diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,47 @@
+# Amazon Cognito Identity Provider SDK
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+
+`1.4.1`
+
+
+## Description
+
+You can create a user pool in Amazon Cognito Identity to manage
+directories and users. You can authenticate a user to obtain tokens
+related to user identity and access policies.
+
+This API reference provides information about user pools in Amazon
+Cognito Identity, which is a new capability that is available as a beta.
+
+Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-cognito-idp)
+and the [AWS API Reference](https://aws.amazon.com/documentation/).
+
+The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),
+which provides mechanisms for specifying AuthN/AuthZ information and sending requests.
+
+Use of lenses is required for constructing and manipulating types.
+This is due to the amount of nesting of AWS types and transparency regarding
+de/serialisation into more palatable Haskell values.
+The provided lenses should be compatible with any of the major lens libraries
+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.
+
+
+## Licence
+
+`amazonka-cognito-idp` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
+
+Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.
+Source files subject to this contain an additional licensing clause in their header.
diff --git a/Setup.hs b/Setup.hs
new file mode 100644
--- /dev/null
+++ b/Setup.hs
@@ -0,0 +1,2 @@
+import           Distribution.Simple
+main = defaultMain
diff --git a/amazonka-cognito-idp.cabal b/amazonka-cognito-idp.cabal
new file mode 100644
--- /dev/null
+++ b/amazonka-cognito-idp.cabal
@@ -0,0 +1,120 @@
+name:                  amazonka-cognito-idp
+version:               1.4.1
+synopsis:              Amazon Cognito Identity Provider SDK.
+homepage:              https://github.com/brendanhay/amazonka
+bug-reports:           https://github.com/brendanhay/amazonka/issues
+license:               OtherLicense
+license-file:          LICENSE
+author:                Brendan Hay
+maintainer:            Brendan Hay <brendan.g.hay@gmail.com>
+copyright:             Copyright (c) 2013-2016 Brendan Hay
+category:              Network, AWS, Cloud, Distributed Computing
+build-type:            Simple
+cabal-version:         >= 1.10
+extra-source-files:    README.md fixture/*.yaml fixture/*.proto
+description:
+    You can create a user pool in Amazon Cognito Identity to manage
+    directories and users. You can authenticate a user to obtain tokens
+    related to user identity and access policies.
+
+    This API reference provides information about user pools in Amazon
+    Cognito Identity, which is a new capability that is available as a beta.
+    .
+    The types from this library are intended to be used with
+    <http://hackage.haskell.org/package/amazonka amazonka>, which provides
+    mechanisms for specifying AuthN/AuthZ information and sending requests.
+    .
+    Use of lenses is required for constructing and manipulating types.
+    This is due to the amount of nesting of AWS types and transparency regarding
+    de/serialisation into more palatable Haskell values.
+    The provided lenses should be compatible with any of the major lens libraries
+    such as <http://hackage.haskell.org/package/lens lens> or
+    <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+    .
+    See "Network.AWS.CognitoIdentityProvider" or <https://aws.amazon.com/documentation/ the AWS Documentation>
+    to get started.
+
+source-repository head
+    type:     git
+    location: git://github.com/brendanhay/amazonka.git
+
+library
+    default-language:  Haskell2010
+    hs-source-dirs:    src gen
+
+    ghc-options:       -Wall
+
+    exposed-modules:
+          Network.AWS.CognitoIdentityProvider
+        , Network.AWS.CognitoIdentityProvider.AddCustomAttributes
+        , Network.AWS.CognitoIdentityProvider.AdminConfirmSignUp
+        , Network.AWS.CognitoIdentityProvider.AdminDeleteUser
+        , Network.AWS.CognitoIdentityProvider.AdminDeleteUserAttributes
+        , Network.AWS.CognitoIdentityProvider.AdminDisableUser
+        , Network.AWS.CognitoIdentityProvider.AdminEnableUser
+        , Network.AWS.CognitoIdentityProvider.AdminGetUser
+        , Network.AWS.CognitoIdentityProvider.AdminResetUserPassword
+        , Network.AWS.CognitoIdentityProvider.AdminSetUserSettings
+        , Network.AWS.CognitoIdentityProvider.AdminUpdateUserAttributes
+        , Network.AWS.CognitoIdentityProvider.ChangePassword
+        , Network.AWS.CognitoIdentityProvider.ConfirmForgotPassword
+        , Network.AWS.CognitoIdentityProvider.ConfirmSignUp
+        , Network.AWS.CognitoIdentityProvider.CreateUserPool
+        , Network.AWS.CognitoIdentityProvider.CreateUserPoolClient
+        , Network.AWS.CognitoIdentityProvider.DeleteUser
+        , Network.AWS.CognitoIdentityProvider.DeleteUserAttributes
+        , Network.AWS.CognitoIdentityProvider.DeleteUserPool
+        , Network.AWS.CognitoIdentityProvider.DeleteUserPoolClient
+        , Network.AWS.CognitoIdentityProvider.DescribeUserPool
+        , Network.AWS.CognitoIdentityProvider.DescribeUserPoolClient
+        , Network.AWS.CognitoIdentityProvider.ForgotPassword
+        , Network.AWS.CognitoIdentityProvider.GetUser
+        , Network.AWS.CognitoIdentityProvider.GetUserAttributeVerificationCode
+        , Network.AWS.CognitoIdentityProvider.ListUserPoolClients
+        , Network.AWS.CognitoIdentityProvider.ListUserPools
+        , Network.AWS.CognitoIdentityProvider.ListUsers
+        , Network.AWS.CognitoIdentityProvider.ResendConfirmationCode
+        , Network.AWS.CognitoIdentityProvider.SetUserSettings
+        , Network.AWS.CognitoIdentityProvider.SignUp
+        , Network.AWS.CognitoIdentityProvider.Types
+        , Network.AWS.CognitoIdentityProvider.UpdateUserAttributes
+        , Network.AWS.CognitoIdentityProvider.UpdateUserPool
+        , Network.AWS.CognitoIdentityProvider.UpdateUserPoolClient
+        , Network.AWS.CognitoIdentityProvider.VerifyUserAttribute
+        , Network.AWS.CognitoIdentityProvider.Waiters
+
+    other-modules:
+          Network.AWS.CognitoIdentityProvider.Types.Product
+        , Network.AWS.CognitoIdentityProvider.Types.Sum
+
+    build-depends:
+          amazonka-core == 1.4.1.*
+        , base          >= 4.7     && < 5
+
+test-suite amazonka-cognito-idp-test
+    type:              exitcode-stdio-1.0
+    default-language:  Haskell2010
+    hs-source-dirs:    test
+    main-is:           Main.hs
+
+    ghc-options:       -Wall -threaded
+
+    -- This section is encoded by the template and any modules added by
+    -- hand outside these namespaces will not correctly be added to the
+    -- distribution package.
+    other-modules:
+          Test.AWS.CognitoIdentityProvider
+        , Test.AWS.Gen.CognitoIdentityProvider
+        , Test.AWS.CognitoIdentityProvider.Internal
+
+    build-depends:
+          amazonka-core == 1.4.1.*
+        , amazonka-test == 1.4.1.*
+        , amazonka-cognito-idp == 1.4.1.*
+        , base
+        , bytestring
+        , tasty
+        , tasty-hunit
+        , text
+        , time
+        , unordered-containers
diff --git a/fixture/AddCustomAttributes.yaml b/fixture/AddCustomAttributes.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AddCustomAttributes.yaml
diff --git a/fixture/AddCustomAttributesResponse.proto b/fixture/AddCustomAttributesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AddCustomAttributesResponse.proto
diff --git a/fixture/AdminConfirmSignUp.yaml b/fixture/AdminConfirmSignUp.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AdminConfirmSignUp.yaml
diff --git a/fixture/AdminConfirmSignUpResponse.proto b/fixture/AdminConfirmSignUpResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AdminConfirmSignUpResponse.proto
diff --git a/fixture/AdminDeleteUser.yaml b/fixture/AdminDeleteUser.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AdminDeleteUser.yaml
diff --git a/fixture/AdminDeleteUserAttributes.yaml b/fixture/AdminDeleteUserAttributes.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AdminDeleteUserAttributes.yaml
diff --git a/fixture/AdminDeleteUserAttributesResponse.proto b/fixture/AdminDeleteUserAttributesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AdminDeleteUserAttributesResponse.proto
diff --git a/fixture/AdminDeleteUserResponse.proto b/fixture/AdminDeleteUserResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AdminDeleteUserResponse.proto
diff --git a/fixture/AdminDisableUser.yaml b/fixture/AdminDisableUser.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AdminDisableUser.yaml
diff --git a/fixture/AdminDisableUserResponse.proto b/fixture/AdminDisableUserResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AdminDisableUserResponse.proto
diff --git a/fixture/AdminEnableUser.yaml b/fixture/AdminEnableUser.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AdminEnableUser.yaml
diff --git a/fixture/AdminEnableUserResponse.proto b/fixture/AdminEnableUserResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AdminEnableUserResponse.proto
diff --git a/fixture/AdminGetUser.yaml b/fixture/AdminGetUser.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AdminGetUser.yaml
diff --git a/fixture/AdminGetUserResponse.proto b/fixture/AdminGetUserResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AdminGetUserResponse.proto
diff --git a/fixture/AdminResetUserPassword.yaml b/fixture/AdminResetUserPassword.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AdminResetUserPassword.yaml
diff --git a/fixture/AdminResetUserPasswordResponse.proto b/fixture/AdminResetUserPasswordResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AdminResetUserPasswordResponse.proto
diff --git a/fixture/AdminSetUserSettings.yaml b/fixture/AdminSetUserSettings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AdminSetUserSettings.yaml
diff --git a/fixture/AdminSetUserSettingsResponse.proto b/fixture/AdminSetUserSettingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AdminSetUserSettingsResponse.proto
diff --git a/fixture/AdminUpdateUserAttributes.yaml b/fixture/AdminUpdateUserAttributes.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AdminUpdateUserAttributes.yaml
diff --git a/fixture/AdminUpdateUserAttributesResponse.proto b/fixture/AdminUpdateUserAttributesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AdminUpdateUserAttributesResponse.proto
diff --git a/fixture/ChangePassword.yaml b/fixture/ChangePassword.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ChangePassword.yaml
diff --git a/fixture/ChangePasswordResponse.proto b/fixture/ChangePasswordResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ChangePasswordResponse.proto
diff --git a/fixture/ConfirmForgotPassword.yaml b/fixture/ConfirmForgotPassword.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ConfirmForgotPassword.yaml
diff --git a/fixture/ConfirmForgotPasswordResponse.proto b/fixture/ConfirmForgotPasswordResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ConfirmForgotPasswordResponse.proto
diff --git a/fixture/ConfirmSignUp.yaml b/fixture/ConfirmSignUp.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ConfirmSignUp.yaml
diff --git a/fixture/ConfirmSignUpResponse.proto b/fixture/ConfirmSignUpResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ConfirmSignUpResponse.proto
diff --git a/fixture/CreateUserPool.yaml b/fixture/CreateUserPool.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateUserPool.yaml
diff --git a/fixture/CreateUserPoolClient.yaml b/fixture/CreateUserPoolClient.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateUserPoolClient.yaml
diff --git a/fixture/CreateUserPoolClientResponse.proto b/fixture/CreateUserPoolClientResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateUserPoolClientResponse.proto
diff --git a/fixture/CreateUserPoolResponse.proto b/fixture/CreateUserPoolResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateUserPoolResponse.proto
diff --git a/fixture/DeleteUser.yaml b/fixture/DeleteUser.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteUser.yaml
diff --git a/fixture/DeleteUserAttributes.yaml b/fixture/DeleteUserAttributes.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteUserAttributes.yaml
diff --git a/fixture/DeleteUserAttributesResponse.proto b/fixture/DeleteUserAttributesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteUserAttributesResponse.proto
diff --git a/fixture/DeleteUserPool.yaml b/fixture/DeleteUserPool.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteUserPool.yaml
diff --git a/fixture/DeleteUserPoolClient.yaml b/fixture/DeleteUserPoolClient.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteUserPoolClient.yaml
diff --git a/fixture/DeleteUserPoolClientResponse.proto b/fixture/DeleteUserPoolClientResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteUserPoolClientResponse.proto
diff --git a/fixture/DeleteUserPoolResponse.proto b/fixture/DeleteUserPoolResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteUserPoolResponse.proto
diff --git a/fixture/DeleteUserResponse.proto b/fixture/DeleteUserResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteUserResponse.proto
diff --git a/fixture/DescribeUserPool.yaml b/fixture/DescribeUserPool.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeUserPool.yaml
diff --git a/fixture/DescribeUserPoolClient.yaml b/fixture/DescribeUserPoolClient.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeUserPoolClient.yaml
diff --git a/fixture/DescribeUserPoolClientResponse.proto b/fixture/DescribeUserPoolClientResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeUserPoolClientResponse.proto
diff --git a/fixture/DescribeUserPoolResponse.proto b/fixture/DescribeUserPoolResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeUserPoolResponse.proto
diff --git a/fixture/ForgotPassword.yaml b/fixture/ForgotPassword.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ForgotPassword.yaml
diff --git a/fixture/ForgotPasswordResponse.proto b/fixture/ForgotPasswordResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ForgotPasswordResponse.proto
diff --git a/fixture/GetUser.yaml b/fixture/GetUser.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetUser.yaml
diff --git a/fixture/GetUserAttributeVerificationCode.yaml b/fixture/GetUserAttributeVerificationCode.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetUserAttributeVerificationCode.yaml
diff --git a/fixture/GetUserAttributeVerificationCodeResponse.proto b/fixture/GetUserAttributeVerificationCodeResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetUserAttributeVerificationCodeResponse.proto
diff --git a/fixture/GetUserResponse.proto b/fixture/GetUserResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetUserResponse.proto
diff --git a/fixture/ListUserPoolClients.yaml b/fixture/ListUserPoolClients.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListUserPoolClients.yaml
diff --git a/fixture/ListUserPoolClientsResponse.proto b/fixture/ListUserPoolClientsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListUserPoolClientsResponse.proto
diff --git a/fixture/ListUserPools.yaml b/fixture/ListUserPools.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListUserPools.yaml
diff --git a/fixture/ListUserPoolsResponse.proto b/fixture/ListUserPoolsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListUserPoolsResponse.proto
diff --git a/fixture/ListUsers.yaml b/fixture/ListUsers.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListUsers.yaml
diff --git a/fixture/ListUsersResponse.proto b/fixture/ListUsersResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListUsersResponse.proto
diff --git a/fixture/ResendConfirmationCode.yaml b/fixture/ResendConfirmationCode.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ResendConfirmationCode.yaml
diff --git a/fixture/ResendConfirmationCodeResponse.proto b/fixture/ResendConfirmationCodeResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ResendConfirmationCodeResponse.proto
diff --git a/fixture/SetUserSettings.yaml b/fixture/SetUserSettings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/SetUserSettings.yaml
diff --git a/fixture/SetUserSettingsResponse.proto b/fixture/SetUserSettingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/SetUserSettingsResponse.proto
diff --git a/fixture/SignUp.yaml b/fixture/SignUp.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/SignUp.yaml
diff --git a/fixture/SignUpResponse.proto b/fixture/SignUpResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/SignUpResponse.proto
diff --git a/fixture/UpdateUserAttributes.yaml b/fixture/UpdateUserAttributes.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateUserAttributes.yaml
diff --git a/fixture/UpdateUserAttributesResponse.proto b/fixture/UpdateUserAttributesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateUserAttributesResponse.proto
diff --git a/fixture/UpdateUserPool.yaml b/fixture/UpdateUserPool.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateUserPool.yaml
diff --git a/fixture/UpdateUserPoolClient.yaml b/fixture/UpdateUserPoolClient.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateUserPoolClient.yaml
diff --git a/fixture/UpdateUserPoolClientResponse.proto b/fixture/UpdateUserPoolClientResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateUserPoolClientResponse.proto
diff --git a/fixture/UpdateUserPoolResponse.proto b/fixture/UpdateUserPoolResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateUserPoolResponse.proto
diff --git a/fixture/VerifyUserAttribute.yaml b/fixture/VerifyUserAttribute.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/VerifyUserAttribute.yaml
diff --git a/fixture/VerifyUserAttributeResponse.proto b/fixture/VerifyUserAttributeResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/VerifyUserAttributeResponse.proto
diff --git a/gen/Network/AWS/CognitoIdentityProvider.hs b/gen/Network/AWS/CognitoIdentityProvider.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider.hs
@@ -0,0 +1,395 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- You can create a user pool in Amazon Cognito Identity to manage
+-- directories and users. You can authenticate a user to obtain tokens
+-- related to user identity and access policies.
+--
+-- This API reference provides information about user pools in Amazon
+-- Cognito Identity, which is a new capability that is available as a beta.
+module Network.AWS.CognitoIdentityProvider
+    (
+    -- * Service Configuration
+      cognitoIdentityProvider
+
+    -- * Errors
+    -- $errors
+
+    -- ** InvalidParameterException
+    , _InvalidParameterException
+
+    -- ** InvalidLambdaResponseException
+    , _InvalidLambdaResponseException
+
+    -- ** UnexpectedLambdaException
+    , _UnexpectedLambdaException
+
+    -- ** NotAuthorizedException
+    , _NotAuthorizedException
+
+    -- ** InternalErrorException
+    , _InternalErrorException
+
+    -- ** CodeMismatchException
+    , _CodeMismatchException
+
+    -- ** TooManyRequestsException
+    , _TooManyRequestsException
+
+    -- ** ConcurrentModificationException
+    , _ConcurrentModificationException
+
+    -- ** UserLambdaValidationException
+    , _UserLambdaValidationException
+
+    -- ** ExpiredCodeException
+    , _ExpiredCodeException
+
+    -- ** TooManyFailedAttemptsException
+    , _TooManyFailedAttemptsException
+
+    -- ** ResourceNotFoundException
+    , _ResourceNotFoundException
+
+    -- ** AliasExistsException
+    , _AliasExistsException
+
+    -- ** LimitExceededException
+    , _LimitExceededException
+
+    -- ** InvalidPasswordException
+    , _InvalidPasswordException
+
+    -- ** UsernameExistsException
+    , _UsernameExistsException
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** DeleteUserPool
+    , module Network.AWS.CognitoIdentityProvider.DeleteUserPool
+
+    -- ** UpdateUserPool
+    , module Network.AWS.CognitoIdentityProvider.UpdateUserPool
+
+    -- ** AdminEnableUser
+    , module Network.AWS.CognitoIdentityProvider.AdminEnableUser
+
+    -- ** GetUserAttributeVerificationCode
+    , module Network.AWS.CognitoIdentityProvider.GetUserAttributeVerificationCode
+
+    -- ** UpdateUserAttributes
+    , module Network.AWS.CognitoIdentityProvider.UpdateUserAttributes
+
+    -- ** DeleteUserAttributes
+    , module Network.AWS.CognitoIdentityProvider.DeleteUserAttributes
+
+    -- ** VerifyUserAttribute
+    , module Network.AWS.CognitoIdentityProvider.VerifyUserAttribute
+
+    -- ** AdminDisableUser
+    , module Network.AWS.CognitoIdentityProvider.AdminDisableUser
+
+    -- ** ConfirmForgotPassword
+    , module Network.AWS.CognitoIdentityProvider.ConfirmForgotPassword
+
+    -- ** ListUsers
+    , module Network.AWS.CognitoIdentityProvider.ListUsers
+
+    -- ** AdminDeleteUserAttributes
+    , module Network.AWS.CognitoIdentityProvider.AdminDeleteUserAttributes
+
+    -- ** AdminUpdateUserAttributes
+    , module Network.AWS.CognitoIdentityProvider.AdminUpdateUserAttributes
+
+    -- ** AdminGetUser
+    , module Network.AWS.CognitoIdentityProvider.AdminGetUser
+
+    -- ** ForgotPassword
+    , module Network.AWS.CognitoIdentityProvider.ForgotPassword
+
+    -- ** DescribeUserPool
+    , module Network.AWS.CognitoIdentityProvider.DescribeUserPool
+
+    -- ** AdminConfirmSignUp
+    , module Network.AWS.CognitoIdentityProvider.AdminConfirmSignUp
+
+    -- ** SignUp
+    , module Network.AWS.CognitoIdentityProvider.SignUp
+
+    -- ** ChangePassword
+    , module Network.AWS.CognitoIdentityProvider.ChangePassword
+
+    -- ** CreateUserPool
+    , module Network.AWS.CognitoIdentityProvider.CreateUserPool
+
+    -- ** ConfirmSignUp
+    , module Network.AWS.CognitoIdentityProvider.ConfirmSignUp
+
+    -- ** ListUserPools
+    , module Network.AWS.CognitoIdentityProvider.ListUserPools
+
+    -- ** AdminResetUserPassword
+    , module Network.AWS.CognitoIdentityProvider.AdminResetUserPassword
+
+    -- ** GetUser
+    , module Network.AWS.CognitoIdentityProvider.GetUser
+
+    -- ** AdminDeleteUser
+    , module Network.AWS.CognitoIdentityProvider.AdminDeleteUser
+
+    -- ** AddCustomAttributes
+    , module Network.AWS.CognitoIdentityProvider.AddCustomAttributes
+
+    -- ** ListUserPoolClients
+    , module Network.AWS.CognitoIdentityProvider.ListUserPoolClients
+
+    -- ** UpdateUserPoolClient
+    , module Network.AWS.CognitoIdentityProvider.UpdateUserPoolClient
+
+    -- ** DeleteUserPoolClient
+    , module Network.AWS.CognitoIdentityProvider.DeleteUserPoolClient
+
+    -- ** DeleteUser
+    , module Network.AWS.CognitoIdentityProvider.DeleteUser
+
+    -- ** CreateUserPoolClient
+    , module Network.AWS.CognitoIdentityProvider.CreateUserPoolClient
+
+    -- ** SetUserSettings
+    , module Network.AWS.CognitoIdentityProvider.SetUserSettings
+
+    -- ** DescribeUserPoolClient
+    , module Network.AWS.CognitoIdentityProvider.DescribeUserPoolClient
+
+    -- ** ResendConfirmationCode
+    , module Network.AWS.CognitoIdentityProvider.ResendConfirmationCode
+
+    -- ** AdminSetUserSettings
+    , module Network.AWS.CognitoIdentityProvider.AdminSetUserSettings
+
+    -- * Types
+
+    -- ** AliasAttributeType
+    , AliasAttributeType (..)
+
+    -- ** AttributeDataType
+    , AttributeDataType (..)
+
+    -- ** DeliveryMediumType
+    , DeliveryMediumType (..)
+
+    -- ** StatusType
+    , StatusType (..)
+
+    -- ** UserPoolMFAType
+    , UserPoolMFAType (..)
+
+    -- ** UserStatusType
+    , UserStatusType (..)
+
+    -- ** VerifiedAttributeType
+    , VerifiedAttributeType (..)
+
+    -- ** AttributeType
+    , AttributeType
+    , attributeType
+    , atValue
+    , atName
+
+    -- ** CodeDeliveryDetailsType
+    , CodeDeliveryDetailsType
+    , codeDeliveryDetailsType
+    , cddtDestination
+    , cddtDeliveryMedium
+    , cddtAttributeName
+
+    -- ** LambdaConfigType
+    , LambdaConfigType
+    , lambdaConfigType
+    , lctPreAuthentication
+    , lctPostAuthentication
+    , lctCustomMessage
+    , lctPostConfirmation
+    , lctPreSignUp
+
+    -- ** MFAOptionType
+    , MFAOptionType
+    , mfaOptionType
+    , motDeliveryMedium
+    , motAttributeName
+
+    -- ** NumberAttributeConstraintsType
+    , NumberAttributeConstraintsType
+    , numberAttributeConstraintsType
+    , nactMaxValue
+    , nactMinValue
+
+    -- ** PasswordPolicyType
+    , PasswordPolicyType
+    , passwordPolicyType
+    , pptRequireNumbers
+    , pptRequireUppercase
+    , pptRequireLowercase
+    , pptMinimumLength
+    , pptRequireSymbols
+
+    -- ** SchemaAttributeType
+    , SchemaAttributeType
+    , schemaAttributeType
+    , satNumberAttributeConstraints
+    , satRequired
+    , satAttributeDataType
+    , satStringAttributeConstraints
+    , satName
+    , satDeveloperOnlyAttribute
+    , satMutable
+
+    -- ** StringAttributeConstraintsType
+    , StringAttributeConstraintsType
+    , stringAttributeConstraintsType
+    , sactMaxLength
+    , sactMinLength
+
+    -- ** UserPoolClientDescription
+    , UserPoolClientDescription
+    , userPoolClientDescription
+    , upcdClientId
+    , upcdUserPoolId
+    , upcdClientName
+
+    -- ** UserPoolClientType
+    , UserPoolClientType
+    , userPoolClientType
+    , upctClientId
+    , upctClientSecret
+    , upctLastModifiedDate
+    , upctUserPoolId
+    , upctCreationDate
+    , upctClientName
+
+    -- ** UserPoolDescriptionType
+    , UserPoolDescriptionType
+    , userPoolDescriptionType
+    , updtStatus
+    , updtLastModifiedDate
+    , updtName
+    , updtId
+    , updtCreationDate
+    , updtLambdaConfig
+
+    -- ** UserPoolPolicyType
+    , UserPoolPolicyType
+    , userPoolPolicyType
+    , upptPasswordPolicy
+
+    -- ** UserPoolType
+    , UserPoolType
+    , userPoolType
+    , uptStatus
+    , uptLastModifiedDate
+    , uptEstimatedNumberOfUsers
+    , uptEmailVerificationMessage
+    , uptSmsAuthenticationMessage
+    , uptSchemaAttributes
+    , uptEmailVerificationSubject
+    , uptAliasAttributes
+    , uptSmsVerificationMessage
+    , uptName
+    , uptMFAConfiguration
+    , uptId
+    , uptCreationDate
+    , uptLambdaConfig
+    , uptAutoVerifiedAttributes
+    , uptPolicies
+
+    -- ** UserType
+    , UserType
+    , userType
+    , utEnabled
+    , utUserStatus
+    , utUsername
+    , utUserCreateDate
+    , utAttributes
+    , utUserLastModifiedDate
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.AddCustomAttributes
+import           Network.AWS.CognitoIdentityProvider.AdminConfirmSignUp
+import           Network.AWS.CognitoIdentityProvider.AdminDeleteUser
+import           Network.AWS.CognitoIdentityProvider.AdminDeleteUserAttributes
+import           Network.AWS.CognitoIdentityProvider.AdminDisableUser
+import           Network.AWS.CognitoIdentityProvider.AdminEnableUser
+import           Network.AWS.CognitoIdentityProvider.AdminGetUser
+import           Network.AWS.CognitoIdentityProvider.AdminResetUserPassword
+import           Network.AWS.CognitoIdentityProvider.AdminSetUserSettings
+import           Network.AWS.CognitoIdentityProvider.AdminUpdateUserAttributes
+import           Network.AWS.CognitoIdentityProvider.ChangePassword
+import           Network.AWS.CognitoIdentityProvider.ConfirmForgotPassword
+import           Network.AWS.CognitoIdentityProvider.ConfirmSignUp
+import           Network.AWS.CognitoIdentityProvider.CreateUserPool
+import           Network.AWS.CognitoIdentityProvider.CreateUserPoolClient
+import           Network.AWS.CognitoIdentityProvider.DeleteUser
+import           Network.AWS.CognitoIdentityProvider.DeleteUserAttributes
+import           Network.AWS.CognitoIdentityProvider.DeleteUserPool
+import           Network.AWS.CognitoIdentityProvider.DeleteUserPoolClient
+import           Network.AWS.CognitoIdentityProvider.DescribeUserPool
+import           Network.AWS.CognitoIdentityProvider.DescribeUserPoolClient
+import           Network.AWS.CognitoIdentityProvider.ForgotPassword
+import           Network.AWS.CognitoIdentityProvider.GetUser
+import           Network.AWS.CognitoIdentityProvider.GetUserAttributeVerificationCode
+import           Network.AWS.CognitoIdentityProvider.ListUserPoolClients
+import           Network.AWS.CognitoIdentityProvider.ListUserPools
+import           Network.AWS.CognitoIdentityProvider.ListUsers
+import           Network.AWS.CognitoIdentityProvider.ResendConfirmationCode
+import           Network.AWS.CognitoIdentityProvider.SetUserSettings
+import           Network.AWS.CognitoIdentityProvider.SignUp
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.UpdateUserAttributes
+import           Network.AWS.CognitoIdentityProvider.UpdateUserPool
+import           Network.AWS.CognitoIdentityProvider.UpdateUserPoolClient
+import           Network.AWS.CognitoIdentityProvider.VerifyUserAttribute
+import           Network.AWS.CognitoIdentityProvider.Waiters
+
+{- $errors
+Error matchers are designed for use with the functions provided by
+<http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+This allows catching (and rethrowing) service specific errors returned
+by 'CognitoIdentityProvider'.
+-}
+
+{- $operations
+Some AWS operations return results that are incomplete and require subsequent
+requests in order to obtain the entire result set. The process of sending
+subsequent requests to continue where a previous request left off is called
+pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+1000 objects at a time, and you must send subsequent requests with the
+appropriate Marker in order to retrieve the next page of results.
+
+Operations that have an 'AWSPager' instance can transparently perform subsequent
+requests, correctly setting Markers and other request facets to iterate through
+the entire result set of a truncated API operation. Operations which support
+this have an additional note in the documentation.
+
+Many operations have the ability to filter results on the server side. See the
+individual operation parameters for details.
+-}
+
+{- $waiters
+Waiters poll by repeatedly sending a request until some remote success condition
+configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+determines how many attempts should be made, in addition to delay and retry strategies.
+-}
diff --git a/gen/Network/AWS/CognitoIdentityProvider/AddCustomAttributes.hs b/gen/Network/AWS/CognitoIdentityProvider/AddCustomAttributes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/AddCustomAttributes.hs
@@ -0,0 +1,140 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.AddCustomAttributes
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Adds additional user attributes to the user pool schema.
+module Network.AWS.CognitoIdentityProvider.AddCustomAttributes
+    (
+    -- * Creating a Request
+      addCustomAttributes
+    , AddCustomAttributes
+    -- * Request Lenses
+    , acaUserPoolId
+    , acaCustomAttributes
+
+    -- * Destructuring the Response
+    , addCustomAttributesResponse
+    , AddCustomAttributesResponse
+    -- * Response Lenses
+    , acarsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to add custom attributes.
+--
+-- /See:/ 'addCustomAttributes' smart constructor.
+data AddCustomAttributes = AddCustomAttributes'
+    { _acaUserPoolId       :: !Text
+    , _acaCustomAttributes :: !(List1 SchemaAttributeType)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AddCustomAttributes' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'acaUserPoolId'
+--
+-- * 'acaCustomAttributes'
+addCustomAttributes
+    :: Text -- ^ 'acaUserPoolId'
+    -> NonEmpty SchemaAttributeType -- ^ 'acaCustomAttributes'
+    -> AddCustomAttributes
+addCustomAttributes pUserPoolId_ pCustomAttributes_ =
+    AddCustomAttributes'
+    { _acaUserPoolId = pUserPoolId_
+    , _acaCustomAttributes = _List1 # pCustomAttributes_
+    }
+
+-- | The user pool ID for the user pool where you want to add custom
+-- attributes.
+acaUserPoolId :: Lens' AddCustomAttributes Text
+acaUserPoolId = lens _acaUserPoolId (\ s a -> s{_acaUserPoolId = a});
+
+-- | An array of custom attributes, such as Mutable and Name.
+acaCustomAttributes :: Lens' AddCustomAttributes (NonEmpty SchemaAttributeType)
+acaCustomAttributes = lens _acaCustomAttributes (\ s a -> s{_acaCustomAttributes = a}) . _List1;
+
+instance AWSRequest AddCustomAttributes where
+        type Rs AddCustomAttributes =
+             AddCustomAttributesResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 AddCustomAttributesResponse' <$> (pure (fromEnum s)))
+
+instance Hashable AddCustomAttributes
+
+instance NFData AddCustomAttributes
+
+instance ToHeaders AddCustomAttributes where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.AddCustomAttributes"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON AddCustomAttributes where
+        toJSON AddCustomAttributes'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _acaUserPoolId),
+                  Just ("CustomAttributes" .= _acaCustomAttributes)])
+
+instance ToPath AddCustomAttributes where
+        toPath = const "/"
+
+instance ToQuery AddCustomAttributes where
+        toQuery = const mempty
+
+-- | Represents the response from the server for the request to add custom
+-- attributes.
+--
+-- /See:/ 'addCustomAttributesResponse' smart constructor.
+newtype AddCustomAttributesResponse = AddCustomAttributesResponse'
+    { _acarsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AddCustomAttributesResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'acarsResponseStatus'
+addCustomAttributesResponse
+    :: Int -- ^ 'acarsResponseStatus'
+    -> AddCustomAttributesResponse
+addCustomAttributesResponse pResponseStatus_ =
+    AddCustomAttributesResponse'
+    { _acarsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+acarsResponseStatus :: Lens' AddCustomAttributesResponse Int
+acarsResponseStatus = lens _acarsResponseStatus (\ s a -> s{_acarsResponseStatus = a});
+
+instance NFData AddCustomAttributesResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/AdminConfirmSignUp.hs b/gen/Network/AWS/CognitoIdentityProvider/AdminConfirmSignUp.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/AdminConfirmSignUp.hs
@@ -0,0 +1,140 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.AdminConfirmSignUp
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Confirms user registration as an admin without using a confirmation
+-- code. Works on any user.
+module Network.AWS.CognitoIdentityProvider.AdminConfirmSignUp
+    (
+    -- * Creating a Request
+      adminConfirmSignUp
+    , AdminConfirmSignUp
+    -- * Request Lenses
+    , acsuUserPoolId
+    , acsuUsername
+
+    -- * Destructuring the Response
+    , adminConfirmSignUpResponse
+    , AdminConfirmSignUpResponse
+    -- * Response Lenses
+    , acsursResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to confirm user registration.
+--
+-- /See:/ 'adminConfirmSignUp' smart constructor.
+data AdminConfirmSignUp = AdminConfirmSignUp'
+    { _acsuUserPoolId :: !Text
+    , _acsuUsername   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminConfirmSignUp' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'acsuUserPoolId'
+--
+-- * 'acsuUsername'
+adminConfirmSignUp
+    :: Text -- ^ 'acsuUserPoolId'
+    -> Text -- ^ 'acsuUsername'
+    -> AdminConfirmSignUp
+adminConfirmSignUp pUserPoolId_ pUsername_ =
+    AdminConfirmSignUp'
+    { _acsuUserPoolId = pUserPoolId_
+    , _acsuUsername = _Sensitive # pUsername_
+    }
+
+-- | The user pool ID for which you want to confirm user registration.
+acsuUserPoolId :: Lens' AdminConfirmSignUp Text
+acsuUserPoolId = lens _acsuUserPoolId (\ s a -> s{_acsuUserPoolId = a});
+
+-- | The user name for which you want to confirm user registration.
+acsuUsername :: Lens' AdminConfirmSignUp Text
+acsuUsername = lens _acsuUsername (\ s a -> s{_acsuUsername = a}) . _Sensitive;
+
+instance AWSRequest AdminConfirmSignUp where
+        type Rs AdminConfirmSignUp =
+             AdminConfirmSignUpResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 AdminConfirmSignUpResponse' <$> (pure (fromEnum s)))
+
+instance Hashable AdminConfirmSignUp
+
+instance NFData AdminConfirmSignUp
+
+instance ToHeaders AdminConfirmSignUp where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.AdminConfirmSignUp"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON AdminConfirmSignUp where
+        toJSON AdminConfirmSignUp'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _acsuUserPoolId),
+                  Just ("Username" .= _acsuUsername)])
+
+instance ToPath AdminConfirmSignUp where
+        toPath = const "/"
+
+instance ToQuery AdminConfirmSignUp where
+        toQuery = const mempty
+
+-- | Represents the response from the server for the request to confirm
+-- registration.
+--
+-- /See:/ 'adminConfirmSignUpResponse' smart constructor.
+newtype AdminConfirmSignUpResponse = AdminConfirmSignUpResponse'
+    { _acsursResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminConfirmSignUpResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'acsursResponseStatus'
+adminConfirmSignUpResponse
+    :: Int -- ^ 'acsursResponseStatus'
+    -> AdminConfirmSignUpResponse
+adminConfirmSignUpResponse pResponseStatus_ =
+    AdminConfirmSignUpResponse'
+    { _acsursResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+acsursResponseStatus :: Lens' AdminConfirmSignUpResponse Int
+acsursResponseStatus = lens _acsursResponseStatus (\ s a -> s{_acsursResponseStatus = a});
+
+instance NFData AdminConfirmSignUpResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/AdminDeleteUser.hs b/gen/Network/AWS/CognitoIdentityProvider/AdminDeleteUser.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/AdminDeleteUser.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.AdminDeleteUser
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a user as an administrator. Works on any user.
+module Network.AWS.CognitoIdentityProvider.AdminDeleteUser
+    (
+    -- * Creating a Request
+      adminDeleteUser
+    , AdminDeleteUser
+    -- * Request Lenses
+    , aUserPoolId
+    , aUsername
+
+    -- * Destructuring the Response
+    , adminDeleteUserResponse
+    , AdminDeleteUserResponse
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to delete a user as an administrator.
+--
+-- /See:/ 'adminDeleteUser' smart constructor.
+data AdminDeleteUser = AdminDeleteUser'
+    { _aUserPoolId :: !Text
+    , _aUsername   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminDeleteUser' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'aUserPoolId'
+--
+-- * 'aUsername'
+adminDeleteUser
+    :: Text -- ^ 'aUserPoolId'
+    -> Text -- ^ 'aUsername'
+    -> AdminDeleteUser
+adminDeleteUser pUserPoolId_ pUsername_ =
+    AdminDeleteUser'
+    { _aUserPoolId = pUserPoolId_
+    , _aUsername = _Sensitive # pUsername_
+    }
+
+-- | The user pool ID for the user pool where you want to delete the user.
+aUserPoolId :: Lens' AdminDeleteUser Text
+aUserPoolId = lens _aUserPoolId (\ s a -> s{_aUserPoolId = a});
+
+-- | The user name of the user you wish to delete.
+aUsername :: Lens' AdminDeleteUser Text
+aUsername = lens _aUsername (\ s a -> s{_aUsername = a}) . _Sensitive;
+
+instance AWSRequest AdminDeleteUser where
+        type Rs AdminDeleteUser = AdminDeleteUserResponse
+        request = postJSON cognitoIdentityProvider
+        response = receiveNull AdminDeleteUserResponse'
+
+instance Hashable AdminDeleteUser
+
+instance NFData AdminDeleteUser
+
+instance ToHeaders AdminDeleteUser where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.AdminDeleteUser"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON AdminDeleteUser where
+        toJSON AdminDeleteUser'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _aUserPoolId),
+                  Just ("Username" .= _aUsername)])
+
+instance ToPath AdminDeleteUser where
+        toPath = const "/"
+
+instance ToQuery AdminDeleteUser where
+        toQuery = const mempty
+
+-- | /See:/ 'adminDeleteUserResponse' smart constructor.
+data AdminDeleteUserResponse =
+    AdminDeleteUserResponse'
+    deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminDeleteUserResponse' with the minimum fields required to make a request.
+--
+adminDeleteUserResponse
+    :: AdminDeleteUserResponse
+adminDeleteUserResponse = AdminDeleteUserResponse'
+
+instance NFData AdminDeleteUserResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/AdminDeleteUserAttributes.hs b/gen/Network/AWS/CognitoIdentityProvider/AdminDeleteUserAttributes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/AdminDeleteUserAttributes.hs
@@ -0,0 +1,155 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.AdminDeleteUserAttributes
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the user attributes in a user pool as an administrator. Works on
+-- any user.
+module Network.AWS.CognitoIdentityProvider.AdminDeleteUserAttributes
+    (
+    -- * Creating a Request
+      adminDeleteUserAttributes
+    , AdminDeleteUserAttributes
+    -- * Request Lenses
+    , aduaUserPoolId
+    , aduaUsername
+    , aduaUserAttributeNames
+
+    -- * Destructuring the Response
+    , adminDeleteUserAttributesResponse
+    , AdminDeleteUserAttributesResponse
+    -- * Response Lenses
+    , aduarsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to delete user attributes as an administrator.
+--
+-- /See:/ 'adminDeleteUserAttributes' smart constructor.
+data AdminDeleteUserAttributes = AdminDeleteUserAttributes'
+    { _aduaUserPoolId         :: !Text
+    , _aduaUsername           :: !(Sensitive Text)
+    , _aduaUserAttributeNames :: ![Text]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminDeleteUserAttributes' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'aduaUserPoolId'
+--
+-- * 'aduaUsername'
+--
+-- * 'aduaUserAttributeNames'
+adminDeleteUserAttributes
+    :: Text -- ^ 'aduaUserPoolId'
+    -> Text -- ^ 'aduaUsername'
+    -> AdminDeleteUserAttributes
+adminDeleteUserAttributes pUserPoolId_ pUsername_ =
+    AdminDeleteUserAttributes'
+    { _aduaUserPoolId = pUserPoolId_
+    , _aduaUsername = _Sensitive # pUsername_
+    , _aduaUserAttributeNames = mempty
+    }
+
+-- | The user pool ID for the user pool where you want to delete user
+-- attributes.
+aduaUserPoolId :: Lens' AdminDeleteUserAttributes Text
+aduaUserPoolId = lens _aduaUserPoolId (\ s a -> s{_aduaUserPoolId = a});
+
+-- | The user name of the user from which you would like to delete
+-- attributes.
+aduaUsername :: Lens' AdminDeleteUserAttributes Text
+aduaUsername = lens _aduaUsername (\ s a -> s{_aduaUsername = a}) . _Sensitive;
+
+-- | An array of strings representing the user attribute names you wish to
+-- delete.
+aduaUserAttributeNames :: Lens' AdminDeleteUserAttributes [Text]
+aduaUserAttributeNames = lens _aduaUserAttributeNames (\ s a -> s{_aduaUserAttributeNames = a}) . _Coerce;
+
+instance AWSRequest AdminDeleteUserAttributes where
+        type Rs AdminDeleteUserAttributes =
+             AdminDeleteUserAttributesResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 AdminDeleteUserAttributesResponse' <$>
+                   (pure (fromEnum s)))
+
+instance Hashable AdminDeleteUserAttributes
+
+instance NFData AdminDeleteUserAttributes
+
+instance ToHeaders AdminDeleteUserAttributes where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.AdminDeleteUserAttributes"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON AdminDeleteUserAttributes where
+        toJSON AdminDeleteUserAttributes'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _aduaUserPoolId),
+                  Just ("Username" .= _aduaUsername),
+                  Just
+                    ("UserAttributeNames" .= _aduaUserAttributeNames)])
+
+instance ToPath AdminDeleteUserAttributes where
+        toPath = const "/"
+
+instance ToQuery AdminDeleteUserAttributes where
+        toQuery = const mempty
+
+-- | Represents the response received from the server for a request to delete
+-- user attributes.
+--
+-- /See:/ 'adminDeleteUserAttributesResponse' smart constructor.
+newtype AdminDeleteUserAttributesResponse = AdminDeleteUserAttributesResponse'
+    { _aduarsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminDeleteUserAttributesResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'aduarsResponseStatus'
+adminDeleteUserAttributesResponse
+    :: Int -- ^ 'aduarsResponseStatus'
+    -> AdminDeleteUserAttributesResponse
+adminDeleteUserAttributesResponse pResponseStatus_ =
+    AdminDeleteUserAttributesResponse'
+    { _aduarsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+aduarsResponseStatus :: Lens' AdminDeleteUserAttributesResponse Int
+aduarsResponseStatus = lens _aduarsResponseStatus (\ s a -> s{_aduarsResponseStatus = a});
+
+instance NFData AdminDeleteUserAttributesResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/AdminDisableUser.hs b/gen/Network/AWS/CognitoIdentityProvider/AdminDisableUser.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/AdminDisableUser.hs
@@ -0,0 +1,138 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.AdminDisableUser
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables the specified user as an administrator. Works on any user.
+module Network.AWS.CognitoIdentityProvider.AdminDisableUser
+    (
+    -- * Creating a Request
+      adminDisableUser
+    , AdminDisableUser
+    -- * Request Lenses
+    , aduUserPoolId
+    , aduUsername
+
+    -- * Destructuring the Response
+    , adminDisableUserResponse
+    , AdminDisableUserResponse
+    -- * Response Lenses
+    , adursResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to disable any user as an administrator.
+--
+-- /See:/ 'adminDisableUser' smart constructor.
+data AdminDisableUser = AdminDisableUser'
+    { _aduUserPoolId :: !Text
+    , _aduUsername   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminDisableUser' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'aduUserPoolId'
+--
+-- * 'aduUsername'
+adminDisableUser
+    :: Text -- ^ 'aduUserPoolId'
+    -> Text -- ^ 'aduUsername'
+    -> AdminDisableUser
+adminDisableUser pUserPoolId_ pUsername_ =
+    AdminDisableUser'
+    { _aduUserPoolId = pUserPoolId_
+    , _aduUsername = _Sensitive # pUsername_
+    }
+
+-- | The user pool ID for the user pool where you want to disable the user.
+aduUserPoolId :: Lens' AdminDisableUser Text
+aduUserPoolId = lens _aduUserPoolId (\ s a -> s{_aduUserPoolId = a});
+
+-- | The user name of the user you wish to disable.
+aduUsername :: Lens' AdminDisableUser Text
+aduUsername = lens _aduUsername (\ s a -> s{_aduUsername = a}) . _Sensitive;
+
+instance AWSRequest AdminDisableUser where
+        type Rs AdminDisableUser = AdminDisableUserResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 AdminDisableUserResponse' <$> (pure (fromEnum s)))
+
+instance Hashable AdminDisableUser
+
+instance NFData AdminDisableUser
+
+instance ToHeaders AdminDisableUser where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.AdminDisableUser"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON AdminDisableUser where
+        toJSON AdminDisableUser'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _aduUserPoolId),
+                  Just ("Username" .= _aduUsername)])
+
+instance ToPath AdminDisableUser where
+        toPath = const "/"
+
+instance ToQuery AdminDisableUser where
+        toQuery = const mempty
+
+-- | Represents the response received from the server to disable the user as
+-- an administrator.
+--
+-- /See:/ 'adminDisableUserResponse' smart constructor.
+newtype AdminDisableUserResponse = AdminDisableUserResponse'
+    { _adursResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminDisableUserResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'adursResponseStatus'
+adminDisableUserResponse
+    :: Int -- ^ 'adursResponseStatus'
+    -> AdminDisableUserResponse
+adminDisableUserResponse pResponseStatus_ =
+    AdminDisableUserResponse'
+    { _adursResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+adursResponseStatus :: Lens' AdminDisableUserResponse Int
+adursResponseStatus = lens _adursResponseStatus (\ s a -> s{_adursResponseStatus = a});
+
+instance NFData AdminDisableUserResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/AdminEnableUser.hs b/gen/Network/AWS/CognitoIdentityProvider/AdminEnableUser.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/AdminEnableUser.hs
@@ -0,0 +1,138 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.AdminEnableUser
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables the specified user as an administrator. Works on any user.
+module Network.AWS.CognitoIdentityProvider.AdminEnableUser
+    (
+    -- * Creating a Request
+      adminEnableUser
+    , AdminEnableUser
+    -- * Request Lenses
+    , aeuUserPoolId
+    , aeuUsername
+
+    -- * Destructuring the Response
+    , adminEnableUserResponse
+    , AdminEnableUserResponse
+    -- * Response Lenses
+    , aeursResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request that enables the user as an administrator.
+--
+-- /See:/ 'adminEnableUser' smart constructor.
+data AdminEnableUser = AdminEnableUser'
+    { _aeuUserPoolId :: !Text
+    , _aeuUsername   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminEnableUser' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'aeuUserPoolId'
+--
+-- * 'aeuUsername'
+adminEnableUser
+    :: Text -- ^ 'aeuUserPoolId'
+    -> Text -- ^ 'aeuUsername'
+    -> AdminEnableUser
+adminEnableUser pUserPoolId_ pUsername_ =
+    AdminEnableUser'
+    { _aeuUserPoolId = pUserPoolId_
+    , _aeuUsername = _Sensitive # pUsername_
+    }
+
+-- | The user pool ID for the user pool where you want to enable the user.
+aeuUserPoolId :: Lens' AdminEnableUser Text
+aeuUserPoolId = lens _aeuUserPoolId (\ s a -> s{_aeuUserPoolId = a});
+
+-- | The user name of the user you wish to ebable.
+aeuUsername :: Lens' AdminEnableUser Text
+aeuUsername = lens _aeuUsername (\ s a -> s{_aeuUsername = a}) . _Sensitive;
+
+instance AWSRequest AdminEnableUser where
+        type Rs AdminEnableUser = AdminEnableUserResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 AdminEnableUserResponse' <$> (pure (fromEnum s)))
+
+instance Hashable AdminEnableUser
+
+instance NFData AdminEnableUser
+
+instance ToHeaders AdminEnableUser where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.AdminEnableUser"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON AdminEnableUser where
+        toJSON AdminEnableUser'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _aeuUserPoolId),
+                  Just ("Username" .= _aeuUsername)])
+
+instance ToPath AdminEnableUser where
+        toPath = const "/"
+
+instance ToQuery AdminEnableUser where
+        toQuery = const mempty
+
+-- | Represents the response from the server for the request to enable a user
+-- as an administrator.
+--
+-- /See:/ 'adminEnableUserResponse' smart constructor.
+newtype AdminEnableUserResponse = AdminEnableUserResponse'
+    { _aeursResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminEnableUserResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'aeursResponseStatus'
+adminEnableUserResponse
+    :: Int -- ^ 'aeursResponseStatus'
+    -> AdminEnableUserResponse
+adminEnableUserResponse pResponseStatus_ =
+    AdminEnableUserResponse'
+    { _aeursResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+aeursResponseStatus :: Lens' AdminEnableUserResponse Int
+aeursResponseStatus = lens _aeursResponseStatus (\ s a -> s{_aeursResponseStatus = a});
+
+instance NFData AdminEnableUserResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/AdminGetUser.hs b/gen/Network/AWS/CognitoIdentityProvider/AdminGetUser.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/AdminGetUser.hs
@@ -0,0 +1,217 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.AdminGetUser
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets the specified user by user name in a user pool as an administrator.
+-- Works on any user.
+module Network.AWS.CognitoIdentityProvider.AdminGetUser
+    (
+    -- * Creating a Request
+      adminGetUser
+    , AdminGetUser
+    -- * Request Lenses
+    , aguUserPoolId
+    , aguUsername
+
+    -- * Destructuring the Response
+    , adminGetUserResponse
+    , AdminGetUserResponse
+    -- * Response Lenses
+    , agursEnabled
+    , agursUserStatus
+    , agursUserAttributes
+    , agursUserCreateDate
+    , agursMFAOptions
+    , agursUserLastModifiedDate
+    , agursResponseStatus
+    , agursUsername
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to get the specified user as an administrator.
+--
+-- /See:/ 'adminGetUser' smart constructor.
+data AdminGetUser = AdminGetUser'
+    { _aguUserPoolId :: !Text
+    , _aguUsername   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminGetUser' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'aguUserPoolId'
+--
+-- * 'aguUsername'
+adminGetUser
+    :: Text -- ^ 'aguUserPoolId'
+    -> Text -- ^ 'aguUsername'
+    -> AdminGetUser
+adminGetUser pUserPoolId_ pUsername_ =
+    AdminGetUser'
+    { _aguUserPoolId = pUserPoolId_
+    , _aguUsername = _Sensitive # pUsername_
+    }
+
+-- | The user pool ID for the user pool where you want to get information
+-- about the user.
+aguUserPoolId :: Lens' AdminGetUser Text
+aguUserPoolId = lens _aguUserPoolId (\ s a -> s{_aguUserPoolId = a});
+
+-- | The user name of the user you wish to retrieve.
+aguUsername :: Lens' AdminGetUser Text
+aguUsername = lens _aguUsername (\ s a -> s{_aguUsername = a}) . _Sensitive;
+
+instance AWSRequest AdminGetUser where
+        type Rs AdminGetUser = AdminGetUserResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 AdminGetUserResponse' <$>
+                   (x .?> "Enabled") <*> (x .?> "UserStatus") <*>
+                     (x .?> "UserAttributes" .!@ mempty)
+                     <*> (x .?> "UserCreateDate")
+                     <*> (x .?> "MFAOptions" .!@ mempty)
+                     <*> (x .?> "UserLastModifiedDate")
+                     <*> (pure (fromEnum s))
+                     <*> (x .:> "Username"))
+
+instance Hashable AdminGetUser
+
+instance NFData AdminGetUser
+
+instance ToHeaders AdminGetUser where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.AdminGetUser" ::
+                       ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON AdminGetUser where
+        toJSON AdminGetUser'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _aguUserPoolId),
+                  Just ("Username" .= _aguUsername)])
+
+instance ToPath AdminGetUser where
+        toPath = const "/"
+
+instance ToQuery AdminGetUser where
+        toQuery = const mempty
+
+-- | Represents the response from the server from the request to get the
+-- specified user as an administrator.
+--
+-- /See:/ 'adminGetUserResponse' smart constructor.
+data AdminGetUserResponse = AdminGetUserResponse'
+    { _agursEnabled              :: !(Maybe Bool)
+    , _agursUserStatus           :: !(Maybe UserStatusType)
+    , _agursUserAttributes       :: !(Maybe [AttributeType])
+    , _agursUserCreateDate       :: !(Maybe POSIX)
+    , _agursMFAOptions           :: !(Maybe [MFAOptionType])
+    , _agursUserLastModifiedDate :: !(Maybe POSIX)
+    , _agursResponseStatus       :: !Int
+    , _agursUsername             :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminGetUserResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'agursEnabled'
+--
+-- * 'agursUserStatus'
+--
+-- * 'agursUserAttributes'
+--
+-- * 'agursUserCreateDate'
+--
+-- * 'agursMFAOptions'
+--
+-- * 'agursUserLastModifiedDate'
+--
+-- * 'agursResponseStatus'
+--
+-- * 'agursUsername'
+adminGetUserResponse
+    :: Int -- ^ 'agursResponseStatus'
+    -> Text -- ^ 'agursUsername'
+    -> AdminGetUserResponse
+adminGetUserResponse pResponseStatus_ pUsername_ =
+    AdminGetUserResponse'
+    { _agursEnabled = Nothing
+    , _agursUserStatus = Nothing
+    , _agursUserAttributes = Nothing
+    , _agursUserCreateDate = Nothing
+    , _agursMFAOptions = Nothing
+    , _agursUserLastModifiedDate = Nothing
+    , _agursResponseStatus = pResponseStatus_
+    , _agursUsername = _Sensitive # pUsername_
+    }
+
+-- | Indicates that the status is enabled.
+agursEnabled :: Lens' AdminGetUserResponse (Maybe Bool)
+agursEnabled = lens _agursEnabled (\ s a -> s{_agursEnabled = a});
+
+-- | The user status. Can be one of the following:
+--
+-- -   UNCONFIRMED - User has been created but not confirmed.
+-- -   CONFIRMED - User has been confirmed.
+-- -   ARCHIVED - User is no longer active.
+-- -   COMPROMISED - User is disabled due to a potential security threat.
+-- -   UNKNOWN - User status is not known.
+agursUserStatus :: Lens' AdminGetUserResponse (Maybe UserStatusType)
+agursUserStatus = lens _agursUserStatus (\ s a -> s{_agursUserStatus = a});
+
+-- | An array of name-value pairs representing user attributes.
+agursUserAttributes :: Lens' AdminGetUserResponse [AttributeType]
+agursUserAttributes = lens _agursUserAttributes (\ s a -> s{_agursUserAttributes = a}) . _Default . _Coerce;
+
+-- | The date the user was created.
+agursUserCreateDate :: Lens' AdminGetUserResponse (Maybe UTCTime)
+agursUserCreateDate = lens _agursUserCreateDate (\ s a -> s{_agursUserCreateDate = a}) . mapping _Time;
+
+-- | Specifies the options for MFA (e.g., email or phone number).
+agursMFAOptions :: Lens' AdminGetUserResponse [MFAOptionType]
+agursMFAOptions = lens _agursMFAOptions (\ s a -> s{_agursMFAOptions = a}) . _Default . _Coerce;
+
+-- | The date the user was last modified.
+agursUserLastModifiedDate :: Lens' AdminGetUserResponse (Maybe UTCTime)
+agursUserLastModifiedDate = lens _agursUserLastModifiedDate (\ s a -> s{_agursUserLastModifiedDate = a}) . mapping _Time;
+
+-- | The response status code.
+agursResponseStatus :: Lens' AdminGetUserResponse Int
+agursResponseStatus = lens _agursResponseStatus (\ s a -> s{_agursResponseStatus = a});
+
+-- | The user name of the user about whom you are receiving information.
+agursUsername :: Lens' AdminGetUserResponse Text
+agursUsername = lens _agursUsername (\ s a -> s{_agursUsername = a}) . _Sensitive;
+
+instance NFData AdminGetUserResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/AdminResetUserPassword.hs b/gen/Network/AWS/CognitoIdentityProvider/AdminResetUserPassword.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/AdminResetUserPassword.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.AdminResetUserPassword
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Resets the specified user\'s password in a user pool as an
+-- administrator. Works on any user.
+module Network.AWS.CognitoIdentityProvider.AdminResetUserPassword
+    (
+    -- * Creating a Request
+      adminResetUserPassword
+    , AdminResetUserPassword
+    -- * Request Lenses
+    , arupUserPoolId
+    , arupUsername
+
+    -- * Destructuring the Response
+    , adminResetUserPasswordResponse
+    , AdminResetUserPasswordResponse
+    -- * Response Lenses
+    , aruprsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to reset a user\'s password as an administrator.
+--
+-- /See:/ 'adminResetUserPassword' smart constructor.
+data AdminResetUserPassword = AdminResetUserPassword'
+    { _arupUserPoolId :: !Text
+    , _arupUsername   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminResetUserPassword' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'arupUserPoolId'
+--
+-- * 'arupUsername'
+adminResetUserPassword
+    :: Text -- ^ 'arupUserPoolId'
+    -> Text -- ^ 'arupUsername'
+    -> AdminResetUserPassword
+adminResetUserPassword pUserPoolId_ pUsername_ =
+    AdminResetUserPassword'
+    { _arupUserPoolId = pUserPoolId_
+    , _arupUsername = _Sensitive # pUsername_
+    }
+
+-- | The user pool ID for the user pool where you want to reset the user\'s
+-- password.
+arupUserPoolId :: Lens' AdminResetUserPassword Text
+arupUserPoolId = lens _arupUserPoolId (\ s a -> s{_arupUserPoolId = a});
+
+-- | The user name of the user whose password you wish to reset.
+arupUsername :: Lens' AdminResetUserPassword Text
+arupUsername = lens _arupUsername (\ s a -> s{_arupUsername = a}) . _Sensitive;
+
+instance AWSRequest AdminResetUserPassword where
+        type Rs AdminResetUserPassword =
+             AdminResetUserPasswordResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 AdminResetUserPasswordResponse' <$>
+                   (pure (fromEnum s)))
+
+instance Hashable AdminResetUserPassword
+
+instance NFData AdminResetUserPassword
+
+instance ToHeaders AdminResetUserPassword where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.AdminResetUserPassword"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON AdminResetUserPassword where
+        toJSON AdminResetUserPassword'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _arupUserPoolId),
+                  Just ("Username" .= _arupUsername)])
+
+instance ToPath AdminResetUserPassword where
+        toPath = const "/"
+
+instance ToQuery AdminResetUserPassword where
+        toQuery = const mempty
+
+-- | Represents the response from the server to reset a user password as an
+-- administrator.
+--
+-- /See:/ 'adminResetUserPasswordResponse' smart constructor.
+newtype AdminResetUserPasswordResponse = AdminResetUserPasswordResponse'
+    { _aruprsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminResetUserPasswordResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'aruprsResponseStatus'
+adminResetUserPasswordResponse
+    :: Int -- ^ 'aruprsResponseStatus'
+    -> AdminResetUserPasswordResponse
+adminResetUserPasswordResponse pResponseStatus_ =
+    AdminResetUserPasswordResponse'
+    { _aruprsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+aruprsResponseStatus :: Lens' AdminResetUserPasswordResponse Int
+aruprsResponseStatus = lens _aruprsResponseStatus (\ s a -> s{_aruprsResponseStatus = a});
+
+instance NFData AdminResetUserPasswordResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/AdminSetUserSettings.hs b/gen/Network/AWS/CognitoIdentityProvider/AdminSetUserSettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/AdminSetUserSettings.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.AdminSetUserSettings
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Sets all the user settings for a specified user name. Works on any user.
+module Network.AWS.CognitoIdentityProvider.AdminSetUserSettings
+    (
+    -- * Creating a Request
+      adminSetUserSettings
+    , AdminSetUserSettings
+    -- * Request Lenses
+    , asusUserPoolId
+    , asusUsername
+    , asusMFAOptions
+
+    -- * Destructuring the Response
+    , adminSetUserSettingsResponse
+    , AdminSetUserSettingsResponse
+    -- * Response Lenses
+    , asusrsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to set user settings as an administrator.
+--
+-- /See:/ 'adminSetUserSettings' smart constructor.
+data AdminSetUserSettings = AdminSetUserSettings'
+    { _asusUserPoolId :: !Text
+    , _asusUsername   :: !(Sensitive Text)
+    , _asusMFAOptions :: ![MFAOptionType]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminSetUserSettings' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'asusUserPoolId'
+--
+-- * 'asusUsername'
+--
+-- * 'asusMFAOptions'
+adminSetUserSettings
+    :: Text -- ^ 'asusUserPoolId'
+    -> Text -- ^ 'asusUsername'
+    -> AdminSetUserSettings
+adminSetUserSettings pUserPoolId_ pUsername_ =
+    AdminSetUserSettings'
+    { _asusUserPoolId = pUserPoolId_
+    , _asusUsername = _Sensitive # pUsername_
+    , _asusMFAOptions = mempty
+    }
+
+-- | The user pool ID for the user pool where you want to set the user\'s
+-- settings, such as MFA options.
+asusUserPoolId :: Lens' AdminSetUserSettings Text
+asusUserPoolId = lens _asusUserPoolId (\ s a -> s{_asusUserPoolId = a});
+
+-- | The user name of the user for whom you wish to set user settings.
+asusUsername :: Lens' AdminSetUserSettings Text
+asusUsername = lens _asusUsername (\ s a -> s{_asusUsername = a}) . _Sensitive;
+
+-- | Specifies the options for MFA (e.g., email or phone number).
+asusMFAOptions :: Lens' AdminSetUserSettings [MFAOptionType]
+asusMFAOptions = lens _asusMFAOptions (\ s a -> s{_asusMFAOptions = a}) . _Coerce;
+
+instance AWSRequest AdminSetUserSettings where
+        type Rs AdminSetUserSettings =
+             AdminSetUserSettingsResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 AdminSetUserSettingsResponse' <$>
+                   (pure (fromEnum s)))
+
+instance Hashable AdminSetUserSettings
+
+instance NFData AdminSetUserSettings
+
+instance ToHeaders AdminSetUserSettings where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.AdminSetUserSettings"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON AdminSetUserSettings where
+        toJSON AdminSetUserSettings'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _asusUserPoolId),
+                  Just ("Username" .= _asusUsername),
+                  Just ("MFAOptions" .= _asusMFAOptions)])
+
+instance ToPath AdminSetUserSettings where
+        toPath = const "/"
+
+instance ToQuery AdminSetUserSettings where
+        toQuery = const mempty
+
+-- | Represents the response from the server to set user settings as an
+-- administrator.
+--
+-- /See:/ 'adminSetUserSettingsResponse' smart constructor.
+newtype AdminSetUserSettingsResponse = AdminSetUserSettingsResponse'
+    { _asusrsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminSetUserSettingsResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'asusrsResponseStatus'
+adminSetUserSettingsResponse
+    :: Int -- ^ 'asusrsResponseStatus'
+    -> AdminSetUserSettingsResponse
+adminSetUserSettingsResponse pResponseStatus_ =
+    AdminSetUserSettingsResponse'
+    { _asusrsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+asusrsResponseStatus :: Lens' AdminSetUserSettingsResponse Int
+asusrsResponseStatus = lens _asusrsResponseStatus (\ s a -> s{_asusrsResponseStatus = a});
+
+instance NFData AdminSetUserSettingsResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/AdminUpdateUserAttributes.hs b/gen/Network/AWS/CognitoIdentityProvider/AdminUpdateUserAttributes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/AdminUpdateUserAttributes.hs
@@ -0,0 +1,153 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.AdminUpdateUserAttributes
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the specified user\'s attributes, including developer
+-- attributes, as an administrator. Works on any user.
+module Network.AWS.CognitoIdentityProvider.AdminUpdateUserAttributes
+    (
+    -- * Creating a Request
+      adminUpdateUserAttributes
+    , AdminUpdateUserAttributes
+    -- * Request Lenses
+    , auuaUserPoolId
+    , auuaUsername
+    , auuaUserAttributes
+
+    -- * Destructuring the Response
+    , adminUpdateUserAttributesResponse
+    , AdminUpdateUserAttributesResponse
+    -- * Response Lenses
+    , auuarsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to update the user\'s attributes as an
+-- administrator.
+--
+-- /See:/ 'adminUpdateUserAttributes' smart constructor.
+data AdminUpdateUserAttributes = AdminUpdateUserAttributes'
+    { _auuaUserPoolId     :: !Text
+    , _auuaUsername       :: !(Sensitive Text)
+    , _auuaUserAttributes :: ![AttributeType]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminUpdateUserAttributes' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'auuaUserPoolId'
+--
+-- * 'auuaUsername'
+--
+-- * 'auuaUserAttributes'
+adminUpdateUserAttributes
+    :: Text -- ^ 'auuaUserPoolId'
+    -> Text -- ^ 'auuaUsername'
+    -> AdminUpdateUserAttributes
+adminUpdateUserAttributes pUserPoolId_ pUsername_ =
+    AdminUpdateUserAttributes'
+    { _auuaUserPoolId = pUserPoolId_
+    , _auuaUsername = _Sensitive # pUsername_
+    , _auuaUserAttributes = mempty
+    }
+
+-- | The user pool ID for the user pool where you want to update user
+-- attributes.
+auuaUserPoolId :: Lens' AdminUpdateUserAttributes Text
+auuaUserPoolId = lens _auuaUserPoolId (\ s a -> s{_auuaUserPoolId = a});
+
+-- | The user name of the user for whom you want to update user attributes.
+auuaUsername :: Lens' AdminUpdateUserAttributes Text
+auuaUsername = lens _auuaUsername (\ s a -> s{_auuaUsername = a}) . _Sensitive;
+
+-- | An array of name-value pairs representing user attributes.
+auuaUserAttributes :: Lens' AdminUpdateUserAttributes [AttributeType]
+auuaUserAttributes = lens _auuaUserAttributes (\ s a -> s{_auuaUserAttributes = a}) . _Coerce;
+
+instance AWSRequest AdminUpdateUserAttributes where
+        type Rs AdminUpdateUserAttributes =
+             AdminUpdateUserAttributesResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 AdminUpdateUserAttributesResponse' <$>
+                   (pure (fromEnum s)))
+
+instance Hashable AdminUpdateUserAttributes
+
+instance NFData AdminUpdateUserAttributes
+
+instance ToHeaders AdminUpdateUserAttributes where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.AdminUpdateUserAttributes"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON AdminUpdateUserAttributes where
+        toJSON AdminUpdateUserAttributes'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _auuaUserPoolId),
+                  Just ("Username" .= _auuaUsername),
+                  Just ("UserAttributes" .= _auuaUserAttributes)])
+
+instance ToPath AdminUpdateUserAttributes where
+        toPath = const "/"
+
+instance ToQuery AdminUpdateUserAttributes where
+        toQuery = const mempty
+
+-- | Represents the response from the server for the request to update user
+-- attributes as an administrator.
+--
+-- /See:/ 'adminUpdateUserAttributesResponse' smart constructor.
+newtype AdminUpdateUserAttributesResponse = AdminUpdateUserAttributesResponse'
+    { _auuarsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AdminUpdateUserAttributesResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'auuarsResponseStatus'
+adminUpdateUserAttributesResponse
+    :: Int -- ^ 'auuarsResponseStatus'
+    -> AdminUpdateUserAttributesResponse
+adminUpdateUserAttributesResponse pResponseStatus_ =
+    AdminUpdateUserAttributesResponse'
+    { _auuarsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+auuarsResponseStatus :: Lens' AdminUpdateUserAttributesResponse Int
+auuarsResponseStatus = lens _auuarsResponseStatus (\ s a -> s{_auuarsResponseStatus = a});
+
+instance NFData AdminUpdateUserAttributesResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/ChangePassword.hs b/gen/Network/AWS/CognitoIdentityProvider/ChangePassword.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/ChangePassword.hs
@@ -0,0 +1,147 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.ChangePassword
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Changes the password for a specified user in a user pool.
+module Network.AWS.CognitoIdentityProvider.ChangePassword
+    (
+    -- * Creating a Request
+      changePassword
+    , ChangePassword
+    -- * Request Lenses
+    , cpAccessToken
+    , cpPreviousPassword
+    , cpProposedPassword
+
+    -- * Destructuring the Response
+    , changePasswordResponse
+    , ChangePasswordResponse
+    -- * Response Lenses
+    , cprsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to change a user password.
+--
+-- /See:/ 'changePassword' smart constructor.
+data ChangePassword = ChangePassword'
+    { _cpAccessToken      :: !(Maybe (Sensitive Text))
+    , _cpPreviousPassword :: !(Sensitive Text)
+    , _cpProposedPassword :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ChangePassword' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'cpAccessToken'
+--
+-- * 'cpPreviousPassword'
+--
+-- * 'cpProposedPassword'
+changePassword
+    :: Text -- ^ 'cpPreviousPassword'
+    -> Text -- ^ 'cpProposedPassword'
+    -> ChangePassword
+changePassword pPreviousPassword_ pProposedPassword_ =
+    ChangePassword'
+    { _cpAccessToken = Nothing
+    , _cpPreviousPassword = _Sensitive # pPreviousPassword_
+    , _cpProposedPassword = _Sensitive # pProposedPassword_
+    }
+
+-- | The access token in the change password request.
+cpAccessToken :: Lens' ChangePassword (Maybe Text)
+cpAccessToken = lens _cpAccessToken (\ s a -> s{_cpAccessToken = a}) . mapping _Sensitive;
+
+-- | The old password in the change password request.
+cpPreviousPassword :: Lens' ChangePassword Text
+cpPreviousPassword = lens _cpPreviousPassword (\ s a -> s{_cpPreviousPassword = a}) . _Sensitive;
+
+-- | The new password in the change password request.
+cpProposedPassword :: Lens' ChangePassword Text
+cpProposedPassword = lens _cpProposedPassword (\ s a -> s{_cpProposedPassword = a}) . _Sensitive;
+
+instance AWSRequest ChangePassword where
+        type Rs ChangePassword = ChangePasswordResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 ChangePasswordResponse' <$> (pure (fromEnum s)))
+
+instance Hashable ChangePassword
+
+instance NFData ChangePassword
+
+instance ToHeaders ChangePassword where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.ChangePassword"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON ChangePassword where
+        toJSON ChangePassword'{..}
+          = object
+              (catMaybes
+                 [("AccessToken" .=) <$> _cpAccessToken,
+                  Just ("PreviousPassword" .= _cpPreviousPassword),
+                  Just ("ProposedPassword" .= _cpProposedPassword)])
+
+instance ToPath ChangePassword where
+        toPath = const "/"
+
+instance ToQuery ChangePassword where
+        toQuery = const mempty
+
+-- | The response from the server to the change password request.
+--
+-- /See:/ 'changePasswordResponse' smart constructor.
+newtype ChangePasswordResponse = ChangePasswordResponse'
+    { _cprsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ChangePasswordResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'cprsResponseStatus'
+changePasswordResponse
+    :: Int -- ^ 'cprsResponseStatus'
+    -> ChangePasswordResponse
+changePasswordResponse pResponseStatus_ =
+    ChangePasswordResponse'
+    { _cprsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+cprsResponseStatus :: Lens' ChangePasswordResponse Int
+cprsResponseStatus = lens _cprsResponseStatus (\ s a -> s{_cprsResponseStatus = a});
+
+instance NFData ChangePasswordResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/ConfirmForgotPassword.hs b/gen/Network/AWS/CognitoIdentityProvider/ConfirmForgotPassword.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/ConfirmForgotPassword.hs
@@ -0,0 +1,178 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.ConfirmForgotPassword
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Allows a user to enter a code provided when they reset their password to
+-- update their password.
+module Network.AWS.CognitoIdentityProvider.ConfirmForgotPassword
+    (
+    -- * Creating a Request
+      confirmForgotPassword
+    , ConfirmForgotPassword
+    -- * Request Lenses
+    , cfpSecretHash
+    , cfpClientId
+    , cfpUsername
+    , cfpConfirmationCode
+    , cfpPassword
+
+    -- * Destructuring the Response
+    , confirmForgotPasswordResponse
+    , ConfirmForgotPasswordResponse
+    -- * Response Lenses
+    , cfprsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | The request representing the confirmation for a password reset.
+--
+-- /See:/ 'confirmForgotPassword' smart constructor.
+data ConfirmForgotPassword = ConfirmForgotPassword'
+    { _cfpSecretHash       :: !(Maybe (Sensitive Text))
+    , _cfpClientId         :: !(Sensitive Text)
+    , _cfpUsername         :: !(Sensitive Text)
+    , _cfpConfirmationCode :: !Text
+    , _cfpPassword         :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ConfirmForgotPassword' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'cfpSecretHash'
+--
+-- * 'cfpClientId'
+--
+-- * 'cfpUsername'
+--
+-- * 'cfpConfirmationCode'
+--
+-- * 'cfpPassword'
+confirmForgotPassword
+    :: Text -- ^ 'cfpClientId'
+    -> Text -- ^ 'cfpUsername'
+    -> Text -- ^ 'cfpConfirmationCode'
+    -> Text -- ^ 'cfpPassword'
+    -> ConfirmForgotPassword
+confirmForgotPassword pClientId_ pUsername_ pConfirmationCode_ pPassword_ =
+    ConfirmForgotPassword'
+    { _cfpSecretHash = Nothing
+    , _cfpClientId = _Sensitive # pClientId_
+    , _cfpUsername = _Sensitive # pUsername_
+    , _cfpConfirmationCode = pConfirmationCode_
+    , _cfpPassword = _Sensitive # pPassword_
+    }
+
+-- | A keyed-hash message authentication code (HMAC) calculated using the
+-- secret key of a user pool client and username plus the client ID in the
+-- message.
+cfpSecretHash :: Lens' ConfirmForgotPassword (Maybe Text)
+cfpSecretHash = lens _cfpSecretHash (\ s a -> s{_cfpSecretHash = a}) . mapping _Sensitive;
+
+-- | The ID of the client associated with the user pool.
+cfpClientId :: Lens' ConfirmForgotPassword Text
+cfpClientId = lens _cfpClientId (\ s a -> s{_cfpClientId = a}) . _Sensitive;
+
+-- | The user name of the user for whom you want to enter a code to retrieve
+-- a forgotten password.
+cfpUsername :: Lens' ConfirmForgotPassword Text
+cfpUsername = lens _cfpUsername (\ s a -> s{_cfpUsername = a}) . _Sensitive;
+
+-- | The confirmation code sent by a user\'s request to retrieve a forgotten
+-- password.
+cfpConfirmationCode :: Lens' ConfirmForgotPassword Text
+cfpConfirmationCode = lens _cfpConfirmationCode (\ s a -> s{_cfpConfirmationCode = a});
+
+-- | The password sent by sent by a user\'s request to retrieve a forgotten
+-- password.
+cfpPassword :: Lens' ConfirmForgotPassword Text
+cfpPassword = lens _cfpPassword (\ s a -> s{_cfpPassword = a}) . _Sensitive;
+
+instance AWSRequest ConfirmForgotPassword where
+        type Rs ConfirmForgotPassword =
+             ConfirmForgotPasswordResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 ConfirmForgotPasswordResponse' <$>
+                   (pure (fromEnum s)))
+
+instance Hashable ConfirmForgotPassword
+
+instance NFData ConfirmForgotPassword
+
+instance ToHeaders ConfirmForgotPassword where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.ConfirmForgotPassword"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON ConfirmForgotPassword where
+        toJSON ConfirmForgotPassword'{..}
+          = object
+              (catMaybes
+                 [("SecretHash" .=) <$> _cfpSecretHash,
+                  Just ("ClientId" .= _cfpClientId),
+                  Just ("Username" .= _cfpUsername),
+                  Just ("ConfirmationCode" .= _cfpConfirmationCode),
+                  Just ("Password" .= _cfpPassword)])
+
+instance ToPath ConfirmForgotPassword where
+        toPath = const "/"
+
+instance ToQuery ConfirmForgotPassword where
+        toQuery = const mempty
+
+-- | The response from the server that results from a user\'s request to
+-- retrieve a forgotten password.
+--
+-- /See:/ 'confirmForgotPasswordResponse' smart constructor.
+newtype ConfirmForgotPasswordResponse = ConfirmForgotPasswordResponse'
+    { _cfprsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ConfirmForgotPasswordResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'cfprsResponseStatus'
+confirmForgotPasswordResponse
+    :: Int -- ^ 'cfprsResponseStatus'
+    -> ConfirmForgotPasswordResponse
+confirmForgotPasswordResponse pResponseStatus_ =
+    ConfirmForgotPasswordResponse'
+    { _cfprsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+cfprsResponseStatus :: Lens' ConfirmForgotPasswordResponse Int
+cfprsResponseStatus = lens _cfprsResponseStatus (\ s a -> s{_cfprsResponseStatus = a});
+
+instance NFData ConfirmForgotPasswordResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/ConfirmSignUp.hs b/gen/Network/AWS/CognitoIdentityProvider/ConfirmSignUp.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/ConfirmSignUp.hs
@@ -0,0 +1,178 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.ConfirmSignUp
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Confirms registration of a user and handles the existing alias from a
+-- previous user.
+module Network.AWS.CognitoIdentityProvider.ConfirmSignUp
+    (
+    -- * Creating a Request
+      confirmSignUp
+    , ConfirmSignUp
+    -- * Request Lenses
+    , csuForceAliasCreation
+    , csuSecretHash
+    , csuClientId
+    , csuUsername
+    , csuConfirmationCode
+
+    -- * Destructuring the Response
+    , confirmSignUpResponse
+    , ConfirmSignUpResponse
+    -- * Response Lenses
+    , csursResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to confirm registration of a user.
+--
+-- /See:/ 'confirmSignUp' smart constructor.
+data ConfirmSignUp = ConfirmSignUp'
+    { _csuForceAliasCreation :: !(Maybe Bool)
+    , _csuSecretHash         :: !(Maybe (Sensitive Text))
+    , _csuClientId           :: !(Sensitive Text)
+    , _csuUsername           :: !(Sensitive Text)
+    , _csuConfirmationCode   :: !Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ConfirmSignUp' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'csuForceAliasCreation'
+--
+-- * 'csuSecretHash'
+--
+-- * 'csuClientId'
+--
+-- * 'csuUsername'
+--
+-- * 'csuConfirmationCode'
+confirmSignUp
+    :: Text -- ^ 'csuClientId'
+    -> Text -- ^ 'csuUsername'
+    -> Text -- ^ 'csuConfirmationCode'
+    -> ConfirmSignUp
+confirmSignUp pClientId_ pUsername_ pConfirmationCode_ =
+    ConfirmSignUp'
+    { _csuForceAliasCreation = Nothing
+    , _csuSecretHash = Nothing
+    , _csuClientId = _Sensitive # pClientId_
+    , _csuUsername = _Sensitive # pUsername_
+    , _csuConfirmationCode = pConfirmationCode_
+    }
+
+-- | Boolean to be specified to force user confirmation irrespective of
+-- existing alias. By default set to False. If this parameter is set to
+-- True and the phone number\/email used for sign up confirmation already
+-- exists as an alias with a different user, the API call will migrate the
+-- alias from the previous user to the newly created user being confirmed.
+-- If set to False, the API will throw an __AliasExistsException__ error.
+csuForceAliasCreation :: Lens' ConfirmSignUp (Maybe Bool)
+csuForceAliasCreation = lens _csuForceAliasCreation (\ s a -> s{_csuForceAliasCreation = a});
+
+-- | A keyed-hash message authentication code (HMAC) calculated using the
+-- secret key of a user pool client and username plus the client ID in the
+-- message.
+csuSecretHash :: Lens' ConfirmSignUp (Maybe Text)
+csuSecretHash = lens _csuSecretHash (\ s a -> s{_csuSecretHash = a}) . mapping _Sensitive;
+
+-- | The ID of the client associated with the user pool.
+csuClientId :: Lens' ConfirmSignUp Text
+csuClientId = lens _csuClientId (\ s a -> s{_csuClientId = a}) . _Sensitive;
+
+-- | The user name of the user whose registration you wish to confirm.
+csuUsername :: Lens' ConfirmSignUp Text
+csuUsername = lens _csuUsername (\ s a -> s{_csuUsername = a}) . _Sensitive;
+
+-- | The confirmation code sent by a user\'s request to confirm registration.
+csuConfirmationCode :: Lens' ConfirmSignUp Text
+csuConfirmationCode = lens _csuConfirmationCode (\ s a -> s{_csuConfirmationCode = a});
+
+instance AWSRequest ConfirmSignUp where
+        type Rs ConfirmSignUp = ConfirmSignUpResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 ConfirmSignUpResponse' <$> (pure (fromEnum s)))
+
+instance Hashable ConfirmSignUp
+
+instance NFData ConfirmSignUp
+
+instance ToHeaders ConfirmSignUp where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.ConfirmSignUp" ::
+                       ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON ConfirmSignUp where
+        toJSON ConfirmSignUp'{..}
+          = object
+              (catMaybes
+                 [("ForceAliasCreation" .=) <$>
+                    _csuForceAliasCreation,
+                  ("SecretHash" .=) <$> _csuSecretHash,
+                  Just ("ClientId" .= _csuClientId),
+                  Just ("Username" .= _csuUsername),
+                  Just ("ConfirmationCode" .= _csuConfirmationCode)])
+
+instance ToPath ConfirmSignUp where
+        toPath = const "/"
+
+instance ToQuery ConfirmSignUp where
+        toQuery = const mempty
+
+-- | Represents the response from the server for the registration
+-- confirmation.
+--
+-- /See:/ 'confirmSignUpResponse' smart constructor.
+newtype ConfirmSignUpResponse = ConfirmSignUpResponse'
+    { _csursResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ConfirmSignUpResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'csursResponseStatus'
+confirmSignUpResponse
+    :: Int -- ^ 'csursResponseStatus'
+    -> ConfirmSignUpResponse
+confirmSignUpResponse pResponseStatus_ =
+    ConfirmSignUpResponse'
+    { _csursResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+csursResponseStatus :: Lens' ConfirmSignUpResponse Int
+csursResponseStatus = lens _csursResponseStatus (\ s a -> s{_csursResponseStatus = a});
+
+instance NFData ConfirmSignUpResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/CreateUserPool.hs b/gen/Network/AWS/CognitoIdentityProvider/CreateUserPool.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/CreateUserPool.hs
@@ -0,0 +1,235 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.CreateUserPool
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a new Amazon Cognito user pool and sets the password policy for
+-- the pool.
+module Network.AWS.CognitoIdentityProvider.CreateUserPool
+    (
+    -- * Creating a Request
+      createUserPool
+    , CreateUserPool
+    -- * Request Lenses
+    , cupEmailVerificationMessage
+    , cupSmsAuthenticationMessage
+    , cupEmailVerificationSubject
+    , cupAliasAttributes
+    , cupSmsVerificationMessage
+    , cupMFAConfiguration
+    , cupLambdaConfig
+    , cupAutoVerifiedAttributes
+    , cupPolicies
+    , cupPoolName
+
+    -- * Destructuring the Response
+    , createUserPoolResponse
+    , CreateUserPoolResponse
+    -- * Response Lenses
+    , cuprsUserPool
+    , cuprsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to create a user pool.
+--
+-- /See:/ 'createUserPool' smart constructor.
+data CreateUserPool = CreateUserPool'
+    { _cupEmailVerificationMessage :: !(Maybe Text)
+    , _cupSmsAuthenticationMessage :: !(Maybe Text)
+    , _cupEmailVerificationSubject :: !(Maybe Text)
+    , _cupAliasAttributes          :: !(Maybe [AliasAttributeType])
+    , _cupSmsVerificationMessage   :: !(Maybe Text)
+    , _cupMFAConfiguration         :: !(Maybe UserPoolMFAType)
+    , _cupLambdaConfig             :: !(Maybe LambdaConfigType)
+    , _cupAutoVerifiedAttributes   :: !(Maybe [VerifiedAttributeType])
+    , _cupPolicies                 :: !(Maybe UserPoolPolicyType)
+    , _cupPoolName                 :: !Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'CreateUserPool' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'cupEmailVerificationMessage'
+--
+-- * 'cupSmsAuthenticationMessage'
+--
+-- * 'cupEmailVerificationSubject'
+--
+-- * 'cupAliasAttributes'
+--
+-- * 'cupSmsVerificationMessage'
+--
+-- * 'cupMFAConfiguration'
+--
+-- * 'cupLambdaConfig'
+--
+-- * 'cupAutoVerifiedAttributes'
+--
+-- * 'cupPolicies'
+--
+-- * 'cupPoolName'
+createUserPool
+    :: Text -- ^ 'cupPoolName'
+    -> CreateUserPool
+createUserPool pPoolName_ =
+    CreateUserPool'
+    { _cupEmailVerificationMessage = Nothing
+    , _cupSmsAuthenticationMessage = Nothing
+    , _cupEmailVerificationSubject = Nothing
+    , _cupAliasAttributes = Nothing
+    , _cupSmsVerificationMessage = Nothing
+    , _cupMFAConfiguration = Nothing
+    , _cupLambdaConfig = Nothing
+    , _cupAutoVerifiedAttributes = Nothing
+    , _cupPolicies = Nothing
+    , _cupPoolName = pPoolName_
+    }
+
+-- | A string representing the email verification message.
+cupEmailVerificationMessage :: Lens' CreateUserPool (Maybe Text)
+cupEmailVerificationMessage = lens _cupEmailVerificationMessage (\ s a -> s{_cupEmailVerificationMessage = a});
+
+-- | A string representing the SMS authentication message.
+cupSmsAuthenticationMessage :: Lens' CreateUserPool (Maybe Text)
+cupSmsAuthenticationMessage = lens _cupSmsAuthenticationMessage (\ s a -> s{_cupSmsAuthenticationMessage = a});
+
+-- | A string representing the email verification subject.
+cupEmailVerificationSubject :: Lens' CreateUserPool (Maybe Text)
+cupEmailVerificationSubject = lens _cupEmailVerificationSubject (\ s a -> s{_cupEmailVerificationSubject = a});
+
+-- | Attributes supported as an alias for this user pool. Possible values:
+-- __phone_number__, __email__, or __preferred_username__.
+cupAliasAttributes :: Lens' CreateUserPool [AliasAttributeType]
+cupAliasAttributes = lens _cupAliasAttributes (\ s a -> s{_cupAliasAttributes = a}) . _Default . _Coerce;
+
+-- | A string representing the SMS verification message.
+cupSmsVerificationMessage :: Lens' CreateUserPool (Maybe Text)
+cupSmsVerificationMessage = lens _cupSmsVerificationMessage (\ s a -> s{_cupSmsVerificationMessage = a});
+
+-- | Specifies MFA configuration details.
+cupMFAConfiguration :: Lens' CreateUserPool (Maybe UserPoolMFAType)
+cupMFAConfiguration = lens _cupMFAConfiguration (\ s a -> s{_cupMFAConfiguration = a});
+
+-- | The Lambda trigger configuration information for the new user pool.
+cupLambdaConfig :: Lens' CreateUserPool (Maybe LambdaConfigType)
+cupLambdaConfig = lens _cupLambdaConfig (\ s a -> s{_cupLambdaConfig = a});
+
+-- | The attributes to be auto-verified. Possible values: __email__,
+-- __phone_number__.
+cupAutoVerifiedAttributes :: Lens' CreateUserPool [VerifiedAttributeType]
+cupAutoVerifiedAttributes = lens _cupAutoVerifiedAttributes (\ s a -> s{_cupAutoVerifiedAttributes = a}) . _Default . _Coerce;
+
+-- | The policies associated with the new user pool.
+cupPolicies :: Lens' CreateUserPool (Maybe UserPoolPolicyType)
+cupPolicies = lens _cupPolicies (\ s a -> s{_cupPolicies = a});
+
+-- | A string used to name the user pool.
+cupPoolName :: Lens' CreateUserPool Text
+cupPoolName = lens _cupPoolName (\ s a -> s{_cupPoolName = a});
+
+instance AWSRequest CreateUserPool where
+        type Rs CreateUserPool = CreateUserPoolResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 CreateUserPoolResponse' <$>
+                   (x .?> "UserPool") <*> (pure (fromEnum s)))
+
+instance Hashable CreateUserPool
+
+instance NFData CreateUserPool
+
+instance ToHeaders CreateUserPool where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.CreateUserPool"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON CreateUserPool where
+        toJSON CreateUserPool'{..}
+          = object
+              (catMaybes
+                 [("EmailVerificationMessage" .=) <$>
+                    _cupEmailVerificationMessage,
+                  ("SmsAuthenticationMessage" .=) <$>
+                    _cupSmsAuthenticationMessage,
+                  ("EmailVerificationSubject" .=) <$>
+                    _cupEmailVerificationSubject,
+                  ("AliasAttributes" .=) <$> _cupAliasAttributes,
+                  ("SmsVerificationMessage" .=) <$>
+                    _cupSmsVerificationMessage,
+                  ("MfaConfiguration" .=) <$> _cupMFAConfiguration,
+                  ("LambdaConfig" .=) <$> _cupLambdaConfig,
+                  ("AutoVerifiedAttributes" .=) <$>
+                    _cupAutoVerifiedAttributes,
+                  ("Policies" .=) <$> _cupPolicies,
+                  Just ("PoolName" .= _cupPoolName)])
+
+instance ToPath CreateUserPool where
+        toPath = const "/"
+
+instance ToQuery CreateUserPool where
+        toQuery = const mempty
+
+-- | Represents the response from the server for the request to create a user
+-- pool.
+--
+-- /See:/ 'createUserPoolResponse' smart constructor.
+data CreateUserPoolResponse = CreateUserPoolResponse'
+    { _cuprsUserPool       :: !(Maybe UserPoolType)
+    , _cuprsResponseStatus :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'CreateUserPoolResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'cuprsUserPool'
+--
+-- * 'cuprsResponseStatus'
+createUserPoolResponse
+    :: Int -- ^ 'cuprsResponseStatus'
+    -> CreateUserPoolResponse
+createUserPoolResponse pResponseStatus_ =
+    CreateUserPoolResponse'
+    { _cuprsUserPool = Nothing
+    , _cuprsResponseStatus = pResponseStatus_
+    }
+
+-- | A container for the user pool details.
+cuprsUserPool :: Lens' CreateUserPoolResponse (Maybe UserPoolType)
+cuprsUserPool = lens _cuprsUserPool (\ s a -> s{_cuprsUserPool = a});
+
+-- | The response status code.
+cuprsResponseStatus :: Lens' CreateUserPoolResponse Int
+cuprsResponseStatus = lens _cuprsResponseStatus (\ s a -> s{_cuprsResponseStatus = a});
+
+instance NFData CreateUserPoolResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/CreateUserPoolClient.hs b/gen/Network/AWS/CognitoIdentityProvider/CreateUserPoolClient.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/CreateUserPoolClient.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.CreateUserPoolClient
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates the user pool client.
+module Network.AWS.CognitoIdentityProvider.CreateUserPoolClient
+    (
+    -- * Creating a Request
+      createUserPoolClient
+    , CreateUserPoolClient
+    -- * Request Lenses
+    , cupcGenerateSecret
+    , cupcUserPoolId
+    , cupcClientName
+
+    -- * Destructuring the Response
+    , createUserPoolClientResponse
+    , CreateUserPoolClientResponse
+    -- * Response Lenses
+    , cupcrsUserPoolClient
+    , cupcrsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to create a user pool client.
+--
+-- /See:/ 'createUserPoolClient' smart constructor.
+data CreateUserPoolClient = CreateUserPoolClient'
+    { _cupcGenerateSecret :: !(Maybe Bool)
+    , _cupcUserPoolId     :: !Text
+    , _cupcClientName     :: !Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'CreateUserPoolClient' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'cupcGenerateSecret'
+--
+-- * 'cupcUserPoolId'
+--
+-- * 'cupcClientName'
+createUserPoolClient
+    :: Text -- ^ 'cupcUserPoolId'
+    -> Text -- ^ 'cupcClientName'
+    -> CreateUserPoolClient
+createUserPoolClient pUserPoolId_ pClientName_ =
+    CreateUserPoolClient'
+    { _cupcGenerateSecret = Nothing
+    , _cupcUserPoolId = pUserPoolId_
+    , _cupcClientName = pClientName_
+    }
+
+-- | Boolean to specify whether you want to generate a secret for the user
+-- pool client being created.
+cupcGenerateSecret :: Lens' CreateUserPoolClient (Maybe Bool)
+cupcGenerateSecret = lens _cupcGenerateSecret (\ s a -> s{_cupcGenerateSecret = a});
+
+-- | The user pool ID for the user pool where you want to create a user pool
+-- client.
+cupcUserPoolId :: Lens' CreateUserPoolClient Text
+cupcUserPoolId = lens _cupcUserPoolId (\ s a -> s{_cupcUserPoolId = a});
+
+-- | The client name for the user pool client you would like to create.
+cupcClientName :: Lens' CreateUserPoolClient Text
+cupcClientName = lens _cupcClientName (\ s a -> s{_cupcClientName = a});
+
+instance AWSRequest CreateUserPoolClient where
+        type Rs CreateUserPoolClient =
+             CreateUserPoolClientResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 CreateUserPoolClientResponse' <$>
+                   (x .?> "UserPoolClient") <*> (pure (fromEnum s)))
+
+instance Hashable CreateUserPoolClient
+
+instance NFData CreateUserPoolClient
+
+instance ToHeaders CreateUserPoolClient where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.CreateUserPoolClient"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON CreateUserPoolClient where
+        toJSON CreateUserPoolClient'{..}
+          = object
+              (catMaybes
+                 [("GenerateSecret" .=) <$> _cupcGenerateSecret,
+                  Just ("UserPoolId" .= _cupcUserPoolId),
+                  Just ("ClientName" .= _cupcClientName)])
+
+instance ToPath CreateUserPoolClient where
+        toPath = const "/"
+
+instance ToQuery CreateUserPoolClient where
+        toQuery = const mempty
+
+-- | Represents the response from the server to create a user pool client.
+--
+-- /See:/ 'createUserPoolClientResponse' smart constructor.
+data CreateUserPoolClientResponse = CreateUserPoolClientResponse'
+    { _cupcrsUserPoolClient :: !(Maybe UserPoolClientType)
+    , _cupcrsResponseStatus :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'CreateUserPoolClientResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'cupcrsUserPoolClient'
+--
+-- * 'cupcrsResponseStatus'
+createUserPoolClientResponse
+    :: Int -- ^ 'cupcrsResponseStatus'
+    -> CreateUserPoolClientResponse
+createUserPoolClientResponse pResponseStatus_ =
+    CreateUserPoolClientResponse'
+    { _cupcrsUserPoolClient = Nothing
+    , _cupcrsResponseStatus = pResponseStatus_
+    }
+
+-- | The user pool client that was just created.
+cupcrsUserPoolClient :: Lens' CreateUserPoolClientResponse (Maybe UserPoolClientType)
+cupcrsUserPoolClient = lens _cupcrsUserPoolClient (\ s a -> s{_cupcrsUserPoolClient = a});
+
+-- | The response status code.
+cupcrsResponseStatus :: Lens' CreateUserPoolClientResponse Int
+cupcrsResponseStatus = lens _cupcrsResponseStatus (\ s a -> s{_cupcrsResponseStatus = a});
+
+instance NFData CreateUserPoolClientResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/DeleteUser.hs b/gen/Network/AWS/CognitoIdentityProvider/DeleteUser.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/DeleteUser.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.DeleteUser
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Allows a user to delete one\'s self.
+module Network.AWS.CognitoIdentityProvider.DeleteUser
+    (
+    -- * Creating a Request
+      deleteUser
+    , DeleteUser
+    -- * Request Lenses
+    , duAccessToken
+
+    -- * Destructuring the Response
+    , deleteUserResponse
+    , DeleteUserResponse
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to delete a user.
+--
+-- /See:/ 'deleteUser' smart constructor.
+newtype DeleteUser = DeleteUser'
+    { _duAccessToken :: Maybe (Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DeleteUser' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'duAccessToken'
+deleteUser
+    :: DeleteUser
+deleteUser =
+    DeleteUser'
+    { _duAccessToken = Nothing
+    }
+
+-- | The access token from a request to delete a user.
+duAccessToken :: Lens' DeleteUser (Maybe Text)
+duAccessToken = lens _duAccessToken (\ s a -> s{_duAccessToken = a}) . mapping _Sensitive;
+
+instance AWSRequest DeleteUser where
+        type Rs DeleteUser = DeleteUserResponse
+        request = postJSON cognitoIdentityProvider
+        response = receiveNull DeleteUserResponse'
+
+instance Hashable DeleteUser
+
+instance NFData DeleteUser
+
+instance ToHeaders DeleteUser where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.DeleteUser" ::
+                       ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON DeleteUser where
+        toJSON DeleteUser'{..}
+          = object
+              (catMaybes [("AccessToken" .=) <$> _duAccessToken])
+
+instance ToPath DeleteUser where
+        toPath = const "/"
+
+instance ToQuery DeleteUser where
+        toQuery = const mempty
+
+-- | /See:/ 'deleteUserResponse' smart constructor.
+data DeleteUserResponse =
+    DeleteUserResponse'
+    deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DeleteUserResponse' with the minimum fields required to make a request.
+--
+deleteUserResponse
+    :: DeleteUserResponse
+deleteUserResponse = DeleteUserResponse'
+
+instance NFData DeleteUserResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/DeleteUserAttributes.hs b/gen/Network/AWS/CognitoIdentityProvider/DeleteUserAttributes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/DeleteUserAttributes.hs
@@ -0,0 +1,139 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.DeleteUserAttributes
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the attributes for a user.
+module Network.AWS.CognitoIdentityProvider.DeleteUserAttributes
+    (
+    -- * Creating a Request
+      deleteUserAttributes
+    , DeleteUserAttributes
+    -- * Request Lenses
+    , duaAccessToken
+    , duaUserAttributeNames
+
+    -- * Destructuring the Response
+    , deleteUserAttributesResponse
+    , DeleteUserAttributesResponse
+    -- * Response Lenses
+    , duarsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to delete user attributes.
+--
+-- /See:/ 'deleteUserAttributes' smart constructor.
+data DeleteUserAttributes = DeleteUserAttributes'
+    { _duaAccessToken        :: !(Maybe (Sensitive Text))
+    , _duaUserAttributeNames :: ![Text]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DeleteUserAttributes' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'duaAccessToken'
+--
+-- * 'duaUserAttributeNames'
+deleteUserAttributes
+    :: DeleteUserAttributes
+deleteUserAttributes =
+    DeleteUserAttributes'
+    { _duaAccessToken = Nothing
+    , _duaUserAttributeNames = mempty
+    }
+
+-- | The access token used in the request to delete user attributes.
+duaAccessToken :: Lens' DeleteUserAttributes (Maybe Text)
+duaAccessToken = lens _duaAccessToken (\ s a -> s{_duaAccessToken = a}) . mapping _Sensitive;
+
+-- | An array of strings representing the user attribute names you wish to
+-- delete.
+duaUserAttributeNames :: Lens' DeleteUserAttributes [Text]
+duaUserAttributeNames = lens _duaUserAttributeNames (\ s a -> s{_duaUserAttributeNames = a}) . _Coerce;
+
+instance AWSRequest DeleteUserAttributes where
+        type Rs DeleteUserAttributes =
+             DeleteUserAttributesResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 DeleteUserAttributesResponse' <$>
+                   (pure (fromEnum s)))
+
+instance Hashable DeleteUserAttributes
+
+instance NFData DeleteUserAttributes
+
+instance ToHeaders DeleteUserAttributes where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.DeleteUserAttributes"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON DeleteUserAttributes where
+        toJSON DeleteUserAttributes'{..}
+          = object
+              (catMaybes
+                 [("AccessToken" .=) <$> _duaAccessToken,
+                  Just
+                    ("UserAttributeNames" .= _duaUserAttributeNames)])
+
+instance ToPath DeleteUserAttributes where
+        toPath = const "/"
+
+instance ToQuery DeleteUserAttributes where
+        toQuery = const mempty
+
+-- | Represents the response from the server to delete user attributes.
+--
+-- /See:/ 'deleteUserAttributesResponse' smart constructor.
+newtype DeleteUserAttributesResponse = DeleteUserAttributesResponse'
+    { _duarsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DeleteUserAttributesResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'duarsResponseStatus'
+deleteUserAttributesResponse
+    :: Int -- ^ 'duarsResponseStatus'
+    -> DeleteUserAttributesResponse
+deleteUserAttributesResponse pResponseStatus_ =
+    DeleteUserAttributesResponse'
+    { _duarsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+duarsResponseStatus :: Lens' DeleteUserAttributesResponse Int
+duarsResponseStatus = lens _duarsResponseStatus (\ s a -> s{_duarsResponseStatus = a});
+
+instance NFData DeleteUserAttributesResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/DeleteUserPool.hs b/gen/Network/AWS/CognitoIdentityProvider/DeleteUserPool.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/DeleteUserPool.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.DeleteUserPool
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified Amazon Cognito user pool.
+module Network.AWS.CognitoIdentityProvider.DeleteUserPool
+    (
+    -- * Creating a Request
+      deleteUserPool
+    , DeleteUserPool
+    -- * Request Lenses
+    , dupUserPoolId
+
+    -- * Destructuring the Response
+    , deleteUserPoolResponse
+    , DeleteUserPoolResponse
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to delete a user pool.
+--
+-- /See:/ 'deleteUserPool' smart constructor.
+newtype DeleteUserPool = DeleteUserPool'
+    { _dupUserPoolId :: Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DeleteUserPool' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'dupUserPoolId'
+deleteUserPool
+    :: Text -- ^ 'dupUserPoolId'
+    -> DeleteUserPool
+deleteUserPool pUserPoolId_ =
+    DeleteUserPool'
+    { _dupUserPoolId = pUserPoolId_
+    }
+
+-- | The user pool ID for the user pool you want to delete.
+dupUserPoolId :: Lens' DeleteUserPool Text
+dupUserPoolId = lens _dupUserPoolId (\ s a -> s{_dupUserPoolId = a});
+
+instance AWSRequest DeleteUserPool where
+        type Rs DeleteUserPool = DeleteUserPoolResponse
+        request = postJSON cognitoIdentityProvider
+        response = receiveNull DeleteUserPoolResponse'
+
+instance Hashable DeleteUserPool
+
+instance NFData DeleteUserPool
+
+instance ToHeaders DeleteUserPool where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.DeleteUserPool"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON DeleteUserPool where
+        toJSON DeleteUserPool'{..}
+          = object
+              (catMaybes [Just ("UserPoolId" .= _dupUserPoolId)])
+
+instance ToPath DeleteUserPool where
+        toPath = const "/"
+
+instance ToQuery DeleteUserPool where
+        toQuery = const mempty
+
+-- | /See:/ 'deleteUserPoolResponse' smart constructor.
+data DeleteUserPoolResponse =
+    DeleteUserPoolResponse'
+    deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DeleteUserPoolResponse' with the minimum fields required to make a request.
+--
+deleteUserPoolResponse
+    :: DeleteUserPoolResponse
+deleteUserPoolResponse = DeleteUserPoolResponse'
+
+instance NFData DeleteUserPoolResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/DeleteUserPoolClient.hs b/gen/Network/AWS/CognitoIdentityProvider/DeleteUserPoolClient.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/DeleteUserPoolClient.hs
@@ -0,0 +1,120 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.DeleteUserPoolClient
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Allows the developer to delete the user pool client.
+module Network.AWS.CognitoIdentityProvider.DeleteUserPoolClient
+    (
+    -- * Creating a Request
+      deleteUserPoolClient
+    , DeleteUserPoolClient
+    -- * Request Lenses
+    , dupcUserPoolId
+    , dupcClientId
+
+    -- * Destructuring the Response
+    , deleteUserPoolClientResponse
+    , DeleteUserPoolClientResponse
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to delete a user pool client.
+--
+-- /See:/ 'deleteUserPoolClient' smart constructor.
+data DeleteUserPoolClient = DeleteUserPoolClient'
+    { _dupcUserPoolId :: !Text
+    , _dupcClientId   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DeleteUserPoolClient' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'dupcUserPoolId'
+--
+-- * 'dupcClientId'
+deleteUserPoolClient
+    :: Text -- ^ 'dupcUserPoolId'
+    -> Text -- ^ 'dupcClientId'
+    -> DeleteUserPoolClient
+deleteUserPoolClient pUserPoolId_ pClientId_ =
+    DeleteUserPoolClient'
+    { _dupcUserPoolId = pUserPoolId_
+    , _dupcClientId = _Sensitive # pClientId_
+    }
+
+-- | The user pool ID for the user pool where you want to delete the client.
+dupcUserPoolId :: Lens' DeleteUserPoolClient Text
+dupcUserPoolId = lens _dupcUserPoolId (\ s a -> s{_dupcUserPoolId = a});
+
+-- | The ID of the client associated with the user pool.
+dupcClientId :: Lens' DeleteUserPoolClient Text
+dupcClientId = lens _dupcClientId (\ s a -> s{_dupcClientId = a}) . _Sensitive;
+
+instance AWSRequest DeleteUserPoolClient where
+        type Rs DeleteUserPoolClient =
+             DeleteUserPoolClientResponse
+        request = postJSON cognitoIdentityProvider
+        response = receiveNull DeleteUserPoolClientResponse'
+
+instance Hashable DeleteUserPoolClient
+
+instance NFData DeleteUserPoolClient
+
+instance ToHeaders DeleteUserPoolClient where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.DeleteUserPoolClient"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON DeleteUserPoolClient where
+        toJSON DeleteUserPoolClient'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _dupcUserPoolId),
+                  Just ("ClientId" .= _dupcClientId)])
+
+instance ToPath DeleteUserPoolClient where
+        toPath = const "/"
+
+instance ToQuery DeleteUserPoolClient where
+        toQuery = const mempty
+
+-- | /See:/ 'deleteUserPoolClientResponse' smart constructor.
+data DeleteUserPoolClientResponse =
+    DeleteUserPoolClientResponse'
+    deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DeleteUserPoolClientResponse' with the minimum fields required to make a request.
+--
+deleteUserPoolClientResponse
+    :: DeleteUserPoolClientResponse
+deleteUserPoolClientResponse = DeleteUserPoolClientResponse'
+
+instance NFData DeleteUserPoolClientResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/DescribeUserPool.hs b/gen/Network/AWS/CognitoIdentityProvider/DescribeUserPool.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/DescribeUserPool.hs
@@ -0,0 +1,136 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.DescribeUserPool
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the configuration information and metadata of the specified user
+-- pool.
+module Network.AWS.CognitoIdentityProvider.DescribeUserPool
+    (
+    -- * Creating a Request
+      describeUserPool
+    , DescribeUserPool
+    -- * Request Lenses
+    , dUserPoolId
+
+    -- * Destructuring the Response
+    , describeUserPoolResponse
+    , DescribeUserPoolResponse
+    -- * Response Lenses
+    , duprsUserPool
+    , duprsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to describe the user pool.
+--
+-- /See:/ 'describeUserPool' smart constructor.
+newtype DescribeUserPool = DescribeUserPool'
+    { _dUserPoolId :: Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DescribeUserPool' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'dUserPoolId'
+describeUserPool
+    :: Text -- ^ 'dUserPoolId'
+    -> DescribeUserPool
+describeUserPool pUserPoolId_ =
+    DescribeUserPool'
+    { _dUserPoolId = pUserPoolId_
+    }
+
+-- | The user pool ID for the user pool you want to describe.
+dUserPoolId :: Lens' DescribeUserPool Text
+dUserPoolId = lens _dUserPoolId (\ s a -> s{_dUserPoolId = a});
+
+instance AWSRequest DescribeUserPool where
+        type Rs DescribeUserPool = DescribeUserPoolResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 DescribeUserPoolResponse' <$>
+                   (x .?> "UserPool") <*> (pure (fromEnum s)))
+
+instance Hashable DescribeUserPool
+
+instance NFData DescribeUserPool
+
+instance ToHeaders DescribeUserPool where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.DescribeUserPool"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON DescribeUserPool where
+        toJSON DescribeUserPool'{..}
+          = object
+              (catMaybes [Just ("UserPoolId" .= _dUserPoolId)])
+
+instance ToPath DescribeUserPool where
+        toPath = const "/"
+
+instance ToQuery DescribeUserPool where
+        toQuery = const mempty
+
+-- | Represents the response to describe the user pool.
+--
+-- /See:/ 'describeUserPoolResponse' smart constructor.
+data DescribeUserPoolResponse = DescribeUserPoolResponse'
+    { _duprsUserPool       :: !(Maybe UserPoolType)
+    , _duprsResponseStatus :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DescribeUserPoolResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'duprsUserPool'
+--
+-- * 'duprsResponseStatus'
+describeUserPoolResponse
+    :: Int -- ^ 'duprsResponseStatus'
+    -> DescribeUserPoolResponse
+describeUserPoolResponse pResponseStatus_ =
+    DescribeUserPoolResponse'
+    { _duprsUserPool = Nothing
+    , _duprsResponseStatus = pResponseStatus_
+    }
+
+-- | The container of metadata returned by the server to describe the pool.
+duprsUserPool :: Lens' DescribeUserPoolResponse (Maybe UserPoolType)
+duprsUserPool = lens _duprsUserPool (\ s a -> s{_duprsUserPool = a});
+
+-- | The response status code.
+duprsResponseStatus :: Lens' DescribeUserPoolResponse Int
+duprsResponseStatus = lens _duprsResponseStatus (\ s a -> s{_duprsResponseStatus = a});
+
+instance NFData DescribeUserPoolResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/DescribeUserPoolClient.hs b/gen/Network/AWS/CognitoIdentityProvider/DescribeUserPoolClient.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/DescribeUserPoolClient.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.DescribeUserPoolClient
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Client method for returning the configuration information and metadata
+-- of the specified user pool client.
+module Network.AWS.CognitoIdentityProvider.DescribeUserPoolClient
+    (
+    -- * Creating a Request
+      describeUserPoolClient
+    , DescribeUserPoolClient
+    -- * Request Lenses
+    , desUserPoolId
+    , desClientId
+
+    -- * Destructuring the Response
+    , describeUserPoolClientResponse
+    , DescribeUserPoolClientResponse
+    -- * Response Lenses
+    , dupcrsUserPoolClient
+    , dupcrsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to describe a user pool client.
+--
+-- /See:/ 'describeUserPoolClient' smart constructor.
+data DescribeUserPoolClient = DescribeUserPoolClient'
+    { _desUserPoolId :: !Text
+    , _desClientId   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DescribeUserPoolClient' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'desUserPoolId'
+--
+-- * 'desClientId'
+describeUserPoolClient
+    :: Text -- ^ 'desUserPoolId'
+    -> Text -- ^ 'desClientId'
+    -> DescribeUserPoolClient
+describeUserPoolClient pUserPoolId_ pClientId_ =
+    DescribeUserPoolClient'
+    { _desUserPoolId = pUserPoolId_
+    , _desClientId = _Sensitive # pClientId_
+    }
+
+-- | The user pool ID for the user pool you want to describe.
+desUserPoolId :: Lens' DescribeUserPoolClient Text
+desUserPoolId = lens _desUserPoolId (\ s a -> s{_desUserPoolId = a});
+
+-- | The ID of the client associated with the user pool.
+desClientId :: Lens' DescribeUserPoolClient Text
+desClientId = lens _desClientId (\ s a -> s{_desClientId = a}) . _Sensitive;
+
+instance AWSRequest DescribeUserPoolClient where
+        type Rs DescribeUserPoolClient =
+             DescribeUserPoolClientResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 DescribeUserPoolClientResponse' <$>
+                   (x .?> "UserPoolClient") <*> (pure (fromEnum s)))
+
+instance Hashable DescribeUserPoolClient
+
+instance NFData DescribeUserPoolClient
+
+instance ToHeaders DescribeUserPoolClient where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.DescribeUserPoolClient"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON DescribeUserPoolClient where
+        toJSON DescribeUserPoolClient'{..}
+          = object
+              (catMaybes
+                 [Just ("UserPoolId" .= _desUserPoolId),
+                  Just ("ClientId" .= _desClientId)])
+
+instance ToPath DescribeUserPoolClient where
+        toPath = const "/"
+
+instance ToQuery DescribeUserPoolClient where
+        toQuery = const mempty
+
+-- | Represents the response from the server from a request to describe the
+-- user pool client.
+--
+-- /See:/ 'describeUserPoolClientResponse' smart constructor.
+data DescribeUserPoolClientResponse = DescribeUserPoolClientResponse'
+    { _dupcrsUserPoolClient :: !(Maybe UserPoolClientType)
+    , _dupcrsResponseStatus :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'DescribeUserPoolClientResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'dupcrsUserPoolClient'
+--
+-- * 'dupcrsResponseStatus'
+describeUserPoolClientResponse
+    :: Int -- ^ 'dupcrsResponseStatus'
+    -> DescribeUserPoolClientResponse
+describeUserPoolClientResponse pResponseStatus_ =
+    DescribeUserPoolClientResponse'
+    { _dupcrsUserPoolClient = Nothing
+    , _dupcrsResponseStatus = pResponseStatus_
+    }
+
+-- | The user pool client from a server response to describe the user pool
+-- client.
+dupcrsUserPoolClient :: Lens' DescribeUserPoolClientResponse (Maybe UserPoolClientType)
+dupcrsUserPoolClient = lens _dupcrsUserPoolClient (\ s a -> s{_dupcrsUserPoolClient = a});
+
+-- | The response status code.
+dupcrsResponseStatus :: Lens' DescribeUserPoolClientResponse Int
+dupcrsResponseStatus = lens _dupcrsResponseStatus (\ s a -> s{_dupcrsResponseStatus = a});
+
+instance NFData DescribeUserPoolClientResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/ForgotPassword.hs b/gen/Network/AWS/CognitoIdentityProvider/ForgotPassword.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/ForgotPassword.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.ForgotPassword
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the password for the specified client ID or username.
+module Network.AWS.CognitoIdentityProvider.ForgotPassword
+    (
+    -- * Creating a Request
+      forgotPassword
+    , ForgotPassword
+    -- * Request Lenses
+    , fpSecretHash
+    , fpClientId
+    , fpUsername
+
+    -- * Destructuring the Response
+    , forgotPasswordResponse
+    , ForgotPasswordResponse
+    -- * Response Lenses
+    , fprsCodeDeliveryDetails
+    , fprsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to reset a user\'s password.
+--
+-- /See:/ 'forgotPassword' smart constructor.
+data ForgotPassword = ForgotPassword'
+    { _fpSecretHash :: !(Maybe (Sensitive Text))
+    , _fpClientId   :: !(Sensitive Text)
+    , _fpUsername   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ForgotPassword' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'fpSecretHash'
+--
+-- * 'fpClientId'
+--
+-- * 'fpUsername'
+forgotPassword
+    :: Text -- ^ 'fpClientId'
+    -> Text -- ^ 'fpUsername'
+    -> ForgotPassword
+forgotPassword pClientId_ pUsername_ =
+    ForgotPassword'
+    { _fpSecretHash = Nothing
+    , _fpClientId = _Sensitive # pClientId_
+    , _fpUsername = _Sensitive # pUsername_
+    }
+
+-- | A keyed-hash message authentication code (HMAC) calculated using the
+-- secret key of a user pool client and username plus the client ID in the
+-- message.
+fpSecretHash :: Lens' ForgotPassword (Maybe Text)
+fpSecretHash = lens _fpSecretHash (\ s a -> s{_fpSecretHash = a}) . mapping _Sensitive;
+
+-- | The ID of the client associated with the user pool.
+fpClientId :: Lens' ForgotPassword Text
+fpClientId = lens _fpClientId (\ s a -> s{_fpClientId = a}) . _Sensitive;
+
+-- | The user name of the user for whom you want to enter a code to retrieve
+-- a forgotten password.
+fpUsername :: Lens' ForgotPassword Text
+fpUsername = lens _fpUsername (\ s a -> s{_fpUsername = a}) . _Sensitive;
+
+instance AWSRequest ForgotPassword where
+        type Rs ForgotPassword = ForgotPasswordResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 ForgotPasswordResponse' <$>
+                   (x .?> "CodeDeliveryDetails") <*>
+                     (pure (fromEnum s)))
+
+instance Hashable ForgotPassword
+
+instance NFData ForgotPassword
+
+instance ToHeaders ForgotPassword where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.ForgotPassword"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON ForgotPassword where
+        toJSON ForgotPassword'{..}
+          = object
+              (catMaybes
+                 [("SecretHash" .=) <$> _fpSecretHash,
+                  Just ("ClientId" .= _fpClientId),
+                  Just ("Username" .= _fpUsername)])
+
+instance ToPath ForgotPassword where
+        toPath = const "/"
+
+instance ToQuery ForgotPassword where
+        toQuery = const mempty
+
+-- | Respresents the response from the server regarding the request to reset
+-- a password.
+--
+-- /See:/ 'forgotPasswordResponse' smart constructor.
+data ForgotPasswordResponse = ForgotPasswordResponse'
+    { _fprsCodeDeliveryDetails :: !(Maybe CodeDeliveryDetailsType)
+    , _fprsResponseStatus      :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ForgotPasswordResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'fprsCodeDeliveryDetails'
+--
+-- * 'fprsResponseStatus'
+forgotPasswordResponse
+    :: Int -- ^ 'fprsResponseStatus'
+    -> ForgotPasswordResponse
+forgotPasswordResponse pResponseStatus_ =
+    ForgotPasswordResponse'
+    { _fprsCodeDeliveryDetails = Nothing
+    , _fprsResponseStatus = pResponseStatus_
+    }
+
+-- | Undocumented member.
+fprsCodeDeliveryDetails :: Lens' ForgotPasswordResponse (Maybe CodeDeliveryDetailsType)
+fprsCodeDeliveryDetails = lens _fprsCodeDeliveryDetails (\ s a -> s{_fprsCodeDeliveryDetails = a});
+
+-- | The response status code.
+fprsResponseStatus :: Lens' ForgotPasswordResponse Int
+fprsResponseStatus = lens _fprsResponseStatus (\ s a -> s{_fprsResponseStatus = a});
+
+instance NFData ForgotPasswordResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/GetUser.hs b/gen/Network/AWS/CognitoIdentityProvider/GetUser.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/GetUser.hs
@@ -0,0 +1,159 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.GetUser
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets the user attributes and metadata for a user.
+module Network.AWS.CognitoIdentityProvider.GetUser
+    (
+    -- * Creating a Request
+      getUser
+    , GetUser
+    -- * Request Lenses
+    , guAccessToken
+
+    -- * Destructuring the Response
+    , getUserResponse
+    , GetUserResponse
+    -- * Response Lenses
+    , gursMFAOptions
+    , gursResponseStatus
+    , gursUsername
+    , gursUserAttributes
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to get information about the user.
+--
+-- /See:/ 'getUser' smart constructor.
+newtype GetUser = GetUser'
+    { _guAccessToken :: Maybe (Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'GetUser' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'guAccessToken'
+getUser
+    :: GetUser
+getUser =
+    GetUser'
+    { _guAccessToken = Nothing
+    }
+
+-- | The access token returned by the server response to get information
+-- about the user.
+guAccessToken :: Lens' GetUser (Maybe Text)
+guAccessToken = lens _guAccessToken (\ s a -> s{_guAccessToken = a}) . mapping _Sensitive;
+
+instance AWSRequest GetUser where
+        type Rs GetUser = GetUserResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 GetUserResponse' <$>
+                   (x .?> "MFAOptions" .!@ mempty) <*>
+                     (pure (fromEnum s))
+                     <*> (x .:> "Username")
+                     <*> (x .?> "UserAttributes" .!@ mempty))
+
+instance Hashable GetUser
+
+instance NFData GetUser
+
+instance ToHeaders GetUser where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.GetUser" ::
+                       ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON GetUser where
+        toJSON GetUser'{..}
+          = object
+              (catMaybes [("AccessToken" .=) <$> _guAccessToken])
+
+instance ToPath GetUser where
+        toPath = const "/"
+
+instance ToQuery GetUser where
+        toQuery = const mempty
+
+-- | Represents the response from the server from the request to get
+-- information about the user.
+--
+-- /See:/ 'getUserResponse' smart constructor.
+data GetUserResponse = GetUserResponse'
+    { _gursMFAOptions     :: !(Maybe [MFAOptionType])
+    , _gursResponseStatus :: !Int
+    , _gursUsername       :: !(Sensitive Text)
+    , _gursUserAttributes :: ![AttributeType]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'GetUserResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'gursMFAOptions'
+--
+-- * 'gursResponseStatus'
+--
+-- * 'gursUsername'
+--
+-- * 'gursUserAttributes'
+getUserResponse
+    :: Int -- ^ 'gursResponseStatus'
+    -> Text -- ^ 'gursUsername'
+    -> GetUserResponse
+getUserResponse pResponseStatus_ pUsername_ =
+    GetUserResponse'
+    { _gursMFAOptions = Nothing
+    , _gursResponseStatus = pResponseStatus_
+    , _gursUsername = _Sensitive # pUsername_
+    , _gursUserAttributes = mempty
+    }
+
+-- | Specifies the options for MFA (e.g., email or phone number).
+gursMFAOptions :: Lens' GetUserResponse [MFAOptionType]
+gursMFAOptions = lens _gursMFAOptions (\ s a -> s{_gursMFAOptions = a}) . _Default . _Coerce;
+
+-- | The response status code.
+gursResponseStatus :: Lens' GetUserResponse Int
+gursResponseStatus = lens _gursResponseStatus (\ s a -> s{_gursResponseStatus = a});
+
+-- | The user name of the user you wish to retrieve from the get user
+-- request.
+gursUsername :: Lens' GetUserResponse Text
+gursUsername = lens _gursUsername (\ s a -> s{_gursUsername = a}) . _Sensitive;
+
+-- | An array of name-value pairs representing user attributes.
+gursUserAttributes :: Lens' GetUserResponse [AttributeType]
+gursUserAttributes = lens _gursUserAttributes (\ s a -> s{_gursUserAttributes = a}) . _Coerce;
+
+instance NFData GetUserResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/GetUserAttributeVerificationCode.hs b/gen/Network/AWS/CognitoIdentityProvider/GetUserAttributeVerificationCode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/GetUserAttributeVerificationCode.hs
@@ -0,0 +1,159 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.GetUserAttributeVerificationCode
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets the user attribute verification code for the specified attribute
+-- name.
+module Network.AWS.CognitoIdentityProvider.GetUserAttributeVerificationCode
+    (
+    -- * Creating a Request
+      getUserAttributeVerificationCode
+    , GetUserAttributeVerificationCode
+    -- * Request Lenses
+    , guavcAccessToken
+    , guavcAttributeName
+
+    -- * Destructuring the Response
+    , getUserAttributeVerificationCodeResponse
+    , GetUserAttributeVerificationCodeResponse
+    -- * Response Lenses
+    , guavcrsCodeDeliveryDetails
+    , guavcrsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to get user attribute verification.
+--
+-- /See:/ 'getUserAttributeVerificationCode' smart constructor.
+data GetUserAttributeVerificationCode = GetUserAttributeVerificationCode'
+    { _guavcAccessToken   :: !(Maybe (Sensitive Text))
+    , _guavcAttributeName :: !Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'GetUserAttributeVerificationCode' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'guavcAccessToken'
+--
+-- * 'guavcAttributeName'
+getUserAttributeVerificationCode
+    :: Text -- ^ 'guavcAttributeName'
+    -> GetUserAttributeVerificationCode
+getUserAttributeVerificationCode pAttributeName_ =
+    GetUserAttributeVerificationCode'
+    { _guavcAccessToken = Nothing
+    , _guavcAttributeName = pAttributeName_
+    }
+
+-- | The access token returned by the server response to get the user
+-- attribute verification code.
+guavcAccessToken :: Lens' GetUserAttributeVerificationCode (Maybe Text)
+guavcAccessToken = lens _guavcAccessToken (\ s a -> s{_guavcAccessToken = a}) . mapping _Sensitive;
+
+-- | The attribute name returned by the server response to get the user
+-- attribute verification code.
+guavcAttributeName :: Lens' GetUserAttributeVerificationCode Text
+guavcAttributeName = lens _guavcAttributeName (\ s a -> s{_guavcAttributeName = a});
+
+instance AWSRequest GetUserAttributeVerificationCode
+         where
+        type Rs GetUserAttributeVerificationCode =
+             GetUserAttributeVerificationCodeResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 GetUserAttributeVerificationCodeResponse' <$>
+                   (x .?> "CodeDeliveryDetails") <*>
+                     (pure (fromEnum s)))
+
+instance Hashable GetUserAttributeVerificationCode
+
+instance NFData GetUserAttributeVerificationCode
+
+instance ToHeaders GetUserAttributeVerificationCode
+         where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.GetUserAttributeVerificationCode"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON GetUserAttributeVerificationCode
+         where
+        toJSON GetUserAttributeVerificationCode'{..}
+          = object
+              (catMaybes
+                 [("AccessToken" .=) <$> _guavcAccessToken,
+                  Just ("AttributeName" .= _guavcAttributeName)])
+
+instance ToPath GetUserAttributeVerificationCode
+         where
+        toPath = const "/"
+
+instance ToQuery GetUserAttributeVerificationCode
+         where
+        toQuery = const mempty
+
+-- | The verification code response returned by the server response to get
+-- the user attribute verification code.
+--
+-- /See:/ 'getUserAttributeVerificationCodeResponse' smart constructor.
+data GetUserAttributeVerificationCodeResponse = GetUserAttributeVerificationCodeResponse'
+    { _guavcrsCodeDeliveryDetails :: !(Maybe CodeDeliveryDetailsType)
+    , _guavcrsResponseStatus      :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'GetUserAttributeVerificationCodeResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'guavcrsCodeDeliveryDetails'
+--
+-- * 'guavcrsResponseStatus'
+getUserAttributeVerificationCodeResponse
+    :: Int -- ^ 'guavcrsResponseStatus'
+    -> GetUserAttributeVerificationCodeResponse
+getUserAttributeVerificationCodeResponse pResponseStatus_ =
+    GetUserAttributeVerificationCodeResponse'
+    { _guavcrsCodeDeliveryDetails = Nothing
+    , _guavcrsResponseStatus = pResponseStatus_
+    }
+
+-- | The code delivery details returned by the server response to get the
+-- user attribute verification code.
+guavcrsCodeDeliveryDetails :: Lens' GetUserAttributeVerificationCodeResponse (Maybe CodeDeliveryDetailsType)
+guavcrsCodeDeliveryDetails = lens _guavcrsCodeDeliveryDetails (\ s a -> s{_guavcrsCodeDeliveryDetails = a});
+
+-- | The response status code.
+guavcrsResponseStatus :: Lens' GetUserAttributeVerificationCodeResponse Int
+guavcrsResponseStatus = lens _guavcrsResponseStatus (\ s a -> s{_guavcrsResponseStatus = a});
+
+instance NFData
+         GetUserAttributeVerificationCodeResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/ListUserPoolClients.hs b/gen/Network/AWS/CognitoIdentityProvider/ListUserPoolClients.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/ListUserPoolClients.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.ListUserPoolClients
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the clients that have been created for the specified user pool.
+module Network.AWS.CognitoIdentityProvider.ListUserPoolClients
+    (
+    -- * Creating a Request
+      listUserPoolClients
+    , ListUserPoolClients
+    -- * Request Lenses
+    , lupcNextToken
+    , lupcMaxResults
+    , lupcUserPoolId
+
+    -- * Destructuring the Response
+    , listUserPoolClientsResponse
+    , ListUserPoolClientsResponse
+    -- * Response Lenses
+    , lupcrsNextToken
+    , lupcrsUserPoolClients
+    , lupcrsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to list the user pool clients.
+--
+-- /See:/ 'listUserPoolClients' smart constructor.
+data ListUserPoolClients = ListUserPoolClients'
+    { _lupcNextToken  :: !(Maybe Text)
+    , _lupcMaxResults :: !(Maybe Nat)
+    , _lupcUserPoolId :: !Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ListUserPoolClients' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'lupcNextToken'
+--
+-- * 'lupcMaxResults'
+--
+-- * 'lupcUserPoolId'
+listUserPoolClients
+    :: Text -- ^ 'lupcUserPoolId'
+    -> ListUserPoolClients
+listUserPoolClients pUserPoolId_ =
+    ListUserPoolClients'
+    { _lupcNextToken = Nothing
+    , _lupcMaxResults = Nothing
+    , _lupcUserPoolId = pUserPoolId_
+    }
+
+-- | An identifier that was returned from the previous call to this
+-- operation, which can be used to return the next set of items in the
+-- list.
+lupcNextToken :: Lens' ListUserPoolClients (Maybe Text)
+lupcNextToken = lens _lupcNextToken (\ s a -> s{_lupcNextToken = a});
+
+-- | The maximum number of results you want the request to return when
+-- listing the user pool clients.
+lupcMaxResults :: Lens' ListUserPoolClients (Maybe Natural)
+lupcMaxResults = lens _lupcMaxResults (\ s a -> s{_lupcMaxResults = a}) . mapping _Nat;
+
+-- | The user pool ID for the user pool where you want to list user pool
+-- clients.
+lupcUserPoolId :: Lens' ListUserPoolClients Text
+lupcUserPoolId = lens _lupcUserPoolId (\ s a -> s{_lupcUserPoolId = a});
+
+instance AWSRequest ListUserPoolClients where
+        type Rs ListUserPoolClients =
+             ListUserPoolClientsResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 ListUserPoolClientsResponse' <$>
+                   (x .?> "NextToken") <*>
+                     (x .?> "UserPoolClients" .!@ mempty)
+                     <*> (pure (fromEnum s)))
+
+instance Hashable ListUserPoolClients
+
+instance NFData ListUserPoolClients
+
+instance ToHeaders ListUserPoolClients where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.ListUserPoolClients"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON ListUserPoolClients where
+        toJSON ListUserPoolClients'{..}
+          = object
+              (catMaybes
+                 [("NextToken" .=) <$> _lupcNextToken,
+                  ("MaxResults" .=) <$> _lupcMaxResults,
+                  Just ("UserPoolId" .= _lupcUserPoolId)])
+
+instance ToPath ListUserPoolClients where
+        toPath = const "/"
+
+instance ToQuery ListUserPoolClients where
+        toQuery = const mempty
+
+-- | Represents the response from the server that lists user pool clients.
+--
+-- /See:/ 'listUserPoolClientsResponse' smart constructor.
+data ListUserPoolClientsResponse = ListUserPoolClientsResponse'
+    { _lupcrsNextToken       :: !(Maybe Text)
+    , _lupcrsUserPoolClients :: !(Maybe [UserPoolClientDescription])
+    , _lupcrsResponseStatus  :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ListUserPoolClientsResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'lupcrsNextToken'
+--
+-- * 'lupcrsUserPoolClients'
+--
+-- * 'lupcrsResponseStatus'
+listUserPoolClientsResponse
+    :: Int -- ^ 'lupcrsResponseStatus'
+    -> ListUserPoolClientsResponse
+listUserPoolClientsResponse pResponseStatus_ =
+    ListUserPoolClientsResponse'
+    { _lupcrsNextToken = Nothing
+    , _lupcrsUserPoolClients = Nothing
+    , _lupcrsResponseStatus = pResponseStatus_
+    }
+
+-- | An identifier that was returned from the previous call to this
+-- operation, which can be used to return the next set of items in the
+-- list.
+lupcrsNextToken :: Lens' ListUserPoolClientsResponse (Maybe Text)
+lupcrsNextToken = lens _lupcrsNextToken (\ s a -> s{_lupcrsNextToken = a});
+
+-- | The user pool clients in the response that lists user pool clients.
+lupcrsUserPoolClients :: Lens' ListUserPoolClientsResponse [UserPoolClientDescription]
+lupcrsUserPoolClients = lens _lupcrsUserPoolClients (\ s a -> s{_lupcrsUserPoolClients = a}) . _Default . _Coerce;
+
+-- | The response status code.
+lupcrsResponseStatus :: Lens' ListUserPoolClientsResponse Int
+lupcrsResponseStatus = lens _lupcrsResponseStatus (\ s a -> s{_lupcrsResponseStatus = a});
+
+instance NFData ListUserPoolClientsResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/ListUserPools.hs b/gen/Network/AWS/CognitoIdentityProvider/ListUserPools.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/ListUserPools.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.ListUserPools
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the user pools associated with an AWS account.
+module Network.AWS.CognitoIdentityProvider.ListUserPools
+    (
+    -- * Creating a Request
+      listUserPools
+    , ListUserPools
+    -- * Request Lenses
+    , lupNextToken
+    , lupMaxResults
+
+    -- * Destructuring the Response
+    , listUserPoolsResponse
+    , ListUserPoolsResponse
+    -- * Response Lenses
+    , luprsUserPools
+    , luprsNextToken
+    , luprsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to list user pools.
+--
+-- /See:/ 'listUserPools' smart constructor.
+data ListUserPools = ListUserPools'
+    { _lupNextToken  :: !(Maybe Text)
+    , _lupMaxResults :: !Nat
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ListUserPools' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'lupNextToken'
+--
+-- * 'lupMaxResults'
+listUserPools
+    :: Natural -- ^ 'lupMaxResults'
+    -> ListUserPools
+listUserPools pMaxResults_ =
+    ListUserPools'
+    { _lupNextToken = Nothing
+    , _lupMaxResults = _Nat # pMaxResults_
+    }
+
+-- | An identifier that was returned from the previous call to this
+-- operation, which can be used to return the next set of items in the
+-- list.
+lupNextToken :: Lens' ListUserPools (Maybe Text)
+lupNextToken = lens _lupNextToken (\ s a -> s{_lupNextToken = a});
+
+-- | The maximum number of results you want the request to return when
+-- listing the user pools.
+lupMaxResults :: Lens' ListUserPools Natural
+lupMaxResults = lens _lupMaxResults (\ s a -> s{_lupMaxResults = a}) . _Nat;
+
+instance AWSRequest ListUserPools where
+        type Rs ListUserPools = ListUserPoolsResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 ListUserPoolsResponse' <$>
+                   (x .?> "UserPools" .!@ mempty) <*>
+                     (x .?> "NextToken")
+                     <*> (pure (fromEnum s)))
+
+instance Hashable ListUserPools
+
+instance NFData ListUserPools
+
+instance ToHeaders ListUserPools where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.ListUserPools" ::
+                       ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON ListUserPools where
+        toJSON ListUserPools'{..}
+          = object
+              (catMaybes
+                 [("NextToken" .=) <$> _lupNextToken,
+                  Just ("MaxResults" .= _lupMaxResults)])
+
+instance ToPath ListUserPools where
+        toPath = const "/"
+
+instance ToQuery ListUserPools where
+        toQuery = const mempty
+
+-- | Represents the response to list user pools.
+--
+-- /See:/ 'listUserPoolsResponse' smart constructor.
+data ListUserPoolsResponse = ListUserPoolsResponse'
+    { _luprsUserPools      :: !(Maybe [UserPoolDescriptionType])
+    , _luprsNextToken      :: !(Maybe Text)
+    , _luprsResponseStatus :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ListUserPoolsResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'luprsUserPools'
+--
+-- * 'luprsNextToken'
+--
+-- * 'luprsResponseStatus'
+listUserPoolsResponse
+    :: Int -- ^ 'luprsResponseStatus'
+    -> ListUserPoolsResponse
+listUserPoolsResponse pResponseStatus_ =
+    ListUserPoolsResponse'
+    { _luprsUserPools = Nothing
+    , _luprsNextToken = Nothing
+    , _luprsResponseStatus = pResponseStatus_
+    }
+
+-- | The user pools from the response to list users.
+luprsUserPools :: Lens' ListUserPoolsResponse [UserPoolDescriptionType]
+luprsUserPools = lens _luprsUserPools (\ s a -> s{_luprsUserPools = a}) . _Default . _Coerce;
+
+-- | An identifier that was returned from the previous call to this
+-- operation, which can be used to return the next set of items in the
+-- list.
+luprsNextToken :: Lens' ListUserPoolsResponse (Maybe Text)
+luprsNextToken = lens _luprsNextToken (\ s a -> s{_luprsNextToken = a});
+
+-- | The response status code.
+luprsResponseStatus :: Lens' ListUserPoolsResponse Int
+luprsResponseStatus = lens _luprsResponseStatus (\ s a -> s{_luprsResponseStatus = a});
+
+instance NFData ListUserPoolsResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/ListUsers.hs b/gen/Network/AWS/CognitoIdentityProvider/ListUsers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/ListUsers.hs
@@ -0,0 +1,197 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.ListUsers
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the users in the Amazon Cognito user pool.
+module Network.AWS.CognitoIdentityProvider.ListUsers
+    (
+    -- * Creating a Request
+      listUsers
+    , ListUsers
+    -- * Request Lenses
+    , luPaginationToken
+    , luAttributesToGet
+    , luUserStatus
+    , luLimit
+    , luUserPoolId
+
+    -- * Destructuring the Response
+    , listUsersResponse
+    , ListUsersResponse
+    -- * Response Lenses
+    , lursPaginationToken
+    , lursUsers
+    , lursResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to list users.
+--
+-- /See:/ 'listUsers' smart constructor.
+data ListUsers = ListUsers'
+    { _luPaginationToken :: !(Maybe Text)
+    , _luAttributesToGet :: !(Maybe [Text])
+    , _luUserStatus      :: !(Maybe UserStatusType)
+    , _luLimit           :: !(Maybe Nat)
+    , _luUserPoolId      :: !Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ListUsers' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'luPaginationToken'
+--
+-- * 'luAttributesToGet'
+--
+-- * 'luUserStatus'
+--
+-- * 'luLimit'
+--
+-- * 'luUserPoolId'
+listUsers
+    :: Text -- ^ 'luUserPoolId'
+    -> ListUsers
+listUsers pUserPoolId_ =
+    ListUsers'
+    { _luPaginationToken = Nothing
+    , _luAttributesToGet = Nothing
+    , _luUserStatus = Nothing
+    , _luLimit = Nothing
+    , _luUserPoolId = pUserPoolId_
+    }
+
+-- | An identifier that was returned from the previous call to this
+-- operation, which can be used to return the next set of items in the
+-- list.
+luPaginationToken :: Lens' ListUsers (Maybe Text)
+luPaginationToken = lens _luPaginationToken (\ s a -> s{_luPaginationToken = a});
+
+-- | The attributes to get from the request to list users.
+luAttributesToGet :: Lens' ListUsers [Text]
+luAttributesToGet = lens _luAttributesToGet (\ s a -> s{_luAttributesToGet = a}) . _Default . _Coerce;
+
+-- | The user status. Can be one of the following:
+--
+-- -   UNCONFIRMED - User has been created but not confirmed.
+-- -   CONFIRMED - User has been confirmed.
+-- -   ARCHIVED - User is no longer active.
+-- -   COMPROMISED - User is disabled due to a potential security threat.
+-- -   UNKNOWN - User status is not known.
+luUserStatus :: Lens' ListUsers (Maybe UserStatusType)
+luUserStatus = lens _luUserStatus (\ s a -> s{_luUserStatus = a});
+
+-- | The limit of the request to list users.
+luLimit :: Lens' ListUsers (Maybe Natural)
+luLimit = lens _luLimit (\ s a -> s{_luLimit = a}) . mapping _Nat;
+
+-- | The user pool ID for which you want to list users.
+luUserPoolId :: Lens' ListUsers Text
+luUserPoolId = lens _luUserPoolId (\ s a -> s{_luUserPoolId = a});
+
+instance AWSRequest ListUsers where
+        type Rs ListUsers = ListUsersResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 ListUsersResponse' <$>
+                   (x .?> "PaginationToken") <*>
+                     (x .?> "Users" .!@ mempty)
+                     <*> (pure (fromEnum s)))
+
+instance Hashable ListUsers
+
+instance NFData ListUsers
+
+instance ToHeaders ListUsers where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.ListUsers" ::
+                       ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON ListUsers where
+        toJSON ListUsers'{..}
+          = object
+              (catMaybes
+                 [("PaginationToken" .=) <$> _luPaginationToken,
+                  ("AttributesToGet" .=) <$> _luAttributesToGet,
+                  ("UserStatus" .=) <$> _luUserStatus,
+                  ("Limit" .=) <$> _luLimit,
+                  Just ("UserPoolId" .= _luUserPoolId)])
+
+instance ToPath ListUsers where
+        toPath = const "/"
+
+instance ToQuery ListUsers where
+        toQuery = const mempty
+
+-- | The response from the request to list users.
+--
+-- /See:/ 'listUsersResponse' smart constructor.
+data ListUsersResponse = ListUsersResponse'
+    { _lursPaginationToken :: !(Maybe Text)
+    , _lursUsers           :: !(Maybe [UserType])
+    , _lursResponseStatus  :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ListUsersResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'lursPaginationToken'
+--
+-- * 'lursUsers'
+--
+-- * 'lursResponseStatus'
+listUsersResponse
+    :: Int -- ^ 'lursResponseStatus'
+    -> ListUsersResponse
+listUsersResponse pResponseStatus_ =
+    ListUsersResponse'
+    { _lursPaginationToken = Nothing
+    , _lursUsers = Nothing
+    , _lursResponseStatus = pResponseStatus_
+    }
+
+-- | An identifier that was returned from the previous call to this
+-- operation, which can be used to return the next set of items in the
+-- list.
+lursPaginationToken :: Lens' ListUsersResponse (Maybe Text)
+lursPaginationToken = lens _lursPaginationToken (\ s a -> s{_lursPaginationToken = a});
+
+-- | The users returned in the request to list users.
+lursUsers :: Lens' ListUsersResponse [UserType]
+lursUsers = lens _lursUsers (\ s a -> s{_lursUsers = a}) . _Default . _Coerce;
+
+-- | The response status code.
+lursResponseStatus :: Lens' ListUsersResponse Int
+lursResponseStatus = lens _lursResponseStatus (\ s a -> s{_lursResponseStatus = a});
+
+instance NFData ListUsersResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/ResendConfirmationCode.hs b/gen/Network/AWS/CognitoIdentityProvider/ResendConfirmationCode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/ResendConfirmationCode.hs
@@ -0,0 +1,164 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.ResendConfirmationCode
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Resends the confirmation (for confirmation of registration) to a
+-- specific user in the user pool.
+module Network.AWS.CognitoIdentityProvider.ResendConfirmationCode
+    (
+    -- * Creating a Request
+      resendConfirmationCode
+    , ResendConfirmationCode
+    -- * Request Lenses
+    , rccSecretHash
+    , rccClientId
+    , rccUsername
+
+    -- * Destructuring the Response
+    , resendConfirmationCodeResponse
+    , ResendConfirmationCodeResponse
+    -- * Response Lenses
+    , rccrsCodeDeliveryDetails
+    , rccrsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to resend the confirmation code.
+--
+-- /See:/ 'resendConfirmationCode' smart constructor.
+data ResendConfirmationCode = ResendConfirmationCode'
+    { _rccSecretHash :: !(Maybe (Sensitive Text))
+    , _rccClientId   :: !(Sensitive Text)
+    , _rccUsername   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ResendConfirmationCode' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'rccSecretHash'
+--
+-- * 'rccClientId'
+--
+-- * 'rccUsername'
+resendConfirmationCode
+    :: Text -- ^ 'rccClientId'
+    -> Text -- ^ 'rccUsername'
+    -> ResendConfirmationCode
+resendConfirmationCode pClientId_ pUsername_ =
+    ResendConfirmationCode'
+    { _rccSecretHash = Nothing
+    , _rccClientId = _Sensitive # pClientId_
+    , _rccUsername = _Sensitive # pUsername_
+    }
+
+-- | A keyed-hash message authentication code (HMAC) calculated using the
+-- secret key of a user pool client and username plus the client ID in the
+-- message.
+rccSecretHash :: Lens' ResendConfirmationCode (Maybe Text)
+rccSecretHash = lens _rccSecretHash (\ s a -> s{_rccSecretHash = a}) . mapping _Sensitive;
+
+-- | The ID of the client associated with the user pool.
+rccClientId :: Lens' ResendConfirmationCode Text
+rccClientId = lens _rccClientId (\ s a -> s{_rccClientId = a}) . _Sensitive;
+
+-- | The user name of the user to whom you wish to resend a confirmation
+-- code.
+rccUsername :: Lens' ResendConfirmationCode Text
+rccUsername = lens _rccUsername (\ s a -> s{_rccUsername = a}) . _Sensitive;
+
+instance AWSRequest ResendConfirmationCode where
+        type Rs ResendConfirmationCode =
+             ResendConfirmationCodeResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 ResendConfirmationCodeResponse' <$>
+                   (x .?> "CodeDeliveryDetails") <*>
+                     (pure (fromEnum s)))
+
+instance Hashable ResendConfirmationCode
+
+instance NFData ResendConfirmationCode
+
+instance ToHeaders ResendConfirmationCode where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.ResendConfirmationCode"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON ResendConfirmationCode where
+        toJSON ResendConfirmationCode'{..}
+          = object
+              (catMaybes
+                 [("SecretHash" .=) <$> _rccSecretHash,
+                  Just ("ClientId" .= _rccClientId),
+                  Just ("Username" .= _rccUsername)])
+
+instance ToPath ResendConfirmationCode where
+        toPath = const "/"
+
+instance ToQuery ResendConfirmationCode where
+        toQuery = const mempty
+
+-- | The response from the server when the Amazon Cognito service makes the
+-- request to resend a confirmation code.
+--
+-- /See:/ 'resendConfirmationCodeResponse' smart constructor.
+data ResendConfirmationCodeResponse = ResendConfirmationCodeResponse'
+    { _rccrsCodeDeliveryDetails :: !(Maybe CodeDeliveryDetailsType)
+    , _rccrsResponseStatus      :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ResendConfirmationCodeResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'rccrsCodeDeliveryDetails'
+--
+-- * 'rccrsResponseStatus'
+resendConfirmationCodeResponse
+    :: Int -- ^ 'rccrsResponseStatus'
+    -> ResendConfirmationCodeResponse
+resendConfirmationCodeResponse pResponseStatus_ =
+    ResendConfirmationCodeResponse'
+    { _rccrsCodeDeliveryDetails = Nothing
+    , _rccrsResponseStatus = pResponseStatus_
+    }
+
+-- | Undocumented member.
+rccrsCodeDeliveryDetails :: Lens' ResendConfirmationCodeResponse (Maybe CodeDeliveryDetailsType)
+rccrsCodeDeliveryDetails = lens _rccrsCodeDeliveryDetails (\ s a -> s{_rccrsCodeDeliveryDetails = a});
+
+-- | The response status code.
+rccrsResponseStatus :: Lens' ResendConfirmationCodeResponse Int
+rccrsResponseStatus = lens _rccrsResponseStatus (\ s a -> s{_rccrsResponseStatus = a});
+
+instance NFData ResendConfirmationCodeResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/SetUserSettings.hs b/gen/Network/AWS/CognitoIdentityProvider/SetUserSettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/SetUserSettings.hs
@@ -0,0 +1,138 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.SetUserSettings
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Sets the user settings like multi-factor authentication (MFA). If MFA is
+-- to be removed for a particular attribute pass the attribute with code
+-- delivery as null. If null list is passed, all MFA options are removed.
+module Network.AWS.CognitoIdentityProvider.SetUserSettings
+    (
+    -- * Creating a Request
+      setUserSettings
+    , SetUserSettings
+    -- * Request Lenses
+    , susAccessToken
+    , susMFAOptions
+
+    -- * Destructuring the Response
+    , setUserSettingsResponse
+    , SetUserSettingsResponse
+    -- * Response Lenses
+    , susrsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to set user settings.
+--
+-- /See:/ 'setUserSettings' smart constructor.
+data SetUserSettings = SetUserSettings'
+    { _susAccessToken :: !(Sensitive Text)
+    , _susMFAOptions  :: ![MFAOptionType]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'SetUserSettings' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'susAccessToken'
+--
+-- * 'susMFAOptions'
+setUserSettings
+    :: Text -- ^ 'susAccessToken'
+    -> SetUserSettings
+setUserSettings pAccessToken_ =
+    SetUserSettings'
+    { _susAccessToken = _Sensitive # pAccessToken_
+    , _susMFAOptions = mempty
+    }
+
+-- | The access token for the set user settings request.
+susAccessToken :: Lens' SetUserSettings Text
+susAccessToken = lens _susAccessToken (\ s a -> s{_susAccessToken = a}) . _Sensitive;
+
+-- | Specifies the options for MFA (e.g., email or phone number).
+susMFAOptions :: Lens' SetUserSettings [MFAOptionType]
+susMFAOptions = lens _susMFAOptions (\ s a -> s{_susMFAOptions = a}) . _Coerce;
+
+instance AWSRequest SetUserSettings where
+        type Rs SetUserSettings = SetUserSettingsResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 SetUserSettingsResponse' <$> (pure (fromEnum s)))
+
+instance Hashable SetUserSettings
+
+instance NFData SetUserSettings
+
+instance ToHeaders SetUserSettings where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.SetUserSettings"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON SetUserSettings where
+        toJSON SetUserSettings'{..}
+          = object
+              (catMaybes
+                 [Just ("AccessToken" .= _susAccessToken),
+                  Just ("MFAOptions" .= _susMFAOptions)])
+
+instance ToPath SetUserSettings where
+        toPath = const "/"
+
+instance ToQuery SetUserSettings where
+        toQuery = const mempty
+
+-- | The response from the server for a set user settings request.
+--
+-- /See:/ 'setUserSettingsResponse' smart constructor.
+newtype SetUserSettingsResponse = SetUserSettingsResponse'
+    { _susrsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'SetUserSettingsResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'susrsResponseStatus'
+setUserSettingsResponse
+    :: Int -- ^ 'susrsResponseStatus'
+    -> SetUserSettingsResponse
+setUserSettingsResponse pResponseStatus_ =
+    SetUserSettingsResponse'
+    { _susrsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+susrsResponseStatus :: Lens' SetUserSettingsResponse Int
+susrsResponseStatus = lens _susrsResponseStatus (\ s a -> s{_susrsResponseStatus = a});
+
+instance NFData SetUserSettingsResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/SignUp.hs b/gen/Network/AWS/CognitoIdentityProvider/SignUp.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/SignUp.hs
@@ -0,0 +1,203 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.SignUp
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Registers the user in the specified user pool and creates a user name,
+-- password, and user attributes.
+module Network.AWS.CognitoIdentityProvider.SignUp
+    (
+    -- * Creating a Request
+      signUp
+    , SignUp
+    -- * Request Lenses
+    , suUserAttributes
+    , suSecretHash
+    , suValidationData
+    , suClientId
+    , suUsername
+    , suPassword
+
+    -- * Destructuring the Response
+    , signUpResponse
+    , SignUpResponse
+    -- * Response Lenses
+    , sursUserConfirmed
+    , sursCodeDeliveryDetails
+    , sursResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to register a user.
+--
+-- /See:/ 'signUp' smart constructor.
+data SignUp = SignUp'
+    { _suUserAttributes :: !(Maybe [AttributeType])
+    , _suSecretHash     :: !(Maybe (Sensitive Text))
+    , _suValidationData :: !(Maybe [AttributeType])
+    , _suClientId       :: !(Sensitive Text)
+    , _suUsername       :: !(Sensitive Text)
+    , _suPassword       :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'SignUp' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'suUserAttributes'
+--
+-- * 'suSecretHash'
+--
+-- * 'suValidationData'
+--
+-- * 'suClientId'
+--
+-- * 'suUsername'
+--
+-- * 'suPassword'
+signUp
+    :: Text -- ^ 'suClientId'
+    -> Text -- ^ 'suUsername'
+    -> Text -- ^ 'suPassword'
+    -> SignUp
+signUp pClientId_ pUsername_ pPassword_ =
+    SignUp'
+    { _suUserAttributes = Nothing
+    , _suSecretHash = Nothing
+    , _suValidationData = Nothing
+    , _suClientId = _Sensitive # pClientId_
+    , _suUsername = _Sensitive # pUsername_
+    , _suPassword = _Sensitive # pPassword_
+    }
+
+-- | An array of name-value pairs representing user attributes.
+suUserAttributes :: Lens' SignUp [AttributeType]
+suUserAttributes = lens _suUserAttributes (\ s a -> s{_suUserAttributes = a}) . _Default . _Coerce;
+
+-- | A keyed-hash message authentication code (HMAC) calculated using the
+-- secret key of a user pool client and username plus the client ID in the
+-- message.
+suSecretHash :: Lens' SignUp (Maybe Text)
+suSecretHash = lens _suSecretHash (\ s a -> s{_suSecretHash = a}) . mapping _Sensitive;
+
+-- | The validation data in the request to register a user.
+suValidationData :: Lens' SignUp [AttributeType]
+suValidationData = lens _suValidationData (\ s a -> s{_suValidationData = a}) . _Default . _Coerce;
+
+-- | The ID of the client associated with the user pool.
+suClientId :: Lens' SignUp Text
+suClientId = lens _suClientId (\ s a -> s{_suClientId = a}) . _Sensitive;
+
+-- | The user name of the user you wish to register.
+suUsername :: Lens' SignUp Text
+suUsername = lens _suUsername (\ s a -> s{_suUsername = a}) . _Sensitive;
+
+-- | The password of the user you wish to register.
+suPassword :: Lens' SignUp Text
+suPassword = lens _suPassword (\ s a -> s{_suPassword = a}) . _Sensitive;
+
+instance AWSRequest SignUp where
+        type Rs SignUp = SignUpResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 SignUpResponse' <$>
+                   (x .?> "UserConfirmed") <*>
+                     (x .?> "CodeDeliveryDetails")
+                     <*> (pure (fromEnum s)))
+
+instance Hashable SignUp
+
+instance NFData SignUp
+
+instance ToHeaders SignUp where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.SignUp" ::
+                       ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON SignUp where
+        toJSON SignUp'{..}
+          = object
+              (catMaybes
+                 [("UserAttributes" .=) <$> _suUserAttributes,
+                  ("SecretHash" .=) <$> _suSecretHash,
+                  ("ValidationData" .=) <$> _suValidationData,
+                  Just ("ClientId" .= _suClientId),
+                  Just ("Username" .= _suUsername),
+                  Just ("Password" .= _suPassword)])
+
+instance ToPath SignUp where
+        toPath = const "/"
+
+instance ToQuery SignUp where
+        toQuery = const mempty
+
+-- | The response from the server for a registration request.
+--
+-- /See:/ 'signUpResponse' smart constructor.
+data SignUpResponse = SignUpResponse'
+    { _sursUserConfirmed       :: !(Maybe Bool)
+    , _sursCodeDeliveryDetails :: !(Maybe CodeDeliveryDetailsType)
+    , _sursResponseStatus      :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'SignUpResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'sursUserConfirmed'
+--
+-- * 'sursCodeDeliveryDetails'
+--
+-- * 'sursResponseStatus'
+signUpResponse
+    :: Int -- ^ 'sursResponseStatus'
+    -> SignUpResponse
+signUpResponse pResponseStatus_ =
+    SignUpResponse'
+    { _sursUserConfirmed = Nothing
+    , _sursCodeDeliveryDetails = Nothing
+    , _sursResponseStatus = pResponseStatus_
+    }
+
+-- | A response from the server indicating that a user registration has been
+-- confirmed.
+sursUserConfirmed :: Lens' SignUpResponse (Maybe Bool)
+sursUserConfirmed = lens _sursUserConfirmed (\ s a -> s{_sursUserConfirmed = a});
+
+-- | Undocumented member.
+sursCodeDeliveryDetails :: Lens' SignUpResponse (Maybe CodeDeliveryDetailsType)
+sursCodeDeliveryDetails = lens _sursCodeDeliveryDetails (\ s a -> s{_sursCodeDeliveryDetails = a});
+
+-- | The response status code.
+sursResponseStatus :: Lens' SignUpResponse Int
+sursResponseStatus = lens _sursResponseStatus (\ s a -> s{_sursResponseStatus = a});
+
+instance NFData SignUpResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/Types.hs b/gen/Network/AWS/CognitoIdentityProvider/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/Types.hs
@@ -0,0 +1,305 @@
+{-# LANGUAGE OverloadedStrings #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.Types
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Network.AWS.CognitoIdentityProvider.Types
+    (
+    -- * Service Configuration
+      cognitoIdentityProvider
+
+    -- * Errors
+    , _InvalidParameterException
+    , _InvalidLambdaResponseException
+    , _UnexpectedLambdaException
+    , _NotAuthorizedException
+    , _InternalErrorException
+    , _CodeMismatchException
+    , _TooManyRequestsException
+    , _ConcurrentModificationException
+    , _UserLambdaValidationException
+    , _ExpiredCodeException
+    , _TooManyFailedAttemptsException
+    , _ResourceNotFoundException
+    , _AliasExistsException
+    , _LimitExceededException
+    , _InvalidPasswordException
+    , _UsernameExistsException
+
+    -- * AliasAttributeType
+    , AliasAttributeType (..)
+
+    -- * AttributeDataType
+    , AttributeDataType (..)
+
+    -- * DeliveryMediumType
+    , DeliveryMediumType (..)
+
+    -- * StatusType
+    , StatusType (..)
+
+    -- * UserPoolMFAType
+    , UserPoolMFAType (..)
+
+    -- * UserStatusType
+    , UserStatusType (..)
+
+    -- * VerifiedAttributeType
+    , VerifiedAttributeType (..)
+
+    -- * AttributeType
+    , AttributeType
+    , attributeType
+    , atValue
+    , atName
+
+    -- * CodeDeliveryDetailsType
+    , CodeDeliveryDetailsType
+    , codeDeliveryDetailsType
+    , cddtDestination
+    , cddtDeliveryMedium
+    , cddtAttributeName
+
+    -- * LambdaConfigType
+    , LambdaConfigType
+    , lambdaConfigType
+    , lctPreAuthentication
+    , lctPostAuthentication
+    , lctCustomMessage
+    , lctPostConfirmation
+    , lctPreSignUp
+
+    -- * MFAOptionType
+    , MFAOptionType
+    , mfaOptionType
+    , motDeliveryMedium
+    , motAttributeName
+
+    -- * NumberAttributeConstraintsType
+    , NumberAttributeConstraintsType
+    , numberAttributeConstraintsType
+    , nactMaxValue
+    , nactMinValue
+
+    -- * PasswordPolicyType
+    , PasswordPolicyType
+    , passwordPolicyType
+    , pptRequireNumbers
+    , pptRequireUppercase
+    , pptRequireLowercase
+    , pptMinimumLength
+    , pptRequireSymbols
+
+    -- * SchemaAttributeType
+    , SchemaAttributeType
+    , schemaAttributeType
+    , satNumberAttributeConstraints
+    , satRequired
+    , satAttributeDataType
+    , satStringAttributeConstraints
+    , satName
+    , satDeveloperOnlyAttribute
+    , satMutable
+
+    -- * StringAttributeConstraintsType
+    , StringAttributeConstraintsType
+    , stringAttributeConstraintsType
+    , sactMaxLength
+    , sactMinLength
+
+    -- * UserPoolClientDescription
+    , UserPoolClientDescription
+    , userPoolClientDescription
+    , upcdClientId
+    , upcdUserPoolId
+    , upcdClientName
+
+    -- * UserPoolClientType
+    , UserPoolClientType
+    , userPoolClientType
+    , upctClientId
+    , upctClientSecret
+    , upctLastModifiedDate
+    , upctUserPoolId
+    , upctCreationDate
+    , upctClientName
+
+    -- * UserPoolDescriptionType
+    , UserPoolDescriptionType
+    , userPoolDescriptionType
+    , updtStatus
+    , updtLastModifiedDate
+    , updtName
+    , updtId
+    , updtCreationDate
+    , updtLambdaConfig
+
+    -- * UserPoolPolicyType
+    , UserPoolPolicyType
+    , userPoolPolicyType
+    , upptPasswordPolicy
+
+    -- * UserPoolType
+    , UserPoolType
+    , userPoolType
+    , uptStatus
+    , uptLastModifiedDate
+    , uptEstimatedNumberOfUsers
+    , uptEmailVerificationMessage
+    , uptSmsAuthenticationMessage
+    , uptSchemaAttributes
+    , uptEmailVerificationSubject
+    , uptAliasAttributes
+    , uptSmsVerificationMessage
+    , uptName
+    , uptMFAConfiguration
+    , uptId
+    , uptCreationDate
+    , uptLambdaConfig
+    , uptAutoVerifiedAttributes
+    , uptPolicies
+
+    -- * UserType
+    , UserType
+    , userType
+    , utEnabled
+    , utUserStatus
+    , utUsername
+    , utUserCreateDate
+    , utAttributes
+    , utUserLastModifiedDate
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.CognitoIdentityProvider.Types.Sum
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Sign.V4
+
+-- | API version '2016-04-18' of the Amazon Cognito Identity Provider SDK configuration.
+cognitoIdentityProvider :: Service
+cognitoIdentityProvider =
+    Service
+    { _svcAbbrev = "CognitoIdentityProvider"
+    , _svcSigner = v4
+    , _svcPrefix = "cognito-idp"
+    , _svcVersion = "2016-04-18"
+    , _svcEndpoint = defaultEndpoint cognitoIdentityProvider
+    , _svcTimeout = Just 70
+    , _svcCheck = statusSuccess
+    , _svcError = parseJSONError
+    , _svcRetry = retry
+    }
+  where
+    retry =
+        Exponential
+        { _retryBase = 5.0e-2
+        , _retryGrowth = 2
+        , _retryAttempts = 5
+        , _retryCheck = check
+        }
+    check e
+      | has (hasStatus 429) e = Just "too_many_requests"
+      | has (hasCode "ThrottlingException" . hasStatus 400) e =
+          Just "throttling_exception"
+      | has (hasCode "Throttling" . hasStatus 400) e = Just "throttling"
+      | has (hasStatus 504) e = Just "gateway_timeout"
+      | has (hasStatus 502) e = Just "bad_gateway"
+      | has (hasStatus 503) e = Just "service_unavailable"
+      | has (hasStatus 500) e = Just "general_server_error"
+      | has (hasStatus 509) e = Just "limit_exceeded"
+      | otherwise = Nothing
+
+-- | This exception is thrown when the Amazon Cognito service encounters an
+-- invalid parameter.
+_InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError
+_InvalidParameterException =
+    _ServiceError . hasCode "InvalidParameterException"
+
+-- | This exception is thrown when the Amazon Cognito service encounters an
+-- invalid AWS Lambda response.
+_InvalidLambdaResponseException :: AsError a => Getting (First ServiceError) a ServiceError
+_InvalidLambdaResponseException =
+    _ServiceError . hasCode "InvalidLambdaResponseException"
+
+-- | This exception gets thrown when the Amazon Cognito service encounters an
+-- unexpected exception with the AWS Lambda service.
+_UnexpectedLambdaException :: AsError a => Getting (First ServiceError) a ServiceError
+_UnexpectedLambdaException =
+    _ServiceError . hasCode "UnexpectedLambdaException"
+
+-- | This exception gets thrown when a user is not authorized.
+_NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError
+_NotAuthorizedException = _ServiceError . hasCode "NotAuthorizedException"
+
+-- | This exception is thrown when Amazon Cognito encounters an internal
+-- error.
+_InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError
+_InternalErrorException = _ServiceError . hasCode "InternalErrorException"
+
+-- | This exception is thrown if the provided code does not match what the
+-- server was expecting.
+_CodeMismatchException :: AsError a => Getting (First ServiceError) a ServiceError
+_CodeMismatchException = _ServiceError . hasCode "CodeMismatchException"
+
+-- | This exception gets thrown when the user has made too many requests for
+-- a given operation.
+_TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError
+_TooManyRequestsException = _ServiceError . hasCode "TooManyRequestsException"
+
+-- | This exception is thrown if two or more modifications are happening
+-- concurrently.
+_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError
+_ConcurrentModificationException =
+    _ServiceError . hasCode "ConcurrentModificationException"
+
+-- | This exception gets thrown when the Amazon Cognito service encounters a
+-- user validation exception with the AWS Lambda service.
+_UserLambdaValidationException :: AsError a => Getting (First ServiceError) a ServiceError
+_UserLambdaValidationException =
+    _ServiceError . hasCode "UserLambdaValidationException"
+
+-- | This exception is thrown if a code has expired.
+_ExpiredCodeException :: AsError a => Getting (First ServiceError) a ServiceError
+_ExpiredCodeException = _ServiceError . hasCode "ExpiredCodeException"
+
+-- | This exception gets thrown when the user has made too many failed
+-- attempts for a given action (e.g., sign in).
+_TooManyFailedAttemptsException :: AsError a => Getting (First ServiceError) a ServiceError
+_TooManyFailedAttemptsException =
+    _ServiceError . hasCode "TooManyFailedAttemptsException"
+
+-- | This exception is thrown when the Amazon Cognito service cannot find the
+-- requested resource.
+_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
+_ResourceNotFoundException =
+    _ServiceError . hasCode "ResourceNotFoundException"
+
+-- | This exception is thrown when a user tries to confirm the account with
+-- an email or phone number that has already been supplied as an alias from
+-- a different account. This exception tells user that an account with this
+-- email or phone already exists.
+_AliasExistsException :: AsError a => Getting (First ServiceError) a ServiceError
+_AliasExistsException = _ServiceError . hasCode "AliasExistsException"
+
+-- | This exception is thrown when a user exceeds the limit for a requested
+-- AWS resource.
+_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
+_LimitExceededException = _ServiceError . hasCode "LimitExceededException"
+
+-- | This exception is thrown when the Amazon Cognito service encounters an
+-- invalid password.
+_InvalidPasswordException :: AsError a => Getting (First ServiceError) a ServiceError
+_InvalidPasswordException = _ServiceError . hasCode "InvalidPasswordException"
+
+-- | This exception is thrown when Amazon Cognito encounters a user name that
+-- already exists in the user pool.
+_UsernameExistsException :: AsError a => Getting (First ServiceError) a ServiceError
+_UsernameExistsException = _ServiceError . hasCode "UsernameExistsException"
diff --git a/gen/Network/AWS/CognitoIdentityProvider/Types/Product.hs b/gen/Network/AWS/CognitoIdentityProvider/Types/Product.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/Types/Product.hs
@@ -0,0 +1,1049 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.Types.Product
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Network.AWS.CognitoIdentityProvider.Types.Product where
+
+import           Network.AWS.CognitoIdentityProvider.Types.Sum
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+
+-- | Specifies whether the attribute is standard or custom.
+--
+-- /See:/ 'attributeType' smart constructor.
+data AttributeType = AttributeType'
+    { _atValue :: !(Maybe (Sensitive Text))
+    , _atName  :: !Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'AttributeType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'atValue'
+--
+-- * 'atName'
+attributeType
+    :: Text -- ^ 'atName'
+    -> AttributeType
+attributeType pName_ =
+    AttributeType'
+    { _atValue = Nothing
+    , _atName = pName_
+    }
+
+-- | The value of the attribute.
+atValue :: Lens' AttributeType (Maybe Text)
+atValue = lens _atValue (\ s a -> s{_atValue = a}) . mapping _Sensitive;
+
+-- | The name of the attribute.
+atName :: Lens' AttributeType Text
+atName = lens _atName (\ s a -> s{_atName = a});
+
+instance FromJSON AttributeType where
+        parseJSON
+          = withObject "AttributeType"
+              (\ x ->
+                 AttributeType' <$> (x .:? "Value") <*> (x .: "Name"))
+
+instance Hashable AttributeType
+
+instance NFData AttributeType
+
+instance ToJSON AttributeType where
+        toJSON AttributeType'{..}
+          = object
+              (catMaybes
+                 [("Value" .=) <$> _atValue,
+                  Just ("Name" .= _atName)])
+
+-- | The type of code delivery details being returned from the server.
+--
+-- /See:/ 'codeDeliveryDetailsType' smart constructor.
+data CodeDeliveryDetailsType = CodeDeliveryDetailsType'
+    { _cddtDestination    :: !(Maybe Text)
+    , _cddtDeliveryMedium :: !(Maybe DeliveryMediumType)
+    , _cddtAttributeName  :: !(Maybe Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'CodeDeliveryDetailsType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'cddtDestination'
+--
+-- * 'cddtDeliveryMedium'
+--
+-- * 'cddtAttributeName'
+codeDeliveryDetailsType
+    :: CodeDeliveryDetailsType
+codeDeliveryDetailsType =
+    CodeDeliveryDetailsType'
+    { _cddtDestination = Nothing
+    , _cddtDeliveryMedium = Nothing
+    , _cddtAttributeName = Nothing
+    }
+
+-- | The destination for the code delivery details.
+cddtDestination :: Lens' CodeDeliveryDetailsType (Maybe Text)
+cddtDestination = lens _cddtDestination (\ s a -> s{_cddtDestination = a});
+
+-- | The delivery medium (email message or phone number).
+cddtDeliveryMedium :: Lens' CodeDeliveryDetailsType (Maybe DeliveryMediumType)
+cddtDeliveryMedium = lens _cddtDeliveryMedium (\ s a -> s{_cddtDeliveryMedium = a});
+
+-- | The name of the attribute in the code delivery details type.
+cddtAttributeName :: Lens' CodeDeliveryDetailsType (Maybe Text)
+cddtAttributeName = lens _cddtAttributeName (\ s a -> s{_cddtAttributeName = a});
+
+instance FromJSON CodeDeliveryDetailsType where
+        parseJSON
+          = withObject "CodeDeliveryDetailsType"
+              (\ x ->
+                 CodeDeliveryDetailsType' <$>
+                   (x .:? "Destination") <*> (x .:? "DeliveryMedium")
+                     <*> (x .:? "AttributeName"))
+
+instance Hashable CodeDeliveryDetailsType
+
+instance NFData CodeDeliveryDetailsType
+
+-- | Specifies the type of configuration for AWS Lambda triggers.
+--
+-- /See:/ 'lambdaConfigType' smart constructor.
+data LambdaConfigType = LambdaConfigType'
+    { _lctPreAuthentication  :: !(Maybe Text)
+    , _lctPostAuthentication :: !(Maybe Text)
+    , _lctCustomMessage      :: !(Maybe Text)
+    , _lctPostConfirmation   :: !(Maybe Text)
+    , _lctPreSignUp          :: !(Maybe Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'LambdaConfigType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'lctPreAuthentication'
+--
+-- * 'lctPostAuthentication'
+--
+-- * 'lctCustomMessage'
+--
+-- * 'lctPostConfirmation'
+--
+-- * 'lctPreSignUp'
+lambdaConfigType
+    :: LambdaConfigType
+lambdaConfigType =
+    LambdaConfigType'
+    { _lctPreAuthentication = Nothing
+    , _lctPostAuthentication = Nothing
+    , _lctCustomMessage = Nothing
+    , _lctPostConfirmation = Nothing
+    , _lctPreSignUp = Nothing
+    }
+
+-- | A pre-authentication AWS Lambda trigger.
+lctPreAuthentication :: Lens' LambdaConfigType (Maybe Text)
+lctPreAuthentication = lens _lctPreAuthentication (\ s a -> s{_lctPreAuthentication = a});
+
+-- | A post-authentication AWS Lambda trigger.
+lctPostAuthentication :: Lens' LambdaConfigType (Maybe Text)
+lctPostAuthentication = lens _lctPostAuthentication (\ s a -> s{_lctPostAuthentication = a});
+
+-- | A custom Message AWS Lambda trigger.
+lctCustomMessage :: Lens' LambdaConfigType (Maybe Text)
+lctCustomMessage = lens _lctCustomMessage (\ s a -> s{_lctCustomMessage = a});
+
+-- | A post-confirmation AWS Lambda trigger.
+lctPostConfirmation :: Lens' LambdaConfigType (Maybe Text)
+lctPostConfirmation = lens _lctPostConfirmation (\ s a -> s{_lctPostConfirmation = a});
+
+-- | A pre-registration AWS Lambda trigger.
+lctPreSignUp :: Lens' LambdaConfigType (Maybe Text)
+lctPreSignUp = lens _lctPreSignUp (\ s a -> s{_lctPreSignUp = a});
+
+instance FromJSON LambdaConfigType where
+        parseJSON
+          = withObject "LambdaConfigType"
+              (\ x ->
+                 LambdaConfigType' <$>
+                   (x .:? "PreAuthentication") <*>
+                     (x .:? "PostAuthentication")
+                     <*> (x .:? "CustomMessage")
+                     <*> (x .:? "PostConfirmation")
+                     <*> (x .:? "PreSignUp"))
+
+instance Hashable LambdaConfigType
+
+instance NFData LambdaConfigType
+
+instance ToJSON LambdaConfigType where
+        toJSON LambdaConfigType'{..}
+          = object
+              (catMaybes
+                 [("PreAuthentication" .=) <$> _lctPreAuthentication,
+                  ("PostAuthentication" .=) <$> _lctPostAuthentication,
+                  ("CustomMessage" .=) <$> _lctCustomMessage,
+                  ("PostConfirmation" .=) <$> _lctPostConfirmation,
+                  ("PreSignUp" .=) <$> _lctPreSignUp])
+
+-- | Specifies the different settings for multi-factor authentication (MFA).
+--
+-- /See:/ 'mfaOptionType' smart constructor.
+data MFAOptionType = MFAOptionType'
+    { _motDeliveryMedium :: !(Maybe DeliveryMediumType)
+    , _motAttributeName  :: !(Maybe Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'MFAOptionType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'motDeliveryMedium'
+--
+-- * 'motAttributeName'
+mfaOptionType
+    :: MFAOptionType
+mfaOptionType =
+    MFAOptionType'
+    { _motDeliveryMedium = Nothing
+    , _motAttributeName = Nothing
+    }
+
+-- | The delivery medium (email message or SMS message) to send the MFA code.
+motDeliveryMedium :: Lens' MFAOptionType (Maybe DeliveryMediumType)
+motDeliveryMedium = lens _motDeliveryMedium (\ s a -> s{_motDeliveryMedium = a});
+
+-- | The attribute name of the MFA option type.
+motAttributeName :: Lens' MFAOptionType (Maybe Text)
+motAttributeName = lens _motAttributeName (\ s a -> s{_motAttributeName = a});
+
+instance FromJSON MFAOptionType where
+        parseJSON
+          = withObject "MFAOptionType"
+              (\ x ->
+                 MFAOptionType' <$>
+                   (x .:? "DeliveryMedium") <*> (x .:? "AttributeName"))
+
+instance Hashable MFAOptionType
+
+instance NFData MFAOptionType
+
+instance ToJSON MFAOptionType where
+        toJSON MFAOptionType'{..}
+          = object
+              (catMaybes
+                 [("DeliveryMedium" .=) <$> _motDeliveryMedium,
+                  ("AttributeName" .=) <$> _motAttributeName])
+
+-- | The minimum and maximum value of an attribute that is of the number data
+-- type.
+--
+-- /See:/ 'numberAttributeConstraintsType' smart constructor.
+data NumberAttributeConstraintsType = NumberAttributeConstraintsType'
+    { _nactMaxValue :: !(Maybe Text)
+    , _nactMinValue :: !(Maybe Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'NumberAttributeConstraintsType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'nactMaxValue'
+--
+-- * 'nactMinValue'
+numberAttributeConstraintsType
+    :: NumberAttributeConstraintsType
+numberAttributeConstraintsType =
+    NumberAttributeConstraintsType'
+    { _nactMaxValue = Nothing
+    , _nactMinValue = Nothing
+    }
+
+-- | The maximum value of an attribute that is of the number data type.
+nactMaxValue :: Lens' NumberAttributeConstraintsType (Maybe Text)
+nactMaxValue = lens _nactMaxValue (\ s a -> s{_nactMaxValue = a});
+
+-- | The minimum value of an attribute that is of the number data type.
+nactMinValue :: Lens' NumberAttributeConstraintsType (Maybe Text)
+nactMinValue = lens _nactMinValue (\ s a -> s{_nactMinValue = a});
+
+instance FromJSON NumberAttributeConstraintsType
+         where
+        parseJSON
+          = withObject "NumberAttributeConstraintsType"
+              (\ x ->
+                 NumberAttributeConstraintsType' <$>
+                   (x .:? "MaxValue") <*> (x .:? "MinValue"))
+
+instance Hashable NumberAttributeConstraintsType
+
+instance NFData NumberAttributeConstraintsType
+
+instance ToJSON NumberAttributeConstraintsType where
+        toJSON NumberAttributeConstraintsType'{..}
+          = object
+              (catMaybes
+                 [("MaxValue" .=) <$> _nactMaxValue,
+                  ("MinValue" .=) <$> _nactMinValue])
+
+-- | The password policy type.
+--
+-- /See:/ 'passwordPolicyType' smart constructor.
+data PasswordPolicyType = PasswordPolicyType'
+    { _pptRequireNumbers   :: !(Maybe Bool)
+    , _pptRequireUppercase :: !(Maybe Bool)
+    , _pptRequireLowercase :: !(Maybe Bool)
+    , _pptMinimumLength    :: !(Maybe Nat)
+    , _pptRequireSymbols   :: !(Maybe Bool)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'PasswordPolicyType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pptRequireNumbers'
+--
+-- * 'pptRequireUppercase'
+--
+-- * 'pptRequireLowercase'
+--
+-- * 'pptMinimumLength'
+--
+-- * 'pptRequireSymbols'
+passwordPolicyType
+    :: PasswordPolicyType
+passwordPolicyType =
+    PasswordPolicyType'
+    { _pptRequireNumbers = Nothing
+    , _pptRequireUppercase = Nothing
+    , _pptRequireLowercase = Nothing
+    , _pptMinimumLength = Nothing
+    , _pptRequireSymbols = Nothing
+    }
+
+-- | In the password policy that you have set, refers to whether you have
+-- required users to use at least one number in their password.
+pptRequireNumbers :: Lens' PasswordPolicyType (Maybe Bool)
+pptRequireNumbers = lens _pptRequireNumbers (\ s a -> s{_pptRequireNumbers = a});
+
+-- | In the password policy that you have set, refers to whether you have
+-- required users to use at least one uppercase letter in their password.
+pptRequireUppercase :: Lens' PasswordPolicyType (Maybe Bool)
+pptRequireUppercase = lens _pptRequireUppercase (\ s a -> s{_pptRequireUppercase = a});
+
+-- | In the password policy that you have set, refers to whether you have
+-- required users to use at least one lowercase letter in their password.
+pptRequireLowercase :: Lens' PasswordPolicyType (Maybe Bool)
+pptRequireLowercase = lens _pptRequireLowercase (\ s a -> s{_pptRequireLowercase = a});
+
+-- | The minimum length of the password policy that you have set. Cannot be
+-- less than 6.
+pptMinimumLength :: Lens' PasswordPolicyType (Maybe Natural)
+pptMinimumLength = lens _pptMinimumLength (\ s a -> s{_pptMinimumLength = a}) . mapping _Nat;
+
+-- | In the password policy that you have set, refers to whether you have
+-- required users to use at least one symbol in their password.
+pptRequireSymbols :: Lens' PasswordPolicyType (Maybe Bool)
+pptRequireSymbols = lens _pptRequireSymbols (\ s a -> s{_pptRequireSymbols = a});
+
+instance FromJSON PasswordPolicyType where
+        parseJSON
+          = withObject "PasswordPolicyType"
+              (\ x ->
+                 PasswordPolicyType' <$>
+                   (x .:? "RequireNumbers") <*>
+                     (x .:? "RequireUppercase")
+                     <*> (x .:? "RequireLowercase")
+                     <*> (x .:? "MinimumLength")
+                     <*> (x .:? "RequireSymbols"))
+
+instance Hashable PasswordPolicyType
+
+instance NFData PasswordPolicyType
+
+instance ToJSON PasswordPolicyType where
+        toJSON PasswordPolicyType'{..}
+          = object
+              (catMaybes
+                 [("RequireNumbers" .=) <$> _pptRequireNumbers,
+                  ("RequireUppercase" .=) <$> _pptRequireUppercase,
+                  ("RequireLowercase" .=) <$> _pptRequireLowercase,
+                  ("MinimumLength" .=) <$> _pptMinimumLength,
+                  ("RequireSymbols" .=) <$> _pptRequireSymbols])
+
+-- | Contains information about the schema attribute.
+--
+-- /See:/ 'schemaAttributeType' smart constructor.
+data SchemaAttributeType = SchemaAttributeType'
+    { _satNumberAttributeConstraints :: !(Maybe NumberAttributeConstraintsType)
+    , _satRequired                   :: !(Maybe Bool)
+    , _satAttributeDataType          :: !(Maybe AttributeDataType)
+    , _satStringAttributeConstraints :: !(Maybe StringAttributeConstraintsType)
+    , _satName                       :: !(Maybe Text)
+    , _satDeveloperOnlyAttribute     :: !(Maybe Bool)
+    , _satMutable                    :: !(Maybe Bool)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'SchemaAttributeType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'satNumberAttributeConstraints'
+--
+-- * 'satRequired'
+--
+-- * 'satAttributeDataType'
+--
+-- * 'satStringAttributeConstraints'
+--
+-- * 'satName'
+--
+-- * 'satDeveloperOnlyAttribute'
+--
+-- * 'satMutable'
+schemaAttributeType
+    :: SchemaAttributeType
+schemaAttributeType =
+    SchemaAttributeType'
+    { _satNumberAttributeConstraints = Nothing
+    , _satRequired = Nothing
+    , _satAttributeDataType = Nothing
+    , _satStringAttributeConstraints = Nothing
+    , _satName = Nothing
+    , _satDeveloperOnlyAttribute = Nothing
+    , _satMutable = Nothing
+    }
+
+-- | Specifies the constraints for an attribute of the number type.
+satNumberAttributeConstraints :: Lens' SchemaAttributeType (Maybe NumberAttributeConstraintsType)
+satNumberAttributeConstraints = lens _satNumberAttributeConstraints (\ s a -> s{_satNumberAttributeConstraints = a});
+
+-- | Specifies whether a user pool attribute is required. If the attribute is
+-- required and the user does not provide a value, registration or sign-in
+-- will fail.
+satRequired :: Lens' SchemaAttributeType (Maybe Bool)
+satRequired = lens _satRequired (\ s a -> s{_satRequired = a});
+
+-- | The attribute data type.
+satAttributeDataType :: Lens' SchemaAttributeType (Maybe AttributeDataType)
+satAttributeDataType = lens _satAttributeDataType (\ s a -> s{_satAttributeDataType = a});
+
+-- | Specifies the constraints for an attribute of the string type.
+satStringAttributeConstraints :: Lens' SchemaAttributeType (Maybe StringAttributeConstraintsType)
+satStringAttributeConstraints = lens _satStringAttributeConstraints (\ s a -> s{_satStringAttributeConstraints = a});
+
+-- | A schema attribute of the name type.
+satName :: Lens' SchemaAttributeType (Maybe Text)
+satName = lens _satName (\ s a -> s{_satName = a});
+
+-- | Specifies whether the attribute type is developer only.
+satDeveloperOnlyAttribute :: Lens' SchemaAttributeType (Maybe Bool)
+satDeveloperOnlyAttribute = lens _satDeveloperOnlyAttribute (\ s a -> s{_satDeveloperOnlyAttribute = a});
+
+-- | Specifies whether the attribute can be changed once it has been created.
+satMutable :: Lens' SchemaAttributeType (Maybe Bool)
+satMutable = lens _satMutable (\ s a -> s{_satMutable = a});
+
+instance FromJSON SchemaAttributeType where
+        parseJSON
+          = withObject "SchemaAttributeType"
+              (\ x ->
+                 SchemaAttributeType' <$>
+                   (x .:? "NumberAttributeConstraints") <*>
+                     (x .:? "Required")
+                     <*> (x .:? "AttributeDataType")
+                     <*> (x .:? "StringAttributeConstraints")
+                     <*> (x .:? "Name")
+                     <*> (x .:? "DeveloperOnlyAttribute")
+                     <*> (x .:? "Mutable"))
+
+instance Hashable SchemaAttributeType
+
+instance NFData SchemaAttributeType
+
+instance ToJSON SchemaAttributeType where
+        toJSON SchemaAttributeType'{..}
+          = object
+              (catMaybes
+                 [("NumberAttributeConstraints" .=) <$>
+                    _satNumberAttributeConstraints,
+                  ("Required" .=) <$> _satRequired,
+                  ("AttributeDataType" .=) <$> _satAttributeDataType,
+                  ("StringAttributeConstraints" .=) <$>
+                    _satStringAttributeConstraints,
+                  ("Name" .=) <$> _satName,
+                  ("DeveloperOnlyAttribute" .=) <$>
+                    _satDeveloperOnlyAttribute,
+                  ("Mutable" .=) <$> _satMutable])
+
+-- | The type of constraints associated with an attribute of the string type.
+--
+-- /See:/ 'stringAttributeConstraintsType' smart constructor.
+data StringAttributeConstraintsType = StringAttributeConstraintsType'
+    { _sactMaxLength :: !(Maybe Text)
+    , _sactMinLength :: !(Maybe Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'StringAttributeConstraintsType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'sactMaxLength'
+--
+-- * 'sactMinLength'
+stringAttributeConstraintsType
+    :: StringAttributeConstraintsType
+stringAttributeConstraintsType =
+    StringAttributeConstraintsType'
+    { _sactMaxLength = Nothing
+    , _sactMinLength = Nothing
+    }
+
+-- | The maximum length of an attribute value of the string type.
+sactMaxLength :: Lens' StringAttributeConstraintsType (Maybe Text)
+sactMaxLength = lens _sactMaxLength (\ s a -> s{_sactMaxLength = a});
+
+-- | The minimum length of an attribute value of the string type.
+sactMinLength :: Lens' StringAttributeConstraintsType (Maybe Text)
+sactMinLength = lens _sactMinLength (\ s a -> s{_sactMinLength = a});
+
+instance FromJSON StringAttributeConstraintsType
+         where
+        parseJSON
+          = withObject "StringAttributeConstraintsType"
+              (\ x ->
+                 StringAttributeConstraintsType' <$>
+                   (x .:? "MaxLength") <*> (x .:? "MinLength"))
+
+instance Hashable StringAttributeConstraintsType
+
+instance NFData StringAttributeConstraintsType
+
+instance ToJSON StringAttributeConstraintsType where
+        toJSON StringAttributeConstraintsType'{..}
+          = object
+              (catMaybes
+                 [("MaxLength" .=) <$> _sactMaxLength,
+                  ("MinLength" .=) <$> _sactMinLength])
+
+-- | The description of the user poool client.
+--
+-- /See:/ 'userPoolClientDescription' smart constructor.
+data UserPoolClientDescription = UserPoolClientDescription'
+    { _upcdClientId   :: !(Maybe (Sensitive Text))
+    , _upcdUserPoolId :: !(Maybe Text)
+    , _upcdClientName :: !(Maybe Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UserPoolClientDescription' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'upcdClientId'
+--
+-- * 'upcdUserPoolId'
+--
+-- * 'upcdClientName'
+userPoolClientDescription
+    :: UserPoolClientDescription
+userPoolClientDescription =
+    UserPoolClientDescription'
+    { _upcdClientId = Nothing
+    , _upcdUserPoolId = Nothing
+    , _upcdClientName = Nothing
+    }
+
+-- | The ID of the client associated with the user pool.
+upcdClientId :: Lens' UserPoolClientDescription (Maybe Text)
+upcdClientId = lens _upcdClientId (\ s a -> s{_upcdClientId = a}) . mapping _Sensitive;
+
+-- | The user pool ID for the user pool where you want to describe the user
+-- pool client.
+upcdUserPoolId :: Lens' UserPoolClientDescription (Maybe Text)
+upcdUserPoolId = lens _upcdUserPoolId (\ s a -> s{_upcdUserPoolId = a});
+
+-- | The client name from the user pool client description.
+upcdClientName :: Lens' UserPoolClientDescription (Maybe Text)
+upcdClientName = lens _upcdClientName (\ s a -> s{_upcdClientName = a});
+
+instance FromJSON UserPoolClientDescription where
+        parseJSON
+          = withObject "UserPoolClientDescription"
+              (\ x ->
+                 UserPoolClientDescription' <$>
+                   (x .:? "ClientId") <*> (x .:? "UserPoolId") <*>
+                     (x .:? "ClientName"))
+
+instance Hashable UserPoolClientDescription
+
+instance NFData UserPoolClientDescription
+
+-- | A user pool of the client type.
+--
+-- /See:/ 'userPoolClientType' smart constructor.
+data UserPoolClientType = UserPoolClientType'
+    { _upctClientId         :: !(Maybe (Sensitive Text))
+    , _upctClientSecret     :: !(Maybe (Sensitive Text))
+    , _upctLastModifiedDate :: !(Maybe POSIX)
+    , _upctUserPoolId       :: !(Maybe Text)
+    , _upctCreationDate     :: !(Maybe POSIX)
+    , _upctClientName       :: !(Maybe Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UserPoolClientType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'upctClientId'
+--
+-- * 'upctClientSecret'
+--
+-- * 'upctLastModifiedDate'
+--
+-- * 'upctUserPoolId'
+--
+-- * 'upctCreationDate'
+--
+-- * 'upctClientName'
+userPoolClientType
+    :: UserPoolClientType
+userPoolClientType =
+    UserPoolClientType'
+    { _upctClientId = Nothing
+    , _upctClientSecret = Nothing
+    , _upctLastModifiedDate = Nothing
+    , _upctUserPoolId = Nothing
+    , _upctCreationDate = Nothing
+    , _upctClientName = Nothing
+    }
+
+-- | The ID of the client associated with the user pool.
+upctClientId :: Lens' UserPoolClientType (Maybe Text)
+upctClientId = lens _upctClientId (\ s a -> s{_upctClientId = a}) . mapping _Sensitive;
+
+-- | The client secret from the user pool request of the client type.
+upctClientSecret :: Lens' UserPoolClientType (Maybe Text)
+upctClientSecret = lens _upctClientSecret (\ s a -> s{_upctClientSecret = a}) . mapping _Sensitive;
+
+-- | The last modified date from the user pool request of the client type.
+upctLastModifiedDate :: Lens' UserPoolClientType (Maybe UTCTime)
+upctLastModifiedDate = lens _upctLastModifiedDate (\ s a -> s{_upctLastModifiedDate = a}) . mapping _Time;
+
+-- | The user pool ID for the user pool client.
+upctUserPoolId :: Lens' UserPoolClientType (Maybe Text)
+upctUserPoolId = lens _upctUserPoolId (\ s a -> s{_upctUserPoolId = a});
+
+-- | The creation date from the user pool request of the client type.
+upctCreationDate :: Lens' UserPoolClientType (Maybe UTCTime)
+upctCreationDate = lens _upctCreationDate (\ s a -> s{_upctCreationDate = a}) . mapping _Time;
+
+-- | The client name from the user pool request of the client type.
+upctClientName :: Lens' UserPoolClientType (Maybe Text)
+upctClientName = lens _upctClientName (\ s a -> s{_upctClientName = a});
+
+instance FromJSON UserPoolClientType where
+        parseJSON
+          = withObject "UserPoolClientType"
+              (\ x ->
+                 UserPoolClientType' <$>
+                   (x .:? "ClientId") <*> (x .:? "ClientSecret") <*>
+                     (x .:? "LastModifiedDate")
+                     <*> (x .:? "UserPoolId")
+                     <*> (x .:? "CreationDate")
+                     <*> (x .:? "ClientName"))
+
+instance Hashable UserPoolClientType
+
+instance NFData UserPoolClientType
+
+-- | A user pool description.
+--
+-- /See:/ 'userPoolDescriptionType' smart constructor.
+data UserPoolDescriptionType = UserPoolDescriptionType'
+    { _updtStatus           :: !(Maybe StatusType)
+    , _updtLastModifiedDate :: !(Maybe POSIX)
+    , _updtName             :: !(Maybe Text)
+    , _updtId               :: !(Maybe Text)
+    , _updtCreationDate     :: !(Maybe POSIX)
+    , _updtLambdaConfig     :: !(Maybe LambdaConfigType)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UserPoolDescriptionType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'updtStatus'
+--
+-- * 'updtLastModifiedDate'
+--
+-- * 'updtName'
+--
+-- * 'updtId'
+--
+-- * 'updtCreationDate'
+--
+-- * 'updtLambdaConfig'
+userPoolDescriptionType
+    :: UserPoolDescriptionType
+userPoolDescriptionType =
+    UserPoolDescriptionType'
+    { _updtStatus = Nothing
+    , _updtLastModifiedDate = Nothing
+    , _updtName = Nothing
+    , _updtId = Nothing
+    , _updtCreationDate = Nothing
+    , _updtLambdaConfig = Nothing
+    }
+
+-- | The user pool status in a user pool description.
+updtStatus :: Lens' UserPoolDescriptionType (Maybe StatusType)
+updtStatus = lens _updtStatus (\ s a -> s{_updtStatus = a});
+
+-- | The last modified date in a user pool description.
+updtLastModifiedDate :: Lens' UserPoolDescriptionType (Maybe UTCTime)
+updtLastModifiedDate = lens _updtLastModifiedDate (\ s a -> s{_updtLastModifiedDate = a}) . mapping _Time;
+
+-- | The name in a user pool description.
+updtName :: Lens' UserPoolDescriptionType (Maybe Text)
+updtName = lens _updtName (\ s a -> s{_updtName = a});
+
+-- | The ID in a user pool description.
+updtId :: Lens' UserPoolDescriptionType (Maybe Text)
+updtId = lens _updtId (\ s a -> s{_updtId = a});
+
+-- | The creation date in a user pool description.
+updtCreationDate :: Lens' UserPoolDescriptionType (Maybe UTCTime)
+updtCreationDate = lens _updtCreationDate (\ s a -> s{_updtCreationDate = a}) . mapping _Time;
+
+-- | The AWS Lambda configuration information in a user pool description.
+updtLambdaConfig :: Lens' UserPoolDescriptionType (Maybe LambdaConfigType)
+updtLambdaConfig = lens _updtLambdaConfig (\ s a -> s{_updtLambdaConfig = a});
+
+instance FromJSON UserPoolDescriptionType where
+        parseJSON
+          = withObject "UserPoolDescriptionType"
+              (\ x ->
+                 UserPoolDescriptionType' <$>
+                   (x .:? "Status") <*> (x .:? "LastModifiedDate") <*>
+                     (x .:? "Name")
+                     <*> (x .:? "Id")
+                     <*> (x .:? "CreationDate")
+                     <*> (x .:? "LambdaConfig"))
+
+instance Hashable UserPoolDescriptionType
+
+instance NFData UserPoolDescriptionType
+
+-- | The type of policy in a user pool.
+--
+-- /See:/ 'userPoolPolicyType' smart constructor.
+newtype UserPoolPolicyType = UserPoolPolicyType'
+    { _upptPasswordPolicy :: Maybe PasswordPolicyType
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UserPoolPolicyType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'upptPasswordPolicy'
+userPoolPolicyType
+    :: UserPoolPolicyType
+userPoolPolicyType =
+    UserPoolPolicyType'
+    { _upptPasswordPolicy = Nothing
+    }
+
+-- | A container with information about the user pool password policy.
+upptPasswordPolicy :: Lens' UserPoolPolicyType (Maybe PasswordPolicyType)
+upptPasswordPolicy = lens _upptPasswordPolicy (\ s a -> s{_upptPasswordPolicy = a});
+
+instance FromJSON UserPoolPolicyType where
+        parseJSON
+          = withObject "UserPoolPolicyType"
+              (\ x ->
+                 UserPoolPolicyType' <$> (x .:? "PasswordPolicy"))
+
+instance Hashable UserPoolPolicyType
+
+instance NFData UserPoolPolicyType
+
+instance ToJSON UserPoolPolicyType where
+        toJSON UserPoolPolicyType'{..}
+          = object
+              (catMaybes
+                 [("PasswordPolicy" .=) <$> _upptPasswordPolicy])
+
+-- | A container with information about the user pool type.
+--
+-- /See:/ 'userPoolType' smart constructor.
+data UserPoolType = UserPoolType'
+    { _uptStatus                   :: !(Maybe StatusType)
+    , _uptLastModifiedDate         :: !(Maybe POSIX)
+    , _uptEstimatedNumberOfUsers   :: !(Maybe Int)
+    , _uptEmailVerificationMessage :: !(Maybe Text)
+    , _uptSmsAuthenticationMessage :: !(Maybe Text)
+    , _uptSchemaAttributes         :: !(Maybe (List1 SchemaAttributeType))
+    , _uptEmailVerificationSubject :: !(Maybe Text)
+    , _uptAliasAttributes          :: !(Maybe [AliasAttributeType])
+    , _uptSmsVerificationMessage   :: !(Maybe Text)
+    , _uptName                     :: !(Maybe Text)
+    , _uptMFAConfiguration         :: !(Maybe UserPoolMFAType)
+    , _uptId                       :: !(Maybe Text)
+    , _uptCreationDate             :: !(Maybe POSIX)
+    , _uptLambdaConfig             :: !(Maybe LambdaConfigType)
+    , _uptAutoVerifiedAttributes   :: !(Maybe [VerifiedAttributeType])
+    , _uptPolicies                 :: !(Maybe UserPoolPolicyType)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UserPoolType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'uptStatus'
+--
+-- * 'uptLastModifiedDate'
+--
+-- * 'uptEstimatedNumberOfUsers'
+--
+-- * 'uptEmailVerificationMessage'
+--
+-- * 'uptSmsAuthenticationMessage'
+--
+-- * 'uptSchemaAttributes'
+--
+-- * 'uptEmailVerificationSubject'
+--
+-- * 'uptAliasAttributes'
+--
+-- * 'uptSmsVerificationMessage'
+--
+-- * 'uptName'
+--
+-- * 'uptMFAConfiguration'
+--
+-- * 'uptId'
+--
+-- * 'uptCreationDate'
+--
+-- * 'uptLambdaConfig'
+--
+-- * 'uptAutoVerifiedAttributes'
+--
+-- * 'uptPolicies'
+userPoolType
+    :: UserPoolType
+userPoolType =
+    UserPoolType'
+    { _uptStatus = Nothing
+    , _uptLastModifiedDate = Nothing
+    , _uptEstimatedNumberOfUsers = Nothing
+    , _uptEmailVerificationMessage = Nothing
+    , _uptSmsAuthenticationMessage = Nothing
+    , _uptSchemaAttributes = Nothing
+    , _uptEmailVerificationSubject = Nothing
+    , _uptAliasAttributes = Nothing
+    , _uptSmsVerificationMessage = Nothing
+    , _uptName = Nothing
+    , _uptMFAConfiguration = Nothing
+    , _uptId = Nothing
+    , _uptCreationDate = Nothing
+    , _uptLambdaConfig = Nothing
+    , _uptAutoVerifiedAttributes = Nothing
+    , _uptPolicies = Nothing
+    }
+
+-- | The status of a user pool.
+uptStatus :: Lens' UserPoolType (Maybe StatusType)
+uptStatus = lens _uptStatus (\ s a -> s{_uptStatus = a});
+
+-- | The last modified date of a user pool.
+uptLastModifiedDate :: Lens' UserPoolType (Maybe UTCTime)
+uptLastModifiedDate = lens _uptLastModifiedDate (\ s a -> s{_uptLastModifiedDate = a}) . mapping _Time;
+
+-- | A number estimating the size of the user pool.
+uptEstimatedNumberOfUsers :: Lens' UserPoolType (Maybe Int)
+uptEstimatedNumberOfUsers = lens _uptEstimatedNumberOfUsers (\ s a -> s{_uptEstimatedNumberOfUsers = a});
+
+-- | The contents of the email verification message.
+uptEmailVerificationMessage :: Lens' UserPoolType (Maybe Text)
+uptEmailVerificationMessage = lens _uptEmailVerificationMessage (\ s a -> s{_uptEmailVerificationMessage = a});
+
+-- | The contents of the SMS authentication message.
+uptSmsAuthenticationMessage :: Lens' UserPoolType (Maybe Text)
+uptSmsAuthenticationMessage = lens _uptSmsAuthenticationMessage (\ s a -> s{_uptSmsAuthenticationMessage = a});
+
+-- | A container with the schema attributes of a user pool.
+uptSchemaAttributes :: Lens' UserPoolType (Maybe (NonEmpty SchemaAttributeType))
+uptSchemaAttributes = lens _uptSchemaAttributes (\ s a -> s{_uptSchemaAttributes = a}) . mapping _List1;
+
+-- | The subject of the email verification message.
+uptEmailVerificationSubject :: Lens' UserPoolType (Maybe Text)
+uptEmailVerificationSubject = lens _uptEmailVerificationSubject (\ s a -> s{_uptEmailVerificationSubject = a});
+
+-- | Specifies the attributes that are aliased in a user pool.
+uptAliasAttributes :: Lens' UserPoolType [AliasAttributeType]
+uptAliasAttributes = lens _uptAliasAttributes (\ s a -> s{_uptAliasAttributes = a}) . _Default . _Coerce;
+
+-- | The contents of the SMS verification message.
+uptSmsVerificationMessage :: Lens' UserPoolType (Maybe Text)
+uptSmsVerificationMessage = lens _uptSmsVerificationMessage (\ s a -> s{_uptSmsVerificationMessage = a});
+
+-- | The name of the user pool.
+uptName :: Lens' UserPoolType (Maybe Text)
+uptName = lens _uptName (\ s a -> s{_uptName = a});
+
+-- | Can be one of the following values:
+--
+-- -   'OFF' - MFA tokens are not required and cannot be specified during
+--     user registration.
+-- -   'ON' - MFA tokens are required for all user registrations. You can
+--     only specify required when you are initially creating a user pool.
+-- -   'OPTIONAL' - Users have the option when registering to create an MFA
+--     token.
+uptMFAConfiguration :: Lens' UserPoolType (Maybe UserPoolMFAType)
+uptMFAConfiguration = lens _uptMFAConfiguration (\ s a -> s{_uptMFAConfiguration = a});
+
+-- | The ID of the user pool.
+uptId :: Lens' UserPoolType (Maybe Text)
+uptId = lens _uptId (\ s a -> s{_uptId = a});
+
+-- | The creation date of a user pool.
+uptCreationDate :: Lens' UserPoolType (Maybe UTCTime)
+uptCreationDate = lens _uptCreationDate (\ s a -> s{_uptCreationDate = a}) . mapping _Time;
+
+-- | A container describing the AWS Lambda triggers associated with a user
+-- pool.
+uptLambdaConfig :: Lens' UserPoolType (Maybe LambdaConfigType)
+uptLambdaConfig = lens _uptLambdaConfig (\ s a -> s{_uptLambdaConfig = a});
+
+-- | Specifies the attributes that are auto-verified in a user pool.
+uptAutoVerifiedAttributes :: Lens' UserPoolType [VerifiedAttributeType]
+uptAutoVerifiedAttributes = lens _uptAutoVerifiedAttributes (\ s a -> s{_uptAutoVerifiedAttributes = a}) . _Default . _Coerce;
+
+-- | A container describing the policies associated with a user pool.
+uptPolicies :: Lens' UserPoolType (Maybe UserPoolPolicyType)
+uptPolicies = lens _uptPolicies (\ s a -> s{_uptPolicies = a});
+
+instance FromJSON UserPoolType where
+        parseJSON
+          = withObject "UserPoolType"
+              (\ x ->
+                 UserPoolType' <$>
+                   (x .:? "Status") <*> (x .:? "LastModifiedDate") <*>
+                     (x .:? "EstimatedNumberOfUsers")
+                     <*> (x .:? "EmailVerificationMessage")
+                     <*> (x .:? "SmsAuthenticationMessage")
+                     <*> (x .:? "SchemaAttributes")
+                     <*> (x .:? "EmailVerificationSubject")
+                     <*> (x .:? "AliasAttributes" .!= mempty)
+                     <*> (x .:? "SmsVerificationMessage")
+                     <*> (x .:? "Name")
+                     <*> (x .:? "MfaConfiguration")
+                     <*> (x .:? "Id")
+                     <*> (x .:? "CreationDate")
+                     <*> (x .:? "LambdaConfig")
+                     <*> (x .:? "AutoVerifiedAttributes" .!= mempty)
+                     <*> (x .:? "Policies"))
+
+instance Hashable UserPoolType
+
+instance NFData UserPoolType
+
+-- | The user type.
+--
+-- /See:/ 'userType' smart constructor.
+data UserType = UserType'
+    { _utEnabled              :: !(Maybe Bool)
+    , _utUserStatus           :: !(Maybe UserStatusType)
+    , _utUsername             :: !(Maybe (Sensitive Text))
+    , _utUserCreateDate       :: !(Maybe POSIX)
+    , _utAttributes           :: !(Maybe [AttributeType])
+    , _utUserLastModifiedDate :: !(Maybe POSIX)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UserType' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'utEnabled'
+--
+-- * 'utUserStatus'
+--
+-- * 'utUsername'
+--
+-- * 'utUserCreateDate'
+--
+-- * 'utAttributes'
+--
+-- * 'utUserLastModifiedDate'
+userType
+    :: UserType
+userType =
+    UserType'
+    { _utEnabled = Nothing
+    , _utUserStatus = Nothing
+    , _utUsername = Nothing
+    , _utUserCreateDate = Nothing
+    , _utAttributes = Nothing
+    , _utUserLastModifiedDate = Nothing
+    }
+
+-- | Specifies whether the user is enabled.
+utEnabled :: Lens' UserType (Maybe Bool)
+utEnabled = lens _utEnabled (\ s a -> s{_utEnabled = a});
+
+-- | The user status. Can be one of the following:
+--
+-- -   UNCONFIRMED - User has been created but not confirmed.
+-- -   CONFIRMED - User has been confirmed.
+-- -   ARCHIVED - User is no longer active.
+-- -   COMPROMISED - User is disabled due to a potential security threat.
+-- -   UNKNOWN - User status is not known.
+utUserStatus :: Lens' UserType (Maybe UserStatusType)
+utUserStatus = lens _utUserStatus (\ s a -> s{_utUserStatus = a});
+
+-- | The user name of the user you wish to describe.
+utUsername :: Lens' UserType (Maybe Text)
+utUsername = lens _utUsername (\ s a -> s{_utUsername = a}) . mapping _Sensitive;
+
+-- | The creation date of the user.
+utUserCreateDate :: Lens' UserType (Maybe UTCTime)
+utUserCreateDate = lens _utUserCreateDate (\ s a -> s{_utUserCreateDate = a}) . mapping _Time;
+
+-- | A container with information about the user type attributes.
+utAttributes :: Lens' UserType [AttributeType]
+utAttributes = lens _utAttributes (\ s a -> s{_utAttributes = a}) . _Default . _Coerce;
+
+-- | The last modified date of the user.
+utUserLastModifiedDate :: Lens' UserType (Maybe UTCTime)
+utUserLastModifiedDate = lens _utUserLastModifiedDate (\ s a -> s{_utUserLastModifiedDate = a}) . mapping _Time;
+
+instance FromJSON UserType where
+        parseJSON
+          = withObject "UserType"
+              (\ x ->
+                 UserType' <$>
+                   (x .:? "Enabled") <*> (x .:? "UserStatus") <*>
+                     (x .:? "Username")
+                     <*> (x .:? "UserCreateDate")
+                     <*> (x .:? "Attributes" .!= mempty)
+                     <*> (x .:? "UserLastModifiedDate"))
+
+instance Hashable UserType
+
+instance NFData UserType
diff --git a/gen/Network/AWS/CognitoIdentityProvider/Types/Sum.hs b/gen/Network/AWS/CognitoIdentityProvider/Types/Sum.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/Types/Sum.hs
@@ -0,0 +1,241 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE LambdaCase         #-}
+{-# LANGUAGE OverloadedStrings  #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.Types.Sum
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Network.AWS.CognitoIdentityProvider.Types.Sum where
+
+import           Network.AWS.Prelude
+
+data AliasAttributeType
+    = AATEmail
+    | AATPhoneNumber
+    | AATPreferredUsername
+    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+
+instance FromText AliasAttributeType where
+    parser = takeLowerText >>= \case
+        "email" -> pure AATEmail
+        "phone_number" -> pure AATPhoneNumber
+        "preferred_username" -> pure AATPreferredUsername
+        e -> fromTextError $ "Failure parsing AliasAttributeType from value: '" <> e
+           <> "'. Accepted values: email, phone_number, preferred_username"
+
+instance ToText AliasAttributeType where
+    toText = \case
+        AATEmail -> "email"
+        AATPhoneNumber -> "phone_number"
+        AATPreferredUsername -> "preferred_username"
+
+instance Hashable     AliasAttributeType
+instance NFData       AliasAttributeType
+instance ToByteString AliasAttributeType
+instance ToQuery      AliasAttributeType
+instance ToHeader     AliasAttributeType
+
+instance ToJSON AliasAttributeType where
+    toJSON = toJSONText
+
+instance FromJSON AliasAttributeType where
+    parseJSON = parseJSONText "AliasAttributeType"
+
+data AttributeDataType
+    = Boolean
+    | DateTime
+    | Number
+    | String
+    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+
+instance FromText AttributeDataType where
+    parser = takeLowerText >>= \case
+        "boolean" -> pure Boolean
+        "datetime" -> pure DateTime
+        "number" -> pure Number
+        "string" -> pure String
+        e -> fromTextError $ "Failure parsing AttributeDataType from value: '" <> e
+           <> "'. Accepted values: Boolean, DateTime, Number, String"
+
+instance ToText AttributeDataType where
+    toText = \case
+        Boolean -> "Boolean"
+        DateTime -> "DateTime"
+        Number -> "Number"
+        String -> "String"
+
+instance Hashable     AttributeDataType
+instance NFData       AttributeDataType
+instance ToByteString AttributeDataType
+instance ToQuery      AttributeDataType
+instance ToHeader     AttributeDataType
+
+instance ToJSON AttributeDataType where
+    toJSON = toJSONText
+
+instance FromJSON AttributeDataType where
+    parseJSON = parseJSONText "AttributeDataType"
+
+data DeliveryMediumType
+    = DMTEmail
+    | DMTSms
+    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+
+instance FromText DeliveryMediumType where
+    parser = takeLowerText >>= \case
+        "email" -> pure DMTEmail
+        "sms" -> pure DMTSms
+        e -> fromTextError $ "Failure parsing DeliveryMediumType from value: '" <> e
+           <> "'. Accepted values: EMAIL, SMS"
+
+instance ToText DeliveryMediumType where
+    toText = \case
+        DMTEmail -> "EMAIL"
+        DMTSms -> "SMS"
+
+instance Hashable     DeliveryMediumType
+instance NFData       DeliveryMediumType
+instance ToByteString DeliveryMediumType
+instance ToQuery      DeliveryMediumType
+instance ToHeader     DeliveryMediumType
+
+instance ToJSON DeliveryMediumType where
+    toJSON = toJSONText
+
+instance FromJSON DeliveryMediumType where
+    parseJSON = parseJSONText "DeliveryMediumType"
+
+data StatusType
+    = Disabled
+    | Enabled
+    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+
+instance FromText StatusType where
+    parser = takeLowerText >>= \case
+        "disabled" -> pure Disabled
+        "enabled" -> pure Enabled
+        e -> fromTextError $ "Failure parsing StatusType from value: '" <> e
+           <> "'. Accepted values: Disabled, Enabled"
+
+instance ToText StatusType where
+    toText = \case
+        Disabled -> "Disabled"
+        Enabled -> "Enabled"
+
+instance Hashable     StatusType
+instance NFData       StatusType
+instance ToByteString StatusType
+instance ToQuery      StatusType
+instance ToHeader     StatusType
+
+instance FromJSON StatusType where
+    parseJSON = parseJSONText "StatusType"
+
+data UserPoolMFAType
+    = ON
+    | Off
+    | Optional
+    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+
+instance FromText UserPoolMFAType where
+    parser = takeLowerText >>= \case
+        "on" -> pure ON
+        "off" -> pure Off
+        "optional" -> pure Optional
+        e -> fromTextError $ "Failure parsing UserPoolMFAType from value: '" <> e
+           <> "'. Accepted values: ON, OFF, OPTIONAL"
+
+instance ToText UserPoolMFAType where
+    toText = \case
+        ON -> "ON"
+        Off -> "OFF"
+        Optional -> "OPTIONAL"
+
+instance Hashable     UserPoolMFAType
+instance NFData       UserPoolMFAType
+instance ToByteString UserPoolMFAType
+instance ToQuery      UserPoolMFAType
+instance ToHeader     UserPoolMFAType
+
+instance ToJSON UserPoolMFAType where
+    toJSON = toJSONText
+
+instance FromJSON UserPoolMFAType where
+    parseJSON = parseJSONText "UserPoolMFAType"
+
+data UserStatusType
+    = Archived
+    | Compromised
+    | Confirmed
+    | Unconfirmed
+    | Unknown
+    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+
+instance FromText UserStatusType where
+    parser = takeLowerText >>= \case
+        "archived" -> pure Archived
+        "compromised" -> pure Compromised
+        "confirmed" -> pure Confirmed
+        "unconfirmed" -> pure Unconfirmed
+        "unknown" -> pure Unknown
+        e -> fromTextError $ "Failure parsing UserStatusType from value: '" <> e
+           <> "'. Accepted values: ARCHIVED, COMPROMISED, CONFIRMED, UNCONFIRMED, UNKNOWN"
+
+instance ToText UserStatusType where
+    toText = \case
+        Archived -> "ARCHIVED"
+        Compromised -> "COMPROMISED"
+        Confirmed -> "CONFIRMED"
+        Unconfirmed -> "UNCONFIRMED"
+        Unknown -> "UNKNOWN"
+
+instance Hashable     UserStatusType
+instance NFData       UserStatusType
+instance ToByteString UserStatusType
+instance ToQuery      UserStatusType
+instance ToHeader     UserStatusType
+
+instance ToJSON UserStatusType where
+    toJSON = toJSONText
+
+instance FromJSON UserStatusType where
+    parseJSON = parseJSONText "UserStatusType"
+
+data VerifiedAttributeType
+    = Email
+    | PhoneNumber
+    deriving (Eq,Ord,Read,Show,Enum,Bounded,Data,Typeable,Generic)
+
+instance FromText VerifiedAttributeType where
+    parser = takeLowerText >>= \case
+        "email" -> pure Email
+        "phone_number" -> pure PhoneNumber
+        e -> fromTextError $ "Failure parsing VerifiedAttributeType from value: '" <> e
+           <> "'. Accepted values: email, phone_number"
+
+instance ToText VerifiedAttributeType where
+    toText = \case
+        Email -> "email"
+        PhoneNumber -> "phone_number"
+
+instance Hashable     VerifiedAttributeType
+instance NFData       VerifiedAttributeType
+instance ToByteString VerifiedAttributeType
+instance ToQuery      VerifiedAttributeType
+instance ToHeader     VerifiedAttributeType
+
+instance ToJSON VerifiedAttributeType where
+    toJSON = toJSONText
+
+instance FromJSON VerifiedAttributeType where
+    parseJSON = parseJSONText "VerifiedAttributeType"
diff --git a/gen/Network/AWS/CognitoIdentityProvider/UpdateUserAttributes.hs b/gen/Network/AWS/CognitoIdentityProvider/UpdateUserAttributes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/UpdateUserAttributes.hs
@@ -0,0 +1,149 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.UpdateUserAttributes
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Allows a user to update a specific attribute (one at a time).
+module Network.AWS.CognitoIdentityProvider.UpdateUserAttributes
+    (
+    -- * Creating a Request
+      updateUserAttributes
+    , UpdateUserAttributes
+    -- * Request Lenses
+    , uuaAccessToken
+    , uuaUserAttributes
+
+    -- * Destructuring the Response
+    , updateUserAttributesResponse
+    , UpdateUserAttributesResponse
+    -- * Response Lenses
+    , uuarsCodeDeliveryDetailsList
+    , uuarsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to update user attributes.
+--
+-- /See:/ 'updateUserAttributes' smart constructor.
+data UpdateUserAttributes = UpdateUserAttributes'
+    { _uuaAccessToken    :: !(Maybe (Sensitive Text))
+    , _uuaUserAttributes :: ![AttributeType]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UpdateUserAttributes' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'uuaAccessToken'
+--
+-- * 'uuaUserAttributes'
+updateUserAttributes
+    :: UpdateUserAttributes
+updateUserAttributes =
+    UpdateUserAttributes'
+    { _uuaAccessToken = Nothing
+    , _uuaUserAttributes = mempty
+    }
+
+-- | The access token for the request to update user attributes.
+uuaAccessToken :: Lens' UpdateUserAttributes (Maybe Text)
+uuaAccessToken = lens _uuaAccessToken (\ s a -> s{_uuaAccessToken = a}) . mapping _Sensitive;
+
+-- | An array of name-value pairs representing user attributes.
+uuaUserAttributes :: Lens' UpdateUserAttributes [AttributeType]
+uuaUserAttributes = lens _uuaUserAttributes (\ s a -> s{_uuaUserAttributes = a}) . _Coerce;
+
+instance AWSRequest UpdateUserAttributes where
+        type Rs UpdateUserAttributes =
+             UpdateUserAttributesResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 UpdateUserAttributesResponse' <$>
+                   (x .?> "CodeDeliveryDetailsList" .!@ mempty) <*>
+                     (pure (fromEnum s)))
+
+instance Hashable UpdateUserAttributes
+
+instance NFData UpdateUserAttributes
+
+instance ToHeaders UpdateUserAttributes where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.UpdateUserAttributes"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON UpdateUserAttributes where
+        toJSON UpdateUserAttributes'{..}
+          = object
+              (catMaybes
+                 [("AccessToken" .=) <$> _uuaAccessToken,
+                  Just ("UserAttributes" .= _uuaUserAttributes)])
+
+instance ToPath UpdateUserAttributes where
+        toPath = const "/"
+
+instance ToQuery UpdateUserAttributes where
+        toQuery = const mempty
+
+-- | Represents the response from the server for the request to update user
+-- attributes.
+--
+-- /See:/ 'updateUserAttributesResponse' smart constructor.
+data UpdateUserAttributesResponse = UpdateUserAttributesResponse'
+    { _uuarsCodeDeliveryDetailsList :: !(Maybe [CodeDeliveryDetailsType])
+    , _uuarsResponseStatus          :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UpdateUserAttributesResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'uuarsCodeDeliveryDetailsList'
+--
+-- * 'uuarsResponseStatus'
+updateUserAttributesResponse
+    :: Int -- ^ 'uuarsResponseStatus'
+    -> UpdateUserAttributesResponse
+updateUserAttributesResponse pResponseStatus_ =
+    UpdateUserAttributesResponse'
+    { _uuarsCodeDeliveryDetailsList = Nothing
+    , _uuarsResponseStatus = pResponseStatus_
+    }
+
+-- | The code delivery details list from the server for the request to update
+-- user attributes.
+uuarsCodeDeliveryDetailsList :: Lens' UpdateUserAttributesResponse [CodeDeliveryDetailsType]
+uuarsCodeDeliveryDetailsList = lens _uuarsCodeDeliveryDetailsList (\ s a -> s{_uuarsCodeDeliveryDetailsList = a}) . _Default . _Coerce;
+
+-- | The response status code.
+uuarsResponseStatus :: Lens' UpdateUserAttributesResponse Int
+uuarsResponseStatus = lens _uuarsResponseStatus (\ s a -> s{_uuarsResponseStatus = a});
+
+instance NFData UpdateUserAttributesResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/UpdateUserPool.hs b/gen/Network/AWS/CognitoIdentityProvider/UpdateUserPool.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/UpdateUserPool.hs
@@ -0,0 +1,221 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.UpdateUserPool
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the specified user pool with the specified attributes.
+module Network.AWS.CognitoIdentityProvider.UpdateUserPool
+    (
+    -- * Creating a Request
+      updateUserPool
+    , UpdateUserPool
+    -- * Request Lenses
+    , uupEmailVerificationMessage
+    , uupSmsAuthenticationMessage
+    , uupEmailVerificationSubject
+    , uupSmsVerificationMessage
+    , uupMFAConfiguration
+    , uupLambdaConfig
+    , uupAutoVerifiedAttributes
+    , uupPolicies
+    , uupUserPoolId
+
+    -- * Destructuring the Response
+    , updateUserPoolResponse
+    , UpdateUserPoolResponse
+    -- * Response Lenses
+    , uuprsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to update the user pool.
+--
+-- /See:/ 'updateUserPool' smart constructor.
+data UpdateUserPool = UpdateUserPool'
+    { _uupEmailVerificationMessage :: !(Maybe Text)
+    , _uupSmsAuthenticationMessage :: !(Maybe Text)
+    , _uupEmailVerificationSubject :: !(Maybe Text)
+    , _uupSmsVerificationMessage   :: !(Maybe Text)
+    , _uupMFAConfiguration         :: !(Maybe UserPoolMFAType)
+    , _uupLambdaConfig             :: !(Maybe LambdaConfigType)
+    , _uupAutoVerifiedAttributes   :: !(Maybe [VerifiedAttributeType])
+    , _uupPolicies                 :: !(Maybe UserPoolPolicyType)
+    , _uupUserPoolId               :: !Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UpdateUserPool' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'uupEmailVerificationMessage'
+--
+-- * 'uupSmsAuthenticationMessage'
+--
+-- * 'uupEmailVerificationSubject'
+--
+-- * 'uupSmsVerificationMessage'
+--
+-- * 'uupMFAConfiguration'
+--
+-- * 'uupLambdaConfig'
+--
+-- * 'uupAutoVerifiedAttributes'
+--
+-- * 'uupPolicies'
+--
+-- * 'uupUserPoolId'
+updateUserPool
+    :: Text -- ^ 'uupUserPoolId'
+    -> UpdateUserPool
+updateUserPool pUserPoolId_ =
+    UpdateUserPool'
+    { _uupEmailVerificationMessage = Nothing
+    , _uupSmsAuthenticationMessage = Nothing
+    , _uupEmailVerificationSubject = Nothing
+    , _uupSmsVerificationMessage = Nothing
+    , _uupMFAConfiguration = Nothing
+    , _uupLambdaConfig = Nothing
+    , _uupAutoVerifiedAttributes = Nothing
+    , _uupPolicies = Nothing
+    , _uupUserPoolId = pUserPoolId_
+    }
+
+-- | The contents of the email verification message.
+uupEmailVerificationMessage :: Lens' UpdateUserPool (Maybe Text)
+uupEmailVerificationMessage = lens _uupEmailVerificationMessage (\ s a -> s{_uupEmailVerificationMessage = a});
+
+-- | The contents of the SMS authentication message.
+uupSmsAuthenticationMessage :: Lens' UpdateUserPool (Maybe Text)
+uupSmsAuthenticationMessage = lens _uupSmsAuthenticationMessage (\ s a -> s{_uupSmsAuthenticationMessage = a});
+
+-- | The subject of the email verfication message
+uupEmailVerificationSubject :: Lens' UpdateUserPool (Maybe Text)
+uupEmailVerificationSubject = lens _uupEmailVerificationSubject (\ s a -> s{_uupEmailVerificationSubject = a});
+
+-- | A container with information about the SMS verification message.
+uupSmsVerificationMessage :: Lens' UpdateUserPool (Maybe Text)
+uupSmsVerificationMessage = lens _uupSmsVerificationMessage (\ s a -> s{_uupSmsVerificationMessage = a});
+
+-- | Can be one of the following values:
+--
+-- -   'OFF' - MFA tokens are not required and cannot be specified during
+--     user registration.
+-- -   'ON' - MFA tokens are required for all user registrations. You can
+--     only specify required when you are initially creating a user pool.
+-- -   'OPTIONAL' - Users have the option when registering to create an MFA
+--     token.
+uupMFAConfiguration :: Lens' UpdateUserPool (Maybe UserPoolMFAType)
+uupMFAConfiguration = lens _uupMFAConfiguration (\ s a -> s{_uupMFAConfiguration = a});
+
+-- | The AWS Lambda configuration information from the request to update the
+-- user pool.
+uupLambdaConfig :: Lens' UpdateUserPool (Maybe LambdaConfigType)
+uupLambdaConfig = lens _uupLambdaConfig (\ s a -> s{_uupLambdaConfig = a});
+
+-- | The attributes that are automatically verified when the Amazon Cognito
+-- service makes a request to update user pools.
+uupAutoVerifiedAttributes :: Lens' UpdateUserPool [VerifiedAttributeType]
+uupAutoVerifiedAttributes = lens _uupAutoVerifiedAttributes (\ s a -> s{_uupAutoVerifiedAttributes = a}) . _Default . _Coerce;
+
+-- | A container with the policies you wish to update in a user pool.
+uupPolicies :: Lens' UpdateUserPool (Maybe UserPoolPolicyType)
+uupPolicies = lens _uupPolicies (\ s a -> s{_uupPolicies = a});
+
+-- | The user pool ID for the user pool you want to update.
+uupUserPoolId :: Lens' UpdateUserPool Text
+uupUserPoolId = lens _uupUserPoolId (\ s a -> s{_uupUserPoolId = a});
+
+instance AWSRequest UpdateUserPool where
+        type Rs UpdateUserPool = UpdateUserPoolResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 UpdateUserPoolResponse' <$> (pure (fromEnum s)))
+
+instance Hashable UpdateUserPool
+
+instance NFData UpdateUserPool
+
+instance ToHeaders UpdateUserPool where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.UpdateUserPool"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON UpdateUserPool where
+        toJSON UpdateUserPool'{..}
+          = object
+              (catMaybes
+                 [("EmailVerificationMessage" .=) <$>
+                    _uupEmailVerificationMessage,
+                  ("SmsAuthenticationMessage" .=) <$>
+                    _uupSmsAuthenticationMessage,
+                  ("EmailVerificationSubject" .=) <$>
+                    _uupEmailVerificationSubject,
+                  ("SmsVerificationMessage" .=) <$>
+                    _uupSmsVerificationMessage,
+                  ("MfaConfiguration" .=) <$> _uupMFAConfiguration,
+                  ("LambdaConfig" .=) <$> _uupLambdaConfig,
+                  ("AutoVerifiedAttributes" .=) <$>
+                    _uupAutoVerifiedAttributes,
+                  ("Policies" .=) <$> _uupPolicies,
+                  Just ("UserPoolId" .= _uupUserPoolId)])
+
+instance ToPath UpdateUserPool where
+        toPath = const "/"
+
+instance ToQuery UpdateUserPool where
+        toQuery = const mempty
+
+-- | Represents the response from the server when you make a request to
+-- update the user pool.
+--
+-- /See:/ 'updateUserPoolResponse' smart constructor.
+newtype UpdateUserPoolResponse = UpdateUserPoolResponse'
+    { _uuprsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UpdateUserPoolResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'uuprsResponseStatus'
+updateUserPoolResponse
+    :: Int -- ^ 'uuprsResponseStatus'
+    -> UpdateUserPoolResponse
+updateUserPoolResponse pResponseStatus_ =
+    UpdateUserPoolResponse'
+    { _uuprsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+uuprsResponseStatus :: Lens' UpdateUserPoolResponse Int
+uuprsResponseStatus = lens _uuprsResponseStatus (\ s a -> s{_uuprsResponseStatus = a});
+
+instance NFData UpdateUserPoolResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/UpdateUserPoolClient.hs b/gen/Network/AWS/CognitoIdentityProvider/UpdateUserPoolClient.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/UpdateUserPoolClient.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.UpdateUserPoolClient
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Allows the developer to update the specified user pool client and
+-- password policy.
+module Network.AWS.CognitoIdentityProvider.UpdateUserPoolClient
+    (
+    -- * Creating a Request
+      updateUserPoolClient
+    , UpdateUserPoolClient
+    -- * Request Lenses
+    , uupcClientName
+    , uupcUserPoolId
+    , uupcClientId
+
+    -- * Destructuring the Response
+    , updateUserPoolClientResponse
+    , UpdateUserPoolClientResponse
+    -- * Response Lenses
+    , uupcrsUserPoolClient
+    , uupcrsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to update the user pool client.
+--
+-- /See:/ 'updateUserPoolClient' smart constructor.
+data UpdateUserPoolClient = UpdateUserPoolClient'
+    { _uupcClientName :: !(Maybe Text)
+    , _uupcUserPoolId :: !Text
+    , _uupcClientId   :: !(Sensitive Text)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UpdateUserPoolClient' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'uupcClientName'
+--
+-- * 'uupcUserPoolId'
+--
+-- * 'uupcClientId'
+updateUserPoolClient
+    :: Text -- ^ 'uupcUserPoolId'
+    -> Text -- ^ 'uupcClientId'
+    -> UpdateUserPoolClient
+updateUserPoolClient pUserPoolId_ pClientId_ =
+    UpdateUserPoolClient'
+    { _uupcClientName = Nothing
+    , _uupcUserPoolId = pUserPoolId_
+    , _uupcClientId = _Sensitive # pClientId_
+    }
+
+-- | The client name from the update user pool client request.
+uupcClientName :: Lens' UpdateUserPoolClient (Maybe Text)
+uupcClientName = lens _uupcClientName (\ s a -> s{_uupcClientName = a});
+
+-- | The user pool ID for the user pool where you want to update the user
+-- pool client.
+uupcUserPoolId :: Lens' UpdateUserPoolClient Text
+uupcUserPoolId = lens _uupcUserPoolId (\ s a -> s{_uupcUserPoolId = a});
+
+-- | The ID of the client associated with the user pool.
+uupcClientId :: Lens' UpdateUserPoolClient Text
+uupcClientId = lens _uupcClientId (\ s a -> s{_uupcClientId = a}) . _Sensitive;
+
+instance AWSRequest UpdateUserPoolClient where
+        type Rs UpdateUserPoolClient =
+             UpdateUserPoolClientResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveJSON
+              (\ s h x ->
+                 UpdateUserPoolClientResponse' <$>
+                   (x .?> "UserPoolClient") <*> (pure (fromEnum s)))
+
+instance Hashable UpdateUserPoolClient
+
+instance NFData UpdateUserPoolClient
+
+instance ToHeaders UpdateUserPoolClient where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.UpdateUserPoolClient"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON UpdateUserPoolClient where
+        toJSON UpdateUserPoolClient'{..}
+          = object
+              (catMaybes
+                 [("ClientName" .=) <$> _uupcClientName,
+                  Just ("UserPoolId" .= _uupcUserPoolId),
+                  Just ("ClientId" .= _uupcClientId)])
+
+instance ToPath UpdateUserPoolClient where
+        toPath = const "/"
+
+instance ToQuery UpdateUserPoolClient where
+        toQuery = const mempty
+
+-- | Represents the response from the server to the request to update the
+-- user pool client.
+--
+-- /See:/ 'updateUserPoolClientResponse' smart constructor.
+data UpdateUserPoolClientResponse = UpdateUserPoolClientResponse'
+    { _uupcrsUserPoolClient :: !(Maybe UserPoolClientType)
+    , _uupcrsResponseStatus :: !Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'UpdateUserPoolClientResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'uupcrsUserPoolClient'
+--
+-- * 'uupcrsResponseStatus'
+updateUserPoolClientResponse
+    :: Int -- ^ 'uupcrsResponseStatus'
+    -> UpdateUserPoolClientResponse
+updateUserPoolClientResponse pResponseStatus_ =
+    UpdateUserPoolClientResponse'
+    { _uupcrsUserPoolClient = Nothing
+    , _uupcrsResponseStatus = pResponseStatus_
+    }
+
+-- | The user pool client value from the response from the server when an
+-- update user pool client request is made.
+uupcrsUserPoolClient :: Lens' UpdateUserPoolClientResponse (Maybe UserPoolClientType)
+uupcrsUserPoolClient = lens _uupcrsUserPoolClient (\ s a -> s{_uupcrsUserPoolClient = a});
+
+-- | The response status code.
+uupcrsResponseStatus :: Lens' UpdateUserPoolClientResponse Int
+uupcrsResponseStatus = lens _uupcrsResponseStatus (\ s a -> s{_uupcrsResponseStatus = a});
+
+instance NFData UpdateUserPoolClientResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/VerifyUserAttribute.hs b/gen/Network/AWS/CognitoIdentityProvider/VerifyUserAttribute.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/VerifyUserAttribute.hs
@@ -0,0 +1,149 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.VerifyUserAttribute
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Verifies the specified user attributes in the user pool.
+module Network.AWS.CognitoIdentityProvider.VerifyUserAttribute
+    (
+    -- * Creating a Request
+      verifyUserAttribute
+    , VerifyUserAttribute
+    -- * Request Lenses
+    , vuaAccessToken
+    , vuaAttributeName
+    , vuaCode
+
+    -- * Destructuring the Response
+    , verifyUserAttributeResponse
+    , VerifyUserAttributeResponse
+    -- * Response Lenses
+    , vuarsResponseStatus
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.CognitoIdentityProvider.Types.Product
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | Represents the request to verify user attributes.
+--
+-- /See:/ 'verifyUserAttribute' smart constructor.
+data VerifyUserAttribute = VerifyUserAttribute'
+    { _vuaAccessToken   :: !(Maybe (Sensitive Text))
+    , _vuaAttributeName :: !Text
+    , _vuaCode          :: !Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'VerifyUserAttribute' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'vuaAccessToken'
+--
+-- * 'vuaAttributeName'
+--
+-- * 'vuaCode'
+verifyUserAttribute
+    :: Text -- ^ 'vuaAttributeName'
+    -> Text -- ^ 'vuaCode'
+    -> VerifyUserAttribute
+verifyUserAttribute pAttributeName_ pCode_ =
+    VerifyUserAttribute'
+    { _vuaAccessToken = Nothing
+    , _vuaAttributeName = pAttributeName_
+    , _vuaCode = pCode_
+    }
+
+-- | Represents the access token of the request to verify user attributes.
+vuaAccessToken :: Lens' VerifyUserAttribute (Maybe Text)
+vuaAccessToken = lens _vuaAccessToken (\ s a -> s{_vuaAccessToken = a}) . mapping _Sensitive;
+
+-- | The attribute name in the request to verify user attributes.
+vuaAttributeName :: Lens' VerifyUserAttribute Text
+vuaAttributeName = lens _vuaAttributeName (\ s a -> s{_vuaAttributeName = a});
+
+-- | The verification code in the request to verify user attributes.
+vuaCode :: Lens' VerifyUserAttribute Text
+vuaCode = lens _vuaCode (\ s a -> s{_vuaCode = a});
+
+instance AWSRequest VerifyUserAttribute where
+        type Rs VerifyUserAttribute =
+             VerifyUserAttributeResponse
+        request = postJSON cognitoIdentityProvider
+        response
+          = receiveEmpty
+              (\ s h x ->
+                 VerifyUserAttributeResponse' <$> (pure (fromEnum s)))
+
+instance Hashable VerifyUserAttribute
+
+instance NFData VerifyUserAttribute
+
+instance ToHeaders VerifyUserAttribute where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSCognitoIdentityProviderService.VerifyUserAttribute"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON VerifyUserAttribute where
+        toJSON VerifyUserAttribute'{..}
+          = object
+              (catMaybes
+                 [("AccessToken" .=) <$> _vuaAccessToken,
+                  Just ("AttributeName" .= _vuaAttributeName),
+                  Just ("Code" .= _vuaCode)])
+
+instance ToPath VerifyUserAttribute where
+        toPath = const "/"
+
+instance ToQuery VerifyUserAttribute where
+        toQuery = const mempty
+
+-- | A container representing the response from the server from the request
+-- to verify user attributes.
+--
+-- /See:/ 'verifyUserAttributeResponse' smart constructor.
+newtype VerifyUserAttributeResponse = VerifyUserAttributeResponse'
+    { _vuarsResponseStatus :: Int
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'VerifyUserAttributeResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'vuarsResponseStatus'
+verifyUserAttributeResponse
+    :: Int -- ^ 'vuarsResponseStatus'
+    -> VerifyUserAttributeResponse
+verifyUserAttributeResponse pResponseStatus_ =
+    VerifyUserAttributeResponse'
+    { _vuarsResponseStatus = pResponseStatus_
+    }
+
+-- | The response status code.
+vuarsResponseStatus :: Lens' VerifyUserAttributeResponse Int
+vuarsResponseStatus = lens _vuarsResponseStatus (\ s a -> s{_vuarsResponseStatus = a});
+
+instance NFData VerifyUserAttributeResponse
diff --git a/gen/Network/AWS/CognitoIdentityProvider/Waiters.hs b/gen/Network/AWS/CognitoIdentityProvider/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/CognitoIdentityProvider/Waiters.hs
@@ -0,0 +1,21 @@
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE TypeFamilies      #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.CognitoIdentityProvider.Waiters
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Network.AWS.CognitoIdentityProvider.Waiters where
+
+import           Network.AWS.CognitoIdentityProvider.Types
+import           Network.AWS.Lens
+import           Network.AWS.Prelude
+import           Network.AWS.Waiter
diff --git a/test/Main.hs b/test/Main.hs
new file mode 100644
--- /dev/null
+++ b/test/Main.hs
@@ -0,0 +1,21 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Main
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Main (main) where
+
+import Test.Tasty
+import Test.AWS.CognitoIdentityProvider
+import Test.AWS.CognitoIdentityProvider.Internal
+
+main :: IO ()
+main = defaultMain $ testGroup "CognitoIdentityProvider"
+    [ testGroup "tests"    tests
+    , testGroup "fixtures" fixtures
+    ]
diff --git a/test/Test/AWS/CognitoIdentityProvider.hs b/test/Test/AWS/CognitoIdentityProvider.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/AWS/CognitoIdentityProvider.hs
@@ -0,0 +1,26 @@
+{-# LANGUAGE OverloadedStrings #-}
+
+-- Module      : Test.AWS.CognitoIdentityProvider
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : This Source Code Form is subject to the terms of
+--               the Mozilla Public License, v. 2.0.
+--               A copy of the MPL can be found in the LICENSE file or
+--               you can obtain it at http://mozilla.org/MPL/2.0/.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : experimental
+-- Portability : non-portable (GHC extensions)
+
+module Test.AWS.CognitoIdentityProvider
+    ( tests
+    , fixtures
+    ) where
+
+import           Network.AWS.CognitoIdentityProvider
+import           Test.AWS.Gen.CognitoIdentityProvider
+import           Test.Tasty
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/AWS/CognitoIdentityProvider/Internal.hs b/test/Test/AWS/CognitoIdentityProvider/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/AWS/CognitoIdentityProvider/Internal.hs
@@ -0,0 +1,16 @@
+{-# LANGUAGE OverloadedStrings #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Module      : Test.AWS.CognitoIdentityProvider.Internal
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : This Source Code Form is subject to the terms of
+--               the Mozilla Public License, v. 2.0.
+--               A copy of the MPL can be found in the LICENSE file or
+--               you can obtain it at http://mozilla.org/MPL/2.0/.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : experimental
+-- Portability : non-portable (GHC extensions)
+
+module Test.AWS.CognitoIdentityProvider.Internal where
+
+import           Test.AWS.Prelude
diff --git a/test/Test/AWS/Gen/CognitoIdentityProvider.hs b/test/Test/AWS/Gen/CognitoIdentityProvider.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/AWS/Gen/CognitoIdentityProvider.hs
@@ -0,0 +1,651 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-orphans        #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.AWS.Gen.CognitoIdentityProvider
+-- Copyright   : (c) 2013-2016 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+module Test.AWS.Gen.CognitoIdentityProvider where
+
+import Data.Proxy
+import Test.AWS.Fixture
+import Test.AWS.Prelude
+import Test.Tasty
+import Network.AWS.CognitoIdentityProvider
+import Test.AWS.CognitoIdentityProvider.Internal
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ testDeleteUserPool $
+--             deleteUserPool
+--
+--         , testUpdateUserPool $
+--             updateUserPool
+--
+--         , testAdminEnableUser $
+--             adminEnableUser
+--
+--         , testGetUserAttributeVerificationCode $
+--             getUserAttributeVerificationCode
+--
+--         , testUpdateUserAttributes $
+--             updateUserAttributes
+--
+--         , testDeleteUserAttributes $
+--             deleteUserAttributes
+--
+--         , testVerifyUserAttribute $
+--             verifyUserAttribute
+--
+--         , testAdminDisableUser $
+--             adminDisableUser
+--
+--         , testConfirmForgotPassword $
+--             confirmForgotPassword
+--
+--         , testListUsers $
+--             listUsers
+--
+--         , testAdminDeleteUserAttributes $
+--             adminDeleteUserAttributes
+--
+--         , testAdminUpdateUserAttributes $
+--             adminUpdateUserAttributes
+--
+--         , testAdminGetUser $
+--             adminGetUser
+--
+--         , testForgotPassword $
+--             forgotPassword
+--
+--         , testDescribeUserPool $
+--             describeUserPool
+--
+--         , testAdminConfirmSignUp $
+--             adminConfirmSignUp
+--
+--         , testSignUp $
+--             signUp
+--
+--         , testChangePassword $
+--             changePassword
+--
+--         , testCreateUserPool $
+--             createUserPool
+--
+--         , testConfirmSignUp $
+--             confirmSignUp
+--
+--         , testListUserPools $
+--             listUserPools
+--
+--         , testAdminResetUserPassword $
+--             adminResetUserPassword
+--
+--         , testGetUser $
+--             getUser
+--
+--         , testAdminDeleteUser $
+--             adminDeleteUser
+--
+--         , testAddCustomAttributes $
+--             addCustomAttributes
+--
+--         , testListUserPoolClients $
+--             listUserPoolClients
+--
+--         , testUpdateUserPoolClient $
+--             updateUserPoolClient
+--
+--         , testDeleteUserPoolClient $
+--             deleteUserPoolClient
+--
+--         , testDeleteUser $
+--             deleteUser
+--
+--         , testCreateUserPoolClient $
+--             createUserPoolClient
+--
+--         , testSetUserSettings $
+--             setUserSettings
+--
+--         , testDescribeUserPoolClient $
+--             describeUserPoolClient
+--
+--         , testResendConfirmationCode $
+--             resendConfirmationCode
+--
+--         , testAdminSetUserSettings $
+--             adminSetUserSettings
+--
+--           ]
+
+--     , testGroup "response"
+--         [ testDeleteUserPoolResponse $
+--             deleteUserPoolResponse
+--
+--         , testUpdateUserPoolResponse $
+--             updateUserPoolResponse
+--
+--         , testAdminEnableUserResponse $
+--             adminEnableUserResponse
+--
+--         , testGetUserAttributeVerificationCodeResponse $
+--             getUserAttributeVerificationCodeResponse
+--
+--         , testUpdateUserAttributesResponse $
+--             updateUserAttributesResponse
+--
+--         , testDeleteUserAttributesResponse $
+--             deleteUserAttributesResponse
+--
+--         , testVerifyUserAttributeResponse $
+--             verifyUserAttributeResponse
+--
+--         , testAdminDisableUserResponse $
+--             adminDisableUserResponse
+--
+--         , testConfirmForgotPasswordResponse $
+--             confirmForgotPasswordResponse
+--
+--         , testListUsersResponse $
+--             listUsersResponse
+--
+--         , testAdminDeleteUserAttributesResponse $
+--             adminDeleteUserAttributesResponse
+--
+--         , testAdminUpdateUserAttributesResponse $
+--             adminUpdateUserAttributesResponse
+--
+--         , testAdminGetUserResponse $
+--             adminGetUserResponse
+--
+--         , testForgotPasswordResponse $
+--             forgotPasswordResponse
+--
+--         , testDescribeUserPoolResponse $
+--             describeUserPoolResponse
+--
+--         , testAdminConfirmSignUpResponse $
+--             adminConfirmSignUpResponse
+--
+--         , testSignUpResponse $
+--             signUpResponse
+--
+--         , testChangePasswordResponse $
+--             changePasswordResponse
+--
+--         , testCreateUserPoolResponse $
+--             createUserPoolResponse
+--
+--         , testConfirmSignUpResponse $
+--             confirmSignUpResponse
+--
+--         , testListUserPoolsResponse $
+--             listUserPoolsResponse
+--
+--         , testAdminResetUserPasswordResponse $
+--             adminResetUserPasswordResponse
+--
+--         , testGetUserResponse $
+--             getUserResponse
+--
+--         , testAdminDeleteUserResponse $
+--             adminDeleteUserResponse
+--
+--         , testAddCustomAttributesResponse $
+--             addCustomAttributesResponse
+--
+--         , testListUserPoolClientsResponse $
+--             listUserPoolClientsResponse
+--
+--         , testUpdateUserPoolClientResponse $
+--             updateUserPoolClientResponse
+--
+--         , testDeleteUserPoolClientResponse $
+--             deleteUserPoolClientResponse
+--
+--         , testDeleteUserResponse $
+--             deleteUserResponse
+--
+--         , testCreateUserPoolClientResponse $
+--             createUserPoolClientResponse
+--
+--         , testSetUserSettingsResponse $
+--             setUserSettingsResponse
+--
+--         , testDescribeUserPoolClientResponse $
+--             describeUserPoolClientResponse
+--
+--         , testResendConfirmationCodeResponse $
+--             resendConfirmationCodeResponse
+--
+--         , testAdminSetUserSettingsResponse $
+--             adminSetUserSettingsResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+testDeleteUserPool :: DeleteUserPool -> TestTree
+testDeleteUserPool = req
+    "DeleteUserPool"
+    "fixture/DeleteUserPool.yaml"
+
+testUpdateUserPool :: UpdateUserPool -> TestTree
+testUpdateUserPool = req
+    "UpdateUserPool"
+    "fixture/UpdateUserPool.yaml"
+
+testAdminEnableUser :: AdminEnableUser -> TestTree
+testAdminEnableUser = req
+    "AdminEnableUser"
+    "fixture/AdminEnableUser.yaml"
+
+testGetUserAttributeVerificationCode :: GetUserAttributeVerificationCode -> TestTree
+testGetUserAttributeVerificationCode = req
+    "GetUserAttributeVerificationCode"
+    "fixture/GetUserAttributeVerificationCode.yaml"
+
+testUpdateUserAttributes :: UpdateUserAttributes -> TestTree
+testUpdateUserAttributes = req
+    "UpdateUserAttributes"
+    "fixture/UpdateUserAttributes.yaml"
+
+testDeleteUserAttributes :: DeleteUserAttributes -> TestTree
+testDeleteUserAttributes = req
+    "DeleteUserAttributes"
+    "fixture/DeleteUserAttributes.yaml"
+
+testVerifyUserAttribute :: VerifyUserAttribute -> TestTree
+testVerifyUserAttribute = req
+    "VerifyUserAttribute"
+    "fixture/VerifyUserAttribute.yaml"
+
+testAdminDisableUser :: AdminDisableUser -> TestTree
+testAdminDisableUser = req
+    "AdminDisableUser"
+    "fixture/AdminDisableUser.yaml"
+
+testConfirmForgotPassword :: ConfirmForgotPassword -> TestTree
+testConfirmForgotPassword = req
+    "ConfirmForgotPassword"
+    "fixture/ConfirmForgotPassword.yaml"
+
+testListUsers :: ListUsers -> TestTree
+testListUsers = req
+    "ListUsers"
+    "fixture/ListUsers.yaml"
+
+testAdminDeleteUserAttributes :: AdminDeleteUserAttributes -> TestTree
+testAdminDeleteUserAttributes = req
+    "AdminDeleteUserAttributes"
+    "fixture/AdminDeleteUserAttributes.yaml"
+
+testAdminUpdateUserAttributes :: AdminUpdateUserAttributes -> TestTree
+testAdminUpdateUserAttributes = req
+    "AdminUpdateUserAttributes"
+    "fixture/AdminUpdateUserAttributes.yaml"
+
+testAdminGetUser :: AdminGetUser -> TestTree
+testAdminGetUser = req
+    "AdminGetUser"
+    "fixture/AdminGetUser.yaml"
+
+testForgotPassword :: ForgotPassword -> TestTree
+testForgotPassword = req
+    "ForgotPassword"
+    "fixture/ForgotPassword.yaml"
+
+testDescribeUserPool :: DescribeUserPool -> TestTree
+testDescribeUserPool = req
+    "DescribeUserPool"
+    "fixture/DescribeUserPool.yaml"
+
+testAdminConfirmSignUp :: AdminConfirmSignUp -> TestTree
+testAdminConfirmSignUp = req
+    "AdminConfirmSignUp"
+    "fixture/AdminConfirmSignUp.yaml"
+
+testSignUp :: SignUp -> TestTree
+testSignUp = req
+    "SignUp"
+    "fixture/SignUp.yaml"
+
+testChangePassword :: ChangePassword -> TestTree
+testChangePassword = req
+    "ChangePassword"
+    "fixture/ChangePassword.yaml"
+
+testCreateUserPool :: CreateUserPool -> TestTree
+testCreateUserPool = req
+    "CreateUserPool"
+    "fixture/CreateUserPool.yaml"
+
+testConfirmSignUp :: ConfirmSignUp -> TestTree
+testConfirmSignUp = req
+    "ConfirmSignUp"
+    "fixture/ConfirmSignUp.yaml"
+
+testListUserPools :: ListUserPools -> TestTree
+testListUserPools = req
+    "ListUserPools"
+    "fixture/ListUserPools.yaml"
+
+testAdminResetUserPassword :: AdminResetUserPassword -> TestTree
+testAdminResetUserPassword = req
+    "AdminResetUserPassword"
+    "fixture/AdminResetUserPassword.yaml"
+
+testGetUser :: GetUser -> TestTree
+testGetUser = req
+    "GetUser"
+    "fixture/GetUser.yaml"
+
+testAdminDeleteUser :: AdminDeleteUser -> TestTree
+testAdminDeleteUser = req
+    "AdminDeleteUser"
+    "fixture/AdminDeleteUser.yaml"
+
+testAddCustomAttributes :: AddCustomAttributes -> TestTree
+testAddCustomAttributes = req
+    "AddCustomAttributes"
+    "fixture/AddCustomAttributes.yaml"
+
+testListUserPoolClients :: ListUserPoolClients -> TestTree
+testListUserPoolClients = req
+    "ListUserPoolClients"
+    "fixture/ListUserPoolClients.yaml"
+
+testUpdateUserPoolClient :: UpdateUserPoolClient -> TestTree
+testUpdateUserPoolClient = req
+    "UpdateUserPoolClient"
+    "fixture/UpdateUserPoolClient.yaml"
+
+testDeleteUserPoolClient :: DeleteUserPoolClient -> TestTree
+testDeleteUserPoolClient = req
+    "DeleteUserPoolClient"
+    "fixture/DeleteUserPoolClient.yaml"
+
+testDeleteUser :: DeleteUser -> TestTree
+testDeleteUser = req
+    "DeleteUser"
+    "fixture/DeleteUser.yaml"
+
+testCreateUserPoolClient :: CreateUserPoolClient -> TestTree
+testCreateUserPoolClient = req
+    "CreateUserPoolClient"
+    "fixture/CreateUserPoolClient.yaml"
+
+testSetUserSettings :: SetUserSettings -> TestTree
+testSetUserSettings = req
+    "SetUserSettings"
+    "fixture/SetUserSettings.yaml"
+
+testDescribeUserPoolClient :: DescribeUserPoolClient -> TestTree
+testDescribeUserPoolClient = req
+    "DescribeUserPoolClient"
+    "fixture/DescribeUserPoolClient.yaml"
+
+testResendConfirmationCode :: ResendConfirmationCode -> TestTree
+testResendConfirmationCode = req
+    "ResendConfirmationCode"
+    "fixture/ResendConfirmationCode.yaml"
+
+testAdminSetUserSettings :: AdminSetUserSettings -> TestTree
+testAdminSetUserSettings = req
+    "AdminSetUserSettings"
+    "fixture/AdminSetUserSettings.yaml"
+
+-- Responses
+
+testDeleteUserPoolResponse :: DeleteUserPoolResponse -> TestTree
+testDeleteUserPoolResponse = res
+    "DeleteUserPoolResponse"
+    "fixture/DeleteUserPoolResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy DeleteUserPool)
+
+testUpdateUserPoolResponse :: UpdateUserPoolResponse -> TestTree
+testUpdateUserPoolResponse = res
+    "UpdateUserPoolResponse"
+    "fixture/UpdateUserPoolResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy UpdateUserPool)
+
+testAdminEnableUserResponse :: AdminEnableUserResponse -> TestTree
+testAdminEnableUserResponse = res
+    "AdminEnableUserResponse"
+    "fixture/AdminEnableUserResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy AdminEnableUser)
+
+testGetUserAttributeVerificationCodeResponse :: GetUserAttributeVerificationCodeResponse -> TestTree
+testGetUserAttributeVerificationCodeResponse = res
+    "GetUserAttributeVerificationCodeResponse"
+    "fixture/GetUserAttributeVerificationCodeResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy GetUserAttributeVerificationCode)
+
+testUpdateUserAttributesResponse :: UpdateUserAttributesResponse -> TestTree
+testUpdateUserAttributesResponse = res
+    "UpdateUserAttributesResponse"
+    "fixture/UpdateUserAttributesResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy UpdateUserAttributes)
+
+testDeleteUserAttributesResponse :: DeleteUserAttributesResponse -> TestTree
+testDeleteUserAttributesResponse = res
+    "DeleteUserAttributesResponse"
+    "fixture/DeleteUserAttributesResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy DeleteUserAttributes)
+
+testVerifyUserAttributeResponse :: VerifyUserAttributeResponse -> TestTree
+testVerifyUserAttributeResponse = res
+    "VerifyUserAttributeResponse"
+    "fixture/VerifyUserAttributeResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy VerifyUserAttribute)
+
+testAdminDisableUserResponse :: AdminDisableUserResponse -> TestTree
+testAdminDisableUserResponse = res
+    "AdminDisableUserResponse"
+    "fixture/AdminDisableUserResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy AdminDisableUser)
+
+testConfirmForgotPasswordResponse :: ConfirmForgotPasswordResponse -> TestTree
+testConfirmForgotPasswordResponse = res
+    "ConfirmForgotPasswordResponse"
+    "fixture/ConfirmForgotPasswordResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy ConfirmForgotPassword)
+
+testListUsersResponse :: ListUsersResponse -> TestTree
+testListUsersResponse = res
+    "ListUsersResponse"
+    "fixture/ListUsersResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy ListUsers)
+
+testAdminDeleteUserAttributesResponse :: AdminDeleteUserAttributesResponse -> TestTree
+testAdminDeleteUserAttributesResponse = res
+    "AdminDeleteUserAttributesResponse"
+    "fixture/AdminDeleteUserAttributesResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy AdminDeleteUserAttributes)
+
+testAdminUpdateUserAttributesResponse :: AdminUpdateUserAttributesResponse -> TestTree
+testAdminUpdateUserAttributesResponse = res
+    "AdminUpdateUserAttributesResponse"
+    "fixture/AdminUpdateUserAttributesResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy AdminUpdateUserAttributes)
+
+testAdminGetUserResponse :: AdminGetUserResponse -> TestTree
+testAdminGetUserResponse = res
+    "AdminGetUserResponse"
+    "fixture/AdminGetUserResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy AdminGetUser)
+
+testForgotPasswordResponse :: ForgotPasswordResponse -> TestTree
+testForgotPasswordResponse = res
+    "ForgotPasswordResponse"
+    "fixture/ForgotPasswordResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy ForgotPassword)
+
+testDescribeUserPoolResponse :: DescribeUserPoolResponse -> TestTree
+testDescribeUserPoolResponse = res
+    "DescribeUserPoolResponse"
+    "fixture/DescribeUserPoolResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy DescribeUserPool)
+
+testAdminConfirmSignUpResponse :: AdminConfirmSignUpResponse -> TestTree
+testAdminConfirmSignUpResponse = res
+    "AdminConfirmSignUpResponse"
+    "fixture/AdminConfirmSignUpResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy AdminConfirmSignUp)
+
+testSignUpResponse :: SignUpResponse -> TestTree
+testSignUpResponse = res
+    "SignUpResponse"
+    "fixture/SignUpResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy SignUp)
+
+testChangePasswordResponse :: ChangePasswordResponse -> TestTree
+testChangePasswordResponse = res
+    "ChangePasswordResponse"
+    "fixture/ChangePasswordResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy ChangePassword)
+
+testCreateUserPoolResponse :: CreateUserPoolResponse -> TestTree
+testCreateUserPoolResponse = res
+    "CreateUserPoolResponse"
+    "fixture/CreateUserPoolResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy CreateUserPool)
+
+testConfirmSignUpResponse :: ConfirmSignUpResponse -> TestTree
+testConfirmSignUpResponse = res
+    "ConfirmSignUpResponse"
+    "fixture/ConfirmSignUpResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy ConfirmSignUp)
+
+testListUserPoolsResponse :: ListUserPoolsResponse -> TestTree
+testListUserPoolsResponse = res
+    "ListUserPoolsResponse"
+    "fixture/ListUserPoolsResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy ListUserPools)
+
+testAdminResetUserPasswordResponse :: AdminResetUserPasswordResponse -> TestTree
+testAdminResetUserPasswordResponse = res
+    "AdminResetUserPasswordResponse"
+    "fixture/AdminResetUserPasswordResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy AdminResetUserPassword)
+
+testGetUserResponse :: GetUserResponse -> TestTree
+testGetUserResponse = res
+    "GetUserResponse"
+    "fixture/GetUserResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy GetUser)
+
+testAdminDeleteUserResponse :: AdminDeleteUserResponse -> TestTree
+testAdminDeleteUserResponse = res
+    "AdminDeleteUserResponse"
+    "fixture/AdminDeleteUserResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy AdminDeleteUser)
+
+testAddCustomAttributesResponse :: AddCustomAttributesResponse -> TestTree
+testAddCustomAttributesResponse = res
+    "AddCustomAttributesResponse"
+    "fixture/AddCustomAttributesResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy AddCustomAttributes)
+
+testListUserPoolClientsResponse :: ListUserPoolClientsResponse -> TestTree
+testListUserPoolClientsResponse = res
+    "ListUserPoolClientsResponse"
+    "fixture/ListUserPoolClientsResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy ListUserPoolClients)
+
+testUpdateUserPoolClientResponse :: UpdateUserPoolClientResponse -> TestTree
+testUpdateUserPoolClientResponse = res
+    "UpdateUserPoolClientResponse"
+    "fixture/UpdateUserPoolClientResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy UpdateUserPoolClient)
+
+testDeleteUserPoolClientResponse :: DeleteUserPoolClientResponse -> TestTree
+testDeleteUserPoolClientResponse = res
+    "DeleteUserPoolClientResponse"
+    "fixture/DeleteUserPoolClientResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy DeleteUserPoolClient)
+
+testDeleteUserResponse :: DeleteUserResponse -> TestTree
+testDeleteUserResponse = res
+    "DeleteUserResponse"
+    "fixture/DeleteUserResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy DeleteUser)
+
+testCreateUserPoolClientResponse :: CreateUserPoolClientResponse -> TestTree
+testCreateUserPoolClientResponse = res
+    "CreateUserPoolClientResponse"
+    "fixture/CreateUserPoolClientResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy CreateUserPoolClient)
+
+testSetUserSettingsResponse :: SetUserSettingsResponse -> TestTree
+testSetUserSettingsResponse = res
+    "SetUserSettingsResponse"
+    "fixture/SetUserSettingsResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy SetUserSettings)
+
+testDescribeUserPoolClientResponse :: DescribeUserPoolClientResponse -> TestTree
+testDescribeUserPoolClientResponse = res
+    "DescribeUserPoolClientResponse"
+    "fixture/DescribeUserPoolClientResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy DescribeUserPoolClient)
+
+testResendConfirmationCodeResponse :: ResendConfirmationCodeResponse -> TestTree
+testResendConfirmationCodeResponse = res
+    "ResendConfirmationCodeResponse"
+    "fixture/ResendConfirmationCodeResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy ResendConfirmationCode)
+
+testAdminSetUserSettingsResponse :: AdminSetUserSettingsResponse -> TestTree
+testAdminSetUserSettingsResponse = res
+    "AdminSetUserSettingsResponse"
+    "fixture/AdminSetUserSettingsResponse.proto"
+    cognitoIdentityProvider
+    (Proxy :: Proxy AdminSetUserSettings)
