Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider
instance GHC.Show.Show Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider
instance GHC.Read.Read Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider
instance GHC.Classes.Eq Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProviderResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateSAMLProvider.UpdateSAMLProvider


-- | Sets the status of an IAM user's SSH public key to active or inactive.
--   SSH public keys that are inactive cannot be used for authentication.
--   This operation can be used to disable a user's SSH public key as part
--   of a key rotation work flow.
--   
--   The SSH public key affected by this operation is used only for
--   authenticating the associated IAM user to an AWS CodeCommit
--   repository. For more information about using SSH keys to authenticate
--   to an AWS CodeCommit repository, see <a>Set up AWS CodeCommit for SSH
--   Connections</a> in the <i>AWS CodeCommit User Guide</i> .
module Network.AWS.IAM.UpdateSSHPublicKey

-- | Creates a value of <a>UpdateSSHPublicKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uspkUserName</a> - The name of the IAM user associated with the
--   SSH public key. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>uspkSSHPublicKeyId</a> - The unique identifier for the SSH
--   public key. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters that can consist of any upper or lowercased
--   letter or digit.</li>
--   <li><a>uspkStatus</a> - The status to assign to the SSH public key.
--   <tt>Active</tt> means that the key can be used for authentication with
--   an AWS CodeCommit repository. <tt>Inactive</tt> means that the key
--   cannot be used.</li>
--   </ul>
updateSSHPublicKey :: Text -> Text -> StatusType -> UpdateSSHPublicKey

-- | <i>See:</i> <a>updateSSHPublicKey</a> smart constructor.
data UpdateSSHPublicKey

-- | The name of the IAM user associated with the SSH public key. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
uspkUserName :: Lens' UpdateSSHPublicKey Text

-- | The unique identifier for the SSH public key. This parameter allows
--   (per its <a>regex pattern</a> ) a string of characters that can
--   consist of any upper or lowercased letter or digit.
uspkSSHPublicKeyId :: Lens' UpdateSSHPublicKey Text

-- | The status to assign to the SSH public key. <tt>Active</tt> means that
--   the key can be used for authentication with an AWS CodeCommit
--   repository. <tt>Inactive</tt> means that the key cannot be used.
uspkStatus :: Lens' UpdateSSHPublicKey StatusType

-- | Creates a value of <a>UpdateSSHPublicKeyResponse</a> with the minimum
--   fields required to make a request.
updateSSHPublicKeyResponse :: UpdateSSHPublicKeyResponse

-- | <i>See:</i> <a>updateSSHPublicKeyResponse</a> smart constructor.
data UpdateSSHPublicKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKeyResponse
instance Data.Data.Data Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKeyResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKeyResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKeyResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey
instance Data.Data.Data Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey
instance GHC.Show.Show Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey
instance GHC.Read.Read Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey
instance GHC.Classes.Eq Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKeyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateSSHPublicKey.UpdateSSHPublicKey


-- | Updates the name and/or the path of the specified server certificate
--   stored in IAM.
--   
--   For more information about working with server certificates, see
--   <a>Working with Server Certificates</a> in the <i>IAM User Guide</i> .
--   This topic also includes a list of AWS services that can use the
--   server certificates that you manage with IAM.
--   
--   <i>Important:</i> You should understand the implications of changing a
--   server certificate's path or name. For more information, see
--   <a>Renaming a Server Certificate</a> in the <i>IAM User Guide</i> .
module Network.AWS.IAM.UpdateServerCertificate

-- | Creates a value of <a>UpdateServerCertificate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uNewServerCertificateName</a> - The new name for the server
--   certificate. Include this only if you are updating the server
--   certificate's name. The name of the certificate cannot contain any
--   spaces. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>uNewPath</a> - The new path for the server certificate. Include
--   this only if you are updating the server certificate's path. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of either a forward slash (/) by itself or a
--   string that must begin and end with forward slashes. In addition, it
--   can contain any ASCII character from the ! (u0021) through the DEL
--   character (u007F), including most punctuation characters, digits, and
--   upper and lowercased letters.</li>
--   <li><a>uServerCertificateName</a> - The name of the server certificate
--   that you want to update. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   </ul>
updateServerCertificate :: Text -> UpdateServerCertificate

-- | <i>See:</i> <a>updateServerCertificate</a> smart constructor.
data UpdateServerCertificate

-- | The new name for the server certificate. Include this only if you are
--   updating the server certificate's name. The name of the certificate
--   cannot contain any spaces. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-
uNewServerCertificateName :: Lens' UpdateServerCertificate (Maybe Text)

-- | The new path for the server certificate. Include this only if you are
--   updating the server certificate's path. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of either a
--   forward slash (/) by itself or a string that must begin and end with
--   forward slashes. In addition, it can contain any ASCII character from
--   the ! (u0021) through the DEL character (u007F), including most
--   punctuation characters, digits, and upper and lowercased letters.
uNewPath :: Lens' UpdateServerCertificate (Maybe Text)

-- | The name of the server certificate that you want to update. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
uServerCertificateName :: Lens' UpdateServerCertificate Text

-- | Creates a value of <a>UpdateServerCertificateResponse</a> with the
--   minimum fields required to make a request.
updateServerCertificateResponse :: UpdateServerCertificateResponse

-- | <i>See:</i> <a>updateServerCertificateResponse</a> smart constructor.
data UpdateServerCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificateResponse
instance Data.Data.Data Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificateResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificateResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificateResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate
instance Data.Data.Data Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate
instance GHC.Show.Show Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate
instance GHC.Read.Read Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate
instance GHC.Classes.Eq Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateServerCertificate.UpdateServerCertificate


-- | Sets the status of a service-specific credential to <tt>Active</tt> or
--   <tt>Inactive</tt> . Service-specific credentials that are inactive
--   cannot be used for authentication to the service. This operation can
--   be used to disable a user’s service-specific credential as part of a
--   credential rotation work flow.
module Network.AWS.IAM.UpdateServiceSpecificCredential

-- | Creates a value of <a>UpdateServiceSpecificCredential</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>usscUserName</a> - The name of the IAM user associated with the
--   service-specific credential. If you do not specify this value, then
--   the operation assumes the user whose credentials are used to call the
--   operation. This parameter allows (per its <a>regex pattern</a> ) a
--   string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>usscServiceSpecificCredentialId</a> - The unique identifier of
--   the service-specific credential. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters that can consist of any
--   upper or lowercased letter or digit.</li>
--   <li><a>usscStatus</a> - The status to be assigned to the
--   service-specific credential.</li>
--   </ul>
updateServiceSpecificCredential :: Text -> StatusType -> UpdateServiceSpecificCredential

-- | <i>See:</i> <a>updateServiceSpecificCredential</a> smart constructor.
data UpdateServiceSpecificCredential

-- | The name of the IAM user associated with the service-specific
--   credential. If you do not specify this value, then the operation
--   assumes the user whose credentials are used to call the operation.
--   This parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
usscUserName :: Lens' UpdateServiceSpecificCredential (Maybe Text)

-- | The unique identifier of the service-specific credential. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters that can consist of any upper or lowercased letter or
--   digit.
usscServiceSpecificCredentialId :: Lens' UpdateServiceSpecificCredential Text

-- | The status to be assigned to the service-specific credential.
usscStatus :: Lens' UpdateServiceSpecificCredential StatusType

-- | Creates a value of <a>UpdateServiceSpecificCredentialResponse</a> with
--   the minimum fields required to make a request.
updateServiceSpecificCredentialResponse :: UpdateServiceSpecificCredentialResponse

-- | <i>See:</i> <a>updateServiceSpecificCredentialResponse</a> smart
--   constructor.
data UpdateServiceSpecificCredentialResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredentialResponse
instance Data.Data.Data Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredentialResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredentialResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredentialResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredentialResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential
instance Data.Data.Data Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential
instance GHC.Show.Show Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential
instance GHC.Read.Read Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential
instance GHC.Classes.Eq Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredentialResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateServiceSpecificCredential.UpdateServiceSpecificCredential


-- | Changes the status of the specified user signing certificate from
--   active to disabled, or vice versa. This operation can be used to
--   disable an IAM user's signing certificate as part of a certificate
--   rotation work flow.
--   
--   If the <tt>UserName</tt> field is not specified, the user name is
--   determined implicitly based on the AWS access key ID used to sign the
--   request. Because this operation works for access keys under the AWS
--   account, you can use this operation to manage AWS account root user
--   credentials even if the AWS account has no associated users.
module Network.AWS.IAM.UpdateSigningCertificate

-- | Creates a value of <a>UpdateSigningCertificate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uscUserName</a> - The name of the IAM user the signing
--   certificate belongs to. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   <li><a>uscCertificateId</a> - The ID of the signing certificate you
--   want to update. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters that can consist of any upper or lowercased
--   letter or digit.</li>
--   <li><a>uscStatus</a> - The status you want to assign to the
--   certificate. <tt>Active</tt> means that the certificate can be used
--   for API calls to AWS <tt>Inactive</tt> means that the certificate
--   cannot be used.</li>
--   </ul>
updateSigningCertificate :: Text -> StatusType -> UpdateSigningCertificate

-- | <i>See:</i> <a>updateSigningCertificate</a> smart constructor.
data UpdateSigningCertificate

-- | The name of the IAM user the signing certificate belongs to. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
uscUserName :: Lens' UpdateSigningCertificate (Maybe Text)

-- | The ID of the signing certificate you want to update. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters that can
--   consist of any upper or lowercased letter or digit.
uscCertificateId :: Lens' UpdateSigningCertificate Text

-- | The status you want to assign to the certificate. <tt>Active</tt>
--   means that the certificate can be used for API calls to AWS
--   <tt>Inactive</tt> means that the certificate cannot be used.
uscStatus :: Lens' UpdateSigningCertificate StatusType

-- | Creates a value of <a>UpdateSigningCertificateResponse</a> with the
--   minimum fields required to make a request.
updateSigningCertificateResponse :: UpdateSigningCertificateResponse

-- | <i>See:</i> <a>updateSigningCertificateResponse</a> smart constructor.
data UpdateSigningCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificateResponse
instance Data.Data.Data Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificateResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificateResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificateResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate
instance Data.Data.Data Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate
instance GHC.Show.Show Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate
instance GHC.Read.Read Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate
instance GHC.Classes.Eq Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateSigningCertificate.UpdateSigningCertificate


-- | Updates the name and/or the path of the specified IAM user.
--   
--   <i>Important:</i> You should understand the implications of changing
--   an IAM user's path or name. For more information, see <a>Renaming an
--   IAM User</a> and <a>Renaming an IAM Group</a> in the <i>IAM User
--   Guide</i> .
module Network.AWS.IAM.UpdateUser

-- | Creates a value of <a>UpdateUser</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uuNewUserName</a> - New name for the user. Include this
--   parameter only if you're changing the user's name. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   <li><a>uuNewPath</a> - New path for the IAM user. Include this
--   parameter only if you're changing the user's path. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of either a forward slash (/) by itself or a string that
--   must begin and end with forward slashes. In addition, it can contain
--   any ASCII character from the ! (u0021) through the DEL character
--   (u007F), including most punctuation characters, digits, and upper and
--   lowercased letters.</li>
--   <li><a>uuUserName</a> - Name of the user to update. If you're changing
--   the name of the user, this is the original user name. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters:
--   _+=,.@-</li>
--   </ul>
updateUser :: Text -> UpdateUser

-- | <i>See:</i> <a>updateUser</a> smart constructor.
data UpdateUser

-- | New name for the user. Include this parameter only if you're changing
--   the user's name. This parameter allows (per its <a>regex pattern</a> )
--   a string of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-
uuNewUserName :: Lens' UpdateUser (Maybe Text)

-- | New path for the IAM user. Include this parameter only if you're
--   changing the user's path. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of either a forward
--   slash (/) by itself or a string that must begin and end with forward
--   slashes. In addition, it can contain any ASCII character from the !
--   (u0021) through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
uuNewPath :: Lens' UpdateUser (Maybe Text)

-- | Name of the user to update. If you're changing the name of the user,
--   this is the original user name. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-
uuUserName :: Lens' UpdateUser Text

-- | Creates a value of <a>UpdateUserResponse</a> with the minimum fields
--   required to make a request.
updateUserResponse :: UpdateUserResponse

-- | <i>See:</i> <a>updateUserResponse</a> smart constructor.
data UpdateUserResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateUser.UpdateUserResponse
instance Data.Data.Data Network.AWS.IAM.UpdateUser.UpdateUserResponse
instance GHC.Show.Show Network.AWS.IAM.UpdateUser.UpdateUserResponse
instance GHC.Read.Read Network.AWS.IAM.UpdateUser.UpdateUserResponse
instance GHC.Classes.Eq Network.AWS.IAM.UpdateUser.UpdateUserResponse
instance GHC.Generics.Generic Network.AWS.IAM.UpdateUser.UpdateUser
instance Data.Data.Data Network.AWS.IAM.UpdateUser.UpdateUser
instance GHC.Show.Show Network.AWS.IAM.UpdateUser.UpdateUser
instance GHC.Read.Read Network.AWS.IAM.UpdateUser.UpdateUser
instance GHC.Classes.Eq Network.AWS.IAM.UpdateUser.UpdateUser
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UpdateUser.UpdateUser
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateUser.UpdateUserResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UpdateUser.UpdateUser
instance Control.DeepSeq.NFData Network.AWS.IAM.UpdateUser.UpdateUser
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UpdateUser.UpdateUser
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UpdateUser.UpdateUser
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UpdateUser.UpdateUser


-- | Uploads an SSH public key and associates it with the specified IAM
--   user.
--   
--   The SSH public key uploaded by this operation can be used only for
--   authenticating the associated IAM user to an AWS CodeCommit
--   repository. For more information about using SSH keys to authenticate
--   to an AWS CodeCommit repository, see <a>Set up AWS CodeCommit for SSH
--   Connections</a> in the <i>AWS CodeCommit User Guide</i> .
module Network.AWS.IAM.UploadSSHPublicKey

-- | Creates a value of <a>UploadSSHPublicKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>usshpkUserName</a> - The name of the IAM user to associate the
--   SSH public key with. This parameter allows (per its <a>regex
--   pattern</a> ) a string of characters consisting of upper and lowercase
--   alphanumeric characters with no spaces. You can also include any of
--   the following characters: _+=,.@-</li>
--   <li><a>usshpkSSHPublicKeyBody</a> - The SSH public key. The public key
--   must be encoded in ssh-rsa format or PEM format. The <a>regex
--   pattern</a> used to validate this parameter is a string of characters
--   consisting of the following: * Any printable ASCII character ranging
--   from the space character (u0020) through the end of the ASCII
--   character range * The printable characters in the Basic Latin and
--   Latin-1 Supplement character set (through u00FF) * The special
--   characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)</li>
--   </ul>
uploadSSHPublicKey :: Text -> Text -> UploadSSHPublicKey

-- | <i>See:</i> <a>uploadSSHPublicKey</a> smart constructor.
data UploadSSHPublicKey

-- | The name of the IAM user to associate the SSH public key with. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
usshpkUserName :: Lens' UploadSSHPublicKey Text

-- | The SSH public key. The public key must be encoded in ssh-rsa format
--   or PEM format. The <a>regex pattern</a> used to validate this
--   parameter is a string of characters consisting of the following: * Any
--   printable ASCII character ranging from the space character (u0020)
--   through the end of the ASCII character range * The printable
--   characters in the Basic Latin and Latin-1 Supplement character set
--   (through u00FF) * The special characters tab (u0009), line feed
--   (u000A), and carriage return (u000D)
usshpkSSHPublicKeyBody :: Lens' UploadSSHPublicKey Text

-- | Creates a value of <a>UploadSSHPublicKeyResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uspkrsSSHPublicKey</a> - Contains information about the SSH
--   public key.</li>
--   <li><a>uspkrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
uploadSSHPublicKeyResponse :: Int -> UploadSSHPublicKeyResponse

-- | Contains the response to a successful <a>UploadSSHPublicKey</a>
--   request.
--   
--   <i>See:</i> <a>uploadSSHPublicKeyResponse</a> smart constructor.
data UploadSSHPublicKeyResponse

-- | Contains information about the SSH public key.
uspkrsSSHPublicKey :: Lens' UploadSSHPublicKeyResponse (Maybe SSHPublicKey)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
uspkrsResponseStatus :: Lens' UploadSSHPublicKeyResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKeyResponse
instance Data.Data.Data Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKeyResponse
instance GHC.Show.Show Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKeyResponse
instance GHC.Read.Read Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKeyResponse
instance GHC.Classes.Eq Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKeyResponse
instance GHC.Generics.Generic Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey
instance Data.Data.Data Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey
instance GHC.Show.Show Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey
instance GHC.Read.Read Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey
instance GHC.Classes.Eq Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey
instance Control.DeepSeq.NFData Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKeyResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey
instance Control.DeepSeq.NFData Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UploadSSHPublicKey.UploadSSHPublicKey


-- | Uploads a server certificate entity for the AWS account. The server
--   certificate entity includes a public key certificate, a private key,
--   and an optional certificate chain, which should all be PEM-encoded.
--   
--   We recommend that you use <a>AWS Certificate Manager</a> to provision,
--   manage, and deploy your server certificates. With ACM you can request
--   a certificate, deploy it to AWS resources, and let ACM handle
--   certificate renewals for you. Certificates provided by ACM are free.
--   For more information about using ACM, see the <a>AWS Certificate
--   Manager User Guide</a> .
--   
--   For more information about working with server certificates, see
--   <a>Working with Server Certificates</a> in the <i>IAM User Guide</i> .
--   This topic includes a list of AWS services that can use the server
--   certificates that you manage with IAM.
--   
--   For information about the number of server certificates you can
--   upload, see <a>Limitations on IAM Entities and Objects</a> in the
--   <i>IAM User Guide</i> .
module Network.AWS.IAM.UploadServerCertificate

-- | Creates a value of <a>UploadServerCertificate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uscPath</a> - The path for the server certificate. For more
--   information about paths, see <a>IAM Identifiers</a> in the <i>IAM User
--   Guide</i> . This parameter is optional. If it is not included, it
--   defaults to a slash (<i>). This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.</li>
--   <li><a>uscCertificateChain</a> - The contents of the certificate
--   chain. This is typically a concatenation of the PEM-encoded public key
--   certificates of the chain. The <a>regex pattern</a> used to validate
--   this parameter is a string of characters consisting of the following:
--   * Any printable ASCII character ranging from the space character
--   (u0020) through the end of the ASCII character range * The printable
--   characters in the Basic Latin and Latin-1 Supplement character set
--   (through u00FF) * The special characters tab (u0009), line feed
--   (u000A), and carriage return (u000D)</li>
--   <li><a>uscServerCertificateName</a> - The name for the server
--   certificate. Do not include the path in this value. The name of the
--   certificate cannot contain any spaces. This parameter allows (per its
--   <a>regex pattern</a> ) a string of characters consisting of upper and
--   lowercase alphanumeric characters with no spaces. You can also include
--   any of the following characters: _+=,.@-</li>
--   <li><a>uscCertificateBody</a> - The contents of the public key
--   certificate in PEM-encoded format. The <a>regex pattern</a> used to
--   validate this parameter is a string of characters consisting of the
--   following: * Any printable ASCII character ranging from the space
--   character (u0020) through the end of the ASCII character range * The
--   printable characters in the Basic Latin and Latin-1 Supplement
--   character set (through u00FF) * The special characters tab (u0009),
--   line feed (u000A), and carriage return (u000D)</li>
--   <li><a>uscPrivateKey</a> - The contents of the private key in
--   PEM-encoded format. The <a>regex pattern</a> used to validate this
--   parameter is a string of characters consisting of the following: * Any
--   printable ASCII character ranging from the space character (u0020)
--   through the end of the ASCII character range * The printable
--   characters in the Basic Latin and Latin-1 Supplement character set
--   (through u00FF) * The special characters tab (u0009), line feed
--   (u000A), and carriage return (u000D)</li>
--   </ul>
uploadServerCertificate :: Text -> Text -> Text -> UploadServerCertificate

-- | <i>See:</i> <a>uploadServerCertificate</a> smart constructor.
data UploadServerCertificate

-- | The path for the server certificate. For more information about paths,
--   see <a>IAM Identifiers</a> in the <i>IAM User Guide</i> . This
--   parameter is optional. If it is not included, it defaults to a slash
--   (<i>). This parameter allows (per its
--   &lt;http:</i><i>wikipedia.org</i>wiki<i>regex regex pattern&gt; ) a
--   string of characters consisting of either a forward slash (</i>) by
--   itself or a string that must begin and end with forward slashes. In
--   addition, it can contain any ASCII character from the ! (u0021)
--   through the DEL character (u007F), including most punctuation
--   characters, digits, and upper and lowercased letters.
uscPath :: Lens' UploadServerCertificate (Maybe Text)

-- | The contents of the certificate chain. This is typically a
--   concatenation of the PEM-encoded public key certificates of the chain.
--   The <a>regex pattern</a> used to validate this parameter is a string
--   of characters consisting of the following: * Any printable ASCII
--   character ranging from the space character (u0020) through the end of
--   the ASCII character range * The printable characters in the Basic
--   Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)
uscCertificateChain :: Lens' UploadServerCertificate (Maybe Text)

-- | The name for the server certificate. Do not include the path in this
--   value. The name of the certificate cannot contain any spaces. This
--   parameter allows (per its <a>regex pattern</a> ) a string of
--   characters consisting of upper and lowercase alphanumeric characters
--   with no spaces. You can also include any of the following characters:
--   _+=,.@-
uscServerCertificateName :: Lens' UploadServerCertificate Text

-- | The contents of the public key certificate in PEM-encoded format. The
--   <a>regex pattern</a> used to validate this parameter is a string of
--   characters consisting of the following: * Any printable ASCII
--   character ranging from the space character (u0020) through the end of
--   the ASCII character range * The printable characters in the Basic
--   Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)
uscCertificateBody :: Lens' UploadServerCertificate Text

-- | The contents of the private key in PEM-encoded format. The <a>regex
--   pattern</a> used to validate this parameter is a string of characters
--   consisting of the following: * Any printable ASCII character ranging
--   from the space character (u0020) through the end of the ASCII
--   character range * The printable characters in the Basic Latin and
--   Latin-1 Supplement character set (through u00FF) * The special
--   characters tab (u0009), line feed (u000A), and carriage return (u000D)
uscPrivateKey :: Lens' UploadServerCertificate Text

-- | Creates a value of <a>UploadServerCertificateResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ursServerCertificateMetadata</a> - The meta information of the
--   uploaded server certificate without its certificate body, certificate
--   chain, and private key.</li>
--   <li><a>ursResponseStatus</a> - -- | The response status code.</li>
--   </ul>
uploadServerCertificateResponse :: Int -> UploadServerCertificateResponse

-- | Contains the response to a successful <a>UploadServerCertificate</a>
--   request.
--   
--   <i>See:</i> <a>uploadServerCertificateResponse</a> smart constructor.
data UploadServerCertificateResponse

-- | The meta information of the uploaded server certificate without its
--   certificate body, certificate chain, and private key.
ursServerCertificateMetadata :: Lens' UploadServerCertificateResponse (Maybe ServerCertificateMetadata)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
ursResponseStatus :: Lens' UploadServerCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.IAM.UploadServerCertificate.UploadServerCertificateResponse
instance Data.Data.Data Network.AWS.IAM.UploadServerCertificate.UploadServerCertificateResponse
instance GHC.Show.Show Network.AWS.IAM.UploadServerCertificate.UploadServerCertificateResponse
instance GHC.Read.Read Network.AWS.IAM.UploadServerCertificate.UploadServerCertificateResponse
instance GHC.Classes.Eq Network.AWS.IAM.UploadServerCertificate.UploadServerCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.UploadServerCertificate.UploadServerCertificate
instance Data.Data.Data Network.AWS.IAM.UploadServerCertificate.UploadServerCertificate
instance GHC.Show.Show Network.AWS.IAM.UploadServerCertificate.UploadServerCertificate
instance GHC.Classes.Eq Network.AWS.IAM.UploadServerCertificate.UploadServerCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UploadServerCertificate.UploadServerCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.UploadServerCertificate.UploadServerCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UploadServerCertificate.UploadServerCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.UploadServerCertificate.UploadServerCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UploadServerCertificate.UploadServerCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UploadServerCertificate.UploadServerCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UploadServerCertificate.UploadServerCertificate


-- | Uploads an X.509 signing certificate and associates it with the
--   specified IAM user. Some AWS services use X.509 signing certificates
--   to validate requests that are signed with a corresponding private key.
--   When you upload the certificate, its default status is <tt>Active</tt>
--   .
--   
--   If the <tt>UserName</tt> field is not specified, the IAM user name is
--   determined implicitly based on the AWS access key ID used to sign the
--   request. Because this operation works for access keys under the AWS
--   account, you can use this operation to manage AWS account root user
--   credentials even if the AWS account has no associated users.
module Network.AWS.IAM.UploadSigningCertificate

-- | Creates a value of <a>UploadSigningCertificate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uplUserName</a> - The name of the user the signing certificate
--   is for. This parameter allows (per its <a>regex pattern</a> ) a string
--   of characters consisting of upper and lowercase alphanumeric
--   characters with no spaces. You can also include any of the following
--   characters: _+=,.@-</li>
--   <li><a>uplCertificateBody</a> - The contents of the signing
--   certificate. The <a>regex pattern</a> used to validate this parameter
--   is a string of characters consisting of the following: * Any printable
--   ASCII character ranging from the space character (u0020) through the
--   end of the ASCII character range * The printable characters in the
--   Basic Latin and Latin-1 Supplement character set (through u00FF) * The
--   special characters tab (u0009), line feed (u000A), and carriage return
--   (u000D)</li>
--   </ul>
uploadSigningCertificate :: Text -> UploadSigningCertificate

-- | <i>See:</i> <a>uploadSigningCertificate</a> smart constructor.
data UploadSigningCertificate

-- | The name of the user the signing certificate is for. This parameter
--   allows (per its <a>regex pattern</a> ) a string of characters
--   consisting of upper and lowercase alphanumeric characters with no
--   spaces. You can also include any of the following characters: _+=,.@-
uplUserName :: Lens' UploadSigningCertificate (Maybe Text)

-- | The contents of the signing certificate. The <a>regex pattern</a> used
--   to validate this parameter is a string of characters consisting of the
--   following: * Any printable ASCII character ranging from the space
--   character (u0020) through the end of the ASCII character range * The
--   printable characters in the Basic Latin and Latin-1 Supplement
--   character set (through u00FF) * The special characters tab (u0009),
--   line feed (u000A), and carriage return (u000D)
uplCertificateBody :: Lens' UploadSigningCertificate Text

-- | Creates a value of <a>UploadSigningCertificateResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uscrsResponseStatus</a> - -- | The response status code.</li>
--   <li><a>uscrsCertificate</a> - Information about the certificate.</li>
--   </ul>
uploadSigningCertificateResponse :: Int -> SigningCertificate -> UploadSigningCertificateResponse

-- | Contains the response to a successful <a>UploadSigningCertificate</a>
--   request.
--   
--   <i>See:</i> <a>uploadSigningCertificateResponse</a> smart constructor.
data UploadSigningCertificateResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
uscrsResponseStatus :: Lens' UploadSigningCertificateResponse Int

-- | Information about the certificate.
uscrsCertificate :: Lens' UploadSigningCertificateResponse SigningCertificate
instance GHC.Generics.Generic Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificateResponse
instance Data.Data.Data Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificateResponse
instance GHC.Show.Show Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificateResponse
instance GHC.Read.Read Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificateResponse
instance GHC.Classes.Eq Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificateResponse
instance GHC.Generics.Generic Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate
instance Data.Data.Data Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate
instance GHC.Show.Show Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate
instance GHC.Read.Read Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate
instance GHC.Classes.Eq Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate
instance Control.DeepSeq.NFData Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.IAM.UploadSigningCertificate.UploadSigningCertificate


module Network.AWS.IAM.Waiters

-- | Polls <a>GetInstanceProfile</a> every 1 seconds until a successful
--   state is reached. An error is returned after 40 failed checks.
instanceProfileExists :: Wait GetInstanceProfile

-- | Polls <a>GetUser</a> every 1 seconds until a successful state is
--   reached. An error is returned after 20 failed checks.
userExists :: Wait GetUser


-- | <b>AWS Identity and Access Management</b>
--   
--   AWS Identity and Access Management (IAM) is a web service that you can
--   use to manage users and user permissions under your AWS account. This
--   guide provides descriptions of IAM actions that you can call
--   programmatically. For general information about IAM, see <a>AWS
--   Identity and Access Management (IAM)</a> . For the user guide for IAM,
--   see <a>Using IAM</a> .
--   
--   We recommend that you use the AWS SDKs to make programmatic API calls
--   to IAM. However, you can also use the IAM Query API to make direct
--   calls to the IAM web service. To learn more about the IAM Query API,
--   see <a>Making Query Requests</a> in the <i>Using IAM</i> guide. IAM
--   supports GET and POST requests for all actions. That is, the API does
--   not require you to use GET for some actions and POST for others.
--   However, GET requests are subject to the limitation size of a URL.
--   Therefore, for operations that require larger sizes, use a POST
--   request.
--   
--   <b>Signing Requests</b>
--   
--   Requests must be signed using an access key ID and a secret access
--   key. We strongly recommend that you do not use your AWS account access
--   key ID and secret access key for everyday work with IAM. You can use
--   the access key ID and secret access key for an IAM user or you can use
--   the AWS Security Token Service to generate temporary security
--   credentials and use those to sign requests.
--   
--   To sign requests, we recommend that you use <a>Signature Version 4</a>
--   . If you have an existing application that uses Signature Version 2,
--   you do not have to update it to use Signature Version 4. However, some
--   operations now require Signature Version 4. The documentation for
--   operations that require version 4 indicate this requirement.
--   
--   <b>Additional Resources</b>
--   
--   For more information, see the following:
--   
--   <ul>
--   <li><a>AWS Security Credentials</a> . This topic provides general
--   information about the types of credentials used for accessing
--   AWS.</li>
--   <li><a>IAM Best Practices</a> . This topic presents a list of
--   suggestions for using the IAM service to help secure your AWS
--   resources.</li>
--   <li><a>Signing AWS API Requests</a> . This set of topics walk you
--   through the process of signing a request using an access key ID and
--   secret access key.</li>
--   </ul>
module Network.AWS.IAM

-- | API version <tt>2010-05-08</tt> of the Amazon Identity and Access
--   Management SDK configuration.
iam :: Service

-- | The request was rejected because the credential report does not exist.
--   To generate a credential report, use <tt>GenerateCredentialReport</tt>
--   .
_CredentialReportNotPresentException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the credential report is still being
--   generated.
_CredentialReportNotReadyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the policy document was malformed.
--   The error message describes the specific error.
_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because it attempted to create a resource
--   that already exists.
_EntityAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the certificate was malformed or
--   expired. The error message describes the specific error.
_MalformedCertificateException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the most recent credential report has
--   expired. To generate a new credential report, use
--   <tt>GenerateCredentialReport</tt> . For more information about
--   credential report expiration, see <a>Getting Credential Reports</a> in
--   the <i>IAM User Guide</i> .
_CredentialReportExpiredException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because only the service that depends on the
--   service-linked role can modify or delete the role on your behalf. The
--   error message includes the name of the service that depends on this
--   service-linked role. You must request the change through that service.
_UnmodifiableEntityException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the same certificate is associated
--   with an IAM user in the account.
_DuplicateCertificateException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because it attempted to delete a resource
--   that has attached subordinate entities. The error message describes
--   these entities.
_DeleteConflictException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because it referenced an entity that does not
--   exist. The error message describes the entity.
_NoSuchEntityException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the certificate is invalid.
_InvalidCertificateException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request failed because AWS service role policies can only be
--   attached to the service-linked role for that service.
_PolicyNotAttachableException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The specified service does not support service-specific credentials.
_ServiceNotSupportedException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the public key encoding format is
--   unsupported or unrecognized.
_UnrecognizedPublicKeyEncodingException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the type of user for the transaction
--   was incorrect.
_InvalidUserTypeException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request processing has failed because of an unknown error,
--   exception or failure.
_ServiceFailureException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because an invalid or out-of-range value was
--   supplied for an input parameter.
_InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the public key is malformed or
--   otherwise invalid.
_InvalidPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the authentication code was not
--   recognized. The error message describes the specific error.
_InvalidAuthenticationCodeException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because it referenced an entity that is
--   temporarily unmodifiable, such as a user name that was deleted and
--   then recreated. The error indicates that the request is likely to
--   succeed if you try again after waiting several minutes. The error
--   message describes the entity.
_EntityTemporarilyUnmodifiableException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the SSH public key is already
--   associated with the specified IAM user.
_DuplicateSSHPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the public key certificate and the
--   private key do not match.
_KeyPairMismatchException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request failed because a provided policy could not be successfully
--   evaluated. An additional detailed message indicates the source of the
--   failure.
_PolicyEvaluationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because the provided password did not meet
--   the requirements imposed by the account password policy.
_PasswordPolicyViolationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request was rejected because it attempted to create resources
--   beyond the current AWS account limits. The error message describes the
--   limit exceeded.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Polls <a>GetInstanceProfile</a> every 1 seconds until a successful
--   state is reached. An error is returned after 40 failed checks.
instanceProfileExists :: Wait GetInstanceProfile

-- | Polls <a>GetUser</a> every 1 seconds until a successful state is
--   reached. An error is returned after 20 failed checks.
userExists :: Wait GetUser
data AssignmentStatusType
Any :: AssignmentStatusType
Assigned :: AssignmentStatusType
Unassigned :: AssignmentStatusType
data ContextKeyTypeEnum
Binary :: ContextKeyTypeEnum
BinaryList :: ContextKeyTypeEnum
Boolean :: ContextKeyTypeEnum
BooleanList :: ContextKeyTypeEnum
Date :: ContextKeyTypeEnum
DateList :: ContextKeyTypeEnum
IP :: ContextKeyTypeEnum
IPList :: ContextKeyTypeEnum
Numeric :: ContextKeyTypeEnum
NumericList :: ContextKeyTypeEnum
String :: ContextKeyTypeEnum
StringList :: ContextKeyTypeEnum
data DeletionTaskStatusType
Failed :: DeletionTaskStatusType
InProgress :: DeletionTaskStatusType
NotStarted :: DeletionTaskStatusType
Succeeded :: DeletionTaskStatusType
data EncodingType
Pem :: EncodingType
SSH :: EncodingType
data EntityType
ETAWSManagedPolicy :: EntityType
ETGroup :: EntityType
ETLocalManagedPolicy :: EntityType
ETRole :: EntityType
ETUser :: EntityType
data PolicyEvaluationDecisionType
Allowed :: PolicyEvaluationDecisionType
ExplicitDeny :: PolicyEvaluationDecisionType
ImplicitDeny :: PolicyEvaluationDecisionType
data PolicyScopeType
AWS :: PolicyScopeType
All :: PolicyScopeType
Local :: PolicyScopeType
data PolicySourceType
AWSManaged :: PolicySourceType
Group :: PolicySourceType
None :: PolicySourceType
Resource :: PolicySourceType
Role :: PolicySourceType
User :: PolicySourceType
UserManaged :: PolicySourceType
data ReportFormatType
TextCSV :: ReportFormatType
data ReportStateType
RSTComplete :: ReportStateType
RSTInprogress :: ReportStateType
RSTStarted :: ReportStateType
data StatusType
Active :: StatusType
Inactive :: StatusType
data SummaryKeyType
AccessKeysPerUserQuota :: SummaryKeyType
AccountAccessKeysPresent :: SummaryKeyType
AccountMFAEnabled :: SummaryKeyType
AccountSigningCertificatesPresent :: SummaryKeyType
AttachedPoliciesPerGroupQuota :: SummaryKeyType
AttachedPoliciesPerRoleQuota :: SummaryKeyType
AttachedPoliciesPerUserQuota :: SummaryKeyType
GroupPolicySizeQuota :: SummaryKeyType
Groups :: SummaryKeyType
GroupsPerUserQuota :: SummaryKeyType
GroupsQuota :: SummaryKeyType
MFADevices :: SummaryKeyType
MFADevicesInUse :: SummaryKeyType
Policies :: SummaryKeyType
PoliciesQuota :: SummaryKeyType
PolicySizeQuota :: SummaryKeyType
PolicyVersionsInUse :: SummaryKeyType
PolicyVersionsInUseQuota :: SummaryKeyType
ServerCertificates :: SummaryKeyType
ServerCertificatesQuota :: SummaryKeyType
SigningCertificatesPerUserQuota :: SummaryKeyType
UserPolicySizeQuota :: SummaryKeyType
Users :: SummaryKeyType
UsersQuota :: SummaryKeyType
VersionsPerPolicyQuota :: SummaryKeyType

-- | Contains information about an AWS access key.
--   
--   This data type is used as a response element in the
--   <tt>CreateAccessKey</tt> and <tt>ListAccessKeys</tt> operations.
--   
--   <i>See:</i> <a>accessKeyInfo</a> smart constructor.
data AccessKeyInfo

-- | Creates a value of <a>AccessKeyInfo</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>akiCreateDate</a> - The date when the access key was
--   created.</li>
--   <li><a>akiUserName</a> - The name of the IAM user that the access key
--   is associated with.</li>
--   <li><a>akiAccessKeyId</a> - The ID for this access key.</li>
--   <li><a>akiStatus</a> - The status of the access key. <tt>Active</tt>
--   means that the key is valid for API calls, while <tt>Inactive</tt>
--   means it is not.</li>
--   <li><a>akiSecretAccessKey</a> - The secret key used to sign
--   requests.</li>
--   </ul>
accessKeyInfo :: Text -> AccessKey -> StatusType -> Text -> AccessKeyInfo

-- | The date when the access key was created.
akiCreateDate :: Lens' AccessKeyInfo (Maybe UTCTime)

-- | The name of the IAM user that the access key is associated with.
akiUserName :: Lens' AccessKeyInfo Text

-- | The ID for this access key.
akiAccessKeyId :: Lens' AccessKeyInfo AccessKey

-- | The status of the access key. <tt>Active</tt> means that the key is
--   valid for API calls, while <tt>Inactive</tt> means it is not.
akiStatus :: Lens' AccessKeyInfo StatusType

-- | The secret key used to sign requests.
akiSecretAccessKey :: Lens' AccessKeyInfo Text

-- | Contains information about the last time an AWS access key was used.
--   
--   This data type is used as a response element in the
--   <tt>GetAccessKeyLastUsed</tt> operation.
--   
--   <i>See:</i> <a>accessKeyLastUsed</a> smart constructor.
data AccessKeyLastUsed

-- | Creates a value of <a>AccessKeyLastUsed</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>akluLastUsedDate</a> - The date and time, in <a>ISO 8601
--   date-time format</a> , when the access key was most recently used.
--   This field is null in the following situations: * The user does not
--   have an access key. * An access key exists but has never been used, at
--   least not since IAM started tracking this information on April 22nd,
--   2015. * There is no sign-in data associated with the user</li>
--   <li><a>akluServiceName</a> - The name of the AWS service with which
--   this access key was most recently used. This field displays "N/A" in
--   the following situations: * The user does not have an access key. * An
--   access key exists but has never been used, at least not since IAM
--   started tracking this information on April 22nd, 2015. * There is no
--   sign-in data associated with the user</li>
--   <li><a>akluRegion</a> - The AWS region where this access key was most
--   recently used. This field is displays "N<i>A" in the following
--   situations: * The user does not have an access key. * An access key
--   exists but has never been used, at least not since IAM started
--   tracking this information on April 22nd, 2015. * There is no sign-in
--   data associated with the user For more information about AWS regions,
--   see
--   &lt;http:</i><i>docs.aws.amazon.com</i>general<i>latest</i>gr/rande.html
--   Regions and Endpoints&gt; in the Amazon Web Services General
--   Reference.</li>
--   </ul>
accessKeyLastUsed :: UTCTime -> Text -> Text -> AccessKeyLastUsed

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   access key was most recently used. This field is null in the following
--   situations: * The user does not have an access key. * An access key
--   exists but has never been used, at least not since IAM started
--   tracking this information on April 22nd, 2015. * There is no sign-in
--   data associated with the user
akluLastUsedDate :: Lens' AccessKeyLastUsed UTCTime

-- | The name of the AWS service with which this access key was most
--   recently used. This field displays "N/A" in the following situations:
--   * The user does not have an access key. * An access key exists but has
--   never been used, at least not since IAM started tracking this
--   information on April 22nd, 2015. * There is no sign-in data associated
--   with the user
akluServiceName :: Lens' AccessKeyLastUsed Text

-- | The AWS region where this access key was most recently used. This
--   field is displays "N<i>A" in the following situations: * The user does
--   not have an access key. * An access key exists but has never been
--   used, at least not since IAM started tracking this information on
--   April 22nd, 2015. * There is no sign-in data associated with the user
--   For more information about AWS regions, see
--   &lt;http:</i><i>docs.aws.amazon.com</i>general<i>latest</i>gr/rande.html
--   Regions and Endpoints&gt; in the Amazon Web Services General
--   Reference.
akluRegion :: Lens' AccessKeyLastUsed Text

-- | Contains information about an AWS access key, without its secret key.
--   
--   This data type is used as a response element in the
--   <tt>ListAccessKeys</tt> operation.
--   
--   <i>See:</i> <a>accessKeyMetadata</a> smart constructor.
data AccessKeyMetadata

-- | Creates a value of <a>AccessKeyMetadata</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>akmStatus</a> - The status of the access key. <tt>Active</tt>
--   means the key is valid for API calls; <tt>Inactive</tt> means it is
--   not.</li>
--   <li><a>akmCreateDate</a> - The date when the access key was
--   created.</li>
--   <li><a>akmUserName</a> - The name of the IAM user that the key is
--   associated with.</li>
--   <li><a>akmAccessKeyId</a> - The ID for this access key.</li>
--   </ul>
accessKeyMetadata :: AccessKeyMetadata

-- | The status of the access key. <tt>Active</tt> means the key is valid
--   for API calls; <tt>Inactive</tt> means it is not.
akmStatus :: Lens' AccessKeyMetadata (Maybe StatusType)

-- | The date when the access key was created.
akmCreateDate :: Lens' AccessKeyMetadata (Maybe UTCTime)

-- | The name of the IAM user that the key is associated with.
akmUserName :: Lens' AccessKeyMetadata (Maybe Text)

-- | The ID for this access key.
akmAccessKeyId :: Lens' AccessKeyMetadata (Maybe AccessKey)

-- | Contains information about an attached policy.
--   
--   An attached policy is a managed policy that has been attached to a
--   user, group, or role. This data type is used as a response element in
--   the <tt>ListAttachedGroupPolicies</tt> ,
--   <tt>ListAttachedRolePolicies</tt> , <tt>ListAttachedUserPolicies</tt>
--   , and <tt>GetAccountAuthorizationDetails</tt> operations.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>attachedPolicy</a> smart constructor.
data AttachedPolicy

-- | Creates a value of <a>AttachedPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>apPolicyName</a> - The friendly name of the attached
--   policy.</li>
--   <li><a>apPolicyARN</a> - Undocumented member.</li>
--   </ul>
attachedPolicy :: AttachedPolicy

-- | The friendly name of the attached policy.
apPolicyName :: Lens' AttachedPolicy (Maybe Text)

-- | Undocumented member.
apPolicyARN :: Lens' AttachedPolicy (Maybe Text)

-- | Contains information about a condition context key. It includes the
--   name of the key and specifies the value (or values, if the context key
--   supports multiple values) to use in the simulation. This information
--   is used when evaluating the <tt>Condition</tt> elements of the input
--   policies.
--   
--   This data type is used as an input parameter to
--   <tt><tt>SimulateCustomPolicy</tt> </tt> and
--   <tt><tt>SimulateCustomPolicy</tt> </tt> .
--   
--   <i>See:</i> <a>contextEntry</a> smart constructor.
data ContextEntry

-- | Creates a value of <a>ContextEntry</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ceContextKeyValues</a> - The value (or values, if the condition
--   context key supports multiple values) to provide to the simulation
--   when the key is referenced by a <tt>Condition</tt> element in an input
--   policy.</li>
--   <li><a>ceContextKeyName</a> - The full name of a condition context
--   key, including the service prefix. For example, <tt>aws:SourceIp</tt>
--   or <tt>s3:VersionId</tt> .</li>
--   <li><a>ceContextKeyType</a> - The data type of the value (or values)
--   specified in the <tt>ContextKeyValues</tt> parameter.</li>
--   </ul>
contextEntry :: ContextEntry

-- | The value (or values, if the condition context key supports multiple
--   values) to provide to the simulation when the key is referenced by a
--   <tt>Condition</tt> element in an input policy.
ceContextKeyValues :: Lens' ContextEntry [Text]

-- | The full name of a condition context key, including the service
--   prefix. For example, <tt>aws:SourceIp</tt> or <tt>s3:VersionId</tt> .
ceContextKeyName :: Lens' ContextEntry (Maybe Text)

-- | The data type of the value (or values) specified in the
--   <tt>ContextKeyValues</tt> parameter.
ceContextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum)

-- | The reason that the service-linked role deletion failed.
--   
--   This data type is used as a response element in the
--   <tt>GetServiceLinkedRoleDeletionStatus</tt> operation.
--   
--   <i>See:</i> <a>deletionTaskFailureReasonType</a> smart constructor.
data DeletionTaskFailureReasonType

-- | Creates a value of <a>DeletionTaskFailureReasonType</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dtfrtRoleUsageList</a> - A list of objects that contains
--   details about the service-linked role deletion failure, if that
--   information is returned by the service. If the service-linked role has
--   active sessions or if any resources that were used by the role have
--   not been deleted from the linked service, the role can't be deleted.
--   This parameter includes a list of the resources that are associated
--   with the role and the region in which the resources are being
--   used.</li>
--   <li><a>dtfrtReason</a> - A short description of the reason that the
--   service-linked role deletion failed.</li>
--   </ul>
deletionTaskFailureReasonType :: DeletionTaskFailureReasonType

-- | A list of objects that contains details about the service-linked role
--   deletion failure, if that information is returned by the service. If
--   the service-linked role has active sessions or if any resources that
--   were used by the role have not been deleted from the linked service,
--   the role can't be deleted. This parameter includes a list of the
--   resources that are associated with the role and the region in which
--   the resources are being used.
dtfrtRoleUsageList :: Lens' DeletionTaskFailureReasonType [RoleUsageType]

-- | A short description of the reason that the service-linked role
--   deletion failed.
dtfrtReason :: Lens' DeletionTaskFailureReasonType (Maybe Text)

-- | Contains the results of a simulation.
--   
--   This data type is used by the return parameter of
--   <tt><tt>SimulateCustomPolicy</tt> </tt> and
--   <tt><tt>SimulatePrincipalPolicy</tt> </tt> .
--   
--   <i>See:</i> <a>evaluationResult</a> smart constructor.
data EvaluationResult

-- | Creates a value of <a>EvaluationResult</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>erMatchedStatements</a> - A list of the statements in the input
--   policies that determine the result for this scenario. Remember that
--   even if multiple statements allow the operation on the resource, if
--   only one statement denies that operation, then the explicit deny
--   overrides any allow, and the deny statement is the only entry included
--   in the result.</li>
--   <li><a>erEvalDecisionDetails</a> - Additional details about the
--   results of the evaluation decision. When there are both IAM policies
--   and resource policies, this parameter explains how each set of
--   policies contributes to the final evaluation decision. When simulating
--   cross-account access to a resource, both the resource-based policy and
--   the caller's IAM policy must grant access. See <a>How IAM Roles Differ
--   from Resource-based Policies</a></li>
--   <li><a>erResourceSpecificResults</a> - The individual results of the
--   simulation of the API operation specified in EvalActionName on each
--   resource.</li>
--   <li><a>erEvalResourceName</a> - The ARN of the resource that the
--   indicated API operation was tested on.</li>
--   <li><a>erMissingContextValues</a> - A list of context keys that are
--   required by the included input policies but that were not provided by
--   one of the input parameters. This list is used when the resource in a
--   simulation is "*", either explicitly, or when the
--   <tt>ResourceArns</tt> parameter blank. If you include a list of
--   resources, then any missing context values are instead included under
--   the <tt>ResourceSpecificResults</tt> section. To discover the context
--   keys used by a set of policies, you can call
--   <tt>GetContextKeysForCustomPolicy</tt> or
--   <tt>GetContextKeysForPrincipalPolicy</tt> .</li>
--   <li><a>erOrganizationsDecisionDetail</a> - A structure that details
--   how AWS Organizations and its service control policies affect the
--   results of the simulation. Only applies if the simulated user's
--   account is part of an organization.</li>
--   <li><a>erEvalActionName</a> - The name of the API operation tested on
--   the indicated resource.</li>
--   <li><a>erEvalDecision</a> - The result of the simulation.</li>
--   </ul>
evaluationResult :: Text -> PolicyEvaluationDecisionType -> EvaluationResult

-- | A list of the statements in the input policies that determine the
--   result for this scenario. Remember that even if multiple statements
--   allow the operation on the resource, if only one statement denies that
--   operation, then the explicit deny overrides any allow, and the deny
--   statement is the only entry included in the result.
erMatchedStatements :: Lens' EvaluationResult [Statement]

-- | Additional details about the results of the evaluation decision. When
--   there are both IAM policies and resource policies, this parameter
--   explains how each set of policies contributes to the final evaluation
--   decision. When simulating cross-account access to a resource, both the
--   resource-based policy and the caller's IAM policy must grant access.
--   See <a>How IAM Roles Differ from Resource-based Policies</a>
erEvalDecisionDetails :: Lens' EvaluationResult (HashMap Text PolicyEvaluationDecisionType)

-- | The individual results of the simulation of the API operation
--   specified in EvalActionName on each resource.
erResourceSpecificResults :: Lens' EvaluationResult [ResourceSpecificResult]

-- | The ARN of the resource that the indicated API operation was tested
--   on.
erEvalResourceName :: Lens' EvaluationResult (Maybe Text)

-- | A list of context keys that are required by the included input
--   policies but that were not provided by one of the input parameters.
--   This list is used when the resource in a simulation is "*", either
--   explicitly, or when the <tt>ResourceArns</tt> parameter blank. If you
--   include a list of resources, then any missing context values are
--   instead included under the <tt>ResourceSpecificResults</tt> section.
--   To discover the context keys used by a set of policies, you can call
--   <tt>GetContextKeysForCustomPolicy</tt> or
--   <tt>GetContextKeysForPrincipalPolicy</tt> .
erMissingContextValues :: Lens' EvaluationResult [Text]

-- | A structure that details how AWS Organizations and its service control
--   policies affect the results of the simulation. Only applies if the
--   simulated user's account is part of an organization.
erOrganizationsDecisionDetail :: Lens' EvaluationResult (Maybe OrganizationsDecisionDetail)

-- | The name of the API operation tested on the indicated resource.
erEvalActionName :: Lens' EvaluationResult Text

-- | The result of the simulation.
erEvalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType

-- | Contains the response to a successful
--   <tt>GetContextKeysForPrincipalPolicy</tt> or
--   <tt>GetContextKeysForCustomPolicy</tt> request.
--   
--   <i>See:</i> <a>getContextKeysForPolicyResponse</a> smart constructor.
data GetContextKeysForPolicyResponse

-- | Creates a value of <a>GetContextKeysForPolicyResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gckfpContextKeyNames</a> - The list of context keys that are
--   referenced in the input policies.</li>
--   </ul>
getContextKeysForPolicyResponse :: GetContextKeysForPolicyResponse

-- | The list of context keys that are referenced in the input policies.
gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text]

-- | Contains information about an IAM group entity.
--   
--   This data type is used as a response element in the following
--   operations:
--   
--   <ul>
--   <li><tt>CreateGroup</tt></li>
--   <li><tt>GetGroup</tt></li>
--   <li><tt>ListGroups</tt></li>
--   </ul>
--   
--   <i>See:</i> <a>group'</a> smart constructor.
data Group

-- | Creates a value of <a>Group</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gPath</a> - The path to the group. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>gGroupName</a> - The friendly name that identifies the
--   group.</li>
--   <li><a>gGroupId</a> - The stable and unique string identifying the
--   group. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>gARN</a> - The Amazon Resource Name (ARN) specifying the group.
--   For more information about ARNs and how to use them in policies, see
--   <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>gCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the group was created.</li>
--   </ul>
group' :: Text -> Text -> Text -> Text -> UTCTime -> Group

-- | The path to the group. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
gPath :: Lens' Group Text

-- | The friendly name that identifies the group.
gGroupName :: Lens' Group Text

-- | The stable and unique string identifying the group. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
gGroupId :: Lens' Group Text

-- | The Amazon Resource Name (ARN) specifying the group. For more
--   information about ARNs and how to use them in policies, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
gARN :: Lens' Group Text

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   group was created.
gCreateDate :: Lens' Group UTCTime

-- | Contains information about an IAM group, including all of the group's
--   policies.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountAuthorizationDetails</tt> operation.
--   
--   <i>See:</i> <a>groupDetail</a> smart constructor.
data GroupDetail

-- | Creates a value of <a>GroupDetail</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gdARN</a> - Undocumented member.</li>
--   <li><a>gdPath</a> - The path to the group. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>gdCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the group was created.</li>
--   <li><a>gdGroupId</a> - The stable and unique string identifying the
--   group. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>gdGroupPolicyList</a> - A list of the inline policies embedded
--   in the group.</li>
--   <li><a>gdGroupName</a> - The friendly name that identifies the
--   group.</li>
--   <li><a>gdAttachedManagedPolicies</a> - A list of the managed policies
--   attached to the group.</li>
--   </ul>
groupDetail :: GroupDetail

-- | Undocumented member.
gdARN :: Lens' GroupDetail (Maybe Text)

-- | The path to the group. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
gdPath :: Lens' GroupDetail (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   group was created.
gdCreateDate :: Lens' GroupDetail (Maybe UTCTime)

-- | The stable and unique string identifying the group. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
gdGroupId :: Lens' GroupDetail (Maybe Text)

-- | A list of the inline policies embedded in the group.
gdGroupPolicyList :: Lens' GroupDetail [PolicyDetail]

-- | The friendly name that identifies the group.
gdGroupName :: Lens' GroupDetail (Maybe Text)

-- | A list of the managed policies attached to the group.
gdAttachedManagedPolicies :: Lens' GroupDetail [AttachedPolicy]

-- | Contains information about an instance profile.
--   
--   This data type is used as a response element in the following
--   operations:
--   
--   <ul>
--   <li><tt>CreateInstanceProfile</tt></li>
--   <li><tt>GetInstanceProfile</tt></li>
--   <li><tt>ListInstanceProfiles</tt></li>
--   <li><tt>ListInstanceProfilesForRole</tt></li>
--   </ul>
--   
--   <i>See:</i> <a>instanceProfile</a> smart constructor.
data InstanceProfile

-- | Creates a value of <a>InstanceProfile</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipPath</a> - The path to the instance profile. For more
--   information about paths, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.</li>
--   <li><a>ipInstanceProfileName</a> - The name identifying the instance
--   profile.</li>
--   <li><a>ipInstanceProfileId</a> - The stable and unique string
--   identifying the instance profile. For more information about IDs, see
--   <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>ipARN</a> - The Amazon Resource Name (ARN) specifying the
--   instance profile. For more information about ARNs and how to use them
--   in policies, see <a>IAM Identifiers</a> in the <i>Using IAM</i>
--   guide.</li>
--   <li><a>ipCreateDate</a> - The date when the instance profile was
--   created.</li>
--   <li><a>ipRoles</a> - The role associated with the instance
--   profile.</li>
--   </ul>
instanceProfile :: Text -> Text -> Text -> Text -> UTCTime -> InstanceProfile

-- | The path to the instance profile. For more information about paths,
--   see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.
ipPath :: Lens' InstanceProfile Text

-- | The name identifying the instance profile.
ipInstanceProfileName :: Lens' InstanceProfile Text

-- | The stable and unique string identifying the instance profile. For
--   more information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
ipInstanceProfileId :: Lens' InstanceProfile Text

-- | The Amazon Resource Name (ARN) specifying the instance profile. For
--   more information about ARNs and how to use them in policies, see
--   <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.
ipARN :: Lens' InstanceProfile Text

-- | The date when the instance profile was created.
ipCreateDate :: Lens' InstanceProfile UTCTime

-- | The role associated with the instance profile.
ipRoles :: Lens' InstanceProfile [Role]

-- | Contains the user name and password create date for a user.
--   
--   This data type is used as a response element in the
--   <tt>CreateLoginProfile</tt> and <tt>GetLoginProfile</tt> operations.
--   
--   <i>See:</i> <a>loginProfile</a> smart constructor.
data LoginProfile

-- | Creates a value of <a>LoginProfile</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lpPasswordResetRequired</a> - Specifies whether the user is
--   required to set a new password on next sign-in.</li>
--   <li><a>lpUserName</a> - The name of the user, which can be used for
--   signing in to the AWS Management Console.</li>
--   <li><a>lpCreateDate</a> - The date when the password for the user was
--   created.</li>
--   </ul>
loginProfile :: Text -> UTCTime -> LoginProfile

-- | Specifies whether the user is required to set a new password on next
--   sign-in.
lpPasswordResetRequired :: Lens' LoginProfile (Maybe Bool)

-- | The name of the user, which can be used for signing in to the AWS
--   Management Console.
lpUserName :: Lens' LoginProfile Text

-- | The date when the password for the user was created.
lpCreateDate :: Lens' LoginProfile UTCTime

-- | Contains information about an MFA device.
--   
--   This data type is used as a response element in the
--   <tt>ListMFADevices</tt> operation.
--   
--   <i>See:</i> <a>mfaDevice</a> smart constructor.
data MFADevice

-- | Creates a value of <a>MFADevice</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>mdUserName</a> - The user with whom the MFA device is
--   associated.</li>
--   <li><a>mdSerialNumber</a> - The serial number that uniquely identifies
--   the MFA device. For virtual MFA devices, the serial number is the
--   device ARN.</li>
--   <li><a>mdEnableDate</a> - The date when the MFA device was enabled for
--   the user.</li>
--   </ul>
mfaDevice :: Text -> Text -> UTCTime -> MFADevice

-- | The user with whom the MFA device is associated.
mdUserName :: Lens' MFADevice Text

-- | The serial number that uniquely identifies the MFA device. For virtual
--   MFA devices, the serial number is the device ARN.
mdSerialNumber :: Lens' MFADevice Text

-- | The date when the MFA device was enabled for the user.
mdEnableDate :: Lens' MFADevice UTCTime

-- | Contains information about a managed policy, including the policy's
--   ARN, versions, and the number of principal entities (users, groups,
--   and roles) that the policy is attached to.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountAuthorizationDetails</tt> operation.
--   
--   For more information about managed policies, see <a>Managed Policies
--   and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>managedPolicyDetail</a> smart constructor.
data ManagedPolicyDetail

-- | Creates a value of <a>ManagedPolicyDetail</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>mpdPolicyName</a> - The friendly name (not ARN) identifying the
--   policy.</li>
--   <li><a>mpdARN</a> - Undocumented member.</li>
--   <li><a>mpdUpdateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the policy was last updated. When a policy has only
--   one version, this field contains the date and time when the policy was
--   created. When a policy has more than one version, this field contains
--   the date and time when the most recent policy version was
--   created.</li>
--   <li><a>mpdPolicyId</a> - The stable and unique string identifying the
--   policy. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>mpdPath</a> - The path to the policy. For more information
--   about paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i>
--   guide.</li>
--   <li><a>mpdPolicyVersionList</a> - A list containing information about
--   the versions of the policy.</li>
--   <li><a>mpdCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the policy was created.</li>
--   <li><a>mpdIsAttachable</a> - Specifies whether the policy can be
--   attached to an IAM user, group, or role.</li>
--   <li><a>mpdDefaultVersionId</a> - The identifier for the version of the
--   policy that is set as the default (operative) version. For more
--   information about policy versions, see <a>Versioning for Managed
--   Policies</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>mpdAttachmentCount</a> - The number of principal entities
--   (users, groups, and roles) that the policy is attached to.</li>
--   <li><a>mpdDescription</a> - A friendly description of the policy.</li>
--   </ul>
managedPolicyDetail :: ManagedPolicyDetail

-- | The friendly name (not ARN) identifying the policy.
mpdPolicyName :: Lens' ManagedPolicyDetail (Maybe Text)

-- | Undocumented member.
mpdARN :: Lens' ManagedPolicyDetail (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   policy was last updated. When a policy has only one version, this
--   field contains the date and time when the policy was created. When a
--   policy has more than one version, this field contains the date and
--   time when the most recent policy version was created.
mpdUpdateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)

-- | The stable and unique string identifying the policy. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
mpdPolicyId :: Lens' ManagedPolicyDetail (Maybe Text)

-- | The path to the policy. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
mpdPath :: Lens' ManagedPolicyDetail (Maybe Text)

-- | A list containing information about the versions of the policy.
mpdPolicyVersionList :: Lens' ManagedPolicyDetail [PolicyVersion]

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   policy was created.
mpdCreateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)

-- | Specifies whether the policy can be attached to an IAM user, group, or
--   role.
mpdIsAttachable :: Lens' ManagedPolicyDetail (Maybe Bool)

-- | The identifier for the version of the policy that is set as the
--   default (operative) version. For more information about policy
--   versions, see <a>Versioning for Managed Policies</a> in the <i>Using
--   IAM</i> guide.
mpdDefaultVersionId :: Lens' ManagedPolicyDetail (Maybe Text)

-- | The number of principal entities (users, groups, and roles) that the
--   policy is attached to.
mpdAttachmentCount :: Lens' ManagedPolicyDetail (Maybe Int)

-- | A friendly description of the policy.
mpdDescription :: Lens' ManagedPolicyDetail (Maybe Text)

-- | Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect
--   provider.
--   
--   <i>See:</i> <a>openIdConnectProviderListEntry</a> smart constructor.
data OpenIdConnectProviderListEntry

-- | Creates a value of <a>OpenIdConnectProviderListEntry</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>oicpleARN</a> - Undocumented member.</li>
--   </ul>
openIdConnectProviderListEntry :: OpenIdConnectProviderListEntry

-- | Undocumented member.
oicpleARN :: Lens' OpenIdConnectProviderListEntry (Maybe Text)

-- | Contains information about AWS Organizations's effect on a policy
--   simulation.
--   
--   <i>See:</i> <a>organizationsDecisionDetail</a> smart constructor.
data OrganizationsDecisionDetail

-- | Creates a value of <a>OrganizationsDecisionDetail</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>oddAllowedByOrganizations</a> - Specifies whether the simulated
--   operation is allowed by the AWS Organizations service control policies
--   that impact the simulated user's account.</li>
--   </ul>
organizationsDecisionDetail :: OrganizationsDecisionDetail

-- | Specifies whether the simulated operation is allowed by the AWS
--   Organizations service control policies that impact the simulated
--   user's account.
oddAllowedByOrganizations :: Lens' OrganizationsDecisionDetail (Maybe Bool)

-- | Contains information about the account password policy.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountPasswordPolicy</tt> operation.
--   
--   <i>See:</i> <a>passwordPolicy</a> smart constructor.
data PasswordPolicy

-- | Creates a value of <a>PasswordPolicy</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ppExpirePasswords</a> - Indicates whether passwords in the
--   account expire. Returns true if <tt>MaxPasswordAge</tt> contains a
--   value greater than 0. Returns false if MaxPasswordAge is 0 or not
--   present.</li>
--   <li><a>ppMinimumPasswordLength</a> - Minimum length to require for IAM
--   user passwords.</li>
--   <li><a>ppRequireNumbers</a> - Specifies whether to require numbers for
--   IAM user passwords.</li>
--   <li><a>ppPasswordReusePrevention</a> - Specifies the number of
--   previous passwords that IAM users are prevented from reusing.</li>
--   <li><a>ppRequireLowercaseCharacters</a> - Specifies whether to require
--   lowercase characters for IAM user passwords.</li>
--   <li><a>ppMaxPasswordAge</a> - The number of days that an IAM user
--   password is valid.</li>
--   <li><a>ppHardExpiry</a> - Specifies whether IAM users are prevented
--   from setting a new password after their password has expired.</li>
--   <li><a>ppRequireSymbols</a> - Specifies whether to require symbols for
--   IAM user passwords.</li>
--   <li><a>ppRequireUppercaseCharacters</a> - Specifies whether to require
--   uppercase characters for IAM user passwords.</li>
--   <li><a>ppAllowUsersToChangePassword</a> - Specifies whether IAM users
--   are allowed to change their own password.</li>
--   </ul>
passwordPolicy :: PasswordPolicy

-- | Indicates whether passwords in the account expire. Returns true if
--   <tt>MaxPasswordAge</tt> contains a value greater than 0. Returns false
--   if MaxPasswordAge is 0 or not present.
ppExpirePasswords :: Lens' PasswordPolicy (Maybe Bool)

-- | Minimum length to require for IAM user passwords.
ppMinimumPasswordLength :: Lens' PasswordPolicy (Maybe Natural)

-- | Specifies whether to require numbers for IAM user passwords.
ppRequireNumbers :: Lens' PasswordPolicy (Maybe Bool)

-- | Specifies the number of previous passwords that IAM users are
--   prevented from reusing.
ppPasswordReusePrevention :: Lens' PasswordPolicy (Maybe Natural)

-- | Specifies whether to require lowercase characters for IAM user
--   passwords.
ppRequireLowercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)

-- | The number of days that an IAM user password is valid.
ppMaxPasswordAge :: Lens' PasswordPolicy (Maybe Natural)

-- | Specifies whether IAM users are prevented from setting a new password
--   after their password has expired.
ppHardExpiry :: Lens' PasswordPolicy (Maybe Bool)

-- | Specifies whether to require symbols for IAM user passwords.
ppRequireSymbols :: Lens' PasswordPolicy (Maybe Bool)

-- | Specifies whether to require uppercase characters for IAM user
--   passwords.
ppRequireUppercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)

-- | Specifies whether IAM users are allowed to change their own password.
ppAllowUsersToChangePassword :: Lens' PasswordPolicy (Maybe Bool)

-- | Contains information about a managed policy.
--   
--   This data type is used as a response element in the
--   <tt>CreatePolicy</tt> , <tt>GetPolicy</tt> , and <tt>ListPolicies</tt>
--   operations.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>policy</a> smart constructor.
data Policy

-- | Creates a value of <a>Policy</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pPolicyName</a> - The friendly name (not ARN) identifying the
--   policy.</li>
--   <li><a>pARN</a> - Undocumented member.</li>
--   <li><a>pUpdateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the policy was last updated. When a policy has only
--   one version, this field contains the date and time when the policy was
--   created. When a policy has more than one version, this field contains
--   the date and time when the most recent policy version was
--   created.</li>
--   <li><a>pPolicyId</a> - The stable and unique string identifying the
--   policy. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>pPath</a> - The path to the policy. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>pCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the policy was created.</li>
--   <li><a>pIsAttachable</a> - Specifies whether the policy can be
--   attached to an IAM user, group, or role.</li>
--   <li><a>pDefaultVersionId</a> - The identifier for the version of the
--   policy that is set as the default version.</li>
--   <li><a>pAttachmentCount</a> - The number of entities (users, groups,
--   and roles) that the policy is attached to.</li>
--   <li><a>pDescription</a> - A friendly description of the policy. This
--   element is included in the response to the <tt>GetPolicy</tt>
--   operation. It is not included in the response to the
--   <tt>ListPolicies</tt> operation.</li>
--   </ul>
policy :: Policy

-- | The friendly name (not ARN) identifying the policy.
pPolicyName :: Lens' Policy (Maybe Text)

-- | Undocumented member.
pARN :: Lens' Policy (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   policy was last updated. When a policy has only one version, this
--   field contains the date and time when the policy was created. When a
--   policy has more than one version, this field contains the date and
--   time when the most recent policy version was created.
pUpdateDate :: Lens' Policy (Maybe UTCTime)

-- | The stable and unique string identifying the policy. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
pPolicyId :: Lens' Policy (Maybe Text)

-- | The path to the policy. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
pPath :: Lens' Policy (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   policy was created.
pCreateDate :: Lens' Policy (Maybe UTCTime)

-- | Specifies whether the policy can be attached to an IAM user, group, or
--   role.
pIsAttachable :: Lens' Policy (Maybe Bool)

-- | The identifier for the version of the policy that is set as the
--   default version.
pDefaultVersionId :: Lens' Policy (Maybe Text)

-- | The number of entities (users, groups, and roles) that the policy is
--   attached to.
pAttachmentCount :: Lens' Policy (Maybe Int)

-- | A friendly description of the policy. This element is included in the
--   response to the <tt>GetPolicy</tt> operation. It is not included in
--   the response to the <tt>ListPolicies</tt> operation.
pDescription :: Lens' Policy (Maybe Text)

-- | Contains information about an IAM policy, including the policy
--   document.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountAuthorizationDetails</tt> operation.
--   
--   <i>See:</i> <a>policyDetail</a> smart constructor.
data PolicyDetail

-- | Creates a value of <a>PolicyDetail</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pdPolicyDocument</a> - The policy document.</li>
--   <li><a>pdPolicyName</a> - The name of the policy.</li>
--   </ul>
policyDetail :: PolicyDetail

-- | The policy document.
pdPolicyDocument :: Lens' PolicyDetail (Maybe Text)

-- | The name of the policy.
pdPolicyName :: Lens' PolicyDetail (Maybe Text)

-- | Contains information about a group that a managed policy is attached
--   to.
--   
--   This data type is used as a response element in the
--   <tt>ListEntitiesForPolicy</tt> operation.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>policyGroup</a> smart constructor.
data PolicyGroup

-- | Creates a value of <a>PolicyGroup</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pgGroupId</a> - The stable and unique string identifying the
--   group. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>IAM User Guide</i> .</li>
--   <li><a>pgGroupName</a> - The name (friendly name, not ARN) identifying
--   the group.</li>
--   </ul>
policyGroup :: PolicyGroup

-- | The stable and unique string identifying the group. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>IAM User
--   Guide</i> .
pgGroupId :: Lens' PolicyGroup (Maybe Text)

-- | The name (friendly name, not ARN) identifying the group.
pgGroupName :: Lens' PolicyGroup (Maybe Text)

-- | Contains information about a role that a managed policy is attached
--   to.
--   
--   This data type is used as a response element in the
--   <tt>ListEntitiesForPolicy</tt> operation.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>policyRole</a> smart constructor.
data PolicyRole

-- | Creates a value of <a>PolicyRole</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>prRoleName</a> - The name (friendly name, not ARN) identifying
--   the role.</li>
--   <li><a>prRoleId</a> - The stable and unique string identifying the
--   role. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>IAM User Guide</i> .</li>
--   </ul>
policyRole :: PolicyRole

-- | The name (friendly name, not ARN) identifying the role.
prRoleName :: Lens' PolicyRole (Maybe Text)

-- | The stable and unique string identifying the role. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>IAM User
--   Guide</i> .
prRoleId :: Lens' PolicyRole (Maybe Text)

-- | Contains information about a user that a managed policy is attached
--   to.
--   
--   This data type is used as a response element in the
--   <tt>ListEntitiesForPolicy</tt> operation.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>policyUser</a> smart constructor.
data PolicyUser

-- | Creates a value of <a>PolicyUser</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>puUserName</a> - The name (friendly name, not ARN) identifying
--   the user.</li>
--   <li><a>puUserId</a> - The stable and unique string identifying the
--   user. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>IAM User Guide</i> .</li>
--   </ul>
policyUser :: PolicyUser

-- | The name (friendly name, not ARN) identifying the user.
puUserName :: Lens' PolicyUser (Maybe Text)

-- | The stable and unique string identifying the user. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>IAM User
--   Guide</i> .
puUserId :: Lens' PolicyUser (Maybe Text)

-- | Contains information about a version of a managed policy.
--   
--   This data type is used as a response element in the
--   <tt>CreatePolicyVersion</tt> , <tt>GetPolicyVersion</tt> ,
--   <tt>ListPolicyVersions</tt> , and
--   <tt>GetAccountAuthorizationDetails</tt> operations.
--   
--   For more information about managed policies, refer to <a>Managed
--   Policies and Inline Policies</a> in the <i>Using IAM</i> guide.
--   
--   <i>See:</i> <a>policyVersion</a> smart constructor.
data PolicyVersion

-- | Creates a value of <a>PolicyVersion</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pvVersionId</a> - The identifier for the policy version. Policy
--   version identifiers always begin with <tt>v</tt> (always lowercase).
--   When a policy is created, the first policy version is <tt>v1</tt>
--   .</li>
--   <li><a>pvCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the policy version was created.</li>
--   <li><a>pvDocument</a> - The policy document. The policy document is
--   returned in the response to the <tt>GetPolicyVersion</tt> and
--   <tt>GetAccountAuthorizationDetails</tt> operations. It is not returned
--   in the response to the <tt>CreatePolicyVersion</tt> or
--   <tt>ListPolicyVersions</tt> operations. The policy document returned
--   in this structure is URL-encoded compliant with <a>RFC 3986</a> . You
--   can use a URL decoding method to convert the policy back to plain JSON
--   text. For example, if you use Java, you can use the <tt>decode</tt>
--   method of the <tt>java.net.URLDecoder</tt> utility class in the Java
--   SDK. Other languages and SDKs provide similar functionality.</li>
--   <li><a>pvIsDefaultVersion</a> - Specifies whether the policy version
--   is set as the policy's default version.</li>
--   </ul>
policyVersion :: PolicyVersion

-- | The identifier for the policy version. Policy version identifiers
--   always begin with <tt>v</tt> (always lowercase). When a policy is
--   created, the first policy version is <tt>v1</tt> .
pvVersionId :: Lens' PolicyVersion (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   policy version was created.
pvCreateDate :: Lens' PolicyVersion (Maybe UTCTime)

-- | The policy document. The policy document is returned in the response
--   to the <tt>GetPolicyVersion</tt> and
--   <tt>GetAccountAuthorizationDetails</tt> operations. It is not returned
--   in the response to the <tt>CreatePolicyVersion</tt> or
--   <tt>ListPolicyVersions</tt> operations. The policy document returned
--   in this structure is URL-encoded compliant with <a>RFC 3986</a> . You
--   can use a URL decoding method to convert the policy back to plain JSON
--   text. For example, if you use Java, you can use the <tt>decode</tt>
--   method of the <tt>java.net.URLDecoder</tt> utility class in the Java
--   SDK. Other languages and SDKs provide similar functionality.
pvDocument :: Lens' PolicyVersion (Maybe Text)

-- | Specifies whether the policy version is set as the policy's default
--   version.
pvIsDefaultVersion :: Lens' PolicyVersion (Maybe Bool)

-- | Contains the row and column of a location of a <tt>Statement</tt>
--   element in a policy document.
--   
--   This data type is used as a member of the <tt><a>Statement</a> </tt>
--   type.
--   
--   <i>See:</i> <a>position</a> smart constructor.
data Position

-- | Creates a value of <a>Position</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pLine</a> - The line containing the specified position in the
--   document.</li>
--   <li><a>pColumn</a> - The column in the line containing the specified
--   position in the document.</li>
--   </ul>
position :: Position

-- | The line containing the specified position in the document.
pLine :: Lens' Position (Maybe Int)

-- | The column in the line containing the specified position in the
--   document.
pColumn :: Lens' Position (Maybe Int)

-- | Contains the result of the simulation of a single API operation call
--   on a single resource.
--   
--   This data type is used by a member of the <a>EvaluationResult</a> data
--   type.
--   
--   <i>See:</i> <a>resourceSpecificResult</a> smart constructor.
data ResourceSpecificResult

-- | Creates a value of <a>ResourceSpecificResult</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rsrMatchedStatements</a> - A list of the statements in the
--   input policies that determine the result for this part of the
--   simulation. Remember that even if multiple statements allow the
--   operation on the resource, if <i>any</i> statement denies that
--   operation, then the explicit deny overrides any allow, and the deny
--   statement is the only entry included in the result.</li>
--   <li><a>rsrEvalDecisionDetails</a> - Additional details about the
--   results of the evaluation decision. When there are both IAM policies
--   and resource policies, this parameter explains how each set of
--   policies contributes to the final evaluation decision. When simulating
--   cross-account access to a resource, both the resource-based policy and
--   the caller's IAM policy must grant access.</li>
--   <li><a>rsrMissingContextValues</a> - A list of context keys that are
--   required by the included input policies but that were not provided by
--   one of the input parameters. This list is used when a list of ARNs is
--   included in the <tt>ResourceArns</tt> parameter instead of "*". If you
--   do not specify individual resources, by setting <tt>ResourceArns</tt>
--   to "*" or by not including the <tt>ResourceArns</tt> parameter, then
--   any missing context values are instead included under the
--   <tt>EvaluationResults</tt> section. To discover the context keys used
--   by a set of policies, you can call
--   <tt>GetContextKeysForCustomPolicy</tt> or
--   <tt>GetContextKeysForPrincipalPolicy</tt> .</li>
--   <li><a>rsrEvalResourceName</a> - The name of the simulated resource,
--   in Amazon Resource Name (ARN) format.</li>
--   <li><a>rsrEvalResourceDecision</a> - The result of the simulation of
--   the simulated API operation on the resource specified in
--   <tt>EvalResourceName</tt> .</li>
--   </ul>
resourceSpecificResult :: Text -> PolicyEvaluationDecisionType -> ResourceSpecificResult

-- | A list of the statements in the input policies that determine the
--   result for this part of the simulation. Remember that even if multiple
--   statements allow the operation on the resource, if <i>any</i>
--   statement denies that operation, then the explicit deny overrides any
--   allow, and the deny statement is the only entry included in the
--   result.
rsrMatchedStatements :: Lens' ResourceSpecificResult [Statement]

-- | Additional details about the results of the evaluation decision. When
--   there are both IAM policies and resource policies, this parameter
--   explains how each set of policies contributes to the final evaluation
--   decision. When simulating cross-account access to a resource, both the
--   resource-based policy and the caller's IAM policy must grant access.
rsrEvalDecisionDetails :: Lens' ResourceSpecificResult (HashMap Text PolicyEvaluationDecisionType)

-- | A list of context keys that are required by the included input
--   policies but that were not provided by one of the input parameters.
--   This list is used when a list of ARNs is included in the
--   <tt>ResourceArns</tt> parameter instead of "*". If you do not specify
--   individual resources, by setting <tt>ResourceArns</tt> to "*" or by
--   not including the <tt>ResourceArns</tt> parameter, then any missing
--   context values are instead included under the
--   <tt>EvaluationResults</tt> section. To discover the context keys used
--   by a set of policies, you can call
--   <tt>GetContextKeysForCustomPolicy</tt> or
--   <tt>GetContextKeysForPrincipalPolicy</tt> .
rsrMissingContextValues :: Lens' ResourceSpecificResult [Text]

-- | The name of the simulated resource, in Amazon Resource Name (ARN)
--   format.
rsrEvalResourceName :: Lens' ResourceSpecificResult Text

-- | The result of the simulation of the simulated API operation on the
--   resource specified in <tt>EvalResourceName</tt> .
rsrEvalResourceDecision :: Lens' ResourceSpecificResult PolicyEvaluationDecisionType

-- | Contains information about an IAM role. This structure is returned as
--   a response element in several API operations that interact with roles.
--   
--   <i>See:</i> <a>role'</a> smart constructor.
data Role

-- | Creates a value of <a>Role</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rMaxSessionDuration</a> - The maximum session duration (in
--   seconds) for the specified role. Anyone who uses the AWS CLI or API to
--   assume the role can specify the duration using the optional
--   <tt>DurationSeconds</tt> API parameter or <tt>duration-seconds</tt>
--   CLI parameter.</li>
--   <li><a>rAssumeRolePolicyDocument</a> - The policy that grants an
--   entity permission to assume the role.</li>
--   <li><a>rDescription</a> - A description of the role that you
--   provide.</li>
--   <li><a>rPath</a> - The path to the role. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>rRoleName</a> - The friendly name that identifies the
--   role.</li>
--   <li><a>rRoleId</a> - The stable and unique string identifying the
--   role. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>rARN</a> - The Amazon Resource Name (ARN) specifying the role.
--   For more information about ARNs and how to use them in policies, see
--   <a>IAM Identifiers</a> in the <i>IAM User Guide</i> guide.</li>
--   <li><a>rCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the role was created.</li>
--   </ul>
role' :: Text -> Text -> Text -> Text -> UTCTime -> Role

-- | The maximum session duration (in seconds) for the specified role.
--   Anyone who uses the AWS CLI or API to assume the role can specify the
--   duration using the optional <tt>DurationSeconds</tt> API parameter or
--   <tt>duration-seconds</tt> CLI parameter.
rMaxSessionDuration :: Lens' Role (Maybe Natural)

-- | The policy that grants an entity permission to assume the role.
rAssumeRolePolicyDocument :: Lens' Role (Maybe Text)

-- | A description of the role that you provide.
rDescription :: Lens' Role (Maybe Text)

-- | The path to the role. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
rPath :: Lens' Role Text

-- | The friendly name that identifies the role.
rRoleName :: Lens' Role Text

-- | The stable and unique string identifying the role. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
rRoleId :: Lens' Role Text

-- | The Amazon Resource Name (ARN) specifying the role. For more
--   information about ARNs and how to use them in policies, see <a>IAM
--   Identifiers</a> in the <i>IAM User Guide</i> guide.
rARN :: Lens' Role Text

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the role
--   was created.
rCreateDate :: Lens' Role UTCTime

-- | Contains information about an IAM role, including all of the role's
--   policies.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountAuthorizationDetails</tt> operation.
--   
--   <i>See:</i> <a>roleDetail</a> smart constructor.
data RoleDetail

-- | Creates a value of <a>RoleDetail</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rdAssumeRolePolicyDocument</a> - The trust policy that grants
--   permission to assume the role.</li>
--   <li><a>rdARN</a> - Undocumented member.</li>
--   <li><a>rdPath</a> - The path to the role. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>rdInstanceProfileList</a> - A list of instance profiles that
--   contain this role.</li>
--   <li><a>rdCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the role was created.</li>
--   <li><a>rdRoleName</a> - The friendly name that identifies the
--   role.</li>
--   <li><a>rdRoleId</a> - The stable and unique string identifying the
--   role. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>rdRolePolicyList</a> - A list of inline policies embedded in
--   the role. These policies are the role's access (permissions)
--   policies.</li>
--   <li><a>rdAttachedManagedPolicies</a> - A list of managed policies
--   attached to the role. These policies are the role's access
--   (permissions) policies.</li>
--   </ul>
roleDetail :: RoleDetail

-- | The trust policy that grants permission to assume the role.
rdAssumeRolePolicyDocument :: Lens' RoleDetail (Maybe Text)

-- | Undocumented member.
rdARN :: Lens' RoleDetail (Maybe Text)

-- | The path to the role. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
rdPath :: Lens' RoleDetail (Maybe Text)

-- | A list of instance profiles that contain this role.
rdInstanceProfileList :: Lens' RoleDetail [InstanceProfile]

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the role
--   was created.
rdCreateDate :: Lens' RoleDetail (Maybe UTCTime)

-- | The friendly name that identifies the role.
rdRoleName :: Lens' RoleDetail (Maybe Text)

-- | The stable and unique string identifying the role. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
rdRoleId :: Lens' RoleDetail (Maybe Text)

-- | A list of inline policies embedded in the role. These policies are the
--   role's access (permissions) policies.
rdRolePolicyList :: Lens' RoleDetail [PolicyDetail]

-- | A list of managed policies attached to the role. These policies are
--   the role's access (permissions) policies.
rdAttachedManagedPolicies :: Lens' RoleDetail [AttachedPolicy]

-- | An object that contains details about how a service-linked role is
--   used, if that information is returned by the service.
--   
--   This data type is used as a response element in the
--   <tt>GetServiceLinkedRoleDeletionStatus</tt> operation.
--   
--   <i>See:</i> <a>roleUsageType</a> smart constructor.
data RoleUsageType

-- | Creates a value of <a>RoleUsageType</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rutResources</a> - The name of the resource that is using the
--   service-linked role.</li>
--   <li><a>rutRegion</a> - The name of the region where the service-linked
--   role is being used.</li>
--   </ul>
roleUsageType :: RoleUsageType

-- | The name of the resource that is using the service-linked role.
rutResources :: Lens' RoleUsageType [Text]

-- | The name of the region where the service-linked role is being used.
rutRegion :: Lens' RoleUsageType (Maybe Text)

-- | Contains the list of SAML providers for this account.
--   
--   <i>See:</i> <a>sAMLProviderListEntry</a> smart constructor.
data SAMLProviderListEntry

-- | Creates a value of <a>SAMLProviderListEntry</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>samlpleARN</a> - The Amazon Resource Name (ARN) of the SAML
--   provider.</li>
--   <li><a>samlpleCreateDate</a> - The date and time when the SAML
--   provider was created.</li>
--   <li><a>samlpleValidUntil</a> - The expiration date and time for the
--   SAML provider.</li>
--   </ul>
sAMLProviderListEntry :: SAMLProviderListEntry

-- | The Amazon Resource Name (ARN) of the SAML provider.
samlpleARN :: Lens' SAMLProviderListEntry (Maybe Text)

-- | The date and time when the SAML provider was created.
samlpleCreateDate :: Lens' SAMLProviderListEntry (Maybe UTCTime)

-- | The expiration date and time for the SAML provider.
samlpleValidUntil :: Lens' SAMLProviderListEntry (Maybe UTCTime)

-- | Contains information about an SSH public key.
--   
--   This data type is used as a response element in the
--   <tt>GetSSHPublicKey</tt> and <tt>UploadSSHPublicKey</tt> operations.
--   
--   <i>See:</i> <a>sshPublicKey</a> smart constructor.
data SSHPublicKey

-- | Creates a value of <a>SSHPublicKey</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>spkUploadDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the SSH public key was uploaded.</li>
--   <li><a>spkUserName</a> - The name of the IAM user associated with the
--   SSH public key.</li>
--   <li><a>spkSSHPublicKeyId</a> - The unique identifier for the SSH
--   public key.</li>
--   <li><a>spkFingerprint</a> - The MD5 message digest of the SSH public
--   key.</li>
--   <li><a>spkSSHPublicKeyBody</a> - The SSH public key.</li>
--   <li><a>spkStatus</a> - The status of the SSH public key.
--   <tt>Active</tt> means that the key can be used for authentication with
--   an AWS CodeCommit repository. <tt>Inactive</tt> means that the key
--   cannot be used.</li>
--   </ul>
sshPublicKey :: Text -> Text -> Text -> Text -> StatusType -> SSHPublicKey

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the SSH
--   public key was uploaded.
spkUploadDate :: Lens' SSHPublicKey (Maybe UTCTime)

-- | The name of the IAM user associated with the SSH public key.
spkUserName :: Lens' SSHPublicKey Text

-- | The unique identifier for the SSH public key.
spkSSHPublicKeyId :: Lens' SSHPublicKey Text

-- | The MD5 message digest of the SSH public key.
spkFingerprint :: Lens' SSHPublicKey Text

-- | The SSH public key.
spkSSHPublicKeyBody :: Lens' SSHPublicKey Text

-- | The status of the SSH public key. <tt>Active</tt> means that the key
--   can be used for authentication with an AWS CodeCommit repository.
--   <tt>Inactive</tt> means that the key cannot be used.
spkStatus :: Lens' SSHPublicKey StatusType

-- | Contains information about an SSH public key, without the key's body
--   or fingerprint.
--   
--   This data type is used as a response element in the
--   <tt>ListSSHPublicKeys</tt> operation.
--   
--   <i>See:</i> <a>sshPublicKeyMetadata</a> smart constructor.
data SSHPublicKeyMetadata

-- | Creates a value of <a>SSHPublicKeyMetadata</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>spkmUserName</a> - The name of the IAM user associated with the
--   SSH public key.</li>
--   <li><a>spkmSSHPublicKeyId</a> - The unique identifier for the SSH
--   public key.</li>
--   <li><a>spkmStatus</a> - The status of the SSH public key.
--   <tt>Active</tt> means that the key can be used for authentication with
--   an AWS CodeCommit repository. <tt>Inactive</tt> means that the key
--   cannot be used.</li>
--   <li><a>spkmUploadDate</a> - The date and time, in <a>ISO 8601
--   date-time format</a> , when the SSH public key was uploaded.</li>
--   </ul>
sshPublicKeyMetadata :: Text -> Text -> StatusType -> UTCTime -> SSHPublicKeyMetadata

-- | The name of the IAM user associated with the SSH public key.
spkmUserName :: Lens' SSHPublicKeyMetadata Text

-- | The unique identifier for the SSH public key.
spkmSSHPublicKeyId :: Lens' SSHPublicKeyMetadata Text

-- | The status of the SSH public key. <tt>Active</tt> means that the key
--   can be used for authentication with an AWS CodeCommit repository.
--   <tt>Inactive</tt> means that the key cannot be used.
spkmStatus :: Lens' SSHPublicKeyMetadata StatusType

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the SSH
--   public key was uploaded.
spkmUploadDate :: Lens' SSHPublicKeyMetadata UTCTime

-- | Contains information about a server certificate.
--   
--   This data type is used as a response element in the
--   <tt>GetServerCertificate</tt> operation.
--   
--   <i>See:</i> <a>serverCertificate</a> smart constructor.
data ServerCertificate

-- | Creates a value of <a>ServerCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sCertificateChain</a> - The contents of the public key
--   certificate chain.</li>
--   <li><a>sServerCertificateMetadata</a> - The meta information of the
--   server certificate, such as its name, path, ID, and ARN.</li>
--   <li><a>sCertificateBody</a> - The contents of the public key
--   certificate.</li>
--   </ul>
serverCertificate :: ServerCertificateMetadata -> Text -> ServerCertificate

-- | The contents of the public key certificate chain.
sCertificateChain :: Lens' ServerCertificate (Maybe Text)

-- | The meta information of the server certificate, such as its name,
--   path, ID, and ARN.
sServerCertificateMetadata :: Lens' ServerCertificate ServerCertificateMetadata

-- | The contents of the public key certificate.
sCertificateBody :: Lens' ServerCertificate Text

-- | Contains information about a server certificate without its
--   certificate body, certificate chain, and private key.
--   
--   This data type is used as a response element in the
--   <tt>UploadServerCertificate</tt> and <tt>ListServerCertificates</tt>
--   operations.
--   
--   <i>See:</i> <a>serverCertificateMetadata</a> smart constructor.
data ServerCertificateMetadata

-- | Creates a value of <a>ServerCertificateMetadata</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>scmUploadDate</a> - The date when the server certificate was
--   uploaded.</li>
--   <li><a>scmExpiration</a> - The date on which the certificate is set to
--   expire.</li>
--   <li><a>scmPath</a> - The path to the server certificate. For more
--   information about paths, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.</li>
--   <li><a>scmServerCertificateName</a> - The name that identifies the
--   server certificate.</li>
--   <li><a>scmServerCertificateId</a> - The stable and unique string
--   identifying the server certificate. For more information about IDs,
--   see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>scmARN</a> - The Amazon Resource Name (ARN) specifying the
--   server certificate. For more information about ARNs and how to use
--   them in policies, see <a>IAM Identifiers</a> in the <i>Using IAM</i>
--   guide.</li>
--   </ul>
serverCertificateMetadata :: Text -> Text -> Text -> Text -> ServerCertificateMetadata

-- | The date when the server certificate was uploaded.
scmUploadDate :: Lens' ServerCertificateMetadata (Maybe UTCTime)

-- | The date on which the certificate is set to expire.
scmExpiration :: Lens' ServerCertificateMetadata (Maybe UTCTime)

-- | The path to the server certificate. For more information about paths,
--   see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.
scmPath :: Lens' ServerCertificateMetadata Text

-- | The name that identifies the server certificate.
scmServerCertificateName :: Lens' ServerCertificateMetadata Text

-- | The stable and unique string identifying the server certificate. For
--   more information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
scmServerCertificateId :: Lens' ServerCertificateMetadata Text

-- | The Amazon Resource Name (ARN) specifying the server certificate. For
--   more information about ARNs and how to use them in policies, see
--   <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.
scmARN :: Lens' ServerCertificateMetadata Text

-- | Contains the details of a service-specific credential.
--   
--   <i>See:</i> <a>serviceSpecificCredential</a> smart constructor.
data ServiceSpecificCredential

-- | Creates a value of <a>ServiceSpecificCredential</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sscCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the service-specific credential were created.</li>
--   <li><a>sscServiceName</a> - The name of the service associated with
--   the service-specific credential.</li>
--   <li><a>sscServiceUserName</a> - The generated user name for the
--   service-specific credential. This value is generated by combining the
--   IAM user's name combined with the ID number of the AWS account, as in
--   <tt>jane-at-123456789012</tt> , for example. This value cannot be
--   configured by the user.</li>
--   <li><a>sscServicePassword</a> - The generated password for the
--   service-specific credential.</li>
--   <li><a>sscServiceSpecificCredentialId</a> - The unique identifier for
--   the service-specific credential.</li>
--   <li><a>sscUserName</a> - The name of the IAM user associated with the
--   service-specific credential.</li>
--   <li><a>sscStatus</a> - The status of the service-specific credential.
--   <tt>Active</tt> means that the key is valid for API calls, while
--   <tt>Inactive</tt> means it is not.</li>
--   </ul>
serviceSpecificCredential :: UTCTime -> Text -> Text -> Text -> Text -> Text -> StatusType -> ServiceSpecificCredential

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   service-specific credential were created.
sscCreateDate :: Lens' ServiceSpecificCredential UTCTime

-- | The name of the service associated with the service-specific
--   credential.
sscServiceName :: Lens' ServiceSpecificCredential Text

-- | The generated user name for the service-specific credential. This
--   value is generated by combining the IAM user's name combined with the
--   ID number of the AWS account, as in <tt>jane-at-123456789012</tt> ,
--   for example. This value cannot be configured by the user.
sscServiceUserName :: Lens' ServiceSpecificCredential Text

-- | The generated password for the service-specific credential.
sscServicePassword :: Lens' ServiceSpecificCredential Text

-- | The unique identifier for the service-specific credential.
sscServiceSpecificCredentialId :: Lens' ServiceSpecificCredential Text

-- | The name of the IAM user associated with the service-specific
--   credential.
sscUserName :: Lens' ServiceSpecificCredential Text

-- | The status of the service-specific credential. <tt>Active</tt> means
--   that the key is valid for API calls, while <tt>Inactive</tt> means it
--   is not.
sscStatus :: Lens' ServiceSpecificCredential StatusType

-- | Contains additional details about a service-specific credential.
--   
--   <i>See:</i> <a>serviceSpecificCredentialMetadata</a> smart
--   constructor.
data ServiceSpecificCredentialMetadata

-- | Creates a value of <a>ServiceSpecificCredentialMetadata</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sscmUserName</a> - The name of the IAM user associated with the
--   service-specific credential.</li>
--   <li><a>sscmStatus</a> - The status of the service-specific credential.
--   <tt>Active</tt> means that the key is valid for API calls, while
--   <tt>Inactive</tt> means it is not.</li>
--   <li><a>sscmServiceUserName</a> - The generated user name for the
--   service-specific credential.</li>
--   <li><a>sscmCreateDate</a> - The date and time, in <a>ISO 8601
--   date-time format</a> , when the service-specific credential were
--   created.</li>
--   <li><a>sscmServiceSpecificCredentialId</a> - The unique identifier for
--   the service-specific credential.</li>
--   <li><a>sscmServiceName</a> - The name of the service associated with
--   the service-specific credential.</li>
--   </ul>
serviceSpecificCredentialMetadata :: Text -> StatusType -> Text -> UTCTime -> Text -> Text -> ServiceSpecificCredentialMetadata

-- | The name of the IAM user associated with the service-specific
--   credential.
sscmUserName :: Lens' ServiceSpecificCredentialMetadata Text

-- | The status of the service-specific credential. <tt>Active</tt> means
--   that the key is valid for API calls, while <tt>Inactive</tt> means it
--   is not.
sscmStatus :: Lens' ServiceSpecificCredentialMetadata StatusType

-- | The generated user name for the service-specific credential.
sscmServiceUserName :: Lens' ServiceSpecificCredentialMetadata Text

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   service-specific credential were created.
sscmCreateDate :: Lens' ServiceSpecificCredentialMetadata UTCTime

-- | The unique identifier for the service-specific credential.
sscmServiceSpecificCredentialId :: Lens' ServiceSpecificCredentialMetadata Text

-- | The name of the service associated with the service-specific
--   credential.
sscmServiceName :: Lens' ServiceSpecificCredentialMetadata Text

-- | Contains information about an X.509 signing certificate.
--   
--   This data type is used as a response element in the
--   <tt>UploadSigningCertificate</tt> and <tt>ListSigningCertificates</tt>
--   operations.
--   
--   <i>See:</i> <a>signingCertificate</a> smart constructor.
data SigningCertificate

-- | Creates a value of <a>SigningCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>scUploadDate</a> - The date when the signing certificate was
--   uploaded.</li>
--   <li><a>scUserName</a> - The name of the user the signing certificate
--   is associated with.</li>
--   <li><a>scCertificateId</a> - The ID for the signing certificate.</li>
--   <li><a>scCertificateBody</a> - The contents of the signing
--   certificate.</li>
--   <li><a>scStatus</a> - The status of the signing certificate.
--   <tt>Active</tt> means that the key is valid for API calls, while
--   <tt>Inactive</tt> means it is not.</li>
--   </ul>
signingCertificate :: Text -> Text -> Text -> StatusType -> SigningCertificate

-- | The date when the signing certificate was uploaded.
scUploadDate :: Lens' SigningCertificate (Maybe UTCTime)

-- | The name of the user the signing certificate is associated with.
scUserName :: Lens' SigningCertificate Text

-- | The ID for the signing certificate.
scCertificateId :: Lens' SigningCertificate Text

-- | The contents of the signing certificate.
scCertificateBody :: Lens' SigningCertificate Text

-- | The status of the signing certificate. <tt>Active</tt> means that the
--   key is valid for API calls, while <tt>Inactive</tt> means it is not.
scStatus :: Lens' SigningCertificate StatusType

-- | Contains the response to a successful <tt>SimulatePrincipalPolicy</tt>
--   or <tt>SimulateCustomPolicy</tt> request.
--   
--   <i>See:</i> <a>simulatePolicyResponse</a> smart constructor.
data SimulatePolicyResponse

-- | Creates a value of <a>SimulatePolicyResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>spEvaluationResults</a> - The results of the simulation.</li>
--   <li><a>spMarker</a> - When <tt>IsTruncated</tt> is <tt>true</tt> ,
--   this element is present and contains the value to use for the
--   <tt>Marker</tt> parameter in a subsequent pagination request.</li>
--   <li><a>spIsTruncated</a> - A flag that indicates whether there are
--   more items to return. If your results were truncated, you can make a
--   subsequent pagination request using the <tt>Marker</tt> request
--   parameter to retrieve more items. Note that IAM might return fewer
--   than the <tt>MaxItems</tt> number of results even when there are more
--   results available. We recommend that you check <tt>IsTruncated</tt>
--   after every call to ensure that you receive all of your results.</li>
--   </ul>
simulatePolicyResponse :: SimulatePolicyResponse

-- | The results of the simulation.
spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult]

-- | When <tt>IsTruncated</tt> is <tt>true</tt> , this element is present
--   and contains the value to use for the <tt>Marker</tt> parameter in a
--   subsequent pagination request.
spMarker :: Lens' SimulatePolicyResponse (Maybe Text)

-- | A flag that indicates whether there are more items to return. If your
--   results were truncated, you can make a subsequent pagination request
--   using the <tt>Marker</tt> request parameter to retrieve more items.
--   Note that IAM might return fewer than the <tt>MaxItems</tt> number of
--   results even when there are more results available. We recommend that
--   you check <tt>IsTruncated</tt> after every call to ensure that you
--   receive all of your results.
spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)

-- | Contains a reference to a <tt>Statement</tt> element in a policy
--   document that determines the result of the simulation.
--   
--   This data type is used by the <tt>MatchedStatements</tt> member of the
--   <tt><a>EvaluationResult</a> </tt> type.
--   
--   <i>See:</i> <a>statement</a> smart constructor.
data Statement

-- | Creates a value of <a>Statement</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sSourcePolicyType</a> - The type of the policy.</li>
--   <li><a>sSourcePolicyId</a> - The identifier of the policy that was
--   provided as an input.</li>
--   <li><a>sEndPosition</a> - The row and column of the end of a
--   <tt>Statement</tt> in an IAM policy.</li>
--   <li><a>sStartPosition</a> - The row and column of the beginning of the
--   <tt>Statement</tt> in an IAM policy.</li>
--   </ul>
statement :: Statement

-- | The type of the policy.
sSourcePolicyType :: Lens' Statement (Maybe PolicySourceType)

-- | The identifier of the policy that was provided as an input.
sSourcePolicyId :: Lens' Statement (Maybe Text)

-- | The row and column of the end of a <tt>Statement</tt> in an IAM
--   policy.
sEndPosition :: Lens' Statement (Maybe Position)

-- | The row and column of the beginning of the <tt>Statement</tt> in an
--   IAM policy.
sStartPosition :: Lens' Statement (Maybe Position)

-- | Contains information about an IAM user entity.
--   
--   This data type is used as a response element in the following
--   operations:
--   
--   <ul>
--   <li><tt>CreateUser</tt></li>
--   <li><tt>GetUser</tt></li>
--   <li><tt>ListUsers</tt></li>
--   </ul>
--   
--   <i>See:</i> <a>user</a> smart constructor.
data User

-- | Creates a value of <a>User</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uPasswordLastUsed</a> - The date and time, in <a>ISO 8601
--   date-time format</a> , when the user's password was last used to sign
--   in to an AWS website. For a list of AWS websites that capture a user's
--   last sign-in time, see the <a>Credential Reports</a> topic in the
--   <i>Using IAM</i> guide. If a password is used more than once in a
--   five-minute span, only the first use is returned in this field. If the
--   field is null (no value) then it indicates that they never signed in
--   with a password. This can be because: * The user never had a password.
--   * A password exists but has not been used since IAM started tracking
--   this information on October 20th, 2014. A null does not mean that the
--   user <i>never</i> had a password. Also, if the user does not currently
--   have a password, but had one in the past, then this field contains the
--   date and time the most recent password was used. This value is
--   returned only in the <tt>GetUser</tt> and <tt>ListUsers</tt>
--   operations.</li>
--   <li><a>uPath</a> - The path to the user. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>uUserName</a> - The friendly name identifying the user.</li>
--   <li><a>uUserId</a> - The stable and unique string identifying the
--   user. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>uARN</a> - The Amazon Resource Name (ARN) that identifies the
--   user. For more information about ARNs and how to use ARNs in policies,
--   see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>uCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the user was created.</li>
--   </ul>
user :: Text -> Text -> Text -> Text -> UTCTime -> User

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the
--   user's password was last used to sign in to an AWS website. For a list
--   of AWS websites that capture a user's last sign-in time, see the
--   <a>Credential Reports</a> topic in the <i>Using IAM</i> guide. If a
--   password is used more than once in a five-minute span, only the first
--   use is returned in this field. If the field is null (no value) then it
--   indicates that they never signed in with a password. This can be
--   because: * The user never had a password. * A password exists but has
--   not been used since IAM started tracking this information on October
--   20th, 2014. A null does not mean that the user <i>never</i> had a
--   password. Also, if the user does not currently have a password, but
--   had one in the past, then this field contains the date and time the
--   most recent password was used. This value is returned only in the
--   <tt>GetUser</tt> and <tt>ListUsers</tt> operations.
uPasswordLastUsed :: Lens' User (Maybe UTCTime)

-- | The path to the user. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
uPath :: Lens' User Text

-- | The friendly name identifying the user.
uUserName :: Lens' User Text

-- | The stable and unique string identifying the user. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
uUserId :: Lens' User Text

-- | The Amazon Resource Name (ARN) that identifies the user. For more
--   information about ARNs and how to use ARNs in policies, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
uARN :: Lens' User Text

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the user
--   was created.
uCreateDate :: Lens' User UTCTime

-- | Contains information about an IAM user, including all the user's
--   policies and all the IAM groups the user is in.
--   
--   This data type is used as a response element in the
--   <tt>GetAccountAuthorizationDetails</tt> operation.
--   
--   <i>See:</i> <a>userDetail</a> smart constructor.
data UserDetail

-- | Creates a value of <a>UserDetail</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>udGroupList</a> - A list of IAM groups that the user is
--   in.</li>
--   <li><a>udARN</a> - Undocumented member.</li>
--   <li><a>udPath</a> - The path to the user. For more information about
--   paths, see <a>IAM Identifiers</a> in the <i>Using IAM</i> guide.</li>
--   <li><a>udCreateDate</a> - The date and time, in <a>ISO 8601 date-time
--   format</a> , when the user was created.</li>
--   <li><a>udUserName</a> - The friendly name identifying the user.</li>
--   <li><a>udUserId</a> - The stable and unique string identifying the
--   user. For more information about IDs, see <a>IAM Identifiers</a> in
--   the <i>Using IAM</i> guide.</li>
--   <li><a>udUserPolicyList</a> - A list of the inline policies embedded
--   in the user.</li>
--   <li><a>udAttachedManagedPolicies</a> - A list of the managed policies
--   attached to the user.</li>
--   </ul>
userDetail :: UserDetail

-- | A list of IAM groups that the user is in.
udGroupList :: Lens' UserDetail [Text]

-- | Undocumented member.
udARN :: Lens' UserDetail (Maybe Text)

-- | The path to the user. For more information about paths, see <a>IAM
--   Identifiers</a> in the <i>Using IAM</i> guide.
udPath :: Lens' UserDetail (Maybe Text)

-- | The date and time, in <a>ISO 8601 date-time format</a> , when the user
--   was created.
udCreateDate :: Lens' UserDetail (Maybe UTCTime)

-- | The friendly name identifying the user.
udUserName :: Lens' UserDetail (Maybe Text)

-- | The stable and unique string identifying the user. For more
--   information about IDs, see <a>IAM Identifiers</a> in the <i>Using
--   IAM</i> guide.
udUserId :: Lens' UserDetail (Maybe Text)

-- | A list of the inline policies embedded in the user.
udUserPolicyList :: Lens' UserDetail [PolicyDetail]

-- | A list of the managed policies attached to the user.
udAttachedManagedPolicies :: Lens' UserDetail [AttachedPolicy]

-- | Contains information about a virtual MFA device.
--   
--   <i>See:</i> <a>virtualMFADevice</a> smart constructor.
data VirtualMFADevice

-- | Creates a value of <a>VirtualMFADevice</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>vmdQRCodePNG</a> - A QR code PNG image that encodes
--   <tt>otpauth:/<i>totp</i>$virtualMFADeviceName</tt>$AccountName?secret=$Base32String<tt>
--   where </tt>&gt; virtualMFADeviceName<tt> is one of the create call
--   arguments, </tt>AccountName<tt> is the user name if set (otherwise,
--   the account ID otherwise), and </tt>Base32String<tt> is the seed in
--   Base32 format. The </tt>Base32String@ value is Base64-encoded. --
--   <i>Note:</i> This <tt>Lens</tt> automatically encodes and decodes
--   Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.</li>
--   <li><a>vmdBase32StringSeed</a> - The Base32 seed defined as specified
--   in <a>RFC3548</a> . The <tt>Base32StringSeed</tt> is Base64-encoded.
--   -- <i>Note:</i> This <tt>Lens</tt> automatically encodes and decodes
--   Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.</li>
--   <li><a>vmdUser</a> - The IAM user associated with this virtual MFA
--   device.</li>
--   <li><a>vmdEnableDate</a> - The date and time on which the virtual MFA
--   device was enabled.</li>
--   <li><a>vmdSerialNumber</a> - The serial number associated with
--   <tt>VirtualMFADevice</tt> .</li>
--   </ul>
virtualMFADevice :: Text -> VirtualMFADevice

-- | A QR code PNG image that encodes
--   <tt>otpauth:/<i>totp</i>$virtualMFADeviceName</tt>$AccountName?secret=$Base32String<tt>
--   where </tt>&gt; virtualMFADeviceName<tt> is one of the create call
--   arguments, </tt>AccountName<tt> is the user name if set (otherwise,
--   the account ID otherwise), and </tt>Base32String<tt> is the seed in
--   Base32 format. The </tt>Base32String@ value is Base64-encoded. --
--   <i>Note:</i> This <tt>Lens</tt> automatically encodes and decodes
--   Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.
vmdQRCodePNG :: Lens' VirtualMFADevice (Maybe ByteString)

-- | The Base32 seed defined as specified in <a>RFC3548</a> . The
--   <tt>Base32StringSeed</tt> is Base64-encoded. -- <i>Note:</i> This
--   <tt>Lens</tt> automatically encodes and decodes Base64 data. The
--   underlying isomorphism will encode to Base64 representation during
--   serialisation, and decode from Base64 representation during
--   deserialisation. This <tt>Lens</tt> accepts and returns only raw
--   unencoded data.
vmdBase32StringSeed :: Lens' VirtualMFADevice (Maybe ByteString)

-- | The IAM user associated with this virtual MFA device.
vmdUser :: Lens' VirtualMFADevice (Maybe User)

-- | The date and time on which the virtual MFA device was enabled.
vmdEnableDate :: Lens' VirtualMFADevice (Maybe UTCTime)

-- | The serial number associated with <tt>VirtualMFADevice</tt> .
vmdSerialNumber :: Lens' VirtualMFADevice Text
