diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+# Amazon Access Analyzer SDK
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+ 
+`2.0` - Derived from API version @2019-11-01@ of the AWS service descriptions, licensed under Apache 2.0.
+
+## Description
+
+Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-accessanalyzer)
+and the [AWS API Reference](https://aws.amazon.com/documentation/).
+
+The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),
+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,
+and receiving responses.
+
+Lenses are used for constructing and manipulating types,
+due to the depth of nesting of AWS types and transparency regarding
+de/serialisation into more palatable Haskell values.
+The provided lenses should be compatible with any of the major lens libraries
+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
+
+See [Amazonka.AccessAnalyzer](http://hackage.haskell.org/package/amazonka-accessanalyzer/docs/Amazonka-AccessAnalyzer.html)
+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.
+
+
+## Licence
+
+`amazonka-accessanalyzer` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
+
+Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.
+Source files subject to this contain an additional licensing clause in their header.
diff --git a/amazonka-accessanalyzer.cabal b/amazonka-accessanalyzer.cabal
new file mode 100644
--- /dev/null
+++ b/amazonka-accessanalyzer.cabal
@@ -0,0 +1,186 @@
+cabal-version:      2.2
+name:               amazonka-accessanalyzer
+version:            2.0
+synopsis:           Amazon Access Analyzer SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
+description:
+  Derived from API version @2019-11-01@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.AccessAnalyzer.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.AccessAnalyzer" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
+
+source-repository head
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-accessanalyzer
+
+library
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
+
+  exposed-modules:
+    Amazonka.AccessAnalyzer
+    Amazonka.AccessAnalyzer.ApplyArchiveRule
+    Amazonka.AccessAnalyzer.CancelPolicyGeneration
+    Amazonka.AccessAnalyzer.CreateAccessPreview
+    Amazonka.AccessAnalyzer.CreateAnalyzer
+    Amazonka.AccessAnalyzer.CreateArchiveRule
+    Amazonka.AccessAnalyzer.DeleteAnalyzer
+    Amazonka.AccessAnalyzer.DeleteArchiveRule
+    Amazonka.AccessAnalyzer.GetAccessPreview
+    Amazonka.AccessAnalyzer.GetAnalyzedResource
+    Amazonka.AccessAnalyzer.GetAnalyzer
+    Amazonka.AccessAnalyzer.GetArchiveRule
+    Amazonka.AccessAnalyzer.GetFinding
+    Amazonka.AccessAnalyzer.GetGeneratedPolicy
+    Amazonka.AccessAnalyzer.Lens
+    Amazonka.AccessAnalyzer.ListAccessPreviewFindings
+    Amazonka.AccessAnalyzer.ListAccessPreviews
+    Amazonka.AccessAnalyzer.ListAnalyzedResources
+    Amazonka.AccessAnalyzer.ListAnalyzers
+    Amazonka.AccessAnalyzer.ListArchiveRules
+    Amazonka.AccessAnalyzer.ListFindings
+    Amazonka.AccessAnalyzer.ListPolicyGenerations
+    Amazonka.AccessAnalyzer.ListTagsForResource
+    Amazonka.AccessAnalyzer.StartPolicyGeneration
+    Amazonka.AccessAnalyzer.StartResourceScan
+    Amazonka.AccessAnalyzer.TagResource
+    Amazonka.AccessAnalyzer.Types
+    Amazonka.AccessAnalyzer.Types.AccessPreview
+    Amazonka.AccessAnalyzer.Types.AccessPreviewFinding
+    Amazonka.AccessAnalyzer.Types.AccessPreviewStatus
+    Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason
+    Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode
+    Amazonka.AccessAnalyzer.Types.AccessPreviewSummary
+    Amazonka.AccessAnalyzer.Types.AclGrantee
+    Amazonka.AccessAnalyzer.Types.AclPermission
+    Amazonka.AccessAnalyzer.Types.AnalyzedResource
+    Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary
+    Amazonka.AccessAnalyzer.Types.AnalyzerStatus
+    Amazonka.AccessAnalyzer.Types.AnalyzerSummary
+    Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary
+    Amazonka.AccessAnalyzer.Types.CloudTrailDetails
+    Amazonka.AccessAnalyzer.Types.CloudTrailProperties
+    Amazonka.AccessAnalyzer.Types.Configuration
+    Amazonka.AccessAnalyzer.Types.Criterion
+    Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration
+    Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration
+    Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration
+    Amazonka.AccessAnalyzer.Types.Finding
+    Amazonka.AccessAnalyzer.Types.FindingChangeType
+    Amazonka.AccessAnalyzer.Types.FindingSource
+    Amazonka.AccessAnalyzer.Types.FindingSourceDetail
+    Amazonka.AccessAnalyzer.Types.FindingSourceType
+    Amazonka.AccessAnalyzer.Types.FindingStatus
+    Amazonka.AccessAnalyzer.Types.FindingStatusUpdate
+    Amazonka.AccessAnalyzer.Types.FindingSummary
+    Amazonka.AccessAnalyzer.Types.GeneratedPolicy
+    Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties
+    Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult
+    Amazonka.AccessAnalyzer.Types.IamRoleConfiguration
+    Amazonka.AccessAnalyzer.Types.InlineArchiveRule
+    Amazonka.AccessAnalyzer.Types.InternetConfiguration
+    Amazonka.AccessAnalyzer.Types.JobDetails
+    Amazonka.AccessAnalyzer.Types.JobError
+    Amazonka.AccessAnalyzer.Types.JobErrorCode
+    Amazonka.AccessAnalyzer.Types.JobStatus
+    Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration
+    Amazonka.AccessAnalyzer.Types.KmsGrantConstraints
+    Amazonka.AccessAnalyzer.Types.KmsGrantOperation
+    Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration
+    Amazonka.AccessAnalyzer.Types.Locale
+    Amazonka.AccessAnalyzer.Types.Location
+    Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration
+    Amazonka.AccessAnalyzer.Types.OrderBy
+    Amazonka.AccessAnalyzer.Types.PathElement
+    Amazonka.AccessAnalyzer.Types.PolicyGeneration
+    Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails
+    Amazonka.AccessAnalyzer.Types.PolicyType
+    Amazonka.AccessAnalyzer.Types.Position
+    Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue
+    Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration
+    Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue
+    Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration
+    Amazonka.AccessAnalyzer.Types.ReasonCode
+    Amazonka.AccessAnalyzer.Types.ResourceType
+    Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration
+    Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration
+    Amazonka.AccessAnalyzer.Types.S3BucketConfiguration
+    Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration
+    Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration
+    Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration
+    Amazonka.AccessAnalyzer.Types.SortCriteria
+    Amazonka.AccessAnalyzer.Types.Span
+    Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration
+    Amazonka.AccessAnalyzer.Types.StatusReason
+    Amazonka.AccessAnalyzer.Types.Substring
+    Amazonka.AccessAnalyzer.Types.Trail
+    Amazonka.AccessAnalyzer.Types.TrailProperties
+    Amazonka.AccessAnalyzer.Types.Type
+    Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding
+    Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType
+    Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType
+    Amazonka.AccessAnalyzer.Types.VpcConfiguration
+    Amazonka.AccessAnalyzer.UntagResource
+    Amazonka.AccessAnalyzer.UpdateArchiveRule
+    Amazonka.AccessAnalyzer.UpdateFindings
+    Amazonka.AccessAnalyzer.ValidatePolicy
+    Amazonka.AccessAnalyzer.Waiters
+
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
+
+test-suite amazonka-accessanalyzer-test
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
+
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.AccessAnalyzer
+    Test.Amazonka.AccessAnalyzer.Internal
+    Test.Amazonka.Gen.AccessAnalyzer
+
+  build-depends:
+    , amazonka-accessanalyzer
+    , amazonka-core            >=2.0 && <2.1
+    , amazonka-test            >=2.0 && <2.1
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/ApplyArchiveRule.yaml b/fixture/ApplyArchiveRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ApplyArchiveRule.yaml
@@ -0,0 +1,10 @@
+---
+method: PUT
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ApplyArchiveRuleResponse.proto b/fixture/ApplyArchiveRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ApplyArchiveRuleResponse.proto
diff --git a/fixture/CancelPolicyGeneration.yaml b/fixture/CancelPolicyGeneration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CancelPolicyGeneration.yaml
@@ -0,0 +1,10 @@
+---
+method: PUT
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CancelPolicyGenerationResponse.proto b/fixture/CancelPolicyGenerationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CancelPolicyGenerationResponse.proto
diff --git a/fixture/CreateAccessPreview.yaml b/fixture/CreateAccessPreview.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateAccessPreview.yaml
@@ -0,0 +1,10 @@
+---
+method: PUT
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateAccessPreviewResponse.proto b/fixture/CreateAccessPreviewResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateAccessPreviewResponse.proto
diff --git a/fixture/CreateAnalyzer.yaml b/fixture/CreateAnalyzer.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateAnalyzer.yaml
@@ -0,0 +1,10 @@
+---
+method: PUT
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateAnalyzerResponse.proto b/fixture/CreateAnalyzerResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateAnalyzerResponse.proto
diff --git a/fixture/CreateArchiveRule.yaml b/fixture/CreateArchiveRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateArchiveRule.yaml
@@ -0,0 +1,10 @@
+---
+method: PUT
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateArchiveRuleResponse.proto b/fixture/CreateArchiveRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateArchiveRuleResponse.proto
diff --git a/fixture/DeleteAnalyzer.yaml b/fixture/DeleteAnalyzer.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteAnalyzer.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteAnalyzerResponse.proto b/fixture/DeleteAnalyzerResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteAnalyzerResponse.proto
diff --git a/fixture/DeleteArchiveRule.yaml b/fixture/DeleteArchiveRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteArchiveRule.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteArchiveRuleResponse.proto b/fixture/DeleteArchiveRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteArchiveRuleResponse.proto
diff --git a/fixture/GetAccessPreview.yaml b/fixture/GetAccessPreview.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetAccessPreview.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetAccessPreviewResponse.proto b/fixture/GetAccessPreviewResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetAccessPreviewResponse.proto
diff --git a/fixture/GetAnalyzedResource.yaml b/fixture/GetAnalyzedResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetAnalyzedResource.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetAnalyzedResourceResponse.proto b/fixture/GetAnalyzedResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetAnalyzedResourceResponse.proto
diff --git a/fixture/GetAnalyzer.yaml b/fixture/GetAnalyzer.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetAnalyzer.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetAnalyzerResponse.proto b/fixture/GetAnalyzerResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetAnalyzerResponse.proto
diff --git a/fixture/GetArchiveRule.yaml b/fixture/GetArchiveRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetArchiveRule.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetArchiveRuleResponse.proto b/fixture/GetArchiveRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetArchiveRuleResponse.proto
diff --git a/fixture/GetFinding.yaml b/fixture/GetFinding.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetFinding.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetFindingResponse.proto b/fixture/GetFindingResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetFindingResponse.proto
diff --git a/fixture/GetGeneratedPolicy.yaml b/fixture/GetGeneratedPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetGeneratedPolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetGeneratedPolicyResponse.proto b/fixture/GetGeneratedPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetGeneratedPolicyResponse.proto
diff --git a/fixture/ListAccessPreviewFindings.yaml b/fixture/ListAccessPreviewFindings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccessPreviewFindings.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAccessPreviewFindingsResponse.proto b/fixture/ListAccessPreviewFindingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccessPreviewFindingsResponse.proto
diff --git a/fixture/ListAccessPreviews.yaml b/fixture/ListAccessPreviews.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccessPreviews.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAccessPreviewsResponse.proto b/fixture/ListAccessPreviewsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccessPreviewsResponse.proto
diff --git a/fixture/ListAnalyzedResources.yaml b/fixture/ListAnalyzedResources.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAnalyzedResources.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAnalyzedResourcesResponse.proto b/fixture/ListAnalyzedResourcesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAnalyzedResourcesResponse.proto
diff --git a/fixture/ListAnalyzers.yaml b/fixture/ListAnalyzers.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAnalyzers.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAnalyzersResponse.proto b/fixture/ListAnalyzersResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAnalyzersResponse.proto
diff --git a/fixture/ListArchiveRules.yaml b/fixture/ListArchiveRules.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListArchiveRules.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListArchiveRulesResponse.proto b/fixture/ListArchiveRulesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListArchiveRulesResponse.proto
diff --git a/fixture/ListFindings.yaml b/fixture/ListFindings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListFindings.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListFindingsResponse.proto b/fixture/ListFindingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListFindingsResponse.proto
diff --git a/fixture/ListPolicyGenerations.yaml b/fixture/ListPolicyGenerations.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListPolicyGenerations.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListPolicyGenerationsResponse.proto b/fixture/ListPolicyGenerationsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListPolicyGenerationsResponse.proto
diff --git a/fixture/ListTagsForResource.yaml b/fixture/ListTagsForResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResource.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListTagsForResourceResponse.proto b/fixture/ListTagsForResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResourceResponse.proto
diff --git a/fixture/StartPolicyGeneration.yaml b/fixture/StartPolicyGeneration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/StartPolicyGeneration.yaml
@@ -0,0 +1,10 @@
+---
+method: PUT
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/StartPolicyGenerationResponse.proto b/fixture/StartPolicyGenerationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/StartPolicyGenerationResponse.proto
diff --git a/fixture/StartResourceScan.yaml b/fixture/StartResourceScan.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/StartResourceScan.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/StartResourceScanResponse.proto b/fixture/StartResourceScanResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/StartResourceScanResponse.proto
diff --git a/fixture/TagResource.yaml b/fixture/TagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/TagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/TagResourceResponse.proto b/fixture/TagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/TagResourceResponse.proto
diff --git a/fixture/UntagResource.yaml b/fixture/UntagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UntagResourceResponse.proto b/fixture/UntagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResourceResponse.proto
diff --git a/fixture/UpdateArchiveRule.yaml b/fixture/UpdateArchiveRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateArchiveRule.yaml
@@ -0,0 +1,10 @@
+---
+method: PUT
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateArchiveRuleResponse.proto b/fixture/UpdateArchiveRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateArchiveRuleResponse.proto
diff --git a/fixture/UpdateFindings.yaml b/fixture/UpdateFindings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFindings.yaml
@@ -0,0 +1,10 @@
+---
+method: PUT
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateFindingsResponse.proto b/fixture/UpdateFindingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFindingsResponse.proto
diff --git a/fixture/ValidatePolicy.yaml b/fixture/ValidatePolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ValidatePolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/access-analyzer/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  access-analyzer.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ValidatePolicyResponse.proto b/fixture/ValidatePolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ValidatePolicyResponse.proto
diff --git a/gen/Amazonka/AccessAnalyzer.hs b/gen/Amazonka/AccessAnalyzer.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer.hs
@@ -0,0 +1,575 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2019-11-01@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- Identity and Access Management Access Analyzer helps identify potential
+-- resource-access risks by enabling you to identify any policies that
+-- grant access to an external principal. It does this by using logic-based
+-- reasoning to analyze resource-based policies in your Amazon Web Services
+-- environment. An external principal can be another Amazon Web Services
+-- account, a root user, an IAM user or role, a federated user, an Amazon
+-- Web Services service, or an anonymous user. You can also use IAM Access
+-- Analyzer to preview and validate public and cross-account access to your
+-- resources before deploying permissions changes. This guide describes the
+-- Identity and Access Management Access Analyzer operations that you can
+-- call programmatically. For general information about IAM Access
+-- Analyzer, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html Identity and Access Management Access Analyzer>
+-- in the __IAM User Guide__.
+--
+-- To start using IAM Access Analyzer, you first need to create an
+-- analyzer.
+module Amazonka.AccessAnalyzer
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** AccessDeniedException
+    _AccessDeniedException,
+
+    -- ** ConflictException
+    _ConflictException,
+
+    -- ** InternalServerException
+    _InternalServerException,
+
+    -- ** ResourceNotFoundException
+    _ResourceNotFoundException,
+
+    -- ** ServiceQuotaExceededException
+    _ServiceQuotaExceededException,
+
+    -- ** ThrottlingException
+    _ThrottlingException,
+
+    -- ** ValidationException
+    _ValidationException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** ApplyArchiveRule
+    ApplyArchiveRule (ApplyArchiveRule'),
+    newApplyArchiveRule,
+    ApplyArchiveRuleResponse (ApplyArchiveRuleResponse'),
+    newApplyArchiveRuleResponse,
+
+    -- ** CancelPolicyGeneration
+    CancelPolicyGeneration (CancelPolicyGeneration'),
+    newCancelPolicyGeneration,
+    CancelPolicyGenerationResponse (CancelPolicyGenerationResponse'),
+    newCancelPolicyGenerationResponse,
+
+    -- ** CreateAccessPreview
+    CreateAccessPreview (CreateAccessPreview'),
+    newCreateAccessPreview,
+    CreateAccessPreviewResponse (CreateAccessPreviewResponse'),
+    newCreateAccessPreviewResponse,
+
+    -- ** CreateAnalyzer
+    CreateAnalyzer (CreateAnalyzer'),
+    newCreateAnalyzer,
+    CreateAnalyzerResponse (CreateAnalyzerResponse'),
+    newCreateAnalyzerResponse,
+
+    -- ** CreateArchiveRule
+    CreateArchiveRule (CreateArchiveRule'),
+    newCreateArchiveRule,
+    CreateArchiveRuleResponse (CreateArchiveRuleResponse'),
+    newCreateArchiveRuleResponse,
+
+    -- ** DeleteAnalyzer
+    DeleteAnalyzer (DeleteAnalyzer'),
+    newDeleteAnalyzer,
+    DeleteAnalyzerResponse (DeleteAnalyzerResponse'),
+    newDeleteAnalyzerResponse,
+
+    -- ** DeleteArchiveRule
+    DeleteArchiveRule (DeleteArchiveRule'),
+    newDeleteArchiveRule,
+    DeleteArchiveRuleResponse (DeleteArchiveRuleResponse'),
+    newDeleteArchiveRuleResponse,
+
+    -- ** GetAccessPreview
+    GetAccessPreview (GetAccessPreview'),
+    newGetAccessPreview,
+    GetAccessPreviewResponse (GetAccessPreviewResponse'),
+    newGetAccessPreviewResponse,
+
+    -- ** GetAnalyzedResource
+    GetAnalyzedResource (GetAnalyzedResource'),
+    newGetAnalyzedResource,
+    GetAnalyzedResourceResponse (GetAnalyzedResourceResponse'),
+    newGetAnalyzedResourceResponse,
+
+    -- ** GetAnalyzer
+    GetAnalyzer (GetAnalyzer'),
+    newGetAnalyzer,
+    GetAnalyzerResponse (GetAnalyzerResponse'),
+    newGetAnalyzerResponse,
+
+    -- ** GetArchiveRule
+    GetArchiveRule (GetArchiveRule'),
+    newGetArchiveRule,
+    GetArchiveRuleResponse (GetArchiveRuleResponse'),
+    newGetArchiveRuleResponse,
+
+    -- ** GetFinding
+    GetFinding (GetFinding'),
+    newGetFinding,
+    GetFindingResponse (GetFindingResponse'),
+    newGetFindingResponse,
+
+    -- ** GetGeneratedPolicy
+    GetGeneratedPolicy (GetGeneratedPolicy'),
+    newGetGeneratedPolicy,
+    GetGeneratedPolicyResponse (GetGeneratedPolicyResponse'),
+    newGetGeneratedPolicyResponse,
+
+    -- ** ListAccessPreviewFindings (Paginated)
+    ListAccessPreviewFindings (ListAccessPreviewFindings'),
+    newListAccessPreviewFindings,
+    ListAccessPreviewFindingsResponse (ListAccessPreviewFindingsResponse'),
+    newListAccessPreviewFindingsResponse,
+
+    -- ** ListAccessPreviews (Paginated)
+    ListAccessPreviews (ListAccessPreviews'),
+    newListAccessPreviews,
+    ListAccessPreviewsResponse (ListAccessPreviewsResponse'),
+    newListAccessPreviewsResponse,
+
+    -- ** ListAnalyzedResources (Paginated)
+    ListAnalyzedResources (ListAnalyzedResources'),
+    newListAnalyzedResources,
+    ListAnalyzedResourcesResponse (ListAnalyzedResourcesResponse'),
+    newListAnalyzedResourcesResponse,
+
+    -- ** ListAnalyzers (Paginated)
+    ListAnalyzers (ListAnalyzers'),
+    newListAnalyzers,
+    ListAnalyzersResponse (ListAnalyzersResponse'),
+    newListAnalyzersResponse,
+
+    -- ** ListArchiveRules (Paginated)
+    ListArchiveRules (ListArchiveRules'),
+    newListArchiveRules,
+    ListArchiveRulesResponse (ListArchiveRulesResponse'),
+    newListArchiveRulesResponse,
+
+    -- ** ListFindings (Paginated)
+    ListFindings (ListFindings'),
+    newListFindings,
+    ListFindingsResponse (ListFindingsResponse'),
+    newListFindingsResponse,
+
+    -- ** ListPolicyGenerations (Paginated)
+    ListPolicyGenerations (ListPolicyGenerations'),
+    newListPolicyGenerations,
+    ListPolicyGenerationsResponse (ListPolicyGenerationsResponse'),
+    newListPolicyGenerationsResponse,
+
+    -- ** ListTagsForResource
+    ListTagsForResource (ListTagsForResource'),
+    newListTagsForResource,
+    ListTagsForResourceResponse (ListTagsForResourceResponse'),
+    newListTagsForResourceResponse,
+
+    -- ** StartPolicyGeneration
+    StartPolicyGeneration (StartPolicyGeneration'),
+    newStartPolicyGeneration,
+    StartPolicyGenerationResponse (StartPolicyGenerationResponse'),
+    newStartPolicyGenerationResponse,
+
+    -- ** StartResourceScan
+    StartResourceScan (StartResourceScan'),
+    newStartResourceScan,
+    StartResourceScanResponse (StartResourceScanResponse'),
+    newStartResourceScanResponse,
+
+    -- ** TagResource
+    TagResource (TagResource'),
+    newTagResource,
+    TagResourceResponse (TagResourceResponse'),
+    newTagResourceResponse,
+
+    -- ** UntagResource
+    UntagResource (UntagResource'),
+    newUntagResource,
+    UntagResourceResponse (UntagResourceResponse'),
+    newUntagResourceResponse,
+
+    -- ** UpdateArchiveRule
+    UpdateArchiveRule (UpdateArchiveRule'),
+    newUpdateArchiveRule,
+    UpdateArchiveRuleResponse (UpdateArchiveRuleResponse'),
+    newUpdateArchiveRuleResponse,
+
+    -- ** UpdateFindings
+    UpdateFindings (UpdateFindings'),
+    newUpdateFindings,
+    UpdateFindingsResponse (UpdateFindingsResponse'),
+    newUpdateFindingsResponse,
+
+    -- ** ValidatePolicy (Paginated)
+    ValidatePolicy (ValidatePolicy'),
+    newValidatePolicy,
+    ValidatePolicyResponse (ValidatePolicyResponse'),
+    newValidatePolicyResponse,
+
+    -- * Types
+
+    -- ** AccessPreviewStatus
+    AccessPreviewStatus (..),
+
+    -- ** AccessPreviewStatusReasonCode
+    AccessPreviewStatusReasonCode (..),
+
+    -- ** AclPermission
+    AclPermission (..),
+
+    -- ** AnalyzerStatus
+    AnalyzerStatus (..),
+
+    -- ** FindingChangeType
+    FindingChangeType (..),
+
+    -- ** FindingSourceType
+    FindingSourceType (..),
+
+    -- ** FindingStatus
+    FindingStatus (..),
+
+    -- ** FindingStatusUpdate
+    FindingStatusUpdate (..),
+
+    -- ** JobErrorCode
+    JobErrorCode (..),
+
+    -- ** JobStatus
+    JobStatus (..),
+
+    -- ** KmsGrantOperation
+    KmsGrantOperation (..),
+
+    -- ** Locale
+    Locale (..),
+
+    -- ** OrderBy
+    OrderBy (..),
+
+    -- ** PolicyType
+    PolicyType (..),
+
+    -- ** ReasonCode
+    ReasonCode (..),
+
+    -- ** ResourceType
+    ResourceType (..),
+
+    -- ** Type
+    Type (..),
+
+    -- ** ValidatePolicyFindingType
+    ValidatePolicyFindingType (..),
+
+    -- ** ValidatePolicyResourceType
+    ValidatePolicyResourceType (..),
+
+    -- ** AccessPreview
+    AccessPreview (AccessPreview'),
+    newAccessPreview,
+
+    -- ** AccessPreviewFinding
+    AccessPreviewFinding (AccessPreviewFinding'),
+    newAccessPreviewFinding,
+
+    -- ** AccessPreviewStatusReason
+    AccessPreviewStatusReason (AccessPreviewStatusReason'),
+    newAccessPreviewStatusReason,
+
+    -- ** AccessPreviewSummary
+    AccessPreviewSummary (AccessPreviewSummary'),
+    newAccessPreviewSummary,
+
+    -- ** AclGrantee
+    AclGrantee (AclGrantee'),
+    newAclGrantee,
+
+    -- ** AnalyzedResource
+    AnalyzedResource (AnalyzedResource'),
+    newAnalyzedResource,
+
+    -- ** AnalyzedResourceSummary
+    AnalyzedResourceSummary (AnalyzedResourceSummary'),
+    newAnalyzedResourceSummary,
+
+    -- ** AnalyzerSummary
+    AnalyzerSummary (AnalyzerSummary'),
+    newAnalyzerSummary,
+
+    -- ** ArchiveRuleSummary
+    ArchiveRuleSummary (ArchiveRuleSummary'),
+    newArchiveRuleSummary,
+
+    -- ** CloudTrailDetails
+    CloudTrailDetails (CloudTrailDetails'),
+    newCloudTrailDetails,
+
+    -- ** CloudTrailProperties
+    CloudTrailProperties (CloudTrailProperties'),
+    newCloudTrailProperties,
+
+    -- ** Configuration
+    Configuration (Configuration'),
+    newConfiguration,
+
+    -- ** Criterion
+    Criterion (Criterion'),
+    newCriterion,
+
+    -- ** EbsSnapshotConfiguration
+    EbsSnapshotConfiguration (EbsSnapshotConfiguration'),
+    newEbsSnapshotConfiguration,
+
+    -- ** EcrRepositoryConfiguration
+    EcrRepositoryConfiguration (EcrRepositoryConfiguration'),
+    newEcrRepositoryConfiguration,
+
+    -- ** EfsFileSystemConfiguration
+    EfsFileSystemConfiguration (EfsFileSystemConfiguration'),
+    newEfsFileSystemConfiguration,
+
+    -- ** Finding
+    Finding (Finding'),
+    newFinding,
+
+    -- ** FindingSource
+    FindingSource (FindingSource'),
+    newFindingSource,
+
+    -- ** FindingSourceDetail
+    FindingSourceDetail (FindingSourceDetail'),
+    newFindingSourceDetail,
+
+    -- ** FindingSummary
+    FindingSummary (FindingSummary'),
+    newFindingSummary,
+
+    -- ** GeneratedPolicy
+    GeneratedPolicy (GeneratedPolicy'),
+    newGeneratedPolicy,
+
+    -- ** GeneratedPolicyProperties
+    GeneratedPolicyProperties (GeneratedPolicyProperties'),
+    newGeneratedPolicyProperties,
+
+    -- ** GeneratedPolicyResult
+    GeneratedPolicyResult (GeneratedPolicyResult'),
+    newGeneratedPolicyResult,
+
+    -- ** IamRoleConfiguration
+    IamRoleConfiguration (IamRoleConfiguration'),
+    newIamRoleConfiguration,
+
+    -- ** InlineArchiveRule
+    InlineArchiveRule (InlineArchiveRule'),
+    newInlineArchiveRule,
+
+    -- ** InternetConfiguration
+    InternetConfiguration (InternetConfiguration'),
+    newInternetConfiguration,
+
+    -- ** JobDetails
+    JobDetails (JobDetails'),
+    newJobDetails,
+
+    -- ** JobError
+    JobError (JobError'),
+    newJobError,
+
+    -- ** KmsGrantConfiguration
+    KmsGrantConfiguration (KmsGrantConfiguration'),
+    newKmsGrantConfiguration,
+
+    -- ** KmsGrantConstraints
+    KmsGrantConstraints (KmsGrantConstraints'),
+    newKmsGrantConstraints,
+
+    -- ** KmsKeyConfiguration
+    KmsKeyConfiguration (KmsKeyConfiguration'),
+    newKmsKeyConfiguration,
+
+    -- ** Location
+    Location (Location'),
+    newLocation,
+
+    -- ** NetworkOriginConfiguration
+    NetworkOriginConfiguration (NetworkOriginConfiguration'),
+    newNetworkOriginConfiguration,
+
+    -- ** PathElement
+    PathElement (PathElement'),
+    newPathElement,
+
+    -- ** PolicyGeneration
+    PolicyGeneration (PolicyGeneration'),
+    newPolicyGeneration,
+
+    -- ** PolicyGenerationDetails
+    PolicyGenerationDetails (PolicyGenerationDetails'),
+    newPolicyGenerationDetails,
+
+    -- ** Position
+    Position (Position'),
+    newPosition,
+
+    -- ** RdsDbClusterSnapshotAttributeValue
+    RdsDbClusterSnapshotAttributeValue (RdsDbClusterSnapshotAttributeValue'),
+    newRdsDbClusterSnapshotAttributeValue,
+
+    -- ** RdsDbClusterSnapshotConfiguration
+    RdsDbClusterSnapshotConfiguration (RdsDbClusterSnapshotConfiguration'),
+    newRdsDbClusterSnapshotConfiguration,
+
+    -- ** RdsDbSnapshotAttributeValue
+    RdsDbSnapshotAttributeValue (RdsDbSnapshotAttributeValue'),
+    newRdsDbSnapshotAttributeValue,
+
+    -- ** RdsDbSnapshotConfiguration
+    RdsDbSnapshotConfiguration (RdsDbSnapshotConfiguration'),
+    newRdsDbSnapshotConfiguration,
+
+    -- ** S3AccessPointConfiguration
+    S3AccessPointConfiguration (S3AccessPointConfiguration'),
+    newS3AccessPointConfiguration,
+
+    -- ** S3BucketAclGrantConfiguration
+    S3BucketAclGrantConfiguration (S3BucketAclGrantConfiguration'),
+    newS3BucketAclGrantConfiguration,
+
+    -- ** S3BucketConfiguration
+    S3BucketConfiguration (S3BucketConfiguration'),
+    newS3BucketConfiguration,
+
+    -- ** S3PublicAccessBlockConfiguration
+    S3PublicAccessBlockConfiguration (S3PublicAccessBlockConfiguration'),
+    newS3PublicAccessBlockConfiguration,
+
+    -- ** SecretsManagerSecretConfiguration
+    SecretsManagerSecretConfiguration (SecretsManagerSecretConfiguration'),
+    newSecretsManagerSecretConfiguration,
+
+    -- ** SnsTopicConfiguration
+    SnsTopicConfiguration (SnsTopicConfiguration'),
+    newSnsTopicConfiguration,
+
+    -- ** SortCriteria
+    SortCriteria (SortCriteria'),
+    newSortCriteria,
+
+    -- ** Span
+    Span (Span'),
+    newSpan,
+
+    -- ** SqsQueueConfiguration
+    SqsQueueConfiguration (SqsQueueConfiguration'),
+    newSqsQueueConfiguration,
+
+    -- ** StatusReason
+    StatusReason (StatusReason'),
+    newStatusReason,
+
+    -- ** Substring
+    Substring (Substring'),
+    newSubstring,
+
+    -- ** Trail
+    Trail (Trail'),
+    newTrail,
+
+    -- ** TrailProperties
+    TrailProperties (TrailProperties'),
+    newTrailProperties,
+
+    -- ** ValidatePolicyFinding
+    ValidatePolicyFinding (ValidatePolicyFinding'),
+    newValidatePolicyFinding,
+
+    -- ** VpcConfiguration
+    VpcConfiguration (VpcConfiguration'),
+    newVpcConfiguration,
+  )
+where
+
+import Amazonka.AccessAnalyzer.ApplyArchiveRule
+import Amazonka.AccessAnalyzer.CancelPolicyGeneration
+import Amazonka.AccessAnalyzer.CreateAccessPreview
+import Amazonka.AccessAnalyzer.CreateAnalyzer
+import Amazonka.AccessAnalyzer.CreateArchiveRule
+import Amazonka.AccessAnalyzer.DeleteAnalyzer
+import Amazonka.AccessAnalyzer.DeleteArchiveRule
+import Amazonka.AccessAnalyzer.GetAccessPreview
+import Amazonka.AccessAnalyzer.GetAnalyzedResource
+import Amazonka.AccessAnalyzer.GetAnalyzer
+import Amazonka.AccessAnalyzer.GetArchiveRule
+import Amazonka.AccessAnalyzer.GetFinding
+import Amazonka.AccessAnalyzer.GetGeneratedPolicy
+import Amazonka.AccessAnalyzer.Lens
+import Amazonka.AccessAnalyzer.ListAccessPreviewFindings
+import Amazonka.AccessAnalyzer.ListAccessPreviews
+import Amazonka.AccessAnalyzer.ListAnalyzedResources
+import Amazonka.AccessAnalyzer.ListAnalyzers
+import Amazonka.AccessAnalyzer.ListArchiveRules
+import Amazonka.AccessAnalyzer.ListFindings
+import Amazonka.AccessAnalyzer.ListPolicyGenerations
+import Amazonka.AccessAnalyzer.ListTagsForResource
+import Amazonka.AccessAnalyzer.StartPolicyGeneration
+import Amazonka.AccessAnalyzer.StartResourceScan
+import Amazonka.AccessAnalyzer.TagResource
+import Amazonka.AccessAnalyzer.Types
+import Amazonka.AccessAnalyzer.UntagResource
+import Amazonka.AccessAnalyzer.UpdateArchiveRule
+import Amazonka.AccessAnalyzer.UpdateFindings
+import Amazonka.AccessAnalyzer.ValidatePolicy
+import Amazonka.AccessAnalyzer.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'AccessAnalyzer'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/AccessAnalyzer/ApplyArchiveRule.hs b/gen/Amazonka/AccessAnalyzer/ApplyArchiveRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/ApplyArchiveRule.hs
@@ -0,0 +1,165 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.ApplyArchiveRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retroactively applies the archive rule to existing findings that meet
+-- the archive rule criteria.
+module Amazonka.AccessAnalyzer.ApplyArchiveRule
+  ( -- * Creating a Request
+    ApplyArchiveRule (..),
+    newApplyArchiveRule,
+
+    -- * Request Lenses
+    applyArchiveRule_clientToken,
+    applyArchiveRule_analyzerArn,
+    applyArchiveRule_ruleName,
+
+    -- * Destructuring the Response
+    ApplyArchiveRuleResponse (..),
+    newApplyArchiveRuleResponse,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Retroactively applies an archive rule.
+--
+-- /See:/ 'newApplyArchiveRule' smart constructor.
+data ApplyArchiveRule = ApplyArchiveRule'
+  { -- | A client token.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon resource name (ARN) of the analyzer.
+    analyzerArn :: Prelude.Text,
+    -- | The name of the rule to apply.
+    ruleName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ApplyArchiveRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'applyArchiveRule_clientToken' - A client token.
+--
+-- 'analyzerArn', 'applyArchiveRule_analyzerArn' - The Amazon resource name (ARN) of the analyzer.
+--
+-- 'ruleName', 'applyArchiveRule_ruleName' - The name of the rule to apply.
+newApplyArchiveRule ::
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  -- | 'ruleName'
+  Prelude.Text ->
+  ApplyArchiveRule
+newApplyArchiveRule pAnalyzerArn_ pRuleName_ =
+  ApplyArchiveRule'
+    { clientToken = Prelude.Nothing,
+      analyzerArn = pAnalyzerArn_,
+      ruleName = pRuleName_
+    }
+
+-- | A client token.
+applyArchiveRule_clientToken :: Lens.Lens' ApplyArchiveRule (Prelude.Maybe Prelude.Text)
+applyArchiveRule_clientToken = Lens.lens (\ApplyArchiveRule' {clientToken} -> clientToken) (\s@ApplyArchiveRule' {} a -> s {clientToken = a} :: ApplyArchiveRule)
+
+-- | The Amazon resource name (ARN) of the analyzer.
+applyArchiveRule_analyzerArn :: Lens.Lens' ApplyArchiveRule Prelude.Text
+applyArchiveRule_analyzerArn = Lens.lens (\ApplyArchiveRule' {analyzerArn} -> analyzerArn) (\s@ApplyArchiveRule' {} a -> s {analyzerArn = a} :: ApplyArchiveRule)
+
+-- | The name of the rule to apply.
+applyArchiveRule_ruleName :: Lens.Lens' ApplyArchiveRule Prelude.Text
+applyArchiveRule_ruleName = Lens.lens (\ApplyArchiveRule' {ruleName} -> ruleName) (\s@ApplyArchiveRule' {} a -> s {ruleName = a} :: ApplyArchiveRule)
+
+instance Core.AWSRequest ApplyArchiveRule where
+  type
+    AWSResponse ApplyArchiveRule =
+      ApplyArchiveRuleResponse
+  request overrides =
+    Request.putJSON (overrides defaultService)
+  response =
+    Response.receiveNull ApplyArchiveRuleResponse'
+
+instance Prelude.Hashable ApplyArchiveRule where
+  hashWithSalt _salt ApplyArchiveRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` analyzerArn
+      `Prelude.hashWithSalt` ruleName
+
+instance Prelude.NFData ApplyArchiveRule where
+  rnf ApplyArchiveRule' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf analyzerArn
+      `Prelude.seq` Prelude.rnf ruleName
+
+instance Data.ToHeaders ApplyArchiveRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ApplyArchiveRule where
+  toJSON ApplyArchiveRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            Prelude.Just ("analyzerArn" Data..= analyzerArn),
+            Prelude.Just ("ruleName" Data..= ruleName)
+          ]
+      )
+
+instance Data.ToPath ApplyArchiveRule where
+  toPath = Prelude.const "/archive-rule"
+
+instance Data.ToQuery ApplyArchiveRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newApplyArchiveRuleResponse' smart constructor.
+data ApplyArchiveRuleResponse = ApplyArchiveRuleResponse'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ApplyArchiveRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newApplyArchiveRuleResponse ::
+  ApplyArchiveRuleResponse
+newApplyArchiveRuleResponse =
+  ApplyArchiveRuleResponse'
+
+instance Prelude.NFData ApplyArchiveRuleResponse where
+  rnf _ = ()
diff --git a/gen/Amazonka/AccessAnalyzer/CancelPolicyGeneration.hs b/gen/Amazonka/AccessAnalyzer/CancelPolicyGeneration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/CancelPolicyGeneration.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.CancelPolicyGeneration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Cancels the requested policy generation.
+module Amazonka.AccessAnalyzer.CancelPolicyGeneration
+  ( -- * Creating a Request
+    CancelPolicyGeneration (..),
+    newCancelPolicyGeneration,
+
+    -- * Request Lenses
+    cancelPolicyGeneration_jobId,
+
+    -- * Destructuring the Response
+    CancelPolicyGenerationResponse (..),
+    newCancelPolicyGenerationResponse,
+
+    -- * Response Lenses
+    cancelPolicyGenerationResponse_httpStatus,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCancelPolicyGeneration' smart constructor.
+data CancelPolicyGeneration = CancelPolicyGeneration'
+  { -- | The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+    -- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+    -- generated policies or used with @CancelPolicyGeneration@ to cancel the
+    -- policy generation request.
+    jobId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CancelPolicyGeneration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'jobId', 'cancelPolicyGeneration_jobId' - The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+-- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+-- generated policies or used with @CancelPolicyGeneration@ to cancel the
+-- policy generation request.
+newCancelPolicyGeneration ::
+  -- | 'jobId'
+  Prelude.Text ->
+  CancelPolicyGeneration
+newCancelPolicyGeneration pJobId_ =
+  CancelPolicyGeneration' {jobId = pJobId_}
+
+-- | The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+-- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+-- generated policies or used with @CancelPolicyGeneration@ to cancel the
+-- policy generation request.
+cancelPolicyGeneration_jobId :: Lens.Lens' CancelPolicyGeneration Prelude.Text
+cancelPolicyGeneration_jobId = Lens.lens (\CancelPolicyGeneration' {jobId} -> jobId) (\s@CancelPolicyGeneration' {} a -> s {jobId = a} :: CancelPolicyGeneration)
+
+instance Core.AWSRequest CancelPolicyGeneration where
+  type
+    AWSResponse CancelPolicyGeneration =
+      CancelPolicyGenerationResponse
+  request overrides =
+    Request.putJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          CancelPolicyGenerationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CancelPolicyGeneration where
+  hashWithSalt _salt CancelPolicyGeneration' {..} =
+    _salt `Prelude.hashWithSalt` jobId
+
+instance Prelude.NFData CancelPolicyGeneration where
+  rnf CancelPolicyGeneration' {..} = Prelude.rnf jobId
+
+instance Data.ToHeaders CancelPolicyGeneration where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CancelPolicyGeneration where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath CancelPolicyGeneration where
+  toPath CancelPolicyGeneration' {..} =
+    Prelude.mconcat
+      ["/policy/generation/", Data.toBS jobId]
+
+instance Data.ToQuery CancelPolicyGeneration where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCancelPolicyGenerationResponse' smart constructor.
+data CancelPolicyGenerationResponse = CancelPolicyGenerationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CancelPolicyGenerationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'cancelPolicyGenerationResponse_httpStatus' - The response's http status code.
+newCancelPolicyGenerationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CancelPolicyGenerationResponse
+newCancelPolicyGenerationResponse pHttpStatus_ =
+  CancelPolicyGenerationResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+cancelPolicyGenerationResponse_httpStatus :: Lens.Lens' CancelPolicyGenerationResponse Prelude.Int
+cancelPolicyGenerationResponse_httpStatus = Lens.lens (\CancelPolicyGenerationResponse' {httpStatus} -> httpStatus) (\s@CancelPolicyGenerationResponse' {} a -> s {httpStatus = a} :: CancelPolicyGenerationResponse)
+
+instance
+  Prelude.NFData
+    CancelPolicyGenerationResponse
+  where
+  rnf CancelPolicyGenerationResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/AccessAnalyzer/CreateAccessPreview.hs b/gen/Amazonka/AccessAnalyzer/CreateAccessPreview.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/CreateAccessPreview.hs
@@ -0,0 +1,216 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.CreateAccessPreview
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates an access preview that allows you to preview IAM Access Analyzer
+-- findings for your resource before deploying resource permissions.
+module Amazonka.AccessAnalyzer.CreateAccessPreview
+  ( -- * Creating a Request
+    CreateAccessPreview (..),
+    newCreateAccessPreview,
+
+    -- * Request Lenses
+    createAccessPreview_clientToken,
+    createAccessPreview_analyzerArn,
+    createAccessPreview_configurations,
+
+    -- * Destructuring the Response
+    CreateAccessPreviewResponse (..),
+    newCreateAccessPreviewResponse,
+
+    -- * Response Lenses
+    createAccessPreviewResponse_httpStatus,
+    createAccessPreviewResponse_id,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCreateAccessPreview' smart constructor.
+data CreateAccessPreview = CreateAccessPreview'
+  { -- | A client token.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the account analyzer>
+    -- used to generate the access preview. You can only create an access
+    -- preview for analyzers with an @Account@ type and @Active@ status.
+    analyzerArn :: Prelude.Text,
+    -- | Access control configuration for your resource that is used to generate
+    -- the access preview. The access preview includes findings for external
+    -- access allowed to the resource with the proposed access control
+    -- configuration. The configuration must contain exactly one element.
+    configurations :: Prelude.HashMap Prelude.Text Configuration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateAccessPreview' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'createAccessPreview_clientToken' - A client token.
+--
+-- 'analyzerArn', 'createAccessPreview_analyzerArn' - The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the account analyzer>
+-- used to generate the access preview. You can only create an access
+-- preview for analyzers with an @Account@ type and @Active@ status.
+--
+-- 'configurations', 'createAccessPreview_configurations' - Access control configuration for your resource that is used to generate
+-- the access preview. The access preview includes findings for external
+-- access allowed to the resource with the proposed access control
+-- configuration. The configuration must contain exactly one element.
+newCreateAccessPreview ::
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  CreateAccessPreview
+newCreateAccessPreview pAnalyzerArn_ =
+  CreateAccessPreview'
+    { clientToken = Prelude.Nothing,
+      analyzerArn = pAnalyzerArn_,
+      configurations = Prelude.mempty
+    }
+
+-- | A client token.
+createAccessPreview_clientToken :: Lens.Lens' CreateAccessPreview (Prelude.Maybe Prelude.Text)
+createAccessPreview_clientToken = Lens.lens (\CreateAccessPreview' {clientToken} -> clientToken) (\s@CreateAccessPreview' {} a -> s {clientToken = a} :: CreateAccessPreview)
+
+-- | The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the account analyzer>
+-- used to generate the access preview. You can only create an access
+-- preview for analyzers with an @Account@ type and @Active@ status.
+createAccessPreview_analyzerArn :: Lens.Lens' CreateAccessPreview Prelude.Text
+createAccessPreview_analyzerArn = Lens.lens (\CreateAccessPreview' {analyzerArn} -> analyzerArn) (\s@CreateAccessPreview' {} a -> s {analyzerArn = a} :: CreateAccessPreview)
+
+-- | Access control configuration for your resource that is used to generate
+-- the access preview. The access preview includes findings for external
+-- access allowed to the resource with the proposed access control
+-- configuration. The configuration must contain exactly one element.
+createAccessPreview_configurations :: Lens.Lens' CreateAccessPreview (Prelude.HashMap Prelude.Text Configuration)
+createAccessPreview_configurations = Lens.lens (\CreateAccessPreview' {configurations} -> configurations) (\s@CreateAccessPreview' {} a -> s {configurations = a} :: CreateAccessPreview) Prelude.. Lens.coerced
+
+instance Core.AWSRequest CreateAccessPreview where
+  type
+    AWSResponse CreateAccessPreview =
+      CreateAccessPreviewResponse
+  request overrides =
+    Request.putJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateAccessPreviewResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "id")
+      )
+
+instance Prelude.Hashable CreateAccessPreview where
+  hashWithSalt _salt CreateAccessPreview' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` analyzerArn
+      `Prelude.hashWithSalt` configurations
+
+instance Prelude.NFData CreateAccessPreview where
+  rnf CreateAccessPreview' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf analyzerArn
+      `Prelude.seq` Prelude.rnf configurations
+
+instance Data.ToHeaders CreateAccessPreview where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateAccessPreview where
+  toJSON CreateAccessPreview' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            Prelude.Just ("analyzerArn" Data..= analyzerArn),
+            Prelude.Just
+              ("configurations" Data..= configurations)
+          ]
+      )
+
+instance Data.ToPath CreateAccessPreview where
+  toPath = Prelude.const "/access-preview"
+
+instance Data.ToQuery CreateAccessPreview where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateAccessPreviewResponse' smart constructor.
+data CreateAccessPreviewResponse = CreateAccessPreviewResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The unique ID for the access preview.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateAccessPreviewResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createAccessPreviewResponse_httpStatus' - The response's http status code.
+--
+-- 'id', 'createAccessPreviewResponse_id' - The unique ID for the access preview.
+newCreateAccessPreviewResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'id'
+  Prelude.Text ->
+  CreateAccessPreviewResponse
+newCreateAccessPreviewResponse pHttpStatus_ pId_ =
+  CreateAccessPreviewResponse'
+    { httpStatus =
+        pHttpStatus_,
+      id = pId_
+    }
+
+-- | The response's http status code.
+createAccessPreviewResponse_httpStatus :: Lens.Lens' CreateAccessPreviewResponse Prelude.Int
+createAccessPreviewResponse_httpStatus = Lens.lens (\CreateAccessPreviewResponse' {httpStatus} -> httpStatus) (\s@CreateAccessPreviewResponse' {} a -> s {httpStatus = a} :: CreateAccessPreviewResponse)
+
+-- | The unique ID for the access preview.
+createAccessPreviewResponse_id :: Lens.Lens' CreateAccessPreviewResponse Prelude.Text
+createAccessPreviewResponse_id = Lens.lens (\CreateAccessPreviewResponse' {id} -> id) (\s@CreateAccessPreviewResponse' {} a -> s {id = a} :: CreateAccessPreviewResponse)
+
+instance Prelude.NFData CreateAccessPreviewResponse where
+  rnf CreateAccessPreviewResponse' {..} =
+    Prelude.rnf httpStatus `Prelude.seq` Prelude.rnf id
diff --git a/gen/Amazonka/AccessAnalyzer/CreateAnalyzer.hs b/gen/Amazonka/AccessAnalyzer/CreateAnalyzer.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/CreateAnalyzer.hs
@@ -0,0 +1,238 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.CreateAnalyzer
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates an analyzer for your account.
+module Amazonka.AccessAnalyzer.CreateAnalyzer
+  ( -- * Creating a Request
+    CreateAnalyzer (..),
+    newCreateAnalyzer,
+
+    -- * Request Lenses
+    createAnalyzer_archiveRules,
+    createAnalyzer_clientToken,
+    createAnalyzer_tags,
+    createAnalyzer_analyzerName,
+    createAnalyzer_type,
+
+    -- * Destructuring the Response
+    CreateAnalyzerResponse (..),
+    newCreateAnalyzerResponse,
+
+    -- * Response Lenses
+    createAnalyzerResponse_arn,
+    createAnalyzerResponse_httpStatus,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Creates an analyzer.
+--
+-- /See:/ 'newCreateAnalyzer' smart constructor.
+data CreateAnalyzer = CreateAnalyzer'
+  { -- | Specifies the archive rules to add for the analyzer. Archive rules
+    -- automatically archive findings that meet the criteria you define for the
+    -- rule.
+    archiveRules :: Prelude.Maybe [InlineArchiveRule],
+    -- | A client token.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The tags to apply to the analyzer.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The name of the analyzer to create.
+    analyzerName :: Prelude.Text,
+    -- | The type of analyzer to create. Only ACCOUNT and ORGANIZATION analyzers
+    -- are supported. You can create only one analyzer per account per Region.
+    -- You can create up to 5 analyzers per organization per Region.
+    type' :: Type
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateAnalyzer' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'archiveRules', 'createAnalyzer_archiveRules' - Specifies the archive rules to add for the analyzer. Archive rules
+-- automatically archive findings that meet the criteria you define for the
+-- rule.
+--
+-- 'clientToken', 'createAnalyzer_clientToken' - A client token.
+--
+-- 'tags', 'createAnalyzer_tags' - The tags to apply to the analyzer.
+--
+-- 'analyzerName', 'createAnalyzer_analyzerName' - The name of the analyzer to create.
+--
+-- 'type'', 'createAnalyzer_type' - The type of analyzer to create. Only ACCOUNT and ORGANIZATION analyzers
+-- are supported. You can create only one analyzer per account per Region.
+-- You can create up to 5 analyzers per organization per Region.
+newCreateAnalyzer ::
+  -- | 'analyzerName'
+  Prelude.Text ->
+  -- | 'type''
+  Type ->
+  CreateAnalyzer
+newCreateAnalyzer pAnalyzerName_ pType_ =
+  CreateAnalyzer'
+    { archiveRules = Prelude.Nothing,
+      clientToken = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      analyzerName = pAnalyzerName_,
+      type' = pType_
+    }
+
+-- | Specifies the archive rules to add for the analyzer. Archive rules
+-- automatically archive findings that meet the criteria you define for the
+-- rule.
+createAnalyzer_archiveRules :: Lens.Lens' CreateAnalyzer (Prelude.Maybe [InlineArchiveRule])
+createAnalyzer_archiveRules = Lens.lens (\CreateAnalyzer' {archiveRules} -> archiveRules) (\s@CreateAnalyzer' {} a -> s {archiveRules = a} :: CreateAnalyzer) Prelude.. Lens.mapping Lens.coerced
+
+-- | A client token.
+createAnalyzer_clientToken :: Lens.Lens' CreateAnalyzer (Prelude.Maybe Prelude.Text)
+createAnalyzer_clientToken = Lens.lens (\CreateAnalyzer' {clientToken} -> clientToken) (\s@CreateAnalyzer' {} a -> s {clientToken = a} :: CreateAnalyzer)
+
+-- | The tags to apply to the analyzer.
+createAnalyzer_tags :: Lens.Lens' CreateAnalyzer (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+createAnalyzer_tags = Lens.lens (\CreateAnalyzer' {tags} -> tags) (\s@CreateAnalyzer' {} a -> s {tags = a} :: CreateAnalyzer) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the analyzer to create.
+createAnalyzer_analyzerName :: Lens.Lens' CreateAnalyzer Prelude.Text
+createAnalyzer_analyzerName = Lens.lens (\CreateAnalyzer' {analyzerName} -> analyzerName) (\s@CreateAnalyzer' {} a -> s {analyzerName = a} :: CreateAnalyzer)
+
+-- | The type of analyzer to create. Only ACCOUNT and ORGANIZATION analyzers
+-- are supported. You can create only one analyzer per account per Region.
+-- You can create up to 5 analyzers per organization per Region.
+createAnalyzer_type :: Lens.Lens' CreateAnalyzer Type
+createAnalyzer_type = Lens.lens (\CreateAnalyzer' {type'} -> type') (\s@CreateAnalyzer' {} a -> s {type' = a} :: CreateAnalyzer)
+
+instance Core.AWSRequest CreateAnalyzer where
+  type
+    AWSResponse CreateAnalyzer =
+      CreateAnalyzerResponse
+  request overrides =
+    Request.putJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateAnalyzerResponse'
+            Prelude.<$> (x Data..?> "arn")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateAnalyzer where
+  hashWithSalt _salt CreateAnalyzer' {..} =
+    _salt
+      `Prelude.hashWithSalt` archiveRules
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` analyzerName
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData CreateAnalyzer where
+  rnf CreateAnalyzer' {..} =
+    Prelude.rnf archiveRules
+      `Prelude.seq` Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf analyzerName
+      `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToHeaders CreateAnalyzer where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateAnalyzer where
+  toJSON CreateAnalyzer' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("archiveRules" Data..=) Prelude.<$> archiveRules,
+            ("clientToken" Data..=) Prelude.<$> clientToken,
+            ("tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("analyzerName" Data..= analyzerName),
+            Prelude.Just ("type" Data..= type')
+          ]
+      )
+
+instance Data.ToPath CreateAnalyzer where
+  toPath = Prelude.const "/analyzer"
+
+instance Data.ToQuery CreateAnalyzer where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | The response to the request to create an analyzer.
+--
+-- /See:/ 'newCreateAnalyzerResponse' smart constructor.
+data CreateAnalyzerResponse = CreateAnalyzerResponse'
+  { -- | The ARN of the analyzer that was created by the request.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateAnalyzerResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'createAnalyzerResponse_arn' - The ARN of the analyzer that was created by the request.
+--
+-- 'httpStatus', 'createAnalyzerResponse_httpStatus' - The response's http status code.
+newCreateAnalyzerResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateAnalyzerResponse
+newCreateAnalyzerResponse pHttpStatus_ =
+  CreateAnalyzerResponse'
+    { arn = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The ARN of the analyzer that was created by the request.
+createAnalyzerResponse_arn :: Lens.Lens' CreateAnalyzerResponse (Prelude.Maybe Prelude.Text)
+createAnalyzerResponse_arn = Lens.lens (\CreateAnalyzerResponse' {arn} -> arn) (\s@CreateAnalyzerResponse' {} a -> s {arn = a} :: CreateAnalyzerResponse)
+
+-- | The response's http status code.
+createAnalyzerResponse_httpStatus :: Lens.Lens' CreateAnalyzerResponse Prelude.Int
+createAnalyzerResponse_httpStatus = Lens.lens (\CreateAnalyzerResponse' {httpStatus} -> httpStatus) (\s@CreateAnalyzerResponse' {} a -> s {httpStatus = a} :: CreateAnalyzerResponse)
+
+instance Prelude.NFData CreateAnalyzerResponse where
+  rnf CreateAnalyzerResponse' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/AccessAnalyzer/CreateArchiveRule.hs b/gen/Amazonka/AccessAnalyzer/CreateArchiveRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/CreateArchiveRule.hs
@@ -0,0 +1,188 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.CreateArchiveRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates an archive rule for the specified analyzer. Archive rules
+-- automatically archive new findings that meet the criteria you define
+-- when you create the rule.
+--
+-- To learn about filter keys that you can use to create an archive rule,
+-- see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html IAM Access Analyzer filter keys>
+-- in the __IAM User Guide__.
+module Amazonka.AccessAnalyzer.CreateArchiveRule
+  ( -- * Creating a Request
+    CreateArchiveRule (..),
+    newCreateArchiveRule,
+
+    -- * Request Lenses
+    createArchiveRule_clientToken,
+    createArchiveRule_analyzerName,
+    createArchiveRule_ruleName,
+    createArchiveRule_filter,
+
+    -- * Destructuring the Response
+    CreateArchiveRuleResponse (..),
+    newCreateArchiveRuleResponse,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Creates an archive rule.
+--
+-- /See:/ 'newCreateArchiveRule' smart constructor.
+data CreateArchiveRule = CreateArchiveRule'
+  { -- | A client token.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the created analyzer.
+    analyzerName :: Prelude.Text,
+    -- | The name of the rule to create.
+    ruleName :: Prelude.Text,
+    -- | The criteria for the rule.
+    filter' :: Prelude.HashMap Prelude.Text Criterion
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateArchiveRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'createArchiveRule_clientToken' - A client token.
+--
+-- 'analyzerName', 'createArchiveRule_analyzerName' - The name of the created analyzer.
+--
+-- 'ruleName', 'createArchiveRule_ruleName' - The name of the rule to create.
+--
+-- 'filter'', 'createArchiveRule_filter' - The criteria for the rule.
+newCreateArchiveRule ::
+  -- | 'analyzerName'
+  Prelude.Text ->
+  -- | 'ruleName'
+  Prelude.Text ->
+  CreateArchiveRule
+newCreateArchiveRule pAnalyzerName_ pRuleName_ =
+  CreateArchiveRule'
+    { clientToken = Prelude.Nothing,
+      analyzerName = pAnalyzerName_,
+      ruleName = pRuleName_,
+      filter' = Prelude.mempty
+    }
+
+-- | A client token.
+createArchiveRule_clientToken :: Lens.Lens' CreateArchiveRule (Prelude.Maybe Prelude.Text)
+createArchiveRule_clientToken = Lens.lens (\CreateArchiveRule' {clientToken} -> clientToken) (\s@CreateArchiveRule' {} a -> s {clientToken = a} :: CreateArchiveRule)
+
+-- | The name of the created analyzer.
+createArchiveRule_analyzerName :: Lens.Lens' CreateArchiveRule Prelude.Text
+createArchiveRule_analyzerName = Lens.lens (\CreateArchiveRule' {analyzerName} -> analyzerName) (\s@CreateArchiveRule' {} a -> s {analyzerName = a} :: CreateArchiveRule)
+
+-- | The name of the rule to create.
+createArchiveRule_ruleName :: Lens.Lens' CreateArchiveRule Prelude.Text
+createArchiveRule_ruleName = Lens.lens (\CreateArchiveRule' {ruleName} -> ruleName) (\s@CreateArchiveRule' {} a -> s {ruleName = a} :: CreateArchiveRule)
+
+-- | The criteria for the rule.
+createArchiveRule_filter :: Lens.Lens' CreateArchiveRule (Prelude.HashMap Prelude.Text Criterion)
+createArchiveRule_filter = Lens.lens (\CreateArchiveRule' {filter'} -> filter') (\s@CreateArchiveRule' {} a -> s {filter' = a} :: CreateArchiveRule) Prelude.. Lens.coerced
+
+instance Core.AWSRequest CreateArchiveRule where
+  type
+    AWSResponse CreateArchiveRule =
+      CreateArchiveRuleResponse
+  request overrides =
+    Request.putJSON (overrides defaultService)
+  response =
+    Response.receiveNull CreateArchiveRuleResponse'
+
+instance Prelude.Hashable CreateArchiveRule where
+  hashWithSalt _salt CreateArchiveRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` analyzerName
+      `Prelude.hashWithSalt` ruleName
+      `Prelude.hashWithSalt` filter'
+
+instance Prelude.NFData CreateArchiveRule where
+  rnf CreateArchiveRule' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf analyzerName
+      `Prelude.seq` Prelude.rnf ruleName
+      `Prelude.seq` Prelude.rnf filter'
+
+instance Data.ToHeaders CreateArchiveRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateArchiveRule where
+  toJSON CreateArchiveRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            Prelude.Just ("ruleName" Data..= ruleName),
+            Prelude.Just ("filter" Data..= filter')
+          ]
+      )
+
+instance Data.ToPath CreateArchiveRule where
+  toPath CreateArchiveRule' {..} =
+    Prelude.mconcat
+      [ "/analyzer/",
+        Data.toBS analyzerName,
+        "/archive-rule"
+      ]
+
+instance Data.ToQuery CreateArchiveRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateArchiveRuleResponse' smart constructor.
+data CreateArchiveRuleResponse = CreateArchiveRuleResponse'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateArchiveRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newCreateArchiveRuleResponse ::
+  CreateArchiveRuleResponse
+newCreateArchiveRuleResponse =
+  CreateArchiveRuleResponse'
+
+instance Prelude.NFData CreateArchiveRuleResponse where
+  rnf _ = ()
diff --git a/gen/Amazonka/AccessAnalyzer/DeleteAnalyzer.hs b/gen/Amazonka/AccessAnalyzer/DeleteAnalyzer.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/DeleteAnalyzer.hs
@@ -0,0 +1,145 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.DeleteAnalyzer
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified analyzer. When you delete an analyzer, IAM Access
+-- Analyzer is disabled for the account or organization in the current or
+-- specific Region. All findings that were generated by the analyzer are
+-- deleted. You cannot undo this action.
+module Amazonka.AccessAnalyzer.DeleteAnalyzer
+  ( -- * Creating a Request
+    DeleteAnalyzer (..),
+    newDeleteAnalyzer,
+
+    -- * Request Lenses
+    deleteAnalyzer_clientToken,
+    deleteAnalyzer_analyzerName,
+
+    -- * Destructuring the Response
+    DeleteAnalyzerResponse (..),
+    newDeleteAnalyzerResponse,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Deletes an analyzer.
+--
+-- /See:/ 'newDeleteAnalyzer' smart constructor.
+data DeleteAnalyzer = DeleteAnalyzer'
+  { -- | A client token.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the analyzer to delete.
+    analyzerName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteAnalyzer' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'deleteAnalyzer_clientToken' - A client token.
+--
+-- 'analyzerName', 'deleteAnalyzer_analyzerName' - The name of the analyzer to delete.
+newDeleteAnalyzer ::
+  -- | 'analyzerName'
+  Prelude.Text ->
+  DeleteAnalyzer
+newDeleteAnalyzer pAnalyzerName_ =
+  DeleteAnalyzer'
+    { clientToken = Prelude.Nothing,
+      analyzerName = pAnalyzerName_
+    }
+
+-- | A client token.
+deleteAnalyzer_clientToken :: Lens.Lens' DeleteAnalyzer (Prelude.Maybe Prelude.Text)
+deleteAnalyzer_clientToken = Lens.lens (\DeleteAnalyzer' {clientToken} -> clientToken) (\s@DeleteAnalyzer' {} a -> s {clientToken = a} :: DeleteAnalyzer)
+
+-- | The name of the analyzer to delete.
+deleteAnalyzer_analyzerName :: Lens.Lens' DeleteAnalyzer Prelude.Text
+deleteAnalyzer_analyzerName = Lens.lens (\DeleteAnalyzer' {analyzerName} -> analyzerName) (\s@DeleteAnalyzer' {} a -> s {analyzerName = a} :: DeleteAnalyzer)
+
+instance Core.AWSRequest DeleteAnalyzer where
+  type
+    AWSResponse DeleteAnalyzer =
+      DeleteAnalyzerResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveNull DeleteAnalyzerResponse'
+
+instance Prelude.Hashable DeleteAnalyzer where
+  hashWithSalt _salt DeleteAnalyzer' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` analyzerName
+
+instance Prelude.NFData DeleteAnalyzer where
+  rnf DeleteAnalyzer' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf analyzerName
+
+instance Data.ToHeaders DeleteAnalyzer where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteAnalyzer where
+  toPath DeleteAnalyzer' {..} =
+    Prelude.mconcat
+      ["/analyzer/", Data.toBS analyzerName]
+
+instance Data.ToQuery DeleteAnalyzer where
+  toQuery DeleteAnalyzer' {..} =
+    Prelude.mconcat ["clientToken" Data.=: clientToken]
+
+-- | /See:/ 'newDeleteAnalyzerResponse' smart constructor.
+data DeleteAnalyzerResponse = DeleteAnalyzerResponse'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteAnalyzerResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDeleteAnalyzerResponse ::
+  DeleteAnalyzerResponse
+newDeleteAnalyzerResponse = DeleteAnalyzerResponse'
+
+instance Prelude.NFData DeleteAnalyzerResponse where
+  rnf _ = ()
diff --git a/gen/Amazonka/AccessAnalyzer/DeleteArchiveRule.hs b/gen/Amazonka/AccessAnalyzer/DeleteArchiveRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/DeleteArchiveRule.hs
@@ -0,0 +1,164 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.DeleteArchiveRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified archive rule.
+module Amazonka.AccessAnalyzer.DeleteArchiveRule
+  ( -- * Creating a Request
+    DeleteArchiveRule (..),
+    newDeleteArchiveRule,
+
+    -- * Request Lenses
+    deleteArchiveRule_clientToken,
+    deleteArchiveRule_analyzerName,
+    deleteArchiveRule_ruleName,
+
+    -- * Destructuring the Response
+    DeleteArchiveRuleResponse (..),
+    newDeleteArchiveRuleResponse,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Deletes an archive rule.
+--
+-- /See:/ 'newDeleteArchiveRule' smart constructor.
+data DeleteArchiveRule = DeleteArchiveRule'
+  { -- | A client token.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the analyzer that associated with the archive rule to
+    -- delete.
+    analyzerName :: Prelude.Text,
+    -- | The name of the rule to delete.
+    ruleName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteArchiveRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'deleteArchiveRule_clientToken' - A client token.
+--
+-- 'analyzerName', 'deleteArchiveRule_analyzerName' - The name of the analyzer that associated with the archive rule to
+-- delete.
+--
+-- 'ruleName', 'deleteArchiveRule_ruleName' - The name of the rule to delete.
+newDeleteArchiveRule ::
+  -- | 'analyzerName'
+  Prelude.Text ->
+  -- | 'ruleName'
+  Prelude.Text ->
+  DeleteArchiveRule
+newDeleteArchiveRule pAnalyzerName_ pRuleName_ =
+  DeleteArchiveRule'
+    { clientToken = Prelude.Nothing,
+      analyzerName = pAnalyzerName_,
+      ruleName = pRuleName_
+    }
+
+-- | A client token.
+deleteArchiveRule_clientToken :: Lens.Lens' DeleteArchiveRule (Prelude.Maybe Prelude.Text)
+deleteArchiveRule_clientToken = Lens.lens (\DeleteArchiveRule' {clientToken} -> clientToken) (\s@DeleteArchiveRule' {} a -> s {clientToken = a} :: DeleteArchiveRule)
+
+-- | The name of the analyzer that associated with the archive rule to
+-- delete.
+deleteArchiveRule_analyzerName :: Lens.Lens' DeleteArchiveRule Prelude.Text
+deleteArchiveRule_analyzerName = Lens.lens (\DeleteArchiveRule' {analyzerName} -> analyzerName) (\s@DeleteArchiveRule' {} a -> s {analyzerName = a} :: DeleteArchiveRule)
+
+-- | The name of the rule to delete.
+deleteArchiveRule_ruleName :: Lens.Lens' DeleteArchiveRule Prelude.Text
+deleteArchiveRule_ruleName = Lens.lens (\DeleteArchiveRule' {ruleName} -> ruleName) (\s@DeleteArchiveRule' {} a -> s {ruleName = a} :: DeleteArchiveRule)
+
+instance Core.AWSRequest DeleteArchiveRule where
+  type
+    AWSResponse DeleteArchiveRule =
+      DeleteArchiveRuleResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveNull DeleteArchiveRuleResponse'
+
+instance Prelude.Hashable DeleteArchiveRule where
+  hashWithSalt _salt DeleteArchiveRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` analyzerName
+      `Prelude.hashWithSalt` ruleName
+
+instance Prelude.NFData DeleteArchiveRule where
+  rnf DeleteArchiveRule' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf analyzerName
+      `Prelude.seq` Prelude.rnf ruleName
+
+instance Data.ToHeaders DeleteArchiveRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteArchiveRule where
+  toPath DeleteArchiveRule' {..} =
+    Prelude.mconcat
+      [ "/analyzer/",
+        Data.toBS analyzerName,
+        "/archive-rule/",
+        Data.toBS ruleName
+      ]
+
+instance Data.ToQuery DeleteArchiveRule where
+  toQuery DeleteArchiveRule' {..} =
+    Prelude.mconcat ["clientToken" Data.=: clientToken]
+
+-- | /See:/ 'newDeleteArchiveRuleResponse' smart constructor.
+data DeleteArchiveRuleResponse = DeleteArchiveRuleResponse'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteArchiveRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDeleteArchiveRuleResponse ::
+  DeleteArchiveRuleResponse
+newDeleteArchiveRuleResponse =
+  DeleteArchiveRuleResponse'
+
+instance Prelude.NFData DeleteArchiveRuleResponse where
+  rnf _ = ()
diff --git a/gen/Amazonka/AccessAnalyzer/GetAccessPreview.hs b/gen/Amazonka/AccessAnalyzer/GetAccessPreview.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/GetAccessPreview.hs
@@ -0,0 +1,190 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.GetAccessPreview
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves information about an access preview for the specified
+-- analyzer.
+module Amazonka.AccessAnalyzer.GetAccessPreview
+  ( -- * Creating a Request
+    GetAccessPreview (..),
+    newGetAccessPreview,
+
+    -- * Request Lenses
+    getAccessPreview_accessPreviewId,
+    getAccessPreview_analyzerArn,
+
+    -- * Destructuring the Response
+    GetAccessPreviewResponse (..),
+    newGetAccessPreviewResponse,
+
+    -- * Response Lenses
+    getAccessPreviewResponse_httpStatus,
+    getAccessPreviewResponse_accessPreview,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetAccessPreview' smart constructor.
+data GetAccessPreview = GetAccessPreview'
+  { -- | The unique ID for the access preview.
+    accessPreviewId :: Prelude.Text,
+    -- | The
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+    -- used to generate the access preview.
+    analyzerArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetAccessPreview' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessPreviewId', 'getAccessPreview_accessPreviewId' - The unique ID for the access preview.
+--
+-- 'analyzerArn', 'getAccessPreview_analyzerArn' - The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- used to generate the access preview.
+newGetAccessPreview ::
+  -- | 'accessPreviewId'
+  Prelude.Text ->
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  GetAccessPreview
+newGetAccessPreview pAccessPreviewId_ pAnalyzerArn_ =
+  GetAccessPreview'
+    { accessPreviewId =
+        pAccessPreviewId_,
+      analyzerArn = pAnalyzerArn_
+    }
+
+-- | The unique ID for the access preview.
+getAccessPreview_accessPreviewId :: Lens.Lens' GetAccessPreview Prelude.Text
+getAccessPreview_accessPreviewId = Lens.lens (\GetAccessPreview' {accessPreviewId} -> accessPreviewId) (\s@GetAccessPreview' {} a -> s {accessPreviewId = a} :: GetAccessPreview)
+
+-- | The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- used to generate the access preview.
+getAccessPreview_analyzerArn :: Lens.Lens' GetAccessPreview Prelude.Text
+getAccessPreview_analyzerArn = Lens.lens (\GetAccessPreview' {analyzerArn} -> analyzerArn) (\s@GetAccessPreview' {} a -> s {analyzerArn = a} :: GetAccessPreview)
+
+instance Core.AWSRequest GetAccessPreview where
+  type
+    AWSResponse GetAccessPreview =
+      GetAccessPreviewResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetAccessPreviewResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "accessPreview")
+      )
+
+instance Prelude.Hashable GetAccessPreview where
+  hashWithSalt _salt GetAccessPreview' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessPreviewId
+      `Prelude.hashWithSalt` analyzerArn
+
+instance Prelude.NFData GetAccessPreview where
+  rnf GetAccessPreview' {..} =
+    Prelude.rnf accessPreviewId
+      `Prelude.seq` Prelude.rnf analyzerArn
+
+instance Data.ToHeaders GetAccessPreview where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetAccessPreview where
+  toPath GetAccessPreview' {..} =
+    Prelude.mconcat
+      ["/access-preview/", Data.toBS accessPreviewId]
+
+instance Data.ToQuery GetAccessPreview where
+  toQuery GetAccessPreview' {..} =
+    Prelude.mconcat ["analyzerArn" Data.=: analyzerArn]
+
+-- | /See:/ 'newGetAccessPreviewResponse' smart constructor.
+data GetAccessPreviewResponse = GetAccessPreviewResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | An object that contains information about the access preview.
+    accessPreview :: AccessPreview
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetAccessPreviewResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getAccessPreviewResponse_httpStatus' - The response's http status code.
+--
+-- 'accessPreview', 'getAccessPreviewResponse_accessPreview' - An object that contains information about the access preview.
+newGetAccessPreviewResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'accessPreview'
+  AccessPreview ->
+  GetAccessPreviewResponse
+newGetAccessPreviewResponse
+  pHttpStatus_
+  pAccessPreview_ =
+    GetAccessPreviewResponse'
+      { httpStatus =
+          pHttpStatus_,
+        accessPreview = pAccessPreview_
+      }
+
+-- | The response's http status code.
+getAccessPreviewResponse_httpStatus :: Lens.Lens' GetAccessPreviewResponse Prelude.Int
+getAccessPreviewResponse_httpStatus = Lens.lens (\GetAccessPreviewResponse' {httpStatus} -> httpStatus) (\s@GetAccessPreviewResponse' {} a -> s {httpStatus = a} :: GetAccessPreviewResponse)
+
+-- | An object that contains information about the access preview.
+getAccessPreviewResponse_accessPreview :: Lens.Lens' GetAccessPreviewResponse AccessPreview
+getAccessPreviewResponse_accessPreview = Lens.lens (\GetAccessPreviewResponse' {accessPreview} -> accessPreview) (\s@GetAccessPreviewResponse' {} a -> s {accessPreview = a} :: GetAccessPreviewResponse)
+
+instance Prelude.NFData GetAccessPreviewResponse where
+  rnf GetAccessPreviewResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf accessPreview
diff --git a/gen/Amazonka/AccessAnalyzer/GetAnalyzedResource.hs b/gen/Amazonka/AccessAnalyzer/GetAnalyzedResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/GetAnalyzedResource.hs
@@ -0,0 +1,192 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.GetAnalyzedResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves information about a resource that was analyzed.
+module Amazonka.AccessAnalyzer.GetAnalyzedResource
+  ( -- * Creating a Request
+    GetAnalyzedResource (..),
+    newGetAnalyzedResource,
+
+    -- * Request Lenses
+    getAnalyzedResource_analyzerArn,
+    getAnalyzedResource_resourceArn,
+
+    -- * Destructuring the Response
+    GetAnalyzedResourceResponse (..),
+    newGetAnalyzedResourceResponse,
+
+    -- * Response Lenses
+    getAnalyzedResourceResponse_resource,
+    getAnalyzedResourceResponse_httpStatus,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Retrieves an analyzed resource.
+--
+-- /See:/ 'newGetAnalyzedResource' smart constructor.
+data GetAnalyzedResource = GetAnalyzedResource'
+  { -- | The
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+    -- to retrieve information from.
+    analyzerArn :: Prelude.Text,
+    -- | The ARN of the resource to retrieve information about.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetAnalyzedResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'analyzerArn', 'getAnalyzedResource_analyzerArn' - The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- to retrieve information from.
+--
+-- 'resourceArn', 'getAnalyzedResource_resourceArn' - The ARN of the resource to retrieve information about.
+newGetAnalyzedResource ::
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  -- | 'resourceArn'
+  Prelude.Text ->
+  GetAnalyzedResource
+newGetAnalyzedResource pAnalyzerArn_ pResourceArn_ =
+  GetAnalyzedResource'
+    { analyzerArn = pAnalyzerArn_,
+      resourceArn = pResourceArn_
+    }
+
+-- | The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- to retrieve information from.
+getAnalyzedResource_analyzerArn :: Lens.Lens' GetAnalyzedResource Prelude.Text
+getAnalyzedResource_analyzerArn = Lens.lens (\GetAnalyzedResource' {analyzerArn} -> analyzerArn) (\s@GetAnalyzedResource' {} a -> s {analyzerArn = a} :: GetAnalyzedResource)
+
+-- | The ARN of the resource to retrieve information about.
+getAnalyzedResource_resourceArn :: Lens.Lens' GetAnalyzedResource Prelude.Text
+getAnalyzedResource_resourceArn = Lens.lens (\GetAnalyzedResource' {resourceArn} -> resourceArn) (\s@GetAnalyzedResource' {} a -> s {resourceArn = a} :: GetAnalyzedResource)
+
+instance Core.AWSRequest GetAnalyzedResource where
+  type
+    AWSResponse GetAnalyzedResource =
+      GetAnalyzedResourceResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetAnalyzedResourceResponse'
+            Prelude.<$> (x Data..?> "resource")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetAnalyzedResource where
+  hashWithSalt _salt GetAnalyzedResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` analyzerArn
+      `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData GetAnalyzedResource where
+  rnf GetAnalyzedResource' {..} =
+    Prelude.rnf analyzerArn
+      `Prelude.seq` Prelude.rnf resourceArn
+
+instance Data.ToHeaders GetAnalyzedResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetAnalyzedResource where
+  toPath = Prelude.const "/analyzed-resource"
+
+instance Data.ToQuery GetAnalyzedResource where
+  toQuery GetAnalyzedResource' {..} =
+    Prelude.mconcat
+      [ "analyzerArn" Data.=: analyzerArn,
+        "resourceArn" Data.=: resourceArn
+      ]
+
+-- | The response to the request.
+--
+-- /See:/ 'newGetAnalyzedResourceResponse' smart constructor.
+data GetAnalyzedResourceResponse = GetAnalyzedResourceResponse'
+  { -- | An @AnalyzedResource@ object that contains information that IAM Access
+    -- Analyzer found when it analyzed the resource.
+    resource :: Prelude.Maybe AnalyzedResource,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetAnalyzedResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resource', 'getAnalyzedResourceResponse_resource' - An @AnalyzedResource@ object that contains information that IAM Access
+-- Analyzer found when it analyzed the resource.
+--
+-- 'httpStatus', 'getAnalyzedResourceResponse_httpStatus' - The response's http status code.
+newGetAnalyzedResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetAnalyzedResourceResponse
+newGetAnalyzedResourceResponse pHttpStatus_ =
+  GetAnalyzedResourceResponse'
+    { resource =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | An @AnalyzedResource@ object that contains information that IAM Access
+-- Analyzer found when it analyzed the resource.
+getAnalyzedResourceResponse_resource :: Lens.Lens' GetAnalyzedResourceResponse (Prelude.Maybe AnalyzedResource)
+getAnalyzedResourceResponse_resource = Lens.lens (\GetAnalyzedResourceResponse' {resource} -> resource) (\s@GetAnalyzedResourceResponse' {} a -> s {resource = a} :: GetAnalyzedResourceResponse)
+
+-- | The response's http status code.
+getAnalyzedResourceResponse_httpStatus :: Lens.Lens' GetAnalyzedResourceResponse Prelude.Int
+getAnalyzedResourceResponse_httpStatus = Lens.lens (\GetAnalyzedResourceResponse' {httpStatus} -> httpStatus) (\s@GetAnalyzedResourceResponse' {} a -> s {httpStatus = a} :: GetAnalyzedResourceResponse)
+
+instance Prelude.NFData GetAnalyzedResourceResponse where
+  rnf GetAnalyzedResourceResponse' {..} =
+    Prelude.rnf resource
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/AccessAnalyzer/GetAnalyzer.hs b/gen/Amazonka/AccessAnalyzer/GetAnalyzer.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/GetAnalyzer.hs
@@ -0,0 +1,165 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.GetAnalyzer
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves information about the specified analyzer.
+module Amazonka.AccessAnalyzer.GetAnalyzer
+  ( -- * Creating a Request
+    GetAnalyzer (..),
+    newGetAnalyzer,
+
+    -- * Request Lenses
+    getAnalyzer_analyzerName,
+
+    -- * Destructuring the Response
+    GetAnalyzerResponse (..),
+    newGetAnalyzerResponse,
+
+    -- * Response Lenses
+    getAnalyzerResponse_httpStatus,
+    getAnalyzerResponse_analyzer,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Retrieves an analyzer.
+--
+-- /See:/ 'newGetAnalyzer' smart constructor.
+data GetAnalyzer = GetAnalyzer'
+  { -- | The name of the analyzer retrieved.
+    analyzerName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetAnalyzer' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'analyzerName', 'getAnalyzer_analyzerName' - The name of the analyzer retrieved.
+newGetAnalyzer ::
+  -- | 'analyzerName'
+  Prelude.Text ->
+  GetAnalyzer
+newGetAnalyzer pAnalyzerName_ =
+  GetAnalyzer' {analyzerName = pAnalyzerName_}
+
+-- | The name of the analyzer retrieved.
+getAnalyzer_analyzerName :: Lens.Lens' GetAnalyzer Prelude.Text
+getAnalyzer_analyzerName = Lens.lens (\GetAnalyzer' {analyzerName} -> analyzerName) (\s@GetAnalyzer' {} a -> s {analyzerName = a} :: GetAnalyzer)
+
+instance Core.AWSRequest GetAnalyzer where
+  type AWSResponse GetAnalyzer = GetAnalyzerResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetAnalyzerResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "analyzer")
+      )
+
+instance Prelude.Hashable GetAnalyzer where
+  hashWithSalt _salt GetAnalyzer' {..} =
+    _salt `Prelude.hashWithSalt` analyzerName
+
+instance Prelude.NFData GetAnalyzer where
+  rnf GetAnalyzer' {..} = Prelude.rnf analyzerName
+
+instance Data.ToHeaders GetAnalyzer where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetAnalyzer where
+  toPath GetAnalyzer' {..} =
+    Prelude.mconcat
+      ["/analyzer/", Data.toBS analyzerName]
+
+instance Data.ToQuery GetAnalyzer where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | The response to the request.
+--
+-- /See:/ 'newGetAnalyzerResponse' smart constructor.
+data GetAnalyzerResponse = GetAnalyzerResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | An @AnalyzerSummary@ object that contains information about the
+    -- analyzer.
+    analyzer :: AnalyzerSummary
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetAnalyzerResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getAnalyzerResponse_httpStatus' - The response's http status code.
+--
+-- 'analyzer', 'getAnalyzerResponse_analyzer' - An @AnalyzerSummary@ object that contains information about the
+-- analyzer.
+newGetAnalyzerResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'analyzer'
+  AnalyzerSummary ->
+  GetAnalyzerResponse
+newGetAnalyzerResponse pHttpStatus_ pAnalyzer_ =
+  GetAnalyzerResponse'
+    { httpStatus = pHttpStatus_,
+      analyzer = pAnalyzer_
+    }
+
+-- | The response's http status code.
+getAnalyzerResponse_httpStatus :: Lens.Lens' GetAnalyzerResponse Prelude.Int
+getAnalyzerResponse_httpStatus = Lens.lens (\GetAnalyzerResponse' {httpStatus} -> httpStatus) (\s@GetAnalyzerResponse' {} a -> s {httpStatus = a} :: GetAnalyzerResponse)
+
+-- | An @AnalyzerSummary@ object that contains information about the
+-- analyzer.
+getAnalyzerResponse_analyzer :: Lens.Lens' GetAnalyzerResponse AnalyzerSummary
+getAnalyzerResponse_analyzer = Lens.lens (\GetAnalyzerResponse' {analyzer} -> analyzer) (\s@GetAnalyzerResponse' {} a -> s {analyzer = a} :: GetAnalyzerResponse)
+
+instance Prelude.NFData GetAnalyzerResponse where
+  rnf GetAnalyzerResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf analyzer
diff --git a/gen/Amazonka/AccessAnalyzer/GetArchiveRule.hs b/gen/Amazonka/AccessAnalyzer/GetArchiveRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/GetArchiveRule.hs
@@ -0,0 +1,190 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.GetArchiveRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves information about an archive rule.
+--
+-- To learn about filter keys that you can use to create an archive rule,
+-- see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html IAM Access Analyzer filter keys>
+-- in the __IAM User Guide__.
+module Amazonka.AccessAnalyzer.GetArchiveRule
+  ( -- * Creating a Request
+    GetArchiveRule (..),
+    newGetArchiveRule,
+
+    -- * Request Lenses
+    getArchiveRule_analyzerName,
+    getArchiveRule_ruleName,
+
+    -- * Destructuring the Response
+    GetArchiveRuleResponse (..),
+    newGetArchiveRuleResponse,
+
+    -- * Response Lenses
+    getArchiveRuleResponse_httpStatus,
+    getArchiveRuleResponse_archiveRule,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Retrieves an archive rule.
+--
+-- /See:/ 'newGetArchiveRule' smart constructor.
+data GetArchiveRule = GetArchiveRule'
+  { -- | The name of the analyzer to retrieve rules from.
+    analyzerName :: Prelude.Text,
+    -- | The name of the rule to retrieve.
+    ruleName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetArchiveRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'analyzerName', 'getArchiveRule_analyzerName' - The name of the analyzer to retrieve rules from.
+--
+-- 'ruleName', 'getArchiveRule_ruleName' - The name of the rule to retrieve.
+newGetArchiveRule ::
+  -- | 'analyzerName'
+  Prelude.Text ->
+  -- | 'ruleName'
+  Prelude.Text ->
+  GetArchiveRule
+newGetArchiveRule pAnalyzerName_ pRuleName_ =
+  GetArchiveRule'
+    { analyzerName = pAnalyzerName_,
+      ruleName = pRuleName_
+    }
+
+-- | The name of the analyzer to retrieve rules from.
+getArchiveRule_analyzerName :: Lens.Lens' GetArchiveRule Prelude.Text
+getArchiveRule_analyzerName = Lens.lens (\GetArchiveRule' {analyzerName} -> analyzerName) (\s@GetArchiveRule' {} a -> s {analyzerName = a} :: GetArchiveRule)
+
+-- | The name of the rule to retrieve.
+getArchiveRule_ruleName :: Lens.Lens' GetArchiveRule Prelude.Text
+getArchiveRule_ruleName = Lens.lens (\GetArchiveRule' {ruleName} -> ruleName) (\s@GetArchiveRule' {} a -> s {ruleName = a} :: GetArchiveRule)
+
+instance Core.AWSRequest GetArchiveRule where
+  type
+    AWSResponse GetArchiveRule =
+      GetArchiveRuleResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetArchiveRuleResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "archiveRule")
+      )
+
+instance Prelude.Hashable GetArchiveRule where
+  hashWithSalt _salt GetArchiveRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` analyzerName
+      `Prelude.hashWithSalt` ruleName
+
+instance Prelude.NFData GetArchiveRule where
+  rnf GetArchiveRule' {..} =
+    Prelude.rnf analyzerName
+      `Prelude.seq` Prelude.rnf ruleName
+
+instance Data.ToHeaders GetArchiveRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetArchiveRule where
+  toPath GetArchiveRule' {..} =
+    Prelude.mconcat
+      [ "/analyzer/",
+        Data.toBS analyzerName,
+        "/archive-rule/",
+        Data.toBS ruleName
+      ]
+
+instance Data.ToQuery GetArchiveRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | The response to the request.
+--
+-- /See:/ 'newGetArchiveRuleResponse' smart constructor.
+data GetArchiveRuleResponse = GetArchiveRuleResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    archiveRule :: ArchiveRuleSummary
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetArchiveRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getArchiveRuleResponse_httpStatus' - The response's http status code.
+--
+-- 'archiveRule', 'getArchiveRuleResponse_archiveRule' - Undocumented member.
+newGetArchiveRuleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'archiveRule'
+  ArchiveRuleSummary ->
+  GetArchiveRuleResponse
+newGetArchiveRuleResponse pHttpStatus_ pArchiveRule_ =
+  GetArchiveRuleResponse'
+    { httpStatus = pHttpStatus_,
+      archiveRule = pArchiveRule_
+    }
+
+-- | The response's http status code.
+getArchiveRuleResponse_httpStatus :: Lens.Lens' GetArchiveRuleResponse Prelude.Int
+getArchiveRuleResponse_httpStatus = Lens.lens (\GetArchiveRuleResponse' {httpStatus} -> httpStatus) (\s@GetArchiveRuleResponse' {} a -> s {httpStatus = a} :: GetArchiveRuleResponse)
+
+-- | Undocumented member.
+getArchiveRuleResponse_archiveRule :: Lens.Lens' GetArchiveRuleResponse ArchiveRuleSummary
+getArchiveRuleResponse_archiveRule = Lens.lens (\GetArchiveRuleResponse' {archiveRule} -> archiveRule) (\s@GetArchiveRuleResponse' {} a -> s {archiveRule = a} :: GetArchiveRuleResponse)
+
+instance Prelude.NFData GetArchiveRuleResponse where
+  rnf GetArchiveRuleResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf archiveRule
diff --git a/gen/Amazonka/AccessAnalyzer/GetFinding.hs b/gen/Amazonka/AccessAnalyzer/GetFinding.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/GetFinding.hs
@@ -0,0 +1,181 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.GetFinding
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves information about the specified finding.
+module Amazonka.AccessAnalyzer.GetFinding
+  ( -- * Creating a Request
+    GetFinding (..),
+    newGetFinding,
+
+    -- * Request Lenses
+    getFinding_analyzerArn,
+    getFinding_id,
+
+    -- * Destructuring the Response
+    GetFindingResponse (..),
+    newGetFindingResponse,
+
+    -- * Response Lenses
+    getFindingResponse_finding,
+    getFindingResponse_httpStatus,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Retrieves a finding.
+--
+-- /See:/ 'newGetFinding' smart constructor.
+data GetFinding = GetFinding'
+  { -- | The
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+    -- that generated the finding.
+    analyzerArn :: Prelude.Text,
+    -- | The ID of the finding to retrieve.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFinding' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'analyzerArn', 'getFinding_analyzerArn' - The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- that generated the finding.
+--
+-- 'id', 'getFinding_id' - The ID of the finding to retrieve.
+newGetFinding ::
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  GetFinding
+newGetFinding pAnalyzerArn_ pId_ =
+  GetFinding' {analyzerArn = pAnalyzerArn_, id = pId_}
+
+-- | The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- that generated the finding.
+getFinding_analyzerArn :: Lens.Lens' GetFinding Prelude.Text
+getFinding_analyzerArn = Lens.lens (\GetFinding' {analyzerArn} -> analyzerArn) (\s@GetFinding' {} a -> s {analyzerArn = a} :: GetFinding)
+
+-- | The ID of the finding to retrieve.
+getFinding_id :: Lens.Lens' GetFinding Prelude.Text
+getFinding_id = Lens.lens (\GetFinding' {id} -> id) (\s@GetFinding' {} a -> s {id = a} :: GetFinding)
+
+instance Core.AWSRequest GetFinding where
+  type AWSResponse GetFinding = GetFindingResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFindingResponse'
+            Prelude.<$> (x Data..?> "finding")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetFinding where
+  hashWithSalt _salt GetFinding' {..} =
+    _salt
+      `Prelude.hashWithSalt` analyzerArn
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData GetFinding where
+  rnf GetFinding' {..} =
+    Prelude.rnf analyzerArn
+      `Prelude.seq` Prelude.rnf id
+
+instance Data.ToHeaders GetFinding where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetFinding where
+  toPath GetFinding' {..} =
+    Prelude.mconcat ["/finding/", Data.toBS id]
+
+instance Data.ToQuery GetFinding where
+  toQuery GetFinding' {..} =
+    Prelude.mconcat ["analyzerArn" Data.=: analyzerArn]
+
+-- | The response to the request.
+--
+-- /See:/ 'newGetFindingResponse' smart constructor.
+data GetFindingResponse = GetFindingResponse'
+  { -- | A @finding@ object that contains finding details.
+    finding :: Prelude.Maybe Finding,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFindingResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'finding', 'getFindingResponse_finding' - A @finding@ object that contains finding details.
+--
+-- 'httpStatus', 'getFindingResponse_httpStatus' - The response's http status code.
+newGetFindingResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetFindingResponse
+newGetFindingResponse pHttpStatus_ =
+  GetFindingResponse'
+    { finding = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A @finding@ object that contains finding details.
+getFindingResponse_finding :: Lens.Lens' GetFindingResponse (Prelude.Maybe Finding)
+getFindingResponse_finding = Lens.lens (\GetFindingResponse' {finding} -> finding) (\s@GetFindingResponse' {} a -> s {finding = a} :: GetFindingResponse)
+
+-- | The response's http status code.
+getFindingResponse_httpStatus :: Lens.Lens' GetFindingResponse Prelude.Int
+getFindingResponse_httpStatus = Lens.lens (\GetFindingResponse' {httpStatus} -> httpStatus) (\s@GetFindingResponse' {} a -> s {httpStatus = a} :: GetFindingResponse)
+
+instance Prelude.NFData GetFindingResponse where
+  rnf GetFindingResponse' {..} =
+    Prelude.rnf finding
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/AccessAnalyzer/GetGeneratedPolicy.hs b/gen/Amazonka/AccessAnalyzer/GetGeneratedPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/GetGeneratedPolicy.hs
@@ -0,0 +1,258 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.GetGeneratedPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the policy that was generated using @StartPolicyGeneration@.
+module Amazonka.AccessAnalyzer.GetGeneratedPolicy
+  ( -- * Creating a Request
+    GetGeneratedPolicy (..),
+    newGetGeneratedPolicy,
+
+    -- * Request Lenses
+    getGeneratedPolicy_includeResourcePlaceholders,
+    getGeneratedPolicy_includeServiceLevelTemplate,
+    getGeneratedPolicy_jobId,
+
+    -- * Destructuring the Response
+    GetGeneratedPolicyResponse (..),
+    newGetGeneratedPolicyResponse,
+
+    -- * Response Lenses
+    getGeneratedPolicyResponse_httpStatus,
+    getGeneratedPolicyResponse_jobDetails,
+    getGeneratedPolicyResponse_generatedPolicyResult,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetGeneratedPolicy' smart constructor.
+data GetGeneratedPolicy = GetGeneratedPolicy'
+  { -- | The level of detail that you want to generate. You can specify whether
+    -- to generate policies with placeholders for resource ARNs for actions
+    -- that support resource level granularity in policies.
+    --
+    -- For example, in the resource section of a policy, you can receive a
+    -- placeholder such as @\"Resource\":\"arn:aws:s3:::${BucketName}\"@
+    -- instead of @\"*\"@.
+    includeResourcePlaceholders :: Prelude.Maybe Prelude.Bool,
+    -- | The level of detail that you want to generate. You can specify whether
+    -- to generate service-level policies.
+    --
+    -- IAM Access Analyzer uses @iam:servicelastaccessed@ to identify services
+    -- that have been used recently to create this service-level template.
+    includeServiceLevelTemplate :: Prelude.Maybe Prelude.Bool,
+    -- | The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+    -- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+    -- generated policies or used with @CancelPolicyGeneration@ to cancel the
+    -- policy generation request.
+    jobId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetGeneratedPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'includeResourcePlaceholders', 'getGeneratedPolicy_includeResourcePlaceholders' - The level of detail that you want to generate. You can specify whether
+-- to generate policies with placeholders for resource ARNs for actions
+-- that support resource level granularity in policies.
+--
+-- For example, in the resource section of a policy, you can receive a
+-- placeholder such as @\"Resource\":\"arn:aws:s3:::${BucketName}\"@
+-- instead of @\"*\"@.
+--
+-- 'includeServiceLevelTemplate', 'getGeneratedPolicy_includeServiceLevelTemplate' - The level of detail that you want to generate. You can specify whether
+-- to generate service-level policies.
+--
+-- IAM Access Analyzer uses @iam:servicelastaccessed@ to identify services
+-- that have been used recently to create this service-level template.
+--
+-- 'jobId', 'getGeneratedPolicy_jobId' - The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+-- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+-- generated policies or used with @CancelPolicyGeneration@ to cancel the
+-- policy generation request.
+newGetGeneratedPolicy ::
+  -- | 'jobId'
+  Prelude.Text ->
+  GetGeneratedPolicy
+newGetGeneratedPolicy pJobId_ =
+  GetGeneratedPolicy'
+    { includeResourcePlaceholders =
+        Prelude.Nothing,
+      includeServiceLevelTemplate = Prelude.Nothing,
+      jobId = pJobId_
+    }
+
+-- | The level of detail that you want to generate. You can specify whether
+-- to generate policies with placeholders for resource ARNs for actions
+-- that support resource level granularity in policies.
+--
+-- For example, in the resource section of a policy, you can receive a
+-- placeholder such as @\"Resource\":\"arn:aws:s3:::${BucketName}\"@
+-- instead of @\"*\"@.
+getGeneratedPolicy_includeResourcePlaceholders :: Lens.Lens' GetGeneratedPolicy (Prelude.Maybe Prelude.Bool)
+getGeneratedPolicy_includeResourcePlaceholders = Lens.lens (\GetGeneratedPolicy' {includeResourcePlaceholders} -> includeResourcePlaceholders) (\s@GetGeneratedPolicy' {} a -> s {includeResourcePlaceholders = a} :: GetGeneratedPolicy)
+
+-- | The level of detail that you want to generate. You can specify whether
+-- to generate service-level policies.
+--
+-- IAM Access Analyzer uses @iam:servicelastaccessed@ to identify services
+-- that have been used recently to create this service-level template.
+getGeneratedPolicy_includeServiceLevelTemplate :: Lens.Lens' GetGeneratedPolicy (Prelude.Maybe Prelude.Bool)
+getGeneratedPolicy_includeServiceLevelTemplate = Lens.lens (\GetGeneratedPolicy' {includeServiceLevelTemplate} -> includeServiceLevelTemplate) (\s@GetGeneratedPolicy' {} a -> s {includeServiceLevelTemplate = a} :: GetGeneratedPolicy)
+
+-- | The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+-- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+-- generated policies or used with @CancelPolicyGeneration@ to cancel the
+-- policy generation request.
+getGeneratedPolicy_jobId :: Lens.Lens' GetGeneratedPolicy Prelude.Text
+getGeneratedPolicy_jobId = Lens.lens (\GetGeneratedPolicy' {jobId} -> jobId) (\s@GetGeneratedPolicy' {} a -> s {jobId = a} :: GetGeneratedPolicy)
+
+instance Core.AWSRequest GetGeneratedPolicy where
+  type
+    AWSResponse GetGeneratedPolicy =
+      GetGeneratedPolicyResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetGeneratedPolicyResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "jobDetails")
+            Prelude.<*> (x Data..:> "generatedPolicyResult")
+      )
+
+instance Prelude.Hashable GetGeneratedPolicy where
+  hashWithSalt _salt GetGeneratedPolicy' {..} =
+    _salt
+      `Prelude.hashWithSalt` includeResourcePlaceholders
+      `Prelude.hashWithSalt` includeServiceLevelTemplate
+      `Prelude.hashWithSalt` jobId
+
+instance Prelude.NFData GetGeneratedPolicy where
+  rnf GetGeneratedPolicy' {..} =
+    Prelude.rnf includeResourcePlaceholders
+      `Prelude.seq` Prelude.rnf includeServiceLevelTemplate
+      `Prelude.seq` Prelude.rnf jobId
+
+instance Data.ToHeaders GetGeneratedPolicy where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetGeneratedPolicy where
+  toPath GetGeneratedPolicy' {..} =
+    Prelude.mconcat
+      ["/policy/generation/", Data.toBS jobId]
+
+instance Data.ToQuery GetGeneratedPolicy where
+  toQuery GetGeneratedPolicy' {..} =
+    Prelude.mconcat
+      [ "includeResourcePlaceholders"
+          Data.=: includeResourcePlaceholders,
+        "includeServiceLevelTemplate"
+          Data.=: includeServiceLevelTemplate
+      ]
+
+-- | /See:/ 'newGetGeneratedPolicyResponse' smart constructor.
+data GetGeneratedPolicyResponse = GetGeneratedPolicyResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A @GeneratedPolicyDetails@ object that contains details about the
+    -- generated policy.
+    jobDetails :: JobDetails,
+    -- | A @GeneratedPolicyResult@ object that contains the generated policies
+    -- and associated details.
+    generatedPolicyResult :: GeneratedPolicyResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetGeneratedPolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getGeneratedPolicyResponse_httpStatus' - The response's http status code.
+--
+-- 'jobDetails', 'getGeneratedPolicyResponse_jobDetails' - A @GeneratedPolicyDetails@ object that contains details about the
+-- generated policy.
+--
+-- 'generatedPolicyResult', 'getGeneratedPolicyResponse_generatedPolicyResult' - A @GeneratedPolicyResult@ object that contains the generated policies
+-- and associated details.
+newGetGeneratedPolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'jobDetails'
+  JobDetails ->
+  -- | 'generatedPolicyResult'
+  GeneratedPolicyResult ->
+  GetGeneratedPolicyResponse
+newGetGeneratedPolicyResponse
+  pHttpStatus_
+  pJobDetails_
+  pGeneratedPolicyResult_ =
+    GetGeneratedPolicyResponse'
+      { httpStatus =
+          pHttpStatus_,
+        jobDetails = pJobDetails_,
+        generatedPolicyResult = pGeneratedPolicyResult_
+      }
+
+-- | The response's http status code.
+getGeneratedPolicyResponse_httpStatus :: Lens.Lens' GetGeneratedPolicyResponse Prelude.Int
+getGeneratedPolicyResponse_httpStatus = Lens.lens (\GetGeneratedPolicyResponse' {httpStatus} -> httpStatus) (\s@GetGeneratedPolicyResponse' {} a -> s {httpStatus = a} :: GetGeneratedPolicyResponse)
+
+-- | A @GeneratedPolicyDetails@ object that contains details about the
+-- generated policy.
+getGeneratedPolicyResponse_jobDetails :: Lens.Lens' GetGeneratedPolicyResponse JobDetails
+getGeneratedPolicyResponse_jobDetails = Lens.lens (\GetGeneratedPolicyResponse' {jobDetails} -> jobDetails) (\s@GetGeneratedPolicyResponse' {} a -> s {jobDetails = a} :: GetGeneratedPolicyResponse)
+
+-- | A @GeneratedPolicyResult@ object that contains the generated policies
+-- and associated details.
+getGeneratedPolicyResponse_generatedPolicyResult :: Lens.Lens' GetGeneratedPolicyResponse GeneratedPolicyResult
+getGeneratedPolicyResponse_generatedPolicyResult = Lens.lens (\GetGeneratedPolicyResponse' {generatedPolicyResult} -> generatedPolicyResult) (\s@GetGeneratedPolicyResponse' {} a -> s {generatedPolicyResult = a} :: GetGeneratedPolicyResponse)
+
+instance Prelude.NFData GetGeneratedPolicyResponse where
+  rnf GetGeneratedPolicyResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf jobDetails
+      `Prelude.seq` Prelude.rnf generatedPolicyResult
diff --git a/gen/Amazonka/AccessAnalyzer/Lens.hs b/gen/Amazonka/AccessAnalyzer/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Lens.hs
@@ -0,0 +1,602 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Lens
+  ( -- * Operations
+
+    -- ** ApplyArchiveRule
+    applyArchiveRule_clientToken,
+    applyArchiveRule_analyzerArn,
+    applyArchiveRule_ruleName,
+
+    -- ** CancelPolicyGeneration
+    cancelPolicyGeneration_jobId,
+    cancelPolicyGenerationResponse_httpStatus,
+
+    -- ** CreateAccessPreview
+    createAccessPreview_clientToken,
+    createAccessPreview_analyzerArn,
+    createAccessPreview_configurations,
+    createAccessPreviewResponse_httpStatus,
+    createAccessPreviewResponse_id,
+
+    -- ** CreateAnalyzer
+    createAnalyzer_archiveRules,
+    createAnalyzer_clientToken,
+    createAnalyzer_tags,
+    createAnalyzer_analyzerName,
+    createAnalyzer_type,
+    createAnalyzerResponse_arn,
+    createAnalyzerResponse_httpStatus,
+
+    -- ** CreateArchiveRule
+    createArchiveRule_clientToken,
+    createArchiveRule_analyzerName,
+    createArchiveRule_ruleName,
+    createArchiveRule_filter,
+
+    -- ** DeleteAnalyzer
+    deleteAnalyzer_clientToken,
+    deleteAnalyzer_analyzerName,
+
+    -- ** DeleteArchiveRule
+    deleteArchiveRule_clientToken,
+    deleteArchiveRule_analyzerName,
+    deleteArchiveRule_ruleName,
+
+    -- ** GetAccessPreview
+    getAccessPreview_accessPreviewId,
+    getAccessPreview_analyzerArn,
+    getAccessPreviewResponse_httpStatus,
+    getAccessPreviewResponse_accessPreview,
+
+    -- ** GetAnalyzedResource
+    getAnalyzedResource_analyzerArn,
+    getAnalyzedResource_resourceArn,
+    getAnalyzedResourceResponse_resource,
+    getAnalyzedResourceResponse_httpStatus,
+
+    -- ** GetAnalyzer
+    getAnalyzer_analyzerName,
+    getAnalyzerResponse_httpStatus,
+    getAnalyzerResponse_analyzer,
+
+    -- ** GetArchiveRule
+    getArchiveRule_analyzerName,
+    getArchiveRule_ruleName,
+    getArchiveRuleResponse_httpStatus,
+    getArchiveRuleResponse_archiveRule,
+
+    -- ** GetFinding
+    getFinding_analyzerArn,
+    getFinding_id,
+    getFindingResponse_finding,
+    getFindingResponse_httpStatus,
+
+    -- ** GetGeneratedPolicy
+    getGeneratedPolicy_includeResourcePlaceholders,
+    getGeneratedPolicy_includeServiceLevelTemplate,
+    getGeneratedPolicy_jobId,
+    getGeneratedPolicyResponse_httpStatus,
+    getGeneratedPolicyResponse_jobDetails,
+    getGeneratedPolicyResponse_generatedPolicyResult,
+
+    -- ** ListAccessPreviewFindings
+    listAccessPreviewFindings_filter,
+    listAccessPreviewFindings_maxResults,
+    listAccessPreviewFindings_nextToken,
+    listAccessPreviewFindings_accessPreviewId,
+    listAccessPreviewFindings_analyzerArn,
+    listAccessPreviewFindingsResponse_nextToken,
+    listAccessPreviewFindingsResponse_httpStatus,
+    listAccessPreviewFindingsResponse_findings,
+
+    -- ** ListAccessPreviews
+    listAccessPreviews_maxResults,
+    listAccessPreviews_nextToken,
+    listAccessPreviews_analyzerArn,
+    listAccessPreviewsResponse_nextToken,
+    listAccessPreviewsResponse_httpStatus,
+    listAccessPreviewsResponse_accessPreviews,
+
+    -- ** ListAnalyzedResources
+    listAnalyzedResources_maxResults,
+    listAnalyzedResources_nextToken,
+    listAnalyzedResources_resourceType,
+    listAnalyzedResources_analyzerArn,
+    listAnalyzedResourcesResponse_nextToken,
+    listAnalyzedResourcesResponse_httpStatus,
+    listAnalyzedResourcesResponse_analyzedResources,
+
+    -- ** ListAnalyzers
+    listAnalyzers_maxResults,
+    listAnalyzers_nextToken,
+    listAnalyzers_type,
+    listAnalyzersResponse_nextToken,
+    listAnalyzersResponse_httpStatus,
+    listAnalyzersResponse_analyzers,
+
+    -- ** ListArchiveRules
+    listArchiveRules_maxResults,
+    listArchiveRules_nextToken,
+    listArchiveRules_analyzerName,
+    listArchiveRulesResponse_nextToken,
+    listArchiveRulesResponse_httpStatus,
+    listArchiveRulesResponse_archiveRules,
+
+    -- ** ListFindings
+    listFindings_filter,
+    listFindings_maxResults,
+    listFindings_nextToken,
+    listFindings_sort,
+    listFindings_analyzerArn,
+    listFindingsResponse_nextToken,
+    listFindingsResponse_httpStatus,
+    listFindingsResponse_findings,
+
+    -- ** ListPolicyGenerations
+    listPolicyGenerations_maxResults,
+    listPolicyGenerations_nextToken,
+    listPolicyGenerations_principalArn,
+    listPolicyGenerationsResponse_nextToken,
+    listPolicyGenerationsResponse_httpStatus,
+    listPolicyGenerationsResponse_policyGenerations,
+
+    -- ** ListTagsForResource
+    listTagsForResource_resourceArn,
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+
+    -- ** StartPolicyGeneration
+    startPolicyGeneration_clientToken,
+    startPolicyGeneration_cloudTrailDetails,
+    startPolicyGeneration_policyGenerationDetails,
+    startPolicyGenerationResponse_httpStatus,
+    startPolicyGenerationResponse_jobId,
+
+    -- ** StartResourceScan
+    startResourceScan_resourceOwnerAccount,
+    startResourceScan_analyzerArn,
+    startResourceScan_resourceArn,
+
+    -- ** TagResource
+    tagResource_resourceArn,
+    tagResource_tags,
+    tagResourceResponse_httpStatus,
+
+    -- ** UntagResource
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+    untagResourceResponse_httpStatus,
+
+    -- ** UpdateArchiveRule
+    updateArchiveRule_clientToken,
+    updateArchiveRule_analyzerName,
+    updateArchiveRule_ruleName,
+    updateArchiveRule_filter,
+
+    -- ** UpdateFindings
+    updateFindings_clientToken,
+    updateFindings_ids,
+    updateFindings_resourceArn,
+    updateFindings_analyzerArn,
+    updateFindings_status,
+
+    -- ** ValidatePolicy
+    validatePolicy_locale,
+    validatePolicy_maxResults,
+    validatePolicy_nextToken,
+    validatePolicy_validatePolicyResourceType,
+    validatePolicy_policyDocument,
+    validatePolicy_policyType,
+    validatePolicyResponse_nextToken,
+    validatePolicyResponse_httpStatus,
+    validatePolicyResponse_findings,
+
+    -- * Types
+
+    -- ** AccessPreview
+    accessPreview_statusReason,
+    accessPreview_id,
+    accessPreview_analyzerArn,
+    accessPreview_configurations,
+    accessPreview_createdAt,
+    accessPreview_status,
+
+    -- ** AccessPreviewFinding
+    accessPreviewFinding_action,
+    accessPreviewFinding_condition,
+    accessPreviewFinding_error,
+    accessPreviewFinding_existingFindingId,
+    accessPreviewFinding_existingFindingStatus,
+    accessPreviewFinding_isPublic,
+    accessPreviewFinding_principal,
+    accessPreviewFinding_resource,
+    accessPreviewFinding_sources,
+    accessPreviewFinding_id,
+    accessPreviewFinding_resourceType,
+    accessPreviewFinding_createdAt,
+    accessPreviewFinding_changeType,
+    accessPreviewFinding_status,
+    accessPreviewFinding_resourceOwnerAccount,
+
+    -- ** AccessPreviewStatusReason
+    accessPreviewStatusReason_code,
+
+    -- ** AccessPreviewSummary
+    accessPreviewSummary_statusReason,
+    accessPreviewSummary_id,
+    accessPreviewSummary_analyzerArn,
+    accessPreviewSummary_createdAt,
+    accessPreviewSummary_status,
+
+    -- ** AclGrantee
+    aclGrantee_id,
+    aclGrantee_uri,
+
+    -- ** AnalyzedResource
+    analyzedResource_actions,
+    analyzedResource_error,
+    analyzedResource_sharedVia,
+    analyzedResource_status,
+    analyzedResource_resourceArn,
+    analyzedResource_resourceType,
+    analyzedResource_createdAt,
+    analyzedResource_analyzedAt,
+    analyzedResource_updatedAt,
+    analyzedResource_isPublic,
+    analyzedResource_resourceOwnerAccount,
+
+    -- ** AnalyzedResourceSummary
+    analyzedResourceSummary_resourceArn,
+    analyzedResourceSummary_resourceOwnerAccount,
+    analyzedResourceSummary_resourceType,
+
+    -- ** AnalyzerSummary
+    analyzerSummary_lastResourceAnalyzed,
+    analyzerSummary_lastResourceAnalyzedAt,
+    analyzerSummary_statusReason,
+    analyzerSummary_tags,
+    analyzerSummary_arn,
+    analyzerSummary_name,
+    analyzerSummary_type,
+    analyzerSummary_createdAt,
+    analyzerSummary_status,
+
+    -- ** ArchiveRuleSummary
+    archiveRuleSummary_ruleName,
+    archiveRuleSummary_filter,
+    archiveRuleSummary_createdAt,
+    archiveRuleSummary_updatedAt,
+
+    -- ** CloudTrailDetails
+    cloudTrailDetails_endTime,
+    cloudTrailDetails_trails,
+    cloudTrailDetails_accessRole,
+    cloudTrailDetails_startTime,
+
+    -- ** CloudTrailProperties
+    cloudTrailProperties_trailProperties,
+    cloudTrailProperties_startTime,
+    cloudTrailProperties_endTime,
+
+    -- ** Configuration
+    configuration_ebsSnapshot,
+    configuration_ecrRepository,
+    configuration_efsFileSystem,
+    configuration_iamRole,
+    configuration_kmsKey,
+    configuration_rdsDbClusterSnapshot,
+    configuration_rdsDbSnapshot,
+    configuration_s3Bucket,
+    configuration_secretsManagerSecret,
+    configuration_snsTopic,
+    configuration_sqsQueue,
+
+    -- ** Criterion
+    criterion_contains,
+    criterion_eq,
+    criterion_exists,
+    criterion_neq,
+
+    -- ** EbsSnapshotConfiguration
+    ebsSnapshotConfiguration_groups,
+    ebsSnapshotConfiguration_kmsKeyId,
+    ebsSnapshotConfiguration_userIds,
+
+    -- ** EcrRepositoryConfiguration
+    ecrRepositoryConfiguration_repositoryPolicy,
+
+    -- ** EfsFileSystemConfiguration
+    efsFileSystemConfiguration_fileSystemPolicy,
+
+    -- ** Finding
+    finding_action,
+    finding_error,
+    finding_isPublic,
+    finding_principal,
+    finding_resource,
+    finding_sources,
+    finding_id,
+    finding_resourceType,
+    finding_condition,
+    finding_createdAt,
+    finding_analyzedAt,
+    finding_updatedAt,
+    finding_status,
+    finding_resourceOwnerAccount,
+
+    -- ** FindingSource
+    findingSource_detail,
+    findingSource_type,
+
+    -- ** FindingSourceDetail
+    findingSourceDetail_accessPointAccount,
+    findingSourceDetail_accessPointArn,
+
+    -- ** FindingSummary
+    findingSummary_action,
+    findingSummary_error,
+    findingSummary_isPublic,
+    findingSummary_principal,
+    findingSummary_resource,
+    findingSummary_sources,
+    findingSummary_id,
+    findingSummary_resourceType,
+    findingSummary_condition,
+    findingSummary_createdAt,
+    findingSummary_analyzedAt,
+    findingSummary_updatedAt,
+    findingSummary_status,
+    findingSummary_resourceOwnerAccount,
+
+    -- ** GeneratedPolicy
+    generatedPolicy_policy,
+
+    -- ** GeneratedPolicyProperties
+    generatedPolicyProperties_cloudTrailProperties,
+    generatedPolicyProperties_isComplete,
+    generatedPolicyProperties_principalArn,
+
+    -- ** GeneratedPolicyResult
+    generatedPolicyResult_generatedPolicies,
+    generatedPolicyResult_properties,
+
+    -- ** IamRoleConfiguration
+    iamRoleConfiguration_trustPolicy,
+
+    -- ** InlineArchiveRule
+    inlineArchiveRule_ruleName,
+    inlineArchiveRule_filter,
+
+    -- ** InternetConfiguration
+
+    -- ** JobDetails
+    jobDetails_completedOn,
+    jobDetails_jobError,
+    jobDetails_jobId,
+    jobDetails_status,
+    jobDetails_startedOn,
+
+    -- ** JobError
+    jobError_code,
+    jobError_message,
+
+    -- ** KmsGrantConfiguration
+    kmsGrantConfiguration_constraints,
+    kmsGrantConfiguration_retiringPrincipal,
+    kmsGrantConfiguration_operations,
+    kmsGrantConfiguration_granteePrincipal,
+    kmsGrantConfiguration_issuingAccount,
+
+    -- ** KmsGrantConstraints
+    kmsGrantConstraints_encryptionContextEquals,
+    kmsGrantConstraints_encryptionContextSubset,
+
+    -- ** KmsKeyConfiguration
+    kmsKeyConfiguration_grants,
+    kmsKeyConfiguration_keyPolicies,
+
+    -- ** Location
+    location_path,
+    location_span,
+
+    -- ** NetworkOriginConfiguration
+    networkOriginConfiguration_internetConfiguration,
+    networkOriginConfiguration_vpcConfiguration,
+
+    -- ** PathElement
+    pathElement_index,
+    pathElement_key,
+    pathElement_substring,
+    pathElement_value,
+
+    -- ** PolicyGeneration
+    policyGeneration_completedOn,
+    policyGeneration_jobId,
+    policyGeneration_principalArn,
+    policyGeneration_status,
+    policyGeneration_startedOn,
+
+    -- ** PolicyGenerationDetails
+    policyGenerationDetails_principalArn,
+
+    -- ** Position
+    position_line,
+    position_column,
+    position_offset,
+
+    -- ** RdsDbClusterSnapshotAttributeValue
+    rdsDbClusterSnapshotAttributeValue_accountIds,
+
+    -- ** RdsDbClusterSnapshotConfiguration
+    rdsDbClusterSnapshotConfiguration_attributes,
+    rdsDbClusterSnapshotConfiguration_kmsKeyId,
+
+    -- ** RdsDbSnapshotAttributeValue
+    rdsDbSnapshotAttributeValue_accountIds,
+
+    -- ** RdsDbSnapshotConfiguration
+    rdsDbSnapshotConfiguration_attributes,
+    rdsDbSnapshotConfiguration_kmsKeyId,
+
+    -- ** S3AccessPointConfiguration
+    s3AccessPointConfiguration_accessPointPolicy,
+    s3AccessPointConfiguration_networkOrigin,
+    s3AccessPointConfiguration_publicAccessBlock,
+
+    -- ** S3BucketAclGrantConfiguration
+    s3BucketAclGrantConfiguration_permission,
+    s3BucketAclGrantConfiguration_grantee,
+
+    -- ** S3BucketConfiguration
+    s3BucketConfiguration_accessPoints,
+    s3BucketConfiguration_bucketAclGrants,
+    s3BucketConfiguration_bucketPolicy,
+    s3BucketConfiguration_bucketPublicAccessBlock,
+
+    -- ** S3PublicAccessBlockConfiguration
+    s3PublicAccessBlockConfiguration_ignorePublicAcls,
+    s3PublicAccessBlockConfiguration_restrictPublicBuckets,
+
+    -- ** SecretsManagerSecretConfiguration
+    secretsManagerSecretConfiguration_kmsKeyId,
+    secretsManagerSecretConfiguration_secretPolicy,
+
+    -- ** SnsTopicConfiguration
+    snsTopicConfiguration_topicPolicy,
+
+    -- ** SortCriteria
+    sortCriteria_attributeName,
+    sortCriteria_orderBy,
+
+    -- ** Span
+    span_start,
+    span_end,
+
+    -- ** SqsQueueConfiguration
+    sqsQueueConfiguration_queuePolicy,
+
+    -- ** StatusReason
+    statusReason_code,
+
+    -- ** Substring
+    substring_start,
+    substring_length,
+
+    -- ** Trail
+    trail_allRegions,
+    trail_regions,
+    trail_cloudTrailArn,
+
+    -- ** TrailProperties
+    trailProperties_allRegions,
+    trailProperties_regions,
+    trailProperties_cloudTrailArn,
+
+    -- ** ValidatePolicyFinding
+    validatePolicyFinding_findingDetails,
+    validatePolicyFinding_findingType,
+    validatePolicyFinding_issueCode,
+    validatePolicyFinding_learnMoreLink,
+    validatePolicyFinding_locations,
+
+    -- ** VpcConfiguration
+    vpcConfiguration_vpcId,
+  )
+where
+
+import Amazonka.AccessAnalyzer.ApplyArchiveRule
+import Amazonka.AccessAnalyzer.CancelPolicyGeneration
+import Amazonka.AccessAnalyzer.CreateAccessPreview
+import Amazonka.AccessAnalyzer.CreateAnalyzer
+import Amazonka.AccessAnalyzer.CreateArchiveRule
+import Amazonka.AccessAnalyzer.DeleteAnalyzer
+import Amazonka.AccessAnalyzer.DeleteArchiveRule
+import Amazonka.AccessAnalyzer.GetAccessPreview
+import Amazonka.AccessAnalyzer.GetAnalyzedResource
+import Amazonka.AccessAnalyzer.GetAnalyzer
+import Amazonka.AccessAnalyzer.GetArchiveRule
+import Amazonka.AccessAnalyzer.GetFinding
+import Amazonka.AccessAnalyzer.GetGeneratedPolicy
+import Amazonka.AccessAnalyzer.ListAccessPreviewFindings
+import Amazonka.AccessAnalyzer.ListAccessPreviews
+import Amazonka.AccessAnalyzer.ListAnalyzedResources
+import Amazonka.AccessAnalyzer.ListAnalyzers
+import Amazonka.AccessAnalyzer.ListArchiveRules
+import Amazonka.AccessAnalyzer.ListFindings
+import Amazonka.AccessAnalyzer.ListPolicyGenerations
+import Amazonka.AccessAnalyzer.ListTagsForResource
+import Amazonka.AccessAnalyzer.StartPolicyGeneration
+import Amazonka.AccessAnalyzer.StartResourceScan
+import Amazonka.AccessAnalyzer.TagResource
+import Amazonka.AccessAnalyzer.Types.AccessPreview
+import Amazonka.AccessAnalyzer.Types.AccessPreviewFinding
+import Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason
+import Amazonka.AccessAnalyzer.Types.AccessPreviewSummary
+import Amazonka.AccessAnalyzer.Types.AclGrantee
+import Amazonka.AccessAnalyzer.Types.AnalyzedResource
+import Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary
+import Amazonka.AccessAnalyzer.Types.AnalyzerSummary
+import Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary
+import Amazonka.AccessAnalyzer.Types.CloudTrailDetails
+import Amazonka.AccessAnalyzer.Types.CloudTrailProperties
+import Amazonka.AccessAnalyzer.Types.Configuration
+import Amazonka.AccessAnalyzer.Types.Criterion
+import Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration
+import Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration
+import Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration
+import Amazonka.AccessAnalyzer.Types.Finding
+import Amazonka.AccessAnalyzer.Types.FindingSource
+import Amazonka.AccessAnalyzer.Types.FindingSourceDetail
+import Amazonka.AccessAnalyzer.Types.FindingSummary
+import Amazonka.AccessAnalyzer.Types.GeneratedPolicy
+import Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties
+import Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult
+import Amazonka.AccessAnalyzer.Types.IamRoleConfiguration
+import Amazonka.AccessAnalyzer.Types.InlineArchiveRule
+import Amazonka.AccessAnalyzer.Types.InternetConfiguration
+import Amazonka.AccessAnalyzer.Types.JobDetails
+import Amazonka.AccessAnalyzer.Types.JobError
+import Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration
+import Amazonka.AccessAnalyzer.Types.KmsGrantConstraints
+import Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration
+import Amazonka.AccessAnalyzer.Types.Location
+import Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration
+import Amazonka.AccessAnalyzer.Types.PathElement
+import Amazonka.AccessAnalyzer.Types.PolicyGeneration
+import Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails
+import Amazonka.AccessAnalyzer.Types.Position
+import Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue
+import Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration
+import Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue
+import Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration
+import Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration
+import Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration
+import Amazonka.AccessAnalyzer.Types.S3BucketConfiguration
+import Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration
+import Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration
+import Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration
+import Amazonka.AccessAnalyzer.Types.SortCriteria
+import Amazonka.AccessAnalyzer.Types.Span
+import Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration
+import Amazonka.AccessAnalyzer.Types.StatusReason
+import Amazonka.AccessAnalyzer.Types.Substring
+import Amazonka.AccessAnalyzer.Types.Trail
+import Amazonka.AccessAnalyzer.Types.TrailProperties
+import Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding
+import Amazonka.AccessAnalyzer.Types.VpcConfiguration
+import Amazonka.AccessAnalyzer.UntagResource
+import Amazonka.AccessAnalyzer.UpdateArchiveRule
+import Amazonka.AccessAnalyzer.UpdateFindings
+import Amazonka.AccessAnalyzer.ValidatePolicy
diff --git a/gen/Amazonka/AccessAnalyzer/ListAccessPreviewFindings.hs b/gen/Amazonka/AccessAnalyzer/ListAccessPreviewFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/ListAccessPreviewFindings.hs
@@ -0,0 +1,275 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.ListAccessPreviewFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves a list of access preview findings generated by the specified
+-- access preview.
+--
+-- This operation returns paginated results.
+module Amazonka.AccessAnalyzer.ListAccessPreviewFindings
+  ( -- * Creating a Request
+    ListAccessPreviewFindings (..),
+    newListAccessPreviewFindings,
+
+    -- * Request Lenses
+    listAccessPreviewFindings_filter,
+    listAccessPreviewFindings_maxResults,
+    listAccessPreviewFindings_nextToken,
+    listAccessPreviewFindings_accessPreviewId,
+    listAccessPreviewFindings_analyzerArn,
+
+    -- * Destructuring the Response
+    ListAccessPreviewFindingsResponse (..),
+    newListAccessPreviewFindingsResponse,
+
+    -- * Response Lenses
+    listAccessPreviewFindingsResponse_nextToken,
+    listAccessPreviewFindingsResponse_httpStatus,
+    listAccessPreviewFindingsResponse_findings,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListAccessPreviewFindings' smart constructor.
+data ListAccessPreviewFindings = ListAccessPreviewFindings'
+  { -- | Criteria to filter the returned findings.
+    filter' :: Prelude.Maybe (Prelude.HashMap Prelude.Text Criterion),
+    -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Int,
+    -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The unique ID for the access preview.
+    accessPreviewId :: Prelude.Text,
+    -- | The
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+    -- used to generate the access.
+    analyzerArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccessPreviewFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filter'', 'listAccessPreviewFindings_filter' - Criteria to filter the returned findings.
+--
+-- 'maxResults', 'listAccessPreviewFindings_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'listAccessPreviewFindings_nextToken' - A token used for pagination of results returned.
+--
+-- 'accessPreviewId', 'listAccessPreviewFindings_accessPreviewId' - The unique ID for the access preview.
+--
+-- 'analyzerArn', 'listAccessPreviewFindings_analyzerArn' - The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- used to generate the access.
+newListAccessPreviewFindings ::
+  -- | 'accessPreviewId'
+  Prelude.Text ->
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  ListAccessPreviewFindings
+newListAccessPreviewFindings
+  pAccessPreviewId_
+  pAnalyzerArn_ =
+    ListAccessPreviewFindings'
+      { filter' =
+          Prelude.Nothing,
+        maxResults = Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        accessPreviewId = pAccessPreviewId_,
+        analyzerArn = pAnalyzerArn_
+      }
+
+-- | Criteria to filter the returned findings.
+listAccessPreviewFindings_filter :: Lens.Lens' ListAccessPreviewFindings (Prelude.Maybe (Prelude.HashMap Prelude.Text Criterion))
+listAccessPreviewFindings_filter = Lens.lens (\ListAccessPreviewFindings' {filter'} -> filter') (\s@ListAccessPreviewFindings' {} a -> s {filter' = a} :: ListAccessPreviewFindings) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum number of results to return in the response.
+listAccessPreviewFindings_maxResults :: Lens.Lens' ListAccessPreviewFindings (Prelude.Maybe Prelude.Int)
+listAccessPreviewFindings_maxResults = Lens.lens (\ListAccessPreviewFindings' {maxResults} -> maxResults) (\s@ListAccessPreviewFindings' {} a -> s {maxResults = a} :: ListAccessPreviewFindings)
+
+-- | A token used for pagination of results returned.
+listAccessPreviewFindings_nextToken :: Lens.Lens' ListAccessPreviewFindings (Prelude.Maybe Prelude.Text)
+listAccessPreviewFindings_nextToken = Lens.lens (\ListAccessPreviewFindings' {nextToken} -> nextToken) (\s@ListAccessPreviewFindings' {} a -> s {nextToken = a} :: ListAccessPreviewFindings)
+
+-- | The unique ID for the access preview.
+listAccessPreviewFindings_accessPreviewId :: Lens.Lens' ListAccessPreviewFindings Prelude.Text
+listAccessPreviewFindings_accessPreviewId = Lens.lens (\ListAccessPreviewFindings' {accessPreviewId} -> accessPreviewId) (\s@ListAccessPreviewFindings' {} a -> s {accessPreviewId = a} :: ListAccessPreviewFindings)
+
+-- | The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- used to generate the access.
+listAccessPreviewFindings_analyzerArn :: Lens.Lens' ListAccessPreviewFindings Prelude.Text
+listAccessPreviewFindings_analyzerArn = Lens.lens (\ListAccessPreviewFindings' {analyzerArn} -> analyzerArn) (\s@ListAccessPreviewFindings' {} a -> s {analyzerArn = a} :: ListAccessPreviewFindings)
+
+instance Core.AWSPager ListAccessPreviewFindings where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAccessPreviewFindingsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^. listAccessPreviewFindingsResponse_findings
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAccessPreviewFindings_nextToken
+          Lens..~ rs
+          Lens.^? listAccessPreviewFindingsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListAccessPreviewFindings where
+  type
+    AWSResponse ListAccessPreviewFindings =
+      ListAccessPreviewFindingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAccessPreviewFindingsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "findings" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListAccessPreviewFindings where
+  hashWithSalt _salt ListAccessPreviewFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` filter'
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` accessPreviewId
+      `Prelude.hashWithSalt` analyzerArn
+
+instance Prelude.NFData ListAccessPreviewFindings where
+  rnf ListAccessPreviewFindings' {..} =
+    Prelude.rnf filter'
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf accessPreviewId
+      `Prelude.seq` Prelude.rnf analyzerArn
+
+instance Data.ToHeaders ListAccessPreviewFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListAccessPreviewFindings where
+  toJSON ListAccessPreviewFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("filter" Data..=) Prelude.<$> filter',
+            ("maxResults" Data..=) Prelude.<$> maxResults,
+            ("nextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just ("analyzerArn" Data..= analyzerArn)
+          ]
+      )
+
+instance Data.ToPath ListAccessPreviewFindings where
+  toPath ListAccessPreviewFindings' {..} =
+    Prelude.mconcat
+      ["/access-preview/", Data.toBS accessPreviewId]
+
+instance Data.ToQuery ListAccessPreviewFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListAccessPreviewFindingsResponse' smart constructor.
+data ListAccessPreviewFindingsResponse = ListAccessPreviewFindingsResponse'
+  { -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of access preview findings that match the specified filter
+    -- criteria.
+    findings :: [AccessPreviewFinding]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccessPreviewFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listAccessPreviewFindingsResponse_nextToken' - A token used for pagination of results returned.
+--
+-- 'httpStatus', 'listAccessPreviewFindingsResponse_httpStatus' - The response's http status code.
+--
+-- 'findings', 'listAccessPreviewFindingsResponse_findings' - A list of access preview findings that match the specified filter
+-- criteria.
+newListAccessPreviewFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAccessPreviewFindingsResponse
+newListAccessPreviewFindingsResponse pHttpStatus_ =
+  ListAccessPreviewFindingsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      findings = Prelude.mempty
+    }
+
+-- | A token used for pagination of results returned.
+listAccessPreviewFindingsResponse_nextToken :: Lens.Lens' ListAccessPreviewFindingsResponse (Prelude.Maybe Prelude.Text)
+listAccessPreviewFindingsResponse_nextToken = Lens.lens (\ListAccessPreviewFindingsResponse' {nextToken} -> nextToken) (\s@ListAccessPreviewFindingsResponse' {} a -> s {nextToken = a} :: ListAccessPreviewFindingsResponse)
+
+-- | The response's http status code.
+listAccessPreviewFindingsResponse_httpStatus :: Lens.Lens' ListAccessPreviewFindingsResponse Prelude.Int
+listAccessPreviewFindingsResponse_httpStatus = Lens.lens (\ListAccessPreviewFindingsResponse' {httpStatus} -> httpStatus) (\s@ListAccessPreviewFindingsResponse' {} a -> s {httpStatus = a} :: ListAccessPreviewFindingsResponse)
+
+-- | A list of access preview findings that match the specified filter
+-- criteria.
+listAccessPreviewFindingsResponse_findings :: Lens.Lens' ListAccessPreviewFindingsResponse [AccessPreviewFinding]
+listAccessPreviewFindingsResponse_findings = Lens.lens (\ListAccessPreviewFindingsResponse' {findings} -> findings) (\s@ListAccessPreviewFindingsResponse' {} a -> s {findings = a} :: ListAccessPreviewFindingsResponse) Prelude.. Lens.coerced
+
+instance
+  Prelude.NFData
+    ListAccessPreviewFindingsResponse
+  where
+  rnf ListAccessPreviewFindingsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf findings
diff --git a/gen/Amazonka/AccessAnalyzer/ListAccessPreviews.hs b/gen/Amazonka/AccessAnalyzer/ListAccessPreviews.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/ListAccessPreviews.hs
@@ -0,0 +1,234 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.ListAccessPreviews
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves a list of access previews for the specified analyzer.
+--
+-- This operation returns paginated results.
+module Amazonka.AccessAnalyzer.ListAccessPreviews
+  ( -- * Creating a Request
+    ListAccessPreviews (..),
+    newListAccessPreviews,
+
+    -- * Request Lenses
+    listAccessPreviews_maxResults,
+    listAccessPreviews_nextToken,
+    listAccessPreviews_analyzerArn,
+
+    -- * Destructuring the Response
+    ListAccessPreviewsResponse (..),
+    newListAccessPreviewsResponse,
+
+    -- * Response Lenses
+    listAccessPreviewsResponse_nextToken,
+    listAccessPreviewsResponse_httpStatus,
+    listAccessPreviewsResponse_accessPreviews,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListAccessPreviews' smart constructor.
+data ListAccessPreviews = ListAccessPreviews'
+  { -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Int,
+    -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+    -- used to generate the access preview.
+    analyzerArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccessPreviews' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listAccessPreviews_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'listAccessPreviews_nextToken' - A token used for pagination of results returned.
+--
+-- 'analyzerArn', 'listAccessPreviews_analyzerArn' - The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- used to generate the access preview.
+newListAccessPreviews ::
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  ListAccessPreviews
+newListAccessPreviews pAnalyzerArn_ =
+  ListAccessPreviews'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      analyzerArn = pAnalyzerArn_
+    }
+
+-- | The maximum number of results to return in the response.
+listAccessPreviews_maxResults :: Lens.Lens' ListAccessPreviews (Prelude.Maybe Prelude.Int)
+listAccessPreviews_maxResults = Lens.lens (\ListAccessPreviews' {maxResults} -> maxResults) (\s@ListAccessPreviews' {} a -> s {maxResults = a} :: ListAccessPreviews)
+
+-- | A token used for pagination of results returned.
+listAccessPreviews_nextToken :: Lens.Lens' ListAccessPreviews (Prelude.Maybe Prelude.Text)
+listAccessPreviews_nextToken = Lens.lens (\ListAccessPreviews' {nextToken} -> nextToken) (\s@ListAccessPreviews' {} a -> s {nextToken = a} :: ListAccessPreviews)
+
+-- | The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- used to generate the access preview.
+listAccessPreviews_analyzerArn :: Lens.Lens' ListAccessPreviews Prelude.Text
+listAccessPreviews_analyzerArn = Lens.lens (\ListAccessPreviews' {analyzerArn} -> analyzerArn) (\s@ListAccessPreviews' {} a -> s {analyzerArn = a} :: ListAccessPreviews)
+
+instance Core.AWSPager ListAccessPreviews where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAccessPreviewsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^. listAccessPreviewsResponse_accessPreviews
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAccessPreviews_nextToken
+          Lens..~ rs
+          Lens.^? listAccessPreviewsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListAccessPreviews where
+  type
+    AWSResponse ListAccessPreviews =
+      ListAccessPreviewsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAccessPreviewsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "accessPreviews"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable ListAccessPreviews where
+  hashWithSalt _salt ListAccessPreviews' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` analyzerArn
+
+instance Prelude.NFData ListAccessPreviews where
+  rnf ListAccessPreviews' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf analyzerArn
+
+instance Data.ToHeaders ListAccessPreviews where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListAccessPreviews where
+  toPath = Prelude.const "/access-preview"
+
+instance Data.ToQuery ListAccessPreviews where
+  toQuery ListAccessPreviews' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken,
+        "analyzerArn" Data.=: analyzerArn
+      ]
+
+-- | /See:/ 'newListAccessPreviewsResponse' smart constructor.
+data ListAccessPreviewsResponse = ListAccessPreviewsResponse'
+  { -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of access previews retrieved for the analyzer.
+    accessPreviews :: [AccessPreviewSummary]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccessPreviewsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listAccessPreviewsResponse_nextToken' - A token used for pagination of results returned.
+--
+-- 'httpStatus', 'listAccessPreviewsResponse_httpStatus' - The response's http status code.
+--
+-- 'accessPreviews', 'listAccessPreviewsResponse_accessPreviews' - A list of access previews retrieved for the analyzer.
+newListAccessPreviewsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAccessPreviewsResponse
+newListAccessPreviewsResponse pHttpStatus_ =
+  ListAccessPreviewsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      accessPreviews = Prelude.mempty
+    }
+
+-- | A token used for pagination of results returned.
+listAccessPreviewsResponse_nextToken :: Lens.Lens' ListAccessPreviewsResponse (Prelude.Maybe Prelude.Text)
+listAccessPreviewsResponse_nextToken = Lens.lens (\ListAccessPreviewsResponse' {nextToken} -> nextToken) (\s@ListAccessPreviewsResponse' {} a -> s {nextToken = a} :: ListAccessPreviewsResponse)
+
+-- | The response's http status code.
+listAccessPreviewsResponse_httpStatus :: Lens.Lens' ListAccessPreviewsResponse Prelude.Int
+listAccessPreviewsResponse_httpStatus = Lens.lens (\ListAccessPreviewsResponse' {httpStatus} -> httpStatus) (\s@ListAccessPreviewsResponse' {} a -> s {httpStatus = a} :: ListAccessPreviewsResponse)
+
+-- | A list of access previews retrieved for the analyzer.
+listAccessPreviewsResponse_accessPreviews :: Lens.Lens' ListAccessPreviewsResponse [AccessPreviewSummary]
+listAccessPreviewsResponse_accessPreviews = Lens.lens (\ListAccessPreviewsResponse' {accessPreviews} -> accessPreviews) (\s@ListAccessPreviewsResponse' {} a -> s {accessPreviews = a} :: ListAccessPreviewsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListAccessPreviewsResponse where
+  rnf ListAccessPreviewsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf accessPreviews
diff --git a/gen/Amazonka/AccessAnalyzer/ListAnalyzedResources.hs b/gen/Amazonka/AccessAnalyzer/ListAnalyzedResources.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/ListAnalyzedResources.hs
@@ -0,0 +1,258 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.ListAnalyzedResources
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves a list of resources of the specified type that have been
+-- analyzed by the specified analyzer..
+--
+-- This operation returns paginated results.
+module Amazonka.AccessAnalyzer.ListAnalyzedResources
+  ( -- * Creating a Request
+    ListAnalyzedResources (..),
+    newListAnalyzedResources,
+
+    -- * Request Lenses
+    listAnalyzedResources_maxResults,
+    listAnalyzedResources_nextToken,
+    listAnalyzedResources_resourceType,
+    listAnalyzedResources_analyzerArn,
+
+    -- * Destructuring the Response
+    ListAnalyzedResourcesResponse (..),
+    newListAnalyzedResourcesResponse,
+
+    -- * Response Lenses
+    listAnalyzedResourcesResponse_nextToken,
+    listAnalyzedResourcesResponse_httpStatus,
+    listAnalyzedResourcesResponse_analyzedResources,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Retrieves a list of resources that have been analyzed.
+--
+-- /See:/ 'newListAnalyzedResources' smart constructor.
+data ListAnalyzedResources = ListAnalyzedResources'
+  { -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Int,
+    -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The type of resource.
+    resourceType :: Prelude.Maybe ResourceType,
+    -- | The
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+    -- to retrieve a list of analyzed resources from.
+    analyzerArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAnalyzedResources' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listAnalyzedResources_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'listAnalyzedResources_nextToken' - A token used for pagination of results returned.
+--
+-- 'resourceType', 'listAnalyzedResources_resourceType' - The type of resource.
+--
+-- 'analyzerArn', 'listAnalyzedResources_analyzerArn' - The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- to retrieve a list of analyzed resources from.
+newListAnalyzedResources ::
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  ListAnalyzedResources
+newListAnalyzedResources pAnalyzerArn_ =
+  ListAnalyzedResources'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      resourceType = Prelude.Nothing,
+      analyzerArn = pAnalyzerArn_
+    }
+
+-- | The maximum number of results to return in the response.
+listAnalyzedResources_maxResults :: Lens.Lens' ListAnalyzedResources (Prelude.Maybe Prelude.Int)
+listAnalyzedResources_maxResults = Lens.lens (\ListAnalyzedResources' {maxResults} -> maxResults) (\s@ListAnalyzedResources' {} a -> s {maxResults = a} :: ListAnalyzedResources)
+
+-- | A token used for pagination of results returned.
+listAnalyzedResources_nextToken :: Lens.Lens' ListAnalyzedResources (Prelude.Maybe Prelude.Text)
+listAnalyzedResources_nextToken = Lens.lens (\ListAnalyzedResources' {nextToken} -> nextToken) (\s@ListAnalyzedResources' {} a -> s {nextToken = a} :: ListAnalyzedResources)
+
+-- | The type of resource.
+listAnalyzedResources_resourceType :: Lens.Lens' ListAnalyzedResources (Prelude.Maybe ResourceType)
+listAnalyzedResources_resourceType = Lens.lens (\ListAnalyzedResources' {resourceType} -> resourceType) (\s@ListAnalyzedResources' {} a -> s {resourceType = a} :: ListAnalyzedResources)
+
+-- | The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- to retrieve a list of analyzed resources from.
+listAnalyzedResources_analyzerArn :: Lens.Lens' ListAnalyzedResources Prelude.Text
+listAnalyzedResources_analyzerArn = Lens.lens (\ListAnalyzedResources' {analyzerArn} -> analyzerArn) (\s@ListAnalyzedResources' {} a -> s {analyzerArn = a} :: ListAnalyzedResources)
+
+instance Core.AWSPager ListAnalyzedResources where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAnalyzedResourcesResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^. listAnalyzedResourcesResponse_analyzedResources
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAnalyzedResources_nextToken
+          Lens..~ rs
+          Lens.^? listAnalyzedResourcesResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListAnalyzedResources where
+  type
+    AWSResponse ListAnalyzedResources =
+      ListAnalyzedResourcesResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAnalyzedResourcesResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "analyzedResources"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable ListAnalyzedResources where
+  hashWithSalt _salt ListAnalyzedResources' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` analyzerArn
+
+instance Prelude.NFData ListAnalyzedResources where
+  rnf ListAnalyzedResources' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf analyzerArn
+
+instance Data.ToHeaders ListAnalyzedResources where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListAnalyzedResources where
+  toJSON ListAnalyzedResources' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("maxResults" Data..=) Prelude.<$> maxResults,
+            ("nextToken" Data..=) Prelude.<$> nextToken,
+            ("resourceType" Data..=) Prelude.<$> resourceType,
+            Prelude.Just ("analyzerArn" Data..= analyzerArn)
+          ]
+      )
+
+instance Data.ToPath ListAnalyzedResources where
+  toPath = Prelude.const "/analyzed-resource"
+
+instance Data.ToQuery ListAnalyzedResources where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | The response to the request.
+--
+-- /See:/ 'newListAnalyzedResourcesResponse' smart constructor.
+data ListAnalyzedResourcesResponse = ListAnalyzedResourcesResponse'
+  { -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of resources that were analyzed.
+    analyzedResources :: [AnalyzedResourceSummary]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAnalyzedResourcesResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listAnalyzedResourcesResponse_nextToken' - A token used for pagination of results returned.
+--
+-- 'httpStatus', 'listAnalyzedResourcesResponse_httpStatus' - The response's http status code.
+--
+-- 'analyzedResources', 'listAnalyzedResourcesResponse_analyzedResources' - A list of resources that were analyzed.
+newListAnalyzedResourcesResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAnalyzedResourcesResponse
+newListAnalyzedResourcesResponse pHttpStatus_ =
+  ListAnalyzedResourcesResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      analyzedResources = Prelude.mempty
+    }
+
+-- | A token used for pagination of results returned.
+listAnalyzedResourcesResponse_nextToken :: Lens.Lens' ListAnalyzedResourcesResponse (Prelude.Maybe Prelude.Text)
+listAnalyzedResourcesResponse_nextToken = Lens.lens (\ListAnalyzedResourcesResponse' {nextToken} -> nextToken) (\s@ListAnalyzedResourcesResponse' {} a -> s {nextToken = a} :: ListAnalyzedResourcesResponse)
+
+-- | The response's http status code.
+listAnalyzedResourcesResponse_httpStatus :: Lens.Lens' ListAnalyzedResourcesResponse Prelude.Int
+listAnalyzedResourcesResponse_httpStatus = Lens.lens (\ListAnalyzedResourcesResponse' {httpStatus} -> httpStatus) (\s@ListAnalyzedResourcesResponse' {} a -> s {httpStatus = a} :: ListAnalyzedResourcesResponse)
+
+-- | A list of resources that were analyzed.
+listAnalyzedResourcesResponse_analyzedResources :: Lens.Lens' ListAnalyzedResourcesResponse [AnalyzedResourceSummary]
+listAnalyzedResourcesResponse_analyzedResources = Lens.lens (\ListAnalyzedResourcesResponse' {analyzedResources} -> analyzedResources) (\s@ListAnalyzedResourcesResponse' {} a -> s {analyzedResources = a} :: ListAnalyzedResourcesResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListAnalyzedResourcesResponse where
+  rnf ListAnalyzedResourcesResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf analyzedResources
diff --git a/gen/Amazonka/AccessAnalyzer/ListAnalyzers.hs b/gen/Amazonka/AccessAnalyzer/ListAnalyzers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/ListAnalyzers.hs
@@ -0,0 +1,224 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.ListAnalyzers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves a list of analyzers.
+--
+-- This operation returns paginated results.
+module Amazonka.AccessAnalyzer.ListAnalyzers
+  ( -- * Creating a Request
+    ListAnalyzers (..),
+    newListAnalyzers,
+
+    -- * Request Lenses
+    listAnalyzers_maxResults,
+    listAnalyzers_nextToken,
+    listAnalyzers_type,
+
+    -- * Destructuring the Response
+    ListAnalyzersResponse (..),
+    newListAnalyzersResponse,
+
+    -- * Response Lenses
+    listAnalyzersResponse_nextToken,
+    listAnalyzersResponse_httpStatus,
+    listAnalyzersResponse_analyzers,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Retrieves a list of analyzers.
+--
+-- /See:/ 'newListAnalyzers' smart constructor.
+data ListAnalyzers = ListAnalyzers'
+  { -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Int,
+    -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The type of analyzer.
+    type' :: Prelude.Maybe Type
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAnalyzers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listAnalyzers_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'listAnalyzers_nextToken' - A token used for pagination of results returned.
+--
+-- 'type'', 'listAnalyzers_type' - The type of analyzer.
+newListAnalyzers ::
+  ListAnalyzers
+newListAnalyzers =
+  ListAnalyzers'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The maximum number of results to return in the response.
+listAnalyzers_maxResults :: Lens.Lens' ListAnalyzers (Prelude.Maybe Prelude.Int)
+listAnalyzers_maxResults = Lens.lens (\ListAnalyzers' {maxResults} -> maxResults) (\s@ListAnalyzers' {} a -> s {maxResults = a} :: ListAnalyzers)
+
+-- | A token used for pagination of results returned.
+listAnalyzers_nextToken :: Lens.Lens' ListAnalyzers (Prelude.Maybe Prelude.Text)
+listAnalyzers_nextToken = Lens.lens (\ListAnalyzers' {nextToken} -> nextToken) (\s@ListAnalyzers' {} a -> s {nextToken = a} :: ListAnalyzers)
+
+-- | The type of analyzer.
+listAnalyzers_type :: Lens.Lens' ListAnalyzers (Prelude.Maybe Type)
+listAnalyzers_type = Lens.lens (\ListAnalyzers' {type'} -> type') (\s@ListAnalyzers' {} a -> s {type' = a} :: ListAnalyzers)
+
+instance Core.AWSPager ListAnalyzers where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAnalyzersResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. listAnalyzersResponse_analyzers) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAnalyzers_nextToken
+          Lens..~ rs
+          Lens.^? listAnalyzersResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListAnalyzers where
+  type
+    AWSResponse ListAnalyzers =
+      ListAnalyzersResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAnalyzersResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "analyzers" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListAnalyzers where
+  hashWithSalt _salt ListAnalyzers' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData ListAnalyzers where
+  rnf ListAnalyzers' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToHeaders ListAnalyzers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListAnalyzers where
+  toPath = Prelude.const "/analyzer"
+
+instance Data.ToQuery ListAnalyzers where
+  toQuery ListAnalyzers' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken,
+        "type" Data.=: type'
+      ]
+
+-- | The response to the request.
+--
+-- /See:/ 'newListAnalyzersResponse' smart constructor.
+data ListAnalyzersResponse = ListAnalyzersResponse'
+  { -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The analyzers retrieved.
+    analyzers :: [AnalyzerSummary]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAnalyzersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listAnalyzersResponse_nextToken' - A token used for pagination of results returned.
+--
+-- 'httpStatus', 'listAnalyzersResponse_httpStatus' - The response's http status code.
+--
+-- 'analyzers', 'listAnalyzersResponse_analyzers' - The analyzers retrieved.
+newListAnalyzersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAnalyzersResponse
+newListAnalyzersResponse pHttpStatus_ =
+  ListAnalyzersResponse'
+    { nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      analyzers = Prelude.mempty
+    }
+
+-- | A token used for pagination of results returned.
+listAnalyzersResponse_nextToken :: Lens.Lens' ListAnalyzersResponse (Prelude.Maybe Prelude.Text)
+listAnalyzersResponse_nextToken = Lens.lens (\ListAnalyzersResponse' {nextToken} -> nextToken) (\s@ListAnalyzersResponse' {} a -> s {nextToken = a} :: ListAnalyzersResponse)
+
+-- | The response's http status code.
+listAnalyzersResponse_httpStatus :: Lens.Lens' ListAnalyzersResponse Prelude.Int
+listAnalyzersResponse_httpStatus = Lens.lens (\ListAnalyzersResponse' {httpStatus} -> httpStatus) (\s@ListAnalyzersResponse' {} a -> s {httpStatus = a} :: ListAnalyzersResponse)
+
+-- | The analyzers retrieved.
+listAnalyzersResponse_analyzers :: Lens.Lens' ListAnalyzersResponse [AnalyzerSummary]
+listAnalyzersResponse_analyzers = Lens.lens (\ListAnalyzersResponse' {analyzers} -> analyzers) (\s@ListAnalyzersResponse' {} a -> s {analyzers = a} :: ListAnalyzersResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListAnalyzersResponse where
+  rnf ListAnalyzersResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf analyzers
diff --git a/gen/Amazonka/AccessAnalyzer/ListArchiveRules.hs b/gen/Amazonka/AccessAnalyzer/ListArchiveRules.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/ListArchiveRules.hs
@@ -0,0 +1,231 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.ListArchiveRules
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves a list of archive rules created for the specified analyzer.
+--
+-- This operation returns paginated results.
+module Amazonka.AccessAnalyzer.ListArchiveRules
+  ( -- * Creating a Request
+    ListArchiveRules (..),
+    newListArchiveRules,
+
+    -- * Request Lenses
+    listArchiveRules_maxResults,
+    listArchiveRules_nextToken,
+    listArchiveRules_analyzerName,
+
+    -- * Destructuring the Response
+    ListArchiveRulesResponse (..),
+    newListArchiveRulesResponse,
+
+    -- * Response Lenses
+    listArchiveRulesResponse_nextToken,
+    listArchiveRulesResponse_httpStatus,
+    listArchiveRulesResponse_archiveRules,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Retrieves a list of archive rules created for the specified analyzer.
+--
+-- /See:/ 'newListArchiveRules' smart constructor.
+data ListArchiveRules = ListArchiveRules'
+  { -- | The maximum number of results to return in the request.
+    maxResults :: Prelude.Maybe Prelude.Int,
+    -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the analyzer to retrieve rules from.
+    analyzerName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListArchiveRules' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listArchiveRules_maxResults' - The maximum number of results to return in the request.
+--
+-- 'nextToken', 'listArchiveRules_nextToken' - A token used for pagination of results returned.
+--
+-- 'analyzerName', 'listArchiveRules_analyzerName' - The name of the analyzer to retrieve rules from.
+newListArchiveRules ::
+  -- | 'analyzerName'
+  Prelude.Text ->
+  ListArchiveRules
+newListArchiveRules pAnalyzerName_ =
+  ListArchiveRules'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      analyzerName = pAnalyzerName_
+    }
+
+-- | The maximum number of results to return in the request.
+listArchiveRules_maxResults :: Lens.Lens' ListArchiveRules (Prelude.Maybe Prelude.Int)
+listArchiveRules_maxResults = Lens.lens (\ListArchiveRules' {maxResults} -> maxResults) (\s@ListArchiveRules' {} a -> s {maxResults = a} :: ListArchiveRules)
+
+-- | A token used for pagination of results returned.
+listArchiveRules_nextToken :: Lens.Lens' ListArchiveRules (Prelude.Maybe Prelude.Text)
+listArchiveRules_nextToken = Lens.lens (\ListArchiveRules' {nextToken} -> nextToken) (\s@ListArchiveRules' {} a -> s {nextToken = a} :: ListArchiveRules)
+
+-- | The name of the analyzer to retrieve rules from.
+listArchiveRules_analyzerName :: Lens.Lens' ListArchiveRules Prelude.Text
+listArchiveRules_analyzerName = Lens.lens (\ListArchiveRules' {analyzerName} -> analyzerName) (\s@ListArchiveRules' {} a -> s {analyzerName = a} :: ListArchiveRules)
+
+instance Core.AWSPager ListArchiveRules where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listArchiveRulesResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. listArchiveRulesResponse_archiveRules) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listArchiveRules_nextToken
+          Lens..~ rs
+          Lens.^? listArchiveRulesResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListArchiveRules where
+  type
+    AWSResponse ListArchiveRules =
+      ListArchiveRulesResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListArchiveRulesResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "archiveRules" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListArchiveRules where
+  hashWithSalt _salt ListArchiveRules' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` analyzerName
+
+instance Prelude.NFData ListArchiveRules where
+  rnf ListArchiveRules' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf analyzerName
+
+instance Data.ToHeaders ListArchiveRules where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListArchiveRules where
+  toPath ListArchiveRules' {..} =
+    Prelude.mconcat
+      [ "/analyzer/",
+        Data.toBS analyzerName,
+        "/archive-rule"
+      ]
+
+instance Data.ToQuery ListArchiveRules where
+  toQuery ListArchiveRules' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken
+      ]
+
+-- | The response to the request.
+--
+-- /See:/ 'newListArchiveRulesResponse' smart constructor.
+data ListArchiveRulesResponse = ListArchiveRulesResponse'
+  { -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of archive rules created for the specified analyzer.
+    archiveRules :: [ArchiveRuleSummary]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListArchiveRulesResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listArchiveRulesResponse_nextToken' - A token used for pagination of results returned.
+--
+-- 'httpStatus', 'listArchiveRulesResponse_httpStatus' - The response's http status code.
+--
+-- 'archiveRules', 'listArchiveRulesResponse_archiveRules' - A list of archive rules created for the specified analyzer.
+newListArchiveRulesResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListArchiveRulesResponse
+newListArchiveRulesResponse pHttpStatus_ =
+  ListArchiveRulesResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      archiveRules = Prelude.mempty
+    }
+
+-- | A token used for pagination of results returned.
+listArchiveRulesResponse_nextToken :: Lens.Lens' ListArchiveRulesResponse (Prelude.Maybe Prelude.Text)
+listArchiveRulesResponse_nextToken = Lens.lens (\ListArchiveRulesResponse' {nextToken} -> nextToken) (\s@ListArchiveRulesResponse' {} a -> s {nextToken = a} :: ListArchiveRulesResponse)
+
+-- | The response's http status code.
+listArchiveRulesResponse_httpStatus :: Lens.Lens' ListArchiveRulesResponse Prelude.Int
+listArchiveRulesResponse_httpStatus = Lens.lens (\ListArchiveRulesResponse' {httpStatus} -> httpStatus) (\s@ListArchiveRulesResponse' {} a -> s {httpStatus = a} :: ListArchiveRulesResponse)
+
+-- | A list of archive rules created for the specified analyzer.
+listArchiveRulesResponse_archiveRules :: Lens.Lens' ListArchiveRulesResponse [ArchiveRuleSummary]
+listArchiveRulesResponse_archiveRules = Lens.lens (\ListArchiveRulesResponse' {archiveRules} -> archiveRules) (\s@ListArchiveRulesResponse' {} a -> s {archiveRules = a} :: ListArchiveRulesResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListArchiveRulesResponse where
+  rnf ListArchiveRulesResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf archiveRules
diff --git a/gen/Amazonka/AccessAnalyzer/ListFindings.hs b/gen/Amazonka/AccessAnalyzer/ListFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/ListFindings.hs
@@ -0,0 +1,269 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.ListFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves a list of findings generated by the specified analyzer.
+--
+-- To learn about filter keys that you can use to retrieve a list of
+-- findings, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html IAM Access Analyzer filter keys>
+-- in the __IAM User Guide__.
+--
+-- This operation returns paginated results.
+module Amazonka.AccessAnalyzer.ListFindings
+  ( -- * Creating a Request
+    ListFindings (..),
+    newListFindings,
+
+    -- * Request Lenses
+    listFindings_filter,
+    listFindings_maxResults,
+    listFindings_nextToken,
+    listFindings_sort,
+    listFindings_analyzerArn,
+
+    -- * Destructuring the Response
+    ListFindingsResponse (..),
+    newListFindingsResponse,
+
+    -- * Response Lenses
+    listFindingsResponse_nextToken,
+    listFindingsResponse_httpStatus,
+    listFindingsResponse_findings,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Retrieves a list of findings generated by the specified analyzer.
+--
+-- /See:/ 'newListFindings' smart constructor.
+data ListFindings = ListFindings'
+  { -- | A filter to match for the findings to return.
+    filter' :: Prelude.Maybe (Prelude.HashMap Prelude.Text Criterion),
+    -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Int,
+    -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The sort order for the findings returned.
+    sort :: Prelude.Maybe SortCriteria,
+    -- | The
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+    -- to retrieve findings from.
+    analyzerArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filter'', 'listFindings_filter' - A filter to match for the findings to return.
+--
+-- 'maxResults', 'listFindings_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'listFindings_nextToken' - A token used for pagination of results returned.
+--
+-- 'sort', 'listFindings_sort' - The sort order for the findings returned.
+--
+-- 'analyzerArn', 'listFindings_analyzerArn' - The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- to retrieve findings from.
+newListFindings ::
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  ListFindings
+newListFindings pAnalyzerArn_ =
+  ListFindings'
+    { filter' = Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      sort = Prelude.Nothing,
+      analyzerArn = pAnalyzerArn_
+    }
+
+-- | A filter to match for the findings to return.
+listFindings_filter :: Lens.Lens' ListFindings (Prelude.Maybe (Prelude.HashMap Prelude.Text Criterion))
+listFindings_filter = Lens.lens (\ListFindings' {filter'} -> filter') (\s@ListFindings' {} a -> s {filter' = a} :: ListFindings) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum number of results to return in the response.
+listFindings_maxResults :: Lens.Lens' ListFindings (Prelude.Maybe Prelude.Int)
+listFindings_maxResults = Lens.lens (\ListFindings' {maxResults} -> maxResults) (\s@ListFindings' {} a -> s {maxResults = a} :: ListFindings)
+
+-- | A token used for pagination of results returned.
+listFindings_nextToken :: Lens.Lens' ListFindings (Prelude.Maybe Prelude.Text)
+listFindings_nextToken = Lens.lens (\ListFindings' {nextToken} -> nextToken) (\s@ListFindings' {} a -> s {nextToken = a} :: ListFindings)
+
+-- | The sort order for the findings returned.
+listFindings_sort :: Lens.Lens' ListFindings (Prelude.Maybe SortCriteria)
+listFindings_sort = Lens.lens (\ListFindings' {sort} -> sort) (\s@ListFindings' {} a -> s {sort = a} :: ListFindings)
+
+-- | The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- to retrieve findings from.
+listFindings_analyzerArn :: Lens.Lens' ListFindings Prelude.Text
+listFindings_analyzerArn = Lens.lens (\ListFindings' {analyzerArn} -> analyzerArn) (\s@ListFindings' {} a -> s {analyzerArn = a} :: ListFindings)
+
+instance Core.AWSPager ListFindings where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listFindingsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. listFindingsResponse_findings) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listFindings_nextToken
+          Lens..~ rs
+          Lens.^? listFindingsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListFindings where
+  type AWSResponse ListFindings = ListFindingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListFindingsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "findings" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListFindings where
+  hashWithSalt _salt ListFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` filter'
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` sort
+      `Prelude.hashWithSalt` analyzerArn
+
+instance Prelude.NFData ListFindings where
+  rnf ListFindings' {..} =
+    Prelude.rnf filter'
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf sort
+      `Prelude.seq` Prelude.rnf analyzerArn
+
+instance Data.ToHeaders ListFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListFindings where
+  toJSON ListFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("filter" Data..=) Prelude.<$> filter',
+            ("maxResults" Data..=) Prelude.<$> maxResults,
+            ("nextToken" Data..=) Prelude.<$> nextToken,
+            ("sort" Data..=) Prelude.<$> sort,
+            Prelude.Just ("analyzerArn" Data..= analyzerArn)
+          ]
+      )
+
+instance Data.ToPath ListFindings where
+  toPath = Prelude.const "/finding"
+
+instance Data.ToQuery ListFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | The response to the request.
+--
+-- /See:/ 'newListFindingsResponse' smart constructor.
+data ListFindingsResponse = ListFindingsResponse'
+  { -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of findings retrieved from the analyzer that match the filter
+    -- criteria specified, if any.
+    findings :: [FindingSummary]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listFindingsResponse_nextToken' - A token used for pagination of results returned.
+--
+-- 'httpStatus', 'listFindingsResponse_httpStatus' - The response's http status code.
+--
+-- 'findings', 'listFindingsResponse_findings' - A list of findings retrieved from the analyzer that match the filter
+-- criteria specified, if any.
+newListFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListFindingsResponse
+newListFindingsResponse pHttpStatus_ =
+  ListFindingsResponse'
+    { nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      findings = Prelude.mempty
+    }
+
+-- | A token used for pagination of results returned.
+listFindingsResponse_nextToken :: Lens.Lens' ListFindingsResponse (Prelude.Maybe Prelude.Text)
+listFindingsResponse_nextToken = Lens.lens (\ListFindingsResponse' {nextToken} -> nextToken) (\s@ListFindingsResponse' {} a -> s {nextToken = a} :: ListFindingsResponse)
+
+-- | The response's http status code.
+listFindingsResponse_httpStatus :: Lens.Lens' ListFindingsResponse Prelude.Int
+listFindingsResponse_httpStatus = Lens.lens (\ListFindingsResponse' {httpStatus} -> httpStatus) (\s@ListFindingsResponse' {} a -> s {httpStatus = a} :: ListFindingsResponse)
+
+-- | A list of findings retrieved from the analyzer that match the filter
+-- criteria specified, if any.
+listFindingsResponse_findings :: Lens.Lens' ListFindingsResponse [FindingSummary]
+listFindingsResponse_findings = Lens.lens (\ListFindingsResponse' {findings} -> findings) (\s@ListFindingsResponse' {} a -> s {findings = a} :: ListFindingsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListFindingsResponse where
+  rnf ListFindingsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf findings
diff --git a/gen/Amazonka/AccessAnalyzer/ListPolicyGenerations.hs b/gen/Amazonka/AccessAnalyzer/ListPolicyGenerations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/ListPolicyGenerations.hs
@@ -0,0 +1,236 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.ListPolicyGenerations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all of the policy generations requested in the last seven days.
+--
+-- This operation returns paginated results.
+module Amazonka.AccessAnalyzer.ListPolicyGenerations
+  ( -- * Creating a Request
+    ListPolicyGenerations (..),
+    newListPolicyGenerations,
+
+    -- * Request Lenses
+    listPolicyGenerations_maxResults,
+    listPolicyGenerations_nextToken,
+    listPolicyGenerations_principalArn,
+
+    -- * Destructuring the Response
+    ListPolicyGenerationsResponse (..),
+    newListPolicyGenerationsResponse,
+
+    -- * Response Lenses
+    listPolicyGenerationsResponse_nextToken,
+    listPolicyGenerationsResponse_httpStatus,
+    listPolicyGenerationsResponse_policyGenerations,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListPolicyGenerations' smart constructor.
+data ListPolicyGenerations = ListPolicyGenerations'
+  { -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM entity (user or role) for which you are generating a
+    -- policy. Use this with @ListGeneratedPolicies@ to filter the results to
+    -- only include results for a specific principal.
+    principalArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPolicyGenerations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listPolicyGenerations_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'listPolicyGenerations_nextToken' - A token used for pagination of results returned.
+--
+-- 'principalArn', 'listPolicyGenerations_principalArn' - The ARN of the IAM entity (user or role) for which you are generating a
+-- policy. Use this with @ListGeneratedPolicies@ to filter the results to
+-- only include results for a specific principal.
+newListPolicyGenerations ::
+  ListPolicyGenerations
+newListPolicyGenerations =
+  ListPolicyGenerations'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      principalArn = Prelude.Nothing
+    }
+
+-- | The maximum number of results to return in the response.
+listPolicyGenerations_maxResults :: Lens.Lens' ListPolicyGenerations (Prelude.Maybe Prelude.Natural)
+listPolicyGenerations_maxResults = Lens.lens (\ListPolicyGenerations' {maxResults} -> maxResults) (\s@ListPolicyGenerations' {} a -> s {maxResults = a} :: ListPolicyGenerations)
+
+-- | A token used for pagination of results returned.
+listPolicyGenerations_nextToken :: Lens.Lens' ListPolicyGenerations (Prelude.Maybe Prelude.Text)
+listPolicyGenerations_nextToken = Lens.lens (\ListPolicyGenerations' {nextToken} -> nextToken) (\s@ListPolicyGenerations' {} a -> s {nextToken = a} :: ListPolicyGenerations)
+
+-- | The ARN of the IAM entity (user or role) for which you are generating a
+-- policy. Use this with @ListGeneratedPolicies@ to filter the results to
+-- only include results for a specific principal.
+listPolicyGenerations_principalArn :: Lens.Lens' ListPolicyGenerations (Prelude.Maybe Prelude.Text)
+listPolicyGenerations_principalArn = Lens.lens (\ListPolicyGenerations' {principalArn} -> principalArn) (\s@ListPolicyGenerations' {} a -> s {principalArn = a} :: ListPolicyGenerations)
+
+instance Core.AWSPager ListPolicyGenerations where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listPolicyGenerationsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^. listPolicyGenerationsResponse_policyGenerations
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listPolicyGenerations_nextToken
+          Lens..~ rs
+          Lens.^? listPolicyGenerationsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListPolicyGenerations where
+  type
+    AWSResponse ListPolicyGenerations =
+      ListPolicyGenerationsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListPolicyGenerationsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "policyGenerations"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable ListPolicyGenerations where
+  hashWithSalt _salt ListPolicyGenerations' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` principalArn
+
+instance Prelude.NFData ListPolicyGenerations where
+  rnf ListPolicyGenerations' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf principalArn
+
+instance Data.ToHeaders ListPolicyGenerations where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListPolicyGenerations where
+  toPath = Prelude.const "/policy/generation"
+
+instance Data.ToQuery ListPolicyGenerations where
+  toQuery ListPolicyGenerations' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken,
+        "principalArn" Data.=: principalArn
+      ]
+
+-- | /See:/ 'newListPolicyGenerationsResponse' smart constructor.
+data ListPolicyGenerationsResponse = ListPolicyGenerationsResponse'
+  { -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A @PolicyGeneration@ object that contains details about the generated
+    -- policy.
+    policyGenerations :: [PolicyGeneration]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPolicyGenerationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listPolicyGenerationsResponse_nextToken' - A token used for pagination of results returned.
+--
+-- 'httpStatus', 'listPolicyGenerationsResponse_httpStatus' - The response's http status code.
+--
+-- 'policyGenerations', 'listPolicyGenerationsResponse_policyGenerations' - A @PolicyGeneration@ object that contains details about the generated
+-- policy.
+newListPolicyGenerationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListPolicyGenerationsResponse
+newListPolicyGenerationsResponse pHttpStatus_ =
+  ListPolicyGenerationsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      policyGenerations = Prelude.mempty
+    }
+
+-- | A token used for pagination of results returned.
+listPolicyGenerationsResponse_nextToken :: Lens.Lens' ListPolicyGenerationsResponse (Prelude.Maybe Prelude.Text)
+listPolicyGenerationsResponse_nextToken = Lens.lens (\ListPolicyGenerationsResponse' {nextToken} -> nextToken) (\s@ListPolicyGenerationsResponse' {} a -> s {nextToken = a} :: ListPolicyGenerationsResponse)
+
+-- | The response's http status code.
+listPolicyGenerationsResponse_httpStatus :: Lens.Lens' ListPolicyGenerationsResponse Prelude.Int
+listPolicyGenerationsResponse_httpStatus = Lens.lens (\ListPolicyGenerationsResponse' {httpStatus} -> httpStatus) (\s@ListPolicyGenerationsResponse' {} a -> s {httpStatus = a} :: ListPolicyGenerationsResponse)
+
+-- | A @PolicyGeneration@ object that contains details about the generated
+-- policy.
+listPolicyGenerationsResponse_policyGenerations :: Lens.Lens' ListPolicyGenerationsResponse [PolicyGeneration]
+listPolicyGenerationsResponse_policyGenerations = Lens.lens (\ListPolicyGenerationsResponse' {policyGenerations} -> policyGenerations) (\s@ListPolicyGenerationsResponse' {} a -> s {policyGenerations = a} :: ListPolicyGenerationsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListPolicyGenerationsResponse where
+  rnf ListPolicyGenerationsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf policyGenerations
diff --git a/gen/Amazonka/AccessAnalyzer/ListTagsForResource.hs b/gen/Amazonka/AccessAnalyzer/ListTagsForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/ListTagsForResource.hs
@@ -0,0 +1,163 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.ListTagsForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves a list of tags applied to the specified resource.
+module Amazonka.AccessAnalyzer.ListTagsForResource
+  ( -- * Creating a Request
+    ListTagsForResource (..),
+    newListTagsForResource,
+
+    -- * Request Lenses
+    listTagsForResource_resourceArn,
+
+    -- * Destructuring the Response
+    ListTagsForResourceResponse (..),
+    newListTagsForResourceResponse,
+
+    -- * Response Lenses
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Retrieves a list of tags applied to the specified resource.
+--
+-- /See:/ 'newListTagsForResource' smart constructor.
+data ListTagsForResource = ListTagsForResource'
+  { -- | The ARN of the resource to retrieve tags from.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'listTagsForResource_resourceArn' - The ARN of the resource to retrieve tags from.
+newListTagsForResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  ListTagsForResource
+newListTagsForResource pResourceArn_ =
+  ListTagsForResource' {resourceArn = pResourceArn_}
+
+-- | The ARN of the resource to retrieve tags from.
+listTagsForResource_resourceArn :: Lens.Lens' ListTagsForResource Prelude.Text
+listTagsForResource_resourceArn = Lens.lens (\ListTagsForResource' {resourceArn} -> resourceArn) (\s@ListTagsForResource' {} a -> s {resourceArn = a} :: ListTagsForResource)
+
+instance Core.AWSRequest ListTagsForResource where
+  type
+    AWSResponse ListTagsForResource =
+      ListTagsForResourceResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListTagsForResourceResponse'
+            Prelude.<$> (x Data..?> "tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListTagsForResource where
+  hashWithSalt _salt ListTagsForResource' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData ListTagsForResource where
+  rnf ListTagsForResource' {..} =
+    Prelude.rnf resourceArn
+
+instance Data.ToHeaders ListTagsForResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListTagsForResource where
+  toPath ListTagsForResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery ListTagsForResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | The response to the request.
+--
+-- /See:/ 'newListTagsForResourceResponse' smart constructor.
+data ListTagsForResourceResponse = ListTagsForResourceResponse'
+  { -- | The tags that are applied to the specified resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'listTagsForResourceResponse_tags' - The tags that are applied to the specified resource.
+--
+-- 'httpStatus', 'listTagsForResourceResponse_httpStatus' - The response's http status code.
+newListTagsForResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListTagsForResourceResponse
+newListTagsForResourceResponse pHttpStatus_ =
+  ListTagsForResourceResponse'
+    { tags =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The tags that are applied to the specified resource.
+listTagsForResourceResponse_tags :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+listTagsForResourceResponse_tags = Lens.lens (\ListTagsForResourceResponse' {tags} -> tags) (\s@ListTagsForResourceResponse' {} a -> s {tags = a} :: ListTagsForResourceResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listTagsForResourceResponse_httpStatus :: Lens.Lens' ListTagsForResourceResponse Prelude.Int
+listTagsForResourceResponse_httpStatus = Lens.lens (\ListTagsForResourceResponse' {httpStatus} -> httpStatus) (\s@ListTagsForResourceResponse' {} a -> s {httpStatus = a} :: ListTagsForResourceResponse)
+
+instance Prelude.NFData ListTagsForResourceResponse where
+  rnf ListTagsForResourceResponse' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/AccessAnalyzer/StartPolicyGeneration.hs b/gen/Amazonka/AccessAnalyzer/StartPolicyGeneration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/StartPolicyGeneration.hs
@@ -0,0 +1,241 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.StartPolicyGeneration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Starts the policy generation request.
+module Amazonka.AccessAnalyzer.StartPolicyGeneration
+  ( -- * Creating a Request
+    StartPolicyGeneration (..),
+    newStartPolicyGeneration,
+
+    -- * Request Lenses
+    startPolicyGeneration_clientToken,
+    startPolicyGeneration_cloudTrailDetails,
+    startPolicyGeneration_policyGenerationDetails,
+
+    -- * Destructuring the Response
+    StartPolicyGenerationResponse (..),
+    newStartPolicyGenerationResponse,
+
+    -- * Response Lenses
+    startPolicyGenerationResponse_httpStatus,
+    startPolicyGenerationResponse_jobId,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newStartPolicyGeneration' smart constructor.
+data StartPolicyGeneration = StartPolicyGeneration'
+  { -- | A unique, case-sensitive identifier that you provide to ensure the
+    -- idempotency of the request. Idempotency ensures that an API request
+    -- completes only once. With an idempotent request, if the original request
+    -- completes successfully, the subsequent retries with the same client
+    -- token return the result from the original successful request and they
+    -- have no additional effect.
+    --
+    -- If you do not specify a client token, one is automatically generated by
+    -- the Amazon Web Services SDK.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | A @CloudTrailDetails@ object that contains details about a @Trail@ that
+    -- you want to analyze to generate policies.
+    cloudTrailDetails :: Prelude.Maybe CloudTrailDetails,
+    -- | Contains the ARN of the IAM entity (user or role) for which you are
+    -- generating a policy.
+    policyGenerationDetails :: PolicyGenerationDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StartPolicyGeneration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'startPolicyGeneration_clientToken' - A unique, case-sensitive identifier that you provide to ensure the
+-- idempotency of the request. Idempotency ensures that an API request
+-- completes only once. With an idempotent request, if the original request
+-- completes successfully, the subsequent retries with the same client
+-- token return the result from the original successful request and they
+-- have no additional effect.
+--
+-- If you do not specify a client token, one is automatically generated by
+-- the Amazon Web Services SDK.
+--
+-- 'cloudTrailDetails', 'startPolicyGeneration_cloudTrailDetails' - A @CloudTrailDetails@ object that contains details about a @Trail@ that
+-- you want to analyze to generate policies.
+--
+-- 'policyGenerationDetails', 'startPolicyGeneration_policyGenerationDetails' - Contains the ARN of the IAM entity (user or role) for which you are
+-- generating a policy.
+newStartPolicyGeneration ::
+  -- | 'policyGenerationDetails'
+  PolicyGenerationDetails ->
+  StartPolicyGeneration
+newStartPolicyGeneration pPolicyGenerationDetails_ =
+  StartPolicyGeneration'
+    { clientToken =
+        Prelude.Nothing,
+      cloudTrailDetails = Prelude.Nothing,
+      policyGenerationDetails = pPolicyGenerationDetails_
+    }
+
+-- | A unique, case-sensitive identifier that you provide to ensure the
+-- idempotency of the request. Idempotency ensures that an API request
+-- completes only once. With an idempotent request, if the original request
+-- completes successfully, the subsequent retries with the same client
+-- token return the result from the original successful request and they
+-- have no additional effect.
+--
+-- If you do not specify a client token, one is automatically generated by
+-- the Amazon Web Services SDK.
+startPolicyGeneration_clientToken :: Lens.Lens' StartPolicyGeneration (Prelude.Maybe Prelude.Text)
+startPolicyGeneration_clientToken = Lens.lens (\StartPolicyGeneration' {clientToken} -> clientToken) (\s@StartPolicyGeneration' {} a -> s {clientToken = a} :: StartPolicyGeneration)
+
+-- | A @CloudTrailDetails@ object that contains details about a @Trail@ that
+-- you want to analyze to generate policies.
+startPolicyGeneration_cloudTrailDetails :: Lens.Lens' StartPolicyGeneration (Prelude.Maybe CloudTrailDetails)
+startPolicyGeneration_cloudTrailDetails = Lens.lens (\StartPolicyGeneration' {cloudTrailDetails} -> cloudTrailDetails) (\s@StartPolicyGeneration' {} a -> s {cloudTrailDetails = a} :: StartPolicyGeneration)
+
+-- | Contains the ARN of the IAM entity (user or role) for which you are
+-- generating a policy.
+startPolicyGeneration_policyGenerationDetails :: Lens.Lens' StartPolicyGeneration PolicyGenerationDetails
+startPolicyGeneration_policyGenerationDetails = Lens.lens (\StartPolicyGeneration' {policyGenerationDetails} -> policyGenerationDetails) (\s@StartPolicyGeneration' {} a -> s {policyGenerationDetails = a} :: StartPolicyGeneration)
+
+instance Core.AWSRequest StartPolicyGeneration where
+  type
+    AWSResponse StartPolicyGeneration =
+      StartPolicyGenerationResponse
+  request overrides =
+    Request.putJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          StartPolicyGenerationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "jobId")
+      )
+
+instance Prelude.Hashable StartPolicyGeneration where
+  hashWithSalt _salt StartPolicyGeneration' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` cloudTrailDetails
+      `Prelude.hashWithSalt` policyGenerationDetails
+
+instance Prelude.NFData StartPolicyGeneration where
+  rnf StartPolicyGeneration' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf cloudTrailDetails
+      `Prelude.seq` Prelude.rnf policyGenerationDetails
+
+instance Data.ToHeaders StartPolicyGeneration where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON StartPolicyGeneration where
+  toJSON StartPolicyGeneration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            ("cloudTrailDetails" Data..=)
+              Prelude.<$> cloudTrailDetails,
+            Prelude.Just
+              ( "policyGenerationDetails"
+                  Data..= policyGenerationDetails
+              )
+          ]
+      )
+
+instance Data.ToPath StartPolicyGeneration where
+  toPath = Prelude.const "/policy/generation"
+
+instance Data.ToQuery StartPolicyGeneration where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newStartPolicyGenerationResponse' smart constructor.
+data StartPolicyGenerationResponse = StartPolicyGenerationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+    -- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+    -- generated policies or used with @CancelPolicyGeneration@ to cancel the
+    -- policy generation request.
+    jobId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StartPolicyGenerationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'startPolicyGenerationResponse_httpStatus' - The response's http status code.
+--
+-- 'jobId', 'startPolicyGenerationResponse_jobId' - The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+-- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+-- generated policies or used with @CancelPolicyGeneration@ to cancel the
+-- policy generation request.
+newStartPolicyGenerationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'jobId'
+  Prelude.Text ->
+  StartPolicyGenerationResponse
+newStartPolicyGenerationResponse pHttpStatus_ pJobId_ =
+  StartPolicyGenerationResponse'
+    { httpStatus =
+        pHttpStatus_,
+      jobId = pJobId_
+    }
+
+-- | The response's http status code.
+startPolicyGenerationResponse_httpStatus :: Lens.Lens' StartPolicyGenerationResponse Prelude.Int
+startPolicyGenerationResponse_httpStatus = Lens.lens (\StartPolicyGenerationResponse' {httpStatus} -> httpStatus) (\s@StartPolicyGenerationResponse' {} a -> s {httpStatus = a} :: StartPolicyGenerationResponse)
+
+-- | The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+-- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+-- generated policies or used with @CancelPolicyGeneration@ to cancel the
+-- policy generation request.
+startPolicyGenerationResponse_jobId :: Lens.Lens' StartPolicyGenerationResponse Prelude.Text
+startPolicyGenerationResponse_jobId = Lens.lens (\StartPolicyGenerationResponse' {jobId} -> jobId) (\s@StartPolicyGenerationResponse' {} a -> s {jobId = a} :: StartPolicyGenerationResponse)
+
+instance Prelude.NFData StartPolicyGenerationResponse where
+  rnf StartPolicyGenerationResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf jobId
diff --git a/gen/Amazonka/AccessAnalyzer/StartResourceScan.hs b/gen/Amazonka/AccessAnalyzer/StartResourceScan.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/StartResourceScan.hs
@@ -0,0 +1,179 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.StartResourceScan
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Immediately starts a scan of the policies applied to the specified
+-- resource.
+module Amazonka.AccessAnalyzer.StartResourceScan
+  ( -- * Creating a Request
+    StartResourceScan (..),
+    newStartResourceScan,
+
+    -- * Request Lenses
+    startResourceScan_resourceOwnerAccount,
+    startResourceScan_analyzerArn,
+    startResourceScan_resourceArn,
+
+    -- * Destructuring the Response
+    StartResourceScanResponse (..),
+    newStartResourceScanResponse,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Starts a scan of the policies applied to the specified resource.
+--
+-- /See:/ 'newStartResourceScan' smart constructor.
+data StartResourceScan = StartResourceScan'
+  { -- | The Amazon Web Services account ID that owns the resource. For most
+    -- Amazon Web Services resources, the owning account is the account in
+    -- which the resource was created.
+    resourceOwnerAccount :: Prelude.Maybe Prelude.Text,
+    -- | The
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+    -- to use to scan the policies applied to the specified resource.
+    analyzerArn :: Prelude.Text,
+    -- | The ARN of the resource to scan.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StartResourceScan' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceOwnerAccount', 'startResourceScan_resourceOwnerAccount' - The Amazon Web Services account ID that owns the resource. For most
+-- Amazon Web Services resources, the owning account is the account in
+-- which the resource was created.
+--
+-- 'analyzerArn', 'startResourceScan_analyzerArn' - The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- to use to scan the policies applied to the specified resource.
+--
+-- 'resourceArn', 'startResourceScan_resourceArn' - The ARN of the resource to scan.
+newStartResourceScan ::
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  -- | 'resourceArn'
+  Prelude.Text ->
+  StartResourceScan
+newStartResourceScan pAnalyzerArn_ pResourceArn_ =
+  StartResourceScan'
+    { resourceOwnerAccount =
+        Prelude.Nothing,
+      analyzerArn = pAnalyzerArn_,
+      resourceArn = pResourceArn_
+    }
+
+-- | The Amazon Web Services account ID that owns the resource. For most
+-- Amazon Web Services resources, the owning account is the account in
+-- which the resource was created.
+startResourceScan_resourceOwnerAccount :: Lens.Lens' StartResourceScan (Prelude.Maybe Prelude.Text)
+startResourceScan_resourceOwnerAccount = Lens.lens (\StartResourceScan' {resourceOwnerAccount} -> resourceOwnerAccount) (\s@StartResourceScan' {} a -> s {resourceOwnerAccount = a} :: StartResourceScan)
+
+-- | The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- to use to scan the policies applied to the specified resource.
+startResourceScan_analyzerArn :: Lens.Lens' StartResourceScan Prelude.Text
+startResourceScan_analyzerArn = Lens.lens (\StartResourceScan' {analyzerArn} -> analyzerArn) (\s@StartResourceScan' {} a -> s {analyzerArn = a} :: StartResourceScan)
+
+-- | The ARN of the resource to scan.
+startResourceScan_resourceArn :: Lens.Lens' StartResourceScan Prelude.Text
+startResourceScan_resourceArn = Lens.lens (\StartResourceScan' {resourceArn} -> resourceArn) (\s@StartResourceScan' {} a -> s {resourceArn = a} :: StartResourceScan)
+
+instance Core.AWSRequest StartResourceScan where
+  type
+    AWSResponse StartResourceScan =
+      StartResourceScanResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveNull StartResourceScanResponse'
+
+instance Prelude.Hashable StartResourceScan where
+  hashWithSalt _salt StartResourceScan' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceOwnerAccount
+      `Prelude.hashWithSalt` analyzerArn
+      `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData StartResourceScan where
+  rnf StartResourceScan' {..} =
+    Prelude.rnf resourceOwnerAccount
+      `Prelude.seq` Prelude.rnf analyzerArn
+      `Prelude.seq` Prelude.rnf resourceArn
+
+instance Data.ToHeaders StartResourceScan where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON StartResourceScan where
+  toJSON StartResourceScan' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("resourceOwnerAccount" Data..=)
+              Prelude.<$> resourceOwnerAccount,
+            Prelude.Just ("analyzerArn" Data..= analyzerArn),
+            Prelude.Just ("resourceArn" Data..= resourceArn)
+          ]
+      )
+
+instance Data.ToPath StartResourceScan where
+  toPath = Prelude.const "/resource/scan"
+
+instance Data.ToQuery StartResourceScan where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newStartResourceScanResponse' smart constructor.
+data StartResourceScanResponse = StartResourceScanResponse'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StartResourceScanResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newStartResourceScanResponse ::
+  StartResourceScanResponse
+newStartResourceScanResponse =
+  StartResourceScanResponse'
+
+instance Prelude.NFData StartResourceScanResponse where
+  rnf _ = ()
diff --git a/gen/Amazonka/AccessAnalyzer/TagResource.hs b/gen/Amazonka/AccessAnalyzer/TagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/TagResource.hs
@@ -0,0 +1,167 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.TagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Adds a tag to the specified resource.
+module Amazonka.AccessAnalyzer.TagResource
+  ( -- * Creating a Request
+    TagResource (..),
+    newTagResource,
+
+    -- * Request Lenses
+    tagResource_resourceArn,
+    tagResource_tags,
+
+    -- * Destructuring the Response
+    TagResourceResponse (..),
+    newTagResourceResponse,
+
+    -- * Response Lenses
+    tagResourceResponse_httpStatus,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Adds a tag to the specified resource.
+--
+-- /See:/ 'newTagResource' smart constructor.
+data TagResource = TagResource'
+  { -- | The ARN of the resource to add the tag to.
+    resourceArn :: Prelude.Text,
+    -- | The tags to add to the resource.
+    tags :: Prelude.HashMap Prelude.Text Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'tagResource_resourceArn' - The ARN of the resource to add the tag to.
+--
+-- 'tags', 'tagResource_tags' - The tags to add to the resource.
+newTagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  TagResource
+newTagResource pResourceArn_ =
+  TagResource'
+    { resourceArn = pResourceArn_,
+      tags = Prelude.mempty
+    }
+
+-- | The ARN of the resource to add the tag to.
+tagResource_resourceArn :: Lens.Lens' TagResource Prelude.Text
+tagResource_resourceArn = Lens.lens (\TagResource' {resourceArn} -> resourceArn) (\s@TagResource' {} a -> s {resourceArn = a} :: TagResource)
+
+-- | The tags to add to the resource.
+tagResource_tags :: Lens.Lens' TagResource (Prelude.HashMap Prelude.Text Prelude.Text)
+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest TagResource where
+  type AWSResponse TagResource = TagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          TagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable TagResource where
+  hashWithSalt _salt TagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData TagResource where
+  rnf TagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tags
+
+instance Data.ToHeaders TagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON TagResource where
+  toJSON TagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("tags" Data..= tags)]
+      )
+
+instance Data.ToPath TagResource where
+  toPath TagResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery TagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | The response to the request.
+--
+-- /See:/ 'newTagResourceResponse' smart constructor.
+data TagResourceResponse = TagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'tagResourceResponse_httpStatus' - The response's http status code.
+newTagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  TagResourceResponse
+newTagResourceResponse pHttpStatus_ =
+  TagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+tagResourceResponse_httpStatus :: Lens.Lens' TagResourceResponse Prelude.Int
+tagResourceResponse_httpStatus = Lens.lens (\TagResourceResponse' {httpStatus} -> httpStatus) (\s@TagResourceResponse' {} a -> s {httpStatus = a} :: TagResourceResponse)
+
+instance Prelude.NFData TagResourceResponse where
+  rnf TagResourceResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/AccessAnalyzer/Types.hs b/gen/Amazonka/AccessAnalyzer/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types.hs
@@ -0,0 +1,713 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _AccessDeniedException,
+    _ConflictException,
+    _InternalServerException,
+    _ResourceNotFoundException,
+    _ServiceQuotaExceededException,
+    _ThrottlingException,
+    _ValidationException,
+
+    -- * AccessPreviewStatus
+    AccessPreviewStatus (..),
+
+    -- * AccessPreviewStatusReasonCode
+    AccessPreviewStatusReasonCode (..),
+
+    -- * AclPermission
+    AclPermission (..),
+
+    -- * AnalyzerStatus
+    AnalyzerStatus (..),
+
+    -- * FindingChangeType
+    FindingChangeType (..),
+
+    -- * FindingSourceType
+    FindingSourceType (..),
+
+    -- * FindingStatus
+    FindingStatus (..),
+
+    -- * FindingStatusUpdate
+    FindingStatusUpdate (..),
+
+    -- * JobErrorCode
+    JobErrorCode (..),
+
+    -- * JobStatus
+    JobStatus (..),
+
+    -- * KmsGrantOperation
+    KmsGrantOperation (..),
+
+    -- * Locale
+    Locale (..),
+
+    -- * OrderBy
+    OrderBy (..),
+
+    -- * PolicyType
+    PolicyType (..),
+
+    -- * ReasonCode
+    ReasonCode (..),
+
+    -- * ResourceType
+    ResourceType (..),
+
+    -- * Type
+    Type (..),
+
+    -- * ValidatePolicyFindingType
+    ValidatePolicyFindingType (..),
+
+    -- * ValidatePolicyResourceType
+    ValidatePolicyResourceType (..),
+
+    -- * AccessPreview
+    AccessPreview (..),
+    newAccessPreview,
+    accessPreview_statusReason,
+    accessPreview_id,
+    accessPreview_analyzerArn,
+    accessPreview_configurations,
+    accessPreview_createdAt,
+    accessPreview_status,
+
+    -- * AccessPreviewFinding
+    AccessPreviewFinding (..),
+    newAccessPreviewFinding,
+    accessPreviewFinding_action,
+    accessPreviewFinding_condition,
+    accessPreviewFinding_error,
+    accessPreviewFinding_existingFindingId,
+    accessPreviewFinding_existingFindingStatus,
+    accessPreviewFinding_isPublic,
+    accessPreviewFinding_principal,
+    accessPreviewFinding_resource,
+    accessPreviewFinding_sources,
+    accessPreviewFinding_id,
+    accessPreviewFinding_resourceType,
+    accessPreviewFinding_createdAt,
+    accessPreviewFinding_changeType,
+    accessPreviewFinding_status,
+    accessPreviewFinding_resourceOwnerAccount,
+
+    -- * AccessPreviewStatusReason
+    AccessPreviewStatusReason (..),
+    newAccessPreviewStatusReason,
+    accessPreviewStatusReason_code,
+
+    -- * AccessPreviewSummary
+    AccessPreviewSummary (..),
+    newAccessPreviewSummary,
+    accessPreviewSummary_statusReason,
+    accessPreviewSummary_id,
+    accessPreviewSummary_analyzerArn,
+    accessPreviewSummary_createdAt,
+    accessPreviewSummary_status,
+
+    -- * AclGrantee
+    AclGrantee (..),
+    newAclGrantee,
+    aclGrantee_id,
+    aclGrantee_uri,
+
+    -- * AnalyzedResource
+    AnalyzedResource (..),
+    newAnalyzedResource,
+    analyzedResource_actions,
+    analyzedResource_error,
+    analyzedResource_sharedVia,
+    analyzedResource_status,
+    analyzedResource_resourceArn,
+    analyzedResource_resourceType,
+    analyzedResource_createdAt,
+    analyzedResource_analyzedAt,
+    analyzedResource_updatedAt,
+    analyzedResource_isPublic,
+    analyzedResource_resourceOwnerAccount,
+
+    -- * AnalyzedResourceSummary
+    AnalyzedResourceSummary (..),
+    newAnalyzedResourceSummary,
+    analyzedResourceSummary_resourceArn,
+    analyzedResourceSummary_resourceOwnerAccount,
+    analyzedResourceSummary_resourceType,
+
+    -- * AnalyzerSummary
+    AnalyzerSummary (..),
+    newAnalyzerSummary,
+    analyzerSummary_lastResourceAnalyzed,
+    analyzerSummary_lastResourceAnalyzedAt,
+    analyzerSummary_statusReason,
+    analyzerSummary_tags,
+    analyzerSummary_arn,
+    analyzerSummary_name,
+    analyzerSummary_type,
+    analyzerSummary_createdAt,
+    analyzerSummary_status,
+
+    -- * ArchiveRuleSummary
+    ArchiveRuleSummary (..),
+    newArchiveRuleSummary,
+    archiveRuleSummary_ruleName,
+    archiveRuleSummary_filter,
+    archiveRuleSummary_createdAt,
+    archiveRuleSummary_updatedAt,
+
+    -- * CloudTrailDetails
+    CloudTrailDetails (..),
+    newCloudTrailDetails,
+    cloudTrailDetails_endTime,
+    cloudTrailDetails_trails,
+    cloudTrailDetails_accessRole,
+    cloudTrailDetails_startTime,
+
+    -- * CloudTrailProperties
+    CloudTrailProperties (..),
+    newCloudTrailProperties,
+    cloudTrailProperties_trailProperties,
+    cloudTrailProperties_startTime,
+    cloudTrailProperties_endTime,
+
+    -- * Configuration
+    Configuration (..),
+    newConfiguration,
+    configuration_ebsSnapshot,
+    configuration_ecrRepository,
+    configuration_efsFileSystem,
+    configuration_iamRole,
+    configuration_kmsKey,
+    configuration_rdsDbClusterSnapshot,
+    configuration_rdsDbSnapshot,
+    configuration_s3Bucket,
+    configuration_secretsManagerSecret,
+    configuration_snsTopic,
+    configuration_sqsQueue,
+
+    -- * Criterion
+    Criterion (..),
+    newCriterion,
+    criterion_contains,
+    criterion_eq,
+    criterion_exists,
+    criterion_neq,
+
+    -- * EbsSnapshotConfiguration
+    EbsSnapshotConfiguration (..),
+    newEbsSnapshotConfiguration,
+    ebsSnapshotConfiguration_groups,
+    ebsSnapshotConfiguration_kmsKeyId,
+    ebsSnapshotConfiguration_userIds,
+
+    -- * EcrRepositoryConfiguration
+    EcrRepositoryConfiguration (..),
+    newEcrRepositoryConfiguration,
+    ecrRepositoryConfiguration_repositoryPolicy,
+
+    -- * EfsFileSystemConfiguration
+    EfsFileSystemConfiguration (..),
+    newEfsFileSystemConfiguration,
+    efsFileSystemConfiguration_fileSystemPolicy,
+
+    -- * Finding
+    Finding (..),
+    newFinding,
+    finding_action,
+    finding_error,
+    finding_isPublic,
+    finding_principal,
+    finding_resource,
+    finding_sources,
+    finding_id,
+    finding_resourceType,
+    finding_condition,
+    finding_createdAt,
+    finding_analyzedAt,
+    finding_updatedAt,
+    finding_status,
+    finding_resourceOwnerAccount,
+
+    -- * FindingSource
+    FindingSource (..),
+    newFindingSource,
+    findingSource_detail,
+    findingSource_type,
+
+    -- * FindingSourceDetail
+    FindingSourceDetail (..),
+    newFindingSourceDetail,
+    findingSourceDetail_accessPointAccount,
+    findingSourceDetail_accessPointArn,
+
+    -- * FindingSummary
+    FindingSummary (..),
+    newFindingSummary,
+    findingSummary_action,
+    findingSummary_error,
+    findingSummary_isPublic,
+    findingSummary_principal,
+    findingSummary_resource,
+    findingSummary_sources,
+    findingSummary_id,
+    findingSummary_resourceType,
+    findingSummary_condition,
+    findingSummary_createdAt,
+    findingSummary_analyzedAt,
+    findingSummary_updatedAt,
+    findingSummary_status,
+    findingSummary_resourceOwnerAccount,
+
+    -- * GeneratedPolicy
+    GeneratedPolicy (..),
+    newGeneratedPolicy,
+    generatedPolicy_policy,
+
+    -- * GeneratedPolicyProperties
+    GeneratedPolicyProperties (..),
+    newGeneratedPolicyProperties,
+    generatedPolicyProperties_cloudTrailProperties,
+    generatedPolicyProperties_isComplete,
+    generatedPolicyProperties_principalArn,
+
+    -- * GeneratedPolicyResult
+    GeneratedPolicyResult (..),
+    newGeneratedPolicyResult,
+    generatedPolicyResult_generatedPolicies,
+    generatedPolicyResult_properties,
+
+    -- * IamRoleConfiguration
+    IamRoleConfiguration (..),
+    newIamRoleConfiguration,
+    iamRoleConfiguration_trustPolicy,
+
+    -- * InlineArchiveRule
+    InlineArchiveRule (..),
+    newInlineArchiveRule,
+    inlineArchiveRule_ruleName,
+    inlineArchiveRule_filter,
+
+    -- * InternetConfiguration
+    InternetConfiguration (..),
+    newInternetConfiguration,
+
+    -- * JobDetails
+    JobDetails (..),
+    newJobDetails,
+    jobDetails_completedOn,
+    jobDetails_jobError,
+    jobDetails_jobId,
+    jobDetails_status,
+    jobDetails_startedOn,
+
+    -- * JobError
+    JobError (..),
+    newJobError,
+    jobError_code,
+    jobError_message,
+
+    -- * KmsGrantConfiguration
+    KmsGrantConfiguration (..),
+    newKmsGrantConfiguration,
+    kmsGrantConfiguration_constraints,
+    kmsGrantConfiguration_retiringPrincipal,
+    kmsGrantConfiguration_operations,
+    kmsGrantConfiguration_granteePrincipal,
+    kmsGrantConfiguration_issuingAccount,
+
+    -- * KmsGrantConstraints
+    KmsGrantConstraints (..),
+    newKmsGrantConstraints,
+    kmsGrantConstraints_encryptionContextEquals,
+    kmsGrantConstraints_encryptionContextSubset,
+
+    -- * KmsKeyConfiguration
+    KmsKeyConfiguration (..),
+    newKmsKeyConfiguration,
+    kmsKeyConfiguration_grants,
+    kmsKeyConfiguration_keyPolicies,
+
+    -- * Location
+    Location (..),
+    newLocation,
+    location_path,
+    location_span,
+
+    -- * NetworkOriginConfiguration
+    NetworkOriginConfiguration (..),
+    newNetworkOriginConfiguration,
+    networkOriginConfiguration_internetConfiguration,
+    networkOriginConfiguration_vpcConfiguration,
+
+    -- * PathElement
+    PathElement (..),
+    newPathElement,
+    pathElement_index,
+    pathElement_key,
+    pathElement_substring,
+    pathElement_value,
+
+    -- * PolicyGeneration
+    PolicyGeneration (..),
+    newPolicyGeneration,
+    policyGeneration_completedOn,
+    policyGeneration_jobId,
+    policyGeneration_principalArn,
+    policyGeneration_status,
+    policyGeneration_startedOn,
+
+    -- * PolicyGenerationDetails
+    PolicyGenerationDetails (..),
+    newPolicyGenerationDetails,
+    policyGenerationDetails_principalArn,
+
+    -- * Position
+    Position (..),
+    newPosition,
+    position_line,
+    position_column,
+    position_offset,
+
+    -- * RdsDbClusterSnapshotAttributeValue
+    RdsDbClusterSnapshotAttributeValue (..),
+    newRdsDbClusterSnapshotAttributeValue,
+    rdsDbClusterSnapshotAttributeValue_accountIds,
+
+    -- * RdsDbClusterSnapshotConfiguration
+    RdsDbClusterSnapshotConfiguration (..),
+    newRdsDbClusterSnapshotConfiguration,
+    rdsDbClusterSnapshotConfiguration_attributes,
+    rdsDbClusterSnapshotConfiguration_kmsKeyId,
+
+    -- * RdsDbSnapshotAttributeValue
+    RdsDbSnapshotAttributeValue (..),
+    newRdsDbSnapshotAttributeValue,
+    rdsDbSnapshotAttributeValue_accountIds,
+
+    -- * RdsDbSnapshotConfiguration
+    RdsDbSnapshotConfiguration (..),
+    newRdsDbSnapshotConfiguration,
+    rdsDbSnapshotConfiguration_attributes,
+    rdsDbSnapshotConfiguration_kmsKeyId,
+
+    -- * S3AccessPointConfiguration
+    S3AccessPointConfiguration (..),
+    newS3AccessPointConfiguration,
+    s3AccessPointConfiguration_accessPointPolicy,
+    s3AccessPointConfiguration_networkOrigin,
+    s3AccessPointConfiguration_publicAccessBlock,
+
+    -- * S3BucketAclGrantConfiguration
+    S3BucketAclGrantConfiguration (..),
+    newS3BucketAclGrantConfiguration,
+    s3BucketAclGrantConfiguration_permission,
+    s3BucketAclGrantConfiguration_grantee,
+
+    -- * S3BucketConfiguration
+    S3BucketConfiguration (..),
+    newS3BucketConfiguration,
+    s3BucketConfiguration_accessPoints,
+    s3BucketConfiguration_bucketAclGrants,
+    s3BucketConfiguration_bucketPolicy,
+    s3BucketConfiguration_bucketPublicAccessBlock,
+
+    -- * S3PublicAccessBlockConfiguration
+    S3PublicAccessBlockConfiguration (..),
+    newS3PublicAccessBlockConfiguration,
+    s3PublicAccessBlockConfiguration_ignorePublicAcls,
+    s3PublicAccessBlockConfiguration_restrictPublicBuckets,
+
+    -- * SecretsManagerSecretConfiguration
+    SecretsManagerSecretConfiguration (..),
+    newSecretsManagerSecretConfiguration,
+    secretsManagerSecretConfiguration_kmsKeyId,
+    secretsManagerSecretConfiguration_secretPolicy,
+
+    -- * SnsTopicConfiguration
+    SnsTopicConfiguration (..),
+    newSnsTopicConfiguration,
+    snsTopicConfiguration_topicPolicy,
+
+    -- * SortCriteria
+    SortCriteria (..),
+    newSortCriteria,
+    sortCriteria_attributeName,
+    sortCriteria_orderBy,
+
+    -- * Span
+    Span (..),
+    newSpan,
+    span_start,
+    span_end,
+
+    -- * SqsQueueConfiguration
+    SqsQueueConfiguration (..),
+    newSqsQueueConfiguration,
+    sqsQueueConfiguration_queuePolicy,
+
+    -- * StatusReason
+    StatusReason (..),
+    newStatusReason,
+    statusReason_code,
+
+    -- * Substring
+    Substring (..),
+    newSubstring,
+    substring_start,
+    substring_length,
+
+    -- * Trail
+    Trail (..),
+    newTrail,
+    trail_allRegions,
+    trail_regions,
+    trail_cloudTrailArn,
+
+    -- * TrailProperties
+    TrailProperties (..),
+    newTrailProperties,
+    trailProperties_allRegions,
+    trailProperties_regions,
+    trailProperties_cloudTrailArn,
+
+    -- * ValidatePolicyFinding
+    ValidatePolicyFinding (..),
+    newValidatePolicyFinding,
+    validatePolicyFinding_findingDetails,
+    validatePolicyFinding_findingType,
+    validatePolicyFinding_issueCode,
+    validatePolicyFinding_learnMoreLink,
+    validatePolicyFinding_locations,
+
+    -- * VpcConfiguration
+    VpcConfiguration (..),
+    newVpcConfiguration,
+    vpcConfiguration_vpcId,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types.AccessPreview
+import Amazonka.AccessAnalyzer.Types.AccessPreviewFinding
+import Amazonka.AccessAnalyzer.Types.AccessPreviewStatus
+import Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason
+import Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode
+import Amazonka.AccessAnalyzer.Types.AccessPreviewSummary
+import Amazonka.AccessAnalyzer.Types.AclGrantee
+import Amazonka.AccessAnalyzer.Types.AclPermission
+import Amazonka.AccessAnalyzer.Types.AnalyzedResource
+import Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary
+import Amazonka.AccessAnalyzer.Types.AnalyzerStatus
+import Amazonka.AccessAnalyzer.Types.AnalyzerSummary
+import Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary
+import Amazonka.AccessAnalyzer.Types.CloudTrailDetails
+import Amazonka.AccessAnalyzer.Types.CloudTrailProperties
+import Amazonka.AccessAnalyzer.Types.Configuration
+import Amazonka.AccessAnalyzer.Types.Criterion
+import Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration
+import Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration
+import Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration
+import Amazonka.AccessAnalyzer.Types.Finding
+import Amazonka.AccessAnalyzer.Types.FindingChangeType
+import Amazonka.AccessAnalyzer.Types.FindingSource
+import Amazonka.AccessAnalyzer.Types.FindingSourceDetail
+import Amazonka.AccessAnalyzer.Types.FindingSourceType
+import Amazonka.AccessAnalyzer.Types.FindingStatus
+import Amazonka.AccessAnalyzer.Types.FindingStatusUpdate
+import Amazonka.AccessAnalyzer.Types.FindingSummary
+import Amazonka.AccessAnalyzer.Types.GeneratedPolicy
+import Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties
+import Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult
+import Amazonka.AccessAnalyzer.Types.IamRoleConfiguration
+import Amazonka.AccessAnalyzer.Types.InlineArchiveRule
+import Amazonka.AccessAnalyzer.Types.InternetConfiguration
+import Amazonka.AccessAnalyzer.Types.JobDetails
+import Amazonka.AccessAnalyzer.Types.JobError
+import Amazonka.AccessAnalyzer.Types.JobErrorCode
+import Amazonka.AccessAnalyzer.Types.JobStatus
+import Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration
+import Amazonka.AccessAnalyzer.Types.KmsGrantConstraints
+import Amazonka.AccessAnalyzer.Types.KmsGrantOperation
+import Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration
+import Amazonka.AccessAnalyzer.Types.Locale
+import Amazonka.AccessAnalyzer.Types.Location
+import Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration
+import Amazonka.AccessAnalyzer.Types.OrderBy
+import Amazonka.AccessAnalyzer.Types.PathElement
+import Amazonka.AccessAnalyzer.Types.PolicyGeneration
+import Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails
+import Amazonka.AccessAnalyzer.Types.PolicyType
+import Amazonka.AccessAnalyzer.Types.Position
+import Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue
+import Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration
+import Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue
+import Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration
+import Amazonka.AccessAnalyzer.Types.ReasonCode
+import Amazonka.AccessAnalyzer.Types.ResourceType
+import Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration
+import Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration
+import Amazonka.AccessAnalyzer.Types.S3BucketConfiguration
+import Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration
+import Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration
+import Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration
+import Amazonka.AccessAnalyzer.Types.SortCriteria
+import Amazonka.AccessAnalyzer.Types.Span
+import Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration
+import Amazonka.AccessAnalyzer.Types.StatusReason
+import Amazonka.AccessAnalyzer.Types.Substring
+import Amazonka.AccessAnalyzer.Types.Trail
+import Amazonka.AccessAnalyzer.Types.TrailProperties
+import Amazonka.AccessAnalyzer.Types.Type
+import Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding
+import Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType
+import Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType
+import Amazonka.AccessAnalyzer.Types.VpcConfiguration
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Sign.V4 as Sign
+
+-- | API version @2019-11-01@ of the Amazon Access Analyzer SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "AccessAnalyzer",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "access-analyzer",
+      Core.signingName = "access-analyzer",
+      Core.version = "2019-11-01",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "AccessAnalyzer",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | You do not have sufficient access to perform this action.
+_AccessDeniedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_AccessDeniedException =
+  Core._MatchServiceError
+    defaultService
+    "AccessDeniedException"
+    Prelude.. Core.hasStatus 403
+
+-- | A conflict exception error.
+_ConflictException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ConflictException =
+  Core._MatchServiceError
+    defaultService
+    "ConflictException"
+    Prelude.. Core.hasStatus 409
+
+-- | Internal server error.
+_InternalServerException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InternalServerException =
+  Core._MatchServiceError
+    defaultService
+    "InternalServerException"
+    Prelude.. Core.hasStatus 500
+
+-- | The specified resource could not be found.
+_ResourceNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceNotFoundException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceNotFoundException"
+    Prelude.. Core.hasStatus 404
+
+-- | Service quote met error.
+_ServiceQuotaExceededException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ServiceQuotaExceededException =
+  Core._MatchServiceError
+    defaultService
+    "ServiceQuotaExceededException"
+    Prelude.. Core.hasStatus 402
+
+-- | Throttling limit exceeded error.
+_ThrottlingException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ThrottlingException =
+  Core._MatchServiceError
+    defaultService
+    "ThrottlingException"
+    Prelude.. Core.hasStatus 429
+
+-- | Validation exception error.
+_ValidationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ValidationException =
+  Core._MatchServiceError
+    defaultService
+    "ValidationException"
+    Prelude.. Core.hasStatus 400
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AccessPreview.hs b/gen/Amazonka/AccessAnalyzer/Types/AccessPreview.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AccessPreview.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AccessPreview
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AccessPreview where
+
+import Amazonka.AccessAnalyzer.Types.AccessPreviewStatus
+import Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason
+import Amazonka.AccessAnalyzer.Types.Configuration
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about an access preview.
+--
+-- /See:/ 'newAccessPreview' smart constructor.
+data AccessPreview = AccessPreview'
+  { -- | Provides more details about the current status of the access preview.
+    --
+    -- For example, if the creation of the access preview fails, a @Failed@
+    -- status is returned. This failure can be due to an internal issue with
+    -- the analysis or due to an invalid resource configuration.
+    statusReason :: Prelude.Maybe AccessPreviewStatusReason,
+    -- | The unique ID for the access preview.
+    id :: Prelude.Text,
+    -- | The ARN of the analyzer used to generate the access preview.
+    analyzerArn :: Prelude.Text,
+    -- | A map of resource ARNs for the proposed resource configuration.
+    configurations :: Prelude.HashMap Prelude.Text Configuration,
+    -- | The time at which the access preview was created.
+    createdAt :: Data.ISO8601,
+    -- | The status of the access preview.
+    --
+    -- -   @Creating@ - The access preview creation is in progress.
+    --
+    -- -   @Completed@ - The access preview is complete. You can preview
+    --     findings for external access to the resource.
+    --
+    -- -   @Failed@ - The access preview creation has failed.
+    status :: AccessPreviewStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccessPreview' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'statusReason', 'accessPreview_statusReason' - Provides more details about the current status of the access preview.
+--
+-- For example, if the creation of the access preview fails, a @Failed@
+-- status is returned. This failure can be due to an internal issue with
+-- the analysis or due to an invalid resource configuration.
+--
+-- 'id', 'accessPreview_id' - The unique ID for the access preview.
+--
+-- 'analyzerArn', 'accessPreview_analyzerArn' - The ARN of the analyzer used to generate the access preview.
+--
+-- 'configurations', 'accessPreview_configurations' - A map of resource ARNs for the proposed resource configuration.
+--
+-- 'createdAt', 'accessPreview_createdAt' - The time at which the access preview was created.
+--
+-- 'status', 'accessPreview_status' - The status of the access preview.
+--
+-- -   @Creating@ - The access preview creation is in progress.
+--
+-- -   @Completed@ - The access preview is complete. You can preview
+--     findings for external access to the resource.
+--
+-- -   @Failed@ - The access preview creation has failed.
+newAccessPreview ::
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  -- | 'createdAt'
+  Prelude.UTCTime ->
+  -- | 'status'
+  AccessPreviewStatus ->
+  AccessPreview
+newAccessPreview
+  pId_
+  pAnalyzerArn_
+  pCreatedAt_
+  pStatus_ =
+    AccessPreview'
+      { statusReason = Prelude.Nothing,
+        id = pId_,
+        analyzerArn = pAnalyzerArn_,
+        configurations = Prelude.mempty,
+        createdAt = Data._Time Lens.# pCreatedAt_,
+        status = pStatus_
+      }
+
+-- | Provides more details about the current status of the access preview.
+--
+-- For example, if the creation of the access preview fails, a @Failed@
+-- status is returned. This failure can be due to an internal issue with
+-- the analysis or due to an invalid resource configuration.
+accessPreview_statusReason :: Lens.Lens' AccessPreview (Prelude.Maybe AccessPreviewStatusReason)
+accessPreview_statusReason = Lens.lens (\AccessPreview' {statusReason} -> statusReason) (\s@AccessPreview' {} a -> s {statusReason = a} :: AccessPreview)
+
+-- | The unique ID for the access preview.
+accessPreview_id :: Lens.Lens' AccessPreview Prelude.Text
+accessPreview_id = Lens.lens (\AccessPreview' {id} -> id) (\s@AccessPreview' {} a -> s {id = a} :: AccessPreview)
+
+-- | The ARN of the analyzer used to generate the access preview.
+accessPreview_analyzerArn :: Lens.Lens' AccessPreview Prelude.Text
+accessPreview_analyzerArn = Lens.lens (\AccessPreview' {analyzerArn} -> analyzerArn) (\s@AccessPreview' {} a -> s {analyzerArn = a} :: AccessPreview)
+
+-- | A map of resource ARNs for the proposed resource configuration.
+accessPreview_configurations :: Lens.Lens' AccessPreview (Prelude.HashMap Prelude.Text Configuration)
+accessPreview_configurations = Lens.lens (\AccessPreview' {configurations} -> configurations) (\s@AccessPreview' {} a -> s {configurations = a} :: AccessPreview) Prelude.. Lens.coerced
+
+-- | The time at which the access preview was created.
+accessPreview_createdAt :: Lens.Lens' AccessPreview Prelude.UTCTime
+accessPreview_createdAt = Lens.lens (\AccessPreview' {createdAt} -> createdAt) (\s@AccessPreview' {} a -> s {createdAt = a} :: AccessPreview) Prelude.. Data._Time
+
+-- | The status of the access preview.
+--
+-- -   @Creating@ - The access preview creation is in progress.
+--
+-- -   @Completed@ - The access preview is complete. You can preview
+--     findings for external access to the resource.
+--
+-- -   @Failed@ - The access preview creation has failed.
+accessPreview_status :: Lens.Lens' AccessPreview AccessPreviewStatus
+accessPreview_status = Lens.lens (\AccessPreview' {status} -> status) (\s@AccessPreview' {} a -> s {status = a} :: AccessPreview)
+
+instance Data.FromJSON AccessPreview where
+  parseJSON =
+    Data.withObject
+      "AccessPreview"
+      ( \x ->
+          AccessPreview'
+            Prelude.<$> (x Data..:? "statusReason")
+            Prelude.<*> (x Data..: "id")
+            Prelude.<*> (x Data..: "analyzerArn")
+            Prelude.<*> (x Data..:? "configurations" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "createdAt")
+            Prelude.<*> (x Data..: "status")
+      )
+
+instance Prelude.Hashable AccessPreview where
+  hashWithSalt _salt AccessPreview' {..} =
+    _salt
+      `Prelude.hashWithSalt` statusReason
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` analyzerArn
+      `Prelude.hashWithSalt` configurations
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AccessPreview where
+  rnf AccessPreview' {..} =
+    Prelude.rnf statusReason
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf analyzerArn
+      `Prelude.seq` Prelude.rnf configurations
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewFinding.hs b/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewFinding.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewFinding.hs
@@ -0,0 +1,346 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AccessPreviewFinding
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AccessPreviewFinding where
+
+import Amazonka.AccessAnalyzer.Types.FindingChangeType
+import Amazonka.AccessAnalyzer.Types.FindingSource
+import Amazonka.AccessAnalyzer.Types.FindingStatus
+import Amazonka.AccessAnalyzer.Types.ResourceType
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An access preview finding generated by the access preview.
+--
+-- /See:/ 'newAccessPreviewFinding' smart constructor.
+data AccessPreviewFinding = AccessPreviewFinding'
+  { -- | The action in the analyzed policy statement that an external principal
+    -- has permission to perform.
+    action :: Prelude.Maybe [Prelude.Text],
+    -- | The condition in the analyzed policy statement that resulted in a
+    -- finding.
+    condition :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | An error.
+    error :: Prelude.Maybe Prelude.Text,
+    -- | The existing ID of the finding in IAM Access Analyzer, provided only for
+    -- existing findings.
+    existingFindingId :: Prelude.Maybe Prelude.Text,
+    -- | The existing status of the finding, provided only for existing findings.
+    existingFindingStatus :: Prelude.Maybe FindingStatus,
+    -- | Indicates whether the policy that generated the finding allows public
+    -- access to the resource.
+    isPublic :: Prelude.Maybe Prelude.Bool,
+    -- | The external principal that has access to a resource within the zone of
+    -- trust.
+    principal :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The resource that an external principal has access to. This is the
+    -- resource associated with the access preview.
+    resource :: Prelude.Maybe Prelude.Text,
+    -- | The sources of the finding. This indicates how the access that generated
+    -- the finding is granted. It is populated for Amazon S3 bucket findings.
+    sources :: Prelude.Maybe [FindingSource],
+    -- | The ID of the access preview finding. This ID uniquely identifies the
+    -- element in the list of access preview findings and is not related to the
+    -- finding ID in Access Analyzer.
+    id :: Prelude.Text,
+    -- | The type of the resource that can be accessed in the finding.
+    resourceType :: ResourceType,
+    -- | The time at which the access preview finding was created.
+    createdAt :: Data.ISO8601,
+    -- | Provides context on how the access preview finding compares to existing
+    -- access identified in IAM Access Analyzer.
+    --
+    -- -   @New@ - The finding is for newly-introduced access.
+    --
+    -- -   @Unchanged@ - The preview finding is an existing finding that would
+    --     remain unchanged.
+    --
+    -- -   @Changed@ - The preview finding is an existing finding with a change
+    --     in status.
+    --
+    -- For example, a @Changed@ finding with preview status @Resolved@ and
+    -- existing status @Active@ indicates the existing @Active@ finding would
+    -- become @Resolved@ as a result of the proposed permissions change.
+    changeType :: FindingChangeType,
+    -- | The preview status of the finding. This is what the status of the
+    -- finding would be after permissions deployment. For example, a @Changed@
+    -- finding with preview status @Resolved@ and existing status @Active@
+    -- indicates the existing @Active@ finding would become @Resolved@ as a
+    -- result of the proposed permissions change.
+    status :: FindingStatus,
+    -- | The Amazon Web Services account ID that owns the resource. For most
+    -- Amazon Web Services resources, the owning account is the account in
+    -- which the resource was created.
+    resourceOwnerAccount :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccessPreviewFinding' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'accessPreviewFinding_action' - The action in the analyzed policy statement that an external principal
+-- has permission to perform.
+--
+-- 'condition', 'accessPreviewFinding_condition' - The condition in the analyzed policy statement that resulted in a
+-- finding.
+--
+-- 'error', 'accessPreviewFinding_error' - An error.
+--
+-- 'existingFindingId', 'accessPreviewFinding_existingFindingId' - The existing ID of the finding in IAM Access Analyzer, provided only for
+-- existing findings.
+--
+-- 'existingFindingStatus', 'accessPreviewFinding_existingFindingStatus' - The existing status of the finding, provided only for existing findings.
+--
+-- 'isPublic', 'accessPreviewFinding_isPublic' - Indicates whether the policy that generated the finding allows public
+-- access to the resource.
+--
+-- 'principal', 'accessPreviewFinding_principal' - The external principal that has access to a resource within the zone of
+-- trust.
+--
+-- 'resource', 'accessPreviewFinding_resource' - The resource that an external principal has access to. This is the
+-- resource associated with the access preview.
+--
+-- 'sources', 'accessPreviewFinding_sources' - The sources of the finding. This indicates how the access that generated
+-- the finding is granted. It is populated for Amazon S3 bucket findings.
+--
+-- 'id', 'accessPreviewFinding_id' - The ID of the access preview finding. This ID uniquely identifies the
+-- element in the list of access preview findings and is not related to the
+-- finding ID in Access Analyzer.
+--
+-- 'resourceType', 'accessPreviewFinding_resourceType' - The type of the resource that can be accessed in the finding.
+--
+-- 'createdAt', 'accessPreviewFinding_createdAt' - The time at which the access preview finding was created.
+--
+-- 'changeType', 'accessPreviewFinding_changeType' - Provides context on how the access preview finding compares to existing
+-- access identified in IAM Access Analyzer.
+--
+-- -   @New@ - The finding is for newly-introduced access.
+--
+-- -   @Unchanged@ - The preview finding is an existing finding that would
+--     remain unchanged.
+--
+-- -   @Changed@ - The preview finding is an existing finding with a change
+--     in status.
+--
+-- For example, a @Changed@ finding with preview status @Resolved@ and
+-- existing status @Active@ indicates the existing @Active@ finding would
+-- become @Resolved@ as a result of the proposed permissions change.
+--
+-- 'status', 'accessPreviewFinding_status' - The preview status of the finding. This is what the status of the
+-- finding would be after permissions deployment. For example, a @Changed@
+-- finding with preview status @Resolved@ and existing status @Active@
+-- indicates the existing @Active@ finding would become @Resolved@ as a
+-- result of the proposed permissions change.
+--
+-- 'resourceOwnerAccount', 'accessPreviewFinding_resourceOwnerAccount' - The Amazon Web Services account ID that owns the resource. For most
+-- Amazon Web Services resources, the owning account is the account in
+-- which the resource was created.
+newAccessPreviewFinding ::
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'resourceType'
+  ResourceType ->
+  -- | 'createdAt'
+  Prelude.UTCTime ->
+  -- | 'changeType'
+  FindingChangeType ->
+  -- | 'status'
+  FindingStatus ->
+  -- | 'resourceOwnerAccount'
+  Prelude.Text ->
+  AccessPreviewFinding
+newAccessPreviewFinding
+  pId_
+  pResourceType_
+  pCreatedAt_
+  pChangeType_
+  pStatus_
+  pResourceOwnerAccount_ =
+    AccessPreviewFinding'
+      { action = Prelude.Nothing,
+        condition = Prelude.Nothing,
+        error = Prelude.Nothing,
+        existingFindingId = Prelude.Nothing,
+        existingFindingStatus = Prelude.Nothing,
+        isPublic = Prelude.Nothing,
+        principal = Prelude.Nothing,
+        resource = Prelude.Nothing,
+        sources = Prelude.Nothing,
+        id = pId_,
+        resourceType = pResourceType_,
+        createdAt = Data._Time Lens.# pCreatedAt_,
+        changeType = pChangeType_,
+        status = pStatus_,
+        resourceOwnerAccount = pResourceOwnerAccount_
+      }
+
+-- | The action in the analyzed policy statement that an external principal
+-- has permission to perform.
+accessPreviewFinding_action :: Lens.Lens' AccessPreviewFinding (Prelude.Maybe [Prelude.Text])
+accessPreviewFinding_action = Lens.lens (\AccessPreviewFinding' {action} -> action) (\s@AccessPreviewFinding' {} a -> s {action = a} :: AccessPreviewFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | The condition in the analyzed policy statement that resulted in a
+-- finding.
+accessPreviewFinding_condition :: Lens.Lens' AccessPreviewFinding (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+accessPreviewFinding_condition = Lens.lens (\AccessPreviewFinding' {condition} -> condition) (\s@AccessPreviewFinding' {} a -> s {condition = a} :: AccessPreviewFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | An error.
+accessPreviewFinding_error :: Lens.Lens' AccessPreviewFinding (Prelude.Maybe Prelude.Text)
+accessPreviewFinding_error = Lens.lens (\AccessPreviewFinding' {error} -> error) (\s@AccessPreviewFinding' {} a -> s {error = a} :: AccessPreviewFinding)
+
+-- | The existing ID of the finding in IAM Access Analyzer, provided only for
+-- existing findings.
+accessPreviewFinding_existingFindingId :: Lens.Lens' AccessPreviewFinding (Prelude.Maybe Prelude.Text)
+accessPreviewFinding_existingFindingId = Lens.lens (\AccessPreviewFinding' {existingFindingId} -> existingFindingId) (\s@AccessPreviewFinding' {} a -> s {existingFindingId = a} :: AccessPreviewFinding)
+
+-- | The existing status of the finding, provided only for existing findings.
+accessPreviewFinding_existingFindingStatus :: Lens.Lens' AccessPreviewFinding (Prelude.Maybe FindingStatus)
+accessPreviewFinding_existingFindingStatus = Lens.lens (\AccessPreviewFinding' {existingFindingStatus} -> existingFindingStatus) (\s@AccessPreviewFinding' {} a -> s {existingFindingStatus = a} :: AccessPreviewFinding)
+
+-- | Indicates whether the policy that generated the finding allows public
+-- access to the resource.
+accessPreviewFinding_isPublic :: Lens.Lens' AccessPreviewFinding (Prelude.Maybe Prelude.Bool)
+accessPreviewFinding_isPublic = Lens.lens (\AccessPreviewFinding' {isPublic} -> isPublic) (\s@AccessPreviewFinding' {} a -> s {isPublic = a} :: AccessPreviewFinding)
+
+-- | The external principal that has access to a resource within the zone of
+-- trust.
+accessPreviewFinding_principal :: Lens.Lens' AccessPreviewFinding (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+accessPreviewFinding_principal = Lens.lens (\AccessPreviewFinding' {principal} -> principal) (\s@AccessPreviewFinding' {} a -> s {principal = a} :: AccessPreviewFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | The resource that an external principal has access to. This is the
+-- resource associated with the access preview.
+accessPreviewFinding_resource :: Lens.Lens' AccessPreviewFinding (Prelude.Maybe Prelude.Text)
+accessPreviewFinding_resource = Lens.lens (\AccessPreviewFinding' {resource} -> resource) (\s@AccessPreviewFinding' {} a -> s {resource = a} :: AccessPreviewFinding)
+
+-- | The sources of the finding. This indicates how the access that generated
+-- the finding is granted. It is populated for Amazon S3 bucket findings.
+accessPreviewFinding_sources :: Lens.Lens' AccessPreviewFinding (Prelude.Maybe [FindingSource])
+accessPreviewFinding_sources = Lens.lens (\AccessPreviewFinding' {sources} -> sources) (\s@AccessPreviewFinding' {} a -> s {sources = a} :: AccessPreviewFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the access preview finding. This ID uniquely identifies the
+-- element in the list of access preview findings and is not related to the
+-- finding ID in Access Analyzer.
+accessPreviewFinding_id :: Lens.Lens' AccessPreviewFinding Prelude.Text
+accessPreviewFinding_id = Lens.lens (\AccessPreviewFinding' {id} -> id) (\s@AccessPreviewFinding' {} a -> s {id = a} :: AccessPreviewFinding)
+
+-- | The type of the resource that can be accessed in the finding.
+accessPreviewFinding_resourceType :: Lens.Lens' AccessPreviewFinding ResourceType
+accessPreviewFinding_resourceType = Lens.lens (\AccessPreviewFinding' {resourceType} -> resourceType) (\s@AccessPreviewFinding' {} a -> s {resourceType = a} :: AccessPreviewFinding)
+
+-- | The time at which the access preview finding was created.
+accessPreviewFinding_createdAt :: Lens.Lens' AccessPreviewFinding Prelude.UTCTime
+accessPreviewFinding_createdAt = Lens.lens (\AccessPreviewFinding' {createdAt} -> createdAt) (\s@AccessPreviewFinding' {} a -> s {createdAt = a} :: AccessPreviewFinding) Prelude.. Data._Time
+
+-- | Provides context on how the access preview finding compares to existing
+-- access identified in IAM Access Analyzer.
+--
+-- -   @New@ - The finding is for newly-introduced access.
+--
+-- -   @Unchanged@ - The preview finding is an existing finding that would
+--     remain unchanged.
+--
+-- -   @Changed@ - The preview finding is an existing finding with a change
+--     in status.
+--
+-- For example, a @Changed@ finding with preview status @Resolved@ and
+-- existing status @Active@ indicates the existing @Active@ finding would
+-- become @Resolved@ as a result of the proposed permissions change.
+accessPreviewFinding_changeType :: Lens.Lens' AccessPreviewFinding FindingChangeType
+accessPreviewFinding_changeType = Lens.lens (\AccessPreviewFinding' {changeType} -> changeType) (\s@AccessPreviewFinding' {} a -> s {changeType = a} :: AccessPreviewFinding)
+
+-- | The preview status of the finding. This is what the status of the
+-- finding would be after permissions deployment. For example, a @Changed@
+-- finding with preview status @Resolved@ and existing status @Active@
+-- indicates the existing @Active@ finding would become @Resolved@ as a
+-- result of the proposed permissions change.
+accessPreviewFinding_status :: Lens.Lens' AccessPreviewFinding FindingStatus
+accessPreviewFinding_status = Lens.lens (\AccessPreviewFinding' {status} -> status) (\s@AccessPreviewFinding' {} a -> s {status = a} :: AccessPreviewFinding)
+
+-- | The Amazon Web Services account ID that owns the resource. For most
+-- Amazon Web Services resources, the owning account is the account in
+-- which the resource was created.
+accessPreviewFinding_resourceOwnerAccount :: Lens.Lens' AccessPreviewFinding Prelude.Text
+accessPreviewFinding_resourceOwnerAccount = Lens.lens (\AccessPreviewFinding' {resourceOwnerAccount} -> resourceOwnerAccount) (\s@AccessPreviewFinding' {} a -> s {resourceOwnerAccount = a} :: AccessPreviewFinding)
+
+instance Data.FromJSON AccessPreviewFinding where
+  parseJSON =
+    Data.withObject
+      "AccessPreviewFinding"
+      ( \x ->
+          AccessPreviewFinding'
+            Prelude.<$> (x Data..:? "action" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "condition" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "error")
+            Prelude.<*> (x Data..:? "existingFindingId")
+            Prelude.<*> (x Data..:? "existingFindingStatus")
+            Prelude.<*> (x Data..:? "isPublic")
+            Prelude.<*> (x Data..:? "principal" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "resource")
+            Prelude.<*> (x Data..:? "sources" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "id")
+            Prelude.<*> (x Data..: "resourceType")
+            Prelude.<*> (x Data..: "createdAt")
+            Prelude.<*> (x Data..: "changeType")
+            Prelude.<*> (x Data..: "status")
+            Prelude.<*> (x Data..: "resourceOwnerAccount")
+      )
+
+instance Prelude.Hashable AccessPreviewFinding where
+  hashWithSalt _salt AccessPreviewFinding' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` condition
+      `Prelude.hashWithSalt` error
+      `Prelude.hashWithSalt` existingFindingId
+      `Prelude.hashWithSalt` existingFindingStatus
+      `Prelude.hashWithSalt` isPublic
+      `Prelude.hashWithSalt` principal
+      `Prelude.hashWithSalt` resource
+      `Prelude.hashWithSalt` sources
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` changeType
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` resourceOwnerAccount
+
+instance Prelude.NFData AccessPreviewFinding where
+  rnf AccessPreviewFinding' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf condition
+      `Prelude.seq` Prelude.rnf error
+      `Prelude.seq` Prelude.rnf existingFindingId
+      `Prelude.seq` Prelude.rnf existingFindingStatus
+      `Prelude.seq` Prelude.rnf isPublic
+      `Prelude.seq` Prelude.rnf principal
+      `Prelude.seq` Prelude.rnf resource
+      `Prelude.seq` Prelude.rnf sources
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf changeType
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf resourceOwnerAccount
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewStatus.hs b/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewStatus.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AccessPreviewStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AccessPreviewStatus
+  ( AccessPreviewStatus
+      ( ..,
+        AccessPreviewStatus_COMPLETED,
+        AccessPreviewStatus_CREATING,
+        AccessPreviewStatus_FAILED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AccessPreviewStatus = AccessPreviewStatus'
+  { fromAccessPreviewStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AccessPreviewStatus_COMPLETED :: AccessPreviewStatus
+pattern AccessPreviewStatus_COMPLETED = AccessPreviewStatus' "COMPLETED"
+
+pattern AccessPreviewStatus_CREATING :: AccessPreviewStatus
+pattern AccessPreviewStatus_CREATING = AccessPreviewStatus' "CREATING"
+
+pattern AccessPreviewStatus_FAILED :: AccessPreviewStatus
+pattern AccessPreviewStatus_FAILED = AccessPreviewStatus' "FAILED"
+
+{-# COMPLETE
+  AccessPreviewStatus_COMPLETED,
+  AccessPreviewStatus_CREATING,
+  AccessPreviewStatus_FAILED,
+  AccessPreviewStatus'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewStatusReason.hs b/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewStatusReason.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewStatusReason.hs
@@ -0,0 +1,74 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason where
+
+import Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides more details about the current status of the access preview.
+-- For example, if the creation of the access preview fails, a @Failed@
+-- status is returned. This failure can be due to an internal issue with
+-- the analysis or due to an invalid proposed resource configuration.
+--
+-- /See:/ 'newAccessPreviewStatusReason' smart constructor.
+data AccessPreviewStatusReason = AccessPreviewStatusReason'
+  { -- | The reason code for the current status of the access preview.
+    code :: AccessPreviewStatusReasonCode
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccessPreviewStatusReason' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'code', 'accessPreviewStatusReason_code' - The reason code for the current status of the access preview.
+newAccessPreviewStatusReason ::
+  -- | 'code'
+  AccessPreviewStatusReasonCode ->
+  AccessPreviewStatusReason
+newAccessPreviewStatusReason pCode_ =
+  AccessPreviewStatusReason' {code = pCode_}
+
+-- | The reason code for the current status of the access preview.
+accessPreviewStatusReason_code :: Lens.Lens' AccessPreviewStatusReason AccessPreviewStatusReasonCode
+accessPreviewStatusReason_code = Lens.lens (\AccessPreviewStatusReason' {code} -> code) (\s@AccessPreviewStatusReason' {} a -> s {code = a} :: AccessPreviewStatusReason)
+
+instance Data.FromJSON AccessPreviewStatusReason where
+  parseJSON =
+    Data.withObject
+      "AccessPreviewStatusReason"
+      ( \x ->
+          AccessPreviewStatusReason'
+            Prelude.<$> (x Data..: "code")
+      )
+
+instance Prelude.Hashable AccessPreviewStatusReason where
+  hashWithSalt _salt AccessPreviewStatusReason' {..} =
+    _salt `Prelude.hashWithSalt` code
+
+instance Prelude.NFData AccessPreviewStatusReason where
+  rnf AccessPreviewStatusReason' {..} = Prelude.rnf code
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewStatusReasonCode.hs b/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewStatusReasonCode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewStatusReasonCode.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReasonCode
+  ( AccessPreviewStatusReasonCode
+      ( ..,
+        AccessPreviewStatusReasonCode_INTERNAL_ERROR,
+        AccessPreviewStatusReasonCode_INVALID_CONFIGURATION
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AccessPreviewStatusReasonCode = AccessPreviewStatusReasonCode'
+  { fromAccessPreviewStatusReasonCode ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AccessPreviewStatusReasonCode_INTERNAL_ERROR :: AccessPreviewStatusReasonCode
+pattern AccessPreviewStatusReasonCode_INTERNAL_ERROR = AccessPreviewStatusReasonCode' "INTERNAL_ERROR"
+
+pattern AccessPreviewStatusReasonCode_INVALID_CONFIGURATION :: AccessPreviewStatusReasonCode
+pattern AccessPreviewStatusReasonCode_INVALID_CONFIGURATION = AccessPreviewStatusReasonCode' "INVALID_CONFIGURATION"
+
+{-# COMPLETE
+  AccessPreviewStatusReasonCode_INTERNAL_ERROR,
+  AccessPreviewStatusReasonCode_INVALID_CONFIGURATION,
+  AccessPreviewStatusReasonCode'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewSummary.hs b/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AccessPreviewSummary.hs
@@ -0,0 +1,155 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AccessPreviewSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AccessPreviewSummary where
+
+import Amazonka.AccessAnalyzer.Types.AccessPreviewStatus
+import Amazonka.AccessAnalyzer.Types.AccessPreviewStatusReason
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains a summary of information about an access preview.
+--
+-- /See:/ 'newAccessPreviewSummary' smart constructor.
+data AccessPreviewSummary = AccessPreviewSummary'
+  { statusReason :: Prelude.Maybe AccessPreviewStatusReason,
+    -- | The unique ID for the access preview.
+    id :: Prelude.Text,
+    -- | The ARN of the analyzer used to generate the access preview.
+    analyzerArn :: Prelude.Text,
+    -- | The time at which the access preview was created.
+    createdAt :: Data.ISO8601,
+    -- | The status of the access preview.
+    --
+    -- -   @Creating@ - The access preview creation is in progress.
+    --
+    -- -   @Completed@ - The access preview is complete and previews the
+    --     findings for external access to the resource.
+    --
+    -- -   @Failed@ - The access preview creation has failed.
+    status :: AccessPreviewStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccessPreviewSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'statusReason', 'accessPreviewSummary_statusReason' - Undocumented member.
+--
+-- 'id', 'accessPreviewSummary_id' - The unique ID for the access preview.
+--
+-- 'analyzerArn', 'accessPreviewSummary_analyzerArn' - The ARN of the analyzer used to generate the access preview.
+--
+-- 'createdAt', 'accessPreviewSummary_createdAt' - The time at which the access preview was created.
+--
+-- 'status', 'accessPreviewSummary_status' - The status of the access preview.
+--
+-- -   @Creating@ - The access preview creation is in progress.
+--
+-- -   @Completed@ - The access preview is complete and previews the
+--     findings for external access to the resource.
+--
+-- -   @Failed@ - The access preview creation has failed.
+newAccessPreviewSummary ::
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  -- | 'createdAt'
+  Prelude.UTCTime ->
+  -- | 'status'
+  AccessPreviewStatus ->
+  AccessPreviewSummary
+newAccessPreviewSummary
+  pId_
+  pAnalyzerArn_
+  pCreatedAt_
+  pStatus_ =
+    AccessPreviewSummary'
+      { statusReason =
+          Prelude.Nothing,
+        id = pId_,
+        analyzerArn = pAnalyzerArn_,
+        createdAt = Data._Time Lens.# pCreatedAt_,
+        status = pStatus_
+      }
+
+-- | Undocumented member.
+accessPreviewSummary_statusReason :: Lens.Lens' AccessPreviewSummary (Prelude.Maybe AccessPreviewStatusReason)
+accessPreviewSummary_statusReason = Lens.lens (\AccessPreviewSummary' {statusReason} -> statusReason) (\s@AccessPreviewSummary' {} a -> s {statusReason = a} :: AccessPreviewSummary)
+
+-- | The unique ID for the access preview.
+accessPreviewSummary_id :: Lens.Lens' AccessPreviewSummary Prelude.Text
+accessPreviewSummary_id = Lens.lens (\AccessPreviewSummary' {id} -> id) (\s@AccessPreviewSummary' {} a -> s {id = a} :: AccessPreviewSummary)
+
+-- | The ARN of the analyzer used to generate the access preview.
+accessPreviewSummary_analyzerArn :: Lens.Lens' AccessPreviewSummary Prelude.Text
+accessPreviewSummary_analyzerArn = Lens.lens (\AccessPreviewSummary' {analyzerArn} -> analyzerArn) (\s@AccessPreviewSummary' {} a -> s {analyzerArn = a} :: AccessPreviewSummary)
+
+-- | The time at which the access preview was created.
+accessPreviewSummary_createdAt :: Lens.Lens' AccessPreviewSummary Prelude.UTCTime
+accessPreviewSummary_createdAt = Lens.lens (\AccessPreviewSummary' {createdAt} -> createdAt) (\s@AccessPreviewSummary' {} a -> s {createdAt = a} :: AccessPreviewSummary) Prelude.. Data._Time
+
+-- | The status of the access preview.
+--
+-- -   @Creating@ - The access preview creation is in progress.
+--
+-- -   @Completed@ - The access preview is complete and previews the
+--     findings for external access to the resource.
+--
+-- -   @Failed@ - The access preview creation has failed.
+accessPreviewSummary_status :: Lens.Lens' AccessPreviewSummary AccessPreviewStatus
+accessPreviewSummary_status = Lens.lens (\AccessPreviewSummary' {status} -> status) (\s@AccessPreviewSummary' {} a -> s {status = a} :: AccessPreviewSummary)
+
+instance Data.FromJSON AccessPreviewSummary where
+  parseJSON =
+    Data.withObject
+      "AccessPreviewSummary"
+      ( \x ->
+          AccessPreviewSummary'
+            Prelude.<$> (x Data..:? "statusReason")
+            Prelude.<*> (x Data..: "id")
+            Prelude.<*> (x Data..: "analyzerArn")
+            Prelude.<*> (x Data..: "createdAt")
+            Prelude.<*> (x Data..: "status")
+      )
+
+instance Prelude.Hashable AccessPreviewSummary where
+  hashWithSalt _salt AccessPreviewSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` statusReason
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` analyzerArn
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AccessPreviewSummary where
+  rnf AccessPreviewSummary' {..} =
+    Prelude.rnf statusReason
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf analyzerArn
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AclGrantee.hs b/gen/Amazonka/AccessAnalyzer/Types/AclGrantee.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AclGrantee.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AclGrantee
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AclGrantee where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | You specify each grantee as a type-value pair using one of these types.
+-- You can specify only one type of grantee. For more information, see
+-- <https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html PutBucketAcl>.
+--
+-- /See:/ 'newAclGrantee' smart constructor.
+data AclGrantee = AclGrantee'
+  { -- | The value specified is the canonical user ID of an Amazon Web Services
+    -- account.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | Used for granting permissions to a predefined group.
+    uri :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AclGrantee' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'id', 'aclGrantee_id' - The value specified is the canonical user ID of an Amazon Web Services
+-- account.
+--
+-- 'uri', 'aclGrantee_uri' - Used for granting permissions to a predefined group.
+newAclGrantee ::
+  AclGrantee
+newAclGrantee =
+  AclGrantee'
+    { id = Prelude.Nothing,
+      uri = Prelude.Nothing
+    }
+
+-- | The value specified is the canonical user ID of an Amazon Web Services
+-- account.
+aclGrantee_id :: Lens.Lens' AclGrantee (Prelude.Maybe Prelude.Text)
+aclGrantee_id = Lens.lens (\AclGrantee' {id} -> id) (\s@AclGrantee' {} a -> s {id = a} :: AclGrantee)
+
+-- | Used for granting permissions to a predefined group.
+aclGrantee_uri :: Lens.Lens' AclGrantee (Prelude.Maybe Prelude.Text)
+aclGrantee_uri = Lens.lens (\AclGrantee' {uri} -> uri) (\s@AclGrantee' {} a -> s {uri = a} :: AclGrantee)
+
+instance Data.FromJSON AclGrantee where
+  parseJSON =
+    Data.withObject
+      "AclGrantee"
+      ( \x ->
+          AclGrantee'
+            Prelude.<$> (x Data..:? "id")
+            Prelude.<*> (x Data..:? "uri")
+      )
+
+instance Prelude.Hashable AclGrantee where
+  hashWithSalt _salt AclGrantee' {..} =
+    _salt
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` uri
+
+instance Prelude.NFData AclGrantee where
+  rnf AclGrantee' {..} =
+    Prelude.rnf id `Prelude.seq` Prelude.rnf uri
+
+instance Data.ToJSON AclGrantee where
+  toJSON AclGrantee' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("id" Data..=) Prelude.<$> id,
+            ("uri" Data..=) Prelude.<$> uri
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AclPermission.hs b/gen/Amazonka/AccessAnalyzer/Types/AclPermission.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AclPermission.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AclPermission
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AclPermission
+  ( AclPermission
+      ( ..,
+        AclPermission_FULL_CONTROL,
+        AclPermission_READ,
+        AclPermission_READ_ACP,
+        AclPermission_WRITE,
+        AclPermission_WRITE_ACP
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AclPermission = AclPermission'
+  { fromAclPermission ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AclPermission_FULL_CONTROL :: AclPermission
+pattern AclPermission_FULL_CONTROL = AclPermission' "FULL_CONTROL"
+
+pattern AclPermission_READ :: AclPermission
+pattern AclPermission_READ = AclPermission' "READ"
+
+pattern AclPermission_READ_ACP :: AclPermission
+pattern AclPermission_READ_ACP = AclPermission' "READ_ACP"
+
+pattern AclPermission_WRITE :: AclPermission
+pattern AclPermission_WRITE = AclPermission' "WRITE"
+
+pattern AclPermission_WRITE_ACP :: AclPermission
+pattern AclPermission_WRITE_ACP = AclPermission' "WRITE_ACP"
+
+{-# COMPLETE
+  AclPermission_FULL_CONTROL,
+  AclPermission_READ,
+  AclPermission_READ_ACP,
+  AclPermission_WRITE,
+  AclPermission_WRITE_ACP,
+  AclPermission'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AnalyzedResource.hs b/gen/Amazonka/AccessAnalyzer/Types/AnalyzedResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AnalyzedResource.hs
@@ -0,0 +1,224 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AnalyzedResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AnalyzedResource where
+
+import Amazonka.AccessAnalyzer.Types.FindingStatus
+import Amazonka.AccessAnalyzer.Types.ResourceType
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains details about the analyzed resource.
+--
+-- /See:/ 'newAnalyzedResource' smart constructor.
+data AnalyzedResource = AnalyzedResource'
+  { -- | The actions that an external principal is granted permission to use by
+    -- the policy that generated the finding.
+    actions :: Prelude.Maybe [Prelude.Text],
+    -- | An error message.
+    error :: Prelude.Maybe Prelude.Text,
+    -- | Indicates how the access that generated the finding is granted. This is
+    -- populated for Amazon S3 bucket findings.
+    sharedVia :: Prelude.Maybe [Prelude.Text],
+    -- | The current status of the finding generated from the analyzed resource.
+    status :: Prelude.Maybe FindingStatus,
+    -- | The ARN of the resource that was analyzed.
+    resourceArn :: Prelude.Text,
+    -- | The type of the resource that was analyzed.
+    resourceType :: ResourceType,
+    -- | The time at which the finding was created.
+    createdAt :: Data.ISO8601,
+    -- | The time at which the resource was analyzed.
+    analyzedAt :: Data.ISO8601,
+    -- | The time at which the finding was updated.
+    updatedAt :: Data.ISO8601,
+    -- | Indicates whether the policy that generated the finding grants public
+    -- access to the resource.
+    isPublic :: Prelude.Bool,
+    -- | The Amazon Web Services account ID that owns the resource.
+    resourceOwnerAccount :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AnalyzedResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actions', 'analyzedResource_actions' - The actions that an external principal is granted permission to use by
+-- the policy that generated the finding.
+--
+-- 'error', 'analyzedResource_error' - An error message.
+--
+-- 'sharedVia', 'analyzedResource_sharedVia' - Indicates how the access that generated the finding is granted. This is
+-- populated for Amazon S3 bucket findings.
+--
+-- 'status', 'analyzedResource_status' - The current status of the finding generated from the analyzed resource.
+--
+-- 'resourceArn', 'analyzedResource_resourceArn' - The ARN of the resource that was analyzed.
+--
+-- 'resourceType', 'analyzedResource_resourceType' - The type of the resource that was analyzed.
+--
+-- 'createdAt', 'analyzedResource_createdAt' - The time at which the finding was created.
+--
+-- 'analyzedAt', 'analyzedResource_analyzedAt' - The time at which the resource was analyzed.
+--
+-- 'updatedAt', 'analyzedResource_updatedAt' - The time at which the finding was updated.
+--
+-- 'isPublic', 'analyzedResource_isPublic' - Indicates whether the policy that generated the finding grants public
+-- access to the resource.
+--
+-- 'resourceOwnerAccount', 'analyzedResource_resourceOwnerAccount' - The Amazon Web Services account ID that owns the resource.
+newAnalyzedResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  -- | 'resourceType'
+  ResourceType ->
+  -- | 'createdAt'
+  Prelude.UTCTime ->
+  -- | 'analyzedAt'
+  Prelude.UTCTime ->
+  -- | 'updatedAt'
+  Prelude.UTCTime ->
+  -- | 'isPublic'
+  Prelude.Bool ->
+  -- | 'resourceOwnerAccount'
+  Prelude.Text ->
+  AnalyzedResource
+newAnalyzedResource
+  pResourceArn_
+  pResourceType_
+  pCreatedAt_
+  pAnalyzedAt_
+  pUpdatedAt_
+  pIsPublic_
+  pResourceOwnerAccount_ =
+    AnalyzedResource'
+      { actions = Prelude.Nothing,
+        error = Prelude.Nothing,
+        sharedVia = Prelude.Nothing,
+        status = Prelude.Nothing,
+        resourceArn = pResourceArn_,
+        resourceType = pResourceType_,
+        createdAt = Data._Time Lens.# pCreatedAt_,
+        analyzedAt = Data._Time Lens.# pAnalyzedAt_,
+        updatedAt = Data._Time Lens.# pUpdatedAt_,
+        isPublic = pIsPublic_,
+        resourceOwnerAccount = pResourceOwnerAccount_
+      }
+
+-- | The actions that an external principal is granted permission to use by
+-- the policy that generated the finding.
+analyzedResource_actions :: Lens.Lens' AnalyzedResource (Prelude.Maybe [Prelude.Text])
+analyzedResource_actions = Lens.lens (\AnalyzedResource' {actions} -> actions) (\s@AnalyzedResource' {} a -> s {actions = a} :: AnalyzedResource) Prelude.. Lens.mapping Lens.coerced
+
+-- | An error message.
+analyzedResource_error :: Lens.Lens' AnalyzedResource (Prelude.Maybe Prelude.Text)
+analyzedResource_error = Lens.lens (\AnalyzedResource' {error} -> error) (\s@AnalyzedResource' {} a -> s {error = a} :: AnalyzedResource)
+
+-- | Indicates how the access that generated the finding is granted. This is
+-- populated for Amazon S3 bucket findings.
+analyzedResource_sharedVia :: Lens.Lens' AnalyzedResource (Prelude.Maybe [Prelude.Text])
+analyzedResource_sharedVia = Lens.lens (\AnalyzedResource' {sharedVia} -> sharedVia) (\s@AnalyzedResource' {} a -> s {sharedVia = a} :: AnalyzedResource) Prelude.. Lens.mapping Lens.coerced
+
+-- | The current status of the finding generated from the analyzed resource.
+analyzedResource_status :: Lens.Lens' AnalyzedResource (Prelude.Maybe FindingStatus)
+analyzedResource_status = Lens.lens (\AnalyzedResource' {status} -> status) (\s@AnalyzedResource' {} a -> s {status = a} :: AnalyzedResource)
+
+-- | The ARN of the resource that was analyzed.
+analyzedResource_resourceArn :: Lens.Lens' AnalyzedResource Prelude.Text
+analyzedResource_resourceArn = Lens.lens (\AnalyzedResource' {resourceArn} -> resourceArn) (\s@AnalyzedResource' {} a -> s {resourceArn = a} :: AnalyzedResource)
+
+-- | The type of the resource that was analyzed.
+analyzedResource_resourceType :: Lens.Lens' AnalyzedResource ResourceType
+analyzedResource_resourceType = Lens.lens (\AnalyzedResource' {resourceType} -> resourceType) (\s@AnalyzedResource' {} a -> s {resourceType = a} :: AnalyzedResource)
+
+-- | The time at which the finding was created.
+analyzedResource_createdAt :: Lens.Lens' AnalyzedResource Prelude.UTCTime
+analyzedResource_createdAt = Lens.lens (\AnalyzedResource' {createdAt} -> createdAt) (\s@AnalyzedResource' {} a -> s {createdAt = a} :: AnalyzedResource) Prelude.. Data._Time
+
+-- | The time at which the resource was analyzed.
+analyzedResource_analyzedAt :: Lens.Lens' AnalyzedResource Prelude.UTCTime
+analyzedResource_analyzedAt = Lens.lens (\AnalyzedResource' {analyzedAt} -> analyzedAt) (\s@AnalyzedResource' {} a -> s {analyzedAt = a} :: AnalyzedResource) Prelude.. Data._Time
+
+-- | The time at which the finding was updated.
+analyzedResource_updatedAt :: Lens.Lens' AnalyzedResource Prelude.UTCTime
+analyzedResource_updatedAt = Lens.lens (\AnalyzedResource' {updatedAt} -> updatedAt) (\s@AnalyzedResource' {} a -> s {updatedAt = a} :: AnalyzedResource) Prelude.. Data._Time
+
+-- | Indicates whether the policy that generated the finding grants public
+-- access to the resource.
+analyzedResource_isPublic :: Lens.Lens' AnalyzedResource Prelude.Bool
+analyzedResource_isPublic = Lens.lens (\AnalyzedResource' {isPublic} -> isPublic) (\s@AnalyzedResource' {} a -> s {isPublic = a} :: AnalyzedResource)
+
+-- | The Amazon Web Services account ID that owns the resource.
+analyzedResource_resourceOwnerAccount :: Lens.Lens' AnalyzedResource Prelude.Text
+analyzedResource_resourceOwnerAccount = Lens.lens (\AnalyzedResource' {resourceOwnerAccount} -> resourceOwnerAccount) (\s@AnalyzedResource' {} a -> s {resourceOwnerAccount = a} :: AnalyzedResource)
+
+instance Data.FromJSON AnalyzedResource where
+  parseJSON =
+    Data.withObject
+      "AnalyzedResource"
+      ( \x ->
+          AnalyzedResource'
+            Prelude.<$> (x Data..:? "actions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "error")
+            Prelude.<*> (x Data..:? "sharedVia" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "status")
+            Prelude.<*> (x Data..: "resourceArn")
+            Prelude.<*> (x Data..: "resourceType")
+            Prelude.<*> (x Data..: "createdAt")
+            Prelude.<*> (x Data..: "analyzedAt")
+            Prelude.<*> (x Data..: "updatedAt")
+            Prelude.<*> (x Data..: "isPublic")
+            Prelude.<*> (x Data..: "resourceOwnerAccount")
+      )
+
+instance Prelude.Hashable AnalyzedResource where
+  hashWithSalt _salt AnalyzedResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` actions
+      `Prelude.hashWithSalt` error
+      `Prelude.hashWithSalt` sharedVia
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` analyzedAt
+      `Prelude.hashWithSalt` updatedAt
+      `Prelude.hashWithSalt` isPublic
+      `Prelude.hashWithSalt` resourceOwnerAccount
+
+instance Prelude.NFData AnalyzedResource where
+  rnf AnalyzedResource' {..} =
+    Prelude.rnf actions
+      `Prelude.seq` Prelude.rnf error
+      `Prelude.seq` Prelude.rnf sharedVia
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf analyzedAt
+      `Prelude.seq` Prelude.rnf updatedAt
+      `Prelude.seq` Prelude.rnf isPublic
+      `Prelude.seq` Prelude.rnf resourceOwnerAccount
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AnalyzedResourceSummary.hs b/gen/Amazonka/AccessAnalyzer/Types/AnalyzedResourceSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AnalyzedResourceSummary.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AnalyzedResourceSummary where
+
+import Amazonka.AccessAnalyzer.Types.ResourceType
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the ARN of the analyzed resource.
+--
+-- /See:/ 'newAnalyzedResourceSummary' smart constructor.
+data AnalyzedResourceSummary = AnalyzedResourceSummary'
+  { -- | The ARN of the analyzed resource.
+    resourceArn :: Prelude.Text,
+    -- | The Amazon Web Services account ID that owns the resource.
+    resourceOwnerAccount :: Prelude.Text,
+    -- | The type of resource that was analyzed.
+    resourceType :: ResourceType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AnalyzedResourceSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'analyzedResourceSummary_resourceArn' - The ARN of the analyzed resource.
+--
+-- 'resourceOwnerAccount', 'analyzedResourceSummary_resourceOwnerAccount' - The Amazon Web Services account ID that owns the resource.
+--
+-- 'resourceType', 'analyzedResourceSummary_resourceType' - The type of resource that was analyzed.
+newAnalyzedResourceSummary ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  -- | 'resourceOwnerAccount'
+  Prelude.Text ->
+  -- | 'resourceType'
+  ResourceType ->
+  AnalyzedResourceSummary
+newAnalyzedResourceSummary
+  pResourceArn_
+  pResourceOwnerAccount_
+  pResourceType_ =
+    AnalyzedResourceSummary'
+      { resourceArn =
+          pResourceArn_,
+        resourceOwnerAccount = pResourceOwnerAccount_,
+        resourceType = pResourceType_
+      }
+
+-- | The ARN of the analyzed resource.
+analyzedResourceSummary_resourceArn :: Lens.Lens' AnalyzedResourceSummary Prelude.Text
+analyzedResourceSummary_resourceArn = Lens.lens (\AnalyzedResourceSummary' {resourceArn} -> resourceArn) (\s@AnalyzedResourceSummary' {} a -> s {resourceArn = a} :: AnalyzedResourceSummary)
+
+-- | The Amazon Web Services account ID that owns the resource.
+analyzedResourceSummary_resourceOwnerAccount :: Lens.Lens' AnalyzedResourceSummary Prelude.Text
+analyzedResourceSummary_resourceOwnerAccount = Lens.lens (\AnalyzedResourceSummary' {resourceOwnerAccount} -> resourceOwnerAccount) (\s@AnalyzedResourceSummary' {} a -> s {resourceOwnerAccount = a} :: AnalyzedResourceSummary)
+
+-- | The type of resource that was analyzed.
+analyzedResourceSummary_resourceType :: Lens.Lens' AnalyzedResourceSummary ResourceType
+analyzedResourceSummary_resourceType = Lens.lens (\AnalyzedResourceSummary' {resourceType} -> resourceType) (\s@AnalyzedResourceSummary' {} a -> s {resourceType = a} :: AnalyzedResourceSummary)
+
+instance Data.FromJSON AnalyzedResourceSummary where
+  parseJSON =
+    Data.withObject
+      "AnalyzedResourceSummary"
+      ( \x ->
+          AnalyzedResourceSummary'
+            Prelude.<$> (x Data..: "resourceArn")
+            Prelude.<*> (x Data..: "resourceOwnerAccount")
+            Prelude.<*> (x Data..: "resourceType")
+      )
+
+instance Prelude.Hashable AnalyzedResourceSummary where
+  hashWithSalt _salt AnalyzedResourceSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` resourceOwnerAccount
+      `Prelude.hashWithSalt` resourceType
+
+instance Prelude.NFData AnalyzedResourceSummary where
+  rnf AnalyzedResourceSummary' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf resourceOwnerAccount
+      `Prelude.seq` Prelude.rnf resourceType
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AnalyzerStatus.hs b/gen/Amazonka/AccessAnalyzer/Types/AnalyzerStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AnalyzerStatus.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AnalyzerStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AnalyzerStatus
+  ( AnalyzerStatus
+      ( ..,
+        AnalyzerStatus_ACTIVE,
+        AnalyzerStatus_CREATING,
+        AnalyzerStatus_DISABLED,
+        AnalyzerStatus_FAILED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AnalyzerStatus = AnalyzerStatus'
+  { fromAnalyzerStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AnalyzerStatus_ACTIVE :: AnalyzerStatus
+pattern AnalyzerStatus_ACTIVE = AnalyzerStatus' "ACTIVE"
+
+pattern AnalyzerStatus_CREATING :: AnalyzerStatus
+pattern AnalyzerStatus_CREATING = AnalyzerStatus' "CREATING"
+
+pattern AnalyzerStatus_DISABLED :: AnalyzerStatus
+pattern AnalyzerStatus_DISABLED = AnalyzerStatus' "DISABLED"
+
+pattern AnalyzerStatus_FAILED :: AnalyzerStatus
+pattern AnalyzerStatus_FAILED = AnalyzerStatus' "FAILED"
+
+{-# COMPLETE
+  AnalyzerStatus_ACTIVE,
+  AnalyzerStatus_CREATING,
+  AnalyzerStatus_DISABLED,
+  AnalyzerStatus_FAILED,
+  AnalyzerStatus'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/AnalyzerSummary.hs b/gen/Amazonka/AccessAnalyzer/Types/AnalyzerSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/AnalyzerSummary.hs
@@ -0,0 +1,223 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.AnalyzerSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.AnalyzerSummary where
+
+import Amazonka.AccessAnalyzer.Types.AnalyzerStatus
+import Amazonka.AccessAnalyzer.Types.StatusReason
+import Amazonka.AccessAnalyzer.Types.Type
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the analyzer.
+--
+-- /See:/ 'newAnalyzerSummary' smart constructor.
+data AnalyzerSummary = AnalyzerSummary'
+  { -- | The resource that was most recently analyzed by the analyzer.
+    lastResourceAnalyzed :: Prelude.Maybe Prelude.Text,
+    -- | The time at which the most recently analyzed resource was analyzed.
+    lastResourceAnalyzedAt :: Prelude.Maybe Data.ISO8601,
+    -- | The @statusReason@ provides more details about the current status of the
+    -- analyzer. For example, if the creation for the analyzer fails, a
+    -- @Failed@ status is returned. For an analyzer with organization as the
+    -- type, this failure can be due to an issue with creating the
+    -- service-linked roles required in the member accounts of the Amazon Web
+    -- Services organization.
+    statusReason :: Prelude.Maybe StatusReason,
+    -- | The tags added to the analyzer.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The ARN of the analyzer.
+    arn :: Prelude.Text,
+    -- | The name of the analyzer.
+    name :: Prelude.Text,
+    -- | The type of analyzer, which corresponds to the zone of trust chosen for
+    -- the analyzer.
+    type' :: Type,
+    -- | A timestamp for the time at which the analyzer was created.
+    createdAt :: Data.ISO8601,
+    -- | The status of the analyzer. An @Active@ analyzer successfully monitors
+    -- supported resources and generates new findings. The analyzer is
+    -- @Disabled@ when a user action, such as removing trusted access for
+    -- Identity and Access Management Access Analyzer from Organizations,
+    -- causes the analyzer to stop generating new findings. The status is
+    -- @Creating@ when the analyzer creation is in progress and @Failed@ when
+    -- the analyzer creation has failed.
+    status :: AnalyzerStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AnalyzerSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'lastResourceAnalyzed', 'analyzerSummary_lastResourceAnalyzed' - The resource that was most recently analyzed by the analyzer.
+--
+-- 'lastResourceAnalyzedAt', 'analyzerSummary_lastResourceAnalyzedAt' - The time at which the most recently analyzed resource was analyzed.
+--
+-- 'statusReason', 'analyzerSummary_statusReason' - The @statusReason@ provides more details about the current status of the
+-- analyzer. For example, if the creation for the analyzer fails, a
+-- @Failed@ status is returned. For an analyzer with organization as the
+-- type, this failure can be due to an issue with creating the
+-- service-linked roles required in the member accounts of the Amazon Web
+-- Services organization.
+--
+-- 'tags', 'analyzerSummary_tags' - The tags added to the analyzer.
+--
+-- 'arn', 'analyzerSummary_arn' - The ARN of the analyzer.
+--
+-- 'name', 'analyzerSummary_name' - The name of the analyzer.
+--
+-- 'type'', 'analyzerSummary_type' - The type of analyzer, which corresponds to the zone of trust chosen for
+-- the analyzer.
+--
+-- 'createdAt', 'analyzerSummary_createdAt' - A timestamp for the time at which the analyzer was created.
+--
+-- 'status', 'analyzerSummary_status' - The status of the analyzer. An @Active@ analyzer successfully monitors
+-- supported resources and generates new findings. The analyzer is
+-- @Disabled@ when a user action, such as removing trusted access for
+-- Identity and Access Management Access Analyzer from Organizations,
+-- causes the analyzer to stop generating new findings. The status is
+-- @Creating@ when the analyzer creation is in progress and @Failed@ when
+-- the analyzer creation has failed.
+newAnalyzerSummary ::
+  -- | 'arn'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'type''
+  Type ->
+  -- | 'createdAt'
+  Prelude.UTCTime ->
+  -- | 'status'
+  AnalyzerStatus ->
+  AnalyzerSummary
+newAnalyzerSummary
+  pArn_
+  pName_
+  pType_
+  pCreatedAt_
+  pStatus_ =
+    AnalyzerSummary'
+      { lastResourceAnalyzed =
+          Prelude.Nothing,
+        lastResourceAnalyzedAt = Prelude.Nothing,
+        statusReason = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        arn = pArn_,
+        name = pName_,
+        type' = pType_,
+        createdAt = Data._Time Lens.# pCreatedAt_,
+        status = pStatus_
+      }
+
+-- | The resource that was most recently analyzed by the analyzer.
+analyzerSummary_lastResourceAnalyzed :: Lens.Lens' AnalyzerSummary (Prelude.Maybe Prelude.Text)
+analyzerSummary_lastResourceAnalyzed = Lens.lens (\AnalyzerSummary' {lastResourceAnalyzed} -> lastResourceAnalyzed) (\s@AnalyzerSummary' {} a -> s {lastResourceAnalyzed = a} :: AnalyzerSummary)
+
+-- | The time at which the most recently analyzed resource was analyzed.
+analyzerSummary_lastResourceAnalyzedAt :: Lens.Lens' AnalyzerSummary (Prelude.Maybe Prelude.UTCTime)
+analyzerSummary_lastResourceAnalyzedAt = Lens.lens (\AnalyzerSummary' {lastResourceAnalyzedAt} -> lastResourceAnalyzedAt) (\s@AnalyzerSummary' {} a -> s {lastResourceAnalyzedAt = a} :: AnalyzerSummary) Prelude.. Lens.mapping Data._Time
+
+-- | The @statusReason@ provides more details about the current status of the
+-- analyzer. For example, if the creation for the analyzer fails, a
+-- @Failed@ status is returned. For an analyzer with organization as the
+-- type, this failure can be due to an issue with creating the
+-- service-linked roles required in the member accounts of the Amazon Web
+-- Services organization.
+analyzerSummary_statusReason :: Lens.Lens' AnalyzerSummary (Prelude.Maybe StatusReason)
+analyzerSummary_statusReason = Lens.lens (\AnalyzerSummary' {statusReason} -> statusReason) (\s@AnalyzerSummary' {} a -> s {statusReason = a} :: AnalyzerSummary)
+
+-- | The tags added to the analyzer.
+analyzerSummary_tags :: Lens.Lens' AnalyzerSummary (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+analyzerSummary_tags = Lens.lens (\AnalyzerSummary' {tags} -> tags) (\s@AnalyzerSummary' {} a -> s {tags = a} :: AnalyzerSummary) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the analyzer.
+analyzerSummary_arn :: Lens.Lens' AnalyzerSummary Prelude.Text
+analyzerSummary_arn = Lens.lens (\AnalyzerSummary' {arn} -> arn) (\s@AnalyzerSummary' {} a -> s {arn = a} :: AnalyzerSummary)
+
+-- | The name of the analyzer.
+analyzerSummary_name :: Lens.Lens' AnalyzerSummary Prelude.Text
+analyzerSummary_name = Lens.lens (\AnalyzerSummary' {name} -> name) (\s@AnalyzerSummary' {} a -> s {name = a} :: AnalyzerSummary)
+
+-- | The type of analyzer, which corresponds to the zone of trust chosen for
+-- the analyzer.
+analyzerSummary_type :: Lens.Lens' AnalyzerSummary Type
+analyzerSummary_type = Lens.lens (\AnalyzerSummary' {type'} -> type') (\s@AnalyzerSummary' {} a -> s {type' = a} :: AnalyzerSummary)
+
+-- | A timestamp for the time at which the analyzer was created.
+analyzerSummary_createdAt :: Lens.Lens' AnalyzerSummary Prelude.UTCTime
+analyzerSummary_createdAt = Lens.lens (\AnalyzerSummary' {createdAt} -> createdAt) (\s@AnalyzerSummary' {} a -> s {createdAt = a} :: AnalyzerSummary) Prelude.. Data._Time
+
+-- | The status of the analyzer. An @Active@ analyzer successfully monitors
+-- supported resources and generates new findings. The analyzer is
+-- @Disabled@ when a user action, such as removing trusted access for
+-- Identity and Access Management Access Analyzer from Organizations,
+-- causes the analyzer to stop generating new findings. The status is
+-- @Creating@ when the analyzer creation is in progress and @Failed@ when
+-- the analyzer creation has failed.
+analyzerSummary_status :: Lens.Lens' AnalyzerSummary AnalyzerStatus
+analyzerSummary_status = Lens.lens (\AnalyzerSummary' {status} -> status) (\s@AnalyzerSummary' {} a -> s {status = a} :: AnalyzerSummary)
+
+instance Data.FromJSON AnalyzerSummary where
+  parseJSON =
+    Data.withObject
+      "AnalyzerSummary"
+      ( \x ->
+          AnalyzerSummary'
+            Prelude.<$> (x Data..:? "lastResourceAnalyzed")
+            Prelude.<*> (x Data..:? "lastResourceAnalyzedAt")
+            Prelude.<*> (x Data..:? "statusReason")
+            Prelude.<*> (x Data..:? "tags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "arn")
+            Prelude.<*> (x Data..: "name")
+            Prelude.<*> (x Data..: "type")
+            Prelude.<*> (x Data..: "createdAt")
+            Prelude.<*> (x Data..: "status")
+      )
+
+instance Prelude.Hashable AnalyzerSummary where
+  hashWithSalt _salt AnalyzerSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` lastResourceAnalyzed
+      `Prelude.hashWithSalt` lastResourceAnalyzedAt
+      `Prelude.hashWithSalt` statusReason
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AnalyzerSummary where
+  rnf AnalyzerSummary' {..} =
+    Prelude.rnf lastResourceAnalyzed
+      `Prelude.seq` Prelude.rnf lastResourceAnalyzedAt
+      `Prelude.seq` Prelude.rnf statusReason
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/AccessAnalyzer/Types/ArchiveRuleSummary.hs b/gen/Amazonka/AccessAnalyzer/Types/ArchiveRuleSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/ArchiveRuleSummary.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.ArchiveRuleSummary where
+
+import Amazonka.AccessAnalyzer.Types.Criterion
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about an archive rule.
+--
+-- /See:/ 'newArchiveRuleSummary' smart constructor.
+data ArchiveRuleSummary = ArchiveRuleSummary'
+  { -- | The name of the archive rule.
+    ruleName :: Prelude.Text,
+    -- | A filter used to define the archive rule.
+    filter' :: Prelude.HashMap Prelude.Text Criterion,
+    -- | The time at which the archive rule was created.
+    createdAt :: Data.ISO8601,
+    -- | The time at which the archive rule was last updated.
+    updatedAt :: Data.ISO8601
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ArchiveRuleSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ruleName', 'archiveRuleSummary_ruleName' - The name of the archive rule.
+--
+-- 'filter'', 'archiveRuleSummary_filter' - A filter used to define the archive rule.
+--
+-- 'createdAt', 'archiveRuleSummary_createdAt' - The time at which the archive rule was created.
+--
+-- 'updatedAt', 'archiveRuleSummary_updatedAt' - The time at which the archive rule was last updated.
+newArchiveRuleSummary ::
+  -- | 'ruleName'
+  Prelude.Text ->
+  -- | 'createdAt'
+  Prelude.UTCTime ->
+  -- | 'updatedAt'
+  Prelude.UTCTime ->
+  ArchiveRuleSummary
+newArchiveRuleSummary
+  pRuleName_
+  pCreatedAt_
+  pUpdatedAt_ =
+    ArchiveRuleSummary'
+      { ruleName = pRuleName_,
+        filter' = Prelude.mempty,
+        createdAt = Data._Time Lens.# pCreatedAt_,
+        updatedAt = Data._Time Lens.# pUpdatedAt_
+      }
+
+-- | The name of the archive rule.
+archiveRuleSummary_ruleName :: Lens.Lens' ArchiveRuleSummary Prelude.Text
+archiveRuleSummary_ruleName = Lens.lens (\ArchiveRuleSummary' {ruleName} -> ruleName) (\s@ArchiveRuleSummary' {} a -> s {ruleName = a} :: ArchiveRuleSummary)
+
+-- | A filter used to define the archive rule.
+archiveRuleSummary_filter :: Lens.Lens' ArchiveRuleSummary (Prelude.HashMap Prelude.Text Criterion)
+archiveRuleSummary_filter = Lens.lens (\ArchiveRuleSummary' {filter'} -> filter') (\s@ArchiveRuleSummary' {} a -> s {filter' = a} :: ArchiveRuleSummary) Prelude.. Lens.coerced
+
+-- | The time at which the archive rule was created.
+archiveRuleSummary_createdAt :: Lens.Lens' ArchiveRuleSummary Prelude.UTCTime
+archiveRuleSummary_createdAt = Lens.lens (\ArchiveRuleSummary' {createdAt} -> createdAt) (\s@ArchiveRuleSummary' {} a -> s {createdAt = a} :: ArchiveRuleSummary) Prelude.. Data._Time
+
+-- | The time at which the archive rule was last updated.
+archiveRuleSummary_updatedAt :: Lens.Lens' ArchiveRuleSummary Prelude.UTCTime
+archiveRuleSummary_updatedAt = Lens.lens (\ArchiveRuleSummary' {updatedAt} -> updatedAt) (\s@ArchiveRuleSummary' {} a -> s {updatedAt = a} :: ArchiveRuleSummary) Prelude.. Data._Time
+
+instance Data.FromJSON ArchiveRuleSummary where
+  parseJSON =
+    Data.withObject
+      "ArchiveRuleSummary"
+      ( \x ->
+          ArchiveRuleSummary'
+            Prelude.<$> (x Data..: "ruleName")
+            Prelude.<*> (x Data..:? "filter" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "createdAt")
+            Prelude.<*> (x Data..: "updatedAt")
+      )
+
+instance Prelude.Hashable ArchiveRuleSummary where
+  hashWithSalt _salt ArchiveRuleSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` ruleName
+      `Prelude.hashWithSalt` filter'
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` updatedAt
+
+instance Prelude.NFData ArchiveRuleSummary where
+  rnf ArchiveRuleSummary' {..} =
+    Prelude.rnf ruleName
+      `Prelude.seq` Prelude.rnf filter'
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf updatedAt
diff --git a/gen/Amazonka/AccessAnalyzer/Types/CloudTrailDetails.hs b/gen/Amazonka/AccessAnalyzer/Types/CloudTrailDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/CloudTrailDetails.hs
@@ -0,0 +1,130 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.CloudTrailDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.CloudTrailDetails where
+
+import Amazonka.AccessAnalyzer.Types.Trail
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about CloudTrail access.
+--
+-- /See:/ 'newCloudTrailDetails' smart constructor.
+data CloudTrailDetails = CloudTrailDetails'
+  { -- | The end of the time range for which IAM Access Analyzer reviews your
+    -- CloudTrail events. Events with a timestamp after this time are not
+    -- considered to generate a policy. If this is not included in the request,
+    -- the default value is the current time.
+    endTime :: Prelude.Maybe Data.ISO8601,
+    -- | A @Trail@ object that contains settings for a trail.
+    trails :: [Trail],
+    -- | The ARN of the service role that IAM Access Analyzer uses to access your
+    -- CloudTrail trail and service last accessed information.
+    accessRole :: Prelude.Text,
+    -- | The start of the time range for which IAM Access Analyzer reviews your
+    -- CloudTrail events. Events with a timestamp before this time are not
+    -- considered to generate a policy.
+    startTime :: Data.ISO8601
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CloudTrailDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'endTime', 'cloudTrailDetails_endTime' - The end of the time range for which IAM Access Analyzer reviews your
+-- CloudTrail events. Events with a timestamp after this time are not
+-- considered to generate a policy. If this is not included in the request,
+-- the default value is the current time.
+--
+-- 'trails', 'cloudTrailDetails_trails' - A @Trail@ object that contains settings for a trail.
+--
+-- 'accessRole', 'cloudTrailDetails_accessRole' - The ARN of the service role that IAM Access Analyzer uses to access your
+-- CloudTrail trail and service last accessed information.
+--
+-- 'startTime', 'cloudTrailDetails_startTime' - The start of the time range for which IAM Access Analyzer reviews your
+-- CloudTrail events. Events with a timestamp before this time are not
+-- considered to generate a policy.
+newCloudTrailDetails ::
+  -- | 'accessRole'
+  Prelude.Text ->
+  -- | 'startTime'
+  Prelude.UTCTime ->
+  CloudTrailDetails
+newCloudTrailDetails pAccessRole_ pStartTime_ =
+  CloudTrailDetails'
+    { endTime = Prelude.Nothing,
+      trails = Prelude.mempty,
+      accessRole = pAccessRole_,
+      startTime = Data._Time Lens.# pStartTime_
+    }
+
+-- | The end of the time range for which IAM Access Analyzer reviews your
+-- CloudTrail events. Events with a timestamp after this time are not
+-- considered to generate a policy. If this is not included in the request,
+-- the default value is the current time.
+cloudTrailDetails_endTime :: Lens.Lens' CloudTrailDetails (Prelude.Maybe Prelude.UTCTime)
+cloudTrailDetails_endTime = Lens.lens (\CloudTrailDetails' {endTime} -> endTime) (\s@CloudTrailDetails' {} a -> s {endTime = a} :: CloudTrailDetails) Prelude.. Lens.mapping Data._Time
+
+-- | A @Trail@ object that contains settings for a trail.
+cloudTrailDetails_trails :: Lens.Lens' CloudTrailDetails [Trail]
+cloudTrailDetails_trails = Lens.lens (\CloudTrailDetails' {trails} -> trails) (\s@CloudTrailDetails' {} a -> s {trails = a} :: CloudTrailDetails) Prelude.. Lens.coerced
+
+-- | The ARN of the service role that IAM Access Analyzer uses to access your
+-- CloudTrail trail and service last accessed information.
+cloudTrailDetails_accessRole :: Lens.Lens' CloudTrailDetails Prelude.Text
+cloudTrailDetails_accessRole = Lens.lens (\CloudTrailDetails' {accessRole} -> accessRole) (\s@CloudTrailDetails' {} a -> s {accessRole = a} :: CloudTrailDetails)
+
+-- | The start of the time range for which IAM Access Analyzer reviews your
+-- CloudTrail events. Events with a timestamp before this time are not
+-- considered to generate a policy.
+cloudTrailDetails_startTime :: Lens.Lens' CloudTrailDetails Prelude.UTCTime
+cloudTrailDetails_startTime = Lens.lens (\CloudTrailDetails' {startTime} -> startTime) (\s@CloudTrailDetails' {} a -> s {startTime = a} :: CloudTrailDetails) Prelude.. Data._Time
+
+instance Prelude.Hashable CloudTrailDetails where
+  hashWithSalt _salt CloudTrailDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` endTime
+      `Prelude.hashWithSalt` trails
+      `Prelude.hashWithSalt` accessRole
+      `Prelude.hashWithSalt` startTime
+
+instance Prelude.NFData CloudTrailDetails where
+  rnf CloudTrailDetails' {..} =
+    Prelude.rnf endTime
+      `Prelude.seq` Prelude.rnf trails
+      `Prelude.seq` Prelude.rnf accessRole
+      `Prelude.seq` Prelude.rnf startTime
+
+instance Data.ToJSON CloudTrailDetails where
+  toJSON CloudTrailDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("endTime" Data..=) Prelude.<$> endTime,
+            Prelude.Just ("trails" Data..= trails),
+            Prelude.Just ("accessRole" Data..= accessRole),
+            Prelude.Just ("startTime" Data..= startTime)
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/CloudTrailProperties.hs b/gen/Amazonka/AccessAnalyzer/Types/CloudTrailProperties.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/CloudTrailProperties.hs
@@ -0,0 +1,120 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.CloudTrailProperties
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.CloudTrailProperties where
+
+import Amazonka.AccessAnalyzer.Types.TrailProperties
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about CloudTrail access.
+--
+-- /See:/ 'newCloudTrailProperties' smart constructor.
+data CloudTrailProperties = CloudTrailProperties'
+  { -- | A @TrailProperties@ object that contains settings for trail properties.
+    trailProperties :: [TrailProperties],
+    -- | The start of the time range for which IAM Access Analyzer reviews your
+    -- CloudTrail events. Events with a timestamp before this time are not
+    -- considered to generate a policy.
+    startTime :: Data.ISO8601,
+    -- | The end of the time range for which IAM Access Analyzer reviews your
+    -- CloudTrail events. Events with a timestamp after this time are not
+    -- considered to generate a policy. If this is not included in the request,
+    -- the default value is the current time.
+    endTime :: Data.ISO8601
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CloudTrailProperties' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'trailProperties', 'cloudTrailProperties_trailProperties' - A @TrailProperties@ object that contains settings for trail properties.
+--
+-- 'startTime', 'cloudTrailProperties_startTime' - The start of the time range for which IAM Access Analyzer reviews your
+-- CloudTrail events. Events with a timestamp before this time are not
+-- considered to generate a policy.
+--
+-- 'endTime', 'cloudTrailProperties_endTime' - The end of the time range for which IAM Access Analyzer reviews your
+-- CloudTrail events. Events with a timestamp after this time are not
+-- considered to generate a policy. If this is not included in the request,
+-- the default value is the current time.
+newCloudTrailProperties ::
+  -- | 'startTime'
+  Prelude.UTCTime ->
+  -- | 'endTime'
+  Prelude.UTCTime ->
+  CloudTrailProperties
+newCloudTrailProperties pStartTime_ pEndTime_ =
+  CloudTrailProperties'
+    { trailProperties =
+        Prelude.mempty,
+      startTime = Data._Time Lens.# pStartTime_,
+      endTime = Data._Time Lens.# pEndTime_
+    }
+
+-- | A @TrailProperties@ object that contains settings for trail properties.
+cloudTrailProperties_trailProperties :: Lens.Lens' CloudTrailProperties [TrailProperties]
+cloudTrailProperties_trailProperties = Lens.lens (\CloudTrailProperties' {trailProperties} -> trailProperties) (\s@CloudTrailProperties' {} a -> s {trailProperties = a} :: CloudTrailProperties) Prelude.. Lens.coerced
+
+-- | The start of the time range for which IAM Access Analyzer reviews your
+-- CloudTrail events. Events with a timestamp before this time are not
+-- considered to generate a policy.
+cloudTrailProperties_startTime :: Lens.Lens' CloudTrailProperties Prelude.UTCTime
+cloudTrailProperties_startTime = Lens.lens (\CloudTrailProperties' {startTime} -> startTime) (\s@CloudTrailProperties' {} a -> s {startTime = a} :: CloudTrailProperties) Prelude.. Data._Time
+
+-- | The end of the time range for which IAM Access Analyzer reviews your
+-- CloudTrail events. Events with a timestamp after this time are not
+-- considered to generate a policy. If this is not included in the request,
+-- the default value is the current time.
+cloudTrailProperties_endTime :: Lens.Lens' CloudTrailProperties Prelude.UTCTime
+cloudTrailProperties_endTime = Lens.lens (\CloudTrailProperties' {endTime} -> endTime) (\s@CloudTrailProperties' {} a -> s {endTime = a} :: CloudTrailProperties) Prelude.. Data._Time
+
+instance Data.FromJSON CloudTrailProperties where
+  parseJSON =
+    Data.withObject
+      "CloudTrailProperties"
+      ( \x ->
+          CloudTrailProperties'
+            Prelude.<$> ( x
+                            Data..:? "trailProperties"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..: "startTime")
+            Prelude.<*> (x Data..: "endTime")
+      )
+
+instance Prelude.Hashable CloudTrailProperties where
+  hashWithSalt _salt CloudTrailProperties' {..} =
+    _salt
+      `Prelude.hashWithSalt` trailProperties
+      `Prelude.hashWithSalt` startTime
+      `Prelude.hashWithSalt` endTime
+
+instance Prelude.NFData CloudTrailProperties where
+  rnf CloudTrailProperties' {..} =
+    Prelude.rnf trailProperties
+      `Prelude.seq` Prelude.rnf startTime
+      `Prelude.seq` Prelude.rnf endTime
diff --git a/gen/Amazonka/AccessAnalyzer/Types/Configuration.hs b/gen/Amazonka/AccessAnalyzer/Types/Configuration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/Configuration.hs
@@ -0,0 +1,228 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.Configuration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.Configuration where
+
+import Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration
+import Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration
+import Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration
+import Amazonka.AccessAnalyzer.Types.IamRoleConfiguration
+import Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration
+import Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration
+import Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration
+import Amazonka.AccessAnalyzer.Types.S3BucketConfiguration
+import Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration
+import Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration
+import Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Access control configuration structures for your resource. You specify
+-- the configuration as a type-value pair. You can specify only one type of
+-- access control configuration.
+--
+-- /See:/ 'newConfiguration' smart constructor.
+data Configuration = Configuration'
+  { -- | The access control configuration is for an Amazon EBS volume snapshot.
+    ebsSnapshot :: Prelude.Maybe EbsSnapshotConfiguration,
+    -- | The access control configuration is for an Amazon ECR repository.
+    ecrRepository :: Prelude.Maybe EcrRepositoryConfiguration,
+    -- | The access control configuration is for an Amazon EFS file system.
+    efsFileSystem :: Prelude.Maybe EfsFileSystemConfiguration,
+    -- | The access control configuration is for an IAM role.
+    iamRole :: Prelude.Maybe IamRoleConfiguration,
+    -- | The access control configuration is for a KMS key.
+    kmsKey :: Prelude.Maybe KmsKeyConfiguration,
+    -- | The access control configuration is for an Amazon RDS DB cluster
+    -- snapshot.
+    rdsDbClusterSnapshot :: Prelude.Maybe RdsDbClusterSnapshotConfiguration,
+    -- | The access control configuration is for an Amazon RDS DB snapshot.
+    rdsDbSnapshot :: Prelude.Maybe RdsDbSnapshotConfiguration,
+    -- | The access control configuration is for an Amazon S3 Bucket.
+    s3Bucket :: Prelude.Maybe S3BucketConfiguration,
+    -- | The access control configuration is for a Secrets Manager secret.
+    secretsManagerSecret :: Prelude.Maybe SecretsManagerSecretConfiguration,
+    -- | The access control configuration is for an Amazon SNS topic
+    snsTopic :: Prelude.Maybe SnsTopicConfiguration,
+    -- | The access control configuration is for an Amazon SQS queue.
+    sqsQueue :: Prelude.Maybe SqsQueueConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Configuration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ebsSnapshot', 'configuration_ebsSnapshot' - The access control configuration is for an Amazon EBS volume snapshot.
+--
+-- 'ecrRepository', 'configuration_ecrRepository' - The access control configuration is for an Amazon ECR repository.
+--
+-- 'efsFileSystem', 'configuration_efsFileSystem' - The access control configuration is for an Amazon EFS file system.
+--
+-- 'iamRole', 'configuration_iamRole' - The access control configuration is for an IAM role.
+--
+-- 'kmsKey', 'configuration_kmsKey' - The access control configuration is for a KMS key.
+--
+-- 'rdsDbClusterSnapshot', 'configuration_rdsDbClusterSnapshot' - The access control configuration is for an Amazon RDS DB cluster
+-- snapshot.
+--
+-- 'rdsDbSnapshot', 'configuration_rdsDbSnapshot' - The access control configuration is for an Amazon RDS DB snapshot.
+--
+-- 's3Bucket', 'configuration_s3Bucket' - The access control configuration is for an Amazon S3 Bucket.
+--
+-- 'secretsManagerSecret', 'configuration_secretsManagerSecret' - The access control configuration is for a Secrets Manager secret.
+--
+-- 'snsTopic', 'configuration_snsTopic' - The access control configuration is for an Amazon SNS topic
+--
+-- 'sqsQueue', 'configuration_sqsQueue' - The access control configuration is for an Amazon SQS queue.
+newConfiguration ::
+  Configuration
+newConfiguration =
+  Configuration'
+    { ebsSnapshot = Prelude.Nothing,
+      ecrRepository = Prelude.Nothing,
+      efsFileSystem = Prelude.Nothing,
+      iamRole = Prelude.Nothing,
+      kmsKey = Prelude.Nothing,
+      rdsDbClusterSnapshot = Prelude.Nothing,
+      rdsDbSnapshot = Prelude.Nothing,
+      s3Bucket = Prelude.Nothing,
+      secretsManagerSecret = Prelude.Nothing,
+      snsTopic = Prelude.Nothing,
+      sqsQueue = Prelude.Nothing
+    }
+
+-- | The access control configuration is for an Amazon EBS volume snapshot.
+configuration_ebsSnapshot :: Lens.Lens' Configuration (Prelude.Maybe EbsSnapshotConfiguration)
+configuration_ebsSnapshot = Lens.lens (\Configuration' {ebsSnapshot} -> ebsSnapshot) (\s@Configuration' {} a -> s {ebsSnapshot = a} :: Configuration)
+
+-- | The access control configuration is for an Amazon ECR repository.
+configuration_ecrRepository :: Lens.Lens' Configuration (Prelude.Maybe EcrRepositoryConfiguration)
+configuration_ecrRepository = Lens.lens (\Configuration' {ecrRepository} -> ecrRepository) (\s@Configuration' {} a -> s {ecrRepository = a} :: Configuration)
+
+-- | The access control configuration is for an Amazon EFS file system.
+configuration_efsFileSystem :: Lens.Lens' Configuration (Prelude.Maybe EfsFileSystemConfiguration)
+configuration_efsFileSystem = Lens.lens (\Configuration' {efsFileSystem} -> efsFileSystem) (\s@Configuration' {} a -> s {efsFileSystem = a} :: Configuration)
+
+-- | The access control configuration is for an IAM role.
+configuration_iamRole :: Lens.Lens' Configuration (Prelude.Maybe IamRoleConfiguration)
+configuration_iamRole = Lens.lens (\Configuration' {iamRole} -> iamRole) (\s@Configuration' {} a -> s {iamRole = a} :: Configuration)
+
+-- | The access control configuration is for a KMS key.
+configuration_kmsKey :: Lens.Lens' Configuration (Prelude.Maybe KmsKeyConfiguration)
+configuration_kmsKey = Lens.lens (\Configuration' {kmsKey} -> kmsKey) (\s@Configuration' {} a -> s {kmsKey = a} :: Configuration)
+
+-- | The access control configuration is for an Amazon RDS DB cluster
+-- snapshot.
+configuration_rdsDbClusterSnapshot :: Lens.Lens' Configuration (Prelude.Maybe RdsDbClusterSnapshotConfiguration)
+configuration_rdsDbClusterSnapshot = Lens.lens (\Configuration' {rdsDbClusterSnapshot} -> rdsDbClusterSnapshot) (\s@Configuration' {} a -> s {rdsDbClusterSnapshot = a} :: Configuration)
+
+-- | The access control configuration is for an Amazon RDS DB snapshot.
+configuration_rdsDbSnapshot :: Lens.Lens' Configuration (Prelude.Maybe RdsDbSnapshotConfiguration)
+configuration_rdsDbSnapshot = Lens.lens (\Configuration' {rdsDbSnapshot} -> rdsDbSnapshot) (\s@Configuration' {} a -> s {rdsDbSnapshot = a} :: Configuration)
+
+-- | The access control configuration is for an Amazon S3 Bucket.
+configuration_s3Bucket :: Lens.Lens' Configuration (Prelude.Maybe S3BucketConfiguration)
+configuration_s3Bucket = Lens.lens (\Configuration' {s3Bucket} -> s3Bucket) (\s@Configuration' {} a -> s {s3Bucket = a} :: Configuration)
+
+-- | The access control configuration is for a Secrets Manager secret.
+configuration_secretsManagerSecret :: Lens.Lens' Configuration (Prelude.Maybe SecretsManagerSecretConfiguration)
+configuration_secretsManagerSecret = Lens.lens (\Configuration' {secretsManagerSecret} -> secretsManagerSecret) (\s@Configuration' {} a -> s {secretsManagerSecret = a} :: Configuration)
+
+-- | The access control configuration is for an Amazon SNS topic
+configuration_snsTopic :: Lens.Lens' Configuration (Prelude.Maybe SnsTopicConfiguration)
+configuration_snsTopic = Lens.lens (\Configuration' {snsTopic} -> snsTopic) (\s@Configuration' {} a -> s {snsTopic = a} :: Configuration)
+
+-- | The access control configuration is for an Amazon SQS queue.
+configuration_sqsQueue :: Lens.Lens' Configuration (Prelude.Maybe SqsQueueConfiguration)
+configuration_sqsQueue = Lens.lens (\Configuration' {sqsQueue} -> sqsQueue) (\s@Configuration' {} a -> s {sqsQueue = a} :: Configuration)
+
+instance Data.FromJSON Configuration where
+  parseJSON =
+    Data.withObject
+      "Configuration"
+      ( \x ->
+          Configuration'
+            Prelude.<$> (x Data..:? "ebsSnapshot")
+            Prelude.<*> (x Data..:? "ecrRepository")
+            Prelude.<*> (x Data..:? "efsFileSystem")
+            Prelude.<*> (x Data..:? "iamRole")
+            Prelude.<*> (x Data..:? "kmsKey")
+            Prelude.<*> (x Data..:? "rdsDbClusterSnapshot")
+            Prelude.<*> (x Data..:? "rdsDbSnapshot")
+            Prelude.<*> (x Data..:? "s3Bucket")
+            Prelude.<*> (x Data..:? "secretsManagerSecret")
+            Prelude.<*> (x Data..:? "snsTopic")
+            Prelude.<*> (x Data..:? "sqsQueue")
+      )
+
+instance Prelude.Hashable Configuration where
+  hashWithSalt _salt Configuration' {..} =
+    _salt
+      `Prelude.hashWithSalt` ebsSnapshot
+      `Prelude.hashWithSalt` ecrRepository
+      `Prelude.hashWithSalt` efsFileSystem
+      `Prelude.hashWithSalt` iamRole
+      `Prelude.hashWithSalt` kmsKey
+      `Prelude.hashWithSalt` rdsDbClusterSnapshot
+      `Prelude.hashWithSalt` rdsDbSnapshot
+      `Prelude.hashWithSalt` s3Bucket
+      `Prelude.hashWithSalt` secretsManagerSecret
+      `Prelude.hashWithSalt` snsTopic
+      `Prelude.hashWithSalt` sqsQueue
+
+instance Prelude.NFData Configuration where
+  rnf Configuration' {..} =
+    Prelude.rnf ebsSnapshot
+      `Prelude.seq` Prelude.rnf ecrRepository
+      `Prelude.seq` Prelude.rnf efsFileSystem
+      `Prelude.seq` Prelude.rnf iamRole
+      `Prelude.seq` Prelude.rnf kmsKey
+      `Prelude.seq` Prelude.rnf rdsDbClusterSnapshot
+      `Prelude.seq` Prelude.rnf rdsDbSnapshot
+      `Prelude.seq` Prelude.rnf s3Bucket
+      `Prelude.seq` Prelude.rnf secretsManagerSecret
+      `Prelude.seq` Prelude.rnf snsTopic
+      `Prelude.seq` Prelude.rnf sqsQueue
+
+instance Data.ToJSON Configuration where
+  toJSON Configuration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ebsSnapshot" Data..=) Prelude.<$> ebsSnapshot,
+            ("ecrRepository" Data..=) Prelude.<$> ecrRepository,
+            ("efsFileSystem" Data..=) Prelude.<$> efsFileSystem,
+            ("iamRole" Data..=) Prelude.<$> iamRole,
+            ("kmsKey" Data..=) Prelude.<$> kmsKey,
+            ("rdsDbClusterSnapshot" Data..=)
+              Prelude.<$> rdsDbClusterSnapshot,
+            ("rdsDbSnapshot" Data..=) Prelude.<$> rdsDbSnapshot,
+            ("s3Bucket" Data..=) Prelude.<$> s3Bucket,
+            ("secretsManagerSecret" Data..=)
+              Prelude.<$> secretsManagerSecret,
+            ("snsTopic" Data..=) Prelude.<$> snsTopic,
+            ("sqsQueue" Data..=) Prelude.<$> sqsQueue
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/Criterion.hs b/gen/Amazonka/AccessAnalyzer/Types/Criterion.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/Criterion.hs
@@ -0,0 +1,124 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.Criterion
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.Criterion where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The criteria to use in the filter that defines the archive rule. For
+-- more information on available filter keys, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html IAM Access Analyzer filter keys>.
+--
+-- /See:/ 'newCriterion' smart constructor.
+data Criterion = Criterion'
+  { -- | A \"contains\" operator to match for the filter used to create the rule.
+    contains :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | An \"equals\" operator to match for the filter used to create the rule.
+    eq :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | An \"exists\" operator to match for the filter used to create the rule.
+    exists :: Prelude.Maybe Prelude.Bool,
+    -- | A \"not equals\" operator to match for the filter used to create the
+    -- rule.
+    neq :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Criterion' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'contains', 'criterion_contains' - A \"contains\" operator to match for the filter used to create the rule.
+--
+-- 'eq', 'criterion_eq' - An \"equals\" operator to match for the filter used to create the rule.
+--
+-- 'exists', 'criterion_exists' - An \"exists\" operator to match for the filter used to create the rule.
+--
+-- 'neq', 'criterion_neq' - A \"not equals\" operator to match for the filter used to create the
+-- rule.
+newCriterion ::
+  Criterion
+newCriterion =
+  Criterion'
+    { contains = Prelude.Nothing,
+      eq = Prelude.Nothing,
+      exists = Prelude.Nothing,
+      neq = Prelude.Nothing
+    }
+
+-- | A \"contains\" operator to match for the filter used to create the rule.
+criterion_contains :: Lens.Lens' Criterion (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+criterion_contains = Lens.lens (\Criterion' {contains} -> contains) (\s@Criterion' {} a -> s {contains = a} :: Criterion) Prelude.. Lens.mapping Lens.coerced
+
+-- | An \"equals\" operator to match for the filter used to create the rule.
+criterion_eq :: Lens.Lens' Criterion (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+criterion_eq = Lens.lens (\Criterion' {eq} -> eq) (\s@Criterion' {} a -> s {eq = a} :: Criterion) Prelude.. Lens.mapping Lens.coerced
+
+-- | An \"exists\" operator to match for the filter used to create the rule.
+criterion_exists :: Lens.Lens' Criterion (Prelude.Maybe Prelude.Bool)
+criterion_exists = Lens.lens (\Criterion' {exists} -> exists) (\s@Criterion' {} a -> s {exists = a} :: Criterion)
+
+-- | A \"not equals\" operator to match for the filter used to create the
+-- rule.
+criterion_neq :: Lens.Lens' Criterion (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+criterion_neq = Lens.lens (\Criterion' {neq} -> neq) (\s@Criterion' {} a -> s {neq = a} :: Criterion) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON Criterion where
+  parseJSON =
+    Data.withObject
+      "Criterion"
+      ( \x ->
+          Criterion'
+            Prelude.<$> (x Data..:? "contains")
+            Prelude.<*> (x Data..:? "eq")
+            Prelude.<*> (x Data..:? "exists")
+            Prelude.<*> (x Data..:? "neq")
+      )
+
+instance Prelude.Hashable Criterion where
+  hashWithSalt _salt Criterion' {..} =
+    _salt
+      `Prelude.hashWithSalt` contains
+      `Prelude.hashWithSalt` eq
+      `Prelude.hashWithSalt` exists
+      `Prelude.hashWithSalt` neq
+
+instance Prelude.NFData Criterion where
+  rnf Criterion' {..} =
+    Prelude.rnf contains
+      `Prelude.seq` Prelude.rnf eq
+      `Prelude.seq` Prelude.rnf exists
+      `Prelude.seq` Prelude.rnf neq
+
+instance Data.ToJSON Criterion where
+  toJSON Criterion' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("contains" Data..=) Prelude.<$> contains,
+            ("eq" Data..=) Prelude.<$> eq,
+            ("exists" Data..=) Prelude.<$> exists,
+            ("neq" Data..=) Prelude.<$> neq
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/EbsSnapshotConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/EbsSnapshotConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/EbsSnapshotConfiguration.hs
@@ -0,0 +1,216 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.EbsSnapshotConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The proposed access control configuration for an Amazon EBS volume
+-- snapshot. You can propose a configuration for a new Amazon EBS volume
+-- snapshot or an Amazon EBS volume snapshot that you own by specifying the
+-- user IDs, groups, and optional KMS encryption key. For more information,
+-- see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html ModifySnapshotAttribute>.
+--
+-- /See:/ 'newEbsSnapshotConfiguration' smart constructor.
+data EbsSnapshotConfiguration = EbsSnapshotConfiguration'
+  { -- | The groups that have access to the Amazon EBS volume snapshot. If the
+    -- value @all@ is specified, then the Amazon EBS volume snapshot is public.
+    --
+    -- -   If the configuration is for an existing Amazon EBS volume snapshot
+    --     and you do not specify the @groups@, then the access preview uses
+    --     the existing shared @groups@ for the snapshot.
+    --
+    -- -   If the access preview is for a new resource and you do not specify
+    --     the @groups@, then the access preview considers the snapshot without
+    --     any @groups@.
+    --
+    -- -   To propose deletion of existing shared @groups@, you can specify an
+    --     empty list for @groups@.
+    groups :: Prelude.Maybe [Prelude.Text],
+    -- | The KMS key identifier for an encrypted Amazon EBS volume snapshot. The
+    -- KMS key identifier is the key ARN, key ID, alias ARN, or alias name for
+    -- the KMS key.
+    --
+    -- -   If the configuration is for an existing Amazon EBS volume snapshot
+    --     and you do not specify the @kmsKeyId@, or you specify an empty
+    --     string, then the access preview uses the existing @kmsKeyId@ of the
+    --     snapshot.
+    --
+    -- -   If the access preview is for a new resource and you do not specify
+    --     the @kmsKeyId@, the access preview considers the snapshot as
+    --     unencrypted.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The IDs of the Amazon Web Services accounts that have access to the
+    -- Amazon EBS volume snapshot.
+    --
+    -- -   If the configuration is for an existing Amazon EBS volume snapshot
+    --     and you do not specify the @userIds@, then the access preview uses
+    --     the existing shared @userIds@ for the snapshot.
+    --
+    -- -   If the access preview is for a new resource and you do not specify
+    --     the @userIds@, then the access preview considers the snapshot
+    --     without any @userIds@.
+    --
+    -- -   To propose deletion of existing shared @accountIds@, you can specify
+    --     an empty list for @userIds@.
+    userIds :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EbsSnapshotConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'groups', 'ebsSnapshotConfiguration_groups' - The groups that have access to the Amazon EBS volume snapshot. If the
+-- value @all@ is specified, then the Amazon EBS volume snapshot is public.
+--
+-- -   If the configuration is for an existing Amazon EBS volume snapshot
+--     and you do not specify the @groups@, then the access preview uses
+--     the existing shared @groups@ for the snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the @groups@, then the access preview considers the snapshot without
+--     any @groups@.
+--
+-- -   To propose deletion of existing shared @groups@, you can specify an
+--     empty list for @groups@.
+--
+-- 'kmsKeyId', 'ebsSnapshotConfiguration_kmsKeyId' - The KMS key identifier for an encrypted Amazon EBS volume snapshot. The
+-- KMS key identifier is the key ARN, key ID, alias ARN, or alias name for
+-- the KMS key.
+--
+-- -   If the configuration is for an existing Amazon EBS volume snapshot
+--     and you do not specify the @kmsKeyId@, or you specify an empty
+--     string, then the access preview uses the existing @kmsKeyId@ of the
+--     snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the @kmsKeyId@, the access preview considers the snapshot as
+--     unencrypted.
+--
+-- 'userIds', 'ebsSnapshotConfiguration_userIds' - The IDs of the Amazon Web Services accounts that have access to the
+-- Amazon EBS volume snapshot.
+--
+-- -   If the configuration is for an existing Amazon EBS volume snapshot
+--     and you do not specify the @userIds@, then the access preview uses
+--     the existing shared @userIds@ for the snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the @userIds@, then the access preview considers the snapshot
+--     without any @userIds@.
+--
+-- -   To propose deletion of existing shared @accountIds@, you can specify
+--     an empty list for @userIds@.
+newEbsSnapshotConfiguration ::
+  EbsSnapshotConfiguration
+newEbsSnapshotConfiguration =
+  EbsSnapshotConfiguration'
+    { groups = Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing,
+      userIds = Prelude.Nothing
+    }
+
+-- | The groups that have access to the Amazon EBS volume snapshot. If the
+-- value @all@ is specified, then the Amazon EBS volume snapshot is public.
+--
+-- -   If the configuration is for an existing Amazon EBS volume snapshot
+--     and you do not specify the @groups@, then the access preview uses
+--     the existing shared @groups@ for the snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the @groups@, then the access preview considers the snapshot without
+--     any @groups@.
+--
+-- -   To propose deletion of existing shared @groups@, you can specify an
+--     empty list for @groups@.
+ebsSnapshotConfiguration_groups :: Lens.Lens' EbsSnapshotConfiguration (Prelude.Maybe [Prelude.Text])
+ebsSnapshotConfiguration_groups = Lens.lens (\EbsSnapshotConfiguration' {groups} -> groups) (\s@EbsSnapshotConfiguration' {} a -> s {groups = a} :: EbsSnapshotConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | The KMS key identifier for an encrypted Amazon EBS volume snapshot. The
+-- KMS key identifier is the key ARN, key ID, alias ARN, or alias name for
+-- the KMS key.
+--
+-- -   If the configuration is for an existing Amazon EBS volume snapshot
+--     and you do not specify the @kmsKeyId@, or you specify an empty
+--     string, then the access preview uses the existing @kmsKeyId@ of the
+--     snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the @kmsKeyId@, the access preview considers the snapshot as
+--     unencrypted.
+ebsSnapshotConfiguration_kmsKeyId :: Lens.Lens' EbsSnapshotConfiguration (Prelude.Maybe Prelude.Text)
+ebsSnapshotConfiguration_kmsKeyId = Lens.lens (\EbsSnapshotConfiguration' {kmsKeyId} -> kmsKeyId) (\s@EbsSnapshotConfiguration' {} a -> s {kmsKeyId = a} :: EbsSnapshotConfiguration)
+
+-- | The IDs of the Amazon Web Services accounts that have access to the
+-- Amazon EBS volume snapshot.
+--
+-- -   If the configuration is for an existing Amazon EBS volume snapshot
+--     and you do not specify the @userIds@, then the access preview uses
+--     the existing shared @userIds@ for the snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the @userIds@, then the access preview considers the snapshot
+--     without any @userIds@.
+--
+-- -   To propose deletion of existing shared @accountIds@, you can specify
+--     an empty list for @userIds@.
+ebsSnapshotConfiguration_userIds :: Lens.Lens' EbsSnapshotConfiguration (Prelude.Maybe [Prelude.Text])
+ebsSnapshotConfiguration_userIds = Lens.lens (\EbsSnapshotConfiguration' {userIds} -> userIds) (\s@EbsSnapshotConfiguration' {} a -> s {userIds = a} :: EbsSnapshotConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON EbsSnapshotConfiguration where
+  parseJSON =
+    Data.withObject
+      "EbsSnapshotConfiguration"
+      ( \x ->
+          EbsSnapshotConfiguration'
+            Prelude.<$> (x Data..:? "groups" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "kmsKeyId")
+            Prelude.<*> (x Data..:? "userIds" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable EbsSnapshotConfiguration where
+  hashWithSalt _salt EbsSnapshotConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` groups
+      `Prelude.hashWithSalt` kmsKeyId
+      `Prelude.hashWithSalt` userIds
+
+instance Prelude.NFData EbsSnapshotConfiguration where
+  rnf EbsSnapshotConfiguration' {..} =
+    Prelude.rnf groups
+      `Prelude.seq` Prelude.rnf kmsKeyId
+      `Prelude.seq` Prelude.rnf userIds
+
+instance Data.ToJSON EbsSnapshotConfiguration where
+  toJSON EbsSnapshotConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("groups" Data..=) Prelude.<$> groups,
+            ("kmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("userIds" Data..=) Prelude.<$> userIds
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/EcrRepositoryConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/EcrRepositoryConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/EcrRepositoryConfiguration.hs
@@ -0,0 +1,105 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.EcrRepositoryConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The proposed access control configuration for an Amazon ECR repository.
+-- You can propose a configuration for a new Amazon ECR repository or an
+-- existing Amazon ECR repository that you own by specifying the Amazon ECR
+-- policy. For more information, see
+-- <https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html Repository>.
+--
+-- -   If the configuration is for an existing Amazon ECR repository and
+--     you do not specify the Amazon ECR policy, then the access preview
+--     uses the existing Amazon ECR policy for the repository.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the policy, then the access preview assumes an Amazon ECR repository
+--     without a policy.
+--
+-- -   To propose deletion of an existing Amazon ECR repository policy, you
+--     can specify an empty string for the Amazon ECR policy.
+--
+-- /See:/ 'newEcrRepositoryConfiguration' smart constructor.
+data EcrRepositoryConfiguration = EcrRepositoryConfiguration'
+  { -- | The JSON repository policy text to apply to the Amazon ECR repository.
+    -- For more information, see
+    -- <https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html Private repository policy examples>
+    -- in the /Amazon ECR User Guide/.
+    repositoryPolicy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EcrRepositoryConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'repositoryPolicy', 'ecrRepositoryConfiguration_repositoryPolicy' - The JSON repository policy text to apply to the Amazon ECR repository.
+-- For more information, see
+-- <https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html Private repository policy examples>
+-- in the /Amazon ECR User Guide/.
+newEcrRepositoryConfiguration ::
+  EcrRepositoryConfiguration
+newEcrRepositoryConfiguration =
+  EcrRepositoryConfiguration'
+    { repositoryPolicy =
+        Prelude.Nothing
+    }
+
+-- | The JSON repository policy text to apply to the Amazon ECR repository.
+-- For more information, see
+-- <https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html Private repository policy examples>
+-- in the /Amazon ECR User Guide/.
+ecrRepositoryConfiguration_repositoryPolicy :: Lens.Lens' EcrRepositoryConfiguration (Prelude.Maybe Prelude.Text)
+ecrRepositoryConfiguration_repositoryPolicy = Lens.lens (\EcrRepositoryConfiguration' {repositoryPolicy} -> repositoryPolicy) (\s@EcrRepositoryConfiguration' {} a -> s {repositoryPolicy = a} :: EcrRepositoryConfiguration)
+
+instance Data.FromJSON EcrRepositoryConfiguration where
+  parseJSON =
+    Data.withObject
+      "EcrRepositoryConfiguration"
+      ( \x ->
+          EcrRepositoryConfiguration'
+            Prelude.<$> (x Data..:? "repositoryPolicy")
+      )
+
+instance Prelude.Hashable EcrRepositoryConfiguration where
+  hashWithSalt _salt EcrRepositoryConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` repositoryPolicy
+
+instance Prelude.NFData EcrRepositoryConfiguration where
+  rnf EcrRepositoryConfiguration' {..} =
+    Prelude.rnf repositoryPolicy
+
+instance Data.ToJSON EcrRepositoryConfiguration where
+  toJSON EcrRepositoryConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("repositoryPolicy" Data..=)
+              Prelude.<$> repositoryPolicy
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/EfsFileSystemConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/EfsFileSystemConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/EfsFileSystemConfiguration.hs
@@ -0,0 +1,102 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.EfsFileSystemConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The proposed access control configuration for an Amazon EFS file system.
+-- You can propose a configuration for a new Amazon EFS file system or an
+-- existing Amazon EFS file system that you own by specifying the Amazon
+-- EFS policy. For more information, see
+-- <https://docs.aws.amazon.com/efs/latest/ug/using-fs.html Using file systems in Amazon EFS>.
+--
+-- -   If the configuration is for an existing Amazon EFS file system and
+--     you do not specify the Amazon EFS policy, then the access preview
+--     uses the existing Amazon EFS policy for the file system.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the policy, then the access preview assumes an Amazon EFS file
+--     system without a policy.
+--
+-- -   To propose deletion of an existing Amazon EFS file system policy,
+--     you can specify an empty string for the Amazon EFS policy.
+--
+-- /See:/ 'newEfsFileSystemConfiguration' smart constructor.
+data EfsFileSystemConfiguration = EfsFileSystemConfiguration'
+  { -- | The JSON policy definition to apply to the Amazon EFS file system. For
+    -- more information on the elements that make up a file system policy, see
+    -- <https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies Amazon EFS Resource-based policies>.
+    fileSystemPolicy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EfsFileSystemConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'fileSystemPolicy', 'efsFileSystemConfiguration_fileSystemPolicy' - The JSON policy definition to apply to the Amazon EFS file system. For
+-- more information on the elements that make up a file system policy, see
+-- <https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies Amazon EFS Resource-based policies>.
+newEfsFileSystemConfiguration ::
+  EfsFileSystemConfiguration
+newEfsFileSystemConfiguration =
+  EfsFileSystemConfiguration'
+    { fileSystemPolicy =
+        Prelude.Nothing
+    }
+
+-- | The JSON policy definition to apply to the Amazon EFS file system. For
+-- more information on the elements that make up a file system policy, see
+-- <https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies Amazon EFS Resource-based policies>.
+efsFileSystemConfiguration_fileSystemPolicy :: Lens.Lens' EfsFileSystemConfiguration (Prelude.Maybe Prelude.Text)
+efsFileSystemConfiguration_fileSystemPolicy = Lens.lens (\EfsFileSystemConfiguration' {fileSystemPolicy} -> fileSystemPolicy) (\s@EfsFileSystemConfiguration' {} a -> s {fileSystemPolicy = a} :: EfsFileSystemConfiguration)
+
+instance Data.FromJSON EfsFileSystemConfiguration where
+  parseJSON =
+    Data.withObject
+      "EfsFileSystemConfiguration"
+      ( \x ->
+          EfsFileSystemConfiguration'
+            Prelude.<$> (x Data..:? "fileSystemPolicy")
+      )
+
+instance Prelude.Hashable EfsFileSystemConfiguration where
+  hashWithSalt _salt EfsFileSystemConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` fileSystemPolicy
+
+instance Prelude.NFData EfsFileSystemConfiguration where
+  rnf EfsFileSystemConfiguration' {..} =
+    Prelude.rnf fileSystemPolicy
+
+instance Data.ToJSON EfsFileSystemConfiguration where
+  toJSON EfsFileSystemConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("fileSystemPolicy" Data..=)
+              Prelude.<$> fileSystemPolicy
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/Finding.hs b/gen/Amazonka/AccessAnalyzer/Types/Finding.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/Finding.hs
@@ -0,0 +1,267 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.Finding
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.Finding where
+
+import Amazonka.AccessAnalyzer.Types.FindingSource
+import Amazonka.AccessAnalyzer.Types.FindingStatus
+import Amazonka.AccessAnalyzer.Types.ResourceType
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about a finding.
+--
+-- /See:/ 'newFinding' smart constructor.
+data Finding = Finding'
+  { -- | The action in the analyzed policy statement that an external principal
+    -- has permission to use.
+    action :: Prelude.Maybe [Prelude.Text],
+    -- | An error.
+    error :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the policy that generated the finding allows public
+    -- access to the resource.
+    isPublic :: Prelude.Maybe Prelude.Bool,
+    -- | The external principal that access to a resource within the zone of
+    -- trust.
+    principal :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The resource that an external principal has access to.
+    resource :: Prelude.Maybe Prelude.Text,
+    -- | The sources of the finding. This indicates how the access that generated
+    -- the finding is granted. It is populated for Amazon S3 bucket findings.
+    sources :: Prelude.Maybe [FindingSource],
+    -- | The ID of the finding.
+    id :: Prelude.Text,
+    -- | The type of the resource identified in the finding.
+    resourceType :: ResourceType,
+    -- | The condition in the analyzed policy statement that resulted in a
+    -- finding.
+    condition :: Prelude.HashMap Prelude.Text Prelude.Text,
+    -- | The time at which the finding was generated.
+    createdAt :: Data.ISO8601,
+    -- | The time at which the resource was analyzed.
+    analyzedAt :: Data.ISO8601,
+    -- | The time at which the finding was updated.
+    updatedAt :: Data.ISO8601,
+    -- | The current status of the finding.
+    status :: FindingStatus,
+    -- | The Amazon Web Services account ID that owns the resource.
+    resourceOwnerAccount :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Finding' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'finding_action' - The action in the analyzed policy statement that an external principal
+-- has permission to use.
+--
+-- 'error', 'finding_error' - An error.
+--
+-- 'isPublic', 'finding_isPublic' - Indicates whether the policy that generated the finding allows public
+-- access to the resource.
+--
+-- 'principal', 'finding_principal' - The external principal that access to a resource within the zone of
+-- trust.
+--
+-- 'resource', 'finding_resource' - The resource that an external principal has access to.
+--
+-- 'sources', 'finding_sources' - The sources of the finding. This indicates how the access that generated
+-- the finding is granted. It is populated for Amazon S3 bucket findings.
+--
+-- 'id', 'finding_id' - The ID of the finding.
+--
+-- 'resourceType', 'finding_resourceType' - The type of the resource identified in the finding.
+--
+-- 'condition', 'finding_condition' - The condition in the analyzed policy statement that resulted in a
+-- finding.
+--
+-- 'createdAt', 'finding_createdAt' - The time at which the finding was generated.
+--
+-- 'analyzedAt', 'finding_analyzedAt' - The time at which the resource was analyzed.
+--
+-- 'updatedAt', 'finding_updatedAt' - The time at which the finding was updated.
+--
+-- 'status', 'finding_status' - The current status of the finding.
+--
+-- 'resourceOwnerAccount', 'finding_resourceOwnerAccount' - The Amazon Web Services account ID that owns the resource.
+newFinding ::
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'resourceType'
+  ResourceType ->
+  -- | 'createdAt'
+  Prelude.UTCTime ->
+  -- | 'analyzedAt'
+  Prelude.UTCTime ->
+  -- | 'updatedAt'
+  Prelude.UTCTime ->
+  -- | 'status'
+  FindingStatus ->
+  -- | 'resourceOwnerAccount'
+  Prelude.Text ->
+  Finding
+newFinding
+  pId_
+  pResourceType_
+  pCreatedAt_
+  pAnalyzedAt_
+  pUpdatedAt_
+  pStatus_
+  pResourceOwnerAccount_ =
+    Finding'
+      { action = Prelude.Nothing,
+        error = Prelude.Nothing,
+        isPublic = Prelude.Nothing,
+        principal = Prelude.Nothing,
+        resource = Prelude.Nothing,
+        sources = Prelude.Nothing,
+        id = pId_,
+        resourceType = pResourceType_,
+        condition = Prelude.mempty,
+        createdAt = Data._Time Lens.# pCreatedAt_,
+        analyzedAt = Data._Time Lens.# pAnalyzedAt_,
+        updatedAt = Data._Time Lens.# pUpdatedAt_,
+        status = pStatus_,
+        resourceOwnerAccount = pResourceOwnerAccount_
+      }
+
+-- | The action in the analyzed policy statement that an external principal
+-- has permission to use.
+finding_action :: Lens.Lens' Finding (Prelude.Maybe [Prelude.Text])
+finding_action = Lens.lens (\Finding' {action} -> action) (\s@Finding' {} a -> s {action = a} :: Finding) Prelude.. Lens.mapping Lens.coerced
+
+-- | An error.
+finding_error :: Lens.Lens' Finding (Prelude.Maybe Prelude.Text)
+finding_error = Lens.lens (\Finding' {error} -> error) (\s@Finding' {} a -> s {error = a} :: Finding)
+
+-- | Indicates whether the policy that generated the finding allows public
+-- access to the resource.
+finding_isPublic :: Lens.Lens' Finding (Prelude.Maybe Prelude.Bool)
+finding_isPublic = Lens.lens (\Finding' {isPublic} -> isPublic) (\s@Finding' {} a -> s {isPublic = a} :: Finding)
+
+-- | The external principal that access to a resource within the zone of
+-- trust.
+finding_principal :: Lens.Lens' Finding (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+finding_principal = Lens.lens (\Finding' {principal} -> principal) (\s@Finding' {} a -> s {principal = a} :: Finding) Prelude.. Lens.mapping Lens.coerced
+
+-- | The resource that an external principal has access to.
+finding_resource :: Lens.Lens' Finding (Prelude.Maybe Prelude.Text)
+finding_resource = Lens.lens (\Finding' {resource} -> resource) (\s@Finding' {} a -> s {resource = a} :: Finding)
+
+-- | The sources of the finding. This indicates how the access that generated
+-- the finding is granted. It is populated for Amazon S3 bucket findings.
+finding_sources :: Lens.Lens' Finding (Prelude.Maybe [FindingSource])
+finding_sources = Lens.lens (\Finding' {sources} -> sources) (\s@Finding' {} a -> s {sources = a} :: Finding) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the finding.
+finding_id :: Lens.Lens' Finding Prelude.Text
+finding_id = Lens.lens (\Finding' {id} -> id) (\s@Finding' {} a -> s {id = a} :: Finding)
+
+-- | The type of the resource identified in the finding.
+finding_resourceType :: Lens.Lens' Finding ResourceType
+finding_resourceType = Lens.lens (\Finding' {resourceType} -> resourceType) (\s@Finding' {} a -> s {resourceType = a} :: Finding)
+
+-- | The condition in the analyzed policy statement that resulted in a
+-- finding.
+finding_condition :: Lens.Lens' Finding (Prelude.HashMap Prelude.Text Prelude.Text)
+finding_condition = Lens.lens (\Finding' {condition} -> condition) (\s@Finding' {} a -> s {condition = a} :: Finding) Prelude.. Lens.coerced
+
+-- | The time at which the finding was generated.
+finding_createdAt :: Lens.Lens' Finding Prelude.UTCTime
+finding_createdAt = Lens.lens (\Finding' {createdAt} -> createdAt) (\s@Finding' {} a -> s {createdAt = a} :: Finding) Prelude.. Data._Time
+
+-- | The time at which the resource was analyzed.
+finding_analyzedAt :: Lens.Lens' Finding Prelude.UTCTime
+finding_analyzedAt = Lens.lens (\Finding' {analyzedAt} -> analyzedAt) (\s@Finding' {} a -> s {analyzedAt = a} :: Finding) Prelude.. Data._Time
+
+-- | The time at which the finding was updated.
+finding_updatedAt :: Lens.Lens' Finding Prelude.UTCTime
+finding_updatedAt = Lens.lens (\Finding' {updatedAt} -> updatedAt) (\s@Finding' {} a -> s {updatedAt = a} :: Finding) Prelude.. Data._Time
+
+-- | The current status of the finding.
+finding_status :: Lens.Lens' Finding FindingStatus
+finding_status = Lens.lens (\Finding' {status} -> status) (\s@Finding' {} a -> s {status = a} :: Finding)
+
+-- | The Amazon Web Services account ID that owns the resource.
+finding_resourceOwnerAccount :: Lens.Lens' Finding Prelude.Text
+finding_resourceOwnerAccount = Lens.lens (\Finding' {resourceOwnerAccount} -> resourceOwnerAccount) (\s@Finding' {} a -> s {resourceOwnerAccount = a} :: Finding)
+
+instance Data.FromJSON Finding where
+  parseJSON =
+    Data.withObject
+      "Finding"
+      ( \x ->
+          Finding'
+            Prelude.<$> (x Data..:? "action" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "error")
+            Prelude.<*> (x Data..:? "isPublic")
+            Prelude.<*> (x Data..:? "principal" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "resource")
+            Prelude.<*> (x Data..:? "sources" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "id")
+            Prelude.<*> (x Data..: "resourceType")
+            Prelude.<*> (x Data..:? "condition" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "createdAt")
+            Prelude.<*> (x Data..: "analyzedAt")
+            Prelude.<*> (x Data..: "updatedAt")
+            Prelude.<*> (x Data..: "status")
+            Prelude.<*> (x Data..: "resourceOwnerAccount")
+      )
+
+instance Prelude.Hashable Finding where
+  hashWithSalt _salt Finding' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` error
+      `Prelude.hashWithSalt` isPublic
+      `Prelude.hashWithSalt` principal
+      `Prelude.hashWithSalt` resource
+      `Prelude.hashWithSalt` sources
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` condition
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` analyzedAt
+      `Prelude.hashWithSalt` updatedAt
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` resourceOwnerAccount
+
+instance Prelude.NFData Finding where
+  rnf Finding' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf error
+      `Prelude.seq` Prelude.rnf isPublic
+      `Prelude.seq` Prelude.rnf principal
+      `Prelude.seq` Prelude.rnf resource
+      `Prelude.seq` Prelude.rnf sources
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf condition
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf analyzedAt
+      `Prelude.seq` Prelude.rnf updatedAt
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf resourceOwnerAccount
diff --git a/gen/Amazonka/AccessAnalyzer/Types/FindingChangeType.hs b/gen/Amazonka/AccessAnalyzer/Types/FindingChangeType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/FindingChangeType.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.FindingChangeType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.FindingChangeType
+  ( FindingChangeType
+      ( ..,
+        FindingChangeType_CHANGED,
+        FindingChangeType_NEW,
+        FindingChangeType_UNCHANGED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FindingChangeType = FindingChangeType'
+  { fromFindingChangeType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FindingChangeType_CHANGED :: FindingChangeType
+pattern FindingChangeType_CHANGED = FindingChangeType' "CHANGED"
+
+pattern FindingChangeType_NEW :: FindingChangeType
+pattern FindingChangeType_NEW = FindingChangeType' "NEW"
+
+pattern FindingChangeType_UNCHANGED :: FindingChangeType
+pattern FindingChangeType_UNCHANGED = FindingChangeType' "UNCHANGED"
+
+{-# COMPLETE
+  FindingChangeType_CHANGED,
+  FindingChangeType_NEW,
+  FindingChangeType_UNCHANGED,
+  FindingChangeType'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/FindingSource.hs b/gen/Amazonka/AccessAnalyzer/Types/FindingSource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/FindingSource.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.FindingSource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.FindingSource where
+
+import Amazonka.AccessAnalyzer.Types.FindingSourceDetail
+import Amazonka.AccessAnalyzer.Types.FindingSourceType
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The source of the finding. This indicates how the access that generated
+-- the finding is granted. It is populated for Amazon S3 bucket findings.
+--
+-- /See:/ 'newFindingSource' smart constructor.
+data FindingSource = FindingSource'
+  { -- | Includes details about how the access that generated the finding is
+    -- granted. This is populated for Amazon S3 bucket findings.
+    detail :: Prelude.Maybe FindingSourceDetail,
+    -- | Indicates the type of access that generated the finding.
+    type' :: FindingSourceType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FindingSource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detail', 'findingSource_detail' - Includes details about how the access that generated the finding is
+-- granted. This is populated for Amazon S3 bucket findings.
+--
+-- 'type'', 'findingSource_type' - Indicates the type of access that generated the finding.
+newFindingSource ::
+  -- | 'type''
+  FindingSourceType ->
+  FindingSource
+newFindingSource pType_ =
+  FindingSource'
+    { detail = Prelude.Nothing,
+      type' = pType_
+    }
+
+-- | Includes details about how the access that generated the finding is
+-- granted. This is populated for Amazon S3 bucket findings.
+findingSource_detail :: Lens.Lens' FindingSource (Prelude.Maybe FindingSourceDetail)
+findingSource_detail = Lens.lens (\FindingSource' {detail} -> detail) (\s@FindingSource' {} a -> s {detail = a} :: FindingSource)
+
+-- | Indicates the type of access that generated the finding.
+findingSource_type :: Lens.Lens' FindingSource FindingSourceType
+findingSource_type = Lens.lens (\FindingSource' {type'} -> type') (\s@FindingSource' {} a -> s {type' = a} :: FindingSource)
+
+instance Data.FromJSON FindingSource where
+  parseJSON =
+    Data.withObject
+      "FindingSource"
+      ( \x ->
+          FindingSource'
+            Prelude.<$> (x Data..:? "detail")
+            Prelude.<*> (x Data..: "type")
+      )
+
+instance Prelude.Hashable FindingSource where
+  hashWithSalt _salt FindingSource' {..} =
+    _salt
+      `Prelude.hashWithSalt` detail
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData FindingSource where
+  rnf FindingSource' {..} =
+    Prelude.rnf detail `Prelude.seq` Prelude.rnf type'
diff --git a/gen/Amazonka/AccessAnalyzer/Types/FindingSourceDetail.hs b/gen/Amazonka/AccessAnalyzer/Types/FindingSourceDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/FindingSourceDetail.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.FindingSourceDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.FindingSourceDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Includes details about how the access that generated the finding is
+-- granted. This is populated for Amazon S3 bucket findings.
+--
+-- /See:/ 'newFindingSourceDetail' smart constructor.
+data FindingSourceDetail = FindingSourceDetail'
+  { -- | The account of the cross-account access point that generated the
+    -- finding.
+    accessPointAccount :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the access point that generated the finding. The ARN format
+    -- depends on whether the ARN represents an access point or a multi-region
+    -- access point.
+    accessPointArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FindingSourceDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessPointAccount', 'findingSourceDetail_accessPointAccount' - The account of the cross-account access point that generated the
+-- finding.
+--
+-- 'accessPointArn', 'findingSourceDetail_accessPointArn' - The ARN of the access point that generated the finding. The ARN format
+-- depends on whether the ARN represents an access point or a multi-region
+-- access point.
+newFindingSourceDetail ::
+  FindingSourceDetail
+newFindingSourceDetail =
+  FindingSourceDetail'
+    { accessPointAccount =
+        Prelude.Nothing,
+      accessPointArn = Prelude.Nothing
+    }
+
+-- | The account of the cross-account access point that generated the
+-- finding.
+findingSourceDetail_accessPointAccount :: Lens.Lens' FindingSourceDetail (Prelude.Maybe Prelude.Text)
+findingSourceDetail_accessPointAccount = Lens.lens (\FindingSourceDetail' {accessPointAccount} -> accessPointAccount) (\s@FindingSourceDetail' {} a -> s {accessPointAccount = a} :: FindingSourceDetail)
+
+-- | The ARN of the access point that generated the finding. The ARN format
+-- depends on whether the ARN represents an access point or a multi-region
+-- access point.
+findingSourceDetail_accessPointArn :: Lens.Lens' FindingSourceDetail (Prelude.Maybe Prelude.Text)
+findingSourceDetail_accessPointArn = Lens.lens (\FindingSourceDetail' {accessPointArn} -> accessPointArn) (\s@FindingSourceDetail' {} a -> s {accessPointArn = a} :: FindingSourceDetail)
+
+instance Data.FromJSON FindingSourceDetail where
+  parseJSON =
+    Data.withObject
+      "FindingSourceDetail"
+      ( \x ->
+          FindingSourceDetail'
+            Prelude.<$> (x Data..:? "accessPointAccount")
+            Prelude.<*> (x Data..:? "accessPointArn")
+      )
+
+instance Prelude.Hashable FindingSourceDetail where
+  hashWithSalt _salt FindingSourceDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessPointAccount
+      `Prelude.hashWithSalt` accessPointArn
+
+instance Prelude.NFData FindingSourceDetail where
+  rnf FindingSourceDetail' {..} =
+    Prelude.rnf accessPointAccount
+      `Prelude.seq` Prelude.rnf accessPointArn
diff --git a/gen/Amazonka/AccessAnalyzer/Types/FindingSourceType.hs b/gen/Amazonka/AccessAnalyzer/Types/FindingSourceType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/FindingSourceType.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.FindingSourceType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.FindingSourceType
+  ( FindingSourceType
+      ( ..,
+        FindingSourceType_BUCKET_ACL,
+        FindingSourceType_POLICY,
+        FindingSourceType_S3_ACCESS_POINT,
+        FindingSourceType_S3_ACCESS_POINT_ACCOUNT
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FindingSourceType = FindingSourceType'
+  { fromFindingSourceType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FindingSourceType_BUCKET_ACL :: FindingSourceType
+pattern FindingSourceType_BUCKET_ACL = FindingSourceType' "BUCKET_ACL"
+
+pattern FindingSourceType_POLICY :: FindingSourceType
+pattern FindingSourceType_POLICY = FindingSourceType' "POLICY"
+
+pattern FindingSourceType_S3_ACCESS_POINT :: FindingSourceType
+pattern FindingSourceType_S3_ACCESS_POINT = FindingSourceType' "S3_ACCESS_POINT"
+
+pattern FindingSourceType_S3_ACCESS_POINT_ACCOUNT :: FindingSourceType
+pattern FindingSourceType_S3_ACCESS_POINT_ACCOUNT = FindingSourceType' "S3_ACCESS_POINT_ACCOUNT"
+
+{-# COMPLETE
+  FindingSourceType_BUCKET_ACL,
+  FindingSourceType_POLICY,
+  FindingSourceType_S3_ACCESS_POINT,
+  FindingSourceType_S3_ACCESS_POINT_ACCOUNT,
+  FindingSourceType'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/FindingStatus.hs b/gen/Amazonka/AccessAnalyzer/Types/FindingStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/FindingStatus.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.FindingStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.FindingStatus
+  ( FindingStatus
+      ( ..,
+        FindingStatus_ACTIVE,
+        FindingStatus_ARCHIVED,
+        FindingStatus_RESOLVED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FindingStatus = FindingStatus'
+  { fromFindingStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FindingStatus_ACTIVE :: FindingStatus
+pattern FindingStatus_ACTIVE = FindingStatus' "ACTIVE"
+
+pattern FindingStatus_ARCHIVED :: FindingStatus
+pattern FindingStatus_ARCHIVED = FindingStatus' "ARCHIVED"
+
+pattern FindingStatus_RESOLVED :: FindingStatus
+pattern FindingStatus_RESOLVED = FindingStatus' "RESOLVED"
+
+{-# COMPLETE
+  FindingStatus_ACTIVE,
+  FindingStatus_ARCHIVED,
+  FindingStatus_RESOLVED,
+  FindingStatus'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/FindingStatusUpdate.hs b/gen/Amazonka/AccessAnalyzer/Types/FindingStatusUpdate.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/FindingStatusUpdate.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.FindingStatusUpdate
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.FindingStatusUpdate
+  ( FindingStatusUpdate
+      ( ..,
+        FindingStatusUpdate_ACTIVE,
+        FindingStatusUpdate_ARCHIVED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FindingStatusUpdate = FindingStatusUpdate'
+  { fromFindingStatusUpdate ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FindingStatusUpdate_ACTIVE :: FindingStatusUpdate
+pattern FindingStatusUpdate_ACTIVE = FindingStatusUpdate' "ACTIVE"
+
+pattern FindingStatusUpdate_ARCHIVED :: FindingStatusUpdate
+pattern FindingStatusUpdate_ARCHIVED = FindingStatusUpdate' "ARCHIVED"
+
+{-# COMPLETE
+  FindingStatusUpdate_ACTIVE,
+  FindingStatusUpdate_ARCHIVED,
+  FindingStatusUpdate'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/FindingSummary.hs b/gen/Amazonka/AccessAnalyzer/Types/FindingSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/FindingSummary.hs
@@ -0,0 +1,270 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.FindingSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.FindingSummary where
+
+import Amazonka.AccessAnalyzer.Types.FindingSource
+import Amazonka.AccessAnalyzer.Types.FindingStatus
+import Amazonka.AccessAnalyzer.Types.ResourceType
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about a finding.
+--
+-- /See:/ 'newFindingSummary' smart constructor.
+data FindingSummary = FindingSummary'
+  { -- | The action in the analyzed policy statement that an external principal
+    -- has permission to use.
+    action :: Prelude.Maybe [Prelude.Text],
+    -- | The error that resulted in an Error finding.
+    error :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the finding reports a resource that has a policy that
+    -- allows public access.
+    isPublic :: Prelude.Maybe Prelude.Bool,
+    -- | The external principal that has access to a resource within the zone of
+    -- trust.
+    principal :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The resource that the external principal has access to.
+    resource :: Prelude.Maybe Prelude.Text,
+    -- | The sources of the finding. This indicates how the access that generated
+    -- the finding is granted. It is populated for Amazon S3 bucket findings.
+    sources :: Prelude.Maybe [FindingSource],
+    -- | The ID of the finding.
+    id :: Prelude.Text,
+    -- | The type of the resource that the external principal has access to.
+    resourceType :: ResourceType,
+    -- | The condition in the analyzed policy statement that resulted in a
+    -- finding.
+    condition :: Prelude.HashMap Prelude.Text Prelude.Text,
+    -- | The time at which the finding was created.
+    createdAt :: Data.ISO8601,
+    -- | The time at which the resource-based policy that generated the finding
+    -- was analyzed.
+    analyzedAt :: Data.ISO8601,
+    -- | The time at which the finding was most recently updated.
+    updatedAt :: Data.ISO8601,
+    -- | The status of the finding.
+    status :: FindingStatus,
+    -- | The Amazon Web Services account ID that owns the resource.
+    resourceOwnerAccount :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FindingSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'findingSummary_action' - The action in the analyzed policy statement that an external principal
+-- has permission to use.
+--
+-- 'error', 'findingSummary_error' - The error that resulted in an Error finding.
+--
+-- 'isPublic', 'findingSummary_isPublic' - Indicates whether the finding reports a resource that has a policy that
+-- allows public access.
+--
+-- 'principal', 'findingSummary_principal' - The external principal that has access to a resource within the zone of
+-- trust.
+--
+-- 'resource', 'findingSummary_resource' - The resource that the external principal has access to.
+--
+-- 'sources', 'findingSummary_sources' - The sources of the finding. This indicates how the access that generated
+-- the finding is granted. It is populated for Amazon S3 bucket findings.
+--
+-- 'id', 'findingSummary_id' - The ID of the finding.
+--
+-- 'resourceType', 'findingSummary_resourceType' - The type of the resource that the external principal has access to.
+--
+-- 'condition', 'findingSummary_condition' - The condition in the analyzed policy statement that resulted in a
+-- finding.
+--
+-- 'createdAt', 'findingSummary_createdAt' - The time at which the finding was created.
+--
+-- 'analyzedAt', 'findingSummary_analyzedAt' - The time at which the resource-based policy that generated the finding
+-- was analyzed.
+--
+-- 'updatedAt', 'findingSummary_updatedAt' - The time at which the finding was most recently updated.
+--
+-- 'status', 'findingSummary_status' - The status of the finding.
+--
+-- 'resourceOwnerAccount', 'findingSummary_resourceOwnerAccount' - The Amazon Web Services account ID that owns the resource.
+newFindingSummary ::
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'resourceType'
+  ResourceType ->
+  -- | 'createdAt'
+  Prelude.UTCTime ->
+  -- | 'analyzedAt'
+  Prelude.UTCTime ->
+  -- | 'updatedAt'
+  Prelude.UTCTime ->
+  -- | 'status'
+  FindingStatus ->
+  -- | 'resourceOwnerAccount'
+  Prelude.Text ->
+  FindingSummary
+newFindingSummary
+  pId_
+  pResourceType_
+  pCreatedAt_
+  pAnalyzedAt_
+  pUpdatedAt_
+  pStatus_
+  pResourceOwnerAccount_ =
+    FindingSummary'
+      { action = Prelude.Nothing,
+        error = Prelude.Nothing,
+        isPublic = Prelude.Nothing,
+        principal = Prelude.Nothing,
+        resource = Prelude.Nothing,
+        sources = Prelude.Nothing,
+        id = pId_,
+        resourceType = pResourceType_,
+        condition = Prelude.mempty,
+        createdAt = Data._Time Lens.# pCreatedAt_,
+        analyzedAt = Data._Time Lens.# pAnalyzedAt_,
+        updatedAt = Data._Time Lens.# pUpdatedAt_,
+        status = pStatus_,
+        resourceOwnerAccount = pResourceOwnerAccount_
+      }
+
+-- | The action in the analyzed policy statement that an external principal
+-- has permission to use.
+findingSummary_action :: Lens.Lens' FindingSummary (Prelude.Maybe [Prelude.Text])
+findingSummary_action = Lens.lens (\FindingSummary' {action} -> action) (\s@FindingSummary' {} a -> s {action = a} :: FindingSummary) Prelude.. Lens.mapping Lens.coerced
+
+-- | The error that resulted in an Error finding.
+findingSummary_error :: Lens.Lens' FindingSummary (Prelude.Maybe Prelude.Text)
+findingSummary_error = Lens.lens (\FindingSummary' {error} -> error) (\s@FindingSummary' {} a -> s {error = a} :: FindingSummary)
+
+-- | Indicates whether the finding reports a resource that has a policy that
+-- allows public access.
+findingSummary_isPublic :: Lens.Lens' FindingSummary (Prelude.Maybe Prelude.Bool)
+findingSummary_isPublic = Lens.lens (\FindingSummary' {isPublic} -> isPublic) (\s@FindingSummary' {} a -> s {isPublic = a} :: FindingSummary)
+
+-- | The external principal that has access to a resource within the zone of
+-- trust.
+findingSummary_principal :: Lens.Lens' FindingSummary (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+findingSummary_principal = Lens.lens (\FindingSummary' {principal} -> principal) (\s@FindingSummary' {} a -> s {principal = a} :: FindingSummary) Prelude.. Lens.mapping Lens.coerced
+
+-- | The resource that the external principal has access to.
+findingSummary_resource :: Lens.Lens' FindingSummary (Prelude.Maybe Prelude.Text)
+findingSummary_resource = Lens.lens (\FindingSummary' {resource} -> resource) (\s@FindingSummary' {} a -> s {resource = a} :: FindingSummary)
+
+-- | The sources of the finding. This indicates how the access that generated
+-- the finding is granted. It is populated for Amazon S3 bucket findings.
+findingSummary_sources :: Lens.Lens' FindingSummary (Prelude.Maybe [FindingSource])
+findingSummary_sources = Lens.lens (\FindingSummary' {sources} -> sources) (\s@FindingSummary' {} a -> s {sources = a} :: FindingSummary) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the finding.
+findingSummary_id :: Lens.Lens' FindingSummary Prelude.Text
+findingSummary_id = Lens.lens (\FindingSummary' {id} -> id) (\s@FindingSummary' {} a -> s {id = a} :: FindingSummary)
+
+-- | The type of the resource that the external principal has access to.
+findingSummary_resourceType :: Lens.Lens' FindingSummary ResourceType
+findingSummary_resourceType = Lens.lens (\FindingSummary' {resourceType} -> resourceType) (\s@FindingSummary' {} a -> s {resourceType = a} :: FindingSummary)
+
+-- | The condition in the analyzed policy statement that resulted in a
+-- finding.
+findingSummary_condition :: Lens.Lens' FindingSummary (Prelude.HashMap Prelude.Text Prelude.Text)
+findingSummary_condition = Lens.lens (\FindingSummary' {condition} -> condition) (\s@FindingSummary' {} a -> s {condition = a} :: FindingSummary) Prelude.. Lens.coerced
+
+-- | The time at which the finding was created.
+findingSummary_createdAt :: Lens.Lens' FindingSummary Prelude.UTCTime
+findingSummary_createdAt = Lens.lens (\FindingSummary' {createdAt} -> createdAt) (\s@FindingSummary' {} a -> s {createdAt = a} :: FindingSummary) Prelude.. Data._Time
+
+-- | The time at which the resource-based policy that generated the finding
+-- was analyzed.
+findingSummary_analyzedAt :: Lens.Lens' FindingSummary Prelude.UTCTime
+findingSummary_analyzedAt = Lens.lens (\FindingSummary' {analyzedAt} -> analyzedAt) (\s@FindingSummary' {} a -> s {analyzedAt = a} :: FindingSummary) Prelude.. Data._Time
+
+-- | The time at which the finding was most recently updated.
+findingSummary_updatedAt :: Lens.Lens' FindingSummary Prelude.UTCTime
+findingSummary_updatedAt = Lens.lens (\FindingSummary' {updatedAt} -> updatedAt) (\s@FindingSummary' {} a -> s {updatedAt = a} :: FindingSummary) Prelude.. Data._Time
+
+-- | The status of the finding.
+findingSummary_status :: Lens.Lens' FindingSummary FindingStatus
+findingSummary_status = Lens.lens (\FindingSummary' {status} -> status) (\s@FindingSummary' {} a -> s {status = a} :: FindingSummary)
+
+-- | The Amazon Web Services account ID that owns the resource.
+findingSummary_resourceOwnerAccount :: Lens.Lens' FindingSummary Prelude.Text
+findingSummary_resourceOwnerAccount = Lens.lens (\FindingSummary' {resourceOwnerAccount} -> resourceOwnerAccount) (\s@FindingSummary' {} a -> s {resourceOwnerAccount = a} :: FindingSummary)
+
+instance Data.FromJSON FindingSummary where
+  parseJSON =
+    Data.withObject
+      "FindingSummary"
+      ( \x ->
+          FindingSummary'
+            Prelude.<$> (x Data..:? "action" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "error")
+            Prelude.<*> (x Data..:? "isPublic")
+            Prelude.<*> (x Data..:? "principal" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "resource")
+            Prelude.<*> (x Data..:? "sources" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "id")
+            Prelude.<*> (x Data..: "resourceType")
+            Prelude.<*> (x Data..:? "condition" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "createdAt")
+            Prelude.<*> (x Data..: "analyzedAt")
+            Prelude.<*> (x Data..: "updatedAt")
+            Prelude.<*> (x Data..: "status")
+            Prelude.<*> (x Data..: "resourceOwnerAccount")
+      )
+
+instance Prelude.Hashable FindingSummary where
+  hashWithSalt _salt FindingSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` error
+      `Prelude.hashWithSalt` isPublic
+      `Prelude.hashWithSalt` principal
+      `Prelude.hashWithSalt` resource
+      `Prelude.hashWithSalt` sources
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` condition
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` analyzedAt
+      `Prelude.hashWithSalt` updatedAt
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` resourceOwnerAccount
+
+instance Prelude.NFData FindingSummary where
+  rnf FindingSummary' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf error
+      `Prelude.seq` Prelude.rnf isPublic
+      `Prelude.seq` Prelude.rnf principal
+      `Prelude.seq` Prelude.rnf resource
+      `Prelude.seq` Prelude.rnf sources
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf condition
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf analyzedAt
+      `Prelude.seq` Prelude.rnf updatedAt
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf resourceOwnerAccount
diff --git a/gen/Amazonka/AccessAnalyzer/Types/GeneratedPolicy.hs b/gen/Amazonka/AccessAnalyzer/Types/GeneratedPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/GeneratedPolicy.hs
@@ -0,0 +1,78 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.GeneratedPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.GeneratedPolicy where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the text for the generated policy.
+--
+-- /See:/ 'newGeneratedPolicy' smart constructor.
+data GeneratedPolicy = GeneratedPolicy'
+  { -- | The text to use as the content for the new policy. The policy is created
+    -- using the
+    -- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html CreatePolicy>
+    -- action.
+    policy :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GeneratedPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'policy', 'generatedPolicy_policy' - The text to use as the content for the new policy. The policy is created
+-- using the
+-- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html CreatePolicy>
+-- action.
+newGeneratedPolicy ::
+  -- | 'policy'
+  Prelude.Text ->
+  GeneratedPolicy
+newGeneratedPolicy pPolicy_ =
+  GeneratedPolicy' {policy = pPolicy_}
+
+-- | The text to use as the content for the new policy. The policy is created
+-- using the
+-- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html CreatePolicy>
+-- action.
+generatedPolicy_policy :: Lens.Lens' GeneratedPolicy Prelude.Text
+generatedPolicy_policy = Lens.lens (\GeneratedPolicy' {policy} -> policy) (\s@GeneratedPolicy' {} a -> s {policy = a} :: GeneratedPolicy)
+
+instance Data.FromJSON GeneratedPolicy where
+  parseJSON =
+    Data.withObject
+      "GeneratedPolicy"
+      ( \x ->
+          GeneratedPolicy' Prelude.<$> (x Data..: "policy")
+      )
+
+instance Prelude.Hashable GeneratedPolicy where
+  hashWithSalt _salt GeneratedPolicy' {..} =
+    _salt `Prelude.hashWithSalt` policy
+
+instance Prelude.NFData GeneratedPolicy where
+  rnf GeneratedPolicy' {..} = Prelude.rnf policy
diff --git a/gen/Amazonka/AccessAnalyzer/Types/GeneratedPolicyProperties.hs b/gen/Amazonka/AccessAnalyzer/Types/GeneratedPolicyProperties.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/GeneratedPolicyProperties.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties where
+
+import Amazonka.AccessAnalyzer.Types.CloudTrailProperties
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the generated policy details.
+--
+-- /See:/ 'newGeneratedPolicyProperties' smart constructor.
+data GeneratedPolicyProperties = GeneratedPolicyProperties'
+  { -- | Lists details about the @Trail@ used to generated policy.
+    cloudTrailProperties :: Prelude.Maybe CloudTrailProperties,
+    -- | This value is set to @true@ if the generated policy contains all
+    -- possible actions for a service that IAM Access Analyzer identified from
+    -- the CloudTrail trail that you specified, and @false@ otherwise.
+    isComplete :: Prelude.Maybe Prelude.Bool,
+    -- | The ARN of the IAM entity (user or role) for which you are generating a
+    -- policy.
+    principalArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GeneratedPolicyProperties' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cloudTrailProperties', 'generatedPolicyProperties_cloudTrailProperties' - Lists details about the @Trail@ used to generated policy.
+--
+-- 'isComplete', 'generatedPolicyProperties_isComplete' - This value is set to @true@ if the generated policy contains all
+-- possible actions for a service that IAM Access Analyzer identified from
+-- the CloudTrail trail that you specified, and @false@ otherwise.
+--
+-- 'principalArn', 'generatedPolicyProperties_principalArn' - The ARN of the IAM entity (user or role) for which you are generating a
+-- policy.
+newGeneratedPolicyProperties ::
+  -- | 'principalArn'
+  Prelude.Text ->
+  GeneratedPolicyProperties
+newGeneratedPolicyProperties pPrincipalArn_ =
+  GeneratedPolicyProperties'
+    { cloudTrailProperties =
+        Prelude.Nothing,
+      isComplete = Prelude.Nothing,
+      principalArn = pPrincipalArn_
+    }
+
+-- | Lists details about the @Trail@ used to generated policy.
+generatedPolicyProperties_cloudTrailProperties :: Lens.Lens' GeneratedPolicyProperties (Prelude.Maybe CloudTrailProperties)
+generatedPolicyProperties_cloudTrailProperties = Lens.lens (\GeneratedPolicyProperties' {cloudTrailProperties} -> cloudTrailProperties) (\s@GeneratedPolicyProperties' {} a -> s {cloudTrailProperties = a} :: GeneratedPolicyProperties)
+
+-- | This value is set to @true@ if the generated policy contains all
+-- possible actions for a service that IAM Access Analyzer identified from
+-- the CloudTrail trail that you specified, and @false@ otherwise.
+generatedPolicyProperties_isComplete :: Lens.Lens' GeneratedPolicyProperties (Prelude.Maybe Prelude.Bool)
+generatedPolicyProperties_isComplete = Lens.lens (\GeneratedPolicyProperties' {isComplete} -> isComplete) (\s@GeneratedPolicyProperties' {} a -> s {isComplete = a} :: GeneratedPolicyProperties)
+
+-- | The ARN of the IAM entity (user or role) for which you are generating a
+-- policy.
+generatedPolicyProperties_principalArn :: Lens.Lens' GeneratedPolicyProperties Prelude.Text
+generatedPolicyProperties_principalArn = Lens.lens (\GeneratedPolicyProperties' {principalArn} -> principalArn) (\s@GeneratedPolicyProperties' {} a -> s {principalArn = a} :: GeneratedPolicyProperties)
+
+instance Data.FromJSON GeneratedPolicyProperties where
+  parseJSON =
+    Data.withObject
+      "GeneratedPolicyProperties"
+      ( \x ->
+          GeneratedPolicyProperties'
+            Prelude.<$> (x Data..:? "cloudTrailProperties")
+            Prelude.<*> (x Data..:? "isComplete")
+            Prelude.<*> (x Data..: "principalArn")
+      )
+
+instance Prelude.Hashable GeneratedPolicyProperties where
+  hashWithSalt _salt GeneratedPolicyProperties' {..} =
+    _salt
+      `Prelude.hashWithSalt` cloudTrailProperties
+      `Prelude.hashWithSalt` isComplete
+      `Prelude.hashWithSalt` principalArn
+
+instance Prelude.NFData GeneratedPolicyProperties where
+  rnf GeneratedPolicyProperties' {..} =
+    Prelude.rnf cloudTrailProperties
+      `Prelude.seq` Prelude.rnf isComplete
+      `Prelude.seq` Prelude.rnf principalArn
diff --git a/gen/Amazonka/AccessAnalyzer/Types/GeneratedPolicyResult.hs b/gen/Amazonka/AccessAnalyzer/Types/GeneratedPolicyResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/GeneratedPolicyResult.hs
@@ -0,0 +1,104 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.GeneratedPolicyResult where
+
+import Amazonka.AccessAnalyzer.Types.GeneratedPolicy
+import Amazonka.AccessAnalyzer.Types.GeneratedPolicyProperties
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the text for the generated policy and its details.
+--
+-- /See:/ 'newGeneratedPolicyResult' smart constructor.
+data GeneratedPolicyResult = GeneratedPolicyResult'
+  { -- | The text to use as the content for the new policy. The policy is created
+    -- using the
+    -- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html CreatePolicy>
+    -- action.
+    generatedPolicies :: Prelude.Maybe [GeneratedPolicy],
+    -- | A @GeneratedPolicyProperties@ object that contains properties of the
+    -- generated policy.
+    properties :: GeneratedPolicyProperties
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GeneratedPolicyResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'generatedPolicies', 'generatedPolicyResult_generatedPolicies' - The text to use as the content for the new policy. The policy is created
+-- using the
+-- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html CreatePolicy>
+-- action.
+--
+-- 'properties', 'generatedPolicyResult_properties' - A @GeneratedPolicyProperties@ object that contains properties of the
+-- generated policy.
+newGeneratedPolicyResult ::
+  -- | 'properties'
+  GeneratedPolicyProperties ->
+  GeneratedPolicyResult
+newGeneratedPolicyResult pProperties_ =
+  GeneratedPolicyResult'
+    { generatedPolicies =
+        Prelude.Nothing,
+      properties = pProperties_
+    }
+
+-- | The text to use as the content for the new policy. The policy is created
+-- using the
+-- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html CreatePolicy>
+-- action.
+generatedPolicyResult_generatedPolicies :: Lens.Lens' GeneratedPolicyResult (Prelude.Maybe [GeneratedPolicy])
+generatedPolicyResult_generatedPolicies = Lens.lens (\GeneratedPolicyResult' {generatedPolicies} -> generatedPolicies) (\s@GeneratedPolicyResult' {} a -> s {generatedPolicies = a} :: GeneratedPolicyResult) Prelude.. Lens.mapping Lens.coerced
+
+-- | A @GeneratedPolicyProperties@ object that contains properties of the
+-- generated policy.
+generatedPolicyResult_properties :: Lens.Lens' GeneratedPolicyResult GeneratedPolicyProperties
+generatedPolicyResult_properties = Lens.lens (\GeneratedPolicyResult' {properties} -> properties) (\s@GeneratedPolicyResult' {} a -> s {properties = a} :: GeneratedPolicyResult)
+
+instance Data.FromJSON GeneratedPolicyResult where
+  parseJSON =
+    Data.withObject
+      "GeneratedPolicyResult"
+      ( \x ->
+          GeneratedPolicyResult'
+            Prelude.<$> ( x
+                            Data..:? "generatedPolicies"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..: "properties")
+      )
+
+instance Prelude.Hashable GeneratedPolicyResult where
+  hashWithSalt _salt GeneratedPolicyResult' {..} =
+    _salt
+      `Prelude.hashWithSalt` generatedPolicies
+      `Prelude.hashWithSalt` properties
+
+instance Prelude.NFData GeneratedPolicyResult where
+  rnf GeneratedPolicyResult' {..} =
+    Prelude.rnf generatedPolicies
+      `Prelude.seq` Prelude.rnf properties
diff --git a/gen/Amazonka/AccessAnalyzer/Types/IamRoleConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/IamRoleConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/IamRoleConfiguration.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.IamRoleConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.IamRoleConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The proposed access control configuration for an IAM role. You can
+-- propose a configuration for a new IAM role or an existing IAM role that
+-- you own by specifying the trust policy. If the configuration is for a
+-- new IAM role, you must specify the trust policy. If the configuration is
+-- for an existing IAM role that you own and you do not propose the trust
+-- policy, the access preview uses the existing trust policy for the role.
+-- The proposed trust policy cannot be an empty string. For more
+-- information about role trust policy limits, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html IAM and STS quotas>.
+--
+-- /See:/ 'newIamRoleConfiguration' smart constructor.
+data IamRoleConfiguration = IamRoleConfiguration'
+  { -- | The proposed trust policy for the IAM role.
+    trustPolicy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IamRoleConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'trustPolicy', 'iamRoleConfiguration_trustPolicy' - The proposed trust policy for the IAM role.
+newIamRoleConfiguration ::
+  IamRoleConfiguration
+newIamRoleConfiguration =
+  IamRoleConfiguration'
+    { trustPolicy =
+        Prelude.Nothing
+    }
+
+-- | The proposed trust policy for the IAM role.
+iamRoleConfiguration_trustPolicy :: Lens.Lens' IamRoleConfiguration (Prelude.Maybe Prelude.Text)
+iamRoleConfiguration_trustPolicy = Lens.lens (\IamRoleConfiguration' {trustPolicy} -> trustPolicy) (\s@IamRoleConfiguration' {} a -> s {trustPolicy = a} :: IamRoleConfiguration)
+
+instance Data.FromJSON IamRoleConfiguration where
+  parseJSON =
+    Data.withObject
+      "IamRoleConfiguration"
+      ( \x ->
+          IamRoleConfiguration'
+            Prelude.<$> (x Data..:? "trustPolicy")
+      )
+
+instance Prelude.Hashable IamRoleConfiguration where
+  hashWithSalt _salt IamRoleConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` trustPolicy
+
+instance Prelude.NFData IamRoleConfiguration where
+  rnf IamRoleConfiguration' {..} =
+    Prelude.rnf trustPolicy
+
+instance Data.ToJSON IamRoleConfiguration where
+  toJSON IamRoleConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("trustPolicy" Data..=) Prelude.<$> trustPolicy]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/InlineArchiveRule.hs b/gen/Amazonka/AccessAnalyzer/Types/InlineArchiveRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/InlineArchiveRule.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.InlineArchiveRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.InlineArchiveRule where
+
+import Amazonka.AccessAnalyzer.Types.Criterion
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An criterion statement in an archive rule. Each archive rule may have
+-- multiple criteria.
+--
+-- /See:/ 'newInlineArchiveRule' smart constructor.
+data InlineArchiveRule = InlineArchiveRule'
+  { -- | The name of the rule.
+    ruleName :: Prelude.Text,
+    -- | The condition and values for a criterion.
+    filter' :: Prelude.HashMap Prelude.Text Criterion
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InlineArchiveRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ruleName', 'inlineArchiveRule_ruleName' - The name of the rule.
+--
+-- 'filter'', 'inlineArchiveRule_filter' - The condition and values for a criterion.
+newInlineArchiveRule ::
+  -- | 'ruleName'
+  Prelude.Text ->
+  InlineArchiveRule
+newInlineArchiveRule pRuleName_ =
+  InlineArchiveRule'
+    { ruleName = pRuleName_,
+      filter' = Prelude.mempty
+    }
+
+-- | The name of the rule.
+inlineArchiveRule_ruleName :: Lens.Lens' InlineArchiveRule Prelude.Text
+inlineArchiveRule_ruleName = Lens.lens (\InlineArchiveRule' {ruleName} -> ruleName) (\s@InlineArchiveRule' {} a -> s {ruleName = a} :: InlineArchiveRule)
+
+-- | The condition and values for a criterion.
+inlineArchiveRule_filter :: Lens.Lens' InlineArchiveRule (Prelude.HashMap Prelude.Text Criterion)
+inlineArchiveRule_filter = Lens.lens (\InlineArchiveRule' {filter'} -> filter') (\s@InlineArchiveRule' {} a -> s {filter' = a} :: InlineArchiveRule) Prelude.. Lens.coerced
+
+instance Prelude.Hashable InlineArchiveRule where
+  hashWithSalt _salt InlineArchiveRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` ruleName
+      `Prelude.hashWithSalt` filter'
+
+instance Prelude.NFData InlineArchiveRule where
+  rnf InlineArchiveRule' {..} =
+    Prelude.rnf ruleName
+      `Prelude.seq` Prelude.rnf filter'
+
+instance Data.ToJSON InlineArchiveRule where
+  toJSON InlineArchiveRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ruleName" Data..= ruleName),
+            Prelude.Just ("filter" Data..= filter')
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/InternetConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/InternetConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/InternetConfiguration.hs
@@ -0,0 +1,58 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.InternetConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.InternetConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | This configuration sets the network origin for the Amazon S3 access
+-- point or multi-region access point to @Internet@.
+--
+-- /See:/ 'newInternetConfiguration' smart constructor.
+data InternetConfiguration = InternetConfiguration'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InternetConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newInternetConfiguration ::
+  InternetConfiguration
+newInternetConfiguration = InternetConfiguration'
+
+instance Data.FromJSON InternetConfiguration where
+  parseJSON =
+    Data.withObject
+      "InternetConfiguration"
+      (\x -> Prelude.pure InternetConfiguration')
+
+instance Prelude.Hashable InternetConfiguration where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData InternetConfiguration where
+  rnf _ = ()
+
+instance Data.ToJSON InternetConfiguration where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
diff --git a/gen/Amazonka/AccessAnalyzer/Types/JobDetails.hs b/gen/Amazonka/AccessAnalyzer/Types/JobDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/JobDetails.hs
@@ -0,0 +1,137 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.JobDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.JobDetails where
+
+import Amazonka.AccessAnalyzer.Types.JobError
+import Amazonka.AccessAnalyzer.Types.JobStatus
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains details about the policy generation request.
+--
+-- /See:/ 'newJobDetails' smart constructor.
+data JobDetails = JobDetails'
+  { -- | A timestamp of when the job was completed.
+    completedOn :: Prelude.Maybe Data.ISO8601,
+    -- | The job error for the policy generation request.
+    jobError :: Prelude.Maybe JobError,
+    -- | The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+    -- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+    -- generated policies or used with @CancelPolicyGeneration@ to cancel the
+    -- policy generation request.
+    jobId :: Prelude.Text,
+    -- | The status of the job request.
+    status :: JobStatus,
+    -- | A timestamp of when the job was started.
+    startedOn :: Data.ISO8601
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'JobDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'completedOn', 'jobDetails_completedOn' - A timestamp of when the job was completed.
+--
+-- 'jobError', 'jobDetails_jobError' - The job error for the policy generation request.
+--
+-- 'jobId', 'jobDetails_jobId' - The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+-- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+-- generated policies or used with @CancelPolicyGeneration@ to cancel the
+-- policy generation request.
+--
+-- 'status', 'jobDetails_status' - The status of the job request.
+--
+-- 'startedOn', 'jobDetails_startedOn' - A timestamp of when the job was started.
+newJobDetails ::
+  -- | 'jobId'
+  Prelude.Text ->
+  -- | 'status'
+  JobStatus ->
+  -- | 'startedOn'
+  Prelude.UTCTime ->
+  JobDetails
+newJobDetails pJobId_ pStatus_ pStartedOn_ =
+  JobDetails'
+    { completedOn = Prelude.Nothing,
+      jobError = Prelude.Nothing,
+      jobId = pJobId_,
+      status = pStatus_,
+      startedOn = Data._Time Lens.# pStartedOn_
+    }
+
+-- | A timestamp of when the job was completed.
+jobDetails_completedOn :: Lens.Lens' JobDetails (Prelude.Maybe Prelude.UTCTime)
+jobDetails_completedOn = Lens.lens (\JobDetails' {completedOn} -> completedOn) (\s@JobDetails' {} a -> s {completedOn = a} :: JobDetails) Prelude.. Lens.mapping Data._Time
+
+-- | The job error for the policy generation request.
+jobDetails_jobError :: Lens.Lens' JobDetails (Prelude.Maybe JobError)
+jobDetails_jobError = Lens.lens (\JobDetails' {jobError} -> jobError) (\s@JobDetails' {} a -> s {jobError = a} :: JobDetails)
+
+-- | The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+-- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+-- generated policies or used with @CancelPolicyGeneration@ to cancel the
+-- policy generation request.
+jobDetails_jobId :: Lens.Lens' JobDetails Prelude.Text
+jobDetails_jobId = Lens.lens (\JobDetails' {jobId} -> jobId) (\s@JobDetails' {} a -> s {jobId = a} :: JobDetails)
+
+-- | The status of the job request.
+jobDetails_status :: Lens.Lens' JobDetails JobStatus
+jobDetails_status = Lens.lens (\JobDetails' {status} -> status) (\s@JobDetails' {} a -> s {status = a} :: JobDetails)
+
+-- | A timestamp of when the job was started.
+jobDetails_startedOn :: Lens.Lens' JobDetails Prelude.UTCTime
+jobDetails_startedOn = Lens.lens (\JobDetails' {startedOn} -> startedOn) (\s@JobDetails' {} a -> s {startedOn = a} :: JobDetails) Prelude.. Data._Time
+
+instance Data.FromJSON JobDetails where
+  parseJSON =
+    Data.withObject
+      "JobDetails"
+      ( \x ->
+          JobDetails'
+            Prelude.<$> (x Data..:? "completedOn")
+            Prelude.<*> (x Data..:? "jobError")
+            Prelude.<*> (x Data..: "jobId")
+            Prelude.<*> (x Data..: "status")
+            Prelude.<*> (x Data..: "startedOn")
+      )
+
+instance Prelude.Hashable JobDetails where
+  hashWithSalt _salt JobDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` completedOn
+      `Prelude.hashWithSalt` jobError
+      `Prelude.hashWithSalt` jobId
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` startedOn
+
+instance Prelude.NFData JobDetails where
+  rnf JobDetails' {..} =
+    Prelude.rnf completedOn
+      `Prelude.seq` Prelude.rnf jobError
+      `Prelude.seq` Prelude.rnf jobId
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf startedOn
diff --git a/gen/Amazonka/AccessAnalyzer/Types/JobError.hs b/gen/Amazonka/AccessAnalyzer/Types/JobError.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/JobError.hs
@@ -0,0 +1,88 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.JobError
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.JobError where
+
+import Amazonka.AccessAnalyzer.Types.JobErrorCode
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the details about the policy generation error.
+--
+-- /See:/ 'newJobError' smart constructor.
+data JobError = JobError'
+  { -- | The job error code.
+    code :: JobErrorCode,
+    -- | Specific information about the error. For example, which service quota
+    -- was exceeded or which resource was not found.
+    message :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'JobError' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'code', 'jobError_code' - The job error code.
+--
+-- 'message', 'jobError_message' - Specific information about the error. For example, which service quota
+-- was exceeded or which resource was not found.
+newJobError ::
+  -- | 'code'
+  JobErrorCode ->
+  -- | 'message'
+  Prelude.Text ->
+  JobError
+newJobError pCode_ pMessage_ =
+  JobError' {code = pCode_, message = pMessage_}
+
+-- | The job error code.
+jobError_code :: Lens.Lens' JobError JobErrorCode
+jobError_code = Lens.lens (\JobError' {code} -> code) (\s@JobError' {} a -> s {code = a} :: JobError)
+
+-- | Specific information about the error. For example, which service quota
+-- was exceeded or which resource was not found.
+jobError_message :: Lens.Lens' JobError Prelude.Text
+jobError_message = Lens.lens (\JobError' {message} -> message) (\s@JobError' {} a -> s {message = a} :: JobError)
+
+instance Data.FromJSON JobError where
+  parseJSON =
+    Data.withObject
+      "JobError"
+      ( \x ->
+          JobError'
+            Prelude.<$> (x Data..: "code")
+            Prelude.<*> (x Data..: "message")
+      )
+
+instance Prelude.Hashable JobError where
+  hashWithSalt _salt JobError' {..} =
+    _salt
+      `Prelude.hashWithSalt` code
+      `Prelude.hashWithSalt` message
+
+instance Prelude.NFData JobError where
+  rnf JobError' {..} =
+    Prelude.rnf code `Prelude.seq` Prelude.rnf message
diff --git a/gen/Amazonka/AccessAnalyzer/Types/JobErrorCode.hs b/gen/Amazonka/AccessAnalyzer/Types/JobErrorCode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/JobErrorCode.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.JobErrorCode
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.JobErrorCode
+  ( JobErrorCode
+      ( ..,
+        JobErrorCode_AUTHORIZATION_ERROR,
+        JobErrorCode_RESOURCE_NOT_FOUND_ERROR,
+        JobErrorCode_SERVICE_ERROR,
+        JobErrorCode_SERVICE_QUOTA_EXCEEDED_ERROR
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype JobErrorCode = JobErrorCode'
+  { fromJobErrorCode ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern JobErrorCode_AUTHORIZATION_ERROR :: JobErrorCode
+pattern JobErrorCode_AUTHORIZATION_ERROR = JobErrorCode' "AUTHORIZATION_ERROR"
+
+pattern JobErrorCode_RESOURCE_NOT_FOUND_ERROR :: JobErrorCode
+pattern JobErrorCode_RESOURCE_NOT_FOUND_ERROR = JobErrorCode' "RESOURCE_NOT_FOUND_ERROR"
+
+pattern JobErrorCode_SERVICE_ERROR :: JobErrorCode
+pattern JobErrorCode_SERVICE_ERROR = JobErrorCode' "SERVICE_ERROR"
+
+pattern JobErrorCode_SERVICE_QUOTA_EXCEEDED_ERROR :: JobErrorCode
+pattern JobErrorCode_SERVICE_QUOTA_EXCEEDED_ERROR = JobErrorCode' "SERVICE_QUOTA_EXCEEDED_ERROR"
+
+{-# COMPLETE
+  JobErrorCode_AUTHORIZATION_ERROR,
+  JobErrorCode_RESOURCE_NOT_FOUND_ERROR,
+  JobErrorCode_SERVICE_ERROR,
+  JobErrorCode_SERVICE_QUOTA_EXCEEDED_ERROR,
+  JobErrorCode'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/JobStatus.hs b/gen/Amazonka/AccessAnalyzer/Types/JobStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/JobStatus.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.JobStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.JobStatus
+  ( JobStatus
+      ( ..,
+        JobStatus_CANCELED,
+        JobStatus_FAILED,
+        JobStatus_IN_PROGRESS,
+        JobStatus_SUCCEEDED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype JobStatus = JobStatus'
+  { fromJobStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern JobStatus_CANCELED :: JobStatus
+pattern JobStatus_CANCELED = JobStatus' "CANCELED"
+
+pattern JobStatus_FAILED :: JobStatus
+pattern JobStatus_FAILED = JobStatus' "FAILED"
+
+pattern JobStatus_IN_PROGRESS :: JobStatus
+pattern JobStatus_IN_PROGRESS = JobStatus' "IN_PROGRESS"
+
+pattern JobStatus_SUCCEEDED :: JobStatus
+pattern JobStatus_SUCCEEDED = JobStatus' "SUCCEEDED"
+
+{-# COMPLETE
+  JobStatus_CANCELED,
+  JobStatus_FAILED,
+  JobStatus_IN_PROGRESS,
+  JobStatus_SUCCEEDED,
+  JobStatus'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/KmsGrantConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/KmsGrantConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/KmsGrantConfiguration.hs
@@ -0,0 +1,169 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration where
+
+import Amazonka.AccessAnalyzer.Types.KmsGrantConstraints
+import Amazonka.AccessAnalyzer.Types.KmsGrantOperation
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A proposed grant configuration for a KMS key. For more information, see
+-- <https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html CreateGrant>.
+--
+-- /See:/ 'newKmsGrantConfiguration' smart constructor.
+data KmsGrantConfiguration = KmsGrantConfiguration'
+  { -- | Use this structure to propose allowing
+    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>
+    -- in the grant only when the operation request includes the specified
+    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context encryption context>.
+    constraints :: Prelude.Maybe KmsGrantConstraints,
+    -- | The principal that is given permission to retire the grant by using
+    -- <https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html RetireGrant>
+    -- operation.
+    retiringPrincipal :: Prelude.Maybe Prelude.Text,
+    -- | A list of operations that the grant permits.
+    operations :: [KmsGrantOperation],
+    -- | The principal that is given permission to perform the operations that
+    -- the grant permits.
+    granteePrincipal :: Prelude.Text,
+    -- | The Amazon Web Services account under which the grant was issued. The
+    -- account is used to propose KMS grants issued by accounts other than the
+    -- owner of the key.
+    issuingAccount :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KmsGrantConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'constraints', 'kmsGrantConfiguration_constraints' - Use this structure to propose allowing
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>
+-- in the grant only when the operation request includes the specified
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context encryption context>.
+--
+-- 'retiringPrincipal', 'kmsGrantConfiguration_retiringPrincipal' - The principal that is given permission to retire the grant by using
+-- <https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html RetireGrant>
+-- operation.
+--
+-- 'operations', 'kmsGrantConfiguration_operations' - A list of operations that the grant permits.
+--
+-- 'granteePrincipal', 'kmsGrantConfiguration_granteePrincipal' - The principal that is given permission to perform the operations that
+-- the grant permits.
+--
+-- 'issuingAccount', 'kmsGrantConfiguration_issuingAccount' - The Amazon Web Services account under which the grant was issued. The
+-- account is used to propose KMS grants issued by accounts other than the
+-- owner of the key.
+newKmsGrantConfiguration ::
+  -- | 'granteePrincipal'
+  Prelude.Text ->
+  -- | 'issuingAccount'
+  Prelude.Text ->
+  KmsGrantConfiguration
+newKmsGrantConfiguration
+  pGranteePrincipal_
+  pIssuingAccount_ =
+    KmsGrantConfiguration'
+      { constraints =
+          Prelude.Nothing,
+        retiringPrincipal = Prelude.Nothing,
+        operations = Prelude.mempty,
+        granteePrincipal = pGranteePrincipal_,
+        issuingAccount = pIssuingAccount_
+      }
+
+-- | Use this structure to propose allowing
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>
+-- in the grant only when the operation request includes the specified
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context encryption context>.
+kmsGrantConfiguration_constraints :: Lens.Lens' KmsGrantConfiguration (Prelude.Maybe KmsGrantConstraints)
+kmsGrantConfiguration_constraints = Lens.lens (\KmsGrantConfiguration' {constraints} -> constraints) (\s@KmsGrantConfiguration' {} a -> s {constraints = a} :: KmsGrantConfiguration)
+
+-- | The principal that is given permission to retire the grant by using
+-- <https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html RetireGrant>
+-- operation.
+kmsGrantConfiguration_retiringPrincipal :: Lens.Lens' KmsGrantConfiguration (Prelude.Maybe Prelude.Text)
+kmsGrantConfiguration_retiringPrincipal = Lens.lens (\KmsGrantConfiguration' {retiringPrincipal} -> retiringPrincipal) (\s@KmsGrantConfiguration' {} a -> s {retiringPrincipal = a} :: KmsGrantConfiguration)
+
+-- | A list of operations that the grant permits.
+kmsGrantConfiguration_operations :: Lens.Lens' KmsGrantConfiguration [KmsGrantOperation]
+kmsGrantConfiguration_operations = Lens.lens (\KmsGrantConfiguration' {operations} -> operations) (\s@KmsGrantConfiguration' {} a -> s {operations = a} :: KmsGrantConfiguration) Prelude.. Lens.coerced
+
+-- | The principal that is given permission to perform the operations that
+-- the grant permits.
+kmsGrantConfiguration_granteePrincipal :: Lens.Lens' KmsGrantConfiguration Prelude.Text
+kmsGrantConfiguration_granteePrincipal = Lens.lens (\KmsGrantConfiguration' {granteePrincipal} -> granteePrincipal) (\s@KmsGrantConfiguration' {} a -> s {granteePrincipal = a} :: KmsGrantConfiguration)
+
+-- | The Amazon Web Services account under which the grant was issued. The
+-- account is used to propose KMS grants issued by accounts other than the
+-- owner of the key.
+kmsGrantConfiguration_issuingAccount :: Lens.Lens' KmsGrantConfiguration Prelude.Text
+kmsGrantConfiguration_issuingAccount = Lens.lens (\KmsGrantConfiguration' {issuingAccount} -> issuingAccount) (\s@KmsGrantConfiguration' {} a -> s {issuingAccount = a} :: KmsGrantConfiguration)
+
+instance Data.FromJSON KmsGrantConfiguration where
+  parseJSON =
+    Data.withObject
+      "KmsGrantConfiguration"
+      ( \x ->
+          KmsGrantConfiguration'
+            Prelude.<$> (x Data..:? "constraints")
+            Prelude.<*> (x Data..:? "retiringPrincipal")
+            Prelude.<*> (x Data..:? "operations" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "granteePrincipal")
+            Prelude.<*> (x Data..: "issuingAccount")
+      )
+
+instance Prelude.Hashable KmsGrantConfiguration where
+  hashWithSalt _salt KmsGrantConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` constraints
+      `Prelude.hashWithSalt` retiringPrincipal
+      `Prelude.hashWithSalt` operations
+      `Prelude.hashWithSalt` granteePrincipal
+      `Prelude.hashWithSalt` issuingAccount
+
+instance Prelude.NFData KmsGrantConfiguration where
+  rnf KmsGrantConfiguration' {..} =
+    Prelude.rnf constraints
+      `Prelude.seq` Prelude.rnf retiringPrincipal
+      `Prelude.seq` Prelude.rnf operations
+      `Prelude.seq` Prelude.rnf granteePrincipal
+      `Prelude.seq` Prelude.rnf issuingAccount
+
+instance Data.ToJSON KmsGrantConfiguration where
+  toJSON KmsGrantConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("constraints" Data..=) Prelude.<$> constraints,
+            ("retiringPrincipal" Data..=)
+              Prelude.<$> retiringPrincipal,
+            Prelude.Just ("operations" Data..= operations),
+            Prelude.Just
+              ("granteePrincipal" Data..= granteePrincipal),
+            Prelude.Just
+              ("issuingAccount" Data..= issuingAccount)
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/KmsGrantConstraints.hs b/gen/Amazonka/AccessAnalyzer/Types/KmsGrantConstraints.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/KmsGrantConstraints.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.KmsGrantConstraints
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.KmsGrantConstraints where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Use this structure to propose allowing
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>
+-- in the grant only when the operation request includes the specified
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context encryption context>.
+-- You can specify only one type of encryption context. An empty map is
+-- treated as not specified. For more information, see
+-- <https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html GrantConstraints>.
+--
+-- /See:/ 'newKmsGrantConstraints' smart constructor.
+data KmsGrantConstraints = KmsGrantConstraints'
+  { -- | A list of key-value pairs that must match the encryption context in the
+    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>
+    -- request. The grant allows the operation only when the encryption context
+    -- in the request is the same as the encryption context specified in this
+    -- constraint.
+    encryptionContextEquals :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | A list of key-value pairs that must be included in the encryption
+    -- context of the
+    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>
+    -- request. The grant allows the cryptographic operation only when the
+    -- encryption context in the request includes the key-value pairs specified
+    -- in this constraint, although it can include additional key-value pairs.
+    encryptionContextSubset :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KmsGrantConstraints' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'encryptionContextEquals', 'kmsGrantConstraints_encryptionContextEquals' - A list of key-value pairs that must match the encryption context in the
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>
+-- request. The grant allows the operation only when the encryption context
+-- in the request is the same as the encryption context specified in this
+-- constraint.
+--
+-- 'encryptionContextSubset', 'kmsGrantConstraints_encryptionContextSubset' - A list of key-value pairs that must be included in the encryption
+-- context of the
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>
+-- request. The grant allows the cryptographic operation only when the
+-- encryption context in the request includes the key-value pairs specified
+-- in this constraint, although it can include additional key-value pairs.
+newKmsGrantConstraints ::
+  KmsGrantConstraints
+newKmsGrantConstraints =
+  KmsGrantConstraints'
+    { encryptionContextEquals =
+        Prelude.Nothing,
+      encryptionContextSubset = Prelude.Nothing
+    }
+
+-- | A list of key-value pairs that must match the encryption context in the
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>
+-- request. The grant allows the operation only when the encryption context
+-- in the request is the same as the encryption context specified in this
+-- constraint.
+kmsGrantConstraints_encryptionContextEquals :: Lens.Lens' KmsGrantConstraints (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+kmsGrantConstraints_encryptionContextEquals = Lens.lens (\KmsGrantConstraints' {encryptionContextEquals} -> encryptionContextEquals) (\s@KmsGrantConstraints' {} a -> s {encryptionContextEquals = a} :: KmsGrantConstraints) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of key-value pairs that must be included in the encryption
+-- context of the
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>
+-- request. The grant allows the cryptographic operation only when the
+-- encryption context in the request includes the key-value pairs specified
+-- in this constraint, although it can include additional key-value pairs.
+kmsGrantConstraints_encryptionContextSubset :: Lens.Lens' KmsGrantConstraints (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+kmsGrantConstraints_encryptionContextSubset = Lens.lens (\KmsGrantConstraints' {encryptionContextSubset} -> encryptionContextSubset) (\s@KmsGrantConstraints' {} a -> s {encryptionContextSubset = a} :: KmsGrantConstraints) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON KmsGrantConstraints where
+  parseJSON =
+    Data.withObject
+      "KmsGrantConstraints"
+      ( \x ->
+          KmsGrantConstraints'
+            Prelude.<$> ( x
+                            Data..:? "encryptionContextEquals"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "encryptionContextSubset"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable KmsGrantConstraints where
+  hashWithSalt _salt KmsGrantConstraints' {..} =
+    _salt
+      `Prelude.hashWithSalt` encryptionContextEquals
+      `Prelude.hashWithSalt` encryptionContextSubset
+
+instance Prelude.NFData KmsGrantConstraints where
+  rnf KmsGrantConstraints' {..} =
+    Prelude.rnf encryptionContextEquals
+      `Prelude.seq` Prelude.rnf encryptionContextSubset
+
+instance Data.ToJSON KmsGrantConstraints where
+  toJSON KmsGrantConstraints' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("encryptionContextEquals" Data..=)
+              Prelude.<$> encryptionContextEquals,
+            ("encryptionContextSubset" Data..=)
+              Prelude.<$> encryptionContextSubset
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/KmsGrantOperation.hs b/gen/Amazonka/AccessAnalyzer/Types/KmsGrantOperation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/KmsGrantOperation.hs
@@ -0,0 +1,131 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.KmsGrantOperation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.KmsGrantOperation
+  ( KmsGrantOperation
+      ( ..,
+        KmsGrantOperation_CreateGrant,
+        KmsGrantOperation_Decrypt,
+        KmsGrantOperation_DescribeKey,
+        KmsGrantOperation_Encrypt,
+        KmsGrantOperation_GenerateDataKey,
+        KmsGrantOperation_GenerateDataKeyPair,
+        KmsGrantOperation_GenerateDataKeyPairWithoutPlaintext,
+        KmsGrantOperation_GenerateDataKeyWithoutPlaintext,
+        KmsGrantOperation_GetPublicKey,
+        KmsGrantOperation_ReEncryptFrom,
+        KmsGrantOperation_ReEncryptTo,
+        KmsGrantOperation_RetireGrant,
+        KmsGrantOperation_Sign,
+        KmsGrantOperation_Verify
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype KmsGrantOperation = KmsGrantOperation'
+  { fromKmsGrantOperation ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern KmsGrantOperation_CreateGrant :: KmsGrantOperation
+pattern KmsGrantOperation_CreateGrant = KmsGrantOperation' "CreateGrant"
+
+pattern KmsGrantOperation_Decrypt :: KmsGrantOperation
+pattern KmsGrantOperation_Decrypt = KmsGrantOperation' "Decrypt"
+
+pattern KmsGrantOperation_DescribeKey :: KmsGrantOperation
+pattern KmsGrantOperation_DescribeKey = KmsGrantOperation' "DescribeKey"
+
+pattern KmsGrantOperation_Encrypt :: KmsGrantOperation
+pattern KmsGrantOperation_Encrypt = KmsGrantOperation' "Encrypt"
+
+pattern KmsGrantOperation_GenerateDataKey :: KmsGrantOperation
+pattern KmsGrantOperation_GenerateDataKey = KmsGrantOperation' "GenerateDataKey"
+
+pattern KmsGrantOperation_GenerateDataKeyPair :: KmsGrantOperation
+pattern KmsGrantOperation_GenerateDataKeyPair = KmsGrantOperation' "GenerateDataKeyPair"
+
+pattern KmsGrantOperation_GenerateDataKeyPairWithoutPlaintext :: KmsGrantOperation
+pattern KmsGrantOperation_GenerateDataKeyPairWithoutPlaintext = KmsGrantOperation' "GenerateDataKeyPairWithoutPlaintext"
+
+pattern KmsGrantOperation_GenerateDataKeyWithoutPlaintext :: KmsGrantOperation
+pattern KmsGrantOperation_GenerateDataKeyWithoutPlaintext = KmsGrantOperation' "GenerateDataKeyWithoutPlaintext"
+
+pattern KmsGrantOperation_GetPublicKey :: KmsGrantOperation
+pattern KmsGrantOperation_GetPublicKey = KmsGrantOperation' "GetPublicKey"
+
+pattern KmsGrantOperation_ReEncryptFrom :: KmsGrantOperation
+pattern KmsGrantOperation_ReEncryptFrom = KmsGrantOperation' "ReEncryptFrom"
+
+pattern KmsGrantOperation_ReEncryptTo :: KmsGrantOperation
+pattern KmsGrantOperation_ReEncryptTo = KmsGrantOperation' "ReEncryptTo"
+
+pattern KmsGrantOperation_RetireGrant :: KmsGrantOperation
+pattern KmsGrantOperation_RetireGrant = KmsGrantOperation' "RetireGrant"
+
+pattern KmsGrantOperation_Sign :: KmsGrantOperation
+pattern KmsGrantOperation_Sign = KmsGrantOperation' "Sign"
+
+pattern KmsGrantOperation_Verify :: KmsGrantOperation
+pattern KmsGrantOperation_Verify = KmsGrantOperation' "Verify"
+
+{-# COMPLETE
+  KmsGrantOperation_CreateGrant,
+  KmsGrantOperation_Decrypt,
+  KmsGrantOperation_DescribeKey,
+  KmsGrantOperation_Encrypt,
+  KmsGrantOperation_GenerateDataKey,
+  KmsGrantOperation_GenerateDataKeyPair,
+  KmsGrantOperation_GenerateDataKeyPairWithoutPlaintext,
+  KmsGrantOperation_GenerateDataKeyWithoutPlaintext,
+  KmsGrantOperation_GetPublicKey,
+  KmsGrantOperation_ReEncryptFrom,
+  KmsGrantOperation_ReEncryptTo,
+  KmsGrantOperation_RetireGrant,
+  KmsGrantOperation_Sign,
+  KmsGrantOperation_Verify,
+  KmsGrantOperation'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/KmsKeyConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/KmsKeyConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/KmsKeyConfiguration.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.KmsKeyConfiguration where
+
+import Amazonka.AccessAnalyzer.Types.KmsGrantConfiguration
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Proposed access control configuration for a KMS key. You can propose a
+-- configuration for a new KMS key or an existing KMS key that you own by
+-- specifying the key policy and KMS grant configuration. If the
+-- configuration is for an existing key and you do not specify the key
+-- policy, the access preview uses the existing policy for the key. If the
+-- access preview is for a new resource and you do not specify the key
+-- policy, then the access preview uses the default key policy. The
+-- proposed key policy cannot be an empty string. For more information, see
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default Default key policy>.
+-- For more information about key policy limits, see
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html Resource quotas>.
+--
+-- /See:/ 'newKmsKeyConfiguration' smart constructor.
+data KmsKeyConfiguration = KmsKeyConfiguration'
+  { -- | A list of proposed grant configurations for the KMS key. If the proposed
+    -- grant configuration is for an existing key, the access preview uses the
+    -- proposed list of grant configurations in place of the existing grants.
+    -- Otherwise, the access preview uses the existing grants for the key.
+    grants :: Prelude.Maybe [KmsGrantConfiguration],
+    -- | Resource policy configuration for the KMS key. The only valid value for
+    -- the name of the key policy is @default@. For more information, see
+    -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default Default key policy>.
+    keyPolicies :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KmsKeyConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'grants', 'kmsKeyConfiguration_grants' - A list of proposed grant configurations for the KMS key. If the proposed
+-- grant configuration is for an existing key, the access preview uses the
+-- proposed list of grant configurations in place of the existing grants.
+-- Otherwise, the access preview uses the existing grants for the key.
+--
+-- 'keyPolicies', 'kmsKeyConfiguration_keyPolicies' - Resource policy configuration for the KMS key. The only valid value for
+-- the name of the key policy is @default@. For more information, see
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default Default key policy>.
+newKmsKeyConfiguration ::
+  KmsKeyConfiguration
+newKmsKeyConfiguration =
+  KmsKeyConfiguration'
+    { grants = Prelude.Nothing,
+      keyPolicies = Prelude.Nothing
+    }
+
+-- | A list of proposed grant configurations for the KMS key. If the proposed
+-- grant configuration is for an existing key, the access preview uses the
+-- proposed list of grant configurations in place of the existing grants.
+-- Otherwise, the access preview uses the existing grants for the key.
+kmsKeyConfiguration_grants :: Lens.Lens' KmsKeyConfiguration (Prelude.Maybe [KmsGrantConfiguration])
+kmsKeyConfiguration_grants = Lens.lens (\KmsKeyConfiguration' {grants} -> grants) (\s@KmsKeyConfiguration' {} a -> s {grants = a} :: KmsKeyConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | Resource policy configuration for the KMS key. The only valid value for
+-- the name of the key policy is @default@. For more information, see
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default Default key policy>.
+kmsKeyConfiguration_keyPolicies :: Lens.Lens' KmsKeyConfiguration (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+kmsKeyConfiguration_keyPolicies = Lens.lens (\KmsKeyConfiguration' {keyPolicies} -> keyPolicies) (\s@KmsKeyConfiguration' {} a -> s {keyPolicies = a} :: KmsKeyConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON KmsKeyConfiguration where
+  parseJSON =
+    Data.withObject
+      "KmsKeyConfiguration"
+      ( \x ->
+          KmsKeyConfiguration'
+            Prelude.<$> (x Data..:? "grants" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "keyPolicies" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable KmsKeyConfiguration where
+  hashWithSalt _salt KmsKeyConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` grants
+      `Prelude.hashWithSalt` keyPolicies
+
+instance Prelude.NFData KmsKeyConfiguration where
+  rnf KmsKeyConfiguration' {..} =
+    Prelude.rnf grants
+      `Prelude.seq` Prelude.rnf keyPolicies
+
+instance Data.ToJSON KmsKeyConfiguration where
+  toJSON KmsKeyConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("grants" Data..=) Prelude.<$> grants,
+            ("keyPolicies" Data..=) Prelude.<$> keyPolicies
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/Locale.hs b/gen/Amazonka/AccessAnalyzer/Types/Locale.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/Locale.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.Locale
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.Locale
+  ( Locale
+      ( ..,
+        Locale_DE,
+        Locale_EN,
+        Locale_ES,
+        Locale_FR,
+        Locale_IT,
+        Locale_JA,
+        Locale_KO,
+        Locale_PT_BR,
+        Locale_ZH_CN,
+        Locale_ZH_TW
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype Locale = Locale' {fromLocale :: Data.Text}
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern Locale_DE :: Locale
+pattern Locale_DE = Locale' "DE"
+
+pattern Locale_EN :: Locale
+pattern Locale_EN = Locale' "EN"
+
+pattern Locale_ES :: Locale
+pattern Locale_ES = Locale' "ES"
+
+pattern Locale_FR :: Locale
+pattern Locale_FR = Locale' "FR"
+
+pattern Locale_IT :: Locale
+pattern Locale_IT = Locale' "IT"
+
+pattern Locale_JA :: Locale
+pattern Locale_JA = Locale' "JA"
+
+pattern Locale_KO :: Locale
+pattern Locale_KO = Locale' "KO"
+
+pattern Locale_PT_BR :: Locale
+pattern Locale_PT_BR = Locale' "PT_BR"
+
+pattern Locale_ZH_CN :: Locale
+pattern Locale_ZH_CN = Locale' "ZH_CN"
+
+pattern Locale_ZH_TW :: Locale
+pattern Locale_ZH_TW = Locale' "ZH_TW"
+
+{-# COMPLETE
+  Locale_DE,
+  Locale_EN,
+  Locale_ES,
+  Locale_FR,
+  Locale_IT,
+  Locale_JA,
+  Locale_KO,
+  Locale_PT_BR,
+  Locale_ZH_CN,
+  Locale_ZH_TW,
+  Locale'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/Location.hs b/gen/Amazonka/AccessAnalyzer/Types/Location.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/Location.hs
@@ -0,0 +1,85 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.Location
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.Location where
+
+import Amazonka.AccessAnalyzer.Types.PathElement
+import Amazonka.AccessAnalyzer.Types.Span
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A location in a policy that is represented as a path through the JSON
+-- representation and a corresponding span.
+--
+-- /See:/ 'newLocation' smart constructor.
+data Location = Location'
+  { -- | A path in a policy, represented as a sequence of path elements.
+    path :: [PathElement],
+    -- | A span in a policy.
+    span :: Span
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Location' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'path', 'location_path' - A path in a policy, represented as a sequence of path elements.
+--
+-- 'span', 'location_span' - A span in a policy.
+newLocation ::
+  -- | 'span'
+  Span ->
+  Location
+newLocation pSpan_ =
+  Location' {path = Prelude.mempty, span = pSpan_}
+
+-- | A path in a policy, represented as a sequence of path elements.
+location_path :: Lens.Lens' Location [PathElement]
+location_path = Lens.lens (\Location' {path} -> path) (\s@Location' {} a -> s {path = a} :: Location) Prelude.. Lens.coerced
+
+-- | A span in a policy.
+location_span :: Lens.Lens' Location Span
+location_span = Lens.lens (\Location' {span} -> span) (\s@Location' {} a -> s {span = a} :: Location)
+
+instance Data.FromJSON Location where
+  parseJSON =
+    Data.withObject
+      "Location"
+      ( \x ->
+          Location'
+            Prelude.<$> (x Data..:? "path" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "span")
+      )
+
+instance Prelude.Hashable Location where
+  hashWithSalt _salt Location' {..} =
+    _salt
+      `Prelude.hashWithSalt` path
+      `Prelude.hashWithSalt` span
+
+instance Prelude.NFData Location where
+  rnf Location' {..} =
+    Prelude.rnf path `Prelude.seq` Prelude.rnf span
diff --git a/gen/Amazonka/AccessAnalyzer/Types/NetworkOriginConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/NetworkOriginConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/NetworkOriginConfiguration.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration where
+
+import Amazonka.AccessAnalyzer.Types.InternetConfiguration
+import Amazonka.AccessAnalyzer.Types.VpcConfiguration
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The proposed @InternetConfiguration@ or @VpcConfiguration@ to apply to
+-- the Amazon S3 access point. @VpcConfiguration@ does not apply to
+-- multi-region access points. You can make the access point accessible
+-- from the internet, or you can specify that all requests made through
+-- that access point must originate from a specific virtual private cloud
+-- (VPC). You can specify only one type of network configuration. For more
+-- information, see
+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html Creating access points>.
+--
+-- /See:/ 'newNetworkOriginConfiguration' smart constructor.
+data NetworkOriginConfiguration = NetworkOriginConfiguration'
+  { -- | The configuration for the Amazon S3 access point or multi-region access
+    -- point with an @Internet@ origin.
+    internetConfiguration :: Prelude.Maybe InternetConfiguration,
+    vpcConfiguration :: Prelude.Maybe VpcConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NetworkOriginConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'internetConfiguration', 'networkOriginConfiguration_internetConfiguration' - The configuration for the Amazon S3 access point or multi-region access
+-- point with an @Internet@ origin.
+--
+-- 'vpcConfiguration', 'networkOriginConfiguration_vpcConfiguration' - Undocumented member.
+newNetworkOriginConfiguration ::
+  NetworkOriginConfiguration
+newNetworkOriginConfiguration =
+  NetworkOriginConfiguration'
+    { internetConfiguration =
+        Prelude.Nothing,
+      vpcConfiguration = Prelude.Nothing
+    }
+
+-- | The configuration for the Amazon S3 access point or multi-region access
+-- point with an @Internet@ origin.
+networkOriginConfiguration_internetConfiguration :: Lens.Lens' NetworkOriginConfiguration (Prelude.Maybe InternetConfiguration)
+networkOriginConfiguration_internetConfiguration = Lens.lens (\NetworkOriginConfiguration' {internetConfiguration} -> internetConfiguration) (\s@NetworkOriginConfiguration' {} a -> s {internetConfiguration = a} :: NetworkOriginConfiguration)
+
+-- | Undocumented member.
+networkOriginConfiguration_vpcConfiguration :: Lens.Lens' NetworkOriginConfiguration (Prelude.Maybe VpcConfiguration)
+networkOriginConfiguration_vpcConfiguration = Lens.lens (\NetworkOriginConfiguration' {vpcConfiguration} -> vpcConfiguration) (\s@NetworkOriginConfiguration' {} a -> s {vpcConfiguration = a} :: NetworkOriginConfiguration)
+
+instance Data.FromJSON NetworkOriginConfiguration where
+  parseJSON =
+    Data.withObject
+      "NetworkOriginConfiguration"
+      ( \x ->
+          NetworkOriginConfiguration'
+            Prelude.<$> (x Data..:? "internetConfiguration")
+            Prelude.<*> (x Data..:? "vpcConfiguration")
+      )
+
+instance Prelude.Hashable NetworkOriginConfiguration where
+  hashWithSalt _salt NetworkOriginConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` internetConfiguration
+      `Prelude.hashWithSalt` vpcConfiguration
+
+instance Prelude.NFData NetworkOriginConfiguration where
+  rnf NetworkOriginConfiguration' {..} =
+    Prelude.rnf internetConfiguration
+      `Prelude.seq` Prelude.rnf vpcConfiguration
+
+instance Data.ToJSON NetworkOriginConfiguration where
+  toJSON NetworkOriginConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("internetConfiguration" Data..=)
+              Prelude.<$> internetConfiguration,
+            ("vpcConfiguration" Data..=)
+              Prelude.<$> vpcConfiguration
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/OrderBy.hs b/gen/Amazonka/AccessAnalyzer/Types/OrderBy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/OrderBy.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.OrderBy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.OrderBy
+  ( OrderBy
+      ( ..,
+        OrderBy_ASC,
+        OrderBy_DESC
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype OrderBy = OrderBy' {fromOrderBy :: Data.Text}
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern OrderBy_ASC :: OrderBy
+pattern OrderBy_ASC = OrderBy' "ASC"
+
+pattern OrderBy_DESC :: OrderBy
+pattern OrderBy_DESC = OrderBy' "DESC"
+
+{-# COMPLETE
+  OrderBy_ASC,
+  OrderBy_DESC,
+  OrderBy'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/PathElement.hs b/gen/Amazonka/AccessAnalyzer/Types/PathElement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/PathElement.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.PathElement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.PathElement where
+
+import Amazonka.AccessAnalyzer.Types.Substring
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A single element in a path through the JSON representation of a policy.
+--
+-- /See:/ 'newPathElement' smart constructor.
+data PathElement = PathElement'
+  { -- | Refers to an index in a JSON array.
+    index :: Prelude.Maybe Prelude.Int,
+    -- | Refers to a key in a JSON object.
+    key :: Prelude.Maybe Prelude.Text,
+    -- | Refers to a substring of a literal string in a JSON object.
+    substring :: Prelude.Maybe Substring,
+    -- | Refers to the value associated with a given key in a JSON object.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PathElement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'index', 'pathElement_index' - Refers to an index in a JSON array.
+--
+-- 'key', 'pathElement_key' - Refers to a key in a JSON object.
+--
+-- 'substring', 'pathElement_substring' - Refers to a substring of a literal string in a JSON object.
+--
+-- 'value', 'pathElement_value' - Refers to the value associated with a given key in a JSON object.
+newPathElement ::
+  PathElement
+newPathElement =
+  PathElement'
+    { index = Prelude.Nothing,
+      key = Prelude.Nothing,
+      substring = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | Refers to an index in a JSON array.
+pathElement_index :: Lens.Lens' PathElement (Prelude.Maybe Prelude.Int)
+pathElement_index = Lens.lens (\PathElement' {index} -> index) (\s@PathElement' {} a -> s {index = a} :: PathElement)
+
+-- | Refers to a key in a JSON object.
+pathElement_key :: Lens.Lens' PathElement (Prelude.Maybe Prelude.Text)
+pathElement_key = Lens.lens (\PathElement' {key} -> key) (\s@PathElement' {} a -> s {key = a} :: PathElement)
+
+-- | Refers to a substring of a literal string in a JSON object.
+pathElement_substring :: Lens.Lens' PathElement (Prelude.Maybe Substring)
+pathElement_substring = Lens.lens (\PathElement' {substring} -> substring) (\s@PathElement' {} a -> s {substring = a} :: PathElement)
+
+-- | Refers to the value associated with a given key in a JSON object.
+pathElement_value :: Lens.Lens' PathElement (Prelude.Maybe Prelude.Text)
+pathElement_value = Lens.lens (\PathElement' {value} -> value) (\s@PathElement' {} a -> s {value = a} :: PathElement)
+
+instance Data.FromJSON PathElement where
+  parseJSON =
+    Data.withObject
+      "PathElement"
+      ( \x ->
+          PathElement'
+            Prelude.<$> (x Data..:? "index")
+            Prelude.<*> (x Data..:? "key")
+            Prelude.<*> (x Data..:? "substring")
+            Prelude.<*> (x Data..:? "value")
+      )
+
+instance Prelude.Hashable PathElement where
+  hashWithSalt _salt PathElement' {..} =
+    _salt
+      `Prelude.hashWithSalt` index
+      `Prelude.hashWithSalt` key
+      `Prelude.hashWithSalt` substring
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData PathElement where
+  rnf PathElement' {..} =
+    Prelude.rnf index
+      `Prelude.seq` Prelude.rnf key
+      `Prelude.seq` Prelude.rnf substring
+      `Prelude.seq` Prelude.rnf value
diff --git a/gen/Amazonka/AccessAnalyzer/Types/PolicyGeneration.hs b/gen/Amazonka/AccessAnalyzer/Types/PolicyGeneration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/PolicyGeneration.hs
@@ -0,0 +1,145 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.PolicyGeneration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.PolicyGeneration where
+
+import Amazonka.AccessAnalyzer.Types.JobStatus
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains details about the policy generation status and properties.
+--
+-- /See:/ 'newPolicyGeneration' smart constructor.
+data PolicyGeneration = PolicyGeneration'
+  { -- | A timestamp of when the policy generation was completed.
+    completedOn :: Prelude.Maybe Data.ISO8601,
+    -- | The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+    -- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+    -- generated policies or used with @CancelPolicyGeneration@ to cancel the
+    -- policy generation request.
+    jobId :: Prelude.Text,
+    -- | The ARN of the IAM entity (user or role) for which you are generating a
+    -- policy.
+    principalArn :: Prelude.Text,
+    -- | The status of the policy generation request.
+    status :: JobStatus,
+    -- | A timestamp of when the policy generation started.
+    startedOn :: Data.ISO8601
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PolicyGeneration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'completedOn', 'policyGeneration_completedOn' - A timestamp of when the policy generation was completed.
+--
+-- 'jobId', 'policyGeneration_jobId' - The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+-- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+-- generated policies or used with @CancelPolicyGeneration@ to cancel the
+-- policy generation request.
+--
+-- 'principalArn', 'policyGeneration_principalArn' - The ARN of the IAM entity (user or role) for which you are generating a
+-- policy.
+--
+-- 'status', 'policyGeneration_status' - The status of the policy generation request.
+--
+-- 'startedOn', 'policyGeneration_startedOn' - A timestamp of when the policy generation started.
+newPolicyGeneration ::
+  -- | 'jobId'
+  Prelude.Text ->
+  -- | 'principalArn'
+  Prelude.Text ->
+  -- | 'status'
+  JobStatus ->
+  -- | 'startedOn'
+  Prelude.UTCTime ->
+  PolicyGeneration
+newPolicyGeneration
+  pJobId_
+  pPrincipalArn_
+  pStatus_
+  pStartedOn_ =
+    PolicyGeneration'
+      { completedOn = Prelude.Nothing,
+        jobId = pJobId_,
+        principalArn = pPrincipalArn_,
+        status = pStatus_,
+        startedOn = Data._Time Lens.# pStartedOn_
+      }
+
+-- | A timestamp of when the policy generation was completed.
+policyGeneration_completedOn :: Lens.Lens' PolicyGeneration (Prelude.Maybe Prelude.UTCTime)
+policyGeneration_completedOn = Lens.lens (\PolicyGeneration' {completedOn} -> completedOn) (\s@PolicyGeneration' {} a -> s {completedOn = a} :: PolicyGeneration) Prelude.. Lens.mapping Data._Time
+
+-- | The @JobId@ that is returned by the @StartPolicyGeneration@ operation.
+-- The @JobId@ can be used with @GetGeneratedPolicy@ to retrieve the
+-- generated policies or used with @CancelPolicyGeneration@ to cancel the
+-- policy generation request.
+policyGeneration_jobId :: Lens.Lens' PolicyGeneration Prelude.Text
+policyGeneration_jobId = Lens.lens (\PolicyGeneration' {jobId} -> jobId) (\s@PolicyGeneration' {} a -> s {jobId = a} :: PolicyGeneration)
+
+-- | The ARN of the IAM entity (user or role) for which you are generating a
+-- policy.
+policyGeneration_principalArn :: Lens.Lens' PolicyGeneration Prelude.Text
+policyGeneration_principalArn = Lens.lens (\PolicyGeneration' {principalArn} -> principalArn) (\s@PolicyGeneration' {} a -> s {principalArn = a} :: PolicyGeneration)
+
+-- | The status of the policy generation request.
+policyGeneration_status :: Lens.Lens' PolicyGeneration JobStatus
+policyGeneration_status = Lens.lens (\PolicyGeneration' {status} -> status) (\s@PolicyGeneration' {} a -> s {status = a} :: PolicyGeneration)
+
+-- | A timestamp of when the policy generation started.
+policyGeneration_startedOn :: Lens.Lens' PolicyGeneration Prelude.UTCTime
+policyGeneration_startedOn = Lens.lens (\PolicyGeneration' {startedOn} -> startedOn) (\s@PolicyGeneration' {} a -> s {startedOn = a} :: PolicyGeneration) Prelude.. Data._Time
+
+instance Data.FromJSON PolicyGeneration where
+  parseJSON =
+    Data.withObject
+      "PolicyGeneration"
+      ( \x ->
+          PolicyGeneration'
+            Prelude.<$> (x Data..:? "completedOn")
+            Prelude.<*> (x Data..: "jobId")
+            Prelude.<*> (x Data..: "principalArn")
+            Prelude.<*> (x Data..: "status")
+            Prelude.<*> (x Data..: "startedOn")
+      )
+
+instance Prelude.Hashable PolicyGeneration where
+  hashWithSalt _salt PolicyGeneration' {..} =
+    _salt
+      `Prelude.hashWithSalt` completedOn
+      `Prelude.hashWithSalt` jobId
+      `Prelude.hashWithSalt` principalArn
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` startedOn
+
+instance Prelude.NFData PolicyGeneration where
+  rnf PolicyGeneration' {..} =
+    Prelude.rnf completedOn
+      `Prelude.seq` Prelude.rnf jobId
+      `Prelude.seq` Prelude.rnf principalArn
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf startedOn
diff --git a/gen/Amazonka/AccessAnalyzer/Types/PolicyGenerationDetails.hs b/gen/Amazonka/AccessAnalyzer/Types/PolicyGenerationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/PolicyGenerationDetails.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.PolicyGenerationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the ARN details about the IAM entity for which the policy is
+-- generated.
+--
+-- /See:/ 'newPolicyGenerationDetails' smart constructor.
+data PolicyGenerationDetails = PolicyGenerationDetails'
+  { -- | The ARN of the IAM entity (user or role) for which you are generating a
+    -- policy.
+    principalArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PolicyGenerationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'principalArn', 'policyGenerationDetails_principalArn' - The ARN of the IAM entity (user or role) for which you are generating a
+-- policy.
+newPolicyGenerationDetails ::
+  -- | 'principalArn'
+  Prelude.Text ->
+  PolicyGenerationDetails
+newPolicyGenerationDetails pPrincipalArn_ =
+  PolicyGenerationDetails'
+    { principalArn =
+        pPrincipalArn_
+    }
+
+-- | The ARN of the IAM entity (user or role) for which you are generating a
+-- policy.
+policyGenerationDetails_principalArn :: Lens.Lens' PolicyGenerationDetails Prelude.Text
+policyGenerationDetails_principalArn = Lens.lens (\PolicyGenerationDetails' {principalArn} -> principalArn) (\s@PolicyGenerationDetails' {} a -> s {principalArn = a} :: PolicyGenerationDetails)
+
+instance Prelude.Hashable PolicyGenerationDetails where
+  hashWithSalt _salt PolicyGenerationDetails' {..} =
+    _salt `Prelude.hashWithSalt` principalArn
+
+instance Prelude.NFData PolicyGenerationDetails where
+  rnf PolicyGenerationDetails' {..} =
+    Prelude.rnf principalArn
+
+instance Data.ToJSON PolicyGenerationDetails where
+  toJSON PolicyGenerationDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("principalArn" Data..= principalArn)]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/PolicyType.hs b/gen/Amazonka/AccessAnalyzer/Types/PolicyType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/PolicyType.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.PolicyType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.PolicyType
+  ( PolicyType
+      ( ..,
+        PolicyType_IDENTITY_POLICY,
+        PolicyType_RESOURCE_POLICY,
+        PolicyType_SERVICE_CONTROL_POLICY
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype PolicyType = PolicyType'
+  { fromPolicyType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern PolicyType_IDENTITY_POLICY :: PolicyType
+pattern PolicyType_IDENTITY_POLICY = PolicyType' "IDENTITY_POLICY"
+
+pattern PolicyType_RESOURCE_POLICY :: PolicyType
+pattern PolicyType_RESOURCE_POLICY = PolicyType' "RESOURCE_POLICY"
+
+pattern PolicyType_SERVICE_CONTROL_POLICY :: PolicyType
+pattern PolicyType_SERVICE_CONTROL_POLICY = PolicyType' "SERVICE_CONTROL_POLICY"
+
+{-# COMPLETE
+  PolicyType_IDENTITY_POLICY,
+  PolicyType_RESOURCE_POLICY,
+  PolicyType_SERVICE_CONTROL_POLICY,
+  PolicyType'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/Position.hs b/gen/Amazonka/AccessAnalyzer/Types/Position.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/Position.hs
@@ -0,0 +1,105 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.Position
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.Position where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A position in a policy.
+--
+-- /See:/ 'newPosition' smart constructor.
+data Position = Position'
+  { -- | The line of the position, starting from 1.
+    line :: Prelude.Int,
+    -- | The column of the position, starting from 0.
+    column :: Prelude.Int,
+    -- | The offset within the policy that corresponds to the position, starting
+    -- from 0.
+    offset :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Position' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'line', 'position_line' - The line of the position, starting from 1.
+--
+-- 'column', 'position_column' - The column of the position, starting from 0.
+--
+-- 'offset', 'position_offset' - The offset within the policy that corresponds to the position, starting
+-- from 0.
+newPosition ::
+  -- | 'line'
+  Prelude.Int ->
+  -- | 'column'
+  Prelude.Int ->
+  -- | 'offset'
+  Prelude.Int ->
+  Position
+newPosition pLine_ pColumn_ pOffset_ =
+  Position'
+    { line = pLine_,
+      column = pColumn_,
+      offset = pOffset_
+    }
+
+-- | The line of the position, starting from 1.
+position_line :: Lens.Lens' Position Prelude.Int
+position_line = Lens.lens (\Position' {line} -> line) (\s@Position' {} a -> s {line = a} :: Position)
+
+-- | The column of the position, starting from 0.
+position_column :: Lens.Lens' Position Prelude.Int
+position_column = Lens.lens (\Position' {column} -> column) (\s@Position' {} a -> s {column = a} :: Position)
+
+-- | The offset within the policy that corresponds to the position, starting
+-- from 0.
+position_offset :: Lens.Lens' Position Prelude.Int
+position_offset = Lens.lens (\Position' {offset} -> offset) (\s@Position' {} a -> s {offset = a} :: Position)
+
+instance Data.FromJSON Position where
+  parseJSON =
+    Data.withObject
+      "Position"
+      ( \x ->
+          Position'
+            Prelude.<$> (x Data..: "line")
+            Prelude.<*> (x Data..: "column")
+            Prelude.<*> (x Data..: "offset")
+      )
+
+instance Prelude.Hashable Position where
+  hashWithSalt _salt Position' {..} =
+    _salt
+      `Prelude.hashWithSalt` line
+      `Prelude.hashWithSalt` column
+      `Prelude.hashWithSalt` offset
+
+instance Prelude.NFData Position where
+  rnf Position' {..} =
+    Prelude.rnf line
+      `Prelude.seq` Prelude.rnf column
+      `Prelude.seq` Prelude.rnf offset
diff --git a/gen/Amazonka/AccessAnalyzer/Types/RdsDbClusterSnapshotAttributeValue.hs b/gen/Amazonka/AccessAnalyzer/Types/RdsDbClusterSnapshotAttributeValue.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/RdsDbClusterSnapshotAttributeValue.hs
@@ -0,0 +1,144 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The values for a manual Amazon RDS DB cluster snapshot attribute.
+--
+-- /See:/ 'newRdsDbClusterSnapshotAttributeValue' smart constructor.
+data RdsDbClusterSnapshotAttributeValue = RdsDbClusterSnapshotAttributeValue'
+  { -- | The Amazon Web Services account IDs that have access to the manual
+    -- Amazon RDS DB cluster snapshot. If the value @all@ is specified, then
+    -- the Amazon RDS DB cluster snapshot is public and can be copied or
+    -- restored by all Amazon Web Services accounts.
+    --
+    -- -   If the configuration is for an existing Amazon RDS DB cluster
+    --     snapshot and you do not specify the @accountIds@ in
+    --     @RdsDbClusterSnapshotAttributeValue@, then the access preview uses
+    --     the existing shared @accountIds@ for the snapshot.
+    --
+    -- -   If the access preview is for a new resource and you do not specify
+    --     the specify the @accountIds@ in
+    --     @RdsDbClusterSnapshotAttributeValue@, then the access preview
+    --     considers the snapshot without any attributes.
+    --
+    -- -   To propose deletion of existing shared @accountIds@, you can specify
+    --     an empty list for @accountIds@ in the
+    --     @RdsDbClusterSnapshotAttributeValue@.
+    accountIds :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RdsDbClusterSnapshotAttributeValue' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'rdsDbClusterSnapshotAttributeValue_accountIds' - The Amazon Web Services account IDs that have access to the manual
+-- Amazon RDS DB cluster snapshot. If the value @all@ is specified, then
+-- the Amazon RDS DB cluster snapshot is public and can be copied or
+-- restored by all Amazon Web Services accounts.
+--
+-- -   If the configuration is for an existing Amazon RDS DB cluster
+--     snapshot and you do not specify the @accountIds@ in
+--     @RdsDbClusterSnapshotAttributeValue@, then the access preview uses
+--     the existing shared @accountIds@ for the snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the specify the @accountIds@ in
+--     @RdsDbClusterSnapshotAttributeValue@, then the access preview
+--     considers the snapshot without any attributes.
+--
+-- -   To propose deletion of existing shared @accountIds@, you can specify
+--     an empty list for @accountIds@ in the
+--     @RdsDbClusterSnapshotAttributeValue@.
+newRdsDbClusterSnapshotAttributeValue ::
+  RdsDbClusterSnapshotAttributeValue
+newRdsDbClusterSnapshotAttributeValue =
+  RdsDbClusterSnapshotAttributeValue'
+    { accountIds =
+        Prelude.Nothing
+    }
+
+-- | The Amazon Web Services account IDs that have access to the manual
+-- Amazon RDS DB cluster snapshot. If the value @all@ is specified, then
+-- the Amazon RDS DB cluster snapshot is public and can be copied or
+-- restored by all Amazon Web Services accounts.
+--
+-- -   If the configuration is for an existing Amazon RDS DB cluster
+--     snapshot and you do not specify the @accountIds@ in
+--     @RdsDbClusterSnapshotAttributeValue@, then the access preview uses
+--     the existing shared @accountIds@ for the snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the specify the @accountIds@ in
+--     @RdsDbClusterSnapshotAttributeValue@, then the access preview
+--     considers the snapshot without any attributes.
+--
+-- -   To propose deletion of existing shared @accountIds@, you can specify
+--     an empty list for @accountIds@ in the
+--     @RdsDbClusterSnapshotAttributeValue@.
+rdsDbClusterSnapshotAttributeValue_accountIds :: Lens.Lens' RdsDbClusterSnapshotAttributeValue (Prelude.Maybe [Prelude.Text])
+rdsDbClusterSnapshotAttributeValue_accountIds = Lens.lens (\RdsDbClusterSnapshotAttributeValue' {accountIds} -> accountIds) (\s@RdsDbClusterSnapshotAttributeValue' {} a -> s {accountIds = a} :: RdsDbClusterSnapshotAttributeValue) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    RdsDbClusterSnapshotAttributeValue
+  where
+  parseJSON =
+    Data.withObject
+      "RdsDbClusterSnapshotAttributeValue"
+      ( \x ->
+          RdsDbClusterSnapshotAttributeValue'
+            Prelude.<$> (x Data..:? "accountIds" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    RdsDbClusterSnapshotAttributeValue
+  where
+  hashWithSalt
+    _salt
+    RdsDbClusterSnapshotAttributeValue' {..} =
+      _salt `Prelude.hashWithSalt` accountIds
+
+instance
+  Prelude.NFData
+    RdsDbClusterSnapshotAttributeValue
+  where
+  rnf RdsDbClusterSnapshotAttributeValue' {..} =
+    Prelude.rnf accountIds
+
+instance
+  Data.ToJSON
+    RdsDbClusterSnapshotAttributeValue
+  where
+  toJSON RdsDbClusterSnapshotAttributeValue' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("accountIds" Data..=) Prelude.<$> accountIds]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/RdsDbClusterSnapshotConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/RdsDbClusterSnapshotConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/RdsDbClusterSnapshotConfiguration.hs
@@ -0,0 +1,156 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotConfiguration where
+
+import Amazonka.AccessAnalyzer.Types.RdsDbClusterSnapshotAttributeValue
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The proposed access control configuration for an Amazon RDS DB cluster
+-- snapshot. You can propose a configuration for a new Amazon RDS DB
+-- cluster snapshot or an Amazon RDS DB cluster snapshot that you own by
+-- specifying the @RdsDbClusterSnapshotAttributeValue@ and optional KMS
+-- encryption key. For more information, see
+-- <https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html ModifyDBClusterSnapshotAttribute>.
+--
+-- /See:/ 'newRdsDbClusterSnapshotConfiguration' smart constructor.
+data RdsDbClusterSnapshotConfiguration = RdsDbClusterSnapshotConfiguration'
+  { -- | The names and values of manual DB cluster snapshot attributes. Manual DB
+    -- cluster snapshot attributes are used to authorize other Amazon Web
+    -- Services accounts to restore a manual DB cluster snapshot. The only
+    -- valid value for @AttributeName@ for the attribute map is @restore@
+    attributes :: Prelude.Maybe (Prelude.HashMap Prelude.Text RdsDbClusterSnapshotAttributeValue),
+    -- | The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot.
+    -- The KMS key identifier is the key ARN, key ID, alias ARN, or alias name
+    -- for the KMS key.
+    --
+    -- -   If the configuration is for an existing Amazon RDS DB cluster
+    --     snapshot and you do not specify the @kmsKeyId@, or you specify an
+    --     empty string, then the access preview uses the existing @kmsKeyId@
+    --     of the snapshot.
+    --
+    -- -   If the access preview is for a new resource and you do not specify
+    --     the specify the @kmsKeyId@, then the access preview considers the
+    --     snapshot as unencrypted.
+    kmsKeyId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RdsDbClusterSnapshotConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attributes', 'rdsDbClusterSnapshotConfiguration_attributes' - The names and values of manual DB cluster snapshot attributes. Manual DB
+-- cluster snapshot attributes are used to authorize other Amazon Web
+-- Services accounts to restore a manual DB cluster snapshot. The only
+-- valid value for @AttributeName@ for the attribute map is @restore@
+--
+-- 'kmsKeyId', 'rdsDbClusterSnapshotConfiguration_kmsKeyId' - The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot.
+-- The KMS key identifier is the key ARN, key ID, alias ARN, or alias name
+-- for the KMS key.
+--
+-- -   If the configuration is for an existing Amazon RDS DB cluster
+--     snapshot and you do not specify the @kmsKeyId@, or you specify an
+--     empty string, then the access preview uses the existing @kmsKeyId@
+--     of the snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the specify the @kmsKeyId@, then the access preview considers the
+--     snapshot as unencrypted.
+newRdsDbClusterSnapshotConfiguration ::
+  RdsDbClusterSnapshotConfiguration
+newRdsDbClusterSnapshotConfiguration =
+  RdsDbClusterSnapshotConfiguration'
+    { attributes =
+        Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing
+    }
+
+-- | The names and values of manual DB cluster snapshot attributes. Manual DB
+-- cluster snapshot attributes are used to authorize other Amazon Web
+-- Services accounts to restore a manual DB cluster snapshot. The only
+-- valid value for @AttributeName@ for the attribute map is @restore@
+rdsDbClusterSnapshotConfiguration_attributes :: Lens.Lens' RdsDbClusterSnapshotConfiguration (Prelude.Maybe (Prelude.HashMap Prelude.Text RdsDbClusterSnapshotAttributeValue))
+rdsDbClusterSnapshotConfiguration_attributes = Lens.lens (\RdsDbClusterSnapshotConfiguration' {attributes} -> attributes) (\s@RdsDbClusterSnapshotConfiguration' {} a -> s {attributes = a} :: RdsDbClusterSnapshotConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot.
+-- The KMS key identifier is the key ARN, key ID, alias ARN, or alias name
+-- for the KMS key.
+--
+-- -   If the configuration is for an existing Amazon RDS DB cluster
+--     snapshot and you do not specify the @kmsKeyId@, or you specify an
+--     empty string, then the access preview uses the existing @kmsKeyId@
+--     of the snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the specify the @kmsKeyId@, then the access preview considers the
+--     snapshot as unencrypted.
+rdsDbClusterSnapshotConfiguration_kmsKeyId :: Lens.Lens' RdsDbClusterSnapshotConfiguration (Prelude.Maybe Prelude.Text)
+rdsDbClusterSnapshotConfiguration_kmsKeyId = Lens.lens (\RdsDbClusterSnapshotConfiguration' {kmsKeyId} -> kmsKeyId) (\s@RdsDbClusterSnapshotConfiguration' {} a -> s {kmsKeyId = a} :: RdsDbClusterSnapshotConfiguration)
+
+instance
+  Data.FromJSON
+    RdsDbClusterSnapshotConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "RdsDbClusterSnapshotConfiguration"
+      ( \x ->
+          RdsDbClusterSnapshotConfiguration'
+            Prelude.<$> (x Data..:? "attributes" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "kmsKeyId")
+      )
+
+instance
+  Prelude.Hashable
+    RdsDbClusterSnapshotConfiguration
+  where
+  hashWithSalt
+    _salt
+    RdsDbClusterSnapshotConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` attributes
+        `Prelude.hashWithSalt` kmsKeyId
+
+instance
+  Prelude.NFData
+    RdsDbClusterSnapshotConfiguration
+  where
+  rnf RdsDbClusterSnapshotConfiguration' {..} =
+    Prelude.rnf attributes
+      `Prelude.seq` Prelude.rnf kmsKeyId
+
+instance
+  Data.ToJSON
+    RdsDbClusterSnapshotConfiguration
+  where
+  toJSON RdsDbClusterSnapshotConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("attributes" Data..=) Prelude.<$> attributes,
+            ("kmsKeyId" Data..=) Prelude.<$> kmsKeyId
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/RdsDbSnapshotAttributeValue.hs b/gen/Amazonka/AccessAnalyzer/Types/RdsDbSnapshotAttributeValue.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/RdsDbSnapshotAttributeValue.hs
@@ -0,0 +1,129 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The name and values of a manual Amazon RDS DB snapshot attribute. Manual
+-- DB snapshot attributes are used to authorize other Amazon Web Services
+-- accounts to restore a manual DB snapshot.
+--
+-- /See:/ 'newRdsDbSnapshotAttributeValue' smart constructor.
+data RdsDbSnapshotAttributeValue = RdsDbSnapshotAttributeValue'
+  { -- | The Amazon Web Services account IDs that have access to the manual
+    -- Amazon RDS DB snapshot. If the value @all@ is specified, then the Amazon
+    -- RDS DB snapshot is public and can be copied or restored by all Amazon
+    -- Web Services accounts.
+    --
+    -- -   If the configuration is for an existing Amazon RDS DB snapshot and
+    --     you do not specify the @accountIds@ in
+    --     @RdsDbSnapshotAttributeValue@, then the access preview uses the
+    --     existing shared @accountIds@ for the snapshot.
+    --
+    -- -   If the access preview is for a new resource and you do not specify
+    --     the specify the @accountIds@ in @RdsDbSnapshotAttributeValue@, then
+    --     the access preview considers the snapshot without any attributes.
+    --
+    -- -   To propose deletion of an existing shared @accountIds@, you can
+    --     specify an empty list for @accountIds@ in the
+    --     @RdsDbSnapshotAttributeValue@.
+    accountIds :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RdsDbSnapshotAttributeValue' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'rdsDbSnapshotAttributeValue_accountIds' - The Amazon Web Services account IDs that have access to the manual
+-- Amazon RDS DB snapshot. If the value @all@ is specified, then the Amazon
+-- RDS DB snapshot is public and can be copied or restored by all Amazon
+-- Web Services accounts.
+--
+-- -   If the configuration is for an existing Amazon RDS DB snapshot and
+--     you do not specify the @accountIds@ in
+--     @RdsDbSnapshotAttributeValue@, then the access preview uses the
+--     existing shared @accountIds@ for the snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the specify the @accountIds@ in @RdsDbSnapshotAttributeValue@, then
+--     the access preview considers the snapshot without any attributes.
+--
+-- -   To propose deletion of an existing shared @accountIds@, you can
+--     specify an empty list for @accountIds@ in the
+--     @RdsDbSnapshotAttributeValue@.
+newRdsDbSnapshotAttributeValue ::
+  RdsDbSnapshotAttributeValue
+newRdsDbSnapshotAttributeValue =
+  RdsDbSnapshotAttributeValue'
+    { accountIds =
+        Prelude.Nothing
+    }
+
+-- | The Amazon Web Services account IDs that have access to the manual
+-- Amazon RDS DB snapshot. If the value @all@ is specified, then the Amazon
+-- RDS DB snapshot is public and can be copied or restored by all Amazon
+-- Web Services accounts.
+--
+-- -   If the configuration is for an existing Amazon RDS DB snapshot and
+--     you do not specify the @accountIds@ in
+--     @RdsDbSnapshotAttributeValue@, then the access preview uses the
+--     existing shared @accountIds@ for the snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the specify the @accountIds@ in @RdsDbSnapshotAttributeValue@, then
+--     the access preview considers the snapshot without any attributes.
+--
+-- -   To propose deletion of an existing shared @accountIds@, you can
+--     specify an empty list for @accountIds@ in the
+--     @RdsDbSnapshotAttributeValue@.
+rdsDbSnapshotAttributeValue_accountIds :: Lens.Lens' RdsDbSnapshotAttributeValue (Prelude.Maybe [Prelude.Text])
+rdsDbSnapshotAttributeValue_accountIds = Lens.lens (\RdsDbSnapshotAttributeValue' {accountIds} -> accountIds) (\s@RdsDbSnapshotAttributeValue' {} a -> s {accountIds = a} :: RdsDbSnapshotAttributeValue) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON RdsDbSnapshotAttributeValue where
+  parseJSON =
+    Data.withObject
+      "RdsDbSnapshotAttributeValue"
+      ( \x ->
+          RdsDbSnapshotAttributeValue'
+            Prelude.<$> (x Data..:? "accountIds" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable RdsDbSnapshotAttributeValue where
+  hashWithSalt _salt RdsDbSnapshotAttributeValue' {..} =
+    _salt `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData RdsDbSnapshotAttributeValue where
+  rnf RdsDbSnapshotAttributeValue' {..} =
+    Prelude.rnf accountIds
+
+instance Data.ToJSON RdsDbSnapshotAttributeValue where
+  toJSON RdsDbSnapshotAttributeValue' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("accountIds" Data..=) Prelude.<$> accountIds]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/RdsDbSnapshotConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/RdsDbSnapshotConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/RdsDbSnapshotConfiguration.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.RdsDbSnapshotConfiguration where
+
+import Amazonka.AccessAnalyzer.Types.RdsDbSnapshotAttributeValue
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The proposed access control configuration for an Amazon RDS DB snapshot.
+-- You can propose a configuration for a new Amazon RDS DB snapshot or an
+-- Amazon RDS DB snapshot that you own by specifying the
+-- @RdsDbSnapshotAttributeValue@ and optional KMS encryption key. For more
+-- information, see
+-- <https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html ModifyDBSnapshotAttribute>.
+--
+-- /See:/ 'newRdsDbSnapshotConfiguration' smart constructor.
+data RdsDbSnapshotConfiguration = RdsDbSnapshotConfiguration'
+  { -- | The names and values of manual DB snapshot attributes. Manual DB
+    -- snapshot attributes are used to authorize other Amazon Web Services
+    -- accounts to restore a manual DB snapshot. The only valid value for
+    -- @attributeName@ for the attribute map is restore.
+    attributes :: Prelude.Maybe (Prelude.HashMap Prelude.Text RdsDbSnapshotAttributeValue),
+    -- | The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS
+    -- key identifier is the key ARN, key ID, alias ARN, or alias name for the
+    -- KMS key.
+    --
+    -- -   If the configuration is for an existing Amazon RDS DB snapshot and
+    --     you do not specify the @kmsKeyId@, or you specify an empty string,
+    --     then the access preview uses the existing @kmsKeyId@ of the
+    --     snapshot.
+    --
+    -- -   If the access preview is for a new resource and you do not specify
+    --     the specify the @kmsKeyId@, then the access preview considers the
+    --     snapshot as unencrypted.
+    kmsKeyId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RdsDbSnapshotConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attributes', 'rdsDbSnapshotConfiguration_attributes' - The names and values of manual DB snapshot attributes. Manual DB
+-- snapshot attributes are used to authorize other Amazon Web Services
+-- accounts to restore a manual DB snapshot. The only valid value for
+-- @attributeName@ for the attribute map is restore.
+--
+-- 'kmsKeyId', 'rdsDbSnapshotConfiguration_kmsKeyId' - The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS
+-- key identifier is the key ARN, key ID, alias ARN, or alias name for the
+-- KMS key.
+--
+-- -   If the configuration is for an existing Amazon RDS DB snapshot and
+--     you do not specify the @kmsKeyId@, or you specify an empty string,
+--     then the access preview uses the existing @kmsKeyId@ of the
+--     snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the specify the @kmsKeyId@, then the access preview considers the
+--     snapshot as unencrypted.
+newRdsDbSnapshotConfiguration ::
+  RdsDbSnapshotConfiguration
+newRdsDbSnapshotConfiguration =
+  RdsDbSnapshotConfiguration'
+    { attributes =
+        Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing
+    }
+
+-- | The names and values of manual DB snapshot attributes. Manual DB
+-- snapshot attributes are used to authorize other Amazon Web Services
+-- accounts to restore a manual DB snapshot. The only valid value for
+-- @attributeName@ for the attribute map is restore.
+rdsDbSnapshotConfiguration_attributes :: Lens.Lens' RdsDbSnapshotConfiguration (Prelude.Maybe (Prelude.HashMap Prelude.Text RdsDbSnapshotAttributeValue))
+rdsDbSnapshotConfiguration_attributes = Lens.lens (\RdsDbSnapshotConfiguration' {attributes} -> attributes) (\s@RdsDbSnapshotConfiguration' {} a -> s {attributes = a} :: RdsDbSnapshotConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS
+-- key identifier is the key ARN, key ID, alias ARN, or alias name for the
+-- KMS key.
+--
+-- -   If the configuration is for an existing Amazon RDS DB snapshot and
+--     you do not specify the @kmsKeyId@, or you specify an empty string,
+--     then the access preview uses the existing @kmsKeyId@ of the
+--     snapshot.
+--
+-- -   If the access preview is for a new resource and you do not specify
+--     the specify the @kmsKeyId@, then the access preview considers the
+--     snapshot as unencrypted.
+rdsDbSnapshotConfiguration_kmsKeyId :: Lens.Lens' RdsDbSnapshotConfiguration (Prelude.Maybe Prelude.Text)
+rdsDbSnapshotConfiguration_kmsKeyId = Lens.lens (\RdsDbSnapshotConfiguration' {kmsKeyId} -> kmsKeyId) (\s@RdsDbSnapshotConfiguration' {} a -> s {kmsKeyId = a} :: RdsDbSnapshotConfiguration)
+
+instance Data.FromJSON RdsDbSnapshotConfiguration where
+  parseJSON =
+    Data.withObject
+      "RdsDbSnapshotConfiguration"
+      ( \x ->
+          RdsDbSnapshotConfiguration'
+            Prelude.<$> (x Data..:? "attributes" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "kmsKeyId")
+      )
+
+instance Prelude.Hashable RdsDbSnapshotConfiguration where
+  hashWithSalt _salt RdsDbSnapshotConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` attributes
+      `Prelude.hashWithSalt` kmsKeyId
+
+instance Prelude.NFData RdsDbSnapshotConfiguration where
+  rnf RdsDbSnapshotConfiguration' {..} =
+    Prelude.rnf attributes
+      `Prelude.seq` Prelude.rnf kmsKeyId
+
+instance Data.ToJSON RdsDbSnapshotConfiguration where
+  toJSON RdsDbSnapshotConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("attributes" Data..=) Prelude.<$> attributes,
+            ("kmsKeyId" Data..=) Prelude.<$> kmsKeyId
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/ReasonCode.hs b/gen/Amazonka/AccessAnalyzer/Types/ReasonCode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/ReasonCode.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.ReasonCode
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.ReasonCode
+  ( ReasonCode
+      ( ..,
+        ReasonCode_AWS_SERVICE_ACCESS_DISABLED,
+        ReasonCode_DELEGATED_ADMINISTRATOR_DEREGISTERED,
+        ReasonCode_ORGANIZATION_DELETED,
+        ReasonCode_SERVICE_LINKED_ROLE_CREATION_FAILED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ReasonCode = ReasonCode'
+  { fromReasonCode ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ReasonCode_AWS_SERVICE_ACCESS_DISABLED :: ReasonCode
+pattern ReasonCode_AWS_SERVICE_ACCESS_DISABLED = ReasonCode' "AWS_SERVICE_ACCESS_DISABLED"
+
+pattern ReasonCode_DELEGATED_ADMINISTRATOR_DEREGISTERED :: ReasonCode
+pattern ReasonCode_DELEGATED_ADMINISTRATOR_DEREGISTERED = ReasonCode' "DELEGATED_ADMINISTRATOR_DEREGISTERED"
+
+pattern ReasonCode_ORGANIZATION_DELETED :: ReasonCode
+pattern ReasonCode_ORGANIZATION_DELETED = ReasonCode' "ORGANIZATION_DELETED"
+
+pattern ReasonCode_SERVICE_LINKED_ROLE_CREATION_FAILED :: ReasonCode
+pattern ReasonCode_SERVICE_LINKED_ROLE_CREATION_FAILED = ReasonCode' "SERVICE_LINKED_ROLE_CREATION_FAILED"
+
+{-# COMPLETE
+  ReasonCode_AWS_SERVICE_ACCESS_DISABLED,
+  ReasonCode_DELEGATED_ADMINISTRATOR_DEREGISTERED,
+  ReasonCode_ORGANIZATION_DELETED,
+  ReasonCode_SERVICE_LINKED_ROLE_CREATION_FAILED,
+  ReasonCode'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/ResourceType.hs b/gen/Amazonka/AccessAnalyzer/Types/ResourceType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/ResourceType.hs
@@ -0,0 +1,126 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.ResourceType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.ResourceType
+  ( ResourceType
+      ( ..,
+        ResourceType_AWS__EC2__Snapshot,
+        ResourceType_AWS__ECR__Repository,
+        ResourceType_AWS__EFS__FileSystem,
+        ResourceType_AWS__IAM__Role,
+        ResourceType_AWS__KMS__Key,
+        ResourceType_AWS__Lambda__Function,
+        ResourceType_AWS__Lambda__LayerVersion,
+        ResourceType_AWS__RDS__DBClusterSnapshot,
+        ResourceType_AWS__RDS__DBSnapshot,
+        ResourceType_AWS__S3__Bucket,
+        ResourceType_AWS__SNS__Topic,
+        ResourceType_AWS__SQS__Queue,
+        ResourceType_AWS__SecretsManager__Secret
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResourceType = ResourceType'
+  { fromResourceType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResourceType_AWS__EC2__Snapshot :: ResourceType
+pattern ResourceType_AWS__EC2__Snapshot = ResourceType' "AWS::EC2::Snapshot"
+
+pattern ResourceType_AWS__ECR__Repository :: ResourceType
+pattern ResourceType_AWS__ECR__Repository = ResourceType' "AWS::ECR::Repository"
+
+pattern ResourceType_AWS__EFS__FileSystem :: ResourceType
+pattern ResourceType_AWS__EFS__FileSystem = ResourceType' "AWS::EFS::FileSystem"
+
+pattern ResourceType_AWS__IAM__Role :: ResourceType
+pattern ResourceType_AWS__IAM__Role = ResourceType' "AWS::IAM::Role"
+
+pattern ResourceType_AWS__KMS__Key :: ResourceType
+pattern ResourceType_AWS__KMS__Key = ResourceType' "AWS::KMS::Key"
+
+pattern ResourceType_AWS__Lambda__Function :: ResourceType
+pattern ResourceType_AWS__Lambda__Function = ResourceType' "AWS::Lambda::Function"
+
+pattern ResourceType_AWS__Lambda__LayerVersion :: ResourceType
+pattern ResourceType_AWS__Lambda__LayerVersion = ResourceType' "AWS::Lambda::LayerVersion"
+
+pattern ResourceType_AWS__RDS__DBClusterSnapshot :: ResourceType
+pattern ResourceType_AWS__RDS__DBClusterSnapshot = ResourceType' "AWS::RDS::DBClusterSnapshot"
+
+pattern ResourceType_AWS__RDS__DBSnapshot :: ResourceType
+pattern ResourceType_AWS__RDS__DBSnapshot = ResourceType' "AWS::RDS::DBSnapshot"
+
+pattern ResourceType_AWS__S3__Bucket :: ResourceType
+pattern ResourceType_AWS__S3__Bucket = ResourceType' "AWS::S3::Bucket"
+
+pattern ResourceType_AWS__SNS__Topic :: ResourceType
+pattern ResourceType_AWS__SNS__Topic = ResourceType' "AWS::SNS::Topic"
+
+pattern ResourceType_AWS__SQS__Queue :: ResourceType
+pattern ResourceType_AWS__SQS__Queue = ResourceType' "AWS::SQS::Queue"
+
+pattern ResourceType_AWS__SecretsManager__Secret :: ResourceType
+pattern ResourceType_AWS__SecretsManager__Secret = ResourceType' "AWS::SecretsManager::Secret"
+
+{-# COMPLETE
+  ResourceType_AWS__EC2__Snapshot,
+  ResourceType_AWS__ECR__Repository,
+  ResourceType_AWS__EFS__FileSystem,
+  ResourceType_AWS__IAM__Role,
+  ResourceType_AWS__KMS__Key,
+  ResourceType_AWS__Lambda__Function,
+  ResourceType_AWS__Lambda__LayerVersion,
+  ResourceType_AWS__RDS__DBClusterSnapshot,
+  ResourceType_AWS__RDS__DBSnapshot,
+  ResourceType_AWS__S3__Bucket,
+  ResourceType_AWS__SNS__Topic,
+  ResourceType_AWS__SQS__Queue,
+  ResourceType_AWS__SecretsManager__Secret,
+  ResourceType'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/S3AccessPointConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/S3AccessPointConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/S3AccessPointConfiguration.hs
@@ -0,0 +1,138 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration where
+
+import Amazonka.AccessAnalyzer.Types.NetworkOriginConfiguration
+import Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The configuration for an Amazon S3 access point or multi-region access
+-- point for the bucket. You can propose up to 10 access points or
+-- multi-region access points per bucket. If the proposed Amazon S3 access
+-- point configuration is for an existing bucket, the access preview uses
+-- the proposed access point configuration in place of the existing access
+-- points. To propose an access point without a policy, you can provide an
+-- empty string as the access point policy. For more information, see
+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html Creating access points>.
+-- For more information about access point policy limits, see
+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html Access points restrictions and limitations>.
+--
+-- /See:/ 'newS3AccessPointConfiguration' smart constructor.
+data S3AccessPointConfiguration = S3AccessPointConfiguration'
+  { -- | The access point or multi-region access point policy.
+    accessPointPolicy :: Prelude.Maybe Prelude.Text,
+    -- | The proposed @Internet@ and @VpcConfiguration@ to apply to this Amazon
+    -- S3 access point. @VpcConfiguration@ does not apply to multi-region
+    -- access points. If the access preview is for a new resource and neither
+    -- is specified, the access preview uses @Internet@ for the network origin.
+    -- If the access preview is for an existing resource and neither is
+    -- specified, the access preview uses the exiting network origin.
+    networkOrigin :: Prelude.Maybe NetworkOriginConfiguration,
+    -- | The proposed @S3PublicAccessBlock@ configuration to apply to this Amazon
+    -- S3 access point or multi-region access point.
+    publicAccessBlock :: Prelude.Maybe S3PublicAccessBlockConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'S3AccessPointConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessPointPolicy', 's3AccessPointConfiguration_accessPointPolicy' - The access point or multi-region access point policy.
+--
+-- 'networkOrigin', 's3AccessPointConfiguration_networkOrigin' - The proposed @Internet@ and @VpcConfiguration@ to apply to this Amazon
+-- S3 access point. @VpcConfiguration@ does not apply to multi-region
+-- access points. If the access preview is for a new resource and neither
+-- is specified, the access preview uses @Internet@ for the network origin.
+-- If the access preview is for an existing resource and neither is
+-- specified, the access preview uses the exiting network origin.
+--
+-- 'publicAccessBlock', 's3AccessPointConfiguration_publicAccessBlock' - The proposed @S3PublicAccessBlock@ configuration to apply to this Amazon
+-- S3 access point or multi-region access point.
+newS3AccessPointConfiguration ::
+  S3AccessPointConfiguration
+newS3AccessPointConfiguration =
+  S3AccessPointConfiguration'
+    { accessPointPolicy =
+        Prelude.Nothing,
+      networkOrigin = Prelude.Nothing,
+      publicAccessBlock = Prelude.Nothing
+    }
+
+-- | The access point or multi-region access point policy.
+s3AccessPointConfiguration_accessPointPolicy :: Lens.Lens' S3AccessPointConfiguration (Prelude.Maybe Prelude.Text)
+s3AccessPointConfiguration_accessPointPolicy = Lens.lens (\S3AccessPointConfiguration' {accessPointPolicy} -> accessPointPolicy) (\s@S3AccessPointConfiguration' {} a -> s {accessPointPolicy = a} :: S3AccessPointConfiguration)
+
+-- | The proposed @Internet@ and @VpcConfiguration@ to apply to this Amazon
+-- S3 access point. @VpcConfiguration@ does not apply to multi-region
+-- access points. If the access preview is for a new resource and neither
+-- is specified, the access preview uses @Internet@ for the network origin.
+-- If the access preview is for an existing resource and neither is
+-- specified, the access preview uses the exiting network origin.
+s3AccessPointConfiguration_networkOrigin :: Lens.Lens' S3AccessPointConfiguration (Prelude.Maybe NetworkOriginConfiguration)
+s3AccessPointConfiguration_networkOrigin = Lens.lens (\S3AccessPointConfiguration' {networkOrigin} -> networkOrigin) (\s@S3AccessPointConfiguration' {} a -> s {networkOrigin = a} :: S3AccessPointConfiguration)
+
+-- | The proposed @S3PublicAccessBlock@ configuration to apply to this Amazon
+-- S3 access point or multi-region access point.
+s3AccessPointConfiguration_publicAccessBlock :: Lens.Lens' S3AccessPointConfiguration (Prelude.Maybe S3PublicAccessBlockConfiguration)
+s3AccessPointConfiguration_publicAccessBlock = Lens.lens (\S3AccessPointConfiguration' {publicAccessBlock} -> publicAccessBlock) (\s@S3AccessPointConfiguration' {} a -> s {publicAccessBlock = a} :: S3AccessPointConfiguration)
+
+instance Data.FromJSON S3AccessPointConfiguration where
+  parseJSON =
+    Data.withObject
+      "S3AccessPointConfiguration"
+      ( \x ->
+          S3AccessPointConfiguration'
+            Prelude.<$> (x Data..:? "accessPointPolicy")
+            Prelude.<*> (x Data..:? "networkOrigin")
+            Prelude.<*> (x Data..:? "publicAccessBlock")
+      )
+
+instance Prelude.Hashable S3AccessPointConfiguration where
+  hashWithSalt _salt S3AccessPointConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessPointPolicy
+      `Prelude.hashWithSalt` networkOrigin
+      `Prelude.hashWithSalt` publicAccessBlock
+
+instance Prelude.NFData S3AccessPointConfiguration where
+  rnf S3AccessPointConfiguration' {..} =
+    Prelude.rnf accessPointPolicy
+      `Prelude.seq` Prelude.rnf networkOrigin
+      `Prelude.seq` Prelude.rnf publicAccessBlock
+
+instance Data.ToJSON S3AccessPointConfiguration where
+  toJSON S3AccessPointConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("accessPointPolicy" Data..=)
+              Prelude.<$> accessPointPolicy,
+            ("networkOrigin" Data..=) Prelude.<$> networkOrigin,
+            ("publicAccessBlock" Data..=)
+              Prelude.<$> publicAccessBlock
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/S3BucketAclGrantConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/S3BucketAclGrantConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/S3BucketAclGrantConfiguration.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration where
+
+import Amazonka.AccessAnalyzer.Types.AclGrantee
+import Amazonka.AccessAnalyzer.Types.AclPermission
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A proposed access control list grant configuration for an Amazon S3
+-- bucket. For more information, see
+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls How to Specify an ACL>.
+--
+-- /See:/ 'newS3BucketAclGrantConfiguration' smart constructor.
+data S3BucketAclGrantConfiguration = S3BucketAclGrantConfiguration'
+  { -- | The permissions being granted.
+    permission :: AclPermission,
+    -- | The grantee to whom you’re assigning access rights.
+    grantee :: AclGrantee
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'S3BucketAclGrantConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'permission', 's3BucketAclGrantConfiguration_permission' - The permissions being granted.
+--
+-- 'grantee', 's3BucketAclGrantConfiguration_grantee' - The grantee to whom you’re assigning access rights.
+newS3BucketAclGrantConfiguration ::
+  -- | 'permission'
+  AclPermission ->
+  -- | 'grantee'
+  AclGrantee ->
+  S3BucketAclGrantConfiguration
+newS3BucketAclGrantConfiguration
+  pPermission_
+  pGrantee_ =
+    S3BucketAclGrantConfiguration'
+      { permission =
+          pPermission_,
+        grantee = pGrantee_
+      }
+
+-- | The permissions being granted.
+s3BucketAclGrantConfiguration_permission :: Lens.Lens' S3BucketAclGrantConfiguration AclPermission
+s3BucketAclGrantConfiguration_permission = Lens.lens (\S3BucketAclGrantConfiguration' {permission} -> permission) (\s@S3BucketAclGrantConfiguration' {} a -> s {permission = a} :: S3BucketAclGrantConfiguration)
+
+-- | The grantee to whom you’re assigning access rights.
+s3BucketAclGrantConfiguration_grantee :: Lens.Lens' S3BucketAclGrantConfiguration AclGrantee
+s3BucketAclGrantConfiguration_grantee = Lens.lens (\S3BucketAclGrantConfiguration' {grantee} -> grantee) (\s@S3BucketAclGrantConfiguration' {} a -> s {grantee = a} :: S3BucketAclGrantConfiguration)
+
+instance Data.FromJSON S3BucketAclGrantConfiguration where
+  parseJSON =
+    Data.withObject
+      "S3BucketAclGrantConfiguration"
+      ( \x ->
+          S3BucketAclGrantConfiguration'
+            Prelude.<$> (x Data..: "permission")
+            Prelude.<*> (x Data..: "grantee")
+      )
+
+instance
+  Prelude.Hashable
+    S3BucketAclGrantConfiguration
+  where
+  hashWithSalt _salt S3BucketAclGrantConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` permission
+      `Prelude.hashWithSalt` grantee
+
+instance Prelude.NFData S3BucketAclGrantConfiguration where
+  rnf S3BucketAclGrantConfiguration' {..} =
+    Prelude.rnf permission
+      `Prelude.seq` Prelude.rnf grantee
+
+instance Data.ToJSON S3BucketAclGrantConfiguration where
+  toJSON S3BucketAclGrantConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("permission" Data..= permission),
+            Prelude.Just ("grantee" Data..= grantee)
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/S3BucketConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/S3BucketConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/S3BucketConfiguration.hs
@@ -0,0 +1,158 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.S3BucketConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.S3BucketConfiguration where
+
+import Amazonka.AccessAnalyzer.Types.S3AccessPointConfiguration
+import Amazonka.AccessAnalyzer.Types.S3BucketAclGrantConfiguration
+import Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Proposed access control configuration for an Amazon S3 bucket. You can
+-- propose a configuration for a new Amazon S3 bucket or an existing Amazon
+-- S3 bucket that you own by specifying the Amazon S3 bucket policy, bucket
+-- ACLs, bucket BPA settings, Amazon S3 access points, and multi-region
+-- access points attached to the bucket. If the configuration is for an
+-- existing Amazon S3 bucket and you do not specify the Amazon S3 bucket
+-- policy, the access preview uses the existing policy attached to the
+-- bucket. If the access preview is for a new resource and you do not
+-- specify the Amazon S3 bucket policy, the access preview assumes a bucket
+-- without a policy. To propose deletion of an existing bucket policy, you
+-- can specify an empty string. For more information about bucket policy
+-- limits, see
+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html Bucket Policy Examples>.
+--
+-- /See:/ 'newS3BucketConfiguration' smart constructor.
+data S3BucketConfiguration = S3BucketConfiguration'
+  { -- | The configuration of Amazon S3 access points or multi-region access
+    -- points for the bucket. You can propose up to 10 new access points per
+    -- bucket.
+    accessPoints :: Prelude.Maybe (Prelude.HashMap Prelude.Text S3AccessPointConfiguration),
+    -- | The proposed list of ACL grants for the Amazon S3 bucket. You can
+    -- propose up to 100 ACL grants per bucket. If the proposed grant
+    -- configuration is for an existing bucket, the access preview uses the
+    -- proposed list of grant configurations in place of the existing grants.
+    -- Otherwise, the access preview uses the existing grants for the bucket.
+    bucketAclGrants :: Prelude.Maybe [S3BucketAclGrantConfiguration],
+    -- | The proposed bucket policy for the Amazon S3 bucket.
+    bucketPolicy :: Prelude.Maybe Prelude.Text,
+    -- | The proposed block public access configuration for the Amazon S3 bucket.
+    bucketPublicAccessBlock :: Prelude.Maybe S3PublicAccessBlockConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'S3BucketConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessPoints', 's3BucketConfiguration_accessPoints' - The configuration of Amazon S3 access points or multi-region access
+-- points for the bucket. You can propose up to 10 new access points per
+-- bucket.
+--
+-- 'bucketAclGrants', 's3BucketConfiguration_bucketAclGrants' - The proposed list of ACL grants for the Amazon S3 bucket. You can
+-- propose up to 100 ACL grants per bucket. If the proposed grant
+-- configuration is for an existing bucket, the access preview uses the
+-- proposed list of grant configurations in place of the existing grants.
+-- Otherwise, the access preview uses the existing grants for the bucket.
+--
+-- 'bucketPolicy', 's3BucketConfiguration_bucketPolicy' - The proposed bucket policy for the Amazon S3 bucket.
+--
+-- 'bucketPublicAccessBlock', 's3BucketConfiguration_bucketPublicAccessBlock' - The proposed block public access configuration for the Amazon S3 bucket.
+newS3BucketConfiguration ::
+  S3BucketConfiguration
+newS3BucketConfiguration =
+  S3BucketConfiguration'
+    { accessPoints =
+        Prelude.Nothing,
+      bucketAclGrants = Prelude.Nothing,
+      bucketPolicy = Prelude.Nothing,
+      bucketPublicAccessBlock = Prelude.Nothing
+    }
+
+-- | The configuration of Amazon S3 access points or multi-region access
+-- points for the bucket. You can propose up to 10 new access points per
+-- bucket.
+s3BucketConfiguration_accessPoints :: Lens.Lens' S3BucketConfiguration (Prelude.Maybe (Prelude.HashMap Prelude.Text S3AccessPointConfiguration))
+s3BucketConfiguration_accessPoints = Lens.lens (\S3BucketConfiguration' {accessPoints} -> accessPoints) (\s@S3BucketConfiguration' {} a -> s {accessPoints = a} :: S3BucketConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | The proposed list of ACL grants for the Amazon S3 bucket. You can
+-- propose up to 100 ACL grants per bucket. If the proposed grant
+-- configuration is for an existing bucket, the access preview uses the
+-- proposed list of grant configurations in place of the existing grants.
+-- Otherwise, the access preview uses the existing grants for the bucket.
+s3BucketConfiguration_bucketAclGrants :: Lens.Lens' S3BucketConfiguration (Prelude.Maybe [S3BucketAclGrantConfiguration])
+s3BucketConfiguration_bucketAclGrants = Lens.lens (\S3BucketConfiguration' {bucketAclGrants} -> bucketAclGrants) (\s@S3BucketConfiguration' {} a -> s {bucketAclGrants = a} :: S3BucketConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | The proposed bucket policy for the Amazon S3 bucket.
+s3BucketConfiguration_bucketPolicy :: Lens.Lens' S3BucketConfiguration (Prelude.Maybe Prelude.Text)
+s3BucketConfiguration_bucketPolicy = Lens.lens (\S3BucketConfiguration' {bucketPolicy} -> bucketPolicy) (\s@S3BucketConfiguration' {} a -> s {bucketPolicy = a} :: S3BucketConfiguration)
+
+-- | The proposed block public access configuration for the Amazon S3 bucket.
+s3BucketConfiguration_bucketPublicAccessBlock :: Lens.Lens' S3BucketConfiguration (Prelude.Maybe S3PublicAccessBlockConfiguration)
+s3BucketConfiguration_bucketPublicAccessBlock = Lens.lens (\S3BucketConfiguration' {bucketPublicAccessBlock} -> bucketPublicAccessBlock) (\s@S3BucketConfiguration' {} a -> s {bucketPublicAccessBlock = a} :: S3BucketConfiguration)
+
+instance Data.FromJSON S3BucketConfiguration where
+  parseJSON =
+    Data.withObject
+      "S3BucketConfiguration"
+      ( \x ->
+          S3BucketConfiguration'
+            Prelude.<$> (x Data..:? "accessPoints" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "bucketAclGrants"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "bucketPolicy")
+            Prelude.<*> (x Data..:? "bucketPublicAccessBlock")
+      )
+
+instance Prelude.Hashable S3BucketConfiguration where
+  hashWithSalt _salt S3BucketConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessPoints
+      `Prelude.hashWithSalt` bucketAclGrants
+      `Prelude.hashWithSalt` bucketPolicy
+      `Prelude.hashWithSalt` bucketPublicAccessBlock
+
+instance Prelude.NFData S3BucketConfiguration where
+  rnf S3BucketConfiguration' {..} =
+    Prelude.rnf accessPoints
+      `Prelude.seq` Prelude.rnf bucketAclGrants
+      `Prelude.seq` Prelude.rnf bucketPolicy
+      `Prelude.seq` Prelude.rnf bucketPublicAccessBlock
+
+instance Data.ToJSON S3BucketConfiguration where
+  toJSON S3BucketConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("accessPoints" Data..=) Prelude.<$> accessPoints,
+            ("bucketAclGrants" Data..=)
+              Prelude.<$> bucketAclGrants,
+            ("bucketPolicy" Data..=) Prelude.<$> bucketPolicy,
+            ("bucketPublicAccessBlock" Data..=)
+              Prelude.<$> bucketPublicAccessBlock
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/S3PublicAccessBlockConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/S3PublicAccessBlockConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/S3PublicAccessBlockConfiguration.hs
@@ -0,0 +1,130 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.S3PublicAccessBlockConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The @PublicAccessBlock@ configuration to apply to this Amazon S3 bucket.
+-- If the proposed configuration is for an existing Amazon S3 bucket and
+-- the configuration is not specified, the access preview uses the existing
+-- setting. If the proposed configuration is for a new bucket and the
+-- configuration is not specified, the access preview uses @false@. If the
+-- proposed configuration is for a new access point or multi-region access
+-- point and the access point BPA configuration is not specified, the
+-- access preview uses @true@. For more information, see
+-- <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html PublicAccessBlockConfiguration>.
+--
+-- /See:/ 'newS3PublicAccessBlockConfiguration' smart constructor.
+data S3PublicAccessBlockConfiguration = S3PublicAccessBlockConfiguration'
+  { -- | Specifies whether Amazon S3 should ignore public ACLs for this bucket
+    -- and objects in this bucket.
+    ignorePublicAcls :: Prelude.Bool,
+    -- | Specifies whether Amazon S3 should restrict public bucket policies for
+    -- this bucket.
+    restrictPublicBuckets :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'S3PublicAccessBlockConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ignorePublicAcls', 's3PublicAccessBlockConfiguration_ignorePublicAcls' - Specifies whether Amazon S3 should ignore public ACLs for this bucket
+-- and objects in this bucket.
+--
+-- 'restrictPublicBuckets', 's3PublicAccessBlockConfiguration_restrictPublicBuckets' - Specifies whether Amazon S3 should restrict public bucket policies for
+-- this bucket.
+newS3PublicAccessBlockConfiguration ::
+  -- | 'ignorePublicAcls'
+  Prelude.Bool ->
+  -- | 'restrictPublicBuckets'
+  Prelude.Bool ->
+  S3PublicAccessBlockConfiguration
+newS3PublicAccessBlockConfiguration
+  pIgnorePublicAcls_
+  pRestrictPublicBuckets_ =
+    S3PublicAccessBlockConfiguration'
+      { ignorePublicAcls =
+          pIgnorePublicAcls_,
+        restrictPublicBuckets =
+          pRestrictPublicBuckets_
+      }
+
+-- | Specifies whether Amazon S3 should ignore public ACLs for this bucket
+-- and objects in this bucket.
+s3PublicAccessBlockConfiguration_ignorePublicAcls :: Lens.Lens' S3PublicAccessBlockConfiguration Prelude.Bool
+s3PublicAccessBlockConfiguration_ignorePublicAcls = Lens.lens (\S3PublicAccessBlockConfiguration' {ignorePublicAcls} -> ignorePublicAcls) (\s@S3PublicAccessBlockConfiguration' {} a -> s {ignorePublicAcls = a} :: S3PublicAccessBlockConfiguration)
+
+-- | Specifies whether Amazon S3 should restrict public bucket policies for
+-- this bucket.
+s3PublicAccessBlockConfiguration_restrictPublicBuckets :: Lens.Lens' S3PublicAccessBlockConfiguration Prelude.Bool
+s3PublicAccessBlockConfiguration_restrictPublicBuckets = Lens.lens (\S3PublicAccessBlockConfiguration' {restrictPublicBuckets} -> restrictPublicBuckets) (\s@S3PublicAccessBlockConfiguration' {} a -> s {restrictPublicBuckets = a} :: S3PublicAccessBlockConfiguration)
+
+instance
+  Data.FromJSON
+    S3PublicAccessBlockConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "S3PublicAccessBlockConfiguration"
+      ( \x ->
+          S3PublicAccessBlockConfiguration'
+            Prelude.<$> (x Data..: "ignorePublicAcls")
+            Prelude.<*> (x Data..: "restrictPublicBuckets")
+      )
+
+instance
+  Prelude.Hashable
+    S3PublicAccessBlockConfiguration
+  where
+  hashWithSalt
+    _salt
+    S3PublicAccessBlockConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` ignorePublicAcls
+        `Prelude.hashWithSalt` restrictPublicBuckets
+
+instance
+  Prelude.NFData
+    S3PublicAccessBlockConfiguration
+  where
+  rnf S3PublicAccessBlockConfiguration' {..} =
+    Prelude.rnf ignorePublicAcls
+      `Prelude.seq` Prelude.rnf restrictPublicBuckets
+
+instance Data.ToJSON S3PublicAccessBlockConfiguration where
+  toJSON S3PublicAccessBlockConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("ignorePublicAcls" Data..= ignorePublicAcls),
+            Prelude.Just
+              ( "restrictPublicBuckets"
+                  Data..= restrictPublicBuckets
+              )
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/SecretsManagerSecretConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/SecretsManagerSecretConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/SecretsManagerSecretConfiguration.hs
@@ -0,0 +1,128 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.SecretsManagerSecretConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The configuration for a Secrets Manager secret. For more information,
+-- see
+-- <https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html CreateSecret>.
+--
+-- You can propose a configuration for a new secret or an existing secret
+-- that you own by specifying the secret policy and optional KMS encryption
+-- key. If the configuration is for an existing secret and you do not
+-- specify the secret policy, the access preview uses the existing policy
+-- for the secret. If the access preview is for a new resource and you do
+-- not specify the policy, the access preview assumes a secret without a
+-- policy. To propose deletion of an existing policy, you can specify an
+-- empty string. If the proposed configuration is for a new secret and you
+-- do not specify the KMS key ID, the access preview uses the Amazon Web
+-- Services managed key @aws\/secretsmanager@. If you specify an empty
+-- string for the KMS key ID, the access preview uses the Amazon Web
+-- Services managed key of the Amazon Web Services account. For more
+-- information about secret policy limits, see
+-- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html Quotas for Secrets Manager.>.
+--
+-- /See:/ 'newSecretsManagerSecretConfiguration' smart constructor.
+data SecretsManagerSecretConfiguration = SecretsManagerSecretConfiguration'
+  { -- | The proposed ARN, key ID, or alias of the KMS key.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The proposed resource policy defining who can access or manage the
+    -- secret.
+    secretPolicy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SecretsManagerSecretConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'kmsKeyId', 'secretsManagerSecretConfiguration_kmsKeyId' - The proposed ARN, key ID, or alias of the KMS key.
+--
+-- 'secretPolicy', 'secretsManagerSecretConfiguration_secretPolicy' - The proposed resource policy defining who can access or manage the
+-- secret.
+newSecretsManagerSecretConfiguration ::
+  SecretsManagerSecretConfiguration
+newSecretsManagerSecretConfiguration =
+  SecretsManagerSecretConfiguration'
+    { kmsKeyId =
+        Prelude.Nothing,
+      secretPolicy = Prelude.Nothing
+    }
+
+-- | The proposed ARN, key ID, or alias of the KMS key.
+secretsManagerSecretConfiguration_kmsKeyId :: Lens.Lens' SecretsManagerSecretConfiguration (Prelude.Maybe Prelude.Text)
+secretsManagerSecretConfiguration_kmsKeyId = Lens.lens (\SecretsManagerSecretConfiguration' {kmsKeyId} -> kmsKeyId) (\s@SecretsManagerSecretConfiguration' {} a -> s {kmsKeyId = a} :: SecretsManagerSecretConfiguration)
+
+-- | The proposed resource policy defining who can access or manage the
+-- secret.
+secretsManagerSecretConfiguration_secretPolicy :: Lens.Lens' SecretsManagerSecretConfiguration (Prelude.Maybe Prelude.Text)
+secretsManagerSecretConfiguration_secretPolicy = Lens.lens (\SecretsManagerSecretConfiguration' {secretPolicy} -> secretPolicy) (\s@SecretsManagerSecretConfiguration' {} a -> s {secretPolicy = a} :: SecretsManagerSecretConfiguration)
+
+instance
+  Data.FromJSON
+    SecretsManagerSecretConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "SecretsManagerSecretConfiguration"
+      ( \x ->
+          SecretsManagerSecretConfiguration'
+            Prelude.<$> (x Data..:? "kmsKeyId")
+            Prelude.<*> (x Data..:? "secretPolicy")
+      )
+
+instance
+  Prelude.Hashable
+    SecretsManagerSecretConfiguration
+  where
+  hashWithSalt
+    _salt
+    SecretsManagerSecretConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` kmsKeyId
+        `Prelude.hashWithSalt` secretPolicy
+
+instance
+  Prelude.NFData
+    SecretsManagerSecretConfiguration
+  where
+  rnf SecretsManagerSecretConfiguration' {..} =
+    Prelude.rnf kmsKeyId
+      `Prelude.seq` Prelude.rnf secretPolicy
+
+instance
+  Data.ToJSON
+    SecretsManagerSecretConfiguration
+  where
+  toJSON SecretsManagerSecretConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("kmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("secretPolicy" Data..=) Prelude.<$> secretPolicy
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/SnsTopicConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/SnsTopicConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/SnsTopicConfiguration.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.SnsTopicConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The proposed access control configuration for an Amazon SNS topic. You
+-- can propose a configuration for a new Amazon SNS topic or an existing
+-- Amazon SNS topic that you own by specifying the policy. If the
+-- configuration is for an existing Amazon SNS topic and you do not specify
+-- the Amazon SNS policy, then the access preview uses the existing Amazon
+-- SNS policy for the topic. If the access preview is for a new resource
+-- and you do not specify the policy, then the access preview assumes an
+-- Amazon SNS topic without a policy. To propose deletion of an existing
+-- Amazon SNS topic policy, you can specify an empty string for the Amazon
+-- SNS policy. For more information, see
+-- <https://docs.aws.amazon.com/sns/latest/api/API_Topic.html Topic>.
+--
+-- /See:/ 'newSnsTopicConfiguration' smart constructor.
+data SnsTopicConfiguration = SnsTopicConfiguration'
+  { -- | The JSON policy text that defines who can access an Amazon SNS topic.
+    -- For more information, see
+    -- <https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html Example cases for Amazon SNS access control>
+    -- in the /Amazon SNS Developer Guide/.
+    topicPolicy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SnsTopicConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'topicPolicy', 'snsTopicConfiguration_topicPolicy' - The JSON policy text that defines who can access an Amazon SNS topic.
+-- For more information, see
+-- <https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html Example cases for Amazon SNS access control>
+-- in the /Amazon SNS Developer Guide/.
+newSnsTopicConfiguration ::
+  SnsTopicConfiguration
+newSnsTopicConfiguration =
+  SnsTopicConfiguration'
+    { topicPolicy =
+        Prelude.Nothing
+    }
+
+-- | The JSON policy text that defines who can access an Amazon SNS topic.
+-- For more information, see
+-- <https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html Example cases for Amazon SNS access control>
+-- in the /Amazon SNS Developer Guide/.
+snsTopicConfiguration_topicPolicy :: Lens.Lens' SnsTopicConfiguration (Prelude.Maybe Prelude.Text)
+snsTopicConfiguration_topicPolicy = Lens.lens (\SnsTopicConfiguration' {topicPolicy} -> topicPolicy) (\s@SnsTopicConfiguration' {} a -> s {topicPolicy = a} :: SnsTopicConfiguration)
+
+instance Data.FromJSON SnsTopicConfiguration where
+  parseJSON =
+    Data.withObject
+      "SnsTopicConfiguration"
+      ( \x ->
+          SnsTopicConfiguration'
+            Prelude.<$> (x Data..:? "topicPolicy")
+      )
+
+instance Prelude.Hashable SnsTopicConfiguration where
+  hashWithSalt _salt SnsTopicConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` topicPolicy
+
+instance Prelude.NFData SnsTopicConfiguration where
+  rnf SnsTopicConfiguration' {..} =
+    Prelude.rnf topicPolicy
+
+instance Data.ToJSON SnsTopicConfiguration where
+  toJSON SnsTopicConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("topicPolicy" Data..=) Prelude.<$> topicPolicy]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/SortCriteria.hs b/gen/Amazonka/AccessAnalyzer/Types/SortCriteria.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/SortCriteria.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.SortCriteria
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.SortCriteria where
+
+import Amazonka.AccessAnalyzer.Types.OrderBy
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The criteria used to sort.
+--
+-- /See:/ 'newSortCriteria' smart constructor.
+data SortCriteria = SortCriteria'
+  { -- | The name of the attribute to sort on.
+    attributeName :: Prelude.Maybe Prelude.Text,
+    -- | The sort order, ascending or descending.
+    orderBy :: Prelude.Maybe OrderBy
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SortCriteria' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attributeName', 'sortCriteria_attributeName' - The name of the attribute to sort on.
+--
+-- 'orderBy', 'sortCriteria_orderBy' - The sort order, ascending or descending.
+newSortCriteria ::
+  SortCriteria
+newSortCriteria =
+  SortCriteria'
+    { attributeName = Prelude.Nothing,
+      orderBy = Prelude.Nothing
+    }
+
+-- | The name of the attribute to sort on.
+sortCriteria_attributeName :: Lens.Lens' SortCriteria (Prelude.Maybe Prelude.Text)
+sortCriteria_attributeName = Lens.lens (\SortCriteria' {attributeName} -> attributeName) (\s@SortCriteria' {} a -> s {attributeName = a} :: SortCriteria)
+
+-- | The sort order, ascending or descending.
+sortCriteria_orderBy :: Lens.Lens' SortCriteria (Prelude.Maybe OrderBy)
+sortCriteria_orderBy = Lens.lens (\SortCriteria' {orderBy} -> orderBy) (\s@SortCriteria' {} a -> s {orderBy = a} :: SortCriteria)
+
+instance Prelude.Hashable SortCriteria where
+  hashWithSalt _salt SortCriteria' {..} =
+    _salt
+      `Prelude.hashWithSalt` attributeName
+      `Prelude.hashWithSalt` orderBy
+
+instance Prelude.NFData SortCriteria where
+  rnf SortCriteria' {..} =
+    Prelude.rnf attributeName
+      `Prelude.seq` Prelude.rnf orderBy
+
+instance Data.ToJSON SortCriteria where
+  toJSON SortCriteria' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("attributeName" Data..=) Prelude.<$> attributeName,
+            ("orderBy" Data..=) Prelude.<$> orderBy
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/Span.hs b/gen/Amazonka/AccessAnalyzer/Types/Span.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/Span.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.Span
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.Span where
+
+import Amazonka.AccessAnalyzer.Types.Position
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A span in a policy. The span consists of a start position (inclusive)
+-- and end position (exclusive).
+--
+-- /See:/ 'newSpan' smart constructor.
+data Span = Span'
+  { -- | The start position of the span (inclusive).
+    start :: Position,
+    -- | The end position of the span (exclusive).
+    end :: Position
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Span' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'start', 'span_start' - The start position of the span (inclusive).
+--
+-- 'end', 'span_end' - The end position of the span (exclusive).
+newSpan ::
+  -- | 'start'
+  Position ->
+  -- | 'end'
+  Position ->
+  Span
+newSpan pStart_ pEnd_ =
+  Span' {start = pStart_, end = pEnd_}
+
+-- | The start position of the span (inclusive).
+span_start :: Lens.Lens' Span Position
+span_start = Lens.lens (\Span' {start} -> start) (\s@Span' {} a -> s {start = a} :: Span)
+
+-- | The end position of the span (exclusive).
+span_end :: Lens.Lens' Span Position
+span_end = Lens.lens (\Span' {end} -> end) (\s@Span' {} a -> s {end = a} :: Span)
+
+instance Data.FromJSON Span where
+  parseJSON =
+    Data.withObject
+      "Span"
+      ( \x ->
+          Span'
+            Prelude.<$> (x Data..: "start")
+            Prelude.<*> (x Data..: "end")
+      )
+
+instance Prelude.Hashable Span where
+  hashWithSalt _salt Span' {..} =
+    _salt
+      `Prelude.hashWithSalt` start
+      `Prelude.hashWithSalt` end
+
+instance Prelude.NFData Span where
+  rnf Span' {..} =
+    Prelude.rnf start `Prelude.seq` Prelude.rnf end
diff --git a/gen/Amazonka/AccessAnalyzer/Types/SqsQueueConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/SqsQueueConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/SqsQueueConfiguration.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.SqsQueueConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The proposed access control configuration for an Amazon SQS queue. You
+-- can propose a configuration for a new Amazon SQS queue or an existing
+-- Amazon SQS queue that you own by specifying the Amazon SQS policy. If
+-- the configuration is for an existing Amazon SQS queue and you do not
+-- specify the Amazon SQS policy, the access preview uses the existing
+-- Amazon SQS policy for the queue. If the access preview is for a new
+-- resource and you do not specify the policy, the access preview assumes
+-- an Amazon SQS queue without a policy. To propose deletion of an existing
+-- Amazon SQS queue policy, you can specify an empty string for the Amazon
+-- SQS policy. For more information about Amazon SQS policy limits, see
+-- <https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html Quotas related to policies>.
+--
+-- /See:/ 'newSqsQueueConfiguration' smart constructor.
+data SqsQueueConfiguration = SqsQueueConfiguration'
+  { -- | The proposed resource policy for the Amazon SQS queue.
+    queuePolicy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SqsQueueConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'queuePolicy', 'sqsQueueConfiguration_queuePolicy' - The proposed resource policy for the Amazon SQS queue.
+newSqsQueueConfiguration ::
+  SqsQueueConfiguration
+newSqsQueueConfiguration =
+  SqsQueueConfiguration'
+    { queuePolicy =
+        Prelude.Nothing
+    }
+
+-- | The proposed resource policy for the Amazon SQS queue.
+sqsQueueConfiguration_queuePolicy :: Lens.Lens' SqsQueueConfiguration (Prelude.Maybe Prelude.Text)
+sqsQueueConfiguration_queuePolicy = Lens.lens (\SqsQueueConfiguration' {queuePolicy} -> queuePolicy) (\s@SqsQueueConfiguration' {} a -> s {queuePolicy = a} :: SqsQueueConfiguration)
+
+instance Data.FromJSON SqsQueueConfiguration where
+  parseJSON =
+    Data.withObject
+      "SqsQueueConfiguration"
+      ( \x ->
+          SqsQueueConfiguration'
+            Prelude.<$> (x Data..:? "queuePolicy")
+      )
+
+instance Prelude.Hashable SqsQueueConfiguration where
+  hashWithSalt _salt SqsQueueConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` queuePolicy
+
+instance Prelude.NFData SqsQueueConfiguration where
+  rnf SqsQueueConfiguration' {..} =
+    Prelude.rnf queuePolicy
+
+instance Data.ToJSON SqsQueueConfiguration where
+  toJSON SqsQueueConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("queuePolicy" Data..=) Prelude.<$> queuePolicy]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/StatusReason.hs b/gen/Amazonka/AccessAnalyzer/Types/StatusReason.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/StatusReason.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.StatusReason
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.StatusReason where
+
+import Amazonka.AccessAnalyzer.Types.ReasonCode
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides more details about the current status of the analyzer. For
+-- example, if the creation for the analyzer fails, a @Failed@ status is
+-- returned. For an analyzer with organization as the type, this failure
+-- can be due to an issue with creating the service-linked roles required
+-- in the member accounts of the Amazon Web Services organization.
+--
+-- /See:/ 'newStatusReason' smart constructor.
+data StatusReason = StatusReason'
+  { -- | The reason code for the current status of the analyzer.
+    code :: ReasonCode
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StatusReason' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'code', 'statusReason_code' - The reason code for the current status of the analyzer.
+newStatusReason ::
+  -- | 'code'
+  ReasonCode ->
+  StatusReason
+newStatusReason pCode_ = StatusReason' {code = pCode_}
+
+-- | The reason code for the current status of the analyzer.
+statusReason_code :: Lens.Lens' StatusReason ReasonCode
+statusReason_code = Lens.lens (\StatusReason' {code} -> code) (\s@StatusReason' {} a -> s {code = a} :: StatusReason)
+
+instance Data.FromJSON StatusReason where
+  parseJSON =
+    Data.withObject
+      "StatusReason"
+      (\x -> StatusReason' Prelude.<$> (x Data..: "code"))
+
+instance Prelude.Hashable StatusReason where
+  hashWithSalt _salt StatusReason' {..} =
+    _salt `Prelude.hashWithSalt` code
+
+instance Prelude.NFData StatusReason where
+  rnf StatusReason' {..} = Prelude.rnf code
diff --git a/gen/Amazonka/AccessAnalyzer/Types/Substring.hs b/gen/Amazonka/AccessAnalyzer/Types/Substring.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/Substring.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.Substring
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.Substring where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A reference to a substring of a literal string in a JSON document.
+--
+-- /See:/ 'newSubstring' smart constructor.
+data Substring = Substring'
+  { -- | The start index of the substring, starting from 0.
+    start :: Prelude.Int,
+    -- | The length of the substring.
+    length :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Substring' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'start', 'substring_start' - The start index of the substring, starting from 0.
+--
+-- 'length', 'substring_length' - The length of the substring.
+newSubstring ::
+  -- | 'start'
+  Prelude.Int ->
+  -- | 'length'
+  Prelude.Int ->
+  Substring
+newSubstring pStart_ pLength_ =
+  Substring' {start = pStart_, length = pLength_}
+
+-- | The start index of the substring, starting from 0.
+substring_start :: Lens.Lens' Substring Prelude.Int
+substring_start = Lens.lens (\Substring' {start} -> start) (\s@Substring' {} a -> s {start = a} :: Substring)
+
+-- | The length of the substring.
+substring_length :: Lens.Lens' Substring Prelude.Int
+substring_length = Lens.lens (\Substring' {length} -> length) (\s@Substring' {} a -> s {length = a} :: Substring)
+
+instance Data.FromJSON Substring where
+  parseJSON =
+    Data.withObject
+      "Substring"
+      ( \x ->
+          Substring'
+            Prelude.<$> (x Data..: "start")
+            Prelude.<*> (x Data..: "length")
+      )
+
+instance Prelude.Hashable Substring where
+  hashWithSalt _salt Substring' {..} =
+    _salt
+      `Prelude.hashWithSalt` start
+      `Prelude.hashWithSalt` length
+
+instance Prelude.NFData Substring where
+  rnf Substring' {..} =
+    Prelude.rnf start `Prelude.seq` Prelude.rnf length
diff --git a/gen/Amazonka/AccessAnalyzer/Types/Trail.hs b/gen/Amazonka/AccessAnalyzer/Types/Trail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/Trail.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.Trail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.Trail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains details about the CloudTrail trail being analyzed to generate a
+-- policy.
+--
+-- /See:/ 'newTrail' smart constructor.
+data Trail = Trail'
+  { -- | Possible values are @true@ or @false@. If set to @true@, IAM Access
+    -- Analyzer retrieves CloudTrail data from all regions to analyze and
+    -- generate a policy.
+    allRegions :: Prelude.Maybe Prelude.Bool,
+    -- | A list of regions to get CloudTrail data from and analyze to generate a
+    -- policy.
+    regions :: Prelude.Maybe [Prelude.Text],
+    -- | Specifies the ARN of the trail. The format of a trail ARN is
+    -- @arn:aws:cloudtrail:us-east-2:123456789012:trail\/MyTrail@.
+    cloudTrailArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Trail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allRegions', 'trail_allRegions' - Possible values are @true@ or @false@. If set to @true@, IAM Access
+-- Analyzer retrieves CloudTrail data from all regions to analyze and
+-- generate a policy.
+--
+-- 'regions', 'trail_regions' - A list of regions to get CloudTrail data from and analyze to generate a
+-- policy.
+--
+-- 'cloudTrailArn', 'trail_cloudTrailArn' - Specifies the ARN of the trail. The format of a trail ARN is
+-- @arn:aws:cloudtrail:us-east-2:123456789012:trail\/MyTrail@.
+newTrail ::
+  -- | 'cloudTrailArn'
+  Prelude.Text ->
+  Trail
+newTrail pCloudTrailArn_ =
+  Trail'
+    { allRegions = Prelude.Nothing,
+      regions = Prelude.Nothing,
+      cloudTrailArn = pCloudTrailArn_
+    }
+
+-- | Possible values are @true@ or @false@. If set to @true@, IAM Access
+-- Analyzer retrieves CloudTrail data from all regions to analyze and
+-- generate a policy.
+trail_allRegions :: Lens.Lens' Trail (Prelude.Maybe Prelude.Bool)
+trail_allRegions = Lens.lens (\Trail' {allRegions} -> allRegions) (\s@Trail' {} a -> s {allRegions = a} :: Trail)
+
+-- | A list of regions to get CloudTrail data from and analyze to generate a
+-- policy.
+trail_regions :: Lens.Lens' Trail (Prelude.Maybe [Prelude.Text])
+trail_regions = Lens.lens (\Trail' {regions} -> regions) (\s@Trail' {} a -> s {regions = a} :: Trail) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies the ARN of the trail. The format of a trail ARN is
+-- @arn:aws:cloudtrail:us-east-2:123456789012:trail\/MyTrail@.
+trail_cloudTrailArn :: Lens.Lens' Trail Prelude.Text
+trail_cloudTrailArn = Lens.lens (\Trail' {cloudTrailArn} -> cloudTrailArn) (\s@Trail' {} a -> s {cloudTrailArn = a} :: Trail)
+
+instance Prelude.Hashable Trail where
+  hashWithSalt _salt Trail' {..} =
+    _salt
+      `Prelude.hashWithSalt` allRegions
+      `Prelude.hashWithSalt` regions
+      `Prelude.hashWithSalt` cloudTrailArn
+
+instance Prelude.NFData Trail where
+  rnf Trail' {..} =
+    Prelude.rnf allRegions
+      `Prelude.seq` Prelude.rnf regions
+      `Prelude.seq` Prelude.rnf cloudTrailArn
+
+instance Data.ToJSON Trail where
+  toJSON Trail' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("allRegions" Data..=) Prelude.<$> allRegions,
+            ("regions" Data..=) Prelude.<$> regions,
+            Prelude.Just
+              ("cloudTrailArn" Data..= cloudTrailArn)
+          ]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/Types/TrailProperties.hs b/gen/Amazonka/AccessAnalyzer/Types/TrailProperties.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/TrailProperties.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.TrailProperties
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.TrailProperties where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains details about the CloudTrail trail being analyzed to generate a
+-- policy.
+--
+-- /See:/ 'newTrailProperties' smart constructor.
+data TrailProperties = TrailProperties'
+  { -- | Possible values are @true@ or @false@. If set to @true@, IAM Access
+    -- Analyzer retrieves CloudTrail data from all regions to analyze and
+    -- generate a policy.
+    allRegions :: Prelude.Maybe Prelude.Bool,
+    -- | A list of regions to get CloudTrail data from and analyze to generate a
+    -- policy.
+    regions :: Prelude.Maybe [Prelude.Text],
+    -- | Specifies the ARN of the trail. The format of a trail ARN is
+    -- @arn:aws:cloudtrail:us-east-2:123456789012:trail\/MyTrail@.
+    cloudTrailArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TrailProperties' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allRegions', 'trailProperties_allRegions' - Possible values are @true@ or @false@. If set to @true@, IAM Access
+-- Analyzer retrieves CloudTrail data from all regions to analyze and
+-- generate a policy.
+--
+-- 'regions', 'trailProperties_regions' - A list of regions to get CloudTrail data from and analyze to generate a
+-- policy.
+--
+-- 'cloudTrailArn', 'trailProperties_cloudTrailArn' - Specifies the ARN of the trail. The format of a trail ARN is
+-- @arn:aws:cloudtrail:us-east-2:123456789012:trail\/MyTrail@.
+newTrailProperties ::
+  -- | 'cloudTrailArn'
+  Prelude.Text ->
+  TrailProperties
+newTrailProperties pCloudTrailArn_ =
+  TrailProperties'
+    { allRegions = Prelude.Nothing,
+      regions = Prelude.Nothing,
+      cloudTrailArn = pCloudTrailArn_
+    }
+
+-- | Possible values are @true@ or @false@. If set to @true@, IAM Access
+-- Analyzer retrieves CloudTrail data from all regions to analyze and
+-- generate a policy.
+trailProperties_allRegions :: Lens.Lens' TrailProperties (Prelude.Maybe Prelude.Bool)
+trailProperties_allRegions = Lens.lens (\TrailProperties' {allRegions} -> allRegions) (\s@TrailProperties' {} a -> s {allRegions = a} :: TrailProperties)
+
+-- | A list of regions to get CloudTrail data from and analyze to generate a
+-- policy.
+trailProperties_regions :: Lens.Lens' TrailProperties (Prelude.Maybe [Prelude.Text])
+trailProperties_regions = Lens.lens (\TrailProperties' {regions} -> regions) (\s@TrailProperties' {} a -> s {regions = a} :: TrailProperties) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies the ARN of the trail. The format of a trail ARN is
+-- @arn:aws:cloudtrail:us-east-2:123456789012:trail\/MyTrail@.
+trailProperties_cloudTrailArn :: Lens.Lens' TrailProperties Prelude.Text
+trailProperties_cloudTrailArn = Lens.lens (\TrailProperties' {cloudTrailArn} -> cloudTrailArn) (\s@TrailProperties' {} a -> s {cloudTrailArn = a} :: TrailProperties)
+
+instance Data.FromJSON TrailProperties where
+  parseJSON =
+    Data.withObject
+      "TrailProperties"
+      ( \x ->
+          TrailProperties'
+            Prelude.<$> (x Data..:? "allRegions")
+            Prelude.<*> (x Data..:? "regions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "cloudTrailArn")
+      )
+
+instance Prelude.Hashable TrailProperties where
+  hashWithSalt _salt TrailProperties' {..} =
+    _salt
+      `Prelude.hashWithSalt` allRegions
+      `Prelude.hashWithSalt` regions
+      `Prelude.hashWithSalt` cloudTrailArn
+
+instance Prelude.NFData TrailProperties where
+  rnf TrailProperties' {..} =
+    Prelude.rnf allRegions
+      `Prelude.seq` Prelude.rnf regions
+      `Prelude.seq` Prelude.rnf cloudTrailArn
diff --git a/gen/Amazonka/AccessAnalyzer/Types/Type.hs b/gen/Amazonka/AccessAnalyzer/Types/Type.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/Type.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.Type
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.Type
+  ( Type
+      ( ..,
+        Type_ACCOUNT,
+        Type_ORGANIZATION
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype Type = Type' {fromType :: Data.Text}
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern Type_ACCOUNT :: Type
+pattern Type_ACCOUNT = Type' "ACCOUNT"
+
+pattern Type_ORGANIZATION :: Type
+pattern Type_ORGANIZATION = Type' "ORGANIZATION"
+
+{-# COMPLETE
+  Type_ACCOUNT,
+  Type_ORGANIZATION,
+  Type'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/ValidatePolicyFinding.hs b/gen/Amazonka/AccessAnalyzer/Types/ValidatePolicyFinding.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/ValidatePolicyFinding.hs
@@ -0,0 +1,181 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.ValidatePolicyFinding where
+
+import Amazonka.AccessAnalyzer.Types.Location
+import Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A finding in a policy. Each finding is an actionable recommendation that
+-- can be used to improve the policy.
+--
+-- /See:/ 'newValidatePolicyFinding' smart constructor.
+data ValidatePolicyFinding = ValidatePolicyFinding'
+  { -- | A localized message that explains the finding and provides guidance on
+    -- how to address it.
+    findingDetails :: Prelude.Text,
+    -- | The impact of the finding.
+    --
+    -- Security warnings report when the policy allows access that we consider
+    -- overly permissive.
+    --
+    -- Errors report when a part of the policy is not functional.
+    --
+    -- Warnings report non-security issues when a policy does not conform to
+    -- policy writing best practices.
+    --
+    -- Suggestions recommend stylistic improvements in the policy that do not
+    -- impact access.
+    findingType :: ValidatePolicyFindingType,
+    -- | The issue code provides an identifier of the issue associated with this
+    -- finding.
+    issueCode :: Prelude.Text,
+    -- | A link to additional documentation about the type of finding.
+    learnMoreLink :: Prelude.Text,
+    -- | The list of locations in the policy document that are related to the
+    -- finding. The issue code provides a summary of an issue identified by the
+    -- finding.
+    locations :: [Location]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ValidatePolicyFinding' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingDetails', 'validatePolicyFinding_findingDetails' - A localized message that explains the finding and provides guidance on
+-- how to address it.
+--
+-- 'findingType', 'validatePolicyFinding_findingType' - The impact of the finding.
+--
+-- Security warnings report when the policy allows access that we consider
+-- overly permissive.
+--
+-- Errors report when a part of the policy is not functional.
+--
+-- Warnings report non-security issues when a policy does not conform to
+-- policy writing best practices.
+--
+-- Suggestions recommend stylistic improvements in the policy that do not
+-- impact access.
+--
+-- 'issueCode', 'validatePolicyFinding_issueCode' - The issue code provides an identifier of the issue associated with this
+-- finding.
+--
+-- 'learnMoreLink', 'validatePolicyFinding_learnMoreLink' - A link to additional documentation about the type of finding.
+--
+-- 'locations', 'validatePolicyFinding_locations' - The list of locations in the policy document that are related to the
+-- finding. The issue code provides a summary of an issue identified by the
+-- finding.
+newValidatePolicyFinding ::
+  -- | 'findingDetails'
+  Prelude.Text ->
+  -- | 'findingType'
+  ValidatePolicyFindingType ->
+  -- | 'issueCode'
+  Prelude.Text ->
+  -- | 'learnMoreLink'
+  Prelude.Text ->
+  ValidatePolicyFinding
+newValidatePolicyFinding
+  pFindingDetails_
+  pFindingType_
+  pIssueCode_
+  pLearnMoreLink_ =
+    ValidatePolicyFinding'
+      { findingDetails =
+          pFindingDetails_,
+        findingType = pFindingType_,
+        issueCode = pIssueCode_,
+        learnMoreLink = pLearnMoreLink_,
+        locations = Prelude.mempty
+      }
+
+-- | A localized message that explains the finding and provides guidance on
+-- how to address it.
+validatePolicyFinding_findingDetails :: Lens.Lens' ValidatePolicyFinding Prelude.Text
+validatePolicyFinding_findingDetails = Lens.lens (\ValidatePolicyFinding' {findingDetails} -> findingDetails) (\s@ValidatePolicyFinding' {} a -> s {findingDetails = a} :: ValidatePolicyFinding)
+
+-- | The impact of the finding.
+--
+-- Security warnings report when the policy allows access that we consider
+-- overly permissive.
+--
+-- Errors report when a part of the policy is not functional.
+--
+-- Warnings report non-security issues when a policy does not conform to
+-- policy writing best practices.
+--
+-- Suggestions recommend stylistic improvements in the policy that do not
+-- impact access.
+validatePolicyFinding_findingType :: Lens.Lens' ValidatePolicyFinding ValidatePolicyFindingType
+validatePolicyFinding_findingType = Lens.lens (\ValidatePolicyFinding' {findingType} -> findingType) (\s@ValidatePolicyFinding' {} a -> s {findingType = a} :: ValidatePolicyFinding)
+
+-- | The issue code provides an identifier of the issue associated with this
+-- finding.
+validatePolicyFinding_issueCode :: Lens.Lens' ValidatePolicyFinding Prelude.Text
+validatePolicyFinding_issueCode = Lens.lens (\ValidatePolicyFinding' {issueCode} -> issueCode) (\s@ValidatePolicyFinding' {} a -> s {issueCode = a} :: ValidatePolicyFinding)
+
+-- | A link to additional documentation about the type of finding.
+validatePolicyFinding_learnMoreLink :: Lens.Lens' ValidatePolicyFinding Prelude.Text
+validatePolicyFinding_learnMoreLink = Lens.lens (\ValidatePolicyFinding' {learnMoreLink} -> learnMoreLink) (\s@ValidatePolicyFinding' {} a -> s {learnMoreLink = a} :: ValidatePolicyFinding)
+
+-- | The list of locations in the policy document that are related to the
+-- finding. The issue code provides a summary of an issue identified by the
+-- finding.
+validatePolicyFinding_locations :: Lens.Lens' ValidatePolicyFinding [Location]
+validatePolicyFinding_locations = Lens.lens (\ValidatePolicyFinding' {locations} -> locations) (\s@ValidatePolicyFinding' {} a -> s {locations = a} :: ValidatePolicyFinding) Prelude.. Lens.coerced
+
+instance Data.FromJSON ValidatePolicyFinding where
+  parseJSON =
+    Data.withObject
+      "ValidatePolicyFinding"
+      ( \x ->
+          ValidatePolicyFinding'
+            Prelude.<$> (x Data..: "findingDetails")
+            Prelude.<*> (x Data..: "findingType")
+            Prelude.<*> (x Data..: "issueCode")
+            Prelude.<*> (x Data..: "learnMoreLink")
+            Prelude.<*> (x Data..:? "locations" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable ValidatePolicyFinding where
+  hashWithSalt _salt ValidatePolicyFinding' {..} =
+    _salt
+      `Prelude.hashWithSalt` findingDetails
+      `Prelude.hashWithSalt` findingType
+      `Prelude.hashWithSalt` issueCode
+      `Prelude.hashWithSalt` learnMoreLink
+      `Prelude.hashWithSalt` locations
+
+instance Prelude.NFData ValidatePolicyFinding where
+  rnf ValidatePolicyFinding' {..} =
+    Prelude.rnf findingDetails
+      `Prelude.seq` Prelude.rnf findingType
+      `Prelude.seq` Prelude.rnf issueCode
+      `Prelude.seq` Prelude.rnf learnMoreLink
+      `Prelude.seq` Prelude.rnf locations
diff --git a/gen/Amazonka/AccessAnalyzer/Types/ValidatePolicyFindingType.hs b/gen/Amazonka/AccessAnalyzer/Types/ValidatePolicyFindingType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/ValidatePolicyFindingType.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.ValidatePolicyFindingType
+  ( ValidatePolicyFindingType
+      ( ..,
+        ValidatePolicyFindingType_ERROR,
+        ValidatePolicyFindingType_SECURITY_WARNING,
+        ValidatePolicyFindingType_SUGGESTION,
+        ValidatePolicyFindingType_WARNING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ValidatePolicyFindingType = ValidatePolicyFindingType'
+  { fromValidatePolicyFindingType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ValidatePolicyFindingType_ERROR :: ValidatePolicyFindingType
+pattern ValidatePolicyFindingType_ERROR = ValidatePolicyFindingType' "ERROR"
+
+pattern ValidatePolicyFindingType_SECURITY_WARNING :: ValidatePolicyFindingType
+pattern ValidatePolicyFindingType_SECURITY_WARNING = ValidatePolicyFindingType' "SECURITY_WARNING"
+
+pattern ValidatePolicyFindingType_SUGGESTION :: ValidatePolicyFindingType
+pattern ValidatePolicyFindingType_SUGGESTION = ValidatePolicyFindingType' "SUGGESTION"
+
+pattern ValidatePolicyFindingType_WARNING :: ValidatePolicyFindingType
+pattern ValidatePolicyFindingType_WARNING = ValidatePolicyFindingType' "WARNING"
+
+{-# COMPLETE
+  ValidatePolicyFindingType_ERROR,
+  ValidatePolicyFindingType_SECURITY_WARNING,
+  ValidatePolicyFindingType_SUGGESTION,
+  ValidatePolicyFindingType_WARNING,
+  ValidatePolicyFindingType'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/ValidatePolicyResourceType.hs b/gen/Amazonka/AccessAnalyzer/Types/ValidatePolicyResourceType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/ValidatePolicyResourceType.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.ValidatePolicyResourceType
+  ( ValidatePolicyResourceType
+      ( ..,
+        ValidatePolicyResourceType_AWS__IAM__AssumeRolePolicyDocument,
+        ValidatePolicyResourceType_AWS__S3ObjectLambda__AccessPoint,
+        ValidatePolicyResourceType_AWS__S3__AccessPoint,
+        ValidatePolicyResourceType_AWS__S3__Bucket,
+        ValidatePolicyResourceType_AWS__S3__MultiRegionAccessPoint
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ValidatePolicyResourceType = ValidatePolicyResourceType'
+  { fromValidatePolicyResourceType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ValidatePolicyResourceType_AWS__IAM__AssumeRolePolicyDocument :: ValidatePolicyResourceType
+pattern ValidatePolicyResourceType_AWS__IAM__AssumeRolePolicyDocument = ValidatePolicyResourceType' "AWS::IAM::AssumeRolePolicyDocument"
+
+pattern ValidatePolicyResourceType_AWS__S3ObjectLambda__AccessPoint :: ValidatePolicyResourceType
+pattern ValidatePolicyResourceType_AWS__S3ObjectLambda__AccessPoint = ValidatePolicyResourceType' "AWS::S3ObjectLambda::AccessPoint"
+
+pattern ValidatePolicyResourceType_AWS__S3__AccessPoint :: ValidatePolicyResourceType
+pattern ValidatePolicyResourceType_AWS__S3__AccessPoint = ValidatePolicyResourceType' "AWS::S3::AccessPoint"
+
+pattern ValidatePolicyResourceType_AWS__S3__Bucket :: ValidatePolicyResourceType
+pattern ValidatePolicyResourceType_AWS__S3__Bucket = ValidatePolicyResourceType' "AWS::S3::Bucket"
+
+pattern ValidatePolicyResourceType_AWS__S3__MultiRegionAccessPoint :: ValidatePolicyResourceType
+pattern ValidatePolicyResourceType_AWS__S3__MultiRegionAccessPoint = ValidatePolicyResourceType' "AWS::S3::MultiRegionAccessPoint"
+
+{-# COMPLETE
+  ValidatePolicyResourceType_AWS__IAM__AssumeRolePolicyDocument,
+  ValidatePolicyResourceType_AWS__S3ObjectLambda__AccessPoint,
+  ValidatePolicyResourceType_AWS__S3__AccessPoint,
+  ValidatePolicyResourceType_AWS__S3__Bucket,
+  ValidatePolicyResourceType_AWS__S3__MultiRegionAccessPoint,
+  ValidatePolicyResourceType'
+  #-}
diff --git a/gen/Amazonka/AccessAnalyzer/Types/VpcConfiguration.hs b/gen/Amazonka/AccessAnalyzer/Types/VpcConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Types/VpcConfiguration.hs
@@ -0,0 +1,82 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Types.VpcConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Types.VpcConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The proposed virtual private cloud (VPC) configuration for the Amazon S3
+-- access point. VPC configuration does not apply to multi-region access
+-- points. For more information, see
+-- <https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html VpcConfiguration>.
+--
+-- /See:/ 'newVpcConfiguration' smart constructor.
+data VpcConfiguration = VpcConfiguration'
+  { -- | If this field is specified, this access point will only allow
+    -- connections from the specified VPC ID.
+    vpcId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VpcConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'vpcId', 'vpcConfiguration_vpcId' - If this field is specified, this access point will only allow
+-- connections from the specified VPC ID.
+newVpcConfiguration ::
+  -- | 'vpcId'
+  Prelude.Text ->
+  VpcConfiguration
+newVpcConfiguration pVpcId_ =
+  VpcConfiguration' {vpcId = pVpcId_}
+
+-- | If this field is specified, this access point will only allow
+-- connections from the specified VPC ID.
+vpcConfiguration_vpcId :: Lens.Lens' VpcConfiguration Prelude.Text
+vpcConfiguration_vpcId = Lens.lens (\VpcConfiguration' {vpcId} -> vpcId) (\s@VpcConfiguration' {} a -> s {vpcId = a} :: VpcConfiguration)
+
+instance Data.FromJSON VpcConfiguration where
+  parseJSON =
+    Data.withObject
+      "VpcConfiguration"
+      ( \x ->
+          VpcConfiguration' Prelude.<$> (x Data..: "vpcId")
+      )
+
+instance Prelude.Hashable VpcConfiguration where
+  hashWithSalt _salt VpcConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData VpcConfiguration where
+  rnf VpcConfiguration' {..} = Prelude.rnf vpcId
+
+instance Data.ToJSON VpcConfiguration where
+  toJSON VpcConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("vpcId" Data..= vpcId)]
+      )
diff --git a/gen/Amazonka/AccessAnalyzer/UntagResource.hs b/gen/Amazonka/AccessAnalyzer/UntagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/UntagResource.hs
@@ -0,0 +1,165 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.UntagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes a tag from the specified resource.
+module Amazonka.AccessAnalyzer.UntagResource
+  ( -- * Creating a Request
+    UntagResource (..),
+    newUntagResource,
+
+    -- * Request Lenses
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+
+    -- * Destructuring the Response
+    UntagResourceResponse (..),
+    newUntagResourceResponse,
+
+    -- * Response Lenses
+    untagResourceResponse_httpStatus,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Removes a tag from the specified resource.
+--
+-- /See:/ 'newUntagResource' smart constructor.
+data UntagResource = UntagResource'
+  { -- | The ARN of the resource to remove the tag from.
+    resourceArn :: Prelude.Text,
+    -- | The key for the tag to add.
+    tagKeys :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'untagResource_resourceArn' - The ARN of the resource to remove the tag from.
+--
+-- 'tagKeys', 'untagResource_tagKeys' - The key for the tag to add.
+newUntagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  UntagResource
+newUntagResource pResourceArn_ =
+  UntagResource'
+    { resourceArn = pResourceArn_,
+      tagKeys = Prelude.mempty
+    }
+
+-- | The ARN of the resource to remove the tag from.
+untagResource_resourceArn :: Lens.Lens' UntagResource Prelude.Text
+untagResource_resourceArn = Lens.lens (\UntagResource' {resourceArn} -> resourceArn) (\s@UntagResource' {} a -> s {resourceArn = a} :: UntagResource)
+
+-- | The key for the tag to add.
+untagResource_tagKeys :: Lens.Lens' UntagResource [Prelude.Text]
+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UntagResource where
+  type
+    AWSResponse UntagResource =
+      UntagResourceResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UntagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UntagResource where
+  hashWithSalt _salt UntagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tagKeys
+
+instance Prelude.NFData UntagResource where
+  rnf UntagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tagKeys
+
+instance Data.ToHeaders UntagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath UntagResource where
+  toPath UntagResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery UntagResource where
+  toQuery UntagResource' {..} =
+    Prelude.mconcat
+      ["tagKeys" Data.=: Data.toQueryList "member" tagKeys]
+
+-- | The response to the request.
+--
+-- /See:/ 'newUntagResourceResponse' smart constructor.
+data UntagResourceResponse = UntagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'untagResourceResponse_httpStatus' - The response's http status code.
+newUntagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UntagResourceResponse
+newUntagResourceResponse pHttpStatus_ =
+  UntagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+untagResourceResponse_httpStatus :: Lens.Lens' UntagResourceResponse Prelude.Int
+untagResourceResponse_httpStatus = Lens.lens (\UntagResourceResponse' {httpStatus} -> httpStatus) (\s@UntagResourceResponse' {} a -> s {httpStatus = a} :: UntagResourceResponse)
+
+instance Prelude.NFData UntagResourceResponse where
+  rnf UntagResourceResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/AccessAnalyzer/UpdateArchiveRule.hs b/gen/Amazonka/AccessAnalyzer/UpdateArchiveRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/UpdateArchiveRule.hs
@@ -0,0 +1,184 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.UpdateArchiveRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the criteria and values for the specified archive rule.
+module Amazonka.AccessAnalyzer.UpdateArchiveRule
+  ( -- * Creating a Request
+    UpdateArchiveRule (..),
+    newUpdateArchiveRule,
+
+    -- * Request Lenses
+    updateArchiveRule_clientToken,
+    updateArchiveRule_analyzerName,
+    updateArchiveRule_ruleName,
+    updateArchiveRule_filter,
+
+    -- * Destructuring the Response
+    UpdateArchiveRuleResponse (..),
+    newUpdateArchiveRuleResponse,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Updates the specified archive rule.
+--
+-- /See:/ 'newUpdateArchiveRule' smart constructor.
+data UpdateArchiveRule = UpdateArchiveRule'
+  { -- | A client token.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the analyzer to update the archive rules for.
+    analyzerName :: Prelude.Text,
+    -- | The name of the rule to update.
+    ruleName :: Prelude.Text,
+    -- | A filter to match for the rules to update. Only rules that match the
+    -- filter are updated.
+    filter' :: Prelude.HashMap Prelude.Text Criterion
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateArchiveRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'updateArchiveRule_clientToken' - A client token.
+--
+-- 'analyzerName', 'updateArchiveRule_analyzerName' - The name of the analyzer to update the archive rules for.
+--
+-- 'ruleName', 'updateArchiveRule_ruleName' - The name of the rule to update.
+--
+-- 'filter'', 'updateArchiveRule_filter' - A filter to match for the rules to update. Only rules that match the
+-- filter are updated.
+newUpdateArchiveRule ::
+  -- | 'analyzerName'
+  Prelude.Text ->
+  -- | 'ruleName'
+  Prelude.Text ->
+  UpdateArchiveRule
+newUpdateArchiveRule pAnalyzerName_ pRuleName_ =
+  UpdateArchiveRule'
+    { clientToken = Prelude.Nothing,
+      analyzerName = pAnalyzerName_,
+      ruleName = pRuleName_,
+      filter' = Prelude.mempty
+    }
+
+-- | A client token.
+updateArchiveRule_clientToken :: Lens.Lens' UpdateArchiveRule (Prelude.Maybe Prelude.Text)
+updateArchiveRule_clientToken = Lens.lens (\UpdateArchiveRule' {clientToken} -> clientToken) (\s@UpdateArchiveRule' {} a -> s {clientToken = a} :: UpdateArchiveRule)
+
+-- | The name of the analyzer to update the archive rules for.
+updateArchiveRule_analyzerName :: Lens.Lens' UpdateArchiveRule Prelude.Text
+updateArchiveRule_analyzerName = Lens.lens (\UpdateArchiveRule' {analyzerName} -> analyzerName) (\s@UpdateArchiveRule' {} a -> s {analyzerName = a} :: UpdateArchiveRule)
+
+-- | The name of the rule to update.
+updateArchiveRule_ruleName :: Lens.Lens' UpdateArchiveRule Prelude.Text
+updateArchiveRule_ruleName = Lens.lens (\UpdateArchiveRule' {ruleName} -> ruleName) (\s@UpdateArchiveRule' {} a -> s {ruleName = a} :: UpdateArchiveRule)
+
+-- | A filter to match for the rules to update. Only rules that match the
+-- filter are updated.
+updateArchiveRule_filter :: Lens.Lens' UpdateArchiveRule (Prelude.HashMap Prelude.Text Criterion)
+updateArchiveRule_filter = Lens.lens (\UpdateArchiveRule' {filter'} -> filter') (\s@UpdateArchiveRule' {} a -> s {filter' = a} :: UpdateArchiveRule) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UpdateArchiveRule where
+  type
+    AWSResponse UpdateArchiveRule =
+      UpdateArchiveRuleResponse
+  request overrides =
+    Request.putJSON (overrides defaultService)
+  response =
+    Response.receiveNull UpdateArchiveRuleResponse'
+
+instance Prelude.Hashable UpdateArchiveRule where
+  hashWithSalt _salt UpdateArchiveRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` analyzerName
+      `Prelude.hashWithSalt` ruleName
+      `Prelude.hashWithSalt` filter'
+
+instance Prelude.NFData UpdateArchiveRule where
+  rnf UpdateArchiveRule' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf analyzerName
+      `Prelude.seq` Prelude.rnf ruleName
+      `Prelude.seq` Prelude.rnf filter'
+
+instance Data.ToHeaders UpdateArchiveRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateArchiveRule where
+  toJSON UpdateArchiveRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            Prelude.Just ("filter" Data..= filter')
+          ]
+      )
+
+instance Data.ToPath UpdateArchiveRule where
+  toPath UpdateArchiveRule' {..} =
+    Prelude.mconcat
+      [ "/analyzer/",
+        Data.toBS analyzerName,
+        "/archive-rule/",
+        Data.toBS ruleName
+      ]
+
+instance Data.ToQuery UpdateArchiveRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateArchiveRuleResponse' smart constructor.
+data UpdateArchiveRuleResponse = UpdateArchiveRuleResponse'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateArchiveRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newUpdateArchiveRuleResponse ::
+  UpdateArchiveRuleResponse
+newUpdateArchiveRuleResponse =
+  UpdateArchiveRuleResponse'
+
+instance Prelude.NFData UpdateArchiveRuleResponse where
+  rnf _ = ()
diff --git a/gen/Amazonka/AccessAnalyzer/UpdateFindings.hs b/gen/Amazonka/AccessAnalyzer/UpdateFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/UpdateFindings.hs
@@ -0,0 +1,201 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.UpdateFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the status for the specified findings.
+module Amazonka.AccessAnalyzer.UpdateFindings
+  ( -- * Creating a Request
+    UpdateFindings (..),
+    newUpdateFindings,
+
+    -- * Request Lenses
+    updateFindings_clientToken,
+    updateFindings_ids,
+    updateFindings_resourceArn,
+    updateFindings_analyzerArn,
+    updateFindings_status,
+
+    -- * Destructuring the Response
+    UpdateFindingsResponse (..),
+    newUpdateFindingsResponse,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | Updates findings with the new values provided in the request.
+--
+-- /See:/ 'newUpdateFindings' smart constructor.
+data UpdateFindings = UpdateFindings'
+  { -- | A client token.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The IDs of the findings to update.
+    ids :: Prelude.Maybe [Prelude.Text],
+    -- | The ARN of the resource identified in the finding.
+    resourceArn :: Prelude.Maybe Prelude.Text,
+    -- | The
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+    -- that generated the findings to update.
+    analyzerArn :: Prelude.Text,
+    -- | The state represents the action to take to update the finding Status.
+    -- Use @ARCHIVE@ to change an Active finding to an Archived finding. Use
+    -- @ACTIVE@ to change an Archived finding to an Active finding.
+    status :: FindingStatusUpdate
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'updateFindings_clientToken' - A client token.
+--
+-- 'ids', 'updateFindings_ids' - The IDs of the findings to update.
+--
+-- 'resourceArn', 'updateFindings_resourceArn' - The ARN of the resource identified in the finding.
+--
+-- 'analyzerArn', 'updateFindings_analyzerArn' - The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- that generated the findings to update.
+--
+-- 'status', 'updateFindings_status' - The state represents the action to take to update the finding Status.
+-- Use @ARCHIVE@ to change an Active finding to an Archived finding. Use
+-- @ACTIVE@ to change an Archived finding to an Active finding.
+newUpdateFindings ::
+  -- | 'analyzerArn'
+  Prelude.Text ->
+  -- | 'status'
+  FindingStatusUpdate ->
+  UpdateFindings
+newUpdateFindings pAnalyzerArn_ pStatus_ =
+  UpdateFindings'
+    { clientToken = Prelude.Nothing,
+      ids = Prelude.Nothing,
+      resourceArn = Prelude.Nothing,
+      analyzerArn = pAnalyzerArn_,
+      status = pStatus_
+    }
+
+-- | A client token.
+updateFindings_clientToken :: Lens.Lens' UpdateFindings (Prelude.Maybe Prelude.Text)
+updateFindings_clientToken = Lens.lens (\UpdateFindings' {clientToken} -> clientToken) (\s@UpdateFindings' {} a -> s {clientToken = a} :: UpdateFindings)
+
+-- | The IDs of the findings to update.
+updateFindings_ids :: Lens.Lens' UpdateFindings (Prelude.Maybe [Prelude.Text])
+updateFindings_ids = Lens.lens (\UpdateFindings' {ids} -> ids) (\s@UpdateFindings' {} a -> s {ids = a} :: UpdateFindings) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the resource identified in the finding.
+updateFindings_resourceArn :: Lens.Lens' UpdateFindings (Prelude.Maybe Prelude.Text)
+updateFindings_resourceArn = Lens.lens (\UpdateFindings' {resourceArn} -> resourceArn) (\s@UpdateFindings' {} a -> s {resourceArn = a} :: UpdateFindings)
+
+-- | The
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources ARN of the analyzer>
+-- that generated the findings to update.
+updateFindings_analyzerArn :: Lens.Lens' UpdateFindings Prelude.Text
+updateFindings_analyzerArn = Lens.lens (\UpdateFindings' {analyzerArn} -> analyzerArn) (\s@UpdateFindings' {} a -> s {analyzerArn = a} :: UpdateFindings)
+
+-- | The state represents the action to take to update the finding Status.
+-- Use @ARCHIVE@ to change an Active finding to an Archived finding. Use
+-- @ACTIVE@ to change an Archived finding to an Active finding.
+updateFindings_status :: Lens.Lens' UpdateFindings FindingStatusUpdate
+updateFindings_status = Lens.lens (\UpdateFindings' {status} -> status) (\s@UpdateFindings' {} a -> s {status = a} :: UpdateFindings)
+
+instance Core.AWSRequest UpdateFindings where
+  type
+    AWSResponse UpdateFindings =
+      UpdateFindingsResponse
+  request overrides =
+    Request.putJSON (overrides defaultService)
+  response =
+    Response.receiveNull UpdateFindingsResponse'
+
+instance Prelude.Hashable UpdateFindings where
+  hashWithSalt _salt UpdateFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` ids
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` analyzerArn
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData UpdateFindings where
+  rnf UpdateFindings' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf ids
+      `Prelude.seq` Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf analyzerArn
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToHeaders UpdateFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateFindings where
+  toJSON UpdateFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            ("ids" Data..=) Prelude.<$> ids,
+            ("resourceArn" Data..=) Prelude.<$> resourceArn,
+            Prelude.Just ("analyzerArn" Data..= analyzerArn),
+            Prelude.Just ("status" Data..= status)
+          ]
+      )
+
+instance Data.ToPath UpdateFindings where
+  toPath = Prelude.const "/finding"
+
+instance Data.ToQuery UpdateFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateFindingsResponse' smart constructor.
+data UpdateFindingsResponse = UpdateFindingsResponse'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newUpdateFindingsResponse ::
+  UpdateFindingsResponse
+newUpdateFindingsResponse = UpdateFindingsResponse'
+
+instance Prelude.NFData UpdateFindingsResponse where
+  rnf _ = ()
diff --git a/gen/Amazonka/AccessAnalyzer/ValidatePolicy.hs b/gen/Amazonka/AccessAnalyzer/ValidatePolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/ValidatePolicy.hs
@@ -0,0 +1,339 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.ValidatePolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Requests the validation of a policy and returns a list of findings. The
+-- findings help you identify issues and provide actionable recommendations
+-- to resolve the issue and enable you to author functional policies that
+-- meet security best practices.
+--
+-- This operation returns paginated results.
+module Amazonka.AccessAnalyzer.ValidatePolicy
+  ( -- * Creating a Request
+    ValidatePolicy (..),
+    newValidatePolicy,
+
+    -- * Request Lenses
+    validatePolicy_locale,
+    validatePolicy_maxResults,
+    validatePolicy_nextToken,
+    validatePolicy_validatePolicyResourceType,
+    validatePolicy_policyDocument,
+    validatePolicy_policyType,
+
+    -- * Destructuring the Response
+    ValidatePolicyResponse (..),
+    newValidatePolicyResponse,
+
+    -- * Response Lenses
+    validatePolicyResponse_nextToken,
+    validatePolicyResponse_httpStatus,
+    validatePolicyResponse_findings,
+  )
+where
+
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newValidatePolicy' smart constructor.
+data ValidatePolicy = ValidatePolicy'
+  { -- | The locale to use for localizing the findings.
+    locale :: Prelude.Maybe Locale,
+    -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Int,
+    -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The type of resource to attach to your resource policy. Specify a value
+    -- for the policy validation resource type only if the policy type is
+    -- @RESOURCE_POLICY@. For example, to validate a resource policy to attach
+    -- to an Amazon S3 bucket, you can choose @AWS::S3::Bucket@ for the policy
+    -- validation resource type.
+    --
+    -- For resource types not supported as valid values, IAM Access Analyzer
+    -- runs policy checks that apply to all resource policies. For example, to
+    -- validate a resource policy to attach to a KMS key, do not specify a
+    -- value for the policy validation resource type and IAM Access Analyzer
+    -- will run policy checks that apply to all resource policies.
+    validatePolicyResourceType :: Prelude.Maybe ValidatePolicyResourceType,
+    -- | The JSON policy document to use as the content for the policy.
+    policyDocument :: Prelude.Text,
+    -- | The type of policy to validate. Identity policies grant permissions to
+    -- IAM principals. Identity policies include managed and inline policies
+    -- for IAM roles, users, and groups. They also include service-control
+    -- policies (SCPs) that are attached to an Amazon Web Services
+    -- organization, organizational unit (OU), or an account.
+    --
+    -- Resource policies grant permissions on Amazon Web Services resources.
+    -- Resource policies include trust policies for IAM roles and bucket
+    -- policies for Amazon S3 buckets. You can provide a generic input such as
+    -- identity policy or resource policy or a specific input such as managed
+    -- policy or Amazon S3 bucket policy.
+    policyType :: PolicyType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ValidatePolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'locale', 'validatePolicy_locale' - The locale to use for localizing the findings.
+--
+-- 'maxResults', 'validatePolicy_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'validatePolicy_nextToken' - A token used for pagination of results returned.
+--
+-- 'validatePolicyResourceType', 'validatePolicy_validatePolicyResourceType' - The type of resource to attach to your resource policy. Specify a value
+-- for the policy validation resource type only if the policy type is
+-- @RESOURCE_POLICY@. For example, to validate a resource policy to attach
+-- to an Amazon S3 bucket, you can choose @AWS::S3::Bucket@ for the policy
+-- validation resource type.
+--
+-- For resource types not supported as valid values, IAM Access Analyzer
+-- runs policy checks that apply to all resource policies. For example, to
+-- validate a resource policy to attach to a KMS key, do not specify a
+-- value for the policy validation resource type and IAM Access Analyzer
+-- will run policy checks that apply to all resource policies.
+--
+-- 'policyDocument', 'validatePolicy_policyDocument' - The JSON policy document to use as the content for the policy.
+--
+-- 'policyType', 'validatePolicy_policyType' - The type of policy to validate. Identity policies grant permissions to
+-- IAM principals. Identity policies include managed and inline policies
+-- for IAM roles, users, and groups. They also include service-control
+-- policies (SCPs) that are attached to an Amazon Web Services
+-- organization, organizational unit (OU), or an account.
+--
+-- Resource policies grant permissions on Amazon Web Services resources.
+-- Resource policies include trust policies for IAM roles and bucket
+-- policies for Amazon S3 buckets. You can provide a generic input such as
+-- identity policy or resource policy or a specific input such as managed
+-- policy or Amazon S3 bucket policy.
+newValidatePolicy ::
+  -- | 'policyDocument'
+  Prelude.Text ->
+  -- | 'policyType'
+  PolicyType ->
+  ValidatePolicy
+newValidatePolicy pPolicyDocument_ pPolicyType_ =
+  ValidatePolicy'
+    { locale = Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      validatePolicyResourceType = Prelude.Nothing,
+      policyDocument = pPolicyDocument_,
+      policyType = pPolicyType_
+    }
+
+-- | The locale to use for localizing the findings.
+validatePolicy_locale :: Lens.Lens' ValidatePolicy (Prelude.Maybe Locale)
+validatePolicy_locale = Lens.lens (\ValidatePolicy' {locale} -> locale) (\s@ValidatePolicy' {} a -> s {locale = a} :: ValidatePolicy)
+
+-- | The maximum number of results to return in the response.
+validatePolicy_maxResults :: Lens.Lens' ValidatePolicy (Prelude.Maybe Prelude.Int)
+validatePolicy_maxResults = Lens.lens (\ValidatePolicy' {maxResults} -> maxResults) (\s@ValidatePolicy' {} a -> s {maxResults = a} :: ValidatePolicy)
+
+-- | A token used for pagination of results returned.
+validatePolicy_nextToken :: Lens.Lens' ValidatePolicy (Prelude.Maybe Prelude.Text)
+validatePolicy_nextToken = Lens.lens (\ValidatePolicy' {nextToken} -> nextToken) (\s@ValidatePolicy' {} a -> s {nextToken = a} :: ValidatePolicy)
+
+-- | The type of resource to attach to your resource policy. Specify a value
+-- for the policy validation resource type only if the policy type is
+-- @RESOURCE_POLICY@. For example, to validate a resource policy to attach
+-- to an Amazon S3 bucket, you can choose @AWS::S3::Bucket@ for the policy
+-- validation resource type.
+--
+-- For resource types not supported as valid values, IAM Access Analyzer
+-- runs policy checks that apply to all resource policies. For example, to
+-- validate a resource policy to attach to a KMS key, do not specify a
+-- value for the policy validation resource type and IAM Access Analyzer
+-- will run policy checks that apply to all resource policies.
+validatePolicy_validatePolicyResourceType :: Lens.Lens' ValidatePolicy (Prelude.Maybe ValidatePolicyResourceType)
+validatePolicy_validatePolicyResourceType = Lens.lens (\ValidatePolicy' {validatePolicyResourceType} -> validatePolicyResourceType) (\s@ValidatePolicy' {} a -> s {validatePolicyResourceType = a} :: ValidatePolicy)
+
+-- | The JSON policy document to use as the content for the policy.
+validatePolicy_policyDocument :: Lens.Lens' ValidatePolicy Prelude.Text
+validatePolicy_policyDocument = Lens.lens (\ValidatePolicy' {policyDocument} -> policyDocument) (\s@ValidatePolicy' {} a -> s {policyDocument = a} :: ValidatePolicy)
+
+-- | The type of policy to validate. Identity policies grant permissions to
+-- IAM principals. Identity policies include managed and inline policies
+-- for IAM roles, users, and groups. They also include service-control
+-- policies (SCPs) that are attached to an Amazon Web Services
+-- organization, organizational unit (OU), or an account.
+--
+-- Resource policies grant permissions on Amazon Web Services resources.
+-- Resource policies include trust policies for IAM roles and bucket
+-- policies for Amazon S3 buckets. You can provide a generic input such as
+-- identity policy or resource policy or a specific input such as managed
+-- policy or Amazon S3 bucket policy.
+validatePolicy_policyType :: Lens.Lens' ValidatePolicy PolicyType
+validatePolicy_policyType = Lens.lens (\ValidatePolicy' {policyType} -> policyType) (\s@ValidatePolicy' {} a -> s {policyType = a} :: ValidatePolicy)
+
+instance Core.AWSPager ValidatePolicy where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? validatePolicyResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. validatePolicyResponse_findings) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& validatePolicy_nextToken
+          Lens..~ rs
+          Lens.^? validatePolicyResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ValidatePolicy where
+  type
+    AWSResponse ValidatePolicy =
+      ValidatePolicyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ValidatePolicyResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "findings" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ValidatePolicy where
+  hashWithSalt _salt ValidatePolicy' {..} =
+    _salt
+      `Prelude.hashWithSalt` locale
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` validatePolicyResourceType
+      `Prelude.hashWithSalt` policyDocument
+      `Prelude.hashWithSalt` policyType
+
+instance Prelude.NFData ValidatePolicy where
+  rnf ValidatePolicy' {..} =
+    Prelude.rnf locale
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf validatePolicyResourceType
+      `Prelude.seq` Prelude.rnf policyDocument
+      `Prelude.seq` Prelude.rnf policyType
+
+instance Data.ToHeaders ValidatePolicy where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ValidatePolicy where
+  toJSON ValidatePolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("locale" Data..=) Prelude.<$> locale,
+            ("validatePolicyResourceType" Data..=)
+              Prelude.<$> validatePolicyResourceType,
+            Prelude.Just
+              ("policyDocument" Data..= policyDocument),
+            Prelude.Just ("policyType" Data..= policyType)
+          ]
+      )
+
+instance Data.ToPath ValidatePolicy where
+  toPath = Prelude.const "/policy/validation"
+
+instance Data.ToQuery ValidatePolicy where
+  toQuery ValidatePolicy' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newValidatePolicyResponse' smart constructor.
+data ValidatePolicyResponse = ValidatePolicyResponse'
+  { -- | A token used for pagination of results returned.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The list of findings in a policy returned by IAM Access Analyzer based
+    -- on its suite of policy checks.
+    findings :: [ValidatePolicyFinding]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ValidatePolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'validatePolicyResponse_nextToken' - A token used for pagination of results returned.
+--
+-- 'httpStatus', 'validatePolicyResponse_httpStatus' - The response's http status code.
+--
+-- 'findings', 'validatePolicyResponse_findings' - The list of findings in a policy returned by IAM Access Analyzer based
+-- on its suite of policy checks.
+newValidatePolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ValidatePolicyResponse
+newValidatePolicyResponse pHttpStatus_ =
+  ValidatePolicyResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      findings = Prelude.mempty
+    }
+
+-- | A token used for pagination of results returned.
+validatePolicyResponse_nextToken :: Lens.Lens' ValidatePolicyResponse (Prelude.Maybe Prelude.Text)
+validatePolicyResponse_nextToken = Lens.lens (\ValidatePolicyResponse' {nextToken} -> nextToken) (\s@ValidatePolicyResponse' {} a -> s {nextToken = a} :: ValidatePolicyResponse)
+
+-- | The response's http status code.
+validatePolicyResponse_httpStatus :: Lens.Lens' ValidatePolicyResponse Prelude.Int
+validatePolicyResponse_httpStatus = Lens.lens (\ValidatePolicyResponse' {httpStatus} -> httpStatus) (\s@ValidatePolicyResponse' {} a -> s {httpStatus = a} :: ValidatePolicyResponse)
+
+-- | The list of findings in a policy returned by IAM Access Analyzer based
+-- on its suite of policy checks.
+validatePolicyResponse_findings :: Lens.Lens' ValidatePolicyResponse [ValidatePolicyFinding]
+validatePolicyResponse_findings = Lens.lens (\ValidatePolicyResponse' {findings} -> findings) (\s@ValidatePolicyResponse' {} a -> s {findings = a} :: ValidatePolicyResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ValidatePolicyResponse where
+  rnf ValidatePolicyResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf findings
diff --git a/gen/Amazonka/AccessAnalyzer/Waiters.hs b/gen/Amazonka/AccessAnalyzer/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/AccessAnalyzer/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.AccessAnalyzer.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.AccessAnalyzer.Waiters where
+
+import Amazonka.AccessAnalyzer.Lens
+import Amazonka.AccessAnalyzer.Types
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
diff --git a/test/Main.hs b/test/Main.hs
new file mode 100644
--- /dev/null
+++ b/test/Main.hs
@@ -0,0 +1,23 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Main
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Main (main) where
+
+import Test.Amazonka.AccessAnalyzer
+import Test.Amazonka.AccessAnalyzer.Internal
+import Test.Tasty
+
+main :: IO ()
+main =
+  defaultMain $
+    testGroup
+      "AccessAnalyzer"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/Amazonka/AccessAnalyzer.hs b/test/Test/Amazonka/AccessAnalyzer.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/AccessAnalyzer.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.AccessAnalyzer
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.AccessAnalyzer
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/AccessAnalyzer/Internal.hs b/test/Test/Amazonka/AccessAnalyzer/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/AccessAnalyzer/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.AccessAnalyzer.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.AccessAnalyzer.Internal where
diff --git a/test/Test/Amazonka/Gen/AccessAnalyzer.hs b/test/Test/Amazonka/Gen/AccessAnalyzer.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/AccessAnalyzer.hs
@@ -0,0 +1,598 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.AccessAnalyzer
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.AccessAnalyzer where
+
+import Amazonka.AccessAnalyzer
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.AccessAnalyzer.Internal
+import Test.Amazonka.Fixture
+import Test.Amazonka.Prelude
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestApplyArchiveRule $
+--             newApplyArchiveRule
+--
+--         , requestCancelPolicyGeneration $
+--             newCancelPolicyGeneration
+--
+--         , requestCreateAccessPreview $
+--             newCreateAccessPreview
+--
+--         , requestCreateAnalyzer $
+--             newCreateAnalyzer
+--
+--         , requestCreateArchiveRule $
+--             newCreateArchiveRule
+--
+--         , requestDeleteAnalyzer $
+--             newDeleteAnalyzer
+--
+--         , requestDeleteArchiveRule $
+--             newDeleteArchiveRule
+--
+--         , requestGetAccessPreview $
+--             newGetAccessPreview
+--
+--         , requestGetAnalyzedResource $
+--             newGetAnalyzedResource
+--
+--         , requestGetAnalyzer $
+--             newGetAnalyzer
+--
+--         , requestGetArchiveRule $
+--             newGetArchiveRule
+--
+--         , requestGetFinding $
+--             newGetFinding
+--
+--         , requestGetGeneratedPolicy $
+--             newGetGeneratedPolicy
+--
+--         , requestListAccessPreviewFindings $
+--             newListAccessPreviewFindings
+--
+--         , requestListAccessPreviews $
+--             newListAccessPreviews
+--
+--         , requestListAnalyzedResources $
+--             newListAnalyzedResources
+--
+--         , requestListAnalyzers $
+--             newListAnalyzers
+--
+--         , requestListArchiveRules $
+--             newListArchiveRules
+--
+--         , requestListFindings $
+--             newListFindings
+--
+--         , requestListPolicyGenerations $
+--             newListPolicyGenerations
+--
+--         , requestListTagsForResource $
+--             newListTagsForResource
+--
+--         , requestStartPolicyGeneration $
+--             newStartPolicyGeneration
+--
+--         , requestStartResourceScan $
+--             newStartResourceScan
+--
+--         , requestTagResource $
+--             newTagResource
+--
+--         , requestUntagResource $
+--             newUntagResource
+--
+--         , requestUpdateArchiveRule $
+--             newUpdateArchiveRule
+--
+--         , requestUpdateFindings $
+--             newUpdateFindings
+--
+--         , requestValidatePolicy $
+--             newValidatePolicy
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseApplyArchiveRule $
+--             newApplyArchiveRuleResponse
+--
+--         , responseCancelPolicyGeneration $
+--             newCancelPolicyGenerationResponse
+--
+--         , responseCreateAccessPreview $
+--             newCreateAccessPreviewResponse
+--
+--         , responseCreateAnalyzer $
+--             newCreateAnalyzerResponse
+--
+--         , responseCreateArchiveRule $
+--             newCreateArchiveRuleResponse
+--
+--         , responseDeleteAnalyzer $
+--             newDeleteAnalyzerResponse
+--
+--         , responseDeleteArchiveRule $
+--             newDeleteArchiveRuleResponse
+--
+--         , responseGetAccessPreview $
+--             newGetAccessPreviewResponse
+--
+--         , responseGetAnalyzedResource $
+--             newGetAnalyzedResourceResponse
+--
+--         , responseGetAnalyzer $
+--             newGetAnalyzerResponse
+--
+--         , responseGetArchiveRule $
+--             newGetArchiveRuleResponse
+--
+--         , responseGetFinding $
+--             newGetFindingResponse
+--
+--         , responseGetGeneratedPolicy $
+--             newGetGeneratedPolicyResponse
+--
+--         , responseListAccessPreviewFindings $
+--             newListAccessPreviewFindingsResponse
+--
+--         , responseListAccessPreviews $
+--             newListAccessPreviewsResponse
+--
+--         , responseListAnalyzedResources $
+--             newListAnalyzedResourcesResponse
+--
+--         , responseListAnalyzers $
+--             newListAnalyzersResponse
+--
+--         , responseListArchiveRules $
+--             newListArchiveRulesResponse
+--
+--         , responseListFindings $
+--             newListFindingsResponse
+--
+--         , responseListPolicyGenerations $
+--             newListPolicyGenerationsResponse
+--
+--         , responseListTagsForResource $
+--             newListTagsForResourceResponse
+--
+--         , responseStartPolicyGeneration $
+--             newStartPolicyGenerationResponse
+--
+--         , responseStartResourceScan $
+--             newStartResourceScanResponse
+--
+--         , responseTagResource $
+--             newTagResourceResponse
+--
+--         , responseUntagResource $
+--             newUntagResourceResponse
+--
+--         , responseUpdateArchiveRule $
+--             newUpdateArchiveRuleResponse
+--
+--         , responseUpdateFindings $
+--             newUpdateFindingsResponse
+--
+--         , responseValidatePolicy $
+--             newValidatePolicyResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestApplyArchiveRule :: ApplyArchiveRule -> TestTree
+requestApplyArchiveRule =
+  req
+    "ApplyArchiveRule"
+    "fixture/ApplyArchiveRule.yaml"
+
+requestCancelPolicyGeneration :: CancelPolicyGeneration -> TestTree
+requestCancelPolicyGeneration =
+  req
+    "CancelPolicyGeneration"
+    "fixture/CancelPolicyGeneration.yaml"
+
+requestCreateAccessPreview :: CreateAccessPreview -> TestTree
+requestCreateAccessPreview =
+  req
+    "CreateAccessPreview"
+    "fixture/CreateAccessPreview.yaml"
+
+requestCreateAnalyzer :: CreateAnalyzer -> TestTree
+requestCreateAnalyzer =
+  req
+    "CreateAnalyzer"
+    "fixture/CreateAnalyzer.yaml"
+
+requestCreateArchiveRule :: CreateArchiveRule -> TestTree
+requestCreateArchiveRule =
+  req
+    "CreateArchiveRule"
+    "fixture/CreateArchiveRule.yaml"
+
+requestDeleteAnalyzer :: DeleteAnalyzer -> TestTree
+requestDeleteAnalyzer =
+  req
+    "DeleteAnalyzer"
+    "fixture/DeleteAnalyzer.yaml"
+
+requestDeleteArchiveRule :: DeleteArchiveRule -> TestTree
+requestDeleteArchiveRule =
+  req
+    "DeleteArchiveRule"
+    "fixture/DeleteArchiveRule.yaml"
+
+requestGetAccessPreview :: GetAccessPreview -> TestTree
+requestGetAccessPreview =
+  req
+    "GetAccessPreview"
+    "fixture/GetAccessPreview.yaml"
+
+requestGetAnalyzedResource :: GetAnalyzedResource -> TestTree
+requestGetAnalyzedResource =
+  req
+    "GetAnalyzedResource"
+    "fixture/GetAnalyzedResource.yaml"
+
+requestGetAnalyzer :: GetAnalyzer -> TestTree
+requestGetAnalyzer =
+  req
+    "GetAnalyzer"
+    "fixture/GetAnalyzer.yaml"
+
+requestGetArchiveRule :: GetArchiveRule -> TestTree
+requestGetArchiveRule =
+  req
+    "GetArchiveRule"
+    "fixture/GetArchiveRule.yaml"
+
+requestGetFinding :: GetFinding -> TestTree
+requestGetFinding =
+  req
+    "GetFinding"
+    "fixture/GetFinding.yaml"
+
+requestGetGeneratedPolicy :: GetGeneratedPolicy -> TestTree
+requestGetGeneratedPolicy =
+  req
+    "GetGeneratedPolicy"
+    "fixture/GetGeneratedPolicy.yaml"
+
+requestListAccessPreviewFindings :: ListAccessPreviewFindings -> TestTree
+requestListAccessPreviewFindings =
+  req
+    "ListAccessPreviewFindings"
+    "fixture/ListAccessPreviewFindings.yaml"
+
+requestListAccessPreviews :: ListAccessPreviews -> TestTree
+requestListAccessPreviews =
+  req
+    "ListAccessPreviews"
+    "fixture/ListAccessPreviews.yaml"
+
+requestListAnalyzedResources :: ListAnalyzedResources -> TestTree
+requestListAnalyzedResources =
+  req
+    "ListAnalyzedResources"
+    "fixture/ListAnalyzedResources.yaml"
+
+requestListAnalyzers :: ListAnalyzers -> TestTree
+requestListAnalyzers =
+  req
+    "ListAnalyzers"
+    "fixture/ListAnalyzers.yaml"
+
+requestListArchiveRules :: ListArchiveRules -> TestTree
+requestListArchiveRules =
+  req
+    "ListArchiveRules"
+    "fixture/ListArchiveRules.yaml"
+
+requestListFindings :: ListFindings -> TestTree
+requestListFindings =
+  req
+    "ListFindings"
+    "fixture/ListFindings.yaml"
+
+requestListPolicyGenerations :: ListPolicyGenerations -> TestTree
+requestListPolicyGenerations =
+  req
+    "ListPolicyGenerations"
+    "fixture/ListPolicyGenerations.yaml"
+
+requestListTagsForResource :: ListTagsForResource -> TestTree
+requestListTagsForResource =
+  req
+    "ListTagsForResource"
+    "fixture/ListTagsForResource.yaml"
+
+requestStartPolicyGeneration :: StartPolicyGeneration -> TestTree
+requestStartPolicyGeneration =
+  req
+    "StartPolicyGeneration"
+    "fixture/StartPolicyGeneration.yaml"
+
+requestStartResourceScan :: StartResourceScan -> TestTree
+requestStartResourceScan =
+  req
+    "StartResourceScan"
+    "fixture/StartResourceScan.yaml"
+
+requestTagResource :: TagResource -> TestTree
+requestTagResource =
+  req
+    "TagResource"
+    "fixture/TagResource.yaml"
+
+requestUntagResource :: UntagResource -> TestTree
+requestUntagResource =
+  req
+    "UntagResource"
+    "fixture/UntagResource.yaml"
+
+requestUpdateArchiveRule :: UpdateArchiveRule -> TestTree
+requestUpdateArchiveRule =
+  req
+    "UpdateArchiveRule"
+    "fixture/UpdateArchiveRule.yaml"
+
+requestUpdateFindings :: UpdateFindings -> TestTree
+requestUpdateFindings =
+  req
+    "UpdateFindings"
+    "fixture/UpdateFindings.yaml"
+
+requestValidatePolicy :: ValidatePolicy -> TestTree
+requestValidatePolicy =
+  req
+    "ValidatePolicy"
+    "fixture/ValidatePolicy.yaml"
+
+-- Responses
+
+responseApplyArchiveRule :: ApplyArchiveRuleResponse -> TestTree
+responseApplyArchiveRule =
+  res
+    "ApplyArchiveRuleResponse"
+    "fixture/ApplyArchiveRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ApplyArchiveRule)
+
+responseCancelPolicyGeneration :: CancelPolicyGenerationResponse -> TestTree
+responseCancelPolicyGeneration =
+  res
+    "CancelPolicyGenerationResponse"
+    "fixture/CancelPolicyGenerationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CancelPolicyGeneration)
+
+responseCreateAccessPreview :: CreateAccessPreviewResponse -> TestTree
+responseCreateAccessPreview =
+  res
+    "CreateAccessPreviewResponse"
+    "fixture/CreateAccessPreviewResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateAccessPreview)
+
+responseCreateAnalyzer :: CreateAnalyzerResponse -> TestTree
+responseCreateAnalyzer =
+  res
+    "CreateAnalyzerResponse"
+    "fixture/CreateAnalyzerResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateAnalyzer)
+
+responseCreateArchiveRule :: CreateArchiveRuleResponse -> TestTree
+responseCreateArchiveRule =
+  res
+    "CreateArchiveRuleResponse"
+    "fixture/CreateArchiveRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateArchiveRule)
+
+responseDeleteAnalyzer :: DeleteAnalyzerResponse -> TestTree
+responseDeleteAnalyzer =
+  res
+    "DeleteAnalyzerResponse"
+    "fixture/DeleteAnalyzerResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteAnalyzer)
+
+responseDeleteArchiveRule :: DeleteArchiveRuleResponse -> TestTree
+responseDeleteArchiveRule =
+  res
+    "DeleteArchiveRuleResponse"
+    "fixture/DeleteArchiveRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteArchiveRule)
+
+responseGetAccessPreview :: GetAccessPreviewResponse -> TestTree
+responseGetAccessPreview =
+  res
+    "GetAccessPreviewResponse"
+    "fixture/GetAccessPreviewResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetAccessPreview)
+
+responseGetAnalyzedResource :: GetAnalyzedResourceResponse -> TestTree
+responseGetAnalyzedResource =
+  res
+    "GetAnalyzedResourceResponse"
+    "fixture/GetAnalyzedResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetAnalyzedResource)
+
+responseGetAnalyzer :: GetAnalyzerResponse -> TestTree
+responseGetAnalyzer =
+  res
+    "GetAnalyzerResponse"
+    "fixture/GetAnalyzerResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetAnalyzer)
+
+responseGetArchiveRule :: GetArchiveRuleResponse -> TestTree
+responseGetArchiveRule =
+  res
+    "GetArchiveRuleResponse"
+    "fixture/GetArchiveRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetArchiveRule)
+
+responseGetFinding :: GetFindingResponse -> TestTree
+responseGetFinding =
+  res
+    "GetFindingResponse"
+    "fixture/GetFindingResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFinding)
+
+responseGetGeneratedPolicy :: GetGeneratedPolicyResponse -> TestTree
+responseGetGeneratedPolicy =
+  res
+    "GetGeneratedPolicyResponse"
+    "fixture/GetGeneratedPolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetGeneratedPolicy)
+
+responseListAccessPreviewFindings :: ListAccessPreviewFindingsResponse -> TestTree
+responseListAccessPreviewFindings =
+  res
+    "ListAccessPreviewFindingsResponse"
+    "fixture/ListAccessPreviewFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAccessPreviewFindings)
+
+responseListAccessPreviews :: ListAccessPreviewsResponse -> TestTree
+responseListAccessPreviews =
+  res
+    "ListAccessPreviewsResponse"
+    "fixture/ListAccessPreviewsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAccessPreviews)
+
+responseListAnalyzedResources :: ListAnalyzedResourcesResponse -> TestTree
+responseListAnalyzedResources =
+  res
+    "ListAnalyzedResourcesResponse"
+    "fixture/ListAnalyzedResourcesResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAnalyzedResources)
+
+responseListAnalyzers :: ListAnalyzersResponse -> TestTree
+responseListAnalyzers =
+  res
+    "ListAnalyzersResponse"
+    "fixture/ListAnalyzersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAnalyzers)
+
+responseListArchiveRules :: ListArchiveRulesResponse -> TestTree
+responseListArchiveRules =
+  res
+    "ListArchiveRulesResponse"
+    "fixture/ListArchiveRulesResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListArchiveRules)
+
+responseListFindings :: ListFindingsResponse -> TestTree
+responseListFindings =
+  res
+    "ListFindingsResponse"
+    "fixture/ListFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListFindings)
+
+responseListPolicyGenerations :: ListPolicyGenerationsResponse -> TestTree
+responseListPolicyGenerations =
+  res
+    "ListPolicyGenerationsResponse"
+    "fixture/ListPolicyGenerationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListPolicyGenerations)
+
+responseListTagsForResource :: ListTagsForResourceResponse -> TestTree
+responseListTagsForResource =
+  res
+    "ListTagsForResourceResponse"
+    "fixture/ListTagsForResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListTagsForResource)
+
+responseStartPolicyGeneration :: StartPolicyGenerationResponse -> TestTree
+responseStartPolicyGeneration =
+  res
+    "StartPolicyGenerationResponse"
+    "fixture/StartPolicyGenerationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy StartPolicyGeneration)
+
+responseStartResourceScan :: StartResourceScanResponse -> TestTree
+responseStartResourceScan =
+  res
+    "StartResourceScanResponse"
+    "fixture/StartResourceScanResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy StartResourceScan)
+
+responseTagResource :: TagResourceResponse -> TestTree
+responseTagResource =
+  res
+    "TagResourceResponse"
+    "fixture/TagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy TagResource)
+
+responseUntagResource :: UntagResourceResponse -> TestTree
+responseUntagResource =
+  res
+    "UntagResourceResponse"
+    "fixture/UntagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UntagResource)
+
+responseUpdateArchiveRule :: UpdateArchiveRuleResponse -> TestTree
+responseUpdateArchiveRule =
+  res
+    "UpdateArchiveRuleResponse"
+    "fixture/UpdateArchiveRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateArchiveRule)
+
+responseUpdateFindings :: UpdateFindingsResponse -> TestTree
+responseUpdateFindings =
+  res
+    "UpdateFindingsResponse"
+    "fixture/UpdateFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateFindings)
+
+responseValidatePolicy :: ValidatePolicyResponse -> TestTree
+responseValidatePolicy =
+  res
+    "ValidatePolicyResponse"
+    "fixture/ValidatePolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ValidatePolicy)
