diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 
 ## Version
 
-`1.4.5`
+`1.5.0`
 
 
 ## Description
diff --git a/amazonka-certificatemanager.cabal b/amazonka-certificatemanager.cabal
--- a/amazonka-certificatemanager.cabal
+++ b/amazonka-certificatemanager.cabal
@@ -1,13 +1,13 @@
 name:                  amazonka-certificatemanager
-version:               1.4.5
+version:               1.5.0
 synopsis:              Amazon Certificate Manager SDK.
 homepage:              https://github.com/brendanhay/amazonka
 bug-reports:           https://github.com/brendanhay/amazonka/issues
-license:               OtherLicense
+license:               MPL-2.0
 license-file:          LICENSE
 author:                Brendan Hay
-maintainer:            Brendan Hay <brendan.g.hay@gmail.com>
-copyright:             Copyright (c) 2013-2016 Brendan Hay
+maintainer:            Brendan Hay <brendan.g.hay+amazonka@gmail.com>
+copyright:             Copyright (c) 2013-2017 Brendan Hay
 category:              Network, AWS, Cloud, Distributed Computing
 build-type:            Simple
 cabal-version:         >= 1.10
@@ -29,14 +29,19 @@
     to get started.
 
 source-repository head
-    type:     git
-    location: git://github.com/brendanhay/amazonka.git
+    type:              git
+    location:          git://github.com/brendanhay/amazonka.git
+    subdir:            amazonka-certificatemanager
 
 library
     default-language:  Haskell2010
     hs-source-dirs:    src gen
 
-    ghc-options:       -Wall
+    ghc-options:
+        -Wall
+        -fwarn-incomplete-uni-patterns
+        -fwarn-incomplete-record-updates
+        -funbox-strict-fields
 
     exposed-modules:
           Network.AWS.CertificateManager
@@ -58,7 +63,7 @@
         , Network.AWS.CertificateManager.Types.Sum
 
     build-depends:
-          amazonka-core == 1.4.5.*
+          amazonka-core == 1.5.0.*
         , base          >= 4.7     && < 5
 
 test-suite amazonka-certificatemanager-test
@@ -78,9 +83,9 @@
         , Test.AWS.CertificateManager.Internal
 
     build-depends:
-          amazonka-core == 1.4.5.*
-        , amazonka-test == 1.4.5.*
-        , amazonka-certificatemanager == 1.4.5.*
+          amazonka-core == 1.5.0.*
+        , amazonka-test == 1.5.0.*
+        , amazonka-certificatemanager
         , base
         , bytestring
         , tasty
diff --git a/gen/Network/AWS/CertificateManager.hs b/gen/Network/AWS/CertificateManager.hs
--- a/gen/Network/AWS/CertificateManager.hs
+++ b/gen/Network/AWS/CertificateManager.hs
@@ -5,9 +5,9 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
@@ -96,12 +96,18 @@
     -- ** CertificateType
     , CertificateType (..)
 
+    -- ** DomainStatus
+    , DomainStatus (..)
+
     -- ** FailureReason
     , FailureReason (..)
 
     -- ** KeyAlgorithm
     , KeyAlgorithm (..)
 
+    -- ** RenewalStatus
+    , RenewalStatus (..)
+
     -- ** RevocationReason
     , RevocationReason (..)
 
@@ -121,6 +127,7 @@
     , cdNotBefore
     , cdRevocationReason
     , cdDomainName
+    , cdRenewalSummary
     , cdKeyAlgorithm
     , cdType
     , cdIssuedAt
@@ -139,6 +146,7 @@
     , DomainValidation
     , domainValidation
     , dvValidationEmails
+    , dvValidationStatus
     , dvValidationDomain
     , dvDomainName
 
@@ -148,6 +156,12 @@
     , dvoDomainName
     , dvoValidationDomain
 
+    -- ** RenewalSummary
+    , RenewalSummary
+    , renewalSummary
+    , rsRenewalStatus
+    , rsDomainValidationOptions
+
     -- ** Tag
     , Tag
     , tag
@@ -155,18 +169,18 @@
     , tagKey
     ) where
 
-import           Network.AWS.CertificateManager.AddTagsToCertificate
-import           Network.AWS.CertificateManager.DeleteCertificate
-import           Network.AWS.CertificateManager.DescribeCertificate
-import           Network.AWS.CertificateManager.GetCertificate
-import           Network.AWS.CertificateManager.ImportCertificate
-import           Network.AWS.CertificateManager.ListCertificates
-import           Network.AWS.CertificateManager.ListTagsForCertificate
-import           Network.AWS.CertificateManager.RemoveTagsFromCertificate
-import           Network.AWS.CertificateManager.RequestCertificate
-import           Network.AWS.CertificateManager.ResendValidationEmail
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Waiters
+import Network.AWS.CertificateManager.AddTagsToCertificate
+import Network.AWS.CertificateManager.DeleteCertificate
+import Network.AWS.CertificateManager.DescribeCertificate
+import Network.AWS.CertificateManager.GetCertificate
+import Network.AWS.CertificateManager.ImportCertificate
+import Network.AWS.CertificateManager.ListCertificates
+import Network.AWS.CertificateManager.ListTagsForCertificate
+import Network.AWS.CertificateManager.RemoveTagsFromCertificate
+import Network.AWS.CertificateManager.RequestCertificate
+import Network.AWS.CertificateManager.ResendValidationEmail
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Waiters
 
 {- $errors
 Error matchers are designed for use with the functions provided by
diff --git a/gen/Network/AWS/CertificateManager/AddTagsToCertificate.hs b/gen/Network/AWS/CertificateManager/AddTagsToCertificate.hs
--- a/gen/Network/AWS/CertificateManager/AddTagsToCertificate.hs
+++ b/gen/Network/AWS/CertificateManager/AddTagsToCertificate.hs
@@ -12,9 +12,9 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.AddTagsToCertificate
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
@@ -39,19 +39,20 @@
     , AddTagsToCertificateResponse
     ) where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Request
-import           Network.AWS.Response
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
 
 -- | /See:/ 'addTagsToCertificate' smart constructor.
 data AddTagsToCertificate = AddTagsToCertificate'
-    { _attcCertificateARN :: !Text
-    , _attcTags           :: !(List1 Tag)
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _attcCertificateARN :: !Text
+  , _attcTags           :: !(List1 Tag)
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'AddTagsToCertificate' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -64,11 +65,10 @@
     -> NonEmpty Tag -- ^ 'attcTags'
     -> AddTagsToCertificate
 addTagsToCertificate pCertificateARN_ pTags_ =
-    AddTagsToCertificate'
-    { _attcCertificateARN = pCertificateARN_
-    , _attcTags = _List1 # pTags_
-    }
+  AddTagsToCertificate'
+  {_attcCertificateARN = pCertificateARN_, _attcTags = _List1 # pTags_}
 
+
 -- | String that contains the ARN of the ACM Certificate to which the tag is to be applied. This must be of the form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
 attcCertificateARN :: Lens' AddTagsToCertificate Text
 attcCertificateARN = lens _attcCertificateARN (\ s a -> s{_attcCertificateARN = a});
@@ -83,9 +83,9 @@
         request = postJSON certificateManager
         response = receiveNull AddTagsToCertificateResponse'
 
-instance Hashable AddTagsToCertificate
+instance Hashable AddTagsToCertificate where
 
-instance NFData AddTagsToCertificate
+instance NFData AddTagsToCertificate where
 
 instance ToHeaders AddTagsToCertificate where
         toHeaders
@@ -112,13 +112,15 @@
 
 -- | /See:/ 'addTagsToCertificateResponse' smart constructor.
 data AddTagsToCertificateResponse =
-    AddTagsToCertificateResponse'
-    deriving (Eq,Read,Show,Data,Typeable,Generic)
+  AddTagsToCertificateResponse'
+  deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'AddTagsToCertificateResponse' with the minimum fields required to make a request.
 --
 addTagsToCertificateResponse
     :: AddTagsToCertificateResponse
 addTagsToCertificateResponse = AddTagsToCertificateResponse'
 
-instance NFData AddTagsToCertificateResponse
+
+instance NFData AddTagsToCertificateResponse where
diff --git a/gen/Network/AWS/CertificateManager/DeleteCertificate.hs b/gen/Network/AWS/CertificateManager/DeleteCertificate.hs
--- a/gen/Network/AWS/CertificateManager/DeleteCertificate.hs
+++ b/gen/Network/AWS/CertificateManager/DeleteCertificate.hs
@@ -12,9 +12,9 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.DeleteCertificate
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
@@ -34,18 +34,19 @@
     , DeleteCertificateResponse
     ) where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Request
-import           Network.AWS.Response
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
 
 -- | /See:/ 'deleteCertificate' smart constructor.
 newtype DeleteCertificate = DeleteCertificate'
-    { _dcCertificateARN :: Text
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _dcCertificateARN :: Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'DeleteCertificate' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -55,10 +56,9 @@
     :: Text -- ^ 'dcCertificateARN'
     -> DeleteCertificate
 deleteCertificate pCertificateARN_ =
-    DeleteCertificate'
-    { _dcCertificateARN = pCertificateARN_
-    }
+  DeleteCertificate' {_dcCertificateARN = pCertificateARN_}
 
+
 -- | String that contains the ARN of the ACM Certificate to be deleted. This must be of the form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
 dcCertificateARN :: Lens' DeleteCertificate Text
 dcCertificateARN = lens _dcCertificateARN (\ s a -> s{_dcCertificateARN = a});
@@ -68,9 +68,9 @@
         request = postJSON certificateManager
         response = receiveNull DeleteCertificateResponse'
 
-instance Hashable DeleteCertificate
+instance Hashable DeleteCertificate where
 
-instance NFData DeleteCertificate
+instance NFData DeleteCertificate where
 
 instance ToHeaders DeleteCertificate where
         toHeaders
@@ -96,13 +96,15 @@
 
 -- | /See:/ 'deleteCertificateResponse' smart constructor.
 data DeleteCertificateResponse =
-    DeleteCertificateResponse'
-    deriving (Eq,Read,Show,Data,Typeable,Generic)
+  DeleteCertificateResponse'
+  deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'DeleteCertificateResponse' with the minimum fields required to make a request.
 --
 deleteCertificateResponse
     :: DeleteCertificateResponse
 deleteCertificateResponse = DeleteCertificateResponse'
 
-instance NFData DeleteCertificateResponse
+
+instance NFData DeleteCertificateResponse where
diff --git a/gen/Network/AWS/CertificateManager/DescribeCertificate.hs b/gen/Network/AWS/CertificateManager/DescribeCertificate.hs
--- a/gen/Network/AWS/CertificateManager/DescribeCertificate.hs
+++ b/gen/Network/AWS/CertificateManager/DescribeCertificate.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.DescribeCertificate
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Returns a list of the fields contained in the specified ACM Certificate. For example, this action returns the certificate status, a flag that indicates whether the certificate is associated with any other AWS service, and the date at which the certificate request was created. You specify the ACM Certificate on input by its Amazon Resource Name (ARN).
+-- Returns detailed metadata about the specified ACM Certificate.
 --
 --
 module Network.AWS.CertificateManager.DescribeCertificate
@@ -37,32 +37,32 @@
     , dcrsResponseStatus
     ) where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Request
-import           Network.AWS.Response
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
 
 -- | /See:/ 'describeCertificate' smart constructor.
 newtype DescribeCertificate = DescribeCertificate'
-    { _dCertificateARN :: Text
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _dCertificateARN :: Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'DescribeCertificate' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dCertificateARN' - String that contains an ACM Certificate ARN. The ARN must be of the form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
+-- * 'dCertificateARN' - The Amazon Resource Name (ARN) of the ACM Certificate. The ARN must have the following form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
 describeCertificate
     :: Text -- ^ 'dCertificateARN'
     -> DescribeCertificate
 describeCertificate pCertificateARN_ =
-    DescribeCertificate'
-    { _dCertificateARN = pCertificateARN_
-    }
+  DescribeCertificate' {_dCertificateARN = pCertificateARN_}
 
--- | String that contains an ACM Certificate ARN. The ARN must be of the form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
+
+-- | The Amazon Resource Name (ARN) of the ACM Certificate. The ARN must have the following form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
 dCertificateARN :: Lens' DescribeCertificate Text
 dCertificateARN = lens _dCertificateARN (\ s a -> s{_dCertificateARN = a});
 
@@ -76,9 +76,9 @@
                  DescribeCertificateResponse' <$>
                    (x .?> "Certificate") <*> (pure (fromEnum s)))
 
-instance Hashable DescribeCertificate
+instance Hashable DescribeCertificate where
 
-instance NFData DescribeCertificate
+instance NFData DescribeCertificate where
 
 instance ToHeaders DescribeCertificate where
         toHeaders
@@ -104,27 +104,27 @@
 
 -- | /See:/ 'describeCertificateResponse' smart constructor.
 data DescribeCertificateResponse = DescribeCertificateResponse'
-    { _dcrsCertificate    :: !(Maybe CertificateDetail)
-    , _dcrsResponseStatus :: !Int
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _dcrsCertificate    :: !(Maybe CertificateDetail)
+  , _dcrsResponseStatus :: !Int
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'DescribeCertificateResponse' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dcrsCertificate' - Contains a 'CertificateDetail' structure that lists the fields of an ACM Certificate.
+-- * 'dcrsCertificate' - Metadata about an ACM certificate.
 --
 -- * 'dcrsResponseStatus' - -- | The response status code.
 describeCertificateResponse
     :: Int -- ^ 'dcrsResponseStatus'
     -> DescribeCertificateResponse
 describeCertificateResponse pResponseStatus_ =
-    DescribeCertificateResponse'
-    { _dcrsCertificate = Nothing
-    , _dcrsResponseStatus = pResponseStatus_
-    }
+  DescribeCertificateResponse'
+  {_dcrsCertificate = Nothing, _dcrsResponseStatus = pResponseStatus_}
 
--- | Contains a 'CertificateDetail' structure that lists the fields of an ACM Certificate.
+
+-- | Metadata about an ACM certificate.
 dcrsCertificate :: Lens' DescribeCertificateResponse (Maybe CertificateDetail)
 dcrsCertificate = lens _dcrsCertificate (\ s a -> s{_dcrsCertificate = a});
 
@@ -132,4 +132,4 @@
 dcrsResponseStatus :: Lens' DescribeCertificateResponse Int
 dcrsResponseStatus = lens _dcrsResponseStatus (\ s a -> s{_dcrsResponseStatus = a});
 
-instance NFData DescribeCertificateResponse
+instance NFData DescribeCertificateResponse where
diff --git a/gen/Network/AWS/CertificateManager/GetCertificate.hs b/gen/Network/AWS/CertificateManager/GetCertificate.hs
--- a/gen/Network/AWS/CertificateManager/GetCertificate.hs
+++ b/gen/Network/AWS/CertificateManager/GetCertificate.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.GetCertificate
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Retrieves an ACM Certificate and certificate chain for the certificate specified by an ARN. The chain is an ordered list of certificates that contains the root certificate, intermediate certificates of subordinate CAs, and the ACM Certificate. The certificate and certificate chain are base64 encoded. If you want to decode the certificate chain to see the individual certificate fields, you can use OpenSSL.
+-- Retrieves an ACM Certificate and certificate chain for the certificate specified by an ARN. The chain is an ordered list of certificates that contains the ACM Certificate, intermediate certificates of subordinate CAs, and the root certificate in that order. The certificate and certificate chain are base64 encoded. If you want to decode the certificate chain to see the individual certificate fields, you can use OpenSSL.
 --
 --
 module Network.AWS.CertificateManager.GetCertificate
@@ -38,18 +38,19 @@
     , gcrsResponseStatus
     ) where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Request
-import           Network.AWS.Response
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
 
 -- | /See:/ 'getCertificate' smart constructor.
 newtype GetCertificate = GetCertificate'
-    { _gcCertificateARN :: Text
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _gcCertificateARN :: Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'GetCertificate' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -59,10 +60,9 @@
     :: Text -- ^ 'gcCertificateARN'
     -> GetCertificate
 getCertificate pCertificateARN_ =
-    GetCertificate'
-    { _gcCertificateARN = pCertificateARN_
-    }
+  GetCertificate' {_gcCertificateARN = pCertificateARN_}
 
+
 -- | String that contains a certificate ARN in the following format: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
 gcCertificateARN :: Lens' GetCertificate Text
 gcCertificateARN = lens _gcCertificateARN (\ s a -> s{_gcCertificateARN = a});
@@ -77,9 +77,9 @@
                    (x .?> "Certificate") <*> (x .?> "CertificateChain")
                      <*> (pure (fromEnum s)))
 
-instance Hashable GetCertificate
+instance Hashable GetCertificate where
 
-instance NFData GetCertificate
+instance NFData GetCertificate where
 
 instance ToHeaders GetCertificate where
         toHeaders
@@ -104,11 +104,12 @@
 
 -- | /See:/ 'getCertificateResponse' smart constructor.
 data GetCertificateResponse = GetCertificateResponse'
-    { _gcrsCertificate      :: !(Maybe Text)
-    , _gcrsCertificateChain :: !(Maybe Text)
-    , _gcrsResponseStatus   :: !Int
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _gcrsCertificate      :: !(Maybe Text)
+  , _gcrsCertificateChain :: !(Maybe Text)
+  , _gcrsResponseStatus   :: !Int
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'GetCertificateResponse' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -122,12 +123,13 @@
     :: Int -- ^ 'gcrsResponseStatus'
     -> GetCertificateResponse
 getCertificateResponse pResponseStatus_ =
-    GetCertificateResponse'
-    { _gcrsCertificate = Nothing
-    , _gcrsCertificateChain = Nothing
-    , _gcrsResponseStatus = pResponseStatus_
-    }
+  GetCertificateResponse'
+  { _gcrsCertificate = Nothing
+  , _gcrsCertificateChain = Nothing
+  , _gcrsResponseStatus = pResponseStatus_
+  }
 
+
 -- | String that contains the ACM Certificate represented by the ARN specified at input.
 gcrsCertificate :: Lens' GetCertificateResponse (Maybe Text)
 gcrsCertificate = lens _gcrsCertificate (\ s a -> s{_gcrsCertificate = a});
@@ -140,4 +142,4 @@
 gcrsResponseStatus :: Lens' GetCertificateResponse Int
 gcrsResponseStatus = lens _gcrsResponseStatus (\ s a -> s{_gcrsResponseStatus = a});
 
-instance NFData GetCertificateResponse
+instance NFData GetCertificateResponse where
diff --git a/gen/Network/AWS/CertificateManager/ImportCertificate.hs b/gen/Network/AWS/CertificateManager/ImportCertificate.hs
--- a/gen/Network/AWS/CertificateManager/ImportCertificate.hs
+++ b/gen/Network/AWS/CertificateManager/ImportCertificate.hs
@@ -12,9 +12,9 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.ImportCertificate
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
@@ -29,6 +29,8 @@
 --
 -- To import a new certificate, omit the @CertificateArn@ field. Include this field only when you want to replace a previously imported certificate.
 --
+-- When you import a certificate by using the CLI or one of the SDKs, you must specify the certificate, chain, and private key parameters as file names preceded by @file://@ . For example, you can specify a certificate saved in the @C:\temp@ folder as @C:\temp\certificate_to_import.pem@ . If you are making an HTTP or HTTPS Query request, include these parameters as BLOBs.
+--
 -- This operation returns the <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)> of the imported certificate.
 --
 module Network.AWS.CertificateManager.ImportCertificate
@@ -50,21 +52,22 @@
     , icrsResponseStatus
     ) where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Request
-import           Network.AWS.Response
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
 
 -- | /See:/ 'importCertificate' smart constructor.
 data ImportCertificate = ImportCertificate'
-    { _icCertificateARN   :: !(Maybe Text)
-    , _icCertificateChain :: !(Maybe Base64)
-    , _icCertificate      :: !Base64
-    , _icPrivateKey       :: !(Sensitive Base64)
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _icCertificateARN   :: !(Maybe Text)
+  , _icCertificateChain :: !(Maybe Base64)
+  , _icCertificate      :: !Base64
+  , _icPrivateKey       :: !(Sensitive Base64)
+  } deriving (Eq, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'ImportCertificate' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -81,13 +84,14 @@
     -> ByteString -- ^ 'icPrivateKey'
     -> ImportCertificate
 importCertificate pCertificate_ pPrivateKey_ =
-    ImportCertificate'
-    { _icCertificateARN = Nothing
-    , _icCertificateChain = Nothing
-    , _icCertificate = _Base64 # pCertificate_
-    , _icPrivateKey = _Sensitive . _Base64 # pPrivateKey_
-    }
+  ImportCertificate'
+  { _icCertificateARN = Nothing
+  , _icCertificateChain = Nothing
+  , _icCertificate = _Base64 # pCertificate_
+  , _icPrivateKey = _Sensitive . _Base64 # pPrivateKey_
+  }
 
+
 -- | The <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)> of an imported certificate to replace. To import a new certificate, omit this field.
 icCertificateARN :: Lens' ImportCertificate (Maybe Text)
 icCertificateARN = lens _icCertificateARN (\ s a -> s{_icCertificateARN = a});
@@ -113,9 +117,9 @@
                  ImportCertificateResponse' <$>
                    (x .?> "CertificateArn") <*> (pure (fromEnum s)))
 
-instance Hashable ImportCertificate
+instance Hashable ImportCertificate where
 
-instance NFData ImportCertificate
+instance NFData ImportCertificate where
 
 instance ToHeaders ImportCertificate where
         toHeaders
@@ -144,10 +148,11 @@
 
 -- | /See:/ 'importCertificateResponse' smart constructor.
 data ImportCertificateResponse = ImportCertificateResponse'
-    { _icrsCertificateARN :: !(Maybe Text)
-    , _icrsResponseStatus :: !Int
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _icrsCertificateARN :: !(Maybe Text)
+  , _icrsResponseStatus :: !Int
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'ImportCertificateResponse' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -159,11 +164,10 @@
     :: Int -- ^ 'icrsResponseStatus'
     -> ImportCertificateResponse
 importCertificateResponse pResponseStatus_ =
-    ImportCertificateResponse'
-    { _icrsCertificateARN = Nothing
-    , _icrsResponseStatus = pResponseStatus_
-    }
+  ImportCertificateResponse'
+  {_icrsCertificateARN = Nothing, _icrsResponseStatus = pResponseStatus_}
 
+
 -- | The <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)> of the imported certificate.
 icrsCertificateARN :: Lens' ImportCertificateResponse (Maybe Text)
 icrsCertificateARN = lens _icrsCertificateARN (\ s a -> s{_icrsCertificateARN = a});
@@ -172,4 +176,4 @@
 icrsResponseStatus :: Lens' ImportCertificateResponse Int
 icrsResponseStatus = lens _icrsResponseStatus (\ s a -> s{_icrsResponseStatus = a});
 
-instance NFData ImportCertificateResponse
+instance NFData ImportCertificateResponse where
diff --git a/gen/Network/AWS/CertificateManager/ListCertificates.hs b/gen/Network/AWS/CertificateManager/ListCertificates.hs
--- a/gen/Network/AWS/CertificateManager/ListCertificates.hs
+++ b/gen/Network/AWS/CertificateManager/ListCertificates.hs
@@ -12,9 +12,9 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.ListCertificates
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
@@ -42,21 +42,22 @@
     , lcrsResponseStatus
     ) where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.Lens
-import           Network.AWS.Pager
-import           Network.AWS.Prelude
-import           Network.AWS.Request
-import           Network.AWS.Response
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Pager
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
 
 -- | /See:/ 'listCertificates' smart constructor.
 data ListCertificates = ListCertificates'
-    { _lcCertificateStatuses :: !(Maybe [CertificateStatus])
-    , _lcNextToken           :: !(Maybe Text)
-    , _lcMaxItems            :: !(Maybe Nat)
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _lcCertificateStatuses :: !(Maybe [CertificateStatus])
+  , _lcNextToken           :: !(Maybe Text)
+  , _lcMaxItems            :: !(Maybe Nat)
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'ListCertificates' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -69,12 +70,13 @@
 listCertificates
     :: ListCertificates
 listCertificates =
-    ListCertificates'
-    { _lcCertificateStatuses = Nothing
-    , _lcNextToken = Nothing
-    , _lcMaxItems = Nothing
-    }
+  ListCertificates'
+  { _lcCertificateStatuses = Nothing
+  , _lcNextToken = Nothing
+  , _lcMaxItems = Nothing
+  }
 
+
 -- | The status or statuses on which to filter the list of ACM Certificates.
 lcCertificateStatuses :: Lens' ListCertificates [CertificateStatus]
 lcCertificateStatuses = lens _lcCertificateStatuses (\ s a -> s{_lcCertificateStatuses = a}) . _Default . _Coerce;
@@ -105,9 +107,9 @@
                      (x .?> "NextToken")
                      <*> (pure (fromEnum s)))
 
-instance Hashable ListCertificates
+instance Hashable ListCertificates where
 
-instance NFData ListCertificates
+instance NFData ListCertificates where
 
 instance ToHeaders ListCertificates where
         toHeaders
@@ -136,11 +138,12 @@
 
 -- | /See:/ 'listCertificatesResponse' smart constructor.
 data ListCertificatesResponse = ListCertificatesResponse'
-    { _lcrsCertificateSummaryList :: !(Maybe [CertificateSummary])
-    , _lcrsNextToken              :: !(Maybe Text)
-    , _lcrsResponseStatus         :: !Int
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _lcrsCertificateSummaryList :: !(Maybe [CertificateSummary])
+  , _lcrsNextToken              :: !(Maybe Text)
+  , _lcrsResponseStatus         :: !Int
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'ListCertificatesResponse' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -154,12 +157,13 @@
     :: Int -- ^ 'lcrsResponseStatus'
     -> ListCertificatesResponse
 listCertificatesResponse pResponseStatus_ =
-    ListCertificatesResponse'
-    { _lcrsCertificateSummaryList = Nothing
-    , _lcrsNextToken = Nothing
-    , _lcrsResponseStatus = pResponseStatus_
-    }
+  ListCertificatesResponse'
+  { _lcrsCertificateSummaryList = Nothing
+  , _lcrsNextToken = Nothing
+  , _lcrsResponseStatus = pResponseStatus_
+  }
 
+
 -- | A list of ACM Certificates.
 lcrsCertificateSummaryList :: Lens' ListCertificatesResponse [CertificateSummary]
 lcrsCertificateSummaryList = lens _lcrsCertificateSummaryList (\ s a -> s{_lcrsCertificateSummaryList = a}) . _Default . _Coerce;
@@ -172,4 +176,4 @@
 lcrsResponseStatus :: Lens' ListCertificatesResponse Int
 lcrsResponseStatus = lens _lcrsResponseStatus (\ s a -> s{_lcrsResponseStatus = a});
 
-instance NFData ListCertificatesResponse
+instance NFData ListCertificatesResponse where
diff --git a/gen/Network/AWS/CertificateManager/ListTagsForCertificate.hs b/gen/Network/AWS/CertificateManager/ListTagsForCertificate.hs
--- a/gen/Network/AWS/CertificateManager/ListTagsForCertificate.hs
+++ b/gen/Network/AWS/CertificateManager/ListTagsForCertificate.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.ListTagsForCertificate
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Lists the tags that have been applied to the ACM Certificate. Use the certificate ARN to specify the certificate. To add a tag to an ACM Certificate, use the 'AddTagsToCertificate' action. To delete a tag, use the 'RemoveTagsFromCertificate' action.
+-- Lists the tags that have been applied to the ACM Certificate. Use the certificate's Amazon Resource Name (ARN) to specify the certificate. To add a tag to an ACM Certificate, use the 'AddTagsToCertificate' action. To delete a tag, use the 'RemoveTagsFromCertificate' action.
 --
 --
 module Network.AWS.CertificateManager.ListTagsForCertificate
@@ -37,32 +37,32 @@
     , ltfcrsResponseStatus
     ) where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Request
-import           Network.AWS.Response
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
 
 -- | /See:/ 'listTagsForCertificate' smart constructor.
 newtype ListTagsForCertificate = ListTagsForCertificate'
-    { _ltfcCertificateARN :: Text
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _ltfcCertificateARN :: Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'ListTagsForCertificate' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'ltfcCertificateARN' - String that contains the ARN of the ACM Certificate for which you want to list the tags. This must be of the form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
+-- * 'ltfcCertificateARN' - String that contains the ARN of the ACM Certificate for which you want to list the tags. This has the following form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
 listTagsForCertificate
     :: Text -- ^ 'ltfcCertificateARN'
     -> ListTagsForCertificate
 listTagsForCertificate pCertificateARN_ =
-    ListTagsForCertificate'
-    { _ltfcCertificateARN = pCertificateARN_
-    }
+  ListTagsForCertificate' {_ltfcCertificateARN = pCertificateARN_}
 
--- | String that contains the ARN of the ACM Certificate for which you want to list the tags. This must be of the form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
+
+-- | String that contains the ARN of the ACM Certificate for which you want to list the tags. This has the following form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
 ltfcCertificateARN :: Lens' ListTagsForCertificate Text
 ltfcCertificateARN = lens _ltfcCertificateARN (\ s a -> s{_ltfcCertificateARN = a});
 
@@ -76,9 +76,9 @@
                  ListTagsForCertificateResponse' <$>
                    (x .?> "Tags") <*> (pure (fromEnum s)))
 
-instance Hashable ListTagsForCertificate
+instance Hashable ListTagsForCertificate where
 
-instance NFData ListTagsForCertificate
+instance NFData ListTagsForCertificate where
 
 instance ToHeaders ListTagsForCertificate where
         toHeaders
@@ -104,10 +104,11 @@
 
 -- | /See:/ 'listTagsForCertificateResponse' smart constructor.
 data ListTagsForCertificateResponse = ListTagsForCertificateResponse'
-    { _ltfcrsTags           :: !(Maybe (List1 Tag))
-    , _ltfcrsResponseStatus :: !Int
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _ltfcrsTags           :: !(Maybe (List1 Tag))
+  , _ltfcrsResponseStatus :: !Int
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'ListTagsForCertificateResponse' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -119,11 +120,10 @@
     :: Int -- ^ 'ltfcrsResponseStatus'
     -> ListTagsForCertificateResponse
 listTagsForCertificateResponse pResponseStatus_ =
-    ListTagsForCertificateResponse'
-    { _ltfcrsTags = Nothing
-    , _ltfcrsResponseStatus = pResponseStatus_
-    }
+  ListTagsForCertificateResponse'
+  {_ltfcrsTags = Nothing, _ltfcrsResponseStatus = pResponseStatus_}
 
+
 -- | The key-value pairs that define the applied tags.
 ltfcrsTags :: Lens' ListTagsForCertificateResponse (Maybe (NonEmpty Tag))
 ltfcrsTags = lens _ltfcrsTags (\ s a -> s{_ltfcrsTags = a}) . mapping _List1;
@@ -132,4 +132,4 @@
 ltfcrsResponseStatus :: Lens' ListTagsForCertificateResponse Int
 ltfcrsResponseStatus = lens _ltfcrsResponseStatus (\ s a -> s{_ltfcrsResponseStatus = a});
 
-instance NFData ListTagsForCertificateResponse
+instance NFData ListTagsForCertificateResponse where
diff --git a/gen/Network/AWS/CertificateManager/RemoveTagsFromCertificate.hs b/gen/Network/AWS/CertificateManager/RemoveTagsFromCertificate.hs
--- a/gen/Network/AWS/CertificateManager/RemoveTagsFromCertificate.hs
+++ b/gen/Network/AWS/CertificateManager/RemoveTagsFromCertificate.hs
@@ -12,9 +12,9 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.RemoveTagsFromCertificate
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
@@ -37,19 +37,20 @@
     , RemoveTagsFromCertificateResponse
     ) where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Request
-import           Network.AWS.Response
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
 
 -- | /See:/ 'removeTagsFromCertificate' smart constructor.
 data RemoveTagsFromCertificate = RemoveTagsFromCertificate'
-    { _rtfcCertificateARN :: !Text
-    , _rtfcTags           :: !(List1 Tag)
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _rtfcCertificateARN :: !Text
+  , _rtfcTags           :: !(List1 Tag)
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'RemoveTagsFromCertificate' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -62,11 +63,10 @@
     -> NonEmpty Tag -- ^ 'rtfcTags'
     -> RemoveTagsFromCertificate
 removeTagsFromCertificate pCertificateARN_ pTags_ =
-    RemoveTagsFromCertificate'
-    { _rtfcCertificateARN = pCertificateARN_
-    , _rtfcTags = _List1 # pTags_
-    }
+  RemoveTagsFromCertificate'
+  {_rtfcCertificateARN = pCertificateARN_, _rtfcTags = _List1 # pTags_}
 
+
 -- | String that contains the ARN of the ACM Certificate with one or more tags that you want to remove. This must be of the form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
 rtfcCertificateARN :: Lens' RemoveTagsFromCertificate Text
 rtfcCertificateARN = lens _rtfcCertificateARN (\ s a -> s{_rtfcCertificateARN = a});
@@ -82,9 +82,9 @@
         response
           = receiveNull RemoveTagsFromCertificateResponse'
 
-instance Hashable RemoveTagsFromCertificate
+instance Hashable RemoveTagsFromCertificate where
 
-instance NFData RemoveTagsFromCertificate
+instance NFData RemoveTagsFromCertificate where
 
 instance ToHeaders RemoveTagsFromCertificate where
         toHeaders
@@ -111,13 +111,16 @@
 
 -- | /See:/ 'removeTagsFromCertificateResponse' smart constructor.
 data RemoveTagsFromCertificateResponse =
-    RemoveTagsFromCertificateResponse'
-    deriving (Eq,Read,Show,Data,Typeable,Generic)
+  RemoveTagsFromCertificateResponse'
+  deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'RemoveTagsFromCertificateResponse' with the minimum fields required to make a request.
 --
 removeTagsFromCertificateResponse
     :: RemoveTagsFromCertificateResponse
 removeTagsFromCertificateResponse = RemoveTagsFromCertificateResponse'
 
+
 instance NFData RemoveTagsFromCertificateResponse
+         where
diff --git a/gen/Network/AWS/CertificateManager/RequestCertificate.hs b/gen/Network/AWS/CertificateManager/RequestCertificate.hs
--- a/gen/Network/AWS/CertificateManager/RequestCertificate.hs
+++ b/gen/Network/AWS/CertificateManager/RequestCertificate.hs
@@ -12,15 +12,19 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.RequestCertificate
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Requests an ACM Certificate for use with other AWS services. To request an ACM Certificate, you must specify the fully qualified domain name (FQDN) for your site. You can also specify additional FQDNs if users can reach your site by using other names. For each domain name you specify, email is sent to the domain owner to request approval to issue the certificate. After receiving approval from the domain owner, the ACM Certificate is issued. For more information, see the <http://docs.aws.amazon.com/acm/latest/userguide/ AWS Certificate Manager User Guide> .
+-- Requests an ACM Certificate for use with other AWS services. To request an ACM Certificate, you must specify the fully qualified domain name (FQDN) for your site in the @DomainName@ parameter. You can also specify additional FQDNs in the @SubjectAlternativeNames@ parameter if users can reach your site by using other names.
 --
 --
+-- For each domain name you specify, email is sent to the domain owner to request approval to issue the certificate. Email is sent to three registered contact addresses in the WHOIS database and to five common system administration addresses formed from the @DomainName@ you enter or the optional @ValidationDomain@ parameter. For more information, see <http://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate.html Validate Domain Ownership> .
+--
+-- After receiving approval from the domain owner, the ACM Certificate is issued. For more information, see the <http://docs.aws.amazon.com/acm/latest/userguide/ AWS Certificate Manager User Guide> .
+--
 module Network.AWS.CertificateManager.RequestCertificate
     (
     -- * Creating a Request
@@ -40,56 +44,58 @@
     , rcrsResponseStatus
     ) where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Request
-import           Network.AWS.Response
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
 
 -- | /See:/ 'requestCertificate' smart constructor.
 data RequestCertificate = RequestCertificate'
-    { _rcIdempotencyToken        :: !(Maybe Text)
-    , _rcSubjectAlternativeNames :: !(Maybe (List1 Text))
-    , _rcDomainValidationOptions :: !(Maybe (List1 DomainValidationOption))
-    , _rcDomainName              :: !Text
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _rcIdempotencyToken        :: !(Maybe Text)
+  , _rcSubjectAlternativeNames :: !(Maybe (List1 Text))
+  , _rcDomainValidationOptions :: !(Maybe (List1 DomainValidationOption))
+  , _rcDomainName              :: !Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'RequestCertificate' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
 -- * 'rcIdempotencyToken' - Customer chosen string that can be used to distinguish between calls to @RequestCertificate@ . Idempotency tokens time out after one hour. Therefore, if you call @RequestCertificate@ multiple times with the same idempotency token within one hour, ACM recognizes that you are requesting only one certificate and will issue only one. If you change the idempotency token for each call, ACM recognizes that you are requesting multiple certificates.
 --
--- * 'rcSubjectAlternativeNames' - Additional FQDNs to be included in the Subject Alternative Name extension of the ACM Certificate. For example, add the name www.example.net to a certificate for which the @DomainName@ field is www.example.com if users can reach your site by using either name.
+-- * 'rcSubjectAlternativeNames' - Additional FQDNs to be included in the Subject Alternative Name extension of the ACM Certificate. For example, add the name www.example.net to a certificate for which the @DomainName@ field is www.example.com if users can reach your site by using either name. The maximum number of domain names that you can add to an ACM Certificate is 100. However, the initial limit is 10 domain names. If you need more than 10 names, you must request a limit increase. For more information, see <http://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html Limits> .
 --
--- * 'rcDomainValidationOptions' - The base validation domain that will act as the suffix of the email addresses that are used to send the emails. This must be the same as the @Domain@ value or a superdomain of the @Domain@ value. For example, if you requested a certificate for @test.example.com@ and specify __DomainValidationOptions__ of @example.com@ , ACM sends email to the domain registrant, technical contact, and administrative contact in WHOIS and the following five addresses:     * admin@example.com     * administrator@example.com     * hostmaster@example.com     * postmaster@example.com     * webmaster@example.com
+-- * 'rcDomainValidationOptions' - The domain name that you want ACM to use to send you emails to validate your ownership of the domain.
 --
--- * 'rcDomainName' - Fully qualified domain name (FQDN), such as www.example.com, of the site you want to secure with an ACM Certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com.
+-- * 'rcDomainName' - Fully qualified domain name (FQDN), such as www.example.com, of the site that you want to secure with an ACM Certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com.  The maximum length of a DNS name is 253 octets. The name is made up of multiple labels separated by periods. No label can be longer than 63 octets. Consider the following examples:  @(63 octets).(63 octets).(63 octets).(61 octets)@ is legal because the total length is 253 octets (63+1+63+1+63+1+61) and no label exceeds 63 octets.  @(64 octets).(63 octets).(63 octets).(61 octets)@ is not legal because the total length exceeds 253 octets (64+1+63+1+63+1+61) and the first label exceeds 63 octets.  @(63 octets).(63 octets).(63 octets).(62 octets)@ is not legal because the total length of the DNS name (63+1+63+1+63+1+62) exceeds 253 octets.
 requestCertificate
     :: Text -- ^ 'rcDomainName'
     -> RequestCertificate
 requestCertificate pDomainName_ =
-    RequestCertificate'
-    { _rcIdempotencyToken = Nothing
-    , _rcSubjectAlternativeNames = Nothing
-    , _rcDomainValidationOptions = Nothing
-    , _rcDomainName = pDomainName_
-    }
+  RequestCertificate'
+  { _rcIdempotencyToken = Nothing
+  , _rcSubjectAlternativeNames = Nothing
+  , _rcDomainValidationOptions = Nothing
+  , _rcDomainName = pDomainName_
+  }
 
+
 -- | Customer chosen string that can be used to distinguish between calls to @RequestCertificate@ . Idempotency tokens time out after one hour. Therefore, if you call @RequestCertificate@ multiple times with the same idempotency token within one hour, ACM recognizes that you are requesting only one certificate and will issue only one. If you change the idempotency token for each call, ACM recognizes that you are requesting multiple certificates.
 rcIdempotencyToken :: Lens' RequestCertificate (Maybe Text)
 rcIdempotencyToken = lens _rcIdempotencyToken (\ s a -> s{_rcIdempotencyToken = a});
 
--- | Additional FQDNs to be included in the Subject Alternative Name extension of the ACM Certificate. For example, add the name www.example.net to a certificate for which the @DomainName@ field is www.example.com if users can reach your site by using either name.
+-- | Additional FQDNs to be included in the Subject Alternative Name extension of the ACM Certificate. For example, add the name www.example.net to a certificate for which the @DomainName@ field is www.example.com if users can reach your site by using either name. The maximum number of domain names that you can add to an ACM Certificate is 100. However, the initial limit is 10 domain names. If you need more than 10 names, you must request a limit increase. For more information, see <http://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html Limits> .
 rcSubjectAlternativeNames :: Lens' RequestCertificate (Maybe (NonEmpty Text))
 rcSubjectAlternativeNames = lens _rcSubjectAlternativeNames (\ s a -> s{_rcSubjectAlternativeNames = a}) . mapping _List1;
 
--- | The base validation domain that will act as the suffix of the email addresses that are used to send the emails. This must be the same as the @Domain@ value or a superdomain of the @Domain@ value. For example, if you requested a certificate for @test.example.com@ and specify __DomainValidationOptions__ of @example.com@ , ACM sends email to the domain registrant, technical contact, and administrative contact in WHOIS and the following five addresses:     * admin@example.com     * administrator@example.com     * hostmaster@example.com     * postmaster@example.com     * webmaster@example.com
+-- | The domain name that you want ACM to use to send you emails to validate your ownership of the domain.
 rcDomainValidationOptions :: Lens' RequestCertificate (Maybe (NonEmpty DomainValidationOption))
 rcDomainValidationOptions = lens _rcDomainValidationOptions (\ s a -> s{_rcDomainValidationOptions = a}) . mapping _List1;
 
--- | Fully qualified domain name (FQDN), such as www.example.com, of the site you want to secure with an ACM Certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com.
+-- | Fully qualified domain name (FQDN), such as www.example.com, of the site that you want to secure with an ACM Certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com.  The maximum length of a DNS name is 253 octets. The name is made up of multiple labels separated by periods. No label can be longer than 63 octets. Consider the following examples:  @(63 octets).(63 octets).(63 octets).(61 octets)@ is legal because the total length is 253 octets (63+1+63+1+63+1+61) and no label exceeds 63 octets.  @(64 octets).(63 octets).(63 octets).(61 octets)@ is not legal because the total length exceeds 253 octets (64+1+63+1+63+1+61) and the first label exceeds 63 octets.  @(63 octets).(63 octets).(63 octets).(62 octets)@ is not legal because the total length of the DNS name (63+1+63+1+63+1+62) exceeds 253 octets.
 rcDomainName :: Lens' RequestCertificate Text
 rcDomainName = lens _rcDomainName (\ s a -> s{_rcDomainName = a});
 
@@ -103,9 +109,9 @@
                  RequestCertificateResponse' <$>
                    (x .?> "CertificateArn") <*> (pure (fromEnum s)))
 
-instance Hashable RequestCertificate
+instance Hashable RequestCertificate where
 
-instance NFData RequestCertificate
+instance NFData RequestCertificate where
 
 instance ToHeaders RequestCertificate where
         toHeaders
@@ -136,10 +142,11 @@
 
 -- | /See:/ 'requestCertificateResponse' smart constructor.
 data RequestCertificateResponse = RequestCertificateResponse'
-    { _rcrsCertificateARN :: !(Maybe Text)
-    , _rcrsResponseStatus :: !Int
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _rcrsCertificateARN :: !(Maybe Text)
+  , _rcrsResponseStatus :: !Int
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'RequestCertificateResponse' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -151,11 +158,10 @@
     :: Int -- ^ 'rcrsResponseStatus'
     -> RequestCertificateResponse
 requestCertificateResponse pResponseStatus_ =
-    RequestCertificateResponse'
-    { _rcrsCertificateARN = Nothing
-    , _rcrsResponseStatus = pResponseStatus_
-    }
+  RequestCertificateResponse'
+  {_rcrsCertificateARN = Nothing, _rcrsResponseStatus = pResponseStatus_}
 
+
 -- | String that contains the ARN of the issued certificate. This must be of the form: @arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012@
 rcrsCertificateARN :: Lens' RequestCertificateResponse (Maybe Text)
 rcrsCertificateARN = lens _rcrsCertificateARN (\ s a -> s{_rcrsCertificateARN = a});
@@ -164,4 +170,4 @@
 rcrsResponseStatus :: Lens' RequestCertificateResponse Int
 rcrsResponseStatus = lens _rcrsResponseStatus (\ s a -> s{_rcrsResponseStatus = a});
 
-instance NFData RequestCertificateResponse
+instance NFData RequestCertificateResponse where
diff --git a/gen/Network/AWS/CertificateManager/ResendValidationEmail.hs b/gen/Network/AWS/CertificateManager/ResendValidationEmail.hs
--- a/gen/Network/AWS/CertificateManager/ResendValidationEmail.hs
+++ b/gen/Network/AWS/CertificateManager/ResendValidationEmail.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.ResendValidationEmail
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Resends the email that requests domain ownership validation. The domain owner or an authorized representative must approve the ACM Certificate before it can be issued. The certificate can be approved by clicking a link in the mail to navigate to the Amazon certificate approval website and then clicking __I Approve__ . However, the validation email can be blocked by spam filters. Therefore, if you do not receive the original mail, you can request that the mail be resent within 72 hours of requesting the ACM Certificate. If more than 72 hours have elapsed since your original request or since your last attempt to resend validation mail, you must request a new certificate.
+-- Resends the email that requests domain ownership validation. The domain owner or an authorized representative must approve the ACM Certificate before it can be issued. The certificate can be approved by clicking a link in the mail to navigate to the Amazon certificate approval website and then clicking __I Approve__ . However, the validation email can be blocked by spam filters. Therefore, if you do not receive the original mail, you can request that the mail be resent within 72 hours of requesting the ACM Certificate. If more than 72 hours have elapsed since your original request or since your last attempt to resend validation mail, you must request a new certificate. For more information about setting up your contact email addresses, see <http://docs.aws.amazon.com/acm/latest/userguide/setup-email.html Configure Email for your Domain> .
 --
 --
 module Network.AWS.CertificateManager.ResendValidationEmail
@@ -36,27 +36,28 @@
     , ResendValidationEmailResponse
     ) where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Request
-import           Network.AWS.Response
+import Network.AWS.CertificateManager.Types
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
 
 -- | /See:/ 'resendValidationEmail' smart constructor.
 data ResendValidationEmail = ResendValidationEmail'
-    { _rveCertificateARN   :: !Text
-    , _rveDomain           :: !Text
-    , _rveValidationDomain :: !Text
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _rveCertificateARN   :: !Text
+  , _rveDomain           :: !Text
+  , _rveValidationDomain :: !Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'ResendValidationEmail' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
 -- * 'rveCertificateARN' - String that contains the ARN of the requested certificate. The certificate ARN is generated and returned by the 'RequestCertificate' action as soon as the request is made. By default, using this parameter causes email to be sent to all top-level domains you specified in the certificate request. The ARN must be of the form: @arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012@
 --
--- * 'rveDomain' - The Fully Qualified Domain Name (FQDN) of the certificate that needs to be validated.
+-- * 'rveDomain' - The fully qualified domain name (FQDN) of the certificate that needs to be validated.
 --
 -- * 'rveValidationDomain' - The base validation domain that will act as the suffix of the email addresses that are used to send the emails. This must be the same as the @Domain@ value or a superdomain of the @Domain@ value. For example, if you requested a certificate for @site.subdomain.example.com@ and specify a __ValidationDomain__ of @subdomain.example.com@ , ACM sends email to the domain registrant, technical contact, and administrative contact in WHOIS and the following five addresses:     * admin@subdomain.example.com     * administrator@subdomain.example.com     * hostmaster@subdomain.example.com     * postmaster@subdomain.example.com     * webmaster@subdomain.example.com
 resendValidationEmail
@@ -65,17 +66,18 @@
     -> Text -- ^ 'rveValidationDomain'
     -> ResendValidationEmail
 resendValidationEmail pCertificateARN_ pDomain_ pValidationDomain_ =
-    ResendValidationEmail'
-    { _rveCertificateARN = pCertificateARN_
-    , _rveDomain = pDomain_
-    , _rveValidationDomain = pValidationDomain_
-    }
+  ResendValidationEmail'
+  { _rveCertificateARN = pCertificateARN_
+  , _rveDomain = pDomain_
+  , _rveValidationDomain = pValidationDomain_
+  }
 
+
 -- | String that contains the ARN of the requested certificate. The certificate ARN is generated and returned by the 'RequestCertificate' action as soon as the request is made. By default, using this parameter causes email to be sent to all top-level domains you specified in the certificate request. The ARN must be of the form: @arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012@
 rveCertificateARN :: Lens' ResendValidationEmail Text
 rveCertificateARN = lens _rveCertificateARN (\ s a -> s{_rveCertificateARN = a});
 
--- | The Fully Qualified Domain Name (FQDN) of the certificate that needs to be validated.
+-- | The fully qualified domain name (FQDN) of the certificate that needs to be validated.
 rveDomain :: Lens' ResendValidationEmail Text
 rveDomain = lens _rveDomain (\ s a -> s{_rveDomain = a});
 
@@ -89,9 +91,9 @@
         request = postJSON certificateManager
         response = receiveNull ResendValidationEmailResponse'
 
-instance Hashable ResendValidationEmail
+instance Hashable ResendValidationEmail where
 
-instance NFData ResendValidationEmail
+instance NFData ResendValidationEmail where
 
 instance ToHeaders ResendValidationEmail where
         toHeaders
@@ -119,13 +121,15 @@
 
 -- | /See:/ 'resendValidationEmailResponse' smart constructor.
 data ResendValidationEmailResponse =
-    ResendValidationEmailResponse'
-    deriving (Eq,Read,Show,Data,Typeable,Generic)
+  ResendValidationEmailResponse'
+  deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'ResendValidationEmailResponse' with the minimum fields required to make a request.
 --
 resendValidationEmailResponse
     :: ResendValidationEmailResponse
 resendValidationEmailResponse = ResendValidationEmailResponse'
 
-instance NFData ResendValidationEmailResponse
+
+instance NFData ResendValidationEmailResponse where
diff --git a/gen/Network/AWS/CertificateManager/Types.hs b/gen/Network/AWS/CertificateManager/Types.hs
--- a/gen/Network/AWS/CertificateManager/Types.hs
+++ b/gen/Network/AWS/CertificateManager/Types.hs
@@ -4,9 +4,9 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.Types
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
@@ -32,12 +32,18 @@
     -- * CertificateType
     , CertificateType (..)
 
+    -- * DomainStatus
+    , DomainStatus (..)
+
     -- * FailureReason
     , FailureReason (..)
 
     -- * KeyAlgorithm
     , KeyAlgorithm (..)
 
+    -- * RenewalStatus
+    , RenewalStatus (..)
+
     -- * RevocationReason
     , RevocationReason (..)
 
@@ -57,6 +63,7 @@
     , cdNotBefore
     , cdRevocationReason
     , cdDomainName
+    , cdRenewalSummary
     , cdKeyAlgorithm
     , cdType
     , cdIssuedAt
@@ -75,6 +82,7 @@
     , DomainValidation
     , domainValidation
     , dvValidationEmails
+    , dvValidationStatus
     , dvValidationDomain
     , dvDomainName
 
@@ -84,6 +92,12 @@
     , dvoDomainName
     , dvoValidationDomain
 
+    -- * RenewalSummary
+    , RenewalSummary
+    , renewalSummary
+    , rsRenewalStatus
+    , rsDomainValidationOptions
+
     -- * Tag
     , Tag
     , tag
@@ -91,38 +105,40 @@
     , tagKey
     ) where
 
-import           Network.AWS.CertificateManager.Types.Product
-import           Network.AWS.CertificateManager.Types.Sum
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Sign.V4
+import Network.AWS.CertificateManager.Types.Product
+import Network.AWS.CertificateManager.Types.Sum
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Sign.V4
 
 -- | API version @2015-12-08@ of the Amazon Certificate Manager SDK configuration.
 certificateManager :: Service
 certificateManager =
-    Service
-    { _svcAbbrev = "CertificateManager"
-    , _svcSigner = v4
-    , _svcPrefix = "acm"
-    , _svcVersion = "2015-12-08"
-    , _svcEndpoint = defaultEndpoint certificateManager
-    , _svcTimeout = Just 70
-    , _svcCheck = statusSuccess
-    , _svcError = parseJSONError "CertificateManager"
-    , _svcRetry = retry
-    }
+  Service
+  { _svcAbbrev = "CertificateManager"
+  , _svcSigner = v4
+  , _svcPrefix = "acm"
+  , _svcVersion = "2015-12-08"
+  , _svcEndpoint = defaultEndpoint certificateManager
+  , _svcTimeout = Just 70
+  , _svcCheck = statusSuccess
+  , _svcError = parseJSONError "CertificateManager"
+  , _svcRetry = retry
+  }
   where
     retry =
-        Exponential
-        { _retryBase = 5.0e-2
-        , _retryGrowth = 2
-        , _retryAttempts = 5
-        , _retryCheck = check
-        }
+      Exponential
+      { _retryBase = 5.0e-2
+      , _retryGrowth = 2
+      , _retryAttempts = 5
+      , _retryCheck = check
+      }
     check e
+      | has (hasCode "ThrottledException" . hasStatus 400) e =
+        Just "throttled_exception"
       | has (hasStatus 429) e = Just "too_many_requests"
       | has (hasCode "ThrottlingException" . hasStatus 400) e =
-          Just "throttling_exception"
+        Just "throttling_exception"
       | has (hasCode "Throttling" . hasStatus 400) e = Just "throttling"
       | has (hasStatus 504) e = Just "gateway_timeout"
       | has (hasStatus 502) e = Just "bad_gateway"
@@ -131,59 +147,77 @@
       | has (hasStatus 509) e = Just "limit_exceeded"
       | otherwise = Nothing
 
+
 -- | One or both of the values that make up the key-value pair is not valid. For example, you cannot specify a tag value that begins with @aws:@ .
 --
 --
 _InvalidTagException :: AsError a => Getting (First ServiceError) a ServiceError
-_InvalidTagException = _ServiceError . hasCode "InvalidTagException"
+_InvalidTagException =
+  _MatchServiceError certificateManager "InvalidTagException"
 
+
 -- | One or more values in the 'DomainValidationOption' structure is incorrect.
 --
 --
 _InvalidDomainValidationOptionsException :: AsError a => Getting (First ServiceError) a ServiceError
 _InvalidDomainValidationOptionsException =
-    _ServiceError . hasCode "InvalidDomainValidationOptionsException"
+  _MatchServiceError
+    certificateManager
+    "InvalidDomainValidationOptionsException"
 
+
 -- | The request contains too many tags. Try the request again with fewer tags.
 --
 --
 _TooManyTagsException :: AsError a => Getting (First ServiceError) a ServiceError
-_TooManyTagsException = _ServiceError . hasCode "TooManyTagsException"
+_TooManyTagsException =
+  _MatchServiceError certificateManager "TooManyTagsException"
 
+
 -- | The certificate request is in process and the certificate in your account has not yet been issued.
 --
 --
 _RequestInProgressException :: AsError a => Getting (First ServiceError) a ServiceError
 _RequestInProgressException =
-    _ServiceError . hasCode "RequestInProgressException"
+  _MatchServiceError certificateManager "RequestInProgressException"
 
+
 -- | The requested Amazon Resource Name (ARN) does not refer to an existing resource.
 --
 --
 _InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError
-_InvalidARNException = _ServiceError . hasCode "InvalidArnException"
+_InvalidARNException =
+  _MatchServiceError certificateManager "InvalidArnException"
 
+
 -- | The specified certificate cannot be found in the caller's account, or the caller's account cannot be found.
 --
 --
 _ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
 _ResourceNotFoundException =
-    _ServiceError . hasCode "ResourceNotFoundException"
+  _MatchServiceError certificateManager "ResourceNotFoundException"
 
+
 -- | Processing has reached an invalid state. For example, this exception can occur if the specified domain is not using email validation, or the current certificate status does not permit the requested operation. See the exception message returned by ACM to determine which state is not valid.
 --
 --
 _InvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError
-_InvalidStateException = _ServiceError . hasCode "InvalidStateException"
+_InvalidStateException =
+  _MatchServiceError certificateManager "InvalidStateException"
 
+
 -- | An ACM limit has been exceeded. For example, you may have input more domains than are allowed or you've requested too many certificates for your account. See the exception message returned by ACM to determine which limit you have violated. For more information about ACM limits, see the <http://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html Limits> topic.
 --
 --
 _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
-_LimitExceededException = _ServiceError . hasCode "LimitExceededException"
+_LimitExceededException =
+  _MatchServiceError certificateManager "LimitExceededException"
 
+
 -- | The certificate is in use by another AWS service in the caller's account. Remove the association and try again.
 --
 --
 _ResourceInUseException :: AsError a => Getting (First ServiceError) a ServiceError
-_ResourceInUseException = _ServiceError . hasCode "ResourceInUseException"
+_ResourceInUseException =
+  _MatchServiceError certificateManager "ResourceInUseException"
+
diff --git a/gen/Network/AWS/CertificateManager/Types/Product.hs b/gen/Network/AWS/CertificateManager/Types/Product.hs
--- a/gen/Network/AWS/CertificateManager/Types/Product.hs
+++ b/gen/Network/AWS/CertificateManager/Types/Product.hs
@@ -9,46 +9,48 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.Types.Product
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
 module Network.AWS.CertificateManager.Types.Product where
 
-import           Network.AWS.CertificateManager.Types.Sum
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
+import Network.AWS.CertificateManager.Types.Sum
+import Network.AWS.Lens
+import Network.AWS.Prelude
 
--- | Contains detailed metadata about an ACM Certificate. This structure is returned in the response to a 'DescribeCertificate' request.
+-- | Contains metadata about an ACM certificate. This structure is returned in the response to a 'DescribeCertificate' request.
 --
 --
 --
 -- /See:/ 'certificateDetail' smart constructor.
 data CertificateDetail = CertificateDetail'
-    { _cdSubject                 :: !(Maybe Text)
-    , _cdStatus                  :: !(Maybe CertificateStatus)
-    , _cdFailureReason           :: !(Maybe FailureReason)
-    , _cdSubjectAlternativeNames :: !(Maybe (List1 Text))
-    , _cdInUseBy                 :: !(Maybe [Text])
-    , _cdCreatedAt               :: !(Maybe POSIX)
-    , _cdCertificateARN          :: !(Maybe Text)
-    , _cdSerial                  :: !(Maybe Text)
-    , _cdImportedAt              :: !(Maybe POSIX)
-    , _cdRevokedAt               :: !(Maybe POSIX)
-    , _cdNotBefore               :: !(Maybe POSIX)
-    , _cdRevocationReason        :: !(Maybe RevocationReason)
-    , _cdDomainName              :: !(Maybe Text)
-    , _cdKeyAlgorithm            :: !(Maybe KeyAlgorithm)
-    , _cdType                    :: !(Maybe CertificateType)
-    , _cdIssuedAt                :: !(Maybe POSIX)
-    , _cdSignatureAlgorithm      :: !(Maybe Text)
-    , _cdDomainValidationOptions :: !(Maybe (List1 DomainValidation))
-    , _cdIssuer                  :: !(Maybe Text)
-    , _cdNotAfter                :: !(Maybe POSIX)
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _cdSubject                 :: !(Maybe Text)
+  , _cdStatus                  :: !(Maybe CertificateStatus)
+  , _cdFailureReason           :: !(Maybe FailureReason)
+  , _cdSubjectAlternativeNames :: !(Maybe (List1 Text))
+  , _cdInUseBy                 :: !(Maybe [Text])
+  , _cdCreatedAt               :: !(Maybe POSIX)
+  , _cdCertificateARN          :: !(Maybe Text)
+  , _cdSerial                  :: !(Maybe Text)
+  , _cdImportedAt              :: !(Maybe POSIX)
+  , _cdRevokedAt               :: !(Maybe POSIX)
+  , _cdNotBefore               :: !(Maybe POSIX)
+  , _cdRevocationReason        :: !(Maybe RevocationReason)
+  , _cdDomainName              :: !(Maybe Text)
+  , _cdRenewalSummary          :: !(Maybe RenewalSummary)
+  , _cdKeyAlgorithm            :: !(Maybe KeyAlgorithm)
+  , _cdType                    :: !(Maybe CertificateType)
+  , _cdIssuedAt                :: !(Maybe POSIX)
+  , _cdSignatureAlgorithm      :: !(Maybe Text)
+  , _cdDomainValidationOptions :: !(Maybe (List1 DomainValidation))
+  , _cdIssuer                  :: !(Maybe Text)
+  , _cdNotAfter                :: !(Maybe POSIX)
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'CertificateDetail' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -79,6 +81,8 @@
 --
 -- * 'cdDomainName' - The fully qualified domain name for the certificate, such as www.example.com or example.com.
 --
+-- * 'cdRenewalSummary' - Contains information about the status of ACM's <http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html managed renewal> for the certificate. This field exists only when the certificate type is @AMAZON_ISSUED@ .
+--
 -- * 'cdKeyAlgorithm' - The algorithm that was used to generate the key pair (the public and private key).
 --
 -- * 'cdType' - The source of the certificate. For certificates provided by ACM, this value is @AMAZON_ISSUED@ . For certificates that you imported with 'ImportCertificate' , this value is @IMPORTED@ . ACM does not provide <http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html managed renewal> for imported certificates. For more information about the differences between certificates that you import and those that ACM provides, see <http://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html Importing Certificates> in the /AWS Certificate Manager User Guide/ .
@@ -87,7 +91,7 @@
 --
 -- * 'cdSignatureAlgorithm' - The algorithm that was used to sign the certificate.
 --
--- * 'cdDomainValidationOptions' - Contains information about the email address or addresses used for domain validation. This field exists only when the certificate type is @AMAZON_ISSUED@ .
+-- * 'cdDomainValidationOptions' - Contains information about the initial validation of each domain name that occurs as a result of the 'RequestCertificate' request. This field exists only when the certificate type is @AMAZON_ISSUED@ .
 --
 -- * 'cdIssuer' - The name of the certificate authority that issued and signed the certificate.
 --
@@ -95,29 +99,31 @@
 certificateDetail
     :: CertificateDetail
 certificateDetail =
-    CertificateDetail'
-    { _cdSubject = Nothing
-    , _cdStatus = Nothing
-    , _cdFailureReason = Nothing
-    , _cdSubjectAlternativeNames = Nothing
-    , _cdInUseBy = Nothing
-    , _cdCreatedAt = Nothing
-    , _cdCertificateARN = Nothing
-    , _cdSerial = Nothing
-    , _cdImportedAt = Nothing
-    , _cdRevokedAt = Nothing
-    , _cdNotBefore = Nothing
-    , _cdRevocationReason = Nothing
-    , _cdDomainName = Nothing
-    , _cdKeyAlgorithm = Nothing
-    , _cdType = Nothing
-    , _cdIssuedAt = Nothing
-    , _cdSignatureAlgorithm = Nothing
-    , _cdDomainValidationOptions = Nothing
-    , _cdIssuer = Nothing
-    , _cdNotAfter = Nothing
-    }
+  CertificateDetail'
+  { _cdSubject = Nothing
+  , _cdStatus = Nothing
+  , _cdFailureReason = Nothing
+  , _cdSubjectAlternativeNames = Nothing
+  , _cdInUseBy = Nothing
+  , _cdCreatedAt = Nothing
+  , _cdCertificateARN = Nothing
+  , _cdSerial = Nothing
+  , _cdImportedAt = Nothing
+  , _cdRevokedAt = Nothing
+  , _cdNotBefore = Nothing
+  , _cdRevocationReason = Nothing
+  , _cdDomainName = Nothing
+  , _cdRenewalSummary = Nothing
+  , _cdKeyAlgorithm = Nothing
+  , _cdType = Nothing
+  , _cdIssuedAt = Nothing
+  , _cdSignatureAlgorithm = Nothing
+  , _cdDomainValidationOptions = Nothing
+  , _cdIssuer = Nothing
+  , _cdNotAfter = Nothing
+  }
 
+
 -- | The name of the entity that is associated with the public key contained in the certificate.
 cdSubject :: Lens' CertificateDetail (Maybe Text)
 cdSubject = lens _cdSubject (\ s a -> s{_cdSubject = a});
@@ -170,6 +176,10 @@
 cdDomainName :: Lens' CertificateDetail (Maybe Text)
 cdDomainName = lens _cdDomainName (\ s a -> s{_cdDomainName = a});
 
+-- | Contains information about the status of ACM's <http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html managed renewal> for the certificate. This field exists only when the certificate type is @AMAZON_ISSUED@ .
+cdRenewalSummary :: Lens' CertificateDetail (Maybe RenewalSummary)
+cdRenewalSummary = lens _cdRenewalSummary (\ s a -> s{_cdRenewalSummary = a});
+
 -- | The algorithm that was used to generate the key pair (the public and private key).
 cdKeyAlgorithm :: Lens' CertificateDetail (Maybe KeyAlgorithm)
 cdKeyAlgorithm = lens _cdKeyAlgorithm (\ s a -> s{_cdKeyAlgorithm = a});
@@ -186,7 +196,7 @@
 cdSignatureAlgorithm :: Lens' CertificateDetail (Maybe Text)
 cdSignatureAlgorithm = lens _cdSignatureAlgorithm (\ s a -> s{_cdSignatureAlgorithm = a});
 
--- | Contains information about the email address or addresses used for domain validation. This field exists only when the certificate type is @AMAZON_ISSUED@ .
+-- | Contains information about the initial validation of each domain name that occurs as a result of the 'RequestCertificate' request. This field exists only when the certificate type is @AMAZON_ISSUED@ .
 cdDomainValidationOptions :: Lens' CertificateDetail (Maybe (NonEmpty DomainValidation))
 cdDomainValidationOptions = lens _cdDomainValidationOptions (\ s a -> s{_cdDomainValidationOptions = a}) . mapping _List1;
 
@@ -215,6 +225,7 @@
                      <*> (x .:? "NotBefore")
                      <*> (x .:? "RevocationReason")
                      <*> (x .:? "DomainName")
+                     <*> (x .:? "RenewalSummary")
                      <*> (x .:? "KeyAlgorithm")
                      <*> (x .:? "Type")
                      <*> (x .:? "IssuedAt")
@@ -223,9 +234,9 @@
                      <*> (x .:? "Issuer")
                      <*> (x .:? "NotAfter"))
 
-instance Hashable CertificateDetail
+instance Hashable CertificateDetail where
 
-instance NFData CertificateDetail
+instance NFData CertificateDetail where
 
 -- | This structure is returned in the response object of 'ListCertificates' action.
 --
@@ -233,10 +244,11 @@
 --
 -- /See:/ 'certificateSummary' smart constructor.
 data CertificateSummary = CertificateSummary'
-    { _csCertificateARN :: !(Maybe Text)
-    , _csDomainName     :: !(Maybe Text)
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _csCertificateARN :: !(Maybe Text)
+  , _csDomainName     :: !(Maybe Text)
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'CertificateSummary' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -247,11 +259,9 @@
 certificateSummary
     :: CertificateSummary
 certificateSummary =
-    CertificateSummary'
-    { _csCertificateARN = Nothing
-    , _csDomainName = Nothing
-    }
+  CertificateSummary' {_csCertificateARN = Nothing, _csDomainName = Nothing}
 
+
 -- | Amazon Resource Name (ARN) of the certificate. This is of the form: @arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012@  For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> .
 csCertificateARN :: Lens' CertificateSummary (Maybe Text)
 csCertificateARN = lens _csCertificateARN (\ s a -> s{_csCertificateARN = a});
@@ -267,49 +277,59 @@
                  CertificateSummary' <$>
                    (x .:? "CertificateArn") <*> (x .:? "DomainName"))
 
-instance Hashable CertificateSummary
+instance Hashable CertificateSummary where
 
-instance NFData CertificateSummary
+instance NFData CertificateSummary where
 
--- | Structure that contains the domain name, the base validation domain to which validation email is sent, and the email addresses used to validate the domain identity.
+-- | Contains information about the validation of each domain name in the certificate.
 --
 --
 --
 -- /See:/ 'domainValidation' smart constructor.
 data DomainValidation = DomainValidation'
-    { _dvValidationEmails :: !(Maybe [Text])
-    , _dvValidationDomain :: !(Maybe Text)
-    , _dvDomainName       :: !Text
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _dvValidationEmails :: !(Maybe [Text])
+  , _dvValidationStatus :: !(Maybe DomainStatus)
+  , _dvValidationDomain :: !(Maybe Text)
+  , _dvDomainName       :: !Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'DomainValidation' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dvValidationEmails' - A list of contact address for the domain registrant.
+-- * 'dvValidationEmails' - A list of email addresses that ACM used to send domain validation emails.
 --
--- * 'dvValidationDomain' - The base validation domain that acts as the suffix of the email addresses that are used to send the emails.
+-- * 'dvValidationStatus' - The validation status of the domain name.
 --
--- * 'dvDomainName' - Fully Qualified Domain Name (FQDN) of the form @www.example.com or @ @example.com@ .
+-- * 'dvValidationDomain' - The domain name that ACM used to send domain validation emails.
+--
+-- * 'dvDomainName' - A fully qualified domain name (FQDN) in the certificate. For example, @www.example.com@ or @example.com@ .
 domainValidation
     :: Text -- ^ 'dvDomainName'
     -> DomainValidation
 domainValidation pDomainName_ =
-    DomainValidation'
-    { _dvValidationEmails = Nothing
-    , _dvValidationDomain = Nothing
-    , _dvDomainName = pDomainName_
-    }
+  DomainValidation'
+  { _dvValidationEmails = Nothing
+  , _dvValidationStatus = Nothing
+  , _dvValidationDomain = Nothing
+  , _dvDomainName = pDomainName_
+  }
 
--- | A list of contact address for the domain registrant.
+
+-- | A list of email addresses that ACM used to send domain validation emails.
 dvValidationEmails :: Lens' DomainValidation [Text]
 dvValidationEmails = lens _dvValidationEmails (\ s a -> s{_dvValidationEmails = a}) . _Default . _Coerce;
 
--- | The base validation domain that acts as the suffix of the email addresses that are used to send the emails.
+-- | The validation status of the domain name.
+dvValidationStatus :: Lens' DomainValidation (Maybe DomainStatus)
+dvValidationStatus = lens _dvValidationStatus (\ s a -> s{_dvValidationStatus = a});
+
+-- | The domain name that ACM used to send domain validation emails.
 dvValidationDomain :: Lens' DomainValidation (Maybe Text)
 dvValidationDomain = lens _dvValidationDomain (\ s a -> s{_dvValidationDomain = a});
 
--- | Fully Qualified Domain Name (FQDN) of the form @www.example.com or @ @example.com@ .
+-- | A fully qualified domain name (FQDN) in the certificate. For example, @www.example.com@ or @example.com@ .
 dvDomainName :: Lens' DomainValidation Text
 dvDomainName = lens _dvDomainName (\ s a -> s{_dvDomainName = a});
 
@@ -319,51 +339,52 @@
               (\ x ->
                  DomainValidation' <$>
                    (x .:? "ValidationEmails" .!= mempty) <*>
-                     (x .:? "ValidationDomain")
+                     (x .:? "ValidationStatus")
+                     <*> (x .:? "ValidationDomain")
                      <*> (x .: "DomainName"))
 
-instance Hashable DomainValidation
+instance Hashable DomainValidation where
 
-instance NFData DomainValidation
+instance NFData DomainValidation where
 
--- | This structure is used in the request object of the 'RequestCertificate' action.
+-- | Contains information about the domain names that you want ACM to use to send you emails to validate your ownership of the domain.
 --
 --
 --
 -- /See:/ 'domainValidationOption' smart constructor.
 data DomainValidationOption = DomainValidationOption'
-    { _dvoDomainName       :: !Text
-    , _dvoValidationDomain :: !Text
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _dvoDomainName       :: !Text
+  , _dvoValidationDomain :: !Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'DomainValidationOption' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dvoDomainName' - Fully Qualified Domain Name (FQDN) of the certificate being requested.
+-- * 'dvoDomainName' - A fully qualified domain name (FQDN) in the certificate request.
 --
--- * 'dvoValidationDomain' - The domain to which validation email is sent. This is the base validation domain that will act as the suffix of the email addresses. This must be the same as the @DomainName@ value or a superdomain of the @DomainName@ value. For example, if you requested a certificate for @site.subdomain.example.com@ and specify a __ValidationDomain__ of @subdomain.example.com@ , ACM sends email to the domain registrant, technical contact, and administrative contact in WHOIS for the base domain and the following five addresses:     * admin@subdomain.example.com     * administrator@subdomain.example.com     * hostmaster@subdomain.example.com     * postmaster@subdomain.example.com     * webmaster@subdomain.example.com
+-- * 'dvoValidationDomain' - The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the @DomainName@ value or a superdomain of the @DomainName@ value. For example, if you request a certificate for @testing.example.com@ , you can specify @example.com@ for this value. In that case, ACM sends domain validation emails to the following five addresses:     * admin@example.com     * administrator@example.com     * hostmaster@example.com     * postmaster@example.com     * webmaster@example.com
 domainValidationOption
     :: Text -- ^ 'dvoDomainName'
     -> Text -- ^ 'dvoValidationDomain'
     -> DomainValidationOption
 domainValidationOption pDomainName_ pValidationDomain_ =
-    DomainValidationOption'
-    { _dvoDomainName = pDomainName_
-    , _dvoValidationDomain = pValidationDomain_
-    }
+  DomainValidationOption'
+  {_dvoDomainName = pDomainName_, _dvoValidationDomain = pValidationDomain_}
 
--- | Fully Qualified Domain Name (FQDN) of the certificate being requested.
+
+-- | A fully qualified domain name (FQDN) in the certificate request.
 dvoDomainName :: Lens' DomainValidationOption Text
 dvoDomainName = lens _dvoDomainName (\ s a -> s{_dvoDomainName = a});
 
--- | The domain to which validation email is sent. This is the base validation domain that will act as the suffix of the email addresses. This must be the same as the @DomainName@ value or a superdomain of the @DomainName@ value. For example, if you requested a certificate for @site.subdomain.example.com@ and specify a __ValidationDomain__ of @subdomain.example.com@ , ACM sends email to the domain registrant, technical contact, and administrative contact in WHOIS for the base domain and the following five addresses:     * admin@subdomain.example.com     * administrator@subdomain.example.com     * hostmaster@subdomain.example.com     * postmaster@subdomain.example.com     * webmaster@subdomain.example.com
+-- | The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the @DomainName@ value or a superdomain of the @DomainName@ value. For example, if you request a certificate for @testing.example.com@ , you can specify @example.com@ for this value. In that case, ACM sends domain validation emails to the following five addresses:     * admin@example.com     * administrator@example.com     * hostmaster@example.com     * postmaster@example.com     * webmaster@example.com
 dvoValidationDomain :: Lens' DomainValidationOption Text
 dvoValidationDomain = lens _dvoValidationDomain (\ s a -> s{_dvoValidationDomain = a});
 
-instance Hashable DomainValidationOption
+instance Hashable DomainValidationOption where
 
-instance NFData DomainValidationOption
+instance NFData DomainValidationOption where
 
 instance ToJSON DomainValidationOption where
         toJSON DomainValidationOption'{..}
@@ -372,16 +393,66 @@
                  [Just ("DomainName" .= _dvoDomainName),
                   Just ("ValidationDomain" .= _dvoValidationDomain)])
 
+-- | Contains information about the status of ACM's <http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html managed renewal> for the certificate. This structure exists only when the certificate type is @AMAZON_ISSUED@ .
+--
+--
+--
+-- /See:/ 'renewalSummary' smart constructor.
+data RenewalSummary = RenewalSummary'
+  { _rsRenewalStatus           :: !RenewalStatus
+  , _rsDomainValidationOptions :: !(List1 DomainValidation)
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
+
+
+-- | Creates a value of 'RenewalSummary' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'rsRenewalStatus' - The status of ACM's <http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html managed renewal> of the certificate.
+--
+-- * 'rsDomainValidationOptions' - Contains information about the validation of each domain name in the certificate, as it pertains to ACM's <http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html managed renewal> . This is different from the initial validation that occurs as a result of the 'RequestCertificate' request. This field exists only when the certificate type is @AMAZON_ISSUED@ .
+renewalSummary
+    :: RenewalStatus -- ^ 'rsRenewalStatus'
+    -> NonEmpty DomainValidation -- ^ 'rsDomainValidationOptions'
+    -> RenewalSummary
+renewalSummary pRenewalStatus_ pDomainValidationOptions_ =
+  RenewalSummary'
+  { _rsRenewalStatus = pRenewalStatus_
+  , _rsDomainValidationOptions = _List1 # pDomainValidationOptions_
+  }
+
+
+-- | The status of ACM's <http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html managed renewal> of the certificate.
+rsRenewalStatus :: Lens' RenewalSummary RenewalStatus
+rsRenewalStatus = lens _rsRenewalStatus (\ s a -> s{_rsRenewalStatus = a});
+
+-- | Contains information about the validation of each domain name in the certificate, as it pertains to ACM's <http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html managed renewal> . This is different from the initial validation that occurs as a result of the 'RequestCertificate' request. This field exists only when the certificate type is @AMAZON_ISSUED@ .
+rsDomainValidationOptions :: Lens' RenewalSummary (NonEmpty DomainValidation)
+rsDomainValidationOptions = lens _rsDomainValidationOptions (\ s a -> s{_rsDomainValidationOptions = a}) . _List1;
+
+instance FromJSON RenewalSummary where
+        parseJSON
+          = withObject "RenewalSummary"
+              (\ x ->
+                 RenewalSummary' <$>
+                   (x .: "RenewalStatus") <*>
+                     (x .: "DomainValidationOptions"))
+
+instance Hashable RenewalSummary where
+
+instance NFData RenewalSummary where
+
 -- | A key-value pair that identifies or specifies metadata about an ACM resource.
 --
 --
 --
 -- /See:/ 'tag' smart constructor.
 data Tag = Tag'
-    { _tagValue :: !(Maybe Text)
-    , _tagKey   :: !Text
-    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+  { _tagValue :: !(Maybe Text)
+  , _tagKey   :: !Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
 
+
 -- | Creates a value of 'Tag' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
@@ -392,12 +463,9 @@
 tag
     :: Text -- ^ 'tagKey'
     -> Tag
-tag pKey_ =
-    Tag'
-    { _tagValue = Nothing
-    , _tagKey = pKey_
-    }
+tag pKey_ = Tag' {_tagValue = Nothing, _tagKey = pKey_}
 
+
 -- | The value of the tag.
 tagValue :: Lens' Tag (Maybe Text)
 tagValue = lens _tagValue (\ s a -> s{_tagValue = a});
@@ -411,9 +479,9 @@
           = withObject "Tag"
               (\ x -> Tag' <$> (x .:? "Value") <*> (x .: "Key"))
 
-instance Hashable Tag
+instance Hashable Tag where
 
-instance NFData Tag
+instance NFData Tag where
 
 instance ToJSON Tag where
         toJSON Tag'{..}
diff --git a/gen/Network/AWS/CertificateManager/Types/Sum.hs b/gen/Network/AWS/CertificateManager/Types/Sum.hs
--- a/gen/Network/AWS/CertificateManager/Types/Sum.hs
+++ b/gen/Network/AWS/CertificateManager/Types/Sum.hs
@@ -9,47 +9,48 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.Types.Sum
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
 module Network.AWS.CertificateManager.Types.Sum where
 
-import           Network.AWS.Prelude
+import Network.AWS.Prelude
 
 data CertificateStatus
-    = Expired
-    | Failed
-    | Inactive
-    | Issued
-    | PendingValidation
-    | Revoked
-    | ValidationTimedOut
-    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+  = CSExpired
+  | CSFailed
+  | CSInactive
+  | CSIssued
+  | CSPendingValidation
+  | CSRevoked
+  | CSValidationTimedOut
+  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
 
+
 instance FromText CertificateStatus where
     parser = takeLowerText >>= \case
-        "expired" -> pure Expired
-        "failed" -> pure Failed
-        "inactive" -> pure Inactive
-        "issued" -> pure Issued
-        "pending_validation" -> pure PendingValidation
-        "revoked" -> pure Revoked
-        "validation_timed_out" -> pure ValidationTimedOut
+        "expired" -> pure CSExpired
+        "failed" -> pure CSFailed
+        "inactive" -> pure CSInactive
+        "issued" -> pure CSIssued
+        "pending_validation" -> pure CSPendingValidation
+        "revoked" -> pure CSRevoked
+        "validation_timed_out" -> pure CSValidationTimedOut
         e -> fromTextError $ "Failure parsing CertificateStatus from value: '" <> e
            <> "'. Accepted values: expired, failed, inactive, issued, pending_validation, revoked, validation_timed_out"
 
 instance ToText CertificateStatus where
     toText = \case
-        Expired -> "EXPIRED"
-        Failed -> "FAILED"
-        Inactive -> "INACTIVE"
-        Issued -> "ISSUED"
-        PendingValidation -> "PENDING_VALIDATION"
-        Revoked -> "REVOKED"
-        ValidationTimedOut -> "VALIDATION_TIMED_OUT"
+        CSExpired -> "EXPIRED"
+        CSFailed -> "FAILED"
+        CSInactive -> "INACTIVE"
+        CSIssued -> "ISSUED"
+        CSPendingValidation -> "PENDING_VALIDATION"
+        CSRevoked -> "REVOKED"
+        CSValidationTimedOut -> "VALIDATION_TIMED_OUT"
 
 instance Hashable     CertificateStatus
 instance NFData       CertificateStatus
@@ -64,10 +65,11 @@
     parseJSON = parseJSONText "CertificateStatus"
 
 data CertificateType
-    = AmazonIssued
-    | Imported
-    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+  = AmazonIssued
+  | Imported
+  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
 
+
 instance FromText CertificateType where
     parser = takeLowerText >>= \case
         "amazon_issued" -> pure AmazonIssued
@@ -89,14 +91,45 @@
 instance FromJSON CertificateType where
     parseJSON = parseJSONText "CertificateType"
 
+data DomainStatus
+  = Failed
+  | PendingValidation
+  | Success
+  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
+
+
+instance FromText DomainStatus where
+    parser = takeLowerText >>= \case
+        "failed" -> pure Failed
+        "pending_validation" -> pure PendingValidation
+        "success" -> pure Success
+        e -> fromTextError $ "Failure parsing DomainStatus from value: '" <> e
+           <> "'. Accepted values: failed, pending_validation, success"
+
+instance ToText DomainStatus where
+    toText = \case
+        Failed -> "FAILED"
+        PendingValidation -> "PENDING_VALIDATION"
+        Success -> "SUCCESS"
+
+instance Hashable     DomainStatus
+instance NFData       DomainStatus
+instance ToByteString DomainStatus
+instance ToQuery      DomainStatus
+instance ToHeader     DomainStatus
+
+instance FromJSON DomainStatus where
+    parseJSON = parseJSONText "DomainStatus"
+
 data FailureReason
-    = AdditionalVerificationRequired
-    | DomainNotAllowed
-    | InvalidPublicDomain
-    | NoAvailableContacts
-    | Other
-    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+  = AdditionalVerificationRequired
+  | DomainNotAllowed
+  | InvalidPublicDomain
+  | NoAvailableContacts
+  | Other
+  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
 
+
 instance FromText FailureReason where
     parser = takeLowerText >>= \case
         "additional_verification_required" -> pure AdditionalVerificationRequired
@@ -125,11 +158,12 @@
     parseJSON = parseJSONText "FailureReason"
 
 data KeyAlgorithm
-    = EcPRIME256V1
-    | Rsa1024
-    | Rsa2048
-    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+  = EcPRIME256V1
+  | Rsa1024
+  | Rsa2048
+  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
 
+
 instance FromText KeyAlgorithm where
     parser = takeLowerText >>= \case
         "ec_prime256v1" -> pure EcPRIME256V1
@@ -153,18 +187,52 @@
 instance FromJSON KeyAlgorithm where
     parseJSON = parseJSONText "KeyAlgorithm"
 
+data RenewalStatus
+  = RSFailed
+  | RSPendingAutoRenewal
+  | RSPendingValidation
+  | RSSuccess
+  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
+
+
+instance FromText RenewalStatus where
+    parser = takeLowerText >>= \case
+        "failed" -> pure RSFailed
+        "pending_auto_renewal" -> pure RSPendingAutoRenewal
+        "pending_validation" -> pure RSPendingValidation
+        "success" -> pure RSSuccess
+        e -> fromTextError $ "Failure parsing RenewalStatus from value: '" <> e
+           <> "'. Accepted values: failed, pending_auto_renewal, pending_validation, success"
+
+instance ToText RenewalStatus where
+    toText = \case
+        RSFailed -> "FAILED"
+        RSPendingAutoRenewal -> "PENDING_AUTO_RENEWAL"
+        RSPendingValidation -> "PENDING_VALIDATION"
+        RSSuccess -> "SUCCESS"
+
+instance Hashable     RenewalStatus
+instance NFData       RenewalStatus
+instance ToByteString RenewalStatus
+instance ToQuery      RenewalStatus
+instance ToHeader     RenewalStatus
+
+instance FromJSON RenewalStatus where
+    parseJSON = parseJSONText "RenewalStatus"
+
 data RevocationReason
-    = AACompromise
-    | AffiliationChanged
-    | CaCompromise
-    | CertificateHold
-    | CessationOfOperation
-    | KeyCompromise
-    | PrivilegeWithdrawn
-    | RemoveFromCrl
-    | Superceded
-    | Unspecified
-    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+  = AACompromise
+  | AffiliationChanged
+  | CaCompromise
+  | CertificateHold
+  | CessationOfOperation
+  | KeyCompromise
+  | PrivilegeWithdrawn
+  | RemoveFromCrl
+  | Superceded
+  | Unspecified
+  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
+
 
 instance FromText RevocationReason where
     parser = takeLowerText >>= \case
diff --git a/gen/Network/AWS/CertificateManager/Waiters.hs b/gen/Network/AWS/CertificateManager/Waiters.hs
--- a/gen/Network/AWS/CertificateManager/Waiters.hs
+++ b/gen/Network/AWS/CertificateManager/Waiters.hs
@@ -7,15 +7,15 @@
 
 -- |
 -- Module      : Network.AWS.CertificateManager.Waiters
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
 module Network.AWS.CertificateManager.Waiters where
 
-import           Network.AWS.CertificateManager.Types
-import           Network.AWS.Lens
-import           Network.AWS.Prelude
-import           Network.AWS.Waiter
+import Network.AWS.CertificateManager.Types
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Waiter
diff --git a/test/Main.hs b/test/Main.hs
--- a/test/Main.hs
+++ b/test/Main.hs
@@ -2,9 +2,9 @@
 
 -- |
 -- Module      : Main
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
diff --git a/test/Test/AWS/CertificateManager.hs b/test/Test/AWS/CertificateManager.hs
--- a/test/Test/AWS/CertificateManager.hs
+++ b/test/Test/AWS/CertificateManager.hs
@@ -14,7 +14,7 @@
     , fixtures
     ) where
 
-import           Test.AWS.Prelude
+import Test.AWS.Prelude
 
 tests :: [TestTree]
 tests = []
diff --git a/test/Test/AWS/CertificateManager/Internal.hs b/test/Test/AWS/CertificateManager/Internal.hs
--- a/test/Test/AWS/CertificateManager/Internal.hs
+++ b/test/Test/AWS/CertificateManager/Internal.hs
@@ -9,7 +9,6 @@
 -- Stability   : experimental
 -- Portability : non-portable (GHC extensions)
 --
-
 module Test.AWS.CertificateManager.Internal where
 
-import           Test.AWS.Prelude
+import Test.AWS.Prelude
diff --git a/test/Test/AWS/Gen/CertificateManager.hs b/test/Test/AWS/Gen/CertificateManager.hs
--- a/test/Test/AWS/Gen/CertificateManager.hs
+++ b/test/Test/AWS/Gen/CertificateManager.hs
@@ -5,20 +5,20 @@
 
 -- |
 -- Module      : Test.AWS.Gen.CertificateManager
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2017 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
 module Test.AWS.Gen.CertificateManager where
 
 import Data.Proxy
+import Network.AWS.CertificateManager
+import Test.AWS.CertificateManager.Internal
 import Test.AWS.Fixture
 import Test.AWS.Prelude
 import Test.Tasty
-import Network.AWS.CertificateManager
-import Test.AWS.CertificateManager.Internal
 
 -- Auto-generated: the actual test selection needs to be manually placed into
 -- the top-level so that real test data can be incrementally added.
